npm - nucleus-core-ts - Versions diffs - 0.8.136 → 0.8.137 - Mend

nucleus-core-ts 0.8.136 → 0.8.137

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +15 -15
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -1,7 +1,7 @@
 // @bun
 var p2=Object.create;var{getPrototypeOf:I2,defineProperty:hi,getOwnPropertyNames:cd,getOwnPropertyDescriptor:y2}=Object,id=Object.prototype.hasOwnProperty;var Hr=(n,r,t)=>{t=n!=null?p2(I2(n)):{};let o=r||!n||!n.__esModule?hi(t,"default",{value:n,enumerable:!0}):t;for(let c of cd(n))if(!id.call(o,c))hi(o,c,{get:()=>n[c],enumerable:!0});return o},od=new WeakMap,Ra=(n)=>{var r=od.get(n),t;if(r)return r;if(r=hi({},"__esModule",{value:!0}),n&&typeof n==="object"||typeof n==="function")cd(n).map((o)=>!id.call(r,o)&&hi(r,o,{get:()=>n[o],enumerable:!(t=y2(n,o))||t.enumerable}));return od.set(n,r),r},T2=(n,r)=>()=>(r||n((r={exports:{}}).exports,r),r.exports);var go=(n,r)=>{for(var t in r)hi(n,t,{get:r[t],enumerable:!0,configurable:!0,set:(o)=>r[t]=()=>o})};var b=(n,r)=>()=>(n&&(r=n(n=0)),r);var Bn=import.meta.require;var xs,bd,Ps="\x1B[0m",Cs="\x1B[2m",gd="\x1B[1m";var qs=b(()=>{xs={debug:0,info:1,warn:2,error:3,fatal:4},bd={debug:"\x1B[36m",info:"\x1B[32m",warn:"\x1B[33m",error:"\x1B[31m",fatal:"\x1B[35m"}});function $i(n,r=f5,t=new WeakSet){if(n===null||n===void 0)return n;if(typeof n!=="object")return n;if(t.has(n))return"[Circular]";if(t.add(n),Array.isArray(n))return n.map((c)=>$i(c,r,t));let o={};for(let[c,i]of Object.entries(n))if(r.some((e)=>c.toLowerCase().includes(e.toLowerCase()))&&typeof i==="string")o[c]="[REDACTED]";else if(typeof i==="object"&&i!==null)o[c]=$i(i,r,t);else o[c]=i;return o}function wd(n=4){let r=Error().stack;if(!r)return{file:"unknown",line:0,function:"unknown"};let o=r.split(`
 `)[n];if(!o)return{file:"unknown",line:0,function:"unknown"};let c=o.match(/at\s+(?:(.+?)\s+)?\(?(.+?):(\d+):(\d+)\)?/);if(!c)return{file:"unknown",line:0,function:"unknown"};let[,i,a,e]=c;return{file:a?a.split("/").pop()||a:"unknown",line:parseInt(e||"0",10),function:i?.replace(/^Object\./,"")||"anonymous"}}function Fs(n){if(n instanceof Error)return{name:n.name,message:n.message,stack:n.stack,code:n.code};if(typeof n==="string")return{name:"Error",message:n};return{name:"UnknownError",message:String(n)}}function js(n,r){if(!n&&!r)return;if(!n)return r;if(!r)return n;return{...n,...r}}function Ks(n){if(n<1)return`${(n*1000).toFixed(2)}\xB5s`;if(n<1000)return`${n.toFixed(2)}ms`;return`${(n/1000).toFixed(2)}s`}function vs(n,r){let t=new WeakSet;return JSON.stringify(n,(o,c)=>{if(typeof c==="object"&&c!==null){if(t.has(c))return"[Circular]";t.add(c)}if(typeof c==="bigint")return c.toString();if(c instanceof Error)return{name:c.name,message:c.message,stack:c.stack};return c},r)}var f5;var Da=b(()=>{f5=["password","secret","token","apiKey","api_key","authorization","cookie","credit_card","creditCard","ssn","privateKey","private_key"]});class ka{name="console";colorize;prettyPrint;constructor(n={}){this.colorize=n.colorize??!0,this.prettyPrint=n.prettyPrint??!0}log(n){if(this.prettyPrint)this.logPretty(n);else this.logJson(n)}logJson(n){let r=vs(n);this.getConsoleMethod(n.level)(r)}logPretty(n){let r=this.getConsoleMethod(n.level),t=this.colorize?bd[n.level]:"",o=this.colorize?Ps:"",c=this.colorize?Cs:"",i=this.colorize?gd:"",a=new Date(n.timestamp).toLocaleTimeString("en-US",{hour12:!1,hour:"2-digit",minute:"2-digit",second:"2-digit"}),e=n.level.toUpperCase().padEnd(5),s=n.service?`[${n.service}]`:"",f=n.correlationId?`${c}(${n.correlationId.slice(0,8)})${o}`:"",d=n.duration!==void 0?`${c}${Ks(n.duration)}${o}`:"",l=`${c}${a}${o} ${t}${i}${e}${o} ${s}${f} ${n.message} ${d}`;if(r(l.trim()),n.caller)r(`  ${c}at ${n.caller.function} (${n.caller.file}:${n.caller.line})${o}`);if(n.context&&Object.keys(n.context).length>0)r(`  ${c}context:${o}`,n.context);if(n.error){if(r(`  ${t}${n.error.name}: ${n.error.message}${o}`),n.error.stack){let w=n.error.stack.split(`
-`).slice(1,4);for(let g of w)r(`  ${c}${g.trim()}${o}`)}}}getConsoleMethod(n){switch(n){case"debug":return console.debug.bind(console);case"info":return console.info.bind(console);case"warn":return console.warn.bind(console);case"error":case"fatal":return console.error.bind(console);default:return console.log.bind(console)}}}class Ma{name="database";db;table;enabled;constructor(n){this.db=n.db,this.table=n.table,this.enabled=n.enabled??!0}setDb(n){this.db=n}setTable(n){this.table=n}setEnabled(n){this.enabled=n}async write(n){if(!this.enabled||!this.db||!this.table)return;try{await this.db.insert(this.table).values({id:n.id,entityId:n.entityId,entityName:n.entityName,operationType:n.operation,userId:n.userId,ipAddress:n.ipAddress,userAgent:n.userAgent,summary:n.summary,oldValues:n.oldValues,newValues:n.newValues,path:n.path,query:n.query})}catch(r){console.error("Audit log write failed:",r)}}}class Ha{name="console-audit";enabled;constructor(n={}){this.enabled=n.enabled??!0}write(n){if(!this.enabled)return;let r="\x1B[35m",t=Ps,o=Cs;console.log(`${o}${n.timestamp}${t} ${r}AUDIT${t} [${n.operation}] ${n.entityName}${n.entityId?`:${n.entityId}`:""} ${o}by ${n.userId||"anonymous"}${t}`)}}var Zs=b(()=>{qs();Da()});import{randomUUID as l5}from"crypto";class jr{config;transports;auditTransports;context;correlationId;static instance=null;constructor(n={},r={},t){this.config={..._5,...n},this.context=r,this.correlationId=t,this.transports=[new ka({colorize:this.config.colorize,prettyPrint:this.config.prettyPrint})],this.auditTransports=[new Ha({enabled:this.config.prettyPrint})]}static getInstance(n){if(!jr.instance)jr.instance=new jr(n);return jr.instance}static resetInstance(){jr.instance=null}child(n,r){let t=new jr(this.config,js(this.context,n)||{},r||this.correlationId);return t.transports=this.transports,t.auditTransports=this.auditTransports,t}withCorrelationId(n){return this.child({},n)}addTransport(n){this.transports.push(n)}addAuditTransport(n){this.auditTransports.push(n)}setLevel(n){this.config.level=n}setAuditEnabled(n){this.config.auditEnabled=n}isAuditEnabled(){return this.config.auditEnabled}shouldLog(n){return xs[n]>=xs[this.config.level]}createEntry(n,r,t,o,c){let i={timestamp:new Date().toISOString(),level:n,message:r,service:this.config.service,correlationId:this.correlationId},a=js(this.context,t);if(a&&Object.keys(a).length>0)i.context=$i(a,this.config.redactKeys);if(this.config.includeCallerInfo)i.caller=wd();if(o)i.error=Fs(o);if(c!==void 0)i.duration=performance.now()-c;return i}log(n,r,t,o,c){if(!this.shouldLog(n))return;let i=this.createEntry(n,r,t,o,c);for(let a of this.transports)try{a.log(i)}catch(e){console.error(`Logger transport "${a.name}" failed:`,e)}}debug(n,r){this.log("debug",n,r)}info(n,r){this.log("info",n,r)}warn(n,r){this.log("warn",n,r)}error(n,r,t){this.log("error",n,t,r)}fatal(n,r,t){this.log("fatal",n,t,r)}time(n){let r=performance.now();return()=>{this.log("debug",`${n} completed`,void 0,void 0,r)}}async timeAsync(n,r,t){let o=performance.now();try{let c=await r();return this.log("debug",`${n} completed`,t,void 0,o),c}catch(c){throw this.log("error",`${n} failed`,t,c,o),c}}request(n){let r=n.statusCode>=500?"error":n.statusCode>=400?"warn":"info";this.log(r,`${n.method} ${n.path} ${n.statusCode}`,{method:n.method,path:n.path,statusCode:n.statusCode,durationMs:n.duration,correlationId:n.correlationId,userId:n.userId,ip:n.ip,userAgent:n.userAgent})}db(n){let r=n.error?"error":"debug";this.log(r,`DB ${n.operation} on ${n.table}`,{operation:n.operation,table:n.table,durationMs:n.duration,rowCount:n.rowCount},n.error)}async flush(){for(let n of this.transports)if(n.flush)await n.flush()}async audit(n){let r={id:l5(),timestamp:new Date().toISOString(),entityName:n.entityName,entityId:n.entityId??null,operation:n.operation,userId:n.userId??null,summary:n.summary||`${n.operation} on ${n.entityName}`,oldValues:n.oldValues||{},newValues:n.newValues||{},ipAddress:n.ipAddress||"unknown",userAgent:n.userAgent||"unknown",path:n.path||"",query:n.query||"",correlationId:this.correlationId};for(let t of this.auditTransports)try{await t.write(r)}catch(o){console.error(`Audit transport "${t.name}" failed:`,o)}}auditOnly(n){this.audit(n)}async trace(n){let r=n.log!==!1,t=n.writeAudit===!0||n.writeAudit!==!1&&this.config.auditEnabled&&n.audit;if(r)this.log(n.level||"info",n.message,n.context,n.error);if(t&&n.audit)await this.audit(n.audit)}traceSync(n){let r=n.log!==!1,t=n.writeAudit===!0||n.writeAudit!==!1&&this.config.auditEnabled&&n.audit;if(r)this.log(n.level||"info",n.message,n.context,n.error);if(t&&n.audit)this.audit(n.audit)}}var _5,d5;var ps=b(()=>{Zs();qs();Da();_5={level:"info",service:"nucleus",environment:"development",redactKeys:[],colorize:!0,prettyPrint:!0,includeCallerInfo:!0,asyncBufferSize:100,flushIntervalMs:1000,auditEnabled:!1};d5=jr.getInstance()});var Ed=T2((xS,Ad)=>{var hd=12,z5=0,Ts=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,4,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,6,7,7,7,7,7,7,7,7,7,7,7,7,8,7,7,10,9,9,9,11,4,4,4,4,4,4,4,4,4,4,4,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,24,36,48,60,72,84,96,0,12,12,12,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,24,24,24,0,0,0,0,0,0,0,0,0,24,24,0,0,0,0,0,0,0,0,0,0,48,48,48,0,0,0,0,0,0,0,0,0,0,48,48,0,0,0,0,0,0,0,0,0,48,0,0,0,0,0,0,0,0,0,0,127,63,63,63,0,31,15,15,15,7,7,7];function B5(n){var r=n.indexOf("%");if(r===-1)return n;var t=n.length,o="",c=0,i=0,a=r,e=hd;while(r>-1&&r<t){var s=$d(n[r+1],4),f=$d(n[r+2],0),d=s|f,l=Ts[d];if(e=Ts[256+e+l],i=i<<6|d&Ts[364+l],e===hd)o+=n.slice(c,a),o+=i<=65535?String.fromCharCode(i):String.fromCharCode(55232+(i>>10),56320+(i&1023)),i=0,c=r+3,r=a=n.indexOf("%",c);else if(e===z5)return null;else{if(r+=3,r<t&&n.charCodeAt(r)===37)continue;return null}}return o+n.slice(c)}var U5={"0":0,"1":1,"2":2,"3":3,"4":4,"5":5,"6":6,"7":7,"8":8,"9":9,a:10,A:10,b:11,B:11,c:12,C:12,d:13,D:13,e:14,E:14,f:15,F:15};function $d(n,r){var t=U5[n];return t===void 0?255:t<<r}Ad.exports=B5});var Dd=(n)=>{return n?.trim().toLowerCase()||"unknown"},a0=(n,r)=>{return n[r.toLowerCase()]??n[r]};import W5 from"crypto";var kd=(n)=>{let r=JSON.stringify({userAgent:Dd(n.userAgent),extra:n.extra??{}});return{hash:W5.createHash("sha256").update(r).digest("base64url"),components:n}};var e0=()=>{};var Md=({savedFingerprint:n,requestIp:r,headers:t})=>{let o=a0(t,"user-agent"),c=a0(t,"x-forwarded-for")??r??void 0,i=kd({userAgent:o,ipAddress:c}),a=[{field:"userAgent",saved:n.components.userAgent,received:o},{field:"ipAddress",saved:n.components.ipAddress,received:c}].find(({saved:e,received:s})=>e??(s??"")!=="");if(a)return{isValid:!1,reason:`${a.field} mismatch`,currentFingerprint:i};return{isValid:!0,currentFingerprint:i}};var s0=b(()=>{e0()});var Hd=b(()=>{e0();s0()});import zd from"crypto";var f0=(n)=>{return(Buffer.isBuffer(n)?n.toString("base64"):Buffer.from(n).toString("base64")).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")},Bd=(n)=>{let r="=".repeat((4-n.length%4)%4),t=n.replace(/-/g,"+").replace(/_/g,"/")+r;return Buffer.from(t,"base64").toString("utf-8")},l0=(n,r,t)=>{let o=t.replace("HS","sha"),c=zd.createHmac(o,r);return c.update(n),f0(c.digest())},Ud=(n,r,t,o)=>{let c=l0(n,t,o);return zd.timingSafeEqual(Buffer.from(r),Buffer.from(c))},Wd=(n)=>{return f0(JSON.stringify(n))},Vd=(n)=>{return f0(JSON.stringify(n))},Ua=(n)=>{try{return JSON.parse(Bd(n))}catch{return null}},Wa=(n)=>{try{return JSON.parse(Bd(n))}catch{return null}};var Va=()=>{};var V5=(n)=>{let r=n.split(".");if(r.length!==3)return null;let[t,o,c]=r;if(!t||!o||!c)return null;let i=Ua(t),a=Wa(o);if(!i||!a)return null;return{header:i,payload:a,signature:c}};var Yd=b(()=>{Va()});var Di=(n,r,t="HS256")=>{let o={alg:t,typ:"JWT"},c=Math.floor(Date.now()/1000),i={sub:n.subject,iat:c,exp:c+n.expiresInSeconds,iss:n.issuer,aud:n.audience,jti:n.jwtId,sessionId:n.sessionId,...n.customClaims},a=Wd(o),e=Vd(i),s=`${a}.${e}`,f=l0(s,r,t);return`${s}.${f}`};var Jd=b(()=>{Va()});var ho=(n,r)=>{let t=n.split(".");if(t.length!==3)return{valid:!1,error:"Invalid token format: expected 3 parts"};let[o,c,i]=t;if(!o||!c||!i)return{valid:!1,error:"Invalid token format: missing parts"};let a=Ua(o);if(!a)return{valid:!1,error:"Invalid header: failed to decode"};if(a.typ!=="JWT")return{valid:!1,error:"Invalid header: typ must be JWT"};if(!["HS256","HS384","HS512"].includes(a.alg))return{valid:!1,error:`Unsupported algorithm: ${a.alg}`};let s=`${o}.${c}`;if(!Ud(s,i,r,a.alg))return{valid:!1,error:"Invalid signature"};let d=Wa(c);if(!d)return{valid:!1,error:"Invalid payload: failed to decode"};let l=Math.floor(Date.now()/1000);if(d.exp&&d.exp<l)return{valid:!1,error:"Token expired"};if(d.iat&&d.iat>l+60)return{valid:!1,error:"Token issued in the future"};return{valid:!0,payload:d}};var Xd=b(()=>{Va()});var Ld={};go(Ld,{verifyJWT:()=>ho,signJWT:()=>Di,decodeJWT:()=>V5});var Ko=b(()=>{Yd();Jd();Xd()});var Qd=()=>{};var Od=b(()=>{Qd()});var Gd="127.0.0.1",Nd="3500",xd=4,jt="statestore-redis",_0="pubsub-rabbitmq",d0="secretstore",ki="configstore-redis",Pd="DAPR_HOST",Cd="DAPR_HTTP_PORT",qd="DAPR_HTTP_ENDPOINT",Fd="DAPR_GRPC_ENDPOINT",jd="DAPR_API_TOKEN",Kd=30000,vd=1e4,Zd=5000,Kt,Ya,it;var Jt=b(()=>{Kt={CONNECTED:"connected",DISCONNECTED:"disconnected",CONNECTING:"connecting",ERROR:"error"},Ya={HEALTHY:"healthy",UNHEALTHY:"unhealthy"},it={CONNECTION_ERROR:"DAPR_CONNECTION_ERROR",TIMEOUT_ERROR:"DAPR_TIMEOUT_ERROR",STATE_ERROR:"DAPR_STATE_ERROR",PUBSUB_ERROR:"DAPR_PUBSUB_ERROR",BINDING_ERROR:"DAPR_BINDING_ERROR",SECRET_ERROR:"DAPR_SECRET_ERROR",CONFIG_ERROR:"DAPR_CONFIG_ERROR",INVOKE_ERROR:"DAPR_INVOKE_ERROR",CRYPTO_ERROR:"DAPR_CRYPTO_ERROR",LOCK_ERROR:"DAPR_LOCK_ERROR",WORKFLOW_ERROR:"DAPR_WORKFLOW_ERROR",VALIDATION_ERROR:"DAPR_VALIDATION_ERROR"}});var at,Dc=(n,r)=>new at(it.CONNECTION_ERROR,n,r),pd=(n,r)=>new at(it.TIMEOUT_ERROR,n,r),vo=(n,r)=>new at(it.STATE_ERROR,n,r),u0=(n,r)=>new at(it.PUBSUB_ERROR,n,r),Id=(n,r)=>new at(it.BINDING_ERROR,n,r),b0=(n,r)=>new at(it.SECRET_ERROR,n,r),Ja=(n,r)=>new at(it.CONFIG_ERROR,n,r),yd=(n,r)=>new at(it.INVOKE_ERROR,n,r),g0=(n,r)=>new at(it.CRYPTO_ERROR,n,r),w0=(n,r)=>new at(it.LOCK_ERROR,n,r),$o=(n,r)=>new at(it.WORKFLOW_ERROR,n,r),Rn=async(n,r)=>{try{return await n()}catch(t){let o=t instanceof Error?t.message:String(t);throw r(o,t)}};var Kr=b(()=>{Jt();at=class at extends Error{code;details;constructor(n,r,t){super(r);this.name="DaprManagerError",this.code=n,this.details=t}toJSON(){return{code:this.code,message:this.message,details:this.details}}}});var Td,Xa=(n="info")=>{let r=Td[n],t=(o)=>(c,...i)=>{if(Td[o]<r)return;let a=new Date().toISOString(),e=i.length>0?` ${JSON.stringify(i)}`:"";console[o](`[${a}] [Dapr] [${o.toUpperCase()}] ${c}${e}`)};return{debug:t("debug"),info:t("info"),warn:t("warn"),error:t("error")}},Mi=async(n,r,t="Operation timed out")=>{return Promise.race([n(),new Promise((o,c)=>{setTimeout(()=>{c(pd(t))},r)})])},Dn=(n,r,t)=>{let o=r.filter((c)=>n[c]===void 0);if(o.length>0)throw Error(`Missing required ${t} parameters: ${o.join(", ")}`)};var et=b(()=>{Jt();Kr();Td={debug:0,info:1,warn:2,error:3}});class La{client;logger;constructor(n,r){this.client=n,this.logger=r}async invoke(n,r,t,o={}){return Dn({name:n,operation:r},["name","operation"],"binding invoke"),Rn(async()=>{this.logger.debug("Invoking binding",{name:n,operation:r});let i=await(await this.client()).binding.send(n,r,t,o.metadata);return this.logger.debug("Binding invoked successfully",{name:n,operation:r}),i},(c,i)=>Id(`Failed to invoke binding ${n}: ${c}`,i))}}var m0=b(()=>{Kr();et()});class Qa{client;logger;constructor(n,r){this.client=n,this.logger=r}async get(n,r=ki){if(Dn({keys:n,storeName:r},["keys","storeName"],"config get"),n.length===0)return{};return Rn(async()=>{this.logger.debug("Getting configuration",{keys:n,storeName:r});let o=await(await this.client()).configuration.get(r,n);return this.logger.debug("Configuration retrieved",{keys:n,storeName:r,itemCount:Object.keys(o.items||{}).length}),o.items||{}},(t,o)=>Ja(`Failed to get configuration: ${t}`,o))}async subscribeWithKeys(n,r,t=ki){if(Dn({keys:n,callback:r,storeName:t},["keys","callback","storeName"],"config subscribeWithKeys"),n.length===0)throw Ja("At least one key must be provided for subscription");return Rn(async()=>{this.logger.debug("Subscribing to configuration updates",{keys:n,storeName:t});let c=await(await this.client()).configuration.subscribeWithKeys(t,n,async(i)=>{try{this.logger.debug("Received configuration update",{storeName:t,updatedKeys:Object.keys(i.items||{})}),await r(i)}catch(a){this.logger.error("Error in configuration subscription callback",a)}});return this.logger.debug("Configuration subscription established",{keys:n,storeName:t}),{stop:()=>{this.logger.debug("Stopping configuration subscription",{keys:n,storeName:t}),c.stop()}}},(o,c)=>Ja(`Failed to subscribe to configuration updates: ${o}`,c))}async getValue(n,r=ki){return(await this.get([n],r))[n]?.value}async getValues(n,r=ki){let t=await this.get(n,r),o={};for(let c in t)if(t[c]?.value!==void 0)o[c]=t[c].value;return o}}var h0=b(()=>{Jt();Kr();et()});class Oa{client;logger;constructor(n,r){this.client=n,this.logger=r}async encrypt(n,r){return Dn({data:n,componentName:r.componentName},["data","componentName"],"crypto encrypt"),Rn(async()=>{this.logger.debug("Encrypting data",{componentName:r.componentName,keyName:r.keyName,keyWrapAlgorithm:r.keyWrapAlgorithm});let t=await this.client(),o=typeof n==="string"?Buffer.from(n):n,c={componentName:r.componentName};if(r.keyName)c.keyName=r.keyName;if(r.keyWrapAlgorithm)c.keyWrapAlgorithm=r.keyWrapAlgorithm;let i=await t.crypto.encrypt(o,c);return this.logger.debug("Data encrypted successfully",{componentName:r.componentName,inputSize:o.length,outputSize:i.length}),i},(t,o)=>g0(`Failed to encrypt data: ${t}`,o))}async decrypt(n,r){return Dn({data:n,componentName:r.componentName},["data","componentName"],"crypto decrypt"),Rn(async()=>{this.logger.debug("Decrypting data",{componentName:r.componentName});let t=await this.client(),o=typeof n==="string"?Buffer.from(n):n,c={componentName:r.componentName};if(r.keyName)c.keyName=r.keyName;if(r.keyWrapAlgorithm)c.keyWrapAlgorithm=r.keyWrapAlgorithm;let i=await t.crypto.decrypt(o,c);return this.logger.debug("Data decrypted successfully",{componentName:r.componentName,inputSize:o.length,outputSize:i.length}),i},(t,o)=>g0(`Failed to decrypt data: ${t}`,o))}async encryptString(n,r){return(await this.encrypt(n,r)).toString("base64")}async decryptString(n,r){let t=Buffer.from(n,"base64");return(await this.decrypt(t,r)).toString("utf-8")}}var $0=b(()=>{Kr();et()});import{HttpMethod as Hi}from"@dapr/dapr";class Ga{client;logger;constructor(n,r){this.client=n,this.logger=r}async invoke(n,r,t=Hi.POST,o,c={}){Dn({appId:n,methodName:r,httpMethod:t},["appId","methodName","httpMethod"],"invoke service");let i=c.timeout||Kd;return Rn(async()=>{this.logger.debug("Invoking service",{appId:n,methodName:r,httpMethod:t,hasData:o!==void 0});let a=r;if(c.queryParams&&Object.keys(c.queryParams).length>0){let f=Object.entries(c.queryParams).map(([d,l])=>`${encodeURIComponent(d)}=${encodeURIComponent(l)}`).join("&");a=`${r}?${f}`}let e=await this.client(),s=await Mi(()=>e.invoker.invoke(n,a,t,o,c.headers),i,`Service invocation timed out after ${i}ms`);if(this.logger.debug("Service invoked successfully",{appId:n,methodName:r,httpMethod:t,status:s?.status}),!s)return;if("data"in s)return s.data;return s},(a,e)=>yd(`Failed to invoke service ${n}.${r}: ${a}`,e))}async get(n,r,t={}){return this.invoke(n,r,Hi.GET,void 0,t)}async post(n,r,t,o={}){return this.invoke(n,r,Hi.POST,t,o)}async put(n,r,t,o={}){return this.invoke(n,r,Hi.PUT,t,o)}async delete(n,r,t={}){return this.invoke(n,r,Hi.DELETE,void 0,t)}}var A0=b(()=>{Jt();Kr();et()});class Na{client;logger;constructor(n,r){this.client=n,this.logger=r}async lock(n,r,t,o){return Dn({storeName:n,resourceId:r,lockOwner:t,expiryInSeconds:o.expiryInSeconds},["storeName","resourceId","lockOwner","expiryInSeconds"],"lock"),Rn(async()=>{this.logger.debug("Acquiring lock",{storeName:n,resourceId:r,lockOwner:t});let i=await(await this.client()).lock.lock(n,r,t,o.expiryInSeconds);return this.logger.debug("Lock acquisition result",{storeName:n,resourceId:r,lockOwner:t,success:i.success}),{success:i.success}},(c,i)=>w0(`Failed to acquire lock for resource ${r}: ${c}`,i))}async unlock(n,r,t){return Dn({storeName:n,resourceId:r,lockOwner:t},["storeName","resourceId","lockOwner"],"unlock"),Rn(async()=>{this.logger.debug("Releasing lock",{storeName:n,resourceId:r,lockOwner:t});let c=await(await this.client()).lock.unlock(n,r,t);return this.logger.debug("Lock release result",{storeName:n,resourceId:r,lockOwner:t,status:this.getLockStatusName(c.status)}),{status:c.status}},(o,c)=>w0(`Failed to release lock for resource ${r}: ${o}`,c))}getLockStatusName(n){switch(n){case 0:return"Success";case 1:return"LockDoesNotExist";case 2:return"LockBelongsToOthers";default:return"InternalError"}}}var E0=b(()=>{Kr();et()});class xa{client;logger;constructor(n,r){this.client=n,this.logger=r}async publish(n,r,t={},o=_0){return Dn({topic:n,data:r,pubsubName:o},["topic","data","pubsubName"],"pubsub publish"),Rn(async()=>{this.logger.debug("Publishing message to topic",{topic:n,pubsubName:o}),await(await this.client()).pubsub.publish(o,n,r,{metadata:t.metadata,contentType:t.contentType}),this.logger.debug("Message published successfully",{topic:n,pubsubName:o})},(c,i)=>u0(`Failed to publish message to topic ${n}: ${c}`,i))}async publishBulk(n,r,t=_0){if(Dn({topic:n,messages:r,pubsubName:t},["topic","messages","pubsubName"],"pubsub publishBulk"),r.length===0)return{failedEntries:[]};return Rn(async()=>{this.logger.debug("Publishing bulk messages to topic",{topic:n,pubsubName:t,messageCount:r.length});let o=await this.client(),c=r.map((e)=>{if(typeof e==="object"&&"event"in e)return{entryID:e.entryId,event:e.event,contentType:e.contentType,metadata:e.metadata};return{event:e}}),i=await o.pubsub.publishBulk(t,n,c),a=i.failedMessages?.length||0;if(a>0)this.logger.warn("Some messages failed to publish",{topic:n,pubsubName:t,failedCount:a,totalCount:r.length});else this.logger.debug("All bulk messages published successfully",{topic:n,pubsubName:t,messageCount:r.length});return{failedEntries:(i.failedMessages||[]).map((e)=>({entryId:e.message.entryID||"",error:e.error?.message||"Unknown error"}))}},(o,c)=>u0(`Failed to publish bulk messages to topic ${n}: ${o}`,c))}createBulkPublishMessage(n,r,t,o){return{entryId:r,event:n,contentType:t,metadata:o}}}var S0=b(()=>{Jt();Kr();et()});class Pa{client;logger;constructor(n,r){this.client=n,this.logger=r}async get(n,r={},t=d0){return Dn({key:n,storeName:t},["key","storeName"],"secret get"),Rn(async()=>{this.logger.debug("Getting secret",{key:n,storeName:t});let o=await this.client(),c=r.metadata?JSON.stringify(r.metadata):void 0,i=await o.secret.get(t,n,c);return this.logger.debug("Secret retrieved",{key:n,storeName:t}),i},(o,c)=>b0(`Failed to get secret ${n}: ${o}`,c))}async getBulk(n={},r=d0){return Dn({storeName:r},["storeName"],"secret getBulk"),Rn(async()=>{this.logger.debug("Getting all secrets",{storeName:r});let o=await(await this.client()).secret.getBulk(r);return this.logger.debug("All secrets retrieved",{storeName:r,secretCount:Object.keys(o).length}),o},(t,o)=>b0(`Failed to get all secrets: ${t}`,o))}}var R0=b(()=>{Jt();Kr();et()});class Ca{client;logger;constructor(n,r){this.client=n,this.logger=r}async save(n,r={},t=jt){if(Dn({stateItems:n,storeName:t},["stateItems","storeName"],"state save"),n.length===0)return;return Rn(async()=>{this.logger.debug("Saving state items",{count:n.length,storeName:t}),await(await this.client()).state.save(t,n,r),this.logger.debug("State items saved successfully",{count:n.length,storeName:t})},(o,c)=>vo(`Failed to save state items: ${o}`,c))}async get(n,r=jt){return Dn({key:n,storeName:r},["key","storeName"],"state get"),Rn(async()=>{this.logger.debug("Getting state item",{key:n,storeName:r});let o=await(await this.client()).state.get(r,n);if(this.logger.debug("State item retrieved",{key:n,storeName:r,found:o!==void 0}),o===void 0||o===null)return;if(typeof o==="string")try{return JSON.parse(o)}catch{return o}if(typeof o==="object")return o;return o},(t,o)=>vo(`Failed to get state item ${n}: ${t}`,o))}async getBulk(n,r=jt){if(Dn({keys:n,storeName:r},["keys","storeName"],"state getBulk"),n.length===0)return{};return Rn(async()=>{this.logger.debug("Getting bulk state items",{count:n.length,storeName:r});let o=await(await this.client()).state.getBulk(r,n),c={};return o.forEach((i)=>{if(i.data!==void 0)c[i.key]=i.data}),this.logger.debug("Bulk state items retrieved",{count:n.length,found:Object.keys(c).length,storeName:r}),c},(t,o)=>vo(`Failed to get bulk state items: ${t}`,o))}async delete(n,r,t,o=jt){return Dn({key:n,storeName:o},["key","storeName"],"state delete"),Rn(async()=>{this.logger.debug("Deleting state item",{key:n,storeName:o});let c=await this.client(),i={};if(r)i.etag=r;if(t)i.metadata=t;await c.state.delete(o,n,i),this.logger.debug("State item deleted",{key:n,storeName:o})},(c,i)=>vo(`Failed to delete state item ${n}: ${c}`,i))}async transaction(n,r=jt){if(Dn({operations:n,storeName:r},["operations","storeName"],"state transaction"),n.length===0)return;return Rn(async()=>{this.logger.debug("Executing state transaction",{operationCount:n.length,storeName:r});let t=await this.client(),o=n.map((c)=>({operation:c.operation,request:{key:c.request.key,value:c.request.value,etag:c.request.etag?{value:c.request.etag}:void 0,metadata:c.request.metadata}}));await t.state.transaction(r,o),this.logger.debug("State transaction executed successfully",{operationCount:n.length,storeName:r})},(t,o)=>vo(`Failed to execute state transaction: ${t}`,o))}async query(n,r=jt){return Dn({query:n,storeName:r},["query","storeName"],"state query"),Rn(async()=>{this.logger.debug("Querying state store",{storeName:r});let o=await(await this.client()).state.query(r,n);return this.logger.debug("State query executed",{storeName:r,resultCount:o.results?.length||0}),(o.results||[]).map((c)=>c.data)},(t,o)=>vo(`Failed to query state store: ${t}`,o))}async saveItem(n,r,t={},o=jt){let c={key:n,value:r};return this.save([c],t,o)}async upsert(n,r,t={},o=jt){return this.saveItem(n,r,t,o)}}var D0=b(()=>{Jt();Kr();et()});class qa{client;logger;constructor(n,r){this.client=n,this.logger=r}async start(n,r,t={}){return Dn({workflowName:n},["workflowName"],"workflow start"),Rn(async()=>{this.logger.debug("Starting workflow",{workflowName:n,instanceId:t.instanceId||"auto-generated",workflowComponent:t.workflowComponent});let c=await(await this.client()).workflow.start(n,r,t.instanceId);return this.logger.debug("Workflow started",{workflowName:n,instanceId:c}),c},(o,c)=>$o(`Failed to start workflow ${n}: ${o}`,c))}async get(n){return Dn({instanceId:n},["instanceId"],"workflow get"),Rn(async()=>{this.logger.debug("Getting workflow instance",{instanceId:n});let t=await(await this.client()).workflow.get(n);return this.logger.debug("Workflow instance retrieved",{instanceId:n,workflowName:t.workflowName,runtimeStatus:t.runtimeStatus}),{instanceId:t.instanceID,workflowName:t.workflowName,createdAt:new Date(t.createdAt),lastUpdatedAt:new Date(t.lastUpdatedAt),runtimeStatus:t.runtimeStatus,properties:t.properties||{}}},(r,t)=>$o(`Failed to get workflow instance ${n}: ${r}`,t))}async terminate(n){return Dn({instanceId:n},["instanceId"],"workflow terminate"),Rn(async()=>{this.logger.debug("Terminating workflow instance",{instanceId:n}),await(await this.client()).workflow.terminate(n),this.logger.debug("Workflow instance terminated",{instanceId:n})},(r,t)=>$o(`Failed to terminate workflow instance ${n}: ${r}`,t))}async pause(n){return Dn({instanceId:n},["instanceId"],"workflow pause"),Rn(async()=>{this.logger.debug("Pausing workflow instance",{instanceId:n}),await(await this.client()).workflow.pause(n),this.logger.debug("Workflow instance paused",{instanceId:n})},(r,t)=>$o(`Failed to pause workflow instance ${n}: ${r}`,t))}async resume(n){return Dn({instanceId:n},["instanceId"],"workflow resume"),Rn(async()=>{this.logger.debug("Resuming workflow instance",{instanceId:n}),await(await this.client()).workflow.resume(n),this.logger.debug("Workflow instance resumed",{instanceId:n})},(r,t)=>$o(`Failed to resume workflow instance ${n}: ${r}`,t))}async purge(n){return Dn({instanceId:n},["instanceId"],"workflow purge"),Rn(async()=>{this.logger.debug("Purging workflow instance",{instanceId:n}),await(await this.client()).workflow.purge(n),this.logger.debug("Workflow instance purged",{instanceId:n})},(r,t)=>$o(`Failed to purge workflow instance ${n}: ${r}`,t))}async raiseEvent(n,r,t){return Dn({instanceId:n,eventName:r},["instanceId","eventName"],"workflow raiseEvent"),Rn(async()=>{this.logger.debug("Raising event for workflow instance",{instanceId:n,eventName:r}),await(await this.client()).workflow.raise(n,r,t),this.logger.debug("Event raised for workflow instance",{instanceId:n,eventName:r})},(o,c)=>$o(`Failed to raise event ${r} for workflow instance ${n}: ${o}`,c))}}var k0=b(()=>{Kr();et()});import{CommunicationProtocolEnum as M0,DaprClient as Y5,HttpMethod as J5,LogLevel as X5}from"@dapr/dapr";class H0{client=null;daprHost;daprPort;communicationProtocol;maxBodySizeMb;daprApiToken;logger;connectionStatus=Kt.DISCONNECTED;connectionPromise=null;constructor(n={}){this.daprHost=n.daprHost||process.env[Pd]||Gd,this.daprPort=n.daprPort||process.env[Cd]||Nd,this.communicationProtocol=n.communicationProtocol||M0.HTTP,this.maxBodySizeMb=n.maxBodySizeMb||xd,this.daprApiToken=n.daprApiToken||process.env[jd],this.logger=n.logger||Xa(),this.logger.info("DaprConnectionManager initialized",{daprHost:this.daprHost,daprPort:this.daprPort,communicationProtocol:this.communicationProtocol})}async getClient(){if(!this.client||this.connectionStatus!==Kt.CONNECTED)await this.connect();if(!this.client)throw Dc("Not connected to Dapr sidecar");return this.client}async connect(){if(this.connectionPromise)return this.connectionPromise;if(this.client&&this.connectionStatus===Kt.CONNECTED)return Promise.resolve();this.connectionStatus=Kt.CONNECTING,this.connectionPromise=this.establishConnection();try{await this.connectionPromise,this.connectionStatus=Kt.CONNECTED}catch(n){throw this.connectionStatus=Kt.ERROR,n}finally{this.connectionPromise=null}}async establishConnection(){try{this.logger.info("Connecting to Dapr sidecar",{daprHost:this.daprHost,daprPort:this.daprPort,protocol:this.communicationProtocol});let n=process.env[qd]&&this.communicationProtocol===M0.HTTP||process.env[Fd]&&this.communicationProtocol===M0.GRPC,r={communicationProtocol:this.communicationProtocol,maxBodySizeMb:this.maxBodySizeMb,logger:{level:X5.Warn}};if(!n)r.daprHost=this.daprHost,r.daprPort=this.daprPort;if(this.daprApiToken)r.daprApiToken=this.daprApiToken;await Mi(async()=>{this.client=new Y5(r)},vd,"Connection to Dapr sidecar timed out"),await this.healthCheck(),this.logger.info("Successfully connected to Dapr sidecar")}catch(n){throw this.logger.error("Failed to connect to Dapr sidecar",n),this.client=null,Dc(`Failed to connect to Dapr sidecar at ${this.daprHost}:${this.daprPort}`,n)}}async disconnect(){if(!this.client)return;try{this.logger.info("Disconnecting from Dapr sidecar"),this.client=null,this.connectionStatus=Kt.DISCONNECTED,this.logger.info("Disconnected from Dapr sidecar")}catch(n){throw this.logger.error("Error during disconnect",n),Dc("Failed to disconnect from Dapr sidecar",n)}}isConnected(){return this.client!==null&&this.connectionStatus===Kt.CONNECTED}getConnectionStatus(){return this.connectionStatus}async healthCheck(){if(!this.client)throw Dc("Not connected to Dapr sidecar");try{return await Mi(async()=>{if(!this.client)throw Dc("Not connected to Dapr sidecar");let n=await this.client.invoker.invoke("healthz","healthz",J5.GET);return{status:n.status===204?Ya.HEALTHY:Ya.UNHEALTHY,version:n.headers?.["dapr-version"]||"unknown"}},Zd,"Health check timed out")}catch(n){return this.logger.error("Health check failed",n),{status:Ya.UNHEALTHY,version:"unknown"}}}getClientConfig(){return{daprHost:this.daprHost,daprPort:this.daprPort,communicationProtocol:this.communicationProtocol,maxBodySizeMb:this.maxBodySizeMb,hasApiToken:!!this.daprApiToken,connectionStatus:this.connectionStatus}}}var nu=b(()=>{Jt();Kr();et()});var ru=()=>{};class Fa{connectionManager;logger;_state;_pubsub;_binding;_secret;_config;_invoke;_lock;_crypto;_workflow;constructor(n={}){this.logger=n.logger||Xa(),this.connectionManager=new H0(n);let r=async()=>{return this.connectionManager.getClient()};this._state=new Ca(r,this.logger),this._pubsub=new xa(r,this.logger),this._binding=new La(r,this.logger),this._secret=new Pa(r,this.logger),this._config=new Qa(r,this.logger),this._invoke=new Ga(r,this.logger),this._lock=new Na(r,this.logger),this._crypto=new Oa(r,this.logger),this._workflow=new qa(r,this.logger)}async connect(){await this.connectionManager.connect()}async disconnect(){await this.connectionManager.disconnect()}isConnected(){return this.connectionManager.isConnected()}getConnectionStatus(){return this.connectionManager.getConnectionStatus()}async healthCheck(){return this.connectionManager.healthCheck()}getClientConfig(){return this.connectionManager.getClientConfig()}get state(){return this._state}get pubsub(){return this._pubsub}get binding(){return this._binding}get secret(){return this._secret}get config(){return this._config}get invoke(){return this._invoke}get lock(){return this._lock}get crypto(){return this._crypto}get workflow(){return this._workflow}}var kD;var z0=b(()=>{m0();h0();$0();A0();E0();S0();R0();D0();k0();nu();et();m0();h0();$0();A0();E0();S0();R0();D0();k0();Jt();Kr();ru();kD=new Fa});import tu from"ioredis";class ou{client;constructor(n){this.client=n}async create(n,r,t){try{return{success:!0,data:t?await this.client.set(n,JSON.stringify(r),"EX",t):await this.client.set(n,JSON.stringify(r))}}catch(o){return{success:!1,error:o.message}}}async read(n){try{let r=await this.client.get(n);return{success:!0,data:r?JSON.parse(r):null}}catch(r){return{success:!1,error:r.message}}}async update(n,r,t=!0){try{return{success:!0,data:t?await this.client.set(n,JSON.stringify(r),"KEEPTTL"):await this.client.set(n,JSON.stringify(r))}}catch(o){return{success:!1,error:o.message}}}async remove(n){try{return{success:!0,data:await this.client.del(n)}}catch(r){return{success:!1,error:r.message}}}async exists(n){try{return{success:!0,data:await this.client.exists(n)===1}}catch(r){return{success:!1,error:r.message}}}getClient(){return this.client}}class cu{storeName;dapr;constructor(n){this.storeName=n;this.dapr=new Fa}async create(n,r,t){try{let o=t?{ttlInSeconds:String(t)}:void 0;return await this.dapr.state.save([{key:n,value:r,metadata:o}],void 0,this.storeName),{success:!0,data:"OK"}}catch(o){return{success:!1,error:o.message}}}async read(n){try{return{success:!0,data:await this.dapr.state.get(n,this.storeName)??null}}catch(r){return{success:!1,error:r.message}}}async update(n,r,t=!0){try{return await this.dapr.state.save([{key:n,value:r}],void 0,this.storeName),{success:!0,data:"OK"}}catch(o){return{success:!1,error:o.message}}}async remove(n){try{return await this.dapr.state.delete(n,void 0,void 0,this.storeName),{success:!0,data:1}}catch(r){return{success:!1,error:r.message}}}async exists(n){try{let r=await this.dapr.state.get(n,this.storeName);return{success:!0,data:r!==void 0&&r!==null}}catch(r){return{success:!1,error:r.message}}}}class tr{static instance=null;store;directClient=null;useDapr;constructor(n){if(tr.instance){this.store=tr.instance.store,this.directClient=tr.instance.directClient,this.useDapr=tr.instance.useDapr;return}if(!n)throw Error("Redis config must be provided for first initialization.");if(L5(n),this.useDapr=n.withDapr??!1,n.withDapr)this.store=new cu(n.stateStoreName??"statestore");else{let r=n.url?new tu(n.url):new tu({host:n.host,port:n.port});this.directClient=r,this.store=new ou(r)}tr.instance=this}async create(n,r,t){return this.store.create(n,r,t)}async read(n){return this.store.read(n)}async update(n,r,t=!0){return this.store.update(n,r,t)}async remove(n){return this.store.remove(n)}async exists(n){return this.store.exists(n)}async keys(n){if(this.useDapr||!this.directClient)return console.warn("[RedisManager] keys() not supported in Dapr mode"),[];try{return await this.directClient.keys(n)}catch(r){return console.error("[Redis] Keys error:",r.message),[]}}async acquireLock(n,r=10){if(this.useDapr||!this.directClient){let t=await this.exists(n);if(!t.success)return{success:!1,error:t.error};if(t.data)return{success:!0,data:!1};if((await this.create(n,"1",r)).success)return{success:!0,data:!0};return{success:!1,error:"Failed to acquire lock"}}try{return{success:!0,data:await this.directClient.set(n,"1","EX",r,"NX")==="OK"}}catch(t){return{success:!1,error:t.message}}}async releaseLock(n){return this.remove(n)}async waitForLock(n,r=5000,t=50){let o=Date.now();while(Date.now()-o<r){let c=await this.exists(n);if(!c.success)return{success:!1,error:c.error};if(!c.data)return{success:!0,data:!0};await new Promise((i)=>setTimeout(i,t))}return{success:!0,data:!1}}async getOrWait(n,r=5000,t=50){let o=Date.now();while(Date.now()-o<r){let c=await this.read(n);if(!c.success)return{success:!1,error:c.error};if(c.data!==null)return{success:!0,data:c.data};await new Promise((i)=>setTimeout(i,t))}return{success:!0,data:null}}}var L5=(n)=>{if(!n)throw Error("Redis config must be provided.");if(n.withDapr){if(!n.stateStoreName)throw Error("Dapr mode requires stateStoreName.");return}let r=Boolean(n.url),t=Boolean(n.host)&&typeof n.port==="number";if(!r&&!t)throw Error("Redis config requires either url or host and port.")};var vt=b(()=>{z0()});var B0=b(()=>{vt()});var U0=b(()=>{vt();Ko()});var W0=b(()=>{vt();Ko();B0()});var au=b(()=>{W0()});var eu=b(()=>{B0();U0();W0();au()});var su=86400,Ao=(n)=>`session:${n}`,ja=(n)=>JSON.stringify(n),fu=(n)=>{if(!n)return null;if(typeof n==="object")return n;try{return JSON.parse(n)}catch{return null}};var Ka=async(n)=>{let r=new tr,t=Ao(n.sessionId),o=await r.remove(t);return o.success&&o.data>0};var va=b(()=>{vt()});import Q5 from"crypto";var lu=async(n)=>{let r=new tr,t=n.sessionId??Q5.randomUUID(),o=Date.now(),c=(n.expiresInSeconds??su)*1000,i=new Date(o).toISOString(),a={id:t,userId:n.userId,createdAt:i,expiresAt:new Date(o+c).toISOString(),lastActiveAt:i,clientMeta:n.clientMeta,fingerprintHash:n.fingerprintHash,deviceInfo:n.deviceInfo,refreshTokenHash:n.refreshTokenHash,loginMethod:n.loginMethod,rememberMe:n.rememberMe},e=await r.create(Ao(t),ja(a));if(!e.success)return{success:!1,error:e.error};return{success:!0,session:a}};var V0=b(()=>{vt()});var _u=b(()=>{Ko();U0();va();V0()});var du=b(()=>{_u()});var Zo=async(n)=>{let r=new tr,t=Ao(n.sessionId),o=await r.read(t);if(!o.success||!o.data)return null;let c=fu(o.data);if(!c)return null;if(new Date(c.expiresAt).getTime()<=Date.now())return await Ka({sessionId:n.sessionId}),null;return c};var Za=b(()=>{vt();va()});var uu=async(n)=>{let r=await Zo({sessionId:n.sessionId});if(!r)return{success:!1,error:"Session not found"};let t={...r,...n.updates,lastActiveAt:n.updates.lastActiveAt??new Date().toISOString()},c=await new tr().create(Ao(n.sessionId),ja(t));if(!c.success)return{success:!1,error:c.error};return{success:!0,session:t}},Y0=async(n)=>{return uu({sessionId:n,updates:{lastActiveAt:new Date().toISOString()}})};var bu=b(()=>{vt();Za()});var O5=async(n)=>{let r=ho(n.jwtToken,n.jwtSecret);if(!r.valid)return{isValid:!1,reason:r.error};let t=await Zo({sessionId:n.sessionId});if(!t)return{isValid:!1,reason:"Session not found"};let o;if(n.savedFingerprint&&n.headers&&n.requestIp){let c={};for(let[a,e]of Object.entries(n.headers))if(e!==void 0)c[a]=e;let i=Md({savedFingerprint:n.savedFingerprint,headers:c,requestIp:n.requestIp});if(o=i.isValid,!i.isValid)return{isValid:!1,reason:i.reason??"Fingerprint mismatch"}}return{isValid:!0,context:{userId:t.userId,sessionId:t.id,fingerprintValid:o}}};var gu=b(()=>{s0();Ko();Za()});var wu={};go(wu,{validateSession:()=>O5,updateSession:()=>uu,updateLastActiveAt:()=>Y0,readSession:()=>Zo,generateSession:()=>lu,deleteSession:()=>Ka});var J0=b(()=>{va();V0();Za();bu();gu()});var mu=b(()=>{Hd();Ko();Od();eu();du();J0()});import{eq as G5}from"drizzle-orm";function zi(n,r,t,o,c,i){let a=[n.toLowerCase()];if(i)a.push("bulk");if(a.push(r),o){if(a.push("with"),a.push(o),c)a.push(c)}else if(t)a.push(t);return a.join(".")}function Bi(n,r,t){if(r)return`/${n}/bulk`;if(t)return`/${n}/:id`;return`/${n}`}function P5(n,r,t){let o=[],c=n.table_name,i=n.excluded_methods||[];for(let a of N5){if(i.includes(a))continue;let e=a==="PUT"||a==="PATCH"||a==="DELETE";if(o.push({action:zi(a,c),description:`${a} access to ${c}`,path:Bi(c,!1,e&&a!=="DELETE"),method:a}),a==="GET"&&n.columns){for(let f of n.columns){if(r.skipColumns.includes(f.name))continue;o.push({action:zi(a,c,f.name),description:`${a} access to ${c}.${f.name}`,path:Bi(c),method:a})}let s=`${c}Relations`;if(t[s]){let f=t[s];if(f?.config?.referencedTable?._?.name){let d=f.config.referencedTable._.name;o.push({action:zi(a,c,void 0,d),description:`${a} access to ${c} with ${d}`,path:Bi(c),method:a})}}}if(a==="POST"||a==="PUT"||a==="PATCH"){if(n.columns)for(let s of n.columns){if(r.skipColumns.includes(s.name))continue;o.push({action:zi(a,c,s.name),description:`${a} access to ${c}.${s.name}`,path:Bi(c,!1,a!=="POST"),method:a})}}}for(let a of x5){if(i.includes(a))continue;o.push({action:zi(a,c,void 0,void 0,void 0,!0),description:`Bulk ${a} access to ${c}`,path:Bi(c,!0),method:a})}return o}async function hu(n,r,t,o,c,i){let a=r.claims;if(!a)return i.warn("[Authorization] Claims table not found in schema"),{total:0,created:0,existing:0,claims:[]};let e=[];for(let w of o){if(c.skipTables.includes(w.table_name))continue;let g=P5(w,c,t);e.push(...g)}let s=e.filter((w,g,u)=>g===u.findIndex((m)=>m.action===w.action)),f=0,d=0,l=[];for(let w of s)try{if((await n.select().from(a).where(G5(a.action,w.action)).limit(1)).length===0)await n.insert(a).values(w),f++,l.push(w.action),i.debug(`[Authorization] Created claim: ${w.action}`);else d++}catch(g){i.error(`[Authorization] Failed to create claim: ${w.action}`,g)}return i.info(`[Authorization] Claims seeded: ${f} created, ${d} existing, ${s.length} total`),{total:s.length,created:f,existing:d,claims:l}}var N5,x5;var $u=b(()=>{N5=["GET","POST","PUT","PATCH","DELETE"],x5=["POST","PUT","DELETE"]});var{password:C5}=globalThis.Bun;import{eq as X0}from"drizzle-orm";async function Au(n,r,t,o){if(!t.godminEmail||!t.godminPassword)return o.warn("[Authorization] Godmin email or password not configured, skipping godmin setup"),{success:!1};let{roles:c,users:i,userRoles:a}=r;if(!c||!i||!a)return o.error("[Authorization] Required tables not found for godmin setup"),{success:!1};try{let e,s=await n.select().from(c).where(X0(c.name,L0)).limit(1);if(s.length===0){let[g]=await n.insert(c).values({name:L0,description:"God mode administrator - bypasses all authorization checks"}).returning();e=g.id,o.info(`[Authorization] Created godmin role: ${e}`)}else e=s[0].id,o.debug(`[Authorization] Godmin role already exists: ${e}`);let f,d=await n.select().from(i).where(X0(i.email,t.godminEmail)).limit(1);if(d.length===0){let g=await C5.hash(t.godminPassword,{algorithm:"bcrypt",cost:10}),[u]=await n.insert(i).values({email:t.godminEmail,password:g,verifiedAt:new Date,isActive:!0}).returning();f=u.id,o.info(`[Authorization] Created godmin user: ${f}`)}else f=d[0].id,o.debug(`[Authorization] Godmin user already exists: ${f}`);if(!(await n.select().from(a).where(X0(a.userId,f)).limit(1)).some((g)=>g.roleId===e))await n.insert(a).values({userId:f,roleId:e}),o.info(`[Authorization] Assigned godmin role to user: ${f}`);return{success:!0,userId:f,roleId:e}}catch(e){return o.error("[Authorization] Failed to setup godmin",e),{success:!1}}}function Q0(n){return n===L0}var L0="godmin";var O0=()=>{};import{eq as G0,inArray as q5}from"drizzle-orm";function F5(n){return n.startsWith(Ru)}function j5(n){return{field:n.slice(Ru.length)}}function Eu(n){if(!n)return{};let r=new URLSearchParams(n),t={};for(let[o,c]of r.entries())if(F5(c))t[o]=j5(c);else t[o]=c;return t}function Su(n,r,t){let o={};for(let[c,i]of Object.entries(n))if(typeof i==="object"&&"field"in i){if(!r){t.warn(`[Authorization] Cannot resolve self:${i.field} - userData not provided`);continue}let a=i.field,e=a.replace(/_([a-z])/g,(f,d)=>d.toUpperCase()),s;if(a in r)s=r[a];else if(e in r)s=r[e];else{t.warn(`[Authorization] Cannot resolve self:${a} - field not found in userData`);continue}o[c]=s,t.debug(`[Authorization] Resolved self:${a} -> ${s}`)}else o[c]=i;return o}function kc(n,r,t,o){let c=[n.toLowerCase(),r];if(o)c.push("with",o);else if(t)c.push(t);return c.join(".")}function Mc(n,r){if(n===r)return!0;let t=n.split("."),o=r.split(".");if(t.length>o.length)return!1;for(let c=0;c<t.length;c++)if(t[c]!==o[c])return!1;return!0}async function pa(n){let{userId:r,method:t,entity:o,requestedFields:c,requestedRelations:i,db:a,schemaTables:e,logger:s,userData:f}=n,d=e.roles,l=e.userRoles,w=e.roleClaims,g=e.claims;if(!d||!l||!w||!g)return s.error("[Authorization] Required tables not found"),{authorized:!1,reason:"Authorization tables not configured"};try{let u=l,m=d,_=await a.select({roleId:u.roleId,roleName:m.name}).from(l).innerJoin(d,G0(u.roleId,m.id)).where(G0(u.userId,r));if(_.length===0)return{authorized:!1,reason:"User has no roles assigned"};if(_.some((X)=>Q0(X.roleName)))return s.debug(`[Authorization] User ${r} has godmin role, bypassing checks`),{authorized:!0};let h=_.map((X)=>X.roleId),E=w,W=g,V=await a.select({claimAction:W.action,scope:E.scope}).from(w).innerJoin(g,G0(E.claimId,W.id)).where(q5(E.roleId,h));if(V.length===0)return{authorized:!1,reason:"User roles have no claims assigned"};let H=kc(t,o);if(!V.some((X)=>Mc(X.claimAction,H)))return{authorized:!1,reason:`No access to ${t} ${o}`};let R=[],$=[],A={},M=!1;for(let X of V)if(X.claimAction===H){M=!0;let B=Eu(X.scope),L=Su(B,f,s);Object.assign(A,L)}if(M)return{authorized:!0,scopeFilters:Object.keys(A).length>0?A:void 0};if(c)for(let X of c){let O=kc(t,o,X);if(V.some((L)=>Mc(L.claimAction,O)))R.push(X)}if(i)for(let X of i){let O=kc(t,o,void 0,X);if(V.some((L)=>Mc(L.claimAction,O)))$.push(X)}for(let X of V){let O=Eu(X.scope),B=Su(O,f,s);Object.assign(A,B)}if(!(R.length>0||$.length>0)&&(c?.length||i?.length))return{authorized:!1,reason:"No access to requested fields or relations"};return{authorized:!0,allowedFields:R.length>0?R:void 0,allowedRelations:$.length>0?$:void 0,scopeFilters:Object.keys(A).length>0?A:void 0}}catch(u){return s.error("[Authorization] Check failed",u),{authorized:!1,reason:"Authorization check failed"}}}function Du(n){let{userClaims:r,userRoles:t,method:o,entity:c,requestedFields:i,requestedRelations:a,logger:e}=n;if(r.length===0&&t.length===0)return{authorized:!1,reason:"No roles or claims in token"};if(t.some((g)=>Q0(g)))return e.debug("[Authorization:JWT] User has godmin role, bypassing checks"),{authorized:!0};let s=kc(o,c);if(r.some((g)=>Mc(g,s)))return{authorized:!0};let d=[],l=[];if(i)for(let g of i){let u=kc(o,c,g);if(r.some((m)=>Mc(m,u)))d.push(g)}if(a)for(let g of a){let u=kc(o,c,void 0,g);if(r.some((m)=>Mc(m,u)))l.push(g)}if(!(d.length>0||l.length>0)&&(i?.length||a?.length))return{authorized:!1,reason:`No access to ${o} ${c}`};return{authorized:!0,allowedFields:d.length>0?d:void 0,allowedRelations:l.length>0?l:void 0}}async function ku(n){let{idpUrl:r,accessToken:t,method:o,entity:c,requestedFields:i,requestedRelations:a,logger:e}=n;try{let s=await fetch(`${r}/auth/check`,{method:"POST",headers:{"Content-Type":"application/json",Cookie:`access_token=${t}`},body:JSON.stringify({entity:c,method:o,fields:i,relations:a})});if(!s.ok)return e.warn(`[Authorization:IDP] IDP /auth/check returned ${s.status}`),{authorized:!1,reason:`IDP authorization check failed (${s.status})`};return await s.json()}catch(s){let f=s instanceof Error?s.message:String(s);return e.error(`[Authorization:IDP] Failed to reach IDP: ${f}`),{authorized:!1,reason:"IDP authorization service unavailable"}}}function Ia(n,r){if(!r||r.length===0)return n;let o=[...new Set([...["id"],...r])],c=(i)=>{let a={};for(let e of o)if(e in i)a[e]=i[e];return a};if(Array.isArray(n))return n.map(c);return c(n)}function Mu(n,r){if(!r)return n;let t=(o)=>{let c={...o};for(let i of Object.keys(c))if(typeof c[i]==="object"&&c[i]!==null&&!r.includes(i))delete c[i];return c};if(Array.isArray(n))return n.map(t);return t(n)}var Ru="self:";var N0=b(()=>{O0()});var Hu;var zu=b(()=>{Hu={enabled:!1,autoSeedClaims:!0,skipTables:["audit_logs"],skipColumns:["id","created_at","updated_at","is_active","password","version"],excludedPaths:["/health","/swagger"],publicPaths:["/auth/login","/auth/register"]}});var x0=b(()=>{$u();O0();N0();zu()});function K5(n){let r=n.match(/^(\d+)(s|m|h|d)$/);if(!r||!r[1]||!r[2])return 300;let t=Number.parseInt(r[1],10);switch(r[2]){case"s":return t;case"m":return t*60;case"h":return t*3600;case"d":return t*86400;default:return 300}}function v5(){let n=new Uint8Array(24);return crypto.getRandomValues(n),Array.from(n).map((r)=>r.toString(16).padStart(2,"0")).join("")}function Bu(n){let r=new Bun.CryptoHasher("sha256");return r.update(n),r.digest("hex")}function Z5(n,r){if(n.length!==r.length){let a=new Uint8Array(32);return crypto.getRandomValues(a),!1}let t=new TextEncoder,o=t.encode(n),c=t.encode(r),i=0;for(let a=0;a<o.length;a++)i|=(o[a]??0)^(c[a]??0);return i===0}function po(n,r){let t=r-n+1,o=Math.ceil(Math.log2(t)/8)||1,c=256**o,i=c-c%t,a,e=new Uint8Array(o);do crypto.getRandomValues(e),a=e.reduce((s,f,d)=>s+f*256**d,0);while(a>=i);return n+a%t}function Uu(n){let r=P0[n],{min:t,max:o}=r.mathRange,c=["+","-","\xD7"],i=c[po(0,c.length-1)],a=po(t,o),e=po(t,o),s;switch(i){case"+":s=a+e;break;case"-":if(a<e)[a,e]=[e,a];s=a-e;break;case"\xD7":a=po(1,12),e=po(1,12),s=a*e;break;default:s=a+e}return{question:`${a} ${i} ${e} = ?`,answer:s.toString()}}function Wu(n){let r=P0[n],t="";for(let o=0;o<r.textLength;o++)t+="ABCDEFGHJKLMNPQRSTUVWXYZ23456789".charAt(po(0,31));return{question:t,answer:t}}function p5(n){let r=Wu(n),t=200,o=60,c=I5(r.answer,200,60),i=`data:image/svg+xml;base64,${Buffer.from(c).toString("base64")}`;return{question:"Enter the text shown in the image",answer:r.answer,imageData:i}}function bn(){let n=new Uint32Array(1);return crypto.getRandomValues(n),(n[0]??0)/4294967295}function I5(n,r,t){let o=240+bn()*15,c=240+bn()*15,i=240+bn()*15,a=`rgb(${o}, ${c}, ${i})`,e="";for(let u=0;u<12;u++){let m=bn()*r,_=bn()*t,S=bn()*r,h=bn()*t,E=bn()*100+100,W=bn()*100+100,V=bn()*100+100,H=1+bn()*2;e+=`<line x1="${m}" y1="${_}" x2="${S}" y2="${h}" stroke="rgb(${E},${W},${V})" stroke-width="${H}"/>`}let s="";for(let u=0;u<4;u++){let m=bn()*r,_=bn()*t,S=bn()*r,h=bn()*t,E=bn()*r,W=bn()*t,V=bn()*r,H=bn()*t,D=bn()*80+80,R=bn()*80+80,$=bn()*80+80;s+=`<path d="M${m},${_} C${S},${h} ${E},${W} ${V},${H}" stroke="rgb(${D},${R},${$})" stroke-width="2" fill="none"/>`}let f="";for(let u=0;u<80;u++){let m=bn()*r,_=bn()*t,S=bn()*150+50,h=bn()*150+50,E=bn()*150+50,W=bn()*3+1;f+=`<circle cx="${m}" cy="${_}" r="${W}" fill="rgb(${S},${h},${E})"/>`}let d="",l=r/(n.length+2),w=l;for(let u=0;u<n.length;u++){let m=w+u*l+(bn()-0.5)*15,_=t/2+8+(bn()-0.5)*12,S=(bn()-0.5)*40,h=22+bn()*10,E=bn()*80,W=bn()*80,V=bn()*80,H=(bn()-0.5)*15,D=0.9+bn()*0.3;d+=`<text x="${m}" y="${_}" font-family="Arial, Helvetica, sans-serif" font-size="${h}" font-weight="bold" fill="rgb(${E},${W},${V})" transform="rotate(${S}, ${m}, ${_}) skewX(${H}) scale(1, ${D})" style="font-style: ${bn()>0.5?"italic":"normal"}">${n[u]}</text>`}let g="";for(let u=0;u<3;u++){let m=10+bn()*(t-20),_=bn()*60+60,S=bn()*60+60,h=bn()*60+60;g+=`<line x1="0" y1="${m}" x2="${r}" y2="${m+(bn()-0.5)*20}" stroke="rgb(${_},${S},${h})" stroke-width="1.5"/>`}return`<svg xmlns="http://www.w3.org/2000/svg" width="${r}" height="${t}" viewBox="0 0 ${r} ${t}">
+`).slice(1,4);for(let g of w)r(`  ${c}${g.trim()}${o}`)}}}getConsoleMethod(n){switch(n){case"debug":return console.debug.bind(console);case"info":return console.info.bind(console);case"warn":return console.warn.bind(console);case"error":case"fatal":return console.error.bind(console);default:return console.log.bind(console)}}}class Ma{name="database";db;table;enabled;constructor(n){this.db=n.db,this.table=n.table,this.enabled=n.enabled??!0}setDb(n){this.db=n}setTable(n){this.table=n}setEnabled(n){this.enabled=n}async write(n){if(!this.enabled||!this.db||!this.table)return;try{await this.db.insert(this.table).values({id:n.id,entityId:n.entityId,entityName:n.entityName,operationType:n.operation,userId:n.userId,ipAddress:n.ipAddress,userAgent:n.userAgent,summary:n.summary,oldValues:n.oldValues,newValues:n.newValues,path:n.path,query:n.query})}catch(r){console.error("Audit log write failed:",r)}}}class Ha{name="console-audit";enabled;constructor(n={}){this.enabled=n.enabled??!0}write(n){if(!this.enabled)return;let r="\x1B[35m",t=Ps,o=Cs;console.log(`${o}${n.timestamp}${t} ${r}AUDIT${t} [${n.operation}] ${n.entityName}${n.entityId?`:${n.entityId}`:""} ${o}by ${n.userId||"anonymous"}${t}`)}}var Zs=b(()=>{qs();Da()});import{randomUUID as l5}from"crypto";class jr{config;transports;auditTransports;context;correlationId;static instance=null;constructor(n={},r={},t){this.config={..._5,...n},this.context=r,this.correlationId=t,this.transports=[new ka({colorize:this.config.colorize,prettyPrint:this.config.prettyPrint})],this.auditTransports=[new Ha({enabled:this.config.prettyPrint})]}static getInstance(n){if(!jr.instance)jr.instance=new jr(n);return jr.instance}static resetInstance(){jr.instance=null}child(n,r){let t=new jr(this.config,js(this.context,n)||{},r||this.correlationId);return t.transports=this.transports,t.auditTransports=this.auditTransports,t}withCorrelationId(n){return this.child({},n)}addTransport(n){this.transports.push(n)}addAuditTransport(n){this.auditTransports.push(n)}setLevel(n){this.config.level=n}setAuditEnabled(n){this.config.auditEnabled=n}isAuditEnabled(){return this.config.auditEnabled}shouldLog(n){return xs[n]>=xs[this.config.level]}createEntry(n,r,t,o,c){let i={timestamp:new Date().toISOString(),level:n,message:r,service:this.config.service,correlationId:this.correlationId},a=js(this.context,t);if(a&&Object.keys(a).length>0)i.context=$i(a,this.config.redactKeys);if(this.config.includeCallerInfo)i.caller=wd();if(o)i.error=Fs(o);if(c!==void 0)i.duration=performance.now()-c;return i}log(n,r,t,o,c){if(!this.shouldLog(n))return;let i=this.createEntry(n,r,t,o,c);for(let a of this.transports)try{a.log(i)}catch(e){console.error(`Logger transport "${a.name}" failed:`,e)}}debug(n,r){this.log("debug",n,r)}info(n,r){this.log("info",n,r)}warn(n,r){this.log("warn",n,r)}error(n,r,t){this.log("error",n,t,r)}fatal(n,r,t){this.log("fatal",n,t,r)}time(n){let r=performance.now();return()=>{this.log("debug",`${n} completed`,void 0,void 0,r)}}async timeAsync(n,r,t){let o=performance.now();try{let c=await r();return this.log("debug",`${n} completed`,t,void 0,o),c}catch(c){throw this.log("error",`${n} failed`,t,c,o),c}}request(n){let r=n.statusCode>=500?"error":n.statusCode>=400?"warn":"info";this.log(r,`${n.method} ${n.path} ${n.statusCode}`,{method:n.method,path:n.path,statusCode:n.statusCode,durationMs:n.duration,correlationId:n.correlationId,userId:n.userId,ip:n.ip,userAgent:n.userAgent})}db(n){let r=n.error?"error":"debug";this.log(r,`DB ${n.operation} on ${n.table}`,{operation:n.operation,table:n.table,durationMs:n.duration,rowCount:n.rowCount},n.error)}async flush(){for(let n of this.transports)if(n.flush)await n.flush()}async audit(n){let r={id:l5(),timestamp:new Date().toISOString(),entityName:n.entityName,entityId:n.entityId??null,operation:n.operation,userId:n.userId??null,summary:n.summary||`${n.operation} on ${n.entityName}`,oldValues:n.oldValues||{},newValues:n.newValues||{},ipAddress:n.ipAddress||"unknown",userAgent:n.userAgent||"unknown",path:n.path||"",query:n.query||"",correlationId:this.correlationId};for(let t of this.auditTransports)try{await t.write(r)}catch(o){console.error(`Audit transport "${t.name}" failed:`,o)}}auditOnly(n){this.audit(n)}async trace(n){let r=n.log!==!1,t=n.writeAudit===!0||n.writeAudit!==!1&&this.config.auditEnabled&&n.audit;if(r)this.log(n.level||"info",n.message,n.context,n.error);if(t&&n.audit)await this.audit(n.audit)}traceSync(n){let r=n.log!==!1,t=n.writeAudit===!0||n.writeAudit!==!1&&this.config.auditEnabled&&n.audit;if(r)this.log(n.level||"info",n.message,n.context,n.error);if(t&&n.audit)this.audit(n.audit)}}var _5,d5;var ps=b(()=>{Zs();qs();Da();_5={level:"info",service:"nucleus",environment:"development",redactKeys:[],colorize:!0,prettyPrint:!0,includeCallerInfo:!0,asyncBufferSize:100,flushIntervalMs:1000,auditEnabled:!1};d5=jr.getInstance()});var Ed=T2((xS,Ad)=>{var hd=12,z5=0,Ts=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,4,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,6,7,7,7,7,7,7,7,7,7,7,7,7,8,7,7,10,9,9,9,11,4,4,4,4,4,4,4,4,4,4,4,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,24,36,48,60,72,84,96,0,12,12,12,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,24,24,24,0,0,0,0,0,0,0,0,0,24,24,0,0,0,0,0,0,0,0,0,0,48,48,48,0,0,0,0,0,0,0,0,0,0,48,48,0,0,0,0,0,0,0,0,0,48,0,0,0,0,0,0,0,0,0,0,127,63,63,63,0,31,15,15,15,7,7,7];function B5(n){var r=n.indexOf("%");if(r===-1)return n;var t=n.length,o="",c=0,i=0,a=r,e=hd;while(r>-1&&r<t){var s=$d(n[r+1],4),f=$d(n[r+2],0),d=s|f,l=Ts[d];if(e=Ts[256+e+l],i=i<<6|d&Ts[364+l],e===hd)o+=n.slice(c,a),o+=i<=65535?String.fromCharCode(i):String.fromCharCode(55232+(i>>10),56320+(i&1023)),i=0,c=r+3,r=a=n.indexOf("%",c);else if(e===z5)return null;else{if(r+=3,r<t&&n.charCodeAt(r)===37)continue;return null}}return o+n.slice(c)}var U5={"0":0,"1":1,"2":2,"3":3,"4":4,"5":5,"6":6,"7":7,"8":8,"9":9,a:10,A:10,b:11,B:11,c:12,C:12,d:13,D:13,e:14,E:14,f:15,F:15};function $d(n,r){var t=U5[n];return t===void 0?255:t<<r}Ad.exports=B5});var Dd=(n)=>{return n?.trim().toLowerCase()||"unknown"},a0=(n,r)=>{return n[r.toLowerCase()]??n[r]};import W5 from"crypto";var kd=(n)=>{let r=JSON.stringify({userAgent:Dd(n.userAgent),extra:n.extra??{}});return{hash:W5.createHash("sha256").update(r).digest("base64url"),components:n}};var e0=()=>{};var Md=({savedFingerprint:n,requestIp:r,headers:t})=>{let o=a0(t,"user-agent"),c=a0(t,"x-forwarded-for")??r??void 0,i=kd({userAgent:o,ipAddress:c}),a=[{field:"userAgent",saved:n.components.userAgent,received:o},{field:"ipAddress",saved:n.components.ipAddress,received:c}].find(({saved:e,received:s})=>e??(s??"")!=="");if(a)return{isValid:!1,reason:`${a.field} mismatch`,currentFingerprint:i};return{isValid:!0,currentFingerprint:i}};var s0=b(()=>{e0()});var Hd=b(()=>{e0();s0()});import zd from"crypto";var f0=(n)=>{return(Buffer.isBuffer(n)?n.toString("base64"):Buffer.from(n).toString("base64")).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")},Bd=(n)=>{let r="=".repeat((4-n.length%4)%4),t=n.replace(/-/g,"+").replace(/_/g,"/")+r;return Buffer.from(t,"base64").toString("utf-8")},l0=(n,r,t)=>{let o=t.replace("HS","sha"),c=zd.createHmac(o,r);return c.update(n),f0(c.digest())},Ud=(n,r,t,o)=>{let c=l0(n,t,o);return zd.timingSafeEqual(Buffer.from(r),Buffer.from(c))},Wd=(n)=>{return f0(JSON.stringify(n))},Vd=(n)=>{return f0(JSON.stringify(n))},Ua=(n)=>{try{return JSON.parse(Bd(n))}catch{return null}},Wa=(n)=>{try{return JSON.parse(Bd(n))}catch{return null}};var Va=()=>{};var V5=(n)=>{let r=n.split(".");if(r.length!==3)return null;let[t,o,c]=r;if(!t||!o||!c)return null;let i=Ua(t),a=Wa(o);if(!i||!a)return null;return{header:i,payload:a,signature:c}};var Yd=b(()=>{Va()});var Di=(n,r,t="HS256")=>{let o={alg:t,typ:"JWT"},c=Math.floor(Date.now()/1000),i={sub:n.subject,iat:c,exp:c+n.expiresInSeconds,iss:n.issuer,aud:n.audience,jti:n.jwtId,sessionId:n.sessionId,...n.customClaims},a=Wd(o),e=Vd(i),s=`${a}.${e}`,f=l0(s,r,t);return`${s}.${f}`};var Jd=b(()=>{Va()});var ho=(n,r)=>{let t=n.split(".");if(t.length!==3)return{valid:!1,error:"Invalid token format: expected 3 parts"};let[o,c,i]=t;if(!o||!c||!i)return{valid:!1,error:"Invalid token format: missing parts"};let a=Ua(o);if(!a)return{valid:!1,error:"Invalid header: failed to decode"};if(a.typ!=="JWT")return{valid:!1,error:"Invalid header: typ must be JWT"};if(!["HS256","HS384","HS512"].includes(a.alg))return{valid:!1,error:`Unsupported algorithm: ${a.alg}`};let s=`${o}.${c}`;if(!Ud(s,i,r,a.alg))return{valid:!1,error:"Invalid signature"};let d=Wa(c);if(!d)return{valid:!1,error:"Invalid payload: failed to decode"};let l=Math.floor(Date.now()/1000);if(d.exp&&d.exp<l)return{valid:!1,error:"Token expired"};if(d.iat&&d.iat>l+60)return{valid:!1,error:"Token issued in the future"};return{valid:!0,payload:d}};var Xd=b(()=>{Va()});var Ld={};go(Ld,{verifyJWT:()=>ho,signJWT:()=>Di,decodeJWT:()=>V5});var Ko=b(()=>{Yd();Jd();Xd()});var Qd=()=>{};var Od=b(()=>{Qd()});var Gd="127.0.0.1",Nd="3500",xd=4,jt="statestore-redis",_0="pubsub-rabbitmq",d0="secretstore",ki="configstore-redis",Pd="DAPR_HOST",Cd="DAPR_HTTP_PORT",qd="DAPR_HTTP_ENDPOINT",Fd="DAPR_GRPC_ENDPOINT",jd="DAPR_API_TOKEN",Kd=30000,vd=1e4,Zd=5000,Kt,Ya,it;var Jt=b(()=>{Kt={CONNECTED:"connected",DISCONNECTED:"disconnected",CONNECTING:"connecting",ERROR:"error"},Ya={HEALTHY:"healthy",UNHEALTHY:"unhealthy"},it={CONNECTION_ERROR:"DAPR_CONNECTION_ERROR",TIMEOUT_ERROR:"DAPR_TIMEOUT_ERROR",STATE_ERROR:"DAPR_STATE_ERROR",PUBSUB_ERROR:"DAPR_PUBSUB_ERROR",BINDING_ERROR:"DAPR_BINDING_ERROR",SECRET_ERROR:"DAPR_SECRET_ERROR",CONFIG_ERROR:"DAPR_CONFIG_ERROR",INVOKE_ERROR:"DAPR_INVOKE_ERROR",CRYPTO_ERROR:"DAPR_CRYPTO_ERROR",LOCK_ERROR:"DAPR_LOCK_ERROR",WORKFLOW_ERROR:"DAPR_WORKFLOW_ERROR",VALIDATION_ERROR:"DAPR_VALIDATION_ERROR"}});var at,Dc=(n,r)=>new at(it.CONNECTION_ERROR,n,r),pd=(n,r)=>new at(it.TIMEOUT_ERROR,n,r),vo=(n,r)=>new at(it.STATE_ERROR,n,r),u0=(n,r)=>new at(it.PUBSUB_ERROR,n,r),Id=(n,r)=>new at(it.BINDING_ERROR,n,r),b0=(n,r)=>new at(it.SECRET_ERROR,n,r),Ja=(n,r)=>new at(it.CONFIG_ERROR,n,r),yd=(n,r)=>new at(it.INVOKE_ERROR,n,r),g0=(n,r)=>new at(it.CRYPTO_ERROR,n,r),w0=(n,r)=>new at(it.LOCK_ERROR,n,r),$o=(n,r)=>new at(it.WORKFLOW_ERROR,n,r),Rn=async(n,r)=>{try{return await n()}catch(t){let o=t instanceof Error?t.message:String(t);throw r(o,t)}};var Kr=b(()=>{Jt();at=class at extends Error{code;details;constructor(n,r,t){super(r);this.name="DaprManagerError",this.code=n,this.details=t}toJSON(){return{code:this.code,message:this.message,details:this.details}}}});var Td,Xa=(n="info")=>{let r=Td[n],t=(o)=>(c,...i)=>{if(Td[o]<r)return;let a=new Date().toISOString(),e=i.length>0?` ${JSON.stringify(i)}`:"";console[o](`[${a}] [Dapr] [${o.toUpperCase()}] ${c}${e}`)};return{debug:t("debug"),info:t("info"),warn:t("warn"),error:t("error")}},Mi=async(n,r,t="Operation timed out")=>{return Promise.race([n(),new Promise((o,c)=>{setTimeout(()=>{c(pd(t))},r)})])},Dn=(n,r,t)=>{let o=r.filter((c)=>n[c]===void 0);if(o.length>0)throw Error(`Missing required ${t} parameters: ${o.join(", ")}`)};var et=b(()=>{Jt();Kr();Td={debug:0,info:1,warn:2,error:3}});class La{client;logger;constructor(n,r){this.client=n,this.logger=r}async invoke(n,r,t,o={}){return Dn({name:n,operation:r},["name","operation"],"binding invoke"),Rn(async()=>{this.logger.debug("Invoking binding",{name:n,operation:r});let i=await(await this.client()).binding.send(n,r,t,o.metadata);return this.logger.debug("Binding invoked successfully",{name:n,operation:r}),i},(c,i)=>Id(`Failed to invoke binding ${n}: ${c}`,i))}}var m0=b(()=>{Kr();et()});class Qa{client;logger;constructor(n,r){this.client=n,this.logger=r}async get(n,r=ki){if(Dn({keys:n,storeName:r},["keys","storeName"],"config get"),n.length===0)return{};return Rn(async()=>{this.logger.debug("Getting configuration",{keys:n,storeName:r});let o=await(await this.client()).configuration.get(r,n);return this.logger.debug("Configuration retrieved",{keys:n,storeName:r,itemCount:Object.keys(o.items||{}).length}),o.items||{}},(t,o)=>Ja(`Failed to get configuration: ${t}`,o))}async subscribeWithKeys(n,r,t=ki){if(Dn({keys:n,callback:r,storeName:t},["keys","callback","storeName"],"config subscribeWithKeys"),n.length===0)throw Ja("At least one key must be provided for subscription");return Rn(async()=>{this.logger.debug("Subscribing to configuration updates",{keys:n,storeName:t});let c=await(await this.client()).configuration.subscribeWithKeys(t,n,async(i)=>{try{this.logger.debug("Received configuration update",{storeName:t,updatedKeys:Object.keys(i.items||{})}),await r(i)}catch(a){this.logger.error("Error in configuration subscription callback",a)}});return this.logger.debug("Configuration subscription established",{keys:n,storeName:t}),{stop:()=>{this.logger.debug("Stopping configuration subscription",{keys:n,storeName:t}),c.stop()}}},(o,c)=>Ja(`Failed to subscribe to configuration updates: ${o}`,c))}async getValue(n,r=ki){return(await this.get([n],r))[n]?.value}async getValues(n,r=ki){let t=await this.get(n,r),o={};for(let c in t)if(t[c]?.value!==void 0)o[c]=t[c].value;return o}}var h0=b(()=>{Jt();Kr();et()});class Oa{client;logger;constructor(n,r){this.client=n,this.logger=r}async encrypt(n,r){return Dn({data:n,componentName:r.componentName},["data","componentName"],"crypto encrypt"),Rn(async()=>{this.logger.debug("Encrypting data",{componentName:r.componentName,keyName:r.keyName,keyWrapAlgorithm:r.keyWrapAlgorithm});let t=await this.client(),o=typeof n==="string"?Buffer.from(n):n,c={componentName:r.componentName};if(r.keyName)c.keyName=r.keyName;if(r.keyWrapAlgorithm)c.keyWrapAlgorithm=r.keyWrapAlgorithm;let i=await t.crypto.encrypt(o,c);return this.logger.debug("Data encrypted successfully",{componentName:r.componentName,inputSize:o.length,outputSize:i.length}),i},(t,o)=>g0(`Failed to encrypt data: ${t}`,o))}async decrypt(n,r){return Dn({data:n,componentName:r.componentName},["data","componentName"],"crypto decrypt"),Rn(async()=>{this.logger.debug("Decrypting data",{componentName:r.componentName});let t=await this.client(),o=typeof n==="string"?Buffer.from(n):n,c={componentName:r.componentName};if(r.keyName)c.keyName=r.keyName;if(r.keyWrapAlgorithm)c.keyWrapAlgorithm=r.keyWrapAlgorithm;let i=await t.crypto.decrypt(o,c);return this.logger.debug("Data decrypted successfully",{componentName:r.componentName,inputSize:o.length,outputSize:i.length}),i},(t,o)=>g0(`Failed to decrypt data: ${t}`,o))}async encryptString(n,r){return(await this.encrypt(n,r)).toString("base64")}async decryptString(n,r){let t=Buffer.from(n,"base64");return(await this.decrypt(t,r)).toString("utf-8")}}var $0=b(()=>{Kr();et()});import{HttpMethod as Hi}from"@dapr/dapr";class Ga{client;logger;constructor(n,r){this.client=n,this.logger=r}async invoke(n,r,t=Hi.POST,o,c={}){Dn({appId:n,methodName:r,httpMethod:t},["appId","methodName","httpMethod"],"invoke service");let i=c.timeout||Kd;return Rn(async()=>{this.logger.debug("Invoking service",{appId:n,methodName:r,httpMethod:t,hasData:o!==void 0});let a=r;if(c.queryParams&&Object.keys(c.queryParams).length>0){let f=Object.entries(c.queryParams).map(([d,l])=>`${encodeURIComponent(d)}=${encodeURIComponent(l)}`).join("&");a=`${r}?${f}`}let e=await this.client(),s=await Mi(()=>e.invoker.invoke(n,a,t,o,c.headers),i,`Service invocation timed out after ${i}ms`);if(this.logger.debug("Service invoked successfully",{appId:n,methodName:r,httpMethod:t,status:s?.status}),!s)return;if("data"in s)return s.data;return s},(a,e)=>yd(`Failed to invoke service ${n}.${r}: ${a}`,e))}async get(n,r,t={}){return this.invoke(n,r,Hi.GET,void 0,t)}async post(n,r,t,o={}){return this.invoke(n,r,Hi.POST,t,o)}async put(n,r,t,o={}){return this.invoke(n,r,Hi.PUT,t,o)}async delete(n,r,t={}){return this.invoke(n,r,Hi.DELETE,void 0,t)}}var A0=b(()=>{Jt();Kr();et()});class Na{client;logger;constructor(n,r){this.client=n,this.logger=r}async lock(n,r,t,o){return Dn({storeName:n,resourceId:r,lockOwner:t,expiryInSeconds:o.expiryInSeconds},["storeName","resourceId","lockOwner","expiryInSeconds"],"lock"),Rn(async()=>{this.logger.debug("Acquiring lock",{storeName:n,resourceId:r,lockOwner:t});let i=await(await this.client()).lock.lock(n,r,t,o.expiryInSeconds);return this.logger.debug("Lock acquisition result",{storeName:n,resourceId:r,lockOwner:t,success:i.success}),{success:i.success}},(c,i)=>w0(`Failed to acquire lock for resource ${r}: ${c}`,i))}async unlock(n,r,t){return Dn({storeName:n,resourceId:r,lockOwner:t},["storeName","resourceId","lockOwner"],"unlock"),Rn(async()=>{this.logger.debug("Releasing lock",{storeName:n,resourceId:r,lockOwner:t});let c=await(await this.client()).lock.unlock(n,r,t);return this.logger.debug("Lock release result",{storeName:n,resourceId:r,lockOwner:t,status:this.getLockStatusName(c.status)}),{status:c.status}},(o,c)=>w0(`Failed to release lock for resource ${r}: ${o}`,c))}getLockStatusName(n){switch(n){case 0:return"Success";case 1:return"LockDoesNotExist";case 2:return"LockBelongsToOthers";default:return"InternalError"}}}var E0=b(()=>{Kr();et()});class xa{client;logger;constructor(n,r){this.client=n,this.logger=r}async publish(n,r,t={},o=_0){return Dn({topic:n,data:r,pubsubName:o},["topic","data","pubsubName"],"pubsub publish"),Rn(async()=>{this.logger.debug("Publishing message to topic",{topic:n,pubsubName:o}),await(await this.client()).pubsub.publish(o,n,r,{metadata:t.metadata,contentType:t.contentType}),this.logger.debug("Message published successfully",{topic:n,pubsubName:o})},(c,i)=>u0(`Failed to publish message to topic ${n}: ${c}`,i))}async publishBulk(n,r,t=_0){if(Dn({topic:n,messages:r,pubsubName:t},["topic","messages","pubsubName"],"pubsub publishBulk"),r.length===0)return{failedEntries:[]};return Rn(async()=>{this.logger.debug("Publishing bulk messages to topic",{topic:n,pubsubName:t,messageCount:r.length});let o=await this.client(),c=r.map((e)=>{if(typeof e==="object"&&"event"in e)return{entryID:e.entryId,event:e.event,contentType:e.contentType,metadata:e.metadata};return{event:e}}),i=await o.pubsub.publishBulk(t,n,c),a=i.failedMessages?.length||0;if(a>0)this.logger.warn("Some messages failed to publish",{topic:n,pubsubName:t,failedCount:a,totalCount:r.length});else this.logger.debug("All bulk messages published successfully",{topic:n,pubsubName:t,messageCount:r.length});return{failedEntries:(i.failedMessages||[]).map((e)=>({entryId:e.message.entryID||"",error:e.error?.message||"Unknown error"}))}},(o,c)=>u0(`Failed to publish bulk messages to topic ${n}: ${o}`,c))}createBulkPublishMessage(n,r,t,o){return{entryId:r,event:n,contentType:t,metadata:o}}}var S0=b(()=>{Jt();Kr();et()});class Pa{client;logger;constructor(n,r){this.client=n,this.logger=r}async get(n,r={},t=d0){return Dn({key:n,storeName:t},["key","storeName"],"secret get"),Rn(async()=>{this.logger.debug("Getting secret",{key:n,storeName:t});let o=await this.client(),c=r.metadata?JSON.stringify(r.metadata):void 0,i=await o.secret.get(t,n,c);return this.logger.debug("Secret retrieved",{key:n,storeName:t}),i},(o,c)=>b0(`Failed to get secret ${n}: ${o}`,c))}async getBulk(n={},r=d0){return Dn({storeName:r},["storeName"],"secret getBulk"),Rn(async()=>{this.logger.debug("Getting all secrets",{storeName:r});let o=await(await this.client()).secret.getBulk(r);return this.logger.debug("All secrets retrieved",{storeName:r,secretCount:Object.keys(o).length}),o},(t,o)=>b0(`Failed to get all secrets: ${t}`,o))}}var R0=b(()=>{Jt();Kr();et()});class Ca{client;logger;constructor(n,r){this.client=n,this.logger=r}async save(n,r={},t=jt){if(Dn({stateItems:n,storeName:t},["stateItems","storeName"],"state save"),n.length===0)return;return Rn(async()=>{this.logger.debug("Saving state items",{count:n.length,storeName:t}),await(await this.client()).state.save(t,n,r),this.logger.debug("State items saved successfully",{count:n.length,storeName:t})},(o,c)=>vo(`Failed to save state items: ${o}`,c))}async get(n,r=jt){return Dn({key:n,storeName:r},["key","storeName"],"state get"),Rn(async()=>{this.logger.debug("Getting state item",{key:n,storeName:r});let o=await(await this.client()).state.get(r,n);if(this.logger.debug("State item retrieved",{key:n,storeName:r,found:o!==void 0}),o===void 0||o===null)return;if(typeof o==="string")try{return JSON.parse(o)}catch{return o}if(typeof o==="object")return o;return o},(t,o)=>vo(`Failed to get state item ${n}: ${t}`,o))}async getBulk(n,r=jt){if(Dn({keys:n,storeName:r},["keys","storeName"],"state getBulk"),n.length===0)return{};return Rn(async()=>{this.logger.debug("Getting bulk state items",{count:n.length,storeName:r});let o=await(await this.client()).state.getBulk(r,n),c={};return o.forEach((i)=>{if(i.data!==void 0)c[i.key]=i.data}),this.logger.debug("Bulk state items retrieved",{count:n.length,found:Object.keys(c).length,storeName:r}),c},(t,o)=>vo(`Failed to get bulk state items: ${t}`,o))}async delete(n,r,t,o=jt){return Dn({key:n,storeName:o},["key","storeName"],"state delete"),Rn(async()=>{this.logger.debug("Deleting state item",{key:n,storeName:o});let c=await this.client(),i={};if(r)i.etag=r;if(t)i.metadata=t;await c.state.delete(o,n,i),this.logger.debug("State item deleted",{key:n,storeName:o})},(c,i)=>vo(`Failed to delete state item ${n}: ${c}`,i))}async transaction(n,r=jt){if(Dn({operations:n,storeName:r},["operations","storeName"],"state transaction"),n.length===0)return;return Rn(async()=>{this.logger.debug("Executing state transaction",{operationCount:n.length,storeName:r});let t=await this.client(),o=n.map((c)=>({operation:c.operation,request:{key:c.request.key,value:c.request.value,etag:c.request.etag?{value:c.request.etag}:void 0,metadata:c.request.metadata}}));await t.state.transaction(r,o),this.logger.debug("State transaction executed successfully",{operationCount:n.length,storeName:r})},(t,o)=>vo(`Failed to execute state transaction: ${t}`,o))}async query(n,r=jt){return Dn({query:n,storeName:r},["query","storeName"],"state query"),Rn(async()=>{this.logger.debug("Querying state store",{storeName:r});let o=await(await this.client()).state.query(r,n);return this.logger.debug("State query executed",{storeName:r,resultCount:o.results?.length||0}),(o.results||[]).map((c)=>c.data)},(t,o)=>vo(`Failed to query state store: ${t}`,o))}async saveItem(n,r,t={},o=jt){let c={key:n,value:r};return this.save([c],t,o)}async upsert(n,r,t={},o=jt){return this.saveItem(n,r,t,o)}}var D0=b(()=>{Jt();Kr();et()});class qa{client;logger;constructor(n,r){this.client=n,this.logger=r}async start(n,r,t={}){return Dn({workflowName:n},["workflowName"],"workflow start"),Rn(async()=>{this.logger.debug("Starting workflow",{workflowName:n,instanceId:t.instanceId||"auto-generated",workflowComponent:t.workflowComponent});let c=await(await this.client()).workflow.start(n,r,t.instanceId);return this.logger.debug("Workflow started",{workflowName:n,instanceId:c}),c},(o,c)=>$o(`Failed to start workflow ${n}: ${o}`,c))}async get(n){return Dn({instanceId:n},["instanceId"],"workflow get"),Rn(async()=>{this.logger.debug("Getting workflow instance",{instanceId:n});let t=await(await this.client()).workflow.get(n);return this.logger.debug("Workflow instance retrieved",{instanceId:n,workflowName:t.workflowName,runtimeStatus:t.runtimeStatus}),{instanceId:t.instanceID,workflowName:t.workflowName,createdAt:new Date(t.createdAt),lastUpdatedAt:new Date(t.lastUpdatedAt),runtimeStatus:t.runtimeStatus,properties:t.properties||{}}},(r,t)=>$o(`Failed to get workflow instance ${n}: ${r}`,t))}async terminate(n){return Dn({instanceId:n},["instanceId"],"workflow terminate"),Rn(async()=>{this.logger.debug("Terminating workflow instance",{instanceId:n}),await(await this.client()).workflow.terminate(n),this.logger.debug("Workflow instance terminated",{instanceId:n})},(r,t)=>$o(`Failed to terminate workflow instance ${n}: ${r}`,t))}async pause(n){return Dn({instanceId:n},["instanceId"],"workflow pause"),Rn(async()=>{this.logger.debug("Pausing workflow instance",{instanceId:n}),await(await this.client()).workflow.pause(n),this.logger.debug("Workflow instance paused",{instanceId:n})},(r,t)=>$o(`Failed to pause workflow instance ${n}: ${r}`,t))}async resume(n){return Dn({instanceId:n},["instanceId"],"workflow resume"),Rn(async()=>{this.logger.debug("Resuming workflow instance",{instanceId:n}),await(await this.client()).workflow.resume(n),this.logger.debug("Workflow instance resumed",{instanceId:n})},(r,t)=>$o(`Failed to resume workflow instance ${n}: ${r}`,t))}async purge(n){return Dn({instanceId:n},["instanceId"],"workflow purge"),Rn(async()=>{this.logger.debug("Purging workflow instance",{instanceId:n}),await(await this.client()).workflow.purge(n),this.logger.debug("Workflow instance purged",{instanceId:n})},(r,t)=>$o(`Failed to purge workflow instance ${n}: ${r}`,t))}async raiseEvent(n,r,t){return Dn({instanceId:n,eventName:r},["instanceId","eventName"],"workflow raiseEvent"),Rn(async()=>{this.logger.debug("Raising event for workflow instance",{instanceId:n,eventName:r}),await(await this.client()).workflow.raise(n,r,t),this.logger.debug("Event raised for workflow instance",{instanceId:n,eventName:r})},(o,c)=>$o(`Failed to raise event ${r} for workflow instance ${n}: ${o}`,c))}}var k0=b(()=>{Kr();et()});import{CommunicationProtocolEnum as M0,DaprClient as Y5,HttpMethod as J5,LogLevel as X5}from"@dapr/dapr";class H0{client=null;daprHost;daprPort;communicationProtocol;maxBodySizeMb;daprApiToken;logger;connectionStatus=Kt.DISCONNECTED;connectionPromise=null;constructor(n={}){this.daprHost=n.daprHost||process.env[Pd]||Gd,this.daprPort=n.daprPort||process.env[Cd]||Nd,this.communicationProtocol=n.communicationProtocol||M0.HTTP,this.maxBodySizeMb=n.maxBodySizeMb||xd,this.daprApiToken=n.daprApiToken||process.env[jd],this.logger=n.logger||Xa(),this.logger.info("DaprConnectionManager initialized",{daprHost:this.daprHost,daprPort:this.daprPort,communicationProtocol:this.communicationProtocol})}async getClient(){if(!this.client||this.connectionStatus!==Kt.CONNECTED)await this.connect();if(!this.client)throw Dc("Not connected to Dapr sidecar");return this.client}async connect(){if(this.connectionPromise)return this.connectionPromise;if(this.client&&this.connectionStatus===Kt.CONNECTED)return Promise.resolve();this.connectionStatus=Kt.CONNECTING,this.connectionPromise=this.establishConnection();try{await this.connectionPromise,this.connectionStatus=Kt.CONNECTED}catch(n){throw this.connectionStatus=Kt.ERROR,n}finally{this.connectionPromise=null}}async establishConnection(){try{this.logger.info("Connecting to Dapr sidecar",{daprHost:this.daprHost,daprPort:this.daprPort,protocol:this.communicationProtocol});let n=process.env[qd]&&this.communicationProtocol===M0.HTTP||process.env[Fd]&&this.communicationProtocol===M0.GRPC,r={communicationProtocol:this.communicationProtocol,maxBodySizeMb:this.maxBodySizeMb,logger:{level:X5.Warn}};if(!n)r.daprHost=this.daprHost,r.daprPort=this.daprPort;if(this.daprApiToken)r.daprApiToken=this.daprApiToken;await Mi(async()=>{this.client=new Y5(r)},vd,"Connection to Dapr sidecar timed out"),await this.healthCheck(),this.logger.info("Successfully connected to Dapr sidecar")}catch(n){throw this.logger.error("Failed to connect to Dapr sidecar",n),this.client=null,Dc(`Failed to connect to Dapr sidecar at ${this.daprHost}:${this.daprPort}`,n)}}async disconnect(){if(!this.client)return;try{this.logger.info("Disconnecting from Dapr sidecar"),this.client=null,this.connectionStatus=Kt.DISCONNECTED,this.logger.info("Disconnected from Dapr sidecar")}catch(n){throw this.logger.error("Error during disconnect",n),Dc("Failed to disconnect from Dapr sidecar",n)}}isConnected(){return this.client!==null&&this.connectionStatus===Kt.CONNECTED}getConnectionStatus(){return this.connectionStatus}async healthCheck(){if(!this.client)throw Dc("Not connected to Dapr sidecar");try{return await Mi(async()=>{if(!this.client)throw Dc("Not connected to Dapr sidecar");let n=await this.client.invoker.invoke("healthz","healthz",J5.GET);return{status:n.status===204?Ya.HEALTHY:Ya.UNHEALTHY,version:n.headers?.["dapr-version"]||"unknown"}},Zd,"Health check timed out")}catch(n){return this.logger.error("Health check failed",n),{status:Ya.UNHEALTHY,version:"unknown"}}}getClientConfig(){return{daprHost:this.daprHost,daprPort:this.daprPort,communicationProtocol:this.communicationProtocol,maxBodySizeMb:this.maxBodySizeMb,hasApiToken:!!this.daprApiToken,connectionStatus:this.connectionStatus}}}var nu=b(()=>{Jt();Kr();et()});var ru=()=>{};class Fa{connectionManager;logger;_state;_pubsub;_binding;_secret;_config;_invoke;_lock;_crypto;_workflow;constructor(n={}){this.logger=n.logger||Xa(),this.connectionManager=new H0(n);let r=async()=>{return this.connectionManager.getClient()};this._state=new Ca(r,this.logger),this._pubsub=new xa(r,this.logger),this._binding=new La(r,this.logger),this._secret=new Pa(r,this.logger),this._config=new Qa(r,this.logger),this._invoke=new Ga(r,this.logger),this._lock=new Na(r,this.logger),this._crypto=new Oa(r,this.logger),this._workflow=new qa(r,this.logger)}async connect(){await this.connectionManager.connect()}async disconnect(){await this.connectionManager.disconnect()}isConnected(){return this.connectionManager.isConnected()}getConnectionStatus(){return this.connectionManager.getConnectionStatus()}async healthCheck(){return this.connectionManager.healthCheck()}getClientConfig(){return this.connectionManager.getClientConfig()}get state(){return this._state}get pubsub(){return this._pubsub}get binding(){return this._binding}get secret(){return this._secret}get config(){return this._config}get invoke(){return this._invoke}get lock(){return this._lock}get crypto(){return this._crypto}get workflow(){return this._workflow}}var kD;var z0=b(()=>{m0();h0();$0();A0();E0();S0();R0();D0();k0();nu();et();m0();h0();$0();A0();E0();S0();R0();D0();k0();Jt();Kr();ru();kD=new Fa});import tu from"ioredis";class ou{client;constructor(n){this.client=n}async create(n,r,t){try{return{success:!0,data:t?await this.client.set(n,JSON.stringify(r),"EX",t):await this.client.set(n,JSON.stringify(r))}}catch(o){return{success:!1,error:o.message}}}async read(n){try{let r=await this.client.get(n);return{success:!0,data:r?JSON.parse(r):null}}catch(r){return{success:!1,error:r.message}}}async update(n,r,t=!0){try{return{success:!0,data:t?await this.client.set(n,JSON.stringify(r),"KEEPTTL"):await this.client.set(n,JSON.stringify(r))}}catch(o){return{success:!1,error:o.message}}}async remove(n){try{return{success:!0,data:await this.client.del(n)}}catch(r){return{success:!1,error:r.message}}}async exists(n){try{return{success:!0,data:await this.client.exists(n)===1}}catch(r){return{success:!1,error:r.message}}}getClient(){return this.client}}class cu{storeName;dapr;constructor(n){this.storeName=n;this.dapr=new Fa}async create(n,r,t){try{let o=t?{ttlInSeconds:String(t)}:void 0;return await this.dapr.state.save([{key:n,value:r,metadata:o}],void 0,this.storeName),{success:!0,data:"OK"}}catch(o){return{success:!1,error:o.message}}}async read(n){try{return{success:!0,data:await this.dapr.state.get(n,this.storeName)??null}}catch(r){return{success:!1,error:r.message}}}async update(n,r,t=!0){try{return await this.dapr.state.save([{key:n,value:r}],void 0,this.storeName),{success:!0,data:"OK"}}catch(o){return{success:!1,error:o.message}}}async remove(n){try{return await this.dapr.state.delete(n,void 0,void 0,this.storeName),{success:!0,data:1}}catch(r){return{success:!1,error:r.message}}}async exists(n){try{let r=await this.dapr.state.get(n,this.storeName);return{success:!0,data:r!==void 0&&r!==null}}catch(r){return{success:!1,error:r.message}}}}class tr{static instance=null;store;directClient=null;useDapr;constructor(n){if(tr.instance){this.store=tr.instance.store,this.directClient=tr.instance.directClient,this.useDapr=tr.instance.useDapr;return}if(!n)throw Error("Redis config must be provided for first initialization.");if(L5(n),this.useDapr=n.withDapr??!1,n.withDapr)this.store=new cu(n.stateStoreName??"statestore");else{let r=n.url?new tu(n.url):new tu({host:n.host,port:n.port});this.directClient=r,this.store=new ou(r)}tr.instance=this}async create(n,r,t){return this.store.create(n,r,t)}async read(n){return this.store.read(n)}async update(n,r,t=!0){return this.store.update(n,r,t)}async remove(n){return this.store.remove(n)}async exists(n){return this.store.exists(n)}async keys(n){if(this.useDapr||!this.directClient)return console.warn("[RedisManager] keys() not supported in Dapr mode"),[];try{return await this.directClient.keys(n)}catch(r){return console.error("[Redis] Keys error:",r.message),[]}}async acquireLock(n,r=10){if(this.useDapr||!this.directClient){let t=await this.exists(n);if(!t.success)return{success:!1,error:t.error};if(t.data)return{success:!0,data:!1};if((await this.create(n,"1",r)).success)return{success:!0,data:!0};return{success:!1,error:"Failed to acquire lock"}}try{return{success:!0,data:await this.directClient.set(n,"1","EX",r,"NX")==="OK"}}catch(t){return{success:!1,error:t.message}}}async releaseLock(n){return this.remove(n)}async waitForLock(n,r=5000,t=50){let o=Date.now();while(Date.now()-o<r){let c=await this.exists(n);if(!c.success)return{success:!1,error:c.error};if(!c.data)return{success:!0,data:!0};await new Promise((i)=>setTimeout(i,t))}return{success:!0,data:!1}}async getOrWait(n,r=5000,t=50){let o=Date.now();while(Date.now()-o<r){let c=await this.read(n);if(!c.success)return{success:!1,error:c.error};if(c.data!==null)return{success:!0,data:c.data};await new Promise((i)=>setTimeout(i,t))}return{success:!0,data:null}}}var L5=(n)=>{if(!n)throw Error("Redis config must be provided.");if(n.withDapr){if(!n.stateStoreName)throw Error("Dapr mode requires stateStoreName.");return}let r=Boolean(n.url),t=Boolean(n.host)&&typeof n.port==="number";if(!r&&!t)throw Error("Redis config requires either url or host and port.")};var vt=b(()=>{z0()});var B0=b(()=>{vt()});var U0=b(()=>{vt();Ko()});var W0=b(()=>{vt();Ko();B0()});var au=b(()=>{W0()});var eu=b(()=>{B0();U0();W0();au()});var su=86400,Ao=(n)=>`session:${n}`,ja=(n)=>JSON.stringify(n),fu=(n)=>{if(!n)return null;if(typeof n==="object")return n;try{return JSON.parse(n)}catch{return null}};var Ka=async(n)=>{let r=new tr,t=Ao(n.sessionId),o=await r.remove(t);return o.success&&o.data>0};var va=b(()=>{vt()});import Q5 from"crypto";var lu=async(n)=>{let r=new tr,t=n.sessionId??Q5.randomUUID(),o=Date.now(),c=(n.expiresInSeconds??su)*1000,i=new Date(o).toISOString(),a={id:t,userId:n.userId,createdAt:i,expiresAt:new Date(o+c).toISOString(),lastActiveAt:i,clientMeta:n.clientMeta,fingerprintHash:n.fingerprintHash,deviceInfo:n.deviceInfo,refreshTokenHash:n.refreshTokenHash,loginMethod:n.loginMethod,rememberMe:n.rememberMe},e=await r.create(Ao(t),ja(a));if(!e.success)return{success:!1,error:e.error};return{success:!0,session:a}};var V0=b(()=>{vt()});var _u=b(()=>{Ko();U0();va();V0()});var du=b(()=>{_u()});var Zo=async(n)=>{let r=new tr,t=Ao(n.sessionId),o=await r.read(t);if(!o.success||!o.data)return null;let c=fu(o.data);if(!c)return null;if(new Date(c.expiresAt).getTime()<=Date.now())return await Ka({sessionId:n.sessionId}),null;return c};var Za=b(()=>{vt();va()});var uu=async(n)=>{let r=await Zo({sessionId:n.sessionId});if(!r)return{success:!1,error:"Session not found"};let t={...r,...n.updates,lastActiveAt:n.updates.lastActiveAt??new Date().toISOString()},c=await new tr().create(Ao(n.sessionId),ja(t));if(!c.success)return{success:!1,error:c.error};return{success:!0,session:t}},Y0=async(n)=>{return uu({sessionId:n,updates:{lastActiveAt:new Date().toISOString()}})};var bu=b(()=>{vt();Za()});var O5=async(n)=>{let r=ho(n.jwtToken,n.jwtSecret);if(!r.valid)return{isValid:!1,reason:r.error};let t=await Zo({sessionId:n.sessionId});if(!t)return{isValid:!1,reason:"Session not found"};let o;if(n.savedFingerprint&&n.headers&&n.requestIp){let c={};for(let[a,e]of Object.entries(n.headers))if(e!==void 0)c[a]=e;let i=Md({savedFingerprint:n.savedFingerprint,headers:c,requestIp:n.requestIp});if(o=i.isValid,!i.isValid)return{isValid:!1,reason:i.reason??"Fingerprint mismatch"}}return{isValid:!0,context:{userId:t.userId,sessionId:t.id,fingerprintValid:o}}};var gu=b(()=>{s0();Ko();Za()});var wu={};go(wu,{validateSession:()=>O5,updateSession:()=>uu,updateLastActiveAt:()=>Y0,readSession:()=>Zo,generateSession:()=>lu,deleteSession:()=>Ka});var J0=b(()=>{va();V0();Za();bu();gu()});var mu=b(()=>{Hd();Ko();Od();eu();du();J0()});import{eq as G5}from"drizzle-orm";function zi(n,r,t,o,c,i){let a=[n.toLowerCase()];if(i)a.push("bulk");if(a.push(r),o){if(a.push("with"),a.push(o),c)a.push(c)}else if(t)a.push(t);return a.join(".")}function Bi(n,r,t){if(r)return`/${n}/bulk`;if(t)return`/${n}/:id`;return`/${n}`}function P5(n,r,t){let o=[],c=n.table_name,i=n.excluded_methods||[];for(let a of N5){if(i.includes(a))continue;let e=a==="PUT"||a==="PATCH"||a==="DELETE";if(o.push({action:zi(a,c),description:`${a} access to ${c}`,path:Bi(c,!1,e&&a!=="DELETE"),method:a}),a==="GET"&&n.columns){for(let f of n.columns){if(r.skipColumns.includes(f.name))continue;o.push({action:zi(a,c,f.name),description:`${a} access to ${c}.${f.name}`,path:Bi(c),method:a})}let s=`${c}Relations`;if(t[s]){let f=t[s];if(f?.config?.referencedTable?._?.name){let d=f.config.referencedTable._.name;o.push({action:zi(a,c,void 0,d),description:`${a} access to ${c} with ${d}`,path:Bi(c),method:a})}}}if(a==="POST"||a==="PUT"||a==="PATCH"){if(n.columns)for(let s of n.columns){if(r.skipColumns.includes(s.name))continue;o.push({action:zi(a,c,s.name),description:`${a} access to ${c}.${s.name}`,path:Bi(c,!1,a!=="POST"),method:a})}}}for(let a of x5){if(i.includes(a))continue;o.push({action:zi(a,c,void 0,void 0,void 0,!0),description:`Bulk ${a} access to ${c}`,path:Bi(c,!0),method:a})}return o}async function hu(n,r,t,o,c,i){let a=r.claims;if(!a)return i.warn("[Authorization] Claims table not found in schema"),{total:0,created:0,existing:0,claims:[]};let e=[];for(let w of o){if(c.skipTables.includes(w.table_name))continue;let g=P5(w,c,t);e.push(...g)}let s=e.filter((w,g,u)=>g===u.findIndex((m)=>m.action===w.action)),f=0,d=0,l=[];for(let w of s)try{if((await n.select().from(a).where(G5(a.action,w.action)).limit(1)).length===0)await n.insert(a).values(w),f++,l.push(w.action),i.debug(`[Authorization] Created claim: ${w.action}`);else d++}catch(g){i.error(`[Authorization] Failed to create claim: ${w.action}`,g)}return i.info(`[Authorization] Claims seeded: ${f} created, ${d} existing, ${s.length} total`),{total:s.length,created:f,existing:d,claims:l}}var N5,x5;var $u=b(()=>{N5=["GET","POST","PUT","PATCH","DELETE"],x5=["POST","PUT","DELETE"]});var{password:C5}=globalThis.Bun;import{eq as X0}from"drizzle-orm";async function Au(n,r,t,o){if(!t.godminEmail||!t.godminPassword)return o.warn("[Authorization] Godmin email or password not configured, skipping godmin setup"),{success:!1};let{roles:c,users:i,userRoles:a}=r;if(!c||!i||!a)return o.error("[Authorization] Required tables not found for godmin setup"),{success:!1};try{let e,s=await n.select().from(c).where(X0(c.name,L0)).limit(1);if(s.length===0){let[g]=await n.insert(c).values({name:L0,description:"God mode administrator - bypasses all authorization checks"}).returning();e=g.id,o.info(`[Authorization] Created godmin role: ${e}`)}else e=s[0].id,o.debug(`[Authorization] Godmin role already exists: ${e}`);let f,d=await n.select().from(i).where(X0(i.email,t.godminEmail)).limit(1);if(d.length===0){let g=await C5.hash(t.godminPassword,{algorithm:"bcrypt",cost:10}),[u]=await n.insert(i).values({email:t.godminEmail,password:g,verifiedAt:new Date,isActive:!0}).returning();f=u.id,o.info(`[Authorization] Created godmin user: ${f}`)}else f=d[0].id,o.debug(`[Authorization] Godmin user already exists: ${f}`);if(!(await n.select().from(a).where(X0(a.userId,f)).limit(1)).some((g)=>g.roleId===e))await n.insert(a).values({userId:f,roleId:e}),o.info(`[Authorization] Assigned godmin role to user: ${f}`);return{success:!0,userId:f,roleId:e}}catch(e){return o.error("[Authorization] Failed to setup godmin",e),{success:!1}}}function Q0(n){return n===L0}var L0="godmin";var O0=()=>{};import{eq as G0,inArray as q5}from"drizzle-orm";function F5(n){return n.startsWith(Ru)}function j5(n){return{field:n.slice(Ru.length)}}function Eu(n){if(!n)return{};let r=new URLSearchParams(n),t={};for(let[o,c]of r.entries())if(F5(c))t[o]=j5(c);else t[o]=c;return t}function Su(n,r,t){let o={};for(let[c,i]of Object.entries(n))if(typeof i==="object"&&"field"in i){if(!r){t.warn(`[Authorization] Cannot resolve self:${i.field} - userData not provided`);continue}let a=i.field,e=a.replace(/_([a-z])/g,(f,d)=>d.toUpperCase()),s;if(a in r)s=r[a];else if(e in r)s=r[e];else{t.warn(`[Authorization] Cannot resolve self:${a} - field not found in userData`);continue}o[c]=s,t.debug(`[Authorization] Resolved self:${a} -> ${s}`)}else o[c]=i;return o}function kc(n,r,t,o){let c=[n.toLowerCase(),r];if(o)c.push("with",o);else if(t)c.push(t);return c.join(".")}function Mc(n,r){if(n===r)return!0;let t=n.split("."),o=r.split(".");if(t.length>o.length)return!1;for(let c=0;c<t.length;c++)if(t[c]!==o[c])return!1;return!0}async function pa(n){let{userId:r,method:t,entity:o,requestedFields:c,requestedRelations:i,db:a,schemaTables:e,logger:s,userData:f}=n,d=e.roles,l=e.userRoles,w=e.roleClaims,g=e.claims;if(!d||!l||!w||!g)return s.error("[Authorization] Required tables not found"),{authorized:!1,reason:"Authorization tables not configured"};try{let u=l,m=d,_=await a.select({roleId:u.roleId,roleName:m.name}).from(l).innerJoin(d,G0(u.roleId,m.id)).where(G0(u.userId,r));if(_.length===0)return{authorized:!1,reason:"User has no roles assigned"};if(_.some((L)=>Q0(L.roleName)))return s.debug(`[Authorization] User ${r} has godmin role, bypassing checks`),{authorized:!0};let h=_.map((L)=>L.roleId),E=w,V=g,Y=await a.select({claimAction:V.action,scope:E.scope}).from(w).innerJoin(g,G0(E.claimId,V.id)).where(q5(E.roleId,h));if(Y.length===0)return{authorized:!1,reason:"User roles have no claims assigned"};let H=kc(t,o);if(!Y.some((L)=>Mc(L.claimAction,H)))return{authorized:!1,reason:`No access to ${t} ${o}`};let R=[],$=[],A={},M=!1;for(let L of Y)if(L.claimAction===H){M=!0;let B=Eu(L.scope),W=Su(B,f,s);Object.assign(A,W)}if(M)return{authorized:!0,scopeFilters:Object.keys(A).length>0?A:void 0};if(c)for(let L of c){let O=kc(t,o,L);if(Y.some((W)=>Mc(W.claimAction,O)))R.push(L)}if(i)for(let L of i){let O=kc(t,o,void 0,L);if(Y.some((W)=>Mc(W.claimAction,O)))$.push(L)}for(let L of Y){let O=Eu(L.scope),B=Su(O,f,s);Object.assign(A,B)}if(!(R.length>0||$.length>0)&&(c?.length||i?.length))return{authorized:!1,reason:"No access to requested fields or relations"};return{authorized:!0,allowedFields:R.length>0?R:void 0,allowedRelations:$.length>0?$:void 0,scopeFilters:Object.keys(A).length>0?A:void 0}}catch(u){return s.error("[Authorization] Check failed",u),{authorized:!1,reason:"Authorization check failed"}}}function Du(n){let{userClaims:r,userRoles:t,method:o,entity:c,requestedFields:i,requestedRelations:a,logger:e}=n;if(r.length===0&&t.length===0)return{authorized:!1,reason:"No roles or claims in token"};if(t.some((g)=>Q0(g)))return e.debug("[Authorization:JWT] User has godmin role, bypassing checks"),{authorized:!0};let s=kc(o,c);if(r.some((g)=>Mc(g,s)))return{authorized:!0};let d=[],l=[];if(i)for(let g of i){let u=kc(o,c,g);if(r.some((m)=>Mc(m,u)))d.push(g)}if(a)for(let g of a){let u=kc(o,c,void 0,g);if(r.some((m)=>Mc(m,u)))l.push(g)}if(!(d.length>0||l.length>0)&&(i?.length||a?.length))return{authorized:!1,reason:`No access to ${o} ${c}`};return{authorized:!0,allowedFields:d.length>0?d:void 0,allowedRelations:l.length>0?l:void 0}}async function ku(n){let{idpUrl:r,accessToken:t,method:o,entity:c,requestedFields:i,requestedRelations:a,logger:e}=n;try{let s=await fetch(`${r}/auth/check`,{method:"POST",headers:{"Content-Type":"application/json",Cookie:`access_token=${t}`},body:JSON.stringify({entity:c,method:o,fields:i,relations:a})});if(!s.ok)return e.warn(`[Authorization:IDP] IDP /auth/check returned ${s.status}`),{authorized:!1,reason:`IDP authorization check failed (${s.status})`};return await s.json()}catch(s){let f=s instanceof Error?s.message:String(s);return e.error(`[Authorization:IDP] Failed to reach IDP: ${f}`),{authorized:!1,reason:"IDP authorization service unavailable"}}}function Ia(n,r){if(!r||r.length===0)return n;let o=[...new Set([...["id"],...r])],c=(i)=>{let a={};for(let e of o)if(e in i)a[e]=i[e];return a};if(Array.isArray(n))return n.map(c);return c(n)}function Mu(n,r){if(!r)return n;let t=(o)=>{let c={...o};for(let i of Object.keys(c))if(typeof c[i]==="object"&&c[i]!==null&&!r.includes(i))delete c[i];return c};if(Array.isArray(n))return n.map(t);return t(n)}var Ru="self:";var N0=b(()=>{O0()});var Hu;var zu=b(()=>{Hu={enabled:!1,autoSeedClaims:!0,skipTables:["audit_logs"],skipColumns:["id","created_at","updated_at","is_active","password","version"],excludedPaths:["/health","/swagger"],publicPaths:["/auth/login","/auth/register"]}});var x0=b(()=>{$u();O0();N0();zu()});function K5(n){let r=n.match(/^(\d+)(s|m|h|d)$/);if(!r||!r[1]||!r[2])return 300;let t=Number.parseInt(r[1],10);switch(r[2]){case"s":return t;case"m":return t*60;case"h":return t*3600;case"d":return t*86400;default:return 300}}function v5(){let n=new Uint8Array(24);return crypto.getRandomValues(n),Array.from(n).map((r)=>r.toString(16).padStart(2,"0")).join("")}function Bu(n){let r=new Bun.CryptoHasher("sha256");return r.update(n),r.digest("hex")}function Z5(n,r){if(n.length!==r.length){let a=new Uint8Array(32);return crypto.getRandomValues(a),!1}let t=new TextEncoder,o=t.encode(n),c=t.encode(r),i=0;for(let a=0;a<o.length;a++)i|=(o[a]??0)^(c[a]??0);return i===0}function po(n,r){let t=r-n+1,o=Math.ceil(Math.log2(t)/8)||1,c=256**o,i=c-c%t,a,e=new Uint8Array(o);do crypto.getRandomValues(e),a=e.reduce((s,f,d)=>s+f*256**d,0);while(a>=i);return n+a%t}function Uu(n){let r=P0[n],{min:t,max:o}=r.mathRange,c=["+","-","\xD7"],i=c[po(0,c.length-1)],a=po(t,o),e=po(t,o),s;switch(i){case"+":s=a+e;break;case"-":if(a<e)[a,e]=[e,a];s=a-e;break;case"\xD7":a=po(1,12),e=po(1,12),s=a*e;break;default:s=a+e}return{question:`${a} ${i} ${e} = ?`,answer:s.toString()}}function Wu(n){let r=P0[n],t="";for(let o=0;o<r.textLength;o++)t+="ABCDEFGHJKLMNPQRSTUVWXYZ23456789".charAt(po(0,31));return{question:t,answer:t}}function p5(n){let r=Wu(n),t=200,o=60,c=I5(r.answer,200,60),i=`data:image/svg+xml;base64,${Buffer.from(c).toString("base64")}`;return{question:"Enter the text shown in the image",answer:r.answer,imageData:i}}function bn(){let n=new Uint32Array(1);return crypto.getRandomValues(n),(n[0]??0)/4294967295}function I5(n,r,t){let o=240+bn()*15,c=240+bn()*15,i=240+bn()*15,a=`rgb(${o}, ${c}, ${i})`,e="";for(let u=0;u<12;u++){let m=bn()*r,_=bn()*t,S=bn()*r,h=bn()*t,E=bn()*100+100,V=bn()*100+100,Y=bn()*100+100,H=1+bn()*2;e+=`<line x1="${m}" y1="${_}" x2="${S}" y2="${h}" stroke="rgb(${E},${V},${Y})" stroke-width="${H}"/>`}let s="";for(let u=0;u<4;u++){let m=bn()*r,_=bn()*t,S=bn()*r,h=bn()*t,E=bn()*r,V=bn()*t,Y=bn()*r,H=bn()*t,D=bn()*80+80,R=bn()*80+80,$=bn()*80+80;s+=`<path d="M${m},${_} C${S},${h} ${E},${V} ${Y},${H}" stroke="rgb(${D},${R},${$})" stroke-width="2" fill="none"/>`}let f="";for(let u=0;u<80;u++){let m=bn()*r,_=bn()*t,S=bn()*150+50,h=bn()*150+50,E=bn()*150+50,V=bn()*3+1;f+=`<circle cx="${m}" cy="${_}" r="${V}" fill="rgb(${S},${h},${E})"/>`}let d="",l=r/(n.length+2),w=l;for(let u=0;u<n.length;u++){let m=w+u*l+(bn()-0.5)*15,_=t/2+8+(bn()-0.5)*12,S=(bn()-0.5)*40,h=22+bn()*10,E=bn()*80,V=bn()*80,Y=bn()*80,H=(bn()-0.5)*15,D=0.9+bn()*0.3;d+=`<text x="${m}" y="${_}" font-family="Arial, Helvetica, sans-serif" font-size="${h}" font-weight="bold" fill="rgb(${E},${V},${Y})" transform="rotate(${S}, ${m}, ${_}) skewX(${H}) scale(1, ${D})" style="font-style: ${bn()>0.5?"italic":"normal"}">${n[u]}</text>`}let g="";for(let u=0;u<3;u++){let m=10+bn()*(t-20),_=bn()*60+60,S=bn()*60+60,h=bn()*60+60;g+=`<line x1="0" y1="${m}" x2="${r}" y2="${m+(bn()-0.5)*20}" stroke="rgb(${_},${S},${h})" stroke-width="1.5"/>`}return`<svg xmlns="http://www.w3.org/2000/svg" width="${r}" height="${t}" viewBox="0 0 ${r} ${t}">
 		<defs>
 			<filter id="noise" x="0%" y="0%" width="100%" height="100%">
 				<feTurbulence type="fractalNoise" baseFrequency="0.04" numOctaves="2" result="noise"/>
@@ -57,7 +57,7 @@ var p2=Object.create;var{getPrototypeOf:I2,defineProperty:hi,getOwnPropertyNames
 				</div>
 			</body>
 			</html>
-		`}getActiveAlerts(){return Array.from(this.state.activeAlerts.values())}acknowledgeAlert(n){for(let[r,t]of this.state.activeAlerts)if(t.id===n)return t.acknowledged=!0,!0;return!1}clearAlert(n){this.state.activeAlerts.delete(n)}}class j0{config;requestCount=0;responseTimes=[];errorCount=0;rateLimitBlocks=0;byEndpoint={};byMethod={};byStatus={};byErrorType={};lastCollectTime=Date.now();constructor(n){this.config=n}recordRequest(n){if(!this.config?.enabled)return;if(this.requestCount++,this.config.metrics?.responseTime!==!1){if(this.responseTimes.push(n.responseTimeMs),this.responseTimes.length>1e4)this.responseTimes=this.responseTimes.slice(-5000)}if(this.config.metrics?.requests!==!1)this.byEndpoint[n.endpoint]=(this.byEndpoint[n.endpoint]||0)+1,this.byMethod[n.method]=(this.byMethod[n.method]||0)+1,this.byStatus[String(n.status)]=(this.byStatus[String(n.status)]||0)+1;if(this.config.metrics?.errors!==!1&&n.isError){if(this.errorCount++,n.errorType)this.byErrorType[n.errorType]=(this.byErrorType[n.errorType]||0)+1}}recordRateLimitBlock(){if(!this.config?.enabled||this.config.metrics?.rateLimits===!1)return;this.rateLimitBlocks++}collect(){if(!this.config?.enabled)return null;let r=(Date.now()-this.lastCollectTime)/1000/60,t=r>0?Math.round(this.requestCount/r):0,o=r>0?Math.round(this.rateLimitBlocks/r):0,c=[...this.responseTimes].sort((e,s)=>e-s),i=c.length;return{requests:{total:this.requestCount,perMinute:t,byEndpoint:{...this.byEndpoint},byMethod:{...this.byMethod},byStatus:{...this.byStatus}},responseTime:{avg:i>0?Math.round(c.reduce((e,s)=>e+s,0)/i*100)/100:0,min:i>0?c[0]??0:0,max:i>0?c[i-1]??0:0,p50:i>0?c[Math.floor(i*0.5)]??0:0,p95:i>0?c[Math.floor(i*0.95)]??0:0,p99:i>0?c[Math.floor(i*0.99)]??0:0},errors:{total:this.errorCount,rate:this.requestCount>0?Math.round(this.errorCount/this.requestCount*100*100)/100:0,byType:{...this.byErrorType}},rateLimits:{blocked:this.rateLimitBlocks,blockedPerMinute:o}}}reset(){this.requestCount=0,this.responseTimes=[],this.errorCount=0,this.rateLimitBlocks=0,this.byEndpoint={},this.byMethod={},this.byStatus={},this.byErrorType={},this.lastCollectTime=Date.now()}getRequestsPerMinute(){let n=(Date.now()-this.lastCollectTime)/1000/60;return n>0?Math.round(this.requestCount/n):0}getErrorRate(){return this.requestCount>0?this.errorCount/this.requestCount*100:0}getRateLimitBlocksPerMinute(){let n=(Date.now()-this.lastCollectTime)/1000/60;return n>0?Math.round(this.rateLimitBlocks/n):0}getAvgResponseTime(){if(this.responseTimes.length===0)return 0;return this.responseTimes.reduce((n,r)=>n+r,0)/this.responseTimes.length}}import*as Lu from"fs";import*as Eo from"os";class K0{config;lastCpuInfo=null;constructor(n){this.config=n}async collect(){if(!this.config?.enabled)return null;let n={cpu:{usage:0,cores:0},memory:{total:0,used:0,free:0,usagePercent:0,heapUsed:0,heapTotal:0},disk:{total:0,used:0,free:0,usagePercent:0},network:{bytesIn:0,bytesOut:0},process:{uptime:0,pid:0,eventLoopLag:0}};if(this.config.metrics?.cpu!==!1)n.cpu=this.collectCpu();if(this.config.metrics?.memory!==!1)n.memory=this.collectMemory();if(this.config.metrics?.disk!==!1)n.disk=await this.collectDisk();if(this.config.metrics?.network)n.network=this.collectNetwork();if(this.config.metrics?.process!==!1)n.process=await this.collectProcess();return n}collectCpu(){let n=Eo.cpus(),r=n.length,t=0,o=0;for(let i of n)t+=i.times.idle,o+=i.times.user+i.times.nice+i.times.sys+i.times.idle+i.times.irq;let c=0;if(this.lastCpuInfo){let i=t-this.lastCpuInfo.idle,a=o-this.lastCpuInfo.total;c=a>0?Math.round((1-i/a)*100*100)/100:0}return this.lastCpuInfo={idle:t,total:o},{usage:c,cores:r}}collectMemory(){let n=Eo.totalmem(),r=Eo.freemem(),t=n-r,o=Math.round(t/n*100*100)/100,c=process.memoryUsage();return{total:n,used:t,free:r,usagePercent:o,heapUsed:c.heapUsed,heapTotal:c.heapTotal}}async collectDisk(){try{let n=Lu.statfsSync("/"),r=n.blocks*n.bsize,t=n.bfree*n.bsize,o=r-t,c=Math.round(o/r*100*100)/100;return{total:r,used:o,free:t,usagePercent:c}}catch{return{total:0,used:0,free:0,usagePercent:0}}}collectNetwork(){let n=Eo.networkInterfaces(),r=0,t=0;for(let o in n){let c=n[o];if(c){for(let i of c)if(!i.internal)r+=0,t+=0}}return{bytesIn:r,bytesOut:t}}async collectProcess(){let n=process.uptime(),r=process.pid,t=Date.now(),o=await new Promise((c)=>{setImmediate(()=>{c(Date.now()-t)})});return{uptime:n,pid:r,eventLoopLag:o}}}var Qu=()=>{};import{randomUUID as Ou}from"crypto";import*as Gu from"os";class Ta{store;memoryInterval=null;cpuInterval=null;lastCpuInfo=null;isRunning=!1;constructor(n){let r={...T5,...n};this.store={requests:[],configs:{logMemory:r.logMemory,logCpu:r.logCpu,logDapr:r.logDapr,logWebSocket:r.logWebSocket,cpuLogInterval:r.cpuLogInterval,memoryLogInterval:r.memoryLogInterval},logs:{memory:[],cpu:[],dapr:[],ws:[]},logLimits:{memory:r.memoryLogLimit,cpu:r.cpuLogLimit,dapr:r.daprLogLimit,ws:r.wsLogLimit,request:r.requestLogLimit},worker:{pid:process.pid,workerId:null,memory:null,cpu:null,updatedAt:Date.now()},allWorkers:[],daprEvents:[],wsEvents:[]}}start(){if(this.isRunning)return;if(this.isRunning=!0,this.store.configs.logMemory)this.startMemoryCollector();if(this.store.configs.logCpu)this.startCpuCollector()}stop(){if(!this.isRunning)return;if(this.isRunning=!1,this.memoryInterval)clearInterval(this.memoryInterval),this.memoryInterval=null;if(this.cpuInterval)clearInterval(this.cpuInterval),this.cpuInterval=null}startMemoryCollector(){if(this.memoryInterval)clearInterval(this.memoryInterval);let n=()=>{if(!this.store.configs.logMemory)return;let r=process.memoryUsage(),t={timestamp:Date.now(),rss:r.rss,heapUsed:r.heapUsed,heapTotal:r.heapTotal};if(this.store.logs.memory.push(t),this.store.logs.memory.length>this.store.logLimits.memory*2)this.store.logs.memory=this.store.logs.memory.slice(-this.store.logLimits.memory);this.store.worker.memory=t,this.store.worker.updatedAt=Date.now()};n(),this.memoryInterval=setInterval(n,this.store.configs.memoryLogInterval)}startCpuCollector(){if(this.cpuInterval)clearInterval(this.cpuInterval);let n=()=>{if(!this.store.configs.logCpu)return;let r=Gu.cpus(),t=0,o=0,c=0,i=0;for(let f of r)t+=f.times.user,o+=f.times.sys,c+=f.times.idle,i+=f.times.user+f.times.nice+f.times.sys+f.times.idle+f.times.irq;let a=0,e=0;if(this.lastCpuInfo){let f=i-this.lastCpuInfo.total,d=c-this.lastCpuInfo.idle;if(f>0){let l=f-d;a=Math.round((t-0)/(l||1)*100*100)/100,e=Math.round((o-0)/(l||1)*100*100)/100;let w=Math.round((1-d/f)*100*100)/100;a=Math.round(w*0.7*100)/100,e=Math.round(w*0.3*100)/100}}this.lastCpuInfo={idle:c,total:i};let s={timestamp:Date.now(),user:a,system:e};if(this.store.logs.cpu.push(s),this.store.logs.cpu.length>this.store.logLimits.cpu*2)this.store.logs.cpu=this.store.logs.cpu.slice(-this.store.logLimits.cpu);this.store.worker.cpu=s,this.store.worker.updatedAt=Date.now()};n(),this.cpuInterval=setInterval(n,this.store.configs.cpuLogInterval)}recordRequest(n){if(this.store.requests.push(n),this.store.requests.length>this.store.logLimits.request*2)this.store.requests=this.store.requests.slice(-this.store.logLimits.request)}recordDaprEvent(n,r){if(!this.store.configs.logDapr)return;let t={id:Ou(),type:n,timestamp:Date.now(),...r};if(this.store.logs.dapr.push(t),this.store.daprEvents.push(t),this.store.logs.dapr.length>this.store.logLimits.dapr*2)this.store.logs.dapr=this.store.logs.dapr.slice(-this.store.logLimits.dapr);if(this.store.daprEvents.length>this.store.logLimits.dapr*2)this.store.daprEvents=this.store.daprEvents.slice(-this.store.logLimits.dapr)}recordWsEvent(n,r){if(!this.store.configs.logWebSocket)return;let t={id:Ou(),type:n,timestamp:Date.now(),...r};if(this.store.logs.ws.push(t),this.store.wsEvents.push(t),this.store.logs.ws.length>this.store.logLimits.ws*2)this.store.logs.ws=this.store.logs.ws.slice(-this.store.logLimits.ws);if(this.store.wsEvents.length>this.store.logLimits.ws*2)this.store.wsEvents=this.store.wsEvents.slice(-this.store.logLimits.ws)}getSnapshot(){return{memory:this.store.logs.memory.slice(-this.store.logLimits.memory),cpu:this.store.logs.cpu.slice(-this.store.logLimits.cpu),requests:this.store.requests.slice(-this.store.logLimits.request),dapr:this.store.logs.dapr.slice(-this.store.logLimits.dapr),ws:this.store.logs.ws.slice(-this.store.logLimits.ws),workers:this.store.allWorkers.length?this.store.allWorkers:[this.store.worker],logLimits:{...this.store.logLimits},configs:{...this.store.configs}}}getUpdatesSince(n){let r=this.store.logs.memory.filter((e)=>e.timestamp>n.memory),t=this.store.logs.cpu.filter((e)=>e.timestamp>n.cpu),o=this.store.requests.filter((e)=>e.timestamp>n.request),c=this.store.logs.dapr.filter((e)=>e.timestamp>n.dapr),i=this.store.logs.ws.filter((e)=>e.timestamp>n.ws);if(!(r.length>0||t.length>0||o.length>0||c.length>0||i.length>0))return null;return{memory:r,cpu:t,requests:o,dapr:c,ws:i,timestamp:Date.now()}}getLogs(){return{memory:this.store.logs.memory,cpu:this.store.logs.cpu,requests:this.store.requests,dapr:this.store.logs.dapr,ws:this.store.logs.ws,daprEvents:this.store.daprEvents,wsEvents:this.store.wsEvents,configs:{logMemory:this.store.configs.logMemory,logCpu:this.store.configs.logCpu,logDapr:this.store.configs.logDapr,logWebSocket:this.store.configs.logWebSocket},limits:{...this.store.logLimits}}}getSettings(){return{configs:{...this.store.configs},logLimits:{...this.store.logLimits}}}changeSettings(n){if(n.logMemory!==void 0)this.store.configs.logMemory=n.logMemory;if(n.logCpu!==void 0)this.store.configs.logCpu=n.logCpu;if(n.logDapr!==void 0)this.store.configs.logDapr=n.logDapr;if(n.logWebSocket!==void 0)this.store.configs.logWebSocket=n.logWebSocket;if(n.cpuLogInterval!==void 0){if(this.store.configs.cpuLogInterval=n.cpuLogInterval,this.isRunning&&this.store.configs.logCpu)this.startCpuCollector()}if(n.memoryLogInterval!==void 0){if(this.store.configs.memoryLogInterval=n.memoryLogInterval,this.isRunning&&this.store.configs.logMemory)this.startMemoryCollector()}if(n.memoryLogLimit!==void 0)this.store.logLimits.memory=n.memoryLogLimit;if(n.cpuLogLimit!==void 0)this.store.logLimits.cpu=n.cpuLogLimit;if(n.daprLogLimit!==void 0)this.store.logLimits.dapr=n.daprLogLimit;if(n.wsLogLimit!==void 0)this.store.logLimits.ws=n.wsLogLimit;if(n.requestLogLimit!==void 0)this.store.logLimits.request=n.requestLogLimit;return{message:"Settings updated successfully",configs:{...this.store.configs},logLimits:{...this.store.logLimits}}}getStore(){return this.store}isEnabled(){return this.isRunning}}var T5;var Nu=b(()=>{T5={enabled:!0,logMemory:!0,logCpu:!0,logDapr:!0,logWebSocket:!0,memoryLogInterval:1000,cpuLogInterval:1000,memoryLogLimit:100,cpuLogLimit:100,daprLogLimit:100,wsLogLimit:100,requestLogLimit:100,streamInterval:150}});class v0{redis;logger;config;appId;flushToDb;systemCollector;applicationCollector;alertService;collectInterval=null;flushInterval=null;pendingMetrics=[];isRunning=!1;constructor(n){this.redis=n.redis,this.logger=n.logger,this.config=this.mergeConfig(n.config),this.appId=n.appId,this.flushToDb=n.flushToDb,this.systemCollector=new K0(this.config.system),this.applicationCollector=new j0(this.config.application),this.alertService=new ya({logger:n.logger,gmail:n.gmail,config:this.config,appId:n.appId})}mergeConfig(n){return{enabled:n.enabled??Un.enabled,system:{enabled:n.system?.enabled??Un.system.enabled,collectInterval:n.system?.collectInterval??Un.system.collectInterval,metrics:{cpu:n.system?.metrics?.cpu??Un.system.metrics.cpu,memory:n.system?.metrics?.memory??Un.system.metrics.memory,disk:n.system?.metrics?.disk??Un.system.metrics.disk,network:n.system?.metrics?.network??Un.system.metrics.network,process:n.system?.metrics?.process??Un.system.metrics.process}},application:{enabled:n.application?.enabled??Un.application.enabled,metrics:{requests:n.application?.metrics?.requests??Un.application.metrics.requests,responseTime:n.application?.metrics?.responseTime??Un.application.metrics.responseTime,errors:n.application?.metrics?.errors??Un.application.metrics.errors,rateLimits:n.application?.metrics?.rateLimits??Un.application.metrics.rateLimits}},database:{enabled:n.database?.enabled??Un.database.enabled,metrics:{connections:n.database?.metrics?.connections??Un.database.metrics.connections,queryTime:n.database?.metrics?.queryTime??Un.database.metrics.queryTime,slowQueryThreshold:n.database?.metrics?.slowQueryThreshold??Un.database.metrics.slowQueryThreshold}},redis:{enabled:n.redis?.enabled??Un.redis.enabled},persistence:{enabled:n.persistence?.enabled??Un.persistence.enabled,flushInterval:n.persistence?.flushInterval??Un.persistence.flushInterval,retentionDays:n.persistence?.retentionDays??Un.persistence.retentionDays},alerts:{enabled:n.alerts?.enabled??Un.alerts.enabled,email:{enabled:n.alerts?.email?.enabled??Un.alerts.email.enabled,recipients:n.alerts?.email?.recipients??Un.alerts.email.recipients},thresholds:{cpuPercent:n.alerts?.thresholds?.cpuPercent??Un.alerts.thresholds.cpuPercent,memoryPercent:n.alerts?.thresholds?.memoryPercent??Un.alerts.thresholds.memoryPercent,diskPercent:n.alerts?.thresholds?.diskPercent??Un.alerts.thresholds.diskPercent,errorRatePercent:n.alerts?.thresholds?.errorRatePercent??Un.alerts.thresholds.errorRatePercent,responseTimeMs:n.alerts?.thresholds?.responseTimeMs??Un.alerts.thresholds.responseTimeMs,rateLimitBlocksPerMinute:n.alerts?.thresholds?.rateLimitBlocksPerMinute??Un.alerts.thresholds.rateLimitBlocksPerMinute},cooldown:n.alerts?.cooldown??Un.alerts.cooldown}}}parseTimeToMs(n){let r=n.match(/^(\d+)(ms|s|m|h|d)$/);if(!r||!r[1]||!r[2])return 1e4;let t=parseInt(r[1],10);switch(r[2]){case"ms":return t;case"s":return t*1000;case"m":return t*60*1000;case"h":return t*60*60*1000;case"d":return t*24*60*60*1000;default:return 1e4}}start(){if(!this.config.enabled||this.isRunning)return;this.isRunning=!0,this.logger.info("[Monitoring] Starting monitoring service");let n=this.parseTimeToMs(this.config.system.collectInterval);if(this.collectInterval=setInterval(()=>{this.collect()},n),this.config.persistence.enabled&&this.flushToDb){let r=this.parseTimeToMs(this.config.persistence.flushInterval);this.flushInterval=setInterval(()=>{this.flush()},r)}this.collect()}stop(){if(!this.isRunning)return;if(this.isRunning=!1,this.logger.info("[Monitoring] Stopping monitoring service"),this.collectInterval)clearInterval(this.collectInterval),this.collectInterval=null;if(this.flushInterval)clearInterval(this.flushInterval),this.flushInterval=null;this.flush()}async collect(){let n=Date.now(),r={timestamp:n};if(this.config.system.enabled){let t=await this.systemCollector.collect();if(t)r.system=t,this.addMetricPoints("system",t,n)}if(this.config.application.enabled){let t=this.applicationCollector.collect();if(t)r.application=t,this.addMetricPoints("application",t,n)}if(await this.storeSnapshot(r),this.config.alerts.enabled)await this.alertService.checkAndAlert(r)}addMetricPoints(n,r,t){let o=(c,i="")=>{for(let a in c){let e=c[a],s=i?`${i}.${a}`:a;if(typeof e==="number")this.pendingMetrics.push({timestamp:t,metricType:n,metricName:s,value:e});else if(typeof e==="object"&&e!==null&&!Array.isArray(e))o(e,s)}};o(r)}async storeSnapshot(n){let r=`monitoring:${this.appId}:latest`;await this.redis.create(r,n,3600);let t=`monitoring:${this.appId}:history`,o=await this.redis.read(t),c=o.success&&o.data?o.data:[];c.push(n);let i=Date.now()-3600000,a=c.filter((e)=>e.timestamp>i);await this.redis.create(t,a,3600)}async flush(){if(this.pendingMetrics.length===0)return;if(!this.flushToDb)return;let n=[...this.pendingMetrics];this.pendingMetrics=[];try{await this.flushToDb(n),this.logger.debug(`[Monitoring] Flushed ${n.length} metrics to database`)}catch(r){this.logger.error(`[Monitoring] Failed to flush metrics: ${r}`),this.pendingMetrics=[...n,...this.pendingMetrics]}}recordRequest(n){if(!this.config.enabled||!this.config.application.enabled)return;this.applicationCollector.recordRequest(n)}recordRateLimitBlock(){if(!this.config.enabled||!this.config.application.enabled)return;this.applicationCollector.recordRateLimitBlock()}async getLatestSnapshot(){let n=`monitoring:${this.appId}:latest`,r=await this.redis.read(n);return r.success?r.data:null}async getHistory(n=60){let r=`monitoring:${this.appId}:history`,t=await this.redis.read(r);if(!t.success||!t.data)return[];let o=Date.now()-n*60000;return t.data.filter((c)=>c.timestamp>o)}getActiveAlerts(){return this.alertService.getActiveAlerts()}acknowledgeAlert(n){return this.alertService.acknowledgeAlert(n)}isEnabled(){return this.config.enabled}getConfig(){return this.config}}var Un;var xu=b(()=>{Qu();Nu();Un={enabled:!1,system:{enabled:!0,collectInterval:"10s",metrics:{cpu:!0,memory:!0,disk:!0,network:!1,process:!0}},application:{enabled:!0,metrics:{requests:!0,responseTime:!0,errors:!0,rateLimits:!0}},database:{enabled:!1,metrics:{connections:!0,queryTime:!0,slowQueryThreshold:"100ms"}},redis:{enabled:!1},persistence:{enabled:!0,flushInterval:"1m",retentionDays:30},alerts:{enabled:!1,email:{enabled:!1,recipients:[]},thresholds:{cpuPercent:80,memoryPercent:85,diskPercent:90,errorRatePercent:5,responseTimeMs:1000,rateLimitBlocksPerMinute:100},cooldown:"5m"}}});var Pu=()=>{};import{and as Hc,desc as Cu,eq as mr}from"drizzle-orm";function Z0(n){let r={};for(let[t,o]of Object.entries(n)){let c=t.replace(/_([a-z])/g,(i,a)=>a.toUpperCase());r[c]=o}return r}function nh(n){let r={};for(let[t,o]of Object.entries(n)){let c=t.replace(/[A-Z]/g,(i)=>`_${i.toLowerCase()}`);r[c]=o}return r}class p0{db;schemaTables;config;logger;gmailService;constructor(n){this.db=n.db,this.schemaTables=n.schemaTables,this.config=n.config,this.logger=n.logger,this.gmailService=n.gmailService}getTable(n){return this.schemaTables[n]}getCol(n,r){return n[r]}isChannelEnabled(n){let r=this.config.channels;if(!r)return n==="portal";switch(n){case"portal":return r.portal!==!1;case"email":return r.email===!0;case"sms":return r.sms?.enabled===!0;case"telegram":return r.telegram?.enabled===!0;case"webhook":return r.webhook?.enabled===!0;default:return!1}}interpolateTemplate(n,r){let t=n;for(let[o,c]of Object.entries(r))t=t.replace(new RegExp(`{{${o}}}`,"g"),String(c??""));for(let[o,c]of Object.entries(this.config.templateVariables||{}))t=t.replace(new RegExp(`{{${o}}}`,"g"),c);return t}async triggerNotifications(n){let{trigger:r,flow_id:t,entity_name:o,entity_id:c,node_id:i,context:a={}}=n,e=this.getTable("verificationNotificationRules"),s=this.getTable("verificationNotificationRecipients"),f=this.getTable("verificationNotificationChannels");if(!e||!s){this.logger.warn("[Notification] Notification tables not found");return}let d=new Date,g=(await this.db.select().from(e).where(Hc(mr(this.getCol(e,"flowId"),t),mr(this.getCol(e,"trigger"),r)))).filter((u)=>{if(i&&u.node_id!==i)return!1;if(u.starts_at&&new Date(u.starts_at)>d)return!1;if(u.expires_at&&new Date(u.expires_at)<d)return!1;return!0});for(let u of g){let m=await this.db.select().from(s).where(mr(this.getCol(s,"ruleId"),u.id)),_=["portal"];if(f){let H=await this.db.select().from(f).where(mr(this.getCol(f,"ruleId"),u.id));if(H.length>0)_=H.map((D)=>D.channel)}let S=_.filter((H)=>this.isChannelEnabled(H));if(S.length===0)continue;let h=await this.resolveRecipients(m,n.verifier_id,t,o,c),E={...a,entity_name:o,entity_id:c,trigger:r,decision:n.decision},W=u.title_template?this.interpolateTemplate(u.title_template,E):`Verification ${r.replace("on_","").replace("_"," ")}`,V=u.body_template?this.interpolateTemplate(u.body_template,E):void 0;for(let H of h)await this.send({user_id:H,title:W,body:V,entity_name:o,entity_id:c,type:"verification",source:`flow:${t}`,channels:S})}this.logger.debug(`[Notification] Triggered ${g.length} rules for ${r} on ${o}:${c}`)}async resolveRecipients(n,r,t,o,c){let i=new Set,a=this.getTable("user_roles"),e=this.getTable("roles");for(let s of n)switch(s.recipient_type){case"user":if(s.recipient_user_id)i.add(s.recipient_user_id);break;case"role":if(s.recipient_role&&a&&e){let f=e,d=a,w=(await this.db.select().from(e).where(mr(f.name,s.recipient_role)).limit(1))[0];if(w){let g=await this.db.select({user_id:d.userId}).from(a).where(mr(d.roleId,w.id));for(let u of g)i.add(u.user_id)}}break;case"step_verifier":if(r)i.add(r);break;case"entity_creator":{if(o&&c){let f=this.getTable("verificationInstances");if(f){let l=(await this.db.select().from(f).where(Hc(mr(this.getCol(f,"entityName"),o),mr(this.getCol(f,"entityId"),c))).orderBy(Cu(this.getCol(f,"createdAt"))).limit(1))[0];if(l?.startedBy)i.add(l.startedBy)}}break}case"all_verifiers":{if(t){let f=this.getTable("verificationVerifierConfigs");if(f){let d=await this.db.select().from(f).where(mr(this.getCol(f,"flowId"),t));for(let l of d){let w=l;if(w.verifierUserId)i.add(w.verifierUserId)}}}break}}return Array.from(i)}async send(n){let{user_id:r,title:t,body:o,entity_name:c,entity_id:i,type:a,source:e,channels:s}=n;for(let f of s)switch(f){case"portal":await this.sendPortalNotification(r,t,o,c,i,a,e);break;case"email":await this.sendEmailNotification(r,t,o);break;case"sms":this.logger.debug(`[Notification] SMS channel not yet implemented for user ${r}`);break;case"telegram":this.logger.debug(`[Notification] Telegram channel not yet implemented for user ${r}`);break;case"webhook":this.logger.debug(`[Notification] Webhook channel not yet implemented for user ${r}`);break}}async sendPortalNotification(n,r,t,o,c,i,a){let e=this.getTable("notifications");if(!e){this.logger.warn("[Notification] notifications table not found");return}await this.db.insert(e).values(Z0({user_id:n,title:r,body:t||null,entity_name:o||null,entity_id:c||null,type:i||"system",source:a||null,is_seen:!1})),this.logger.debug(`[Notification] Portal notification sent to ${n}: ${r}`)}async sendEmailNotification(n,r,t){if(!this.gmailService?.isAvailable()){this.logger.warn("[Notification] Gmail service not available for email notification");return}let o=this.getTable("users");if(!o){this.logger.warn("[Notification] users table not found");return}let i=(await this.db.select({email:this.getCol(o,"email")}).from(o).where(mr(this.getCol(o,"id"),n)).limit(1))[0];if(!i?.email){this.logger.warn(`[Notification] No email found for user ${n}`);return}await this.gmailService.sendEmail({to:i.email,subject:r,html:t||r}),this.logger.debug(`[Notification] Email notification sent to ${i.email}: ${r}`)}async getNotifications(n,r){let t=this.getTable("notifications");if(!t)return[];let o=[mr(this.getCol(t,"userId"),n)];if(r?.type)o.push(mr(this.getCol(t,"type"),r.type));return(await this.db.select().from(t).where(Hc(...o)).orderBy(Cu(this.getCol(t,"createdAt"))).limit(r?.limit||50).offset(r?.offset||0)).map((a)=>nh(a))}async getUnseenCount(n){let r=this.getTable("notifications");if(!r)return 0;return(await this.db.select().from(r).where(Hc(mr(this.getCol(r,"userId"),n),mr(this.getCol(r,"isSeen"),!1)))).length}async markAsSeen(n,r){let t=this.getTable("notifications");if(!t)return!1;return await this.db.update(t).set(Z0({is_seen:!0,seen_at:new Date})).where(Hc(mr(this.getCol(t,"id"),n),mr(this.getCol(t,"userId"),r))),!0}async markAllAsSeen(n){let r=this.getTable("notifications");if(!r)return 0;return(await this.db.update(r).set(Z0({is_seen:!0,seen_at:new Date})).where(Hc(mr(this.getCol(r,"userId"),n),mr(this.getCol(r,"isSeen"),!1))).returning()).length}}var I0=b(()=>{Pu()});function qu(n,r){if(!n.authorizationUrl)throw Error("Generic OAuth provider requires authorizationUrl");let t=n.scopes??[],o=new URLSearchParams({client_id:n.clientId,redirect_uri:n.redirectUri,response_type:"code",state:r,...t.length>0?{scope:t.join(" ")}:{},...n.extraAuthParams});return`${n.authorizationUrl}?${o.toString()}`}async function Fu(n,r){if(!r.tokenUrl)throw Error("Generic OAuth provider requires tokenUrl");let t=await fetch(r.tokenUrl,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded",Accept:"application/json"},body:new URLSearchParams({code:n,client_id:r.clientId,client_secret:r.clientSecret,redirect_uri:r.redirectUri,grant_type:"authorization_code"}).toString()});if(!t.ok){let s=await t.text();throw Error(`Generic OAuth token exchange failed: ${s}`)}let o=await t.json();if(o.error)throw Error(`OAuth error: ${o.error_description||o.error}`);let c={accessToken:o.access_token,refreshToken:o.refresh_token,expiresAt:o.expires_in?new Date(Date.now()+o.expires_in*1000):void 0,scope:o.scope};if(!r.userInfoUrl)return{profile:{providerAccountId:o.access_token,rawProfile:o},tokens:c};let i=await fetch(r.userInfoUrl,{headers:{Authorization:`Bearer ${o.access_token}`}});if(!i.ok)throw Error("Failed to fetch user info from generic OAuth provider");let a=await i.json();return{profile:{providerAccountId:a.id??a.sub??a.user_id??o.access_token,email:a.email,name:a.name??a.display_name??a.username,avatarUrl:a.avatar_url??a.picture??a.photo,rawProfile:a},tokens:c}}function ju(n,r){let t=n.scopes??["read:user","user:email"];return`https://github.com/login/oauth/authorize?${new URLSearchParams({client_id:n.clientId,redirect_uri:n.redirectUri,scope:t.join(" "),state:r,...n.extraAuthParams}).toString()}`}async function Ku(n,r){let t=await fetch("https://github.com/login/oauth/access_token",{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded",Accept:"application/json"},body:new URLSearchParams({code:n,client_id:r.clientId,client_secret:r.clientSecret,redirect_uri:r.redirectUri}).toString()});if(!t.ok){let f=await t.text();throw Error(`GitHub token exchange failed: ${f}`)}let o=await t.json();if(o.error)throw Error(`GitHub OAuth error: ${o.error_description||o.error}`);let c={accessToken:o.access_token,refreshToken:o.refresh_token,expiresAt:o.expires_in?new Date(Date.now()+o.expires_in*1000):void 0,scope:o.scope},i=await fetch("https://api.github.com/user",{headers:{Authorization:`Bearer ${o.access_token}`,Accept:"application/vnd.github+json"}});if(!i.ok)throw Error("Failed to fetch GitHub user info");let a=await i.json(),e=a.email;if(!e)try{let f=await fetch("https://api.github.com/user/emails",{headers:{Authorization:`Bearer ${o.access_token}`,Accept:"application/vnd.github+json"}});if(f.ok){let d=await f.json();e=d.find((w)=>w.primary&&w.verified)?.email??d[0]?.email}}catch{}return{profile:{providerAccountId:String(a.id),email:e,name:a.name??a.login,avatarUrl:a.avatar_url,rawProfile:a},tokens:c}}function vu(n,r){let t=n.scopes??["openid","email","profile"];return`https://accounts.google.com/o/oauth2/v2/auth?${new URLSearchParams({client_id:n.clientId,redirect_uri:n.redirectUri,response_type:"code",scope:t.join(" "),state:r,access_type:"offline",prompt:"select_account",...n.extraAuthParams}).toString()}`}async function Zu(n,r){let t=await fetch("https://oauth2.googleapis.com/token",{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({code:n,client_id:r.clientId,client_secret:r.clientSecret,redirect_uri:r.redirectUri,grant_type:"authorization_code"}).toString()});if(!t.ok){let s=await t.text();throw Error(`Google token exchange failed: ${s}`)}let o=await t.json(),c={accessToken:o.access_token,refreshToken:o.refresh_token,expiresAt:o.expires_in?new Date(Date.now()+o.expires_in*1000):void 0,scope:o.scope},i=await fetch("https://www.googleapis.com/oauth2/v3/userinfo",{headers:{Authorization:`Bearer ${o.access_token}`}});if(!i.ok)throw Error("Failed to fetch Google user info");let a=await i.json();return{profile:{providerAccountId:a.sub,email:a.email,name:a.name,avatarUrl:a.picture,rawProfile:a},tokens:c}}function pu(n){return`https://login.microsoftonline.com/${n.tenantId??"common"}/oauth2/v2.0`}function Iu(n,r){let t=n.scopes??["openid","email","profile","User.Read"],o=new URLSearchParams({client_id:n.clientId,redirect_uri:n.redirectUri,response_type:"code",scope:t.join(" "),state:r,response_mode:"query",...n.extraAuthParams});return`${pu(n)}/authorize?${o.toString()}`}async function yu(n,r){let t=await fetch(`${pu(r)}/token`,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({code:n,client_id:r.clientId,client_secret:r.clientSecret,redirect_uri:r.redirectUri,grant_type:"authorization_code"}).toString()});if(!t.ok){let s=await t.text();throw Error(`Microsoft token exchange failed: ${s}`)}let o=await t.json();if(o.error)throw Error(`Microsoft OAuth error: ${o.error_description||o.error}`);let c={accessToken:o.access_token,refreshToken:o.refresh_token,expiresAt:o.expires_in?new Date(Date.now()+o.expires_in*1000):void 0,scope:o.scope},i=await fetch("https://graph.microsoft.com/v1.0/me",{headers:{Authorization:`Bearer ${o.access_token}`}});if(!i.ok)throw Error("Failed to fetch Microsoft user info");let a=await i.json();return{profile:{providerAccountId:a.id,email:a.mail??a.userPrincipalName,name:a.displayName,avatarUrl:void 0,rawProfile:a},tokens:c}}import{randomBytes as rh}from"crypto";class ne{config;stateStore=new Map;cleanupInterval=null;constructor(n){this.config=n;let r=(n.stateTtlSeconds??600)*1000;this.cleanupInterval=setInterval(()=>{let t=Date.now();for(let[o,c]of this.stateStore.entries())if(c.expiresAt<t)this.stateStore.delete(o)},r)}stop(){if(this.cleanupInterval)clearInterval(this.cleanupInterval),this.cleanupInterval=null}isProviderEnabled(n){return!!(this.config.enabled&&this.config.providers[n])}getEnabledProviders(){if(!this.config.enabled)return[];return Object.keys(this.config.providers)}buildAuthorizationUrl(n,r,t){let o=this.config.providers[n];if(!o)throw Error(`OAuth provider "${n}" is not configured`);let c={provider:n,linkUserId:r,redirectUrl:t,createdAt:Date.now()},i=rh(32).toString("hex"),a=(this.config.stateTtlSeconds??600)*1000;switch(this.stateStore.set(i,{payload:c,expiresAt:Date.now()+a}),n){case"google":return vu(o,i);case"github":return ju(o,i);case"microsoft":return Iu(o,i);default:return qu(o,i)}}consumeState(n){let r=this.stateStore.get(n);if(!r)return null;if(r.expiresAt<Date.now())return this.stateStore.delete(n),null;return this.stateStore.delete(n),r.payload}async exchangeCode(n,r){let t=this.config.providers[n];if(!t)throw Error(`OAuth provider "${n}" is not configured`);switch(n){case"google":return Zu(r,t);case"github":return Ku(r,t);case"microsoft":return yu(r,t);default:return Fu(r,t)}}get allowAccountLinking(){return this.config.allowAccountLinking??!0}get autoCreateUser(){return this.config.autoCreateUser??!0}get successRedirectUrl(){return this.config.successRedirectUrl??"/"}get errorRedirectUrl(){return this.config.errorRedirectUrl??"/login"}get sendInviteOnCreate(){return this.config.sendInviteOnCreate??!1}get basePath(){return this.config.basePath??"/auth/oauth"}}var Tu=()=>{};var y0=b(()=>{Tu()});class T0{redis;logger;config;constructor(n){this.redis=n.redis,this.logger=n.logger,this.config=this.mergeConfig(n.config)}mergeConfig(n){return{enabled:n.enabled??hr.enabled,strategy:n.strategy??hr.strategy,keyPrefix:n.keyPrefix??hr.keyPrefix,authRoutes:{window:n.authRoutes?.window??hr.authRoutes.window,max:n.authRoutes?.max??hr.authRoutes.max,login:{window:n.authRoutes?.login?.window??re.window,max:n.authRoutes?.login?.max??re.max,blockDuration:n.authRoutes?.login?.blockDuration??re.blockDuration},register:{window:n.authRoutes?.register?.window??te.window,max:n.authRoutes?.register?.max??te.max,blockDuration:n.authRoutes?.register?.blockDuration??te.blockDuration},passwordReset:{window:n.authRoutes?.passwordReset?.window??oe.window,max:n.authRoutes?.passwordReset?.max??oe.max,blockDuration:n.authRoutes?.passwordReset?.blockDuration??oe.blockDuration},magicLink:{window:n.authRoutes?.magicLink?.window??ce.window,max:n.authRoutes?.magicLink?.max??ce.max,blockDuration:n.authRoutes?.magicLink?.blockDuration??ce.blockDuration}},publicRoutes:{window:n.publicRoutes?.window??hr.publicRoutes.window,max:n.publicRoutes?.max??hr.publicRoutes.max},privateRoutes:{window:n.privateRoutes?.window??hr.privateRoutes.window,max:n.privateRoutes?.max??hr.privateRoutes.max},byIp:n.byIp??hr.byIp,byUserId:n.byUserId??hr.byUserId,byEndpoint:n.byEndpoint??hr.byEndpoint,skipSuccessfulRequests:n.skipSuccessfulRequests??hr.skipSuccessfulRequests,headers:{remaining:n.headers?.remaining??hr.headers.remaining,reset:n.headers?.reset??hr.headers.reset,limit:n.headers?.limit??hr.headers.limit},whitelist:n.whitelist??hr.whitelist,blacklist:n.blacklist??hr.blacklist}}parseTimeToMs(n){let r=n.match(/^(\d+)(ms|s|m|h|d)$/);if(!r||!r[1]||!r[2])return 60000;let t=parseInt(r[1],10);switch(r[2]){case"ms":return t;case"s":return t*1000;case"m":return t*60*1000;case"h":return t*60*60*1000;case"d":return t*24*60*60*1000;default:return 60000}}buildKey(n){let r=[this.config.keyPrefix,n.category];if(n.authType&&n.authType!=="other")r.push(n.authType);if(this.config.byIp&&n.ip)r.push(`ip:${n.ip}`);if(this.config.byUserId&&n.userId)r.push(`user:${n.userId}`);if(this.config.byEndpoint&&n.endpoint)r.push(`ep:${n.endpoint.replace(/\//g,"_")}`);return r.join(":")}getLimits(n,r){if(n==="auth"){if(r&&r!=="other"){let t=this.config.authRoutes[r];if(t)return t}return{window:this.config.authRoutes.window,max:this.config.authRoutes.max}}if(n==="public")return this.config.publicRoutes;return this.config.privateRoutes}isWhitelisted(n){return this.config.whitelist.some((r)=>{if(r.includes("*"))return new RegExp(`^${r.replace(/\*/g,".*")}$`).test(n);return r===n})}isBlacklisted(n){return this.config.blacklist.some((r)=>{if(r.includes("*"))return new RegExp(`^${r.replace(/\*/g,".*")}$`).test(n);return r===n})}async readRedis(n){let r=await this.redis.read(n);if(r.success)return r.data;return null}async check(n){if(!this.config.enabled)return{allowed:!0,remaining:-1,resetAt:0,limit:-1};if(this.isWhitelisted(n.ip))return{allowed:!0,remaining:-1,resetAt:0,limit:-1};if(this.isBlacklisted(n.ip))return this.logger.warn(`[RateLimit] Blacklisted IP: ${n.ip}`),{allowed:!1,remaining:0,resetAt:Date.now()+86400000,limit:0,retryAfter:86400};let r=this.buildKey(n),t=this.getLimits(n.category,n.authType),o=this.parseTimeToMs(t.window),c=`${r}:blocked`,i=await this.readRedis(c);if(i&&i.until>Date.now()){let a=Math.ceil((i.until-Date.now())/1000);return this.logger.warn(`[RateLimit] Blocked: ${r}, retry after ${a}s`),{allowed:!1,remaining:0,resetAt:i.until,limit:t.max,retryAfter:a}}if(this.config.strategy==="sliding-window")return this.slidingWindowCheck(r,t.max,o,t.blockDuration);if(this.config.strategy==="fixed-window")return this.fixedWindowCheck(r,t.max,o,t.blockDuration);return this.tokenBucketCheck(r,t.max,o)}async slidingWindowCheck(n,r,t,o){let c=Date.now(),i=c-t,a=`${n}:sw`,s=(await this.readRedis(a))?.timestamps||[];s=s.filter((w)=>w>i);let f=s.length,d=s[0],l=d!==void 0?d+t:c+t;if(f>=r){if(o){let w=this.parseTimeToMs(o);await this.redis.create(`${n}:blocked`,{until:c+w},Math.ceil(w/1000))}return{allowed:!1,remaining:0,resetAt:l,limit:r,retryAfter:Math.ceil((l-c)/1000)}}return s.push(c),await this.redis.create(a,{timestamps:s},Math.ceil(t/1000)+1),{allowed:!0,remaining:r-s.length,resetAt:l,limit:r}}async fixedWindowCheck(n,r,t,o){let c=Date.now(),i=Math.floor(c/t),a=`${n}:fw:${i}`,e=(i+1)*t,f=(await this.readRedis(a))?.count||0;if(f>=r){if(o){let d=this.parseTimeToMs(o);await this.redis.create(`${n}:blocked`,{until:c+d},Math.ceil(d/1000))}return{allowed:!1,remaining:0,resetAt:e,limit:r,retryAfter:Math.ceil((e-c)/1000)}}return await this.redis.create(a,{count:f+1},Math.ceil(t/1000)+1),{allowed:!0,remaining:r-(f+1),resetAt:e,limit:r}}async tokenBucketCheck(n,r,t){let o=Date.now(),c=r/t,i=`${n}:tb`,a=await this.readRedis(i),e=a?.tokens??r,s=a?.lastRefill??o,d=(o-s)*c;if(e=Math.min(r,e+d),e<1){let l=Math.ceil((1-e)/c);return{allowed:!1,remaining:0,resetAt:o+l,limit:r,retryAfter:Math.ceil(l/1000)}}return e-=1,await this.redis.create(i,{tokens:e,lastRefill:o},Math.ceil(t/1000)*2),{allowed:!0,remaining:Math.floor(e),resetAt:o+t,limit:r}}async decrement(n){if(!this.config.skipSuccessfulRequests)return;let r=this.buildKey(n);if(this.config.strategy==="sliding-window"){let t=`${r}:sw`,o=await this.readRedis(t);if(o?.timestamps?.length){o.timestamps.pop();let c=this.parseTimeToMs(this.getLimits(n.category,n.authType).window);await this.redis.create(t,o,Math.ceil(c/1000)+1)}}else if(this.config.strategy==="fixed-window"){let t=this.parseTimeToMs(this.getLimits(n.category,n.authType).window),o=Math.floor(Date.now()/t),c=`${r}:fw:${o}`,i=await this.readRedis(c);if(i?.count)await this.redis.create(c,{count:i.count-1},Math.ceil(t/1000)+1)}}getHeaders(n){let r={};return r[this.config.headers.remaining]=String(n.remaining),r[this.config.headers.reset]=String(Math.ceil(n.resetAt/1000)),r[this.config.headers.limit]=String(n.limit),r}isEnabled(){return this.config.enabled}}var re,te,oe,ce,hr;var nb=b(()=>{re={window:"15m",max:5,blockDuration:"30m"},te={window:"1h",max:3,blockDuration:"1h"},oe={window:"1h",max:3,blockDuration:"1h"},ce={window:"1h",max:5,blockDuration:"1h"},hr={enabled:!0,strategy:"sliding-window",keyPrefix:"rl:",authRoutes:{window:"1m",max:10,login:re,register:te,passwordReset:oe,magicLink:ce},publicRoutes:{window:"1m",max:100},privateRoutes:{window:"1m",max:60},byIp:!0,byUserId:!0,byEndpoint:!1,skipSuccessfulRequests:!1,headers:{remaining:"X-RateLimit-Remaining",reset:"X-RateLimit-Reset",limit:"X-RateLimit-Limit"},whitelist:[],blacklist:[]}});var rb=()=>{};import{and as Zt,desc as nf,eq as an,inArray as tb}from"drizzle-orm";function zr(n){let r={};for(let[t,o]of Object.entries(n)){let c=t.replace(/_([a-z])/g,(i,a)=>a.toUpperCase());r[c]=o}return r}function Sr(n){let r={};for(let[t,o]of Object.entries(n)){let c=t.replace(/[A-Z]/g,(i)=>`_${i.toLowerCase()}`);r[c]=o}return r}class rf{db;schemaTables;config;logger;onNotificationTrigger;constructor(n){this.db=n.db,this.schemaTables=n.schemaTables,this.config=n.config,this.logger=n.logger}setNotificationHandler(n){this.onNotificationTrigger=n}getTable(n){return this.schemaTables[n]}getCol(n,r){return n[r]}async listFlows(n){let r=this.getTable("verificationFlows");if(!r)return[];return(await(n?this.db.select().from(r).where(an(this.getCol(r,"entityName"),n)):this.db.select().from(r))).map((c)=>Sr(c))}async getFlow(n){let r=this.getTable("verificationFlows"),t=this.getTable("verificationSteps"),o=this.getTable("verificationEdges"),c=this.getTable("verificationVerifierConfigs"),i=this.getTable("verificationNotificationRules"),a=this.getTable("verificationNotificationRecipients"),e=this.getTable("verificationNotificationChannels");if(!r)return null;let f=(await this.db.select().from(r).where(an(this.getCol(r,"id"),n)).limit(1))[0];if(!f)return null;let d=Sr(f),w=(t?await this.db.select().from(t).where(an(this.getCol(t,"flowId"),n)):[]).map((R)=>Sr(R)),u=(o?await this.db.select().from(o).where(an(this.getCol(o,"flowId"),n)):[]).map((R)=>Sr(R)),_=(c?await this.db.select().from(c).where(an(this.getCol(c,"flowId"),n)):[]).map((R)=>Sr(R)),h=(i?await this.db.select().from(i).where(an(this.getCol(i,"flowId"),n)):[]).map((R)=>Sr(R)),E=h.map((R)=>R.id),V=(a&&E.length>0?await this.db.select().from(a).where(tb(this.getCol(a,"ruleId"),E)):[]).map((R)=>Sr(R)),D=(e&&E.length>0?await this.db.select().from(e).where(tb(this.getCol(e,"ruleId"),E)):[]).map((R)=>Sr(R));return{flow:d,graph:{steps:w,edges:u,verifier_configs:_,notification_rules:h,notification_recipients:V,notification_channels:D}}}async saveFlow(n){let r=this.getTable("verificationFlows"),t=this.getTable("verificationSteps"),o=this.getTable("verificationEdges"),c=this.getTable("verificationVerifierConfigs"),i=this.getTable("verificationNotificationRules"),a=this.getTable("verificationNotificationRecipients"),e=this.getTable("verificationNotificationChannels");if(!r||!t||!o)throw Error("Verification tables not configured");let s=await this.db.select().from(r).where(an(this.getCol(r,"id"),n.flow_id)).limit(1),f=n.flow_id;if(s.length>0)await this.db.update(r).set(zr({entity_name:n.entity_name,name:n.name,description:n.description||null,trigger_on:n.trigger_on,trigger_fields:n.trigger_fields||null,is_draft:n.is_draft,viewport:n.viewport||null})).where(an(this.getCol(r,"id"),f));else{let[l]=await this.db.insert(r).values(zr({id:f,entity_name:n.entity_name,name:n.name,description:n.description||null,trigger_on:n.trigger_on,trigger_fields:n.trigger_fields||null,is_draft:n.is_draft,viewport:n.viewport||null})).returning();f=l.id}if(await this.db.delete(t).where(an(this.getCol(t,"flowId"),f)),o)await this.db.delete(o).where(an(this.getCol(o,"flowId"),f));if(c)await this.db.delete(c).where(an(this.getCol(c,"flowId"),f));if(i)await this.db.delete(i).where(an(this.getCol(i,"flowId"),f));let{graph:d}=n;if(d.steps.length>0)await this.db.insert(t).values(d.steps.map((l)=>zr({flow_id:f,entity_name:n.entity_name,node_id:l.node_id,node_type:l.node_type,step_order:l.step_order,name:l.name||null,description:l.description||null,position_x:l.position_x,position_y:l.position_y,width:l.width||null,height:l.height||null,style:l.style||null,data:l.data||null})));if(d.edges.length>0&&o)await this.db.insert(o).values(d.edges.map((l)=>zr({flow_id:f,edge_id:l.edge_id,source_node_id:l.source_node_id,target_node_id:l.target_node_id,source_handle:l.source_handle||null,target_handle:l.target_handle||null,edge_type:l.edge_type,label:l.label||null,condition:l.condition||null,style:l.style||null,animated:l.animated})));if(d.verifier_configs.length>0&&c)await this.db.insert(c).values(d.verifier_configs.map((l)=>zr({flow_id:f,node_id:l.node_id,verifier_type:l.verifier_type,verifier_user_id:l.verifier_user_id||null,verifier_role:l.verifier_role||null,require_signature:l.require_signature,all_must_approve:l.all_must_approve})));if(d.notification_rules.length>0&&i)for(let l of d.notification_rules){let[w]=await this.db.insert(i).values(zr({flow_id:f,node_id:l.node_id,trigger:l.trigger,title_template:l.title_template||null,body_template:l.body_template||null,starts_at:l.starts_at||null,expires_at:l.expires_at||null})).returning(),g=w.id,u=d.notification_recipients.filter((_)=>_.rule_id===l.node_id);if(u.length>0&&a)await this.db.insert(a).values(u.map((_)=>zr({rule_id:g,recipient_type:_.recipient_type,recipient_user_id:_.recipient_user_id||null,recipient_role:_.recipient_role||null})));let m=d.notification_channels.filter((_)=>_.rule_id===l.node_id);if(m.length>0&&e)await this.db.insert(e).values(m.map((_)=>zr({rule_id:g,channel:_.channel})))}return this.logger.info(`[Verification] Flow saved: ${f} for ${n.entity_name}`),{success:!0,flow_id:f}}async publishFlow(n){let r=this.getTable("verificationFlows");if(!r)return{success:!1,message:"Flow table not configured"};return await this.db.update(r).set(zr({is_draft:!1,published_at:new Date})).where(an(this.getCol(r,"id"),n)),this.logger.info(`[Verification] Flow published: ${n}`),{success:!0,message:"Flow published"}}async deleteFlow(n){let r=this.getTable("verificationFlows");if(!r)return{success:!1,message:"Flow table not configured"};return await this.db.delete(r).where(an(this.getCol(r,"id"),n)),this.logger.info(`[Verification] Flow deleted: ${n}`),{success:!0,message:"Flow deleted"}}async startFlow(n){let r=this.getTable("verificationFlows"),t=this.getTable("verificationSteps"),o=this.getTable("verificationEdges"),c=this.getTable("verificationVerifierConfigs"),i=this.getTable("verificationInstances"),a=this.getTable("verificationRequirements"),e=this.getTable("user_roles");if(!r||!t||!o||!i||!a)return{success:!1,message:"Verification tables not configured"};if(!(await this.db.select().from(r).where(Zt(an(this.getCol(r,"id"),n.flow_id),an(this.getCol(r,"isDraft"),!1))).limit(1))[0])return{success:!1,message:"Published flow not found"};if((await this.db.select().from(i).where(Zt(an(this.getCol(i,"entityName"),n.entity_name),an(this.getCol(i,"entityId"),n.entity_id),an(this.getCol(i,"status"),"active"))).limit(1)).length>0)return{success:!1,message:"An active verification instance already exists for this entity"};let l=await this.db.select().from(t).where(an(this.getCol(t,"flowId"),n.flow_id)),w=await this.db.select().from(o).where(an(this.getCol(o,"flowId"),n.flow_id)),g=l.filter((_)=>_.nodeType==="step");if(g.sort((_,S)=>_.stepOrder-S.stepOrder),g.length===0)return{success:!1,message:"Flow has no step nodes"};let[u]=await this.db.insert(i).values(zr({flow_id:n.flow_id,entity_name:n.entity_name,entity_id:n.entity_id,started_by:n.started_by||null,status:"active",current_step_order:1,started_at:new Date})).returning(),m=u.id;if(await this.materializeRequirementsForStep(m,n.flow_id,n.entity_name,n.entity_id,1,l,w,c,a,e),this.onNotificationTrigger)await this.onNotificationTrigger({trigger:"on_flow_started",flow_id:n.flow_id,entity_name:n.entity_name,entity_id:n.entity_id});return this.logger.info(`[Verification] Flow started: instance ${m} for ${n.entity_name}:${n.entity_id}`),{success:!0,instance_id:m,message:"Flow started"}}async materializeRequirementsForStep(n,r,t,o,c,i,a,e,s,f){if(!s)return;let d=i.find((_)=>_.nodeType==="step"&&_.stepOrder===c);if(!d)return;let l=d.nodeId,g=a.filter((_)=>_.targetNodeId===l).map((_)=>_.sourceNodeId),u=i.filter((_)=>_.nodeType==="verifier"&&g.includes(_.nodeId));if(u.length===0)return;let m=[];if(e)m=await this.db.select().from(e).where(an(this.getCol(e,"flowId"),r));for(let _ of u){let S=_.nodeId,h=m.find((V)=>V.nodeId===S);if(!h)continue;let{verifierType:E,allMustApprove:W}=h;if(E==="role"&&W&&f){let V=this.getTable("roles");if(V){let H=V,D=f,$=(await this.db.select().from(V).where(an(H.name,h.verifierRole)).limit(1))[0];if($){let A=await this.db.select({user_id:D.userId}).from(f).where(an(D.roleId,$.id));for(let M of A)await this.db.insert(s).values(zr({instance_id:n,step_node_id:l,verifier_node_id:S,entity_name:t,entity_id:o,verifier_type:"user",verifier_user_id:M.user_id,verifier_role:h.verifierRole||null,require_signature:h.requireSignature,all_must_approve:!0,step_order:c,status:"pending"}))}}}else await this.db.insert(s).values(zr({instance_id:n,step_node_id:l,verifier_node_id:S,entity_name:t,entity_id:o,verifier_type:E,verifier_user_id:h.verifierUserId||null,verifier_role:h.verifierRole||null,require_signature:h.requireSignature,all_must_approve:W,step_order:c,status:"pending"}))}if(this.onNotificationTrigger)await this.onNotificationTrigger({trigger:"on_step_reached",flow_id:r,entity_name:t,entity_id:o})}async getStatus(n,r){let t=this.getTable("verificationInstances"),o=this.getTable("verificationFlows"),c=this.getTable("verificationSteps"),i=this.getTable("verifications"),a=this.getTable("verificationRequirements"),e={entity_name:n,entity_id:r,instance:null,flow:null,current_step:0,total_steps:0,is_completed:!1,is_rejected:!1,verifications:[],pending_requirements:[]};if(!t||!o||!i||!a)return this.logger.error("[Verification] Required tables not found"),e;let f=(await this.db.select().from(t).where(Zt(an(this.getCol(t,"entityName"),n),an(this.getCol(t,"entityId"),r))).orderBy(nf(this.getCol(t,"createdAt"))).limit(1))[0];if(!f)return e;let d=Sr(f),l=await this.db.select().from(o).where(an(this.getCol(o,"id"),d.flow_id)).limit(1),w=l[0]?Sr(l[0]):void 0,u=(c?await this.db.select().from(c).where(Zt(an(this.getCol(c,"flowId"),d.flow_id),an(this.getCol(c,"nodeType"),"step"))):[]).length,_=(await this.db.select().from(i).where(an(this.getCol(i,"instanceId"),d.id)).orderBy(nf(this.getCol(i,"createdAt")))).map((E)=>Sr(E)),h=(await this.db.select().from(a).where(Zt(an(this.getCol(a,"instanceId"),d.id),an(this.getCol(a,"status"),"pending")))).map((E)=>Sr(E));return{entity_name:n,entity_id:r,instance:d,flow:w||null,current_step:d.current_step_order,total_steps:u,is_completed:d.status==="completed",is_rejected:d.status==="rejected",verifications:_,pending_requirements:h}}async decide(n){let{entity_name:r,entity_id:t,user_id:o,decision:c,reason:i,signature_id:a,diff:e}=n,s=this.getTable("verifications"),f=this.getTable("verificationRequirements"),d=this.getTable("verificationInstances"),l=this.getTable("verificationSteps"),w=this.getTable("verificationEdges"),g=this.getTable("verificationVerifierConfigs"),u=this.getTable("user_roles"),m=this.getTable("roles");if(!s||!f||!d)return{success:!1,message:"Verification tables not configured"};let _=await this.getStatus(r,t);if(!_.instance||_.instance.status!=="active")return{success:!1,message:"No active verification instance"};let S=_.pending_requirements.filter((R)=>R.step_order===_.current_step);if(S.length===0)return{success:!1,message:"No pending requirements for current step"};let h=null;for(let R of S){if(R.verifier_type==="user"&&R.verifier_user_id===o){h=R;break}if(R.verifier_type==="role"&&R.verifier_role&&u&&m){let $=u,A=m;if((await this.db.select({role_name:A.name}).from(u).innerJoin(m,an($.roleId,A.id)).where(an($.userId,o))).some((X)=>X.role_name===R.verifier_role)){h=R;break}}}if(!h)return{success:!1,message:"User is not authorized to verify at this step"};if(h.require_signature&&!a)return{success:!1,message:"Signature is required for this verification step"};let[E]=await this.db.insert(s).values(zr({instance_id:_.instance.id,requirement_id:h.id,verifier_id:o,signature_id:a||null,entity_name:r,entity_id:t,step_order:_.current_step,decision:c,reason:i||null,diff:e||null})).returning();if(await this.db.update(f).set({status:c}).where(an(this.getCol(f,"id"),h.id)),this.onNotificationTrigger&&_.instance)await this.onNotificationTrigger({trigger:c==="approved"?"on_approved":"on_rejected",flow_id:_.instance.flow_id,entity_name:r,entity_id:t,verifier_id:o,decision:c});if(c==="rejected"){await this.db.update(d).set(zr({status:"rejected",completed_at:new Date})).where(an(this.getCol(d,"id"),_.instance.id));let R;if(this.config.autoResetOnRejection){this.logger.info(`[Verification] Flow rejected for ${r}:${t}, auto-restarting from step 1`);let $=await this.startFlow({flow_id:_.instance.flow_id,entity_name:r,entity_id:t,started_by:_.instance.started_by});if($.success)R=$.instance_id}return{success:!0,message:this.config.autoResetOnRejection?"Verification rejected \u2014 flow restarted from step 1":"Verification rejected",verification:E,flow_completed:!1,new_instance_id:R}}let W=h.id,V=S.filter((R)=>R.id!==W);if(V.length>0)return{success:!0,message:`Step ${_.current_step} partially approved, ${V.length} verifier(s) remaining`,verification:E,flow_completed:!1};let H=_.current_step+1;if(H>_.total_steps){if(await this.db.update(d).set(zr({status:"completed",completed_at:new Date})).where(an(this.getCol(d,"id"),_.instance.id)),this.onNotificationTrigger)await this.onNotificationTrigger({trigger:"on_flow_completed",flow_id:_.instance.flow_id,entity_name:r,entity_id:t});return{success:!0,message:"Verification flow completed",verification:E,flow_completed:!0}}if(await this.db.update(d).set(zr({current_step_order:H})).where(an(this.getCol(d,"id"),_.instance.id)),l&&w){let R=await this.db.select().from(l).where(an(this.getCol(l,"flowId"),_.instance.flow_id)),$=await this.db.select().from(w).where(an(this.getCol(w,"flowId"),_.instance.flow_id));await this.materializeRequirementsForStep(_.instance.id,_.instance.flow_id,r,t,H,R,$,g,f,u)}return{success:!0,message:`Step ${_.current_step} approved, moving to step ${H}`,verification:E,flow_completed:!1,next_step:H}}async startFlowForEntity(n){let r=this.getTable("verificationFlows");if(!r)return{success:!1,message:"Flow table not configured"};let o=(await this.db.select().from(r).where(Zt(an(this.getCol(r,"entityName"),n.entity_name),an(this.getCol(r,"isDraft"),!1))).limit(1))[0];if(!o)return{success:!1,message:`No published flow found for entity '${n.entity_name}'`};return this.startFlow({flow_id:o.id,entity_name:n.entity_name,entity_id:n.entity_id,started_by:n.started_by})}async listEntityStatuses(n){let r=this.getTable("verificationInstances"),t=this.getTable("verificationFlows"),o=this.getTable("verificationSteps"),c={items:[],total:0,page:1,limit:20};if(!r||!t)return c;let i=n.page||1,a=n.limit||20,e=(i-1)*a,s=[an(this.getCol(r,"entityName"),n.entity_name)];if(n.status)s.push(an(this.getCol(r,"status"),n.status));let f=s.length===1?s[0]:Zt(...s),l=(await this.db.select().from(r).where(f).orderBy(nf(this.getCol(r,"createdAt")))).map((m)=>Sr(m)),w=l.length,g=l.slice(e,e+a),u=[];for(let m of g){let _=m.flow_id,S=await this.db.select().from(t).where(an(this.getCol(t,"id"),_)).limit(1),h=S[0]?Sr(S[0]):void 0,E=0;if(o)E=(await this.db.select().from(o).where(Zt(an(this.getCol(o,"flowId"),_),an(this.getCol(o,"nodeType"),"step")))).length;u.push({instance_id:m.id,entity_name:m.entity_name,entity_id:m.entity_id,flow_id:_,flow_name:h?.name||"Unknown",status:m.status,current_step_order:m.current_step_order,total_steps:E,started_by:m.started_by,started_at:m.started_at,completed_at:m.completed_at})}return{items:u,total:w,page:i,limit:a}}async getPending(n){let r=this.getTable("verificationRequirements"),t=this.getTable("verificationInstances"),o=this.getTable("verificationFlows"),c=this.getTable("user_roles"),i=this.getTable("roles");if(this.logger.info(`[Verification.getPending] userId=${n}, tables: req=${!!r} inst=${!!t} flow=${!!o} roles=${!!i} userRoles=${!!c}`),!r||!t||!o)return this.logger.warn("[Verification.getPending] Missing required tables, returning empty"),[];let a=c,e=i,f=(c&&i?await this.db.select({role_name:e.name}).from(c).innerJoin(i,an(a.roleId,e.id)).where(an(a.userId,n)):[]).map((g)=>g.role_name),l=(await this.db.select().from(r).where(an(this.getCol(r,"status"),"pending"))).map((g)=>Sr(g));this.logger.info(`[Verification.getPending] Found ${l.length} pending requirements, userRoles=${JSON.stringify(f)}`);for(let g of l)this.logger.info(`[Verification.getPending] Req: verifier_type=${g.verifier_type} verifier_user_id=${g.verifier_user_id} verifier_role=${g.verifier_role} step_order=${g.step_order} entity=${g.entity_name}/${g.entity_id}`);let w=[];for(let g of l){if(!(g.verifier_type==="user"&&g.verifier_user_id===n||g.verifier_type==="role"&&f.includes(g.verifier_role))){this.logger.info(`[Verification.getPending] Skipping req: canVerify=false (type=${g.verifier_type}, reqUserId=${g.verifier_user_id}, loggedInUserId=${n})`);continue}let m=await this.db.select().from(t).where(Zt(an(this.getCol(t,"id"),g.instance_id),an(this.getCol(t,"status"),"active"))).limit(1),_=m[0]?Sr(m[0]):void 0;if(!_)continue;if(_.current_step_order!==g.step_order)continue;let S=await this.db.select().from(o).where(an(this.getCol(o,"id"),_.flow_id)).limit(1),h=S[0]?Sr(S[0]):void 0;if(!h)continue;w.push({instance_id:_.id,entity_name:g.entity_name,entity_id:g.entity_id,flow_name:h.name,step_order:g.step_order,step_name:void 0,require_signature:g.require_signature,created_at:g.created_at})}return w}}var tf=b(()=>{rb()});var of=b(()=>{mu();x0();q0();Ju();Xu();xu();I0();y0();nb();tf()});import{access as hM,mkdir as ah}from"fs/promises";import{dirname as eh,resolve as cb}from"path";var Wi,ef,Vn=(n)=>{if(!n||typeof n!=="string")throw or("INVALID_PATH","Path must be a non-empty string",n,"resolvePath");return cb(n)},pt=(n)=>{let r=Vn(n);return eh(r)},gt=async(n)=>{let r=cb(n);try{await ah(r,{recursive:!0})}catch(t){if(t.code!=="EEXIST")throw or("DIRECTORY_CREATE_FAILED",`Failed to create directory: ${r}`,r,"ensureDirectory")}},sf=(n)=>{let r=n,t=0;while(r>=1024&&t<ef.length-1)r/=1024,t++;return`${r.toFixed(2)} ${ef[t]}`},ib=(n,r)=>{return n.toLowerCase().endsWith(r.toLowerCase())},ff=(n,r)=>{let t=r.startsWith(".")?r:`.${r}`;if(ib(n,t))return n;return`${n}${t}`},or=(n,r,t,o)=>{return{code:n,message:r,path:t,operation:o||"unknown"}},ie=(n)=>{try{return JSON.stringify(n,null,2)}catch{return"{}"}},lf=async(n,r,t=Wi.maxConcurrency)=>{let o=[];for(let c=0;c<n.length;c+=t){let i=n.slice(c,c+t),a=[];for(let s of i)a.push(r(s));let e=await Promise.allSettled(a);o.push(...e)}return o},ae=(n,r={})=>{let t=[],o=[],c=r.strict??!0;if(n.defaultEncoding!==void 0){if(!["utf-8","utf8","ascii","base64","hex"].includes(n.defaultEncoding))t.push(`Invalid defaultEncoding: ${n.defaultEncoding}`)}if(n.maxConcurrency!==void 0){if(!Number.isInteger(n.maxConcurrency)||n.maxConcurrency<1)t.push("maxConcurrency must be a positive integer");if(n.maxConcurrency>50)o.push("maxConcurrency > 50 may cause performance issues")}if(n.defaultCreateDir!==void 0&&typeof n.defaultCreateDir!=="boolean")t.push("defaultCreateDir must be a boolean");if(n.defaultRecursive!==void 0&&typeof n.defaultRecursive!=="boolean")t.push("defaultRecursive must be a boolean");if(c&&!r.allowUnknownKeys){let i=["defaultEncoding","defaultCreateDir","defaultRecursive","maxConcurrency"],a=Object.keys(n);for(let e of a)if(!i.includes(e))t.push(`Unknown configuration key: ${e}`)}return{isValid:t.length===0,errors:t,warnings:o}},ab=(n,r=Wi)=>{let t=ae(n);if(!t.isValid)throw or("CONFIG_VALIDATION_FAILED",`Configuration validation failed: ${t.errors.join(", ")}`,void 0,"mergeConfig");return{...r,...n}},eb=(n)=>{let r=(i)=>({read:Boolean(i&4),write:Boolean(i&2),execute:Boolean(i&1)}),t=n>>6&7,o=n>>3&7,c=n&7;return{owner:r(t),group:r(o),others:r(c)}},sb=(n)=>{return Number.isInteger(n)&&n>=0&&n<=511};var zc=b(()=>{Wi={defaultEncoding:"utf-8",defaultCreateDir:!0,defaultRecursive:!0,maxConcurrency:5},ef=["B","KB","MB","GB","TB"]});import{copyFile as _f,rename as df,unlink as sh}from"fs/promises";import{basename as fb,dirname as lb,extname as fh,join as lh}from"path";var ee,_h=(n,r=".tmp")=>{let t=Vn(n),o=Date.now(),c=Math.random().toString(36).substring(2,8);return`${t}${r}.${o}.${c}`},_b=(n,r,t=!0)=>{let o=Vn(n),c=r?Vn(r):lb(o),i=fb(o),a=fh(i),e=fb(i,a),s=t?`.${new Date().toISOString().replace(/[:.]/g,"-")}`:"",f=`${e}.backup${s}${a}`;return lh(c,f)},Vi=async({path:n,data:r,tempSuffix:t=ee.tempSuffix,backup:o=ee.backup,sync:c=ee.sync})=>{let i=Vn(n),a=_h(i,t),e;try{if(await gt(pt(i)),o){if(await Bun.file(i).exists())e=_b(i),await _f(i,e)}let s=await Bun.write(a,r);return await df(a,i),{success:!0,bytesWritten:s,tempPath:a,backupPath:e}}catch(s){try{await sh(a)}catch{}throw or("ATOMIC_WRITE_FAILED",`Atomic write failed: ${s}`,i,"atomicWrite")}},db=async(n,r,t={})=>{let o=JSON.stringify(r,null,2);return Vi({path:n,data:o,...t})},uf=async({sourcePath:n,backupDir:r,keepOriginal:t=!0,timestamp:o=ee.timestamp})=>{let c=Vn(n);if(!await Bun.file(c).exists())throw or("SOURCE_NOT_FOUND",`Source file not found: ${n}`,c,"createBackup");let a=_b(c,r,o);if(await gt(lb(a)),t)await _f(c,a);else await df(c,a);return a},bf=async(n,r,t=!1)=>{let o=Vn(n),c=Vn(r);if(!await Bun.file(o).exists())throw or("BACKUP_NOT_FOUND",`Backup file not found: ${n}`,o,"restoreFromBackup");try{if(await gt(pt(c)),t)await df(o,c);else await _f(o,c);return!0}catch(a){return console.error(`Error restoring from backup ${n}:`,a),!1}},ub=async(n,r,t={})=>{let o=Vn(n),c=Bun.file(o),i;try{if(await c.exists())i=await uf({sourcePath:o,keepOriginal:!0,timestamp:!0});let a=await c.exists()?await c.text():"",e=await r(a),s=await Vi({path:o,data:e,backup:!1,...t});return{success:s.success,bytesWritten:s.bytesWritten,tempPath:s.tempPath,backupPath:i}}catch(a){if(i)try{await bf(i,o,!1)}catch(e){console.error("Rollback failed:",e)}throw a}},bb=async(n)=>{let r=[],t=[];for(let o of n)try{let c=await Vi(o);r.push(c)}catch(c){t.push({operation:o,error:c})}return{successful:r,failed:t}};var gb=b(()=>{zc();ee={tempSuffix:".tmp",backup:!1,sync:!0,timestamp:!0}});import{chmod as dh,stat as uh}from"fs/promises";var bh,So=async(n,r)=>{let t=Vn(n);if(!sb(r))throw or("INVALID_PERMISSION_MODE",`Invalid permission mode: ${r.toString(8)}`,t,"setFilePermissions");try{return await dh(t,r),!0}catch(o){return console.error(`Error setting permissions for ${n}:`,o),!1}},Io=async(n)=>{let r=Vn(n);try{let o=(await uh(r)).mode&511,c=eb(o);return{path:r,mode:o,owner:c.owner,group:c.group,others:c.others}}catch(t){throw or("PERMISSION_READ_FAILED",`Failed to read permissions: ${t}`,r,"getFilePermissions")}},wb=async(n,r)=>{try{return((await Io(n)).mode&r)===r}catch{return!1}},mb=async(n)=>{let t=(await Io(n)).mode|256;return So(n,t)},hb=async(n)=>{let t=(await Io(n)).mode|128;return So(n,t)},$b=async(n)=>{let t=(await Io(n)).mode|64;return So(n,t)},Ab=async(n)=>{let t=(await Io(n)).mode&-147;return So(n,t)},Eb=async(n,r)=>{let t=bh[r];return So(n,t)};var Sb=b(()=>{zc();bh={OWNER_READ_WRITE:384,OWNER_ALL:448,GROUP_READ:416,GROUP_READ_WRITE:432,ALL_READ:420,ALL_READ_WRITE:438,ALL_READ_EXECUTE:493,ALL_FULL:511,READ_ONLY:292,EXECUTABLE:493}});var gh,se=async(n,r={})=>{let t=Vn(n),o={...gh,...r};await gt(pt(t));let i=Bun.file(t).writer({highWaterMark:o.highWaterMark}),a=!1;return{write:(s)=>{if(a)throw or("WRITER_CLOSED","Cannot write to closed writer",t,"streamWrite");try{let f=i.write(s);if(o.autoFlush)i.flush();return f}catch(f){throw or("WRITE_FAILED",`Failed to write chunk: ${f}`,t,"streamWrite")}},flush:()=>{if(a)return 0;try{return i.flush()}catch(s){throw or("FLUSH_FAILED",`Failed to flush writer: ${s}`,t,"streamFlush")}},end:async(s)=>{if(a)return 0;try{let f=await i.end(s);return a=!0,f}catch(f){throw a=!0,or("END_FAILED",`Failed to end writer: ${f}`,t,"streamEnd")}},ref:()=>{if(!a)i.ref()},unref:()=>{if(!a)i.unref()}}},gf=async(n,r,t={})=>{let o=await se(n,t),c=0;try{for(let i of r){let a=o.write(i);c+=a}return await o.flush(),await o.end(),c}catch(i){try{await o.end(i)}catch{}throw i}},Rb=async(n,r,t={})=>{let o=Vn(n),c=Bun.file(o),i=await c.exists()?await c.arrayBuffer():new ArrayBuffer(0),a=[];if(i.byteLength>0)a.push(i);return a.push(...r),gf(o,a,t)},Db=async(n,r,t={})=>{let o=Vn(n),c=Bun.file(o);if(!await c.exists())throw or("SOURCE_NOT_FOUND",`Source file not found: ${n}`,o,"copyFileStream");let i=c.stream(),a=await se(r,t),e=0;try{let s=i.getReader();while(!0){let{done:f,value:d}=await s.read();if(f)break;let l=a.write(d);e+=l}return await a.flush(),await a.end(),e}catch(s){try{await a.end(s)}catch{}throw s}},kb=async(n,r)=>{let t=Vn(n),o=Bun.file(t);if(!await o.exists())throw or("FILE_NOT_FOUND",`File not found: ${n}`,t,"readFileStream");let i=o.stream().getReader();try{while(!0){let{done:a,value:e}=await i.read();if(a)break;await r(e)}}finally{i.releaseLock()}};var Mb=b(()=>{zc();gh={highWaterMark:1048576,autoFlush:!0,closeOnEnd:!0}});import{readdir as wh,rm as mh,rmdir as hh,stat as $h}from"fs/promises";import{extname as Ah,join as Eh}from"path";class Ro{static instance;config;constructor(){this.config={...Wi}}static getInstance(){if(!Ro.instance)Ro.instance=new Ro;return Ro.instance}async createFile({dir:n,name:r,data:t,options:o={}}){let c=Vn(Eh(n,r));if(o.createDir!==!1)await gt(pt(c));let i=o.type?new Blob([t],{type:o.type}):t;return await Bun.write(c,i)}async createJsonFile(n,r,t){let o=ff(r,".json"),c=ie(t);return this.createFile({dir:n,name:o,data:c,options:{type:"application/json"}})}async createDirectory({path:n}){await gt(n)}async readFile({path:n,format:r="text"}){let t=Vn(n),o=Bun.file(t);if(!await o.exists())throw or("FILE_NOT_FOUND",`File not found: ${n}`,t,"readFile");switch(r){case"text":return await o.text();case"json":return await o.json();case"buffer":return await o.arrayBuffer();case"bytes":return await o.bytes();case"stream":return o.stream();default:return await o.text()}}async readJsonFile(n){return this.readFile({path:n,format:"json"})}async getFileInfo(n){let r=Vn(n),t=Bun.file(r),o=n.split("/").pop()||n,c=null;try{c=await $h(r)}catch{}return{name:o,path:r,size:t.size,type:t.type,exists:await t.exists(),extension:Ah(o),createdAt:c?.birthtime,modifiedAt:c?.mtime}}async readDirectory({path:n,recursive:r=!1}){let t=Vn(n);return await wh(t,{recursive:r,encoding:"utf8"})}async getFilesByExtension(n,r){let t=await this.readDirectory({path:n}),o=r.startsWith(".")?r:`.${r}`;return t.filter((c)=>c.endsWith(o))}async updateFile({path:n,data:r,mode:t="overwrite"}){let o=Vn(n);if(t==="append"){let i=await this.readFile({path:n,format:"text"})+r;return await Bun.write(o,i)}return await Bun.write(o,r)}async updateJsonFile(n,r,t=!1){let o=r;if(t)try{let c=await this.readJsonFile(n);if(typeof c==="object"&&c!==null&&!Array.isArray(c)&&typeof r==="object"&&r!==null&&!Array.isArray(r))o={...c,...r}}catch{}return this.updateFile({path:n,data:ie(o),mode:"overwrite"})}async appendToFile(n,r){return this.updateFile({path:n,data:r,mode:"append"})}async deleteFile(n){try{let r=Vn(n);return await Bun.file(r).delete(),!0}catch(r){return console.error(`Error deleting file ${n}:`,r),!1}}async deleteDirectory({path:n,recursive:r=!1}){try{let t=Vn(n);if(r)await mh(t,{recursive:!0,force:!0});else await hh(t);return!0}catch(t){return console.error(`Error deleting directory ${n}:`,t),!1}}async deleteFiles(n){let r=await lf(n,async(c)=>{if(!await this.deleteFile(c))throw Error(`Failed to delete: ${c}`);return c}),t=[],o=[];for(let c=0;c<r.length;c++){let i=r[c],a=n[c];if(i?.status==="fulfilled")t.push(a||"");else o.push(a||"")}return{success:t,failed:o}}async exists(n){let r=Vn(n);return await Bun.file(r).exists()}async copyFile(n,r){let t=Vn(n),o=Vn(r),c=Bun.file(t);if(!await c.exists())throw or("SOURCE_NOT_FOUND",`Source file not found: ${n}`,t,"copyFile");return await gt(pt(o)),await Bun.write(o,c)}async moveFile(n,r){try{return await this.copyFile(n,r),await this.deleteFile(n),!0}catch(t){return console.error(`Error moving file from ${n} to ${r}:`,t),!1}}getFormattedFileSize(n){return sf(n)}getConfig(){return{...this.config}}updateConfig(n){let r=ae(n);if(r.isValid){let t=ab(n,this.config);Object.assign(this.config,t)}return r}validateConfiguration(n){return ae(n)}async createStreamWriter(n,r={}){return se(n,r)}async writeStream(n,r,t={}){return gf(n,r,t)}async appendStream(n,r,t={}){return Rb(n,r,t)}async copyFileStream(n,r,t={}){return Db(n,r,t)}async readFileStream(n,r){return kb(n,r)}async setPermissions(n,r){return So(n,r)}async setPermissionsAdvanced(n){return So(n.path,n.mode)}async getPermissions(n){return Io(n)}async checkPermissions(n,r){return wb(n,r)}async makeFileReadable(n){return mb(n)}async makeFileWritable(n){return hb(n)}async makeFileExecutable(n){return $b(n)}async makeFileReadOnly(n){return Ab(n)}async setCommonPermission(n,r){return Eb(n,r)}async atomicWrite(n){return Vi(n)}async atomicJsonWrite(n,r,t={}){return db(n,r,t)}async createFileBackup(n){return uf(n)}async restoreFileFromBackup(n,r,t=!1){return bf(n,r,t)}async safeFileUpdate(n,r,t={}){return ub(n,r,t)}async batchAtomicOperations(n){return bb(n)}}var wf=b(()=>{gb();Sb();Mb();zc()});var Xt;var fe=b(()=>{wf();zc();wf();Xt=Ro.getInstance()});import{Pool as KM}from"pg";var Hb=()=>{};var zb=b(()=>{z0();fe();Hb();vt()});function hf(n,r){let t=(n.get("cookie")?.split(";")||[]).reduce((o,c)=>{let[i,a]=c.trim().split("=");if(i&&a)o[i]=a;return o},{});return{access_token:t[r.access_token]||n.get("authorization")?.split(" ")[1],refresh_token:t[r.refresh_token],session_token:t[r.session_token]}}function $f(n){if(!n.redis){console.log("Redis not configured, skipping");return}if(n.redis.withDapr){mf=new tr({withDapr:!0,stateStoreName:n.redis.stateStoreName});return}let r=n.redis.url?process.env[n.redis.url]:void 0,t=n.redis.host?process.env[n.redis.host]:void 0,o=n.redis.port?parseInt(process.env[n.redis.port]||"",10):void 0;mf=new tr({url:r,host:t,port:Number.isNaN(o)?void 0:o})}function le(){return mf}function wt(n){if(typeof n==="number")return n;if(!n||n.trim()==="")throw Error("Time string cannot be empty");let r=n.trim().match(/^(\d+(?:\.\d+)?)\s*([smhdwMy])$/);if(!r||!r[1]||!r[2])throw Error(`Invalid time format: "${n}". Expected format: "75s", "10m", "2h", "1d", "1w", "2M", "1y"`);let t=parseFloat(r[1]),o=r[2],i={s:1,m:60,h:3600,d:86400,w:604800,M:2592000,y:31536000}[o];if(i===void 0)throw Error(`Unknown time unit: "${o}"`);let a=Math.floor(t*i);if(a<=0)throw Error(`Time value must be positive: "${n}"`);return a}function Ub({sessionData:n,options:r,refreshTokenId:t,roles:o,claims:c}){let i=r.authentication?.accessToken?.secret;if(!i)throw Error("Access token secret env name is not configured");let a=process.env[i];if(!a)throw Error(`Access token secret env "${i}" is not set`);return Di({subject:n.userId,issuer:r.authentication?.accessToken?.issuer,audience:r.authentication?.accessToken?.audience,algorithm:r.authentication?.accessToken?.algorithm,expiresInSeconds:wt(r.authentication?.accessToken?.expiresIn??"15m"),sessionId:n.id,customClaims:{refreshTokenId:t,...o&&o.length>0?{roles:o}:{},...c&&c.length>0?{claims:c}:{}}},a)}function It(n,r){return n?{entityName:n.entity_name,entityId:n.entity_id===" - "?null:n.entity_id,operation:n.operation_type,userId:n.user_id==="unknown"?null:n.user_id,summary:r,ipAddress:n.ip_address,userAgent:n.user_agent,path:n.path,query:n.query}:void 0}function Sh(n){let r={},t={};for(let[o,c]of Object.entries(n)){let i=o.match(/^(\w+)\[\d*\]\[(\w+)\]$/),a=i?.[1],e=i?.[2];if(a&&e){if(!t[a])t[a]={};let s=t[a];if(!s[e])s[e]=[];let f=s[e];if(Array.isArray(c))for(let d of c)f.push(d);else f.push(c)}else r[o]=c}for(let[o,c]of Object.entries(t)){let i=Object.keys(c);if(i.length===0)continue;let a=Math.max(...i.map((s)=>(c[s]||[]).length)),e=[];for(let s=0;s<a;s++){let f={};for(let d of i)f[d]=(c[d]||[])[s];e.push(f)}r[o]=e}return r}function Af(n){let r=Sh(n),t=(a)=>{if(a===void 0||a===null)return;if(typeof a==="object")return a;if(typeof a==="string")try{return JSON.parse(a)}catch{return}return},o=r.page?parseInt(r.page,10):1,c=r.limit?parseInt(r.limit,10):20,i=r.offset?parseInt(r.offset,10):(o-1)*c;return{page:o,limit:c,offset:i,search:r.search,searchFields:r.searchFields?r.searchFields.split(","):void 0,filters:t(r.filters),sort:t(r.sort),select:r.select?r.select.split(","):void 0,with:t(r.with),distinct:r.distinct==="true",distinctOn:r.distinctOn?r.distinctOn.split(","):void 0}}function Wb(n,r,t,o){let c=Math.ceil(o/r),i=n<c,a=n>1;return{page:n,limit:r,offset:t,totalItems:o,totalPages:c,hasNextPage:i,hasPrevPage:a,nextPage:i?n+1:null,prevPage:a?n-1:null}}function Dh(n){let r=["varchar","char","text","uuid","citext","bit","varbit"],t=["integer","smallint","bigint","serial","smallserial","bigserial","real","doublePrecision","numeric","decimal"],o=["boolean"];if(r.includes(n))return(c)=>({valid:typeof c==="string",expectedType:"string"});if(t.includes(n))return(c)=>({valid:typeof c==="number",expectedType:"number"});if(o.includes(n))return(c)=>({valid:typeof c==="boolean",expectedType:"boolean"});if(n==="json"||n==="jsonb")return(c)=>({valid:typeof c==="object",expectedType:"object"});return()=>({valid:!0,expectedType:"any"})}function Do(n,r,t=!1){let o=[];for(let c of r){let i=n[c.name]??n[c.name.replace(/_([a-z])/g,(s,f)=>f.toUpperCase())],a=c.notNull&&!c.nullable&&c.default===void 0&&!c.defaultRaw;if(i===void 0||i===null){if(a&&!t)o.push({field:c.name,message:c.validation?.customMessage||`${c.name} is required`});continue}let e=Dh(c.type)(i);if(!e.valid){o.push({field:c.name,message:c.validation?.customMessage||`${c.name} must be of type ${e.expectedType}`});continue}if(typeof i==="string"){let s=i.length;if(c.length&&s>c.length)o.push({field:c.name,message:c.validation?.customMessage||`${c.name} exceeds max length of ${c.length}`});if(c.validation?.minLength&&s<c.validation.minLength)o.push({field:c.name,message:c.validation.customMessage||`${c.name} must be at least ${c.validation.minLength} characters`});if(c.validation?.maxLength&&s>c.validation.maxLength)o.push({field:c.name,message:c.validation.customMessage||`${c.name} must be at most ${c.validation.maxLength} characters`});if(c.validation?.pattern){if(!new RegExp(c.validation.pattern).test(i))o.push({field:c.name,message:c.validation.customMessage||`${c.name} does not match required pattern`})}if(c.validation?.format){let f=Rh[c.validation.format];if(f&&!f.test(i))o.push({field:c.name,message:c.validation.customMessage||`${c.name} must be a valid ${c.validation.format}`})}}if(typeof i==="number"){if(c.validation?.min!==void 0&&i<c.validation.min)o.push({field:c.name,message:c.validation.customMessage||`${c.name} must be at least ${c.validation.min}`});if(c.validation?.max!==void 0&&i>c.validation.max)o.push({field:c.name,message:c.validation.customMessage||`${c.name} must be at most ${c.validation.max}`})}if(c.enumValues&&c.enumValues.length>0){if(!c.enumValues.includes(i))o.push({field:c.name,message:c.validation?.customMessage||`${c.name} must be one of: ${c.enumValues.join(", ")}`})}}return{valid:o.length===0,errors:o}}function Mh(n){return n.replace(/[&<>"'`=/]/g,(r)=>kh[r]||r)}function Hh(n){return n.replace(/<[^>]*>/g,"")}function zh(n){let r=n.split("@"),t=r[0],o=r[1];if(!t||!o)return n;let c=t.split("+")[0];if(!c)return n;return`${c.replace(/\./g,"")}@${o.toLowerCase()}`}function Bh(n){return n.toLowerCase().trim().replace(/[^\w\s-]/g,"").replace(/[\s_-]+/g,"-").replace(/^-+|-+$/g,"")}function Uh(n,r){if(n===null||n===void 0)return n;switch(r){case"trim":return typeof n==="string"?n.trim():n;case"lowercase":return typeof n==="string"?n.toLowerCase():n;case"uppercase":return typeof n==="string"?n.toUpperCase():n;case"escapeHtml":return typeof n==="string"?Mh(n):n;case"stripTags":return typeof n==="string"?Hh(n):n;case"normalizeEmail":return typeof n==="string"?zh(n):n;case"toNumber":if(typeof n==="number")return n;if(typeof n==="string"){let t=Number(n);return Number.isNaN(t)?n:t}return n;case"toBoolean":if(typeof n==="boolean")return n;if(typeof n==="string"){let t=n.toLowerCase();if(t==="true"||t==="1"||t==="yes")return!0;if(t==="false"||t==="0"||t==="no")return!1}if(typeof n==="number")return n!==0;return n;case"slugify":return typeof n==="string"?Bh(n):n;default:return n}}function ko(n,r){let t={},o=(c)=>c.replace(/_([a-z])/g,(i,a)=>a.toUpperCase());for(let c of Object.keys(n)){let i=n[c],a=c.replace(/[A-Z]/g,(f)=>`_${f.toLowerCase()}`),e=r.find((f)=>f.name===c||f.name===a);if(e?.sanitize&&e.sanitize.length>0)for(let f of e.sanitize)i=Uh(i,f);let s=c.includes("_")?o(c):c;t[s]=i}return t}async function Vb(n,r,t){let o=new tr,c=`${Vh}${n}`,i=`${Wh}${n}:${r}`,a=await o.read(i);if(a.success&&a.data)return{success:!0,accessToken:a.data,fromCache:!0};let e=await o.acquireLock(c,Yh);if(!e.success)return{success:!1,error:e.error};if(e.data)try{let l=t();return await o.create(i,l,Bb),{success:!0,accessToken:l,fromCache:!1}}finally{await o.releaseLock(c)}let s=await o.waitForLock(c,Jh,50);if(!s.success)return{success:!1,error:s.error};if(!s.data)return{success:!1,error:"Lock wait timeout"};let f=await o.read(i);if(f.success&&f.data)return{success:!0,accessToken:f.data,fromCache:!0};let d=t();return await o.create(i,d,Bb),{success:!0,accessToken:d,fromCache:!1}}function Yb(n){let r=[],t={};if(n.database?.url){let o=process.env[n.database.url];if(!o)r.push({field:"database.url",envName:n.database.url,message:`Environment variable "${n.database.url}" is not set. Please set it in your .env file.`});else t.databaseUrl=o}if(n.redis&&!n.redis.withDapr)if(n.redis.url){let o=process.env[n.redis.url];if(!o)r.push({field:"redis.url",envName:n.redis.url,message:`Environment variable "${n.redis.url}" is not set. Please set it in your .env file.`});else t.redisUrl=o}else{if(n.redis.host){if(!process.env[n.redis.host])r.push({field:"redis.host",envName:n.redis.host,message:`Environment variable "${n.redis.host}" is not set. Please set it in your .env file.`})}if(n.redis.port){if(!process.env[n.redis.port])r.push({field:"redis.port",envName:n.redis.port,message:`Environment variable "${n.redis.port}" is not set. Please set it in your .env file.`})}}if(n.authentication?.enabled){if(!n.authentication.mode)r.push({field:"authentication.mode",envName:"",message:'authentication.mode is required when authentication is enabled. Use "full" for IDP/standalone services, "consumer" for resource servers.'});if(n.authentication.accessToken?.secret){let c=process.env[n.authentication.accessToken.secret];if(!c)r.push({field:"authentication.accessToken.secret",envName:n.authentication.accessToken.secret,message:`Environment variable "${n.authentication.accessToken.secret}" is not set. Please set it in your .env file.`});else t.accessTokenSecret=c}else r.push({field:"authentication.accessToken.secret",envName:"",message:"authentication.accessToken.secret is required when authentication is enabled."});let o=n.authentication.mode==="consumer";if(n.authentication.refreshToken?.secret){let c=process.env[n.authentication.refreshToken.secret];if(!c)r.push({field:"authentication.refreshToken.secret",envName:n.authentication.refreshToken.secret,message:`Environment variable "${n.authentication.refreshToken.secret}" is not set. Please set it in your .env file.`});else t.refreshTokenSecret=c}else if(!o)r.push({field:"authentication.refreshToken.secret",envName:"",message:"authentication.refreshToken.secret is required when authentication is enabled."});if(n.authentication.sessionToken?.secret){let c=process.env[n.authentication.sessionToken.secret];if(!c)r.push({field:"authentication.sessionToken.secret",envName:n.authentication.sessionToken.secret,message:`Environment variable "${n.authentication.sessionToken.secret}" is not set. Please set it in your .env file.`});else t.sessionTokenSecret=c}else if(!o)r.push({field:"authentication.sessionToken.secret",envName:"",message:"authentication.sessionToken.secret is required when authentication is enabled."})}if(n.authentication?.oauth?.enabled&&n.authentication.oauth.providers){let o={};for(let[c,i]of Object.entries(n.authentication.oauth.providers)){if(!i)continue;let{clientId:a,clientSecret:e,redirectUri:s}=i,f=process.env[a],d=process.env[e],l=process.env[s]??s;if(!f)r.push({field:`authentication.oauth.providers.${c}.clientId`,envName:a,message:`Environment variable "${a}" is not set (OAuth ${c} clientId).`});if(!d)r.push({field:`authentication.oauth.providers.${c}.clientSecret`,envName:e,message:`Environment variable "${e}" is not set (OAuth ${c} clientSecret).`});if(f&&d)o[c]={clientId:f,clientSecret:d,redirectUri:l,scopes:i.scopes,authorizationUrl:i.authorizationUrl,tokenUrl:i.tokenUrl,userInfoUrl:i.userInfoUrl,extraAuthParams:i.extraAuthParams}}if(Object.keys(o).length>0)t.oauthProviders=o}return{valid:r.length===0,errors:r,resolved:t}}async function Jb(n,r){let{Pool:t}=await import("pg"),c=new URL(n).pathname.replace("/","");if(!c)return;let i=new URL(n);i.pathname="/postgres";let a=new t({connectionString:i.toString()});try{if((await a.query("SELECT 1 FROM pg_database WHERE datname = $1",[c])).rowCount===0)r.info(`[Database] Creating database "${c}"...`),await a.query(`CREATE DATABASE "${c}" TEMPLATE template0`),r.info(`[Database] Database "${c}" created successfully`);else r.info(`[Database] Database "${c}" exists`)}catch(e){let s=e instanceof Error?e.message:String(e);r.warn(`[Database] Could not auto-create database: ${s}`)}finally{await a.end()}}var mf=null,Rh,kh,Wh="access_token:",Vh="refresh_lock:",Yh=5,Jh=3000,Bb=60;var _e=b(()=>{zb();of();Rh={email:/^[^\s@]+@[^\s@]+\.[^\s@]+$/,url:/^https?:\/\/.+/,uuid:/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i,date:/^\d{4}-\d{2}-\d{2}$/,datetime:/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}/,time:/^\d{2}:\d{2}:\d{2}$/,uri:/^[a-z][a-z0-9+.-]*:/i,ipv4:/^(\d{1,3}\.){3}\d{1,3}$/,ipv6:/^([0-9a-f]{1,4}:){7}[0-9a-f]{1,4}$/i};kh={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#x27;","/":"&#x2F;","`":"&#96;","=":"&#x3D;"}});import de from"path";import Xh,{t as ue}from"elysia";function Ef(n){if(!n)return yo;return{enabled:n.enabled??yo.enabled,basePath:n.basePath??yo.basePath,cacheMaxAge:n.cacheMaxAge??yo.cacheMaxAge,enableRangeRequests:n.enableRangeRequests??yo.enableRangeRequests,enableEtag:n.enableEtag??yo.enableEtag,corsOrigins:n.corsOrigins??yo.corsOrigins}}function Lh(n){let r=["image/","video/","audio/","text/","application/pdf"];for(let t of r)if(n.startsWith(t)||n===t)return"inline";return"attachment"}function Qh(n){return n.replace(/[^A-Za-z0-9._-]+/g,"_").replace(/_{2,}/g,"_").slice(0,200)}function Sf(n){let{cdn:r,storagePath:t,logger:o,getFileRecord:c}=n,i=new Xh({prefix:r.basePath});if(!r.enabled)return i;return i.get("/:id",async({params:a,request:e,set:s})=>{let{id:f}=a,d=e.headers.get("x-schema-name")||void 0,l,w,g;if(c){let A=await c(f,d);if(!A)return s.status=404,{success:!1,message:"File not found"};l=de.join(A.path,A.name),w=A.name,g=A.mimeType||A.mime_type||"application/octet-stream"}else l=de.join(t,f),w=f,g="application/octet-stream";if(!await Xt.exists(l))return s.status=404,{success:!1,message:"Physical file not found"};let m=await Xt.getFileInfo(l),_=new Date(m.modifiedAt||Date.now()).toUTCString(),S=r.enableEtag?`"${m.size}-${m.modifiedAt?.getTime()||Date.now()}"`:void 0,h={"Cache-Control":`public, max-age=${r.cacheMaxAge}`,"Last-Modified":_};if(S)h.ETag=S;if(r.corsOrigins.length>0)h["Access-Control-Allow-Origin"]=r.corsOrigins[0]==="*"?"*":r.corsOrigins.join(", "),h["Access-Control-Allow-Methods"]="GET, HEAD, OPTIONS";let E=e.headers.get("if-none-match");if(S&&E===S)return new Response(null,{status:304,headers:h});let W=Bun.file(l),V=e.headers.get("range");if(r.enableRangeRequests&&V){let A=V.match(/bytes=(\d*)-(\d*)/);if(!A)return s.status=416,new Response("Range not satisfiable",{status:416,headers:{"Content-Range":`bytes */${m.size}`,"Content-Type":g,...h}});let M=A[1]||"0",z=A[2]||"",X=parseInt(M,10),O=z?parseInt(z,10):m.size-1;if(X>=m.size||O>=m.size||X>O)return new Response("Range not satisfiable",{status:416,headers:{"Content-Range":`bytes */${m.size}`,"Content-Type":g,...h}});let B=O-X+1,L=W.slice(X,O+1);return new Response(L,{status:206,headers:{"Content-Range":`bytes ${X}-${O}/${m.size}`,"Accept-Ranges":"bytes","Content-Length":B.toString(),"Content-Type":g,...h}})}let H=Lh(g),D=Qh(w),R=encodeURIComponent(w),$=`${H}; filename="${D}"; filename*=UTF-8''${R}`;return new Response(W,{status:200,headers:{"Content-Length":m.size.toString(),"Content-Type":g,"Accept-Ranges":r.enableRangeRequests?"bytes":"none","Content-Disposition":$,...h}})},{params:ue.Object({id:ue.String()}),detail:{tags:["CDN"],summary:"Get file by ID",description:"Serve file with streaming, range requests, and caching support"}}),i.head("/:id",async({params:a,request:e,set:s})=>{let{id:f}=a,d=e.headers.get("x-schema-name")||void 0,l,w;if(c){let h=await c(f,d);if(!h)return s.status=404,new Response(null,{status:404});l=de.join(h.path,h.name),w=h.mime_type||"application/octet-stream"}else l=de.join(t,f),w="application/octet-stream";if(!await Xt.exists(l))return s.status=404,new Response(null,{status:404});let u=await Xt.getFileInfo(l),m=new Date(u.modifiedAt||Date.now()).toUTCString(),_=r.enableEtag?`"${u.size}-${u.modifiedAt?.getTime()||Date.now()}"`:void 0,S={"Content-Length":u.size.toString(),"Content-Type":w,"Accept-Ranges":r.enableRangeRequests?"bytes":"none","Cache-Control":`public, max-age=${r.cacheMaxAge}`,"Last-Modified":m};if(_)S.ETag=_;if(r.corsOrigins.length>0)S["Access-Control-Allow-Origin"]=r.corsOrigins[0]==="*"?"*":r.corsOrigins.join(", "),S["Access-Control-Allow-Methods"]="GET, HEAD, OPTIONS";return new Response(null,{status:200,headers:S})},{params:ue.Object({id:ue.String()}),detail:{tags:["CDN"],summary:"Get file metadata",description:"Get file headers without body for preflight checks"}}),o.info(`[CDN] Routes enabled at ${r.basePath}`),i}var yo;var Xb=b(()=>{fe();yo={enabled:!0,basePath:"/cdn",cacheMaxAge:86400,enableRangeRequests:!0,enableEtag:!0,corsOrigins:["*"]}});import{randomUUID as Oh}from"crypto";import Rf from"path";function Yi(n){if(!n)return yt;return{enabled:n.enabled??yt.enabled,basePath:n.basePath??yt.basePath,maxFileSizeBytes:n.maxFileSizeBytes??yt.maxFileSizeBytes,allowedMimeTypes:n.allowedMimeTypes??yt.allowedMimeTypes,blockedMimeTypes:n.blockedMimeTypes??yt.blockedMimeTypes,formData:{filesField:n.formData?.filesField??yt.formData.filesField,dataField:n.formData?.dataField??yt.formData.dataField,maxFiles:n.formData?.maxFiles??yt.formData.maxFiles}}}function Ji(n,r){let t={data:{},files:[]};if(!n||typeof n!=="object")return t;let o=n,c=o[r.formData.dataField];if(c){if(typeof c==="string")try{t.data=JSON.parse(c)}catch{t.data={}}else if(typeof c==="object")t.data=c}let i=o[r.formData.filesField];if(i){if(i instanceof File)t.files=[i];else if(Array.isArray(i))t.files=i.filter((a)=>a instanceof File)}return t}function Df(n,r){if(n.size>r.maxFileSizeBytes)return{valid:!1,error:`File ${n.name} exceeds maximum size of ${r.maxFileSizeBytes} bytes`};if(r.blockedMimeTypes.length>0&&r.blockedMimeTypes.includes(n.type))return{valid:!1,error:`File type ${n.type} is not allowed`};if(r.allowedMimeTypes.length>0&&!r.allowedMimeTypes.includes(n.type))return{valid:!1,error:`File type ${n.type} is not in allowed list`};return{valid:!0}}async function kf(n,r,t){let o=Oh(),c=Rf.extname(n.name),i=`${o}${c}`,a=t?Rf.join(r.basePath,t):r.basePath,e=await n.arrayBuffer(),s=new Uint8Array(e);return await Xt.createFile({dir:a,name:i,data:s,options:{type:n.type,createDir:!0}}),{id:o,name:i,originalName:n.name,path:a,mimeType:n.type,size:n.size,createdAt:new Date}}async function Xi(n,r,t){let o=[],c=[];for(let i of n.slice(0,r.formData.maxFiles)){let a=Df(i,r);if(!a.valid){c.push({file:i.name,error:a.error||"Unknown error"});continue}try{let e=await kf(i,r,t);o.push(e)}catch(e){c.push({file:i.name,error:e instanceof Error?e.message:"Upload failed"})}}return{success:o,failed:c}}async function Lb(n,r){try{let t=Rf.join(n,r);return await Xt.deleteFile(t)}catch{return!1}}var yt;var Qb=b(()=>{fe();yt={enabled:!1,basePath:"./uploads",maxFileSizeBytes:104857600,allowedMimeTypes:[],blockedMimeTypes:["application/x-executable","application/x-msdos-program"],formData:{filesField:"files",dataField:"data",maxFiles:10}}});var Ob={};go(Ob,{validateFile:()=>Df,uploadFiles:()=>Xi,uploadFile:()=>kf,parseFormDataBody:()=>Ji,mergeStorageConfig:()=>Yi,mergeCdnConfig:()=>Ef,deleteFile:()=>Lb,createCdnRoutes:()=>Sf});var be=b(()=>{Xb();Qb()});import{eq as Pf,sql as to}from"drizzle-orm";import{Elysia as V3,t as Cf}from"elysia";function Se(n,r="public"){let{db:t,logger:o,usersTable:c}=n,i=new V3;return i.post("/auth/admin/change-user-id",async(a)=>{if(!t||!c)return{success:!1,message:"Database not configured"};let e=a.request.headers.get("x-user-id");if(!e)return a.set.status=401,{success:!1,message:"Unauthorized"};let f=(await t.select().from(c).where(Pf(c.id,e)).limit(1))[0];if(!f||!f.isGod)return a.set.status=403,{success:!1,message:"Forbidden: godmin privileges required"};let{currentId:d,newId:l}=a.body;if(!d||!l)return a.set.status=400,{success:!1,message:"currentId and newId are required"};if(d===l)return a.set.status=400,{success:!1,message:"New ID must be different from current ID"};if(!/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(l))return a.set.status=400,{success:!1,message:"newId must be a valid UUID"};let u=(await t.select().from(c).where(Pf(c.id,d)).limit(1))[0];if(!u)return a.set.status=404,{success:!1,message:"User not found"};if((await t.select().from(c).where(Pf(c.id,l)).limit(1)).length>0)return a.set.status=409,{success:!1,message:"A user with this ID already exists"};try{let _=await t.execute(to`
+		`}getActiveAlerts(){return Array.from(this.state.activeAlerts.values())}acknowledgeAlert(n){for(let[r,t]of this.state.activeAlerts)if(t.id===n)return t.acknowledged=!0,!0;return!1}clearAlert(n){this.state.activeAlerts.delete(n)}}class j0{config;requestCount=0;responseTimes=[];errorCount=0;rateLimitBlocks=0;byEndpoint={};byMethod={};byStatus={};byErrorType={};lastCollectTime=Date.now();constructor(n){this.config=n}recordRequest(n){if(!this.config?.enabled)return;if(this.requestCount++,this.config.metrics?.responseTime!==!1){if(this.responseTimes.push(n.responseTimeMs),this.responseTimes.length>1e4)this.responseTimes=this.responseTimes.slice(-5000)}if(this.config.metrics?.requests!==!1)this.byEndpoint[n.endpoint]=(this.byEndpoint[n.endpoint]||0)+1,this.byMethod[n.method]=(this.byMethod[n.method]||0)+1,this.byStatus[String(n.status)]=(this.byStatus[String(n.status)]||0)+1;if(this.config.metrics?.errors!==!1&&n.isError){if(this.errorCount++,n.errorType)this.byErrorType[n.errorType]=(this.byErrorType[n.errorType]||0)+1}}recordRateLimitBlock(){if(!this.config?.enabled||this.config.metrics?.rateLimits===!1)return;this.rateLimitBlocks++}collect(){if(!this.config?.enabled)return null;let r=(Date.now()-this.lastCollectTime)/1000/60,t=r>0?Math.round(this.requestCount/r):0,o=r>0?Math.round(this.rateLimitBlocks/r):0,c=[...this.responseTimes].sort((e,s)=>e-s),i=c.length;return{requests:{total:this.requestCount,perMinute:t,byEndpoint:{...this.byEndpoint},byMethod:{...this.byMethod},byStatus:{...this.byStatus}},responseTime:{avg:i>0?Math.round(c.reduce((e,s)=>e+s,0)/i*100)/100:0,min:i>0?c[0]??0:0,max:i>0?c[i-1]??0:0,p50:i>0?c[Math.floor(i*0.5)]??0:0,p95:i>0?c[Math.floor(i*0.95)]??0:0,p99:i>0?c[Math.floor(i*0.99)]??0:0},errors:{total:this.errorCount,rate:this.requestCount>0?Math.round(this.errorCount/this.requestCount*100*100)/100:0,byType:{...this.byErrorType}},rateLimits:{blocked:this.rateLimitBlocks,blockedPerMinute:o}}}reset(){this.requestCount=0,this.responseTimes=[],this.errorCount=0,this.rateLimitBlocks=0,this.byEndpoint={},this.byMethod={},this.byStatus={},this.byErrorType={},this.lastCollectTime=Date.now()}getRequestsPerMinute(){let n=(Date.now()-this.lastCollectTime)/1000/60;return n>0?Math.round(this.requestCount/n):0}getErrorRate(){return this.requestCount>0?this.errorCount/this.requestCount*100:0}getRateLimitBlocksPerMinute(){let n=(Date.now()-this.lastCollectTime)/1000/60;return n>0?Math.round(this.rateLimitBlocks/n):0}getAvgResponseTime(){if(this.responseTimes.length===0)return 0;return this.responseTimes.reduce((n,r)=>n+r,0)/this.responseTimes.length}}import*as Lu from"fs";import*as Eo from"os";class K0{config;lastCpuInfo=null;constructor(n){this.config=n}async collect(){if(!this.config?.enabled)return null;let n={cpu:{usage:0,cores:0},memory:{total:0,used:0,free:0,usagePercent:0,heapUsed:0,heapTotal:0},disk:{total:0,used:0,free:0,usagePercent:0},network:{bytesIn:0,bytesOut:0},process:{uptime:0,pid:0,eventLoopLag:0}};if(this.config.metrics?.cpu!==!1)n.cpu=this.collectCpu();if(this.config.metrics?.memory!==!1)n.memory=this.collectMemory();if(this.config.metrics?.disk!==!1)n.disk=await this.collectDisk();if(this.config.metrics?.network)n.network=this.collectNetwork();if(this.config.metrics?.process!==!1)n.process=await this.collectProcess();return n}collectCpu(){let n=Eo.cpus(),r=n.length,t=0,o=0;for(let i of n)t+=i.times.idle,o+=i.times.user+i.times.nice+i.times.sys+i.times.idle+i.times.irq;let c=0;if(this.lastCpuInfo){let i=t-this.lastCpuInfo.idle,a=o-this.lastCpuInfo.total;c=a>0?Math.round((1-i/a)*100*100)/100:0}return this.lastCpuInfo={idle:t,total:o},{usage:c,cores:r}}collectMemory(){let n=Eo.totalmem(),r=Eo.freemem(),t=n-r,o=Math.round(t/n*100*100)/100,c=process.memoryUsage();return{total:n,used:t,free:r,usagePercent:o,heapUsed:c.heapUsed,heapTotal:c.heapTotal}}async collectDisk(){try{let n=Lu.statfsSync("/"),r=n.blocks*n.bsize,t=n.bfree*n.bsize,o=r-t,c=Math.round(o/r*100*100)/100;return{total:r,used:o,free:t,usagePercent:c}}catch{return{total:0,used:0,free:0,usagePercent:0}}}collectNetwork(){let n=Eo.networkInterfaces(),r=0,t=0;for(let o in n){let c=n[o];if(c){for(let i of c)if(!i.internal)r+=0,t+=0}}return{bytesIn:r,bytesOut:t}}async collectProcess(){let n=process.uptime(),r=process.pid,t=Date.now(),o=await new Promise((c)=>{setImmediate(()=>{c(Date.now()-t)})});return{uptime:n,pid:r,eventLoopLag:o}}}var Qu=()=>{};import{randomUUID as Ou}from"crypto";import*as Gu from"os";class Ta{store;memoryInterval=null;cpuInterval=null;lastCpuInfo=null;isRunning=!1;constructor(n){let r={...T5,...n};this.store={requests:[],configs:{logMemory:r.logMemory,logCpu:r.logCpu,logDapr:r.logDapr,logWebSocket:r.logWebSocket,cpuLogInterval:r.cpuLogInterval,memoryLogInterval:r.memoryLogInterval},logs:{memory:[],cpu:[],dapr:[],ws:[]},logLimits:{memory:r.memoryLogLimit,cpu:r.cpuLogLimit,dapr:r.daprLogLimit,ws:r.wsLogLimit,request:r.requestLogLimit},worker:{pid:process.pid,workerId:null,memory:null,cpu:null,updatedAt:Date.now()},allWorkers:[],daprEvents:[],wsEvents:[]}}start(){if(this.isRunning)return;if(this.isRunning=!0,this.store.configs.logMemory)this.startMemoryCollector();if(this.store.configs.logCpu)this.startCpuCollector()}stop(){if(!this.isRunning)return;if(this.isRunning=!1,this.memoryInterval)clearInterval(this.memoryInterval),this.memoryInterval=null;if(this.cpuInterval)clearInterval(this.cpuInterval),this.cpuInterval=null}startMemoryCollector(){if(this.memoryInterval)clearInterval(this.memoryInterval);let n=()=>{if(!this.store.configs.logMemory)return;let r=process.memoryUsage(),t={timestamp:Date.now(),rss:r.rss,heapUsed:r.heapUsed,heapTotal:r.heapTotal};if(this.store.logs.memory.push(t),this.store.logs.memory.length>this.store.logLimits.memory*2)this.store.logs.memory=this.store.logs.memory.slice(-this.store.logLimits.memory);this.store.worker.memory=t,this.store.worker.updatedAt=Date.now()};n(),this.memoryInterval=setInterval(n,this.store.configs.memoryLogInterval)}startCpuCollector(){if(this.cpuInterval)clearInterval(this.cpuInterval);let n=()=>{if(!this.store.configs.logCpu)return;let r=Gu.cpus(),t=0,o=0,c=0,i=0;for(let f of r)t+=f.times.user,o+=f.times.sys,c+=f.times.idle,i+=f.times.user+f.times.nice+f.times.sys+f.times.idle+f.times.irq;let a=0,e=0;if(this.lastCpuInfo){let f=i-this.lastCpuInfo.total,d=c-this.lastCpuInfo.idle;if(f>0){let l=f-d;a=Math.round((t-0)/(l||1)*100*100)/100,e=Math.round((o-0)/(l||1)*100*100)/100;let w=Math.round((1-d/f)*100*100)/100;a=Math.round(w*0.7*100)/100,e=Math.round(w*0.3*100)/100}}this.lastCpuInfo={idle:c,total:i};let s={timestamp:Date.now(),user:a,system:e};if(this.store.logs.cpu.push(s),this.store.logs.cpu.length>this.store.logLimits.cpu*2)this.store.logs.cpu=this.store.logs.cpu.slice(-this.store.logLimits.cpu);this.store.worker.cpu=s,this.store.worker.updatedAt=Date.now()};n(),this.cpuInterval=setInterval(n,this.store.configs.cpuLogInterval)}recordRequest(n){if(this.store.requests.push(n),this.store.requests.length>this.store.logLimits.request*2)this.store.requests=this.store.requests.slice(-this.store.logLimits.request)}recordDaprEvent(n,r){if(!this.store.configs.logDapr)return;let t={id:Ou(),type:n,timestamp:Date.now(),...r};if(this.store.logs.dapr.push(t),this.store.daprEvents.push(t),this.store.logs.dapr.length>this.store.logLimits.dapr*2)this.store.logs.dapr=this.store.logs.dapr.slice(-this.store.logLimits.dapr);if(this.store.daprEvents.length>this.store.logLimits.dapr*2)this.store.daprEvents=this.store.daprEvents.slice(-this.store.logLimits.dapr)}recordWsEvent(n,r){if(!this.store.configs.logWebSocket)return;let t={id:Ou(),type:n,timestamp:Date.now(),...r};if(this.store.logs.ws.push(t),this.store.wsEvents.push(t),this.store.logs.ws.length>this.store.logLimits.ws*2)this.store.logs.ws=this.store.logs.ws.slice(-this.store.logLimits.ws);if(this.store.wsEvents.length>this.store.logLimits.ws*2)this.store.wsEvents=this.store.wsEvents.slice(-this.store.logLimits.ws)}getSnapshot(){return{memory:this.store.logs.memory.slice(-this.store.logLimits.memory),cpu:this.store.logs.cpu.slice(-this.store.logLimits.cpu),requests:this.store.requests.slice(-this.store.logLimits.request),dapr:this.store.logs.dapr.slice(-this.store.logLimits.dapr),ws:this.store.logs.ws.slice(-this.store.logLimits.ws),workers:this.store.allWorkers.length?this.store.allWorkers:[this.store.worker],logLimits:{...this.store.logLimits},configs:{...this.store.configs}}}getUpdatesSince(n){let r=this.store.logs.memory.filter((e)=>e.timestamp>n.memory),t=this.store.logs.cpu.filter((e)=>e.timestamp>n.cpu),o=this.store.requests.filter((e)=>e.timestamp>n.request),c=this.store.logs.dapr.filter((e)=>e.timestamp>n.dapr),i=this.store.logs.ws.filter((e)=>e.timestamp>n.ws);if(!(r.length>0||t.length>0||o.length>0||c.length>0||i.length>0))return null;return{memory:r,cpu:t,requests:o,dapr:c,ws:i,timestamp:Date.now()}}getLogs(){return{memory:this.store.logs.memory,cpu:this.store.logs.cpu,requests:this.store.requests,dapr:this.store.logs.dapr,ws:this.store.logs.ws,daprEvents:this.store.daprEvents,wsEvents:this.store.wsEvents,configs:{logMemory:this.store.configs.logMemory,logCpu:this.store.configs.logCpu,logDapr:this.store.configs.logDapr,logWebSocket:this.store.configs.logWebSocket},limits:{...this.store.logLimits}}}getSettings(){return{configs:{...this.store.configs},logLimits:{...this.store.logLimits}}}changeSettings(n){if(n.logMemory!==void 0)this.store.configs.logMemory=n.logMemory;if(n.logCpu!==void 0)this.store.configs.logCpu=n.logCpu;if(n.logDapr!==void 0)this.store.configs.logDapr=n.logDapr;if(n.logWebSocket!==void 0)this.store.configs.logWebSocket=n.logWebSocket;if(n.cpuLogInterval!==void 0){if(this.store.configs.cpuLogInterval=n.cpuLogInterval,this.isRunning&&this.store.configs.logCpu)this.startCpuCollector()}if(n.memoryLogInterval!==void 0){if(this.store.configs.memoryLogInterval=n.memoryLogInterval,this.isRunning&&this.store.configs.logMemory)this.startMemoryCollector()}if(n.memoryLogLimit!==void 0)this.store.logLimits.memory=n.memoryLogLimit;if(n.cpuLogLimit!==void 0)this.store.logLimits.cpu=n.cpuLogLimit;if(n.daprLogLimit!==void 0)this.store.logLimits.dapr=n.daprLogLimit;if(n.wsLogLimit!==void 0)this.store.logLimits.ws=n.wsLogLimit;if(n.requestLogLimit!==void 0)this.store.logLimits.request=n.requestLogLimit;return{message:"Settings updated successfully",configs:{...this.store.configs},logLimits:{...this.store.logLimits}}}getStore(){return this.store}isEnabled(){return this.isRunning}}var T5;var Nu=b(()=>{T5={enabled:!0,logMemory:!0,logCpu:!0,logDapr:!0,logWebSocket:!0,memoryLogInterval:1000,cpuLogInterval:1000,memoryLogLimit:100,cpuLogLimit:100,daprLogLimit:100,wsLogLimit:100,requestLogLimit:100,streamInterval:150}});class v0{redis;logger;config;appId;flushToDb;systemCollector;applicationCollector;alertService;collectInterval=null;flushInterval=null;pendingMetrics=[];isRunning=!1;constructor(n){this.redis=n.redis,this.logger=n.logger,this.config=this.mergeConfig(n.config),this.appId=n.appId,this.flushToDb=n.flushToDb,this.systemCollector=new K0(this.config.system),this.applicationCollector=new j0(this.config.application),this.alertService=new ya({logger:n.logger,gmail:n.gmail,config:this.config,appId:n.appId})}mergeConfig(n){return{enabled:n.enabled??Un.enabled,system:{enabled:n.system?.enabled??Un.system.enabled,collectInterval:n.system?.collectInterval??Un.system.collectInterval,metrics:{cpu:n.system?.metrics?.cpu??Un.system.metrics.cpu,memory:n.system?.metrics?.memory??Un.system.metrics.memory,disk:n.system?.metrics?.disk??Un.system.metrics.disk,network:n.system?.metrics?.network??Un.system.metrics.network,process:n.system?.metrics?.process??Un.system.metrics.process}},application:{enabled:n.application?.enabled??Un.application.enabled,metrics:{requests:n.application?.metrics?.requests??Un.application.metrics.requests,responseTime:n.application?.metrics?.responseTime??Un.application.metrics.responseTime,errors:n.application?.metrics?.errors??Un.application.metrics.errors,rateLimits:n.application?.metrics?.rateLimits??Un.application.metrics.rateLimits}},database:{enabled:n.database?.enabled??Un.database.enabled,metrics:{connections:n.database?.metrics?.connections??Un.database.metrics.connections,queryTime:n.database?.metrics?.queryTime??Un.database.metrics.queryTime,slowQueryThreshold:n.database?.metrics?.slowQueryThreshold??Un.database.metrics.slowQueryThreshold}},redis:{enabled:n.redis?.enabled??Un.redis.enabled},persistence:{enabled:n.persistence?.enabled??Un.persistence.enabled,flushInterval:n.persistence?.flushInterval??Un.persistence.flushInterval,retentionDays:n.persistence?.retentionDays??Un.persistence.retentionDays},alerts:{enabled:n.alerts?.enabled??Un.alerts.enabled,email:{enabled:n.alerts?.email?.enabled??Un.alerts.email.enabled,recipients:n.alerts?.email?.recipients??Un.alerts.email.recipients},thresholds:{cpuPercent:n.alerts?.thresholds?.cpuPercent??Un.alerts.thresholds.cpuPercent,memoryPercent:n.alerts?.thresholds?.memoryPercent??Un.alerts.thresholds.memoryPercent,diskPercent:n.alerts?.thresholds?.diskPercent??Un.alerts.thresholds.diskPercent,errorRatePercent:n.alerts?.thresholds?.errorRatePercent??Un.alerts.thresholds.errorRatePercent,responseTimeMs:n.alerts?.thresholds?.responseTimeMs??Un.alerts.thresholds.responseTimeMs,rateLimitBlocksPerMinute:n.alerts?.thresholds?.rateLimitBlocksPerMinute??Un.alerts.thresholds.rateLimitBlocksPerMinute},cooldown:n.alerts?.cooldown??Un.alerts.cooldown}}}parseTimeToMs(n){let r=n.match(/^(\d+)(ms|s|m|h|d)$/);if(!r||!r[1]||!r[2])return 1e4;let t=parseInt(r[1],10);switch(r[2]){case"ms":return t;case"s":return t*1000;case"m":return t*60*1000;case"h":return t*60*60*1000;case"d":return t*24*60*60*1000;default:return 1e4}}start(){if(!this.config.enabled||this.isRunning)return;this.isRunning=!0,this.logger.info("[Monitoring] Starting monitoring service");let n=this.parseTimeToMs(this.config.system.collectInterval);if(this.collectInterval=setInterval(()=>{this.collect()},n),this.config.persistence.enabled&&this.flushToDb){let r=this.parseTimeToMs(this.config.persistence.flushInterval);this.flushInterval=setInterval(()=>{this.flush()},r)}this.collect()}stop(){if(!this.isRunning)return;if(this.isRunning=!1,this.logger.info("[Monitoring] Stopping monitoring service"),this.collectInterval)clearInterval(this.collectInterval),this.collectInterval=null;if(this.flushInterval)clearInterval(this.flushInterval),this.flushInterval=null;this.flush()}async collect(){let n=Date.now(),r={timestamp:n};if(this.config.system.enabled){let t=await this.systemCollector.collect();if(t)r.system=t,this.addMetricPoints("system",t,n)}if(this.config.application.enabled){let t=this.applicationCollector.collect();if(t)r.application=t,this.addMetricPoints("application",t,n)}if(await this.storeSnapshot(r),this.config.alerts.enabled)await this.alertService.checkAndAlert(r)}addMetricPoints(n,r,t){let o=(c,i="")=>{for(let a in c){let e=c[a],s=i?`${i}.${a}`:a;if(typeof e==="number")this.pendingMetrics.push({timestamp:t,metricType:n,metricName:s,value:e});else if(typeof e==="object"&&e!==null&&!Array.isArray(e))o(e,s)}};o(r)}async storeSnapshot(n){let r=`monitoring:${this.appId}:latest`;await this.redis.create(r,n,3600);let t=`monitoring:${this.appId}:history`,o=await this.redis.read(t),c=o.success&&o.data?o.data:[];c.push(n);let i=Date.now()-3600000,a=c.filter((e)=>e.timestamp>i);await this.redis.create(t,a,3600)}async flush(){if(this.pendingMetrics.length===0)return;if(!this.flushToDb)return;let n=[...this.pendingMetrics];this.pendingMetrics=[];try{await this.flushToDb(n),this.logger.debug(`[Monitoring] Flushed ${n.length} metrics to database`)}catch(r){this.logger.error(`[Monitoring] Failed to flush metrics: ${r}`),this.pendingMetrics=[...n,...this.pendingMetrics]}}recordRequest(n){if(!this.config.enabled||!this.config.application.enabled)return;this.applicationCollector.recordRequest(n)}recordRateLimitBlock(){if(!this.config.enabled||!this.config.application.enabled)return;this.applicationCollector.recordRateLimitBlock()}async getLatestSnapshot(){let n=`monitoring:${this.appId}:latest`,r=await this.redis.read(n);return r.success?r.data:null}async getHistory(n=60){let r=`monitoring:${this.appId}:history`,t=await this.redis.read(r);if(!t.success||!t.data)return[];let o=Date.now()-n*60000;return t.data.filter((c)=>c.timestamp>o)}getActiveAlerts(){return this.alertService.getActiveAlerts()}acknowledgeAlert(n){return this.alertService.acknowledgeAlert(n)}isEnabled(){return this.config.enabled}getConfig(){return this.config}}var Un;var xu=b(()=>{Qu();Nu();Un={enabled:!1,system:{enabled:!0,collectInterval:"10s",metrics:{cpu:!0,memory:!0,disk:!0,network:!1,process:!0}},application:{enabled:!0,metrics:{requests:!0,responseTime:!0,errors:!0,rateLimits:!0}},database:{enabled:!1,metrics:{connections:!0,queryTime:!0,slowQueryThreshold:"100ms"}},redis:{enabled:!1},persistence:{enabled:!0,flushInterval:"1m",retentionDays:30},alerts:{enabled:!1,email:{enabled:!1,recipients:[]},thresholds:{cpuPercent:80,memoryPercent:85,diskPercent:90,errorRatePercent:5,responseTimeMs:1000,rateLimitBlocksPerMinute:100},cooldown:"5m"}}});var Pu=()=>{};import{and as Hc,desc as Cu,eq as mr}from"drizzle-orm";function Z0(n){let r={};for(let[t,o]of Object.entries(n)){let c=t.replace(/_([a-z])/g,(i,a)=>a.toUpperCase());r[c]=o}return r}function nh(n){let r={};for(let[t,o]of Object.entries(n)){let c=t.replace(/[A-Z]/g,(i)=>`_${i.toLowerCase()}`);r[c]=o}return r}class p0{db;schemaTables;config;logger;gmailService;constructor(n){this.db=n.db,this.schemaTables=n.schemaTables,this.config=n.config,this.logger=n.logger,this.gmailService=n.gmailService}getTable(n){return this.schemaTables[n]}getCol(n,r){return n[r]}isChannelEnabled(n){let r=this.config.channels;if(!r)return n==="portal";switch(n){case"portal":return r.portal!==!1;case"email":return r.email===!0;case"sms":return r.sms?.enabled===!0;case"telegram":return r.telegram?.enabled===!0;case"webhook":return r.webhook?.enabled===!0;default:return!1}}interpolateTemplate(n,r){let t=n;for(let[o,c]of Object.entries(r))t=t.replace(new RegExp(`{{${o}}}`,"g"),String(c??""));for(let[o,c]of Object.entries(this.config.templateVariables||{}))t=t.replace(new RegExp(`{{${o}}}`,"g"),c);return t}async triggerNotifications(n){let{trigger:r,flow_id:t,entity_name:o,entity_id:c,node_id:i,context:a={}}=n,e=this.getTable("verificationNotificationRules"),s=this.getTable("verificationNotificationRecipients"),f=this.getTable("verificationNotificationChannels");if(!e||!s){this.logger.warn("[Notification] Notification tables not found");return}let d=new Date,g=(await this.db.select().from(e).where(Hc(mr(this.getCol(e,"flowId"),t),mr(this.getCol(e,"trigger"),r)))).filter((u)=>{if(i&&u.node_id!==i)return!1;if(u.starts_at&&new Date(u.starts_at)>d)return!1;if(u.expires_at&&new Date(u.expires_at)<d)return!1;return!0});for(let u of g){let m=await this.db.select().from(s).where(mr(this.getCol(s,"ruleId"),u.id)),_=["portal"];if(f){let H=await this.db.select().from(f).where(mr(this.getCol(f,"ruleId"),u.id));if(H.length>0)_=H.map((D)=>D.channel)}let S=_.filter((H)=>this.isChannelEnabled(H));if(S.length===0)continue;let h=await this.resolveRecipients(m,n.verifier_id,t,o,c),E={...a,entity_name:o,entity_id:c,trigger:r,decision:n.decision},V=u.title_template?this.interpolateTemplate(u.title_template,E):`Verification ${r.replace("on_","").replace("_"," ")}`,Y=u.body_template?this.interpolateTemplate(u.body_template,E):void 0;for(let H of h)await this.send({user_id:H,title:V,body:Y,entity_name:o,entity_id:c,type:"verification",source:`flow:${t}`,channels:S})}this.logger.debug(`[Notification] Triggered ${g.length} rules for ${r} on ${o}:${c}`)}async resolveRecipients(n,r,t,o,c){let i=new Set,a=this.getTable("user_roles"),e=this.getTable("roles");for(let s of n)switch(s.recipient_type){case"user":if(s.recipient_user_id)i.add(s.recipient_user_id);break;case"role":if(s.recipient_role&&a&&e){let f=e,d=a,w=(await this.db.select().from(e).where(mr(f.name,s.recipient_role)).limit(1))[0];if(w){let g=await this.db.select({user_id:d.userId}).from(a).where(mr(d.roleId,w.id));for(let u of g)i.add(u.user_id)}}break;case"step_verifier":if(r)i.add(r);break;case"entity_creator":{if(o&&c){let f=this.getTable("verificationInstances");if(f){let l=(await this.db.select().from(f).where(Hc(mr(this.getCol(f,"entityName"),o),mr(this.getCol(f,"entityId"),c))).orderBy(Cu(this.getCol(f,"createdAt"))).limit(1))[0];if(l?.startedBy)i.add(l.startedBy)}}break}case"all_verifiers":{if(t){let f=this.getTable("verificationVerifierConfigs");if(f){let d=await this.db.select().from(f).where(mr(this.getCol(f,"flowId"),t));for(let l of d){let w=l;if(w.verifierUserId)i.add(w.verifierUserId)}}}break}}return Array.from(i)}async send(n){let{user_id:r,title:t,body:o,entity_name:c,entity_id:i,type:a,source:e,channels:s}=n;for(let f of s)switch(f){case"portal":await this.sendPortalNotification(r,t,o,c,i,a,e);break;case"email":await this.sendEmailNotification(r,t,o);break;case"sms":this.logger.debug(`[Notification] SMS channel not yet implemented for user ${r}`);break;case"telegram":this.logger.debug(`[Notification] Telegram channel not yet implemented for user ${r}`);break;case"webhook":this.logger.debug(`[Notification] Webhook channel not yet implemented for user ${r}`);break}}async sendPortalNotification(n,r,t,o,c,i,a){let e=this.getTable("notifications");if(!e){this.logger.warn("[Notification] notifications table not found");return}await this.db.insert(e).values(Z0({user_id:n,title:r,body:t||null,entity_name:o||null,entity_id:c||null,type:i||"system",source:a||null,is_seen:!1})),this.logger.debug(`[Notification] Portal notification sent to ${n}: ${r}`)}async sendEmailNotification(n,r,t){if(!this.gmailService?.isAvailable()){this.logger.warn("[Notification] Gmail service not available for email notification");return}let o=this.getTable("users");if(!o){this.logger.warn("[Notification] users table not found");return}let i=(await this.db.select({email:this.getCol(o,"email")}).from(o).where(mr(this.getCol(o,"id"),n)).limit(1))[0];if(!i?.email){this.logger.warn(`[Notification] No email found for user ${n}`);return}await this.gmailService.sendEmail({to:i.email,subject:r,html:t||r}),this.logger.debug(`[Notification] Email notification sent to ${i.email}: ${r}`)}async getNotifications(n,r){let t=this.getTable("notifications");if(!t)return[];let o=[mr(this.getCol(t,"userId"),n)];if(r?.type)o.push(mr(this.getCol(t,"type"),r.type));return(await this.db.select().from(t).where(Hc(...o)).orderBy(Cu(this.getCol(t,"createdAt"))).limit(r?.limit||50).offset(r?.offset||0)).map((a)=>nh(a))}async getUnseenCount(n){let r=this.getTable("notifications");if(!r)return 0;return(await this.db.select().from(r).where(Hc(mr(this.getCol(r,"userId"),n),mr(this.getCol(r,"isSeen"),!1)))).length}async markAsSeen(n,r){let t=this.getTable("notifications");if(!t)return!1;return await this.db.update(t).set(Z0({is_seen:!0,seen_at:new Date})).where(Hc(mr(this.getCol(t,"id"),n),mr(this.getCol(t,"userId"),r))),!0}async markAllAsSeen(n){let r=this.getTable("notifications");if(!r)return 0;return(await this.db.update(r).set(Z0({is_seen:!0,seen_at:new Date})).where(Hc(mr(this.getCol(r,"userId"),n),mr(this.getCol(r,"isSeen"),!1))).returning()).length}}var I0=b(()=>{Pu()});function qu(n,r){if(!n.authorizationUrl)throw Error("Generic OAuth provider requires authorizationUrl");let t=n.scopes??[],o=new URLSearchParams({client_id:n.clientId,redirect_uri:n.redirectUri,response_type:"code",state:r,...t.length>0?{scope:t.join(" ")}:{},...n.extraAuthParams});return`${n.authorizationUrl}?${o.toString()}`}async function Fu(n,r){if(!r.tokenUrl)throw Error("Generic OAuth provider requires tokenUrl");let t=await fetch(r.tokenUrl,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded",Accept:"application/json"},body:new URLSearchParams({code:n,client_id:r.clientId,client_secret:r.clientSecret,redirect_uri:r.redirectUri,grant_type:"authorization_code"}).toString()});if(!t.ok){let s=await t.text();throw Error(`Generic OAuth token exchange failed: ${s}`)}let o=await t.json();if(o.error)throw Error(`OAuth error: ${o.error_description||o.error}`);let c={accessToken:o.access_token,refreshToken:o.refresh_token,expiresAt:o.expires_in?new Date(Date.now()+o.expires_in*1000):void 0,scope:o.scope};if(!r.userInfoUrl)return{profile:{providerAccountId:o.access_token,rawProfile:o},tokens:c};let i=await fetch(r.userInfoUrl,{headers:{Authorization:`Bearer ${o.access_token}`}});if(!i.ok)throw Error("Failed to fetch user info from generic OAuth provider");let a=await i.json();return{profile:{providerAccountId:a.id??a.sub??a.user_id??o.access_token,email:a.email,name:a.name??a.display_name??a.username,avatarUrl:a.avatar_url??a.picture??a.photo,rawProfile:a},tokens:c}}function ju(n,r){let t=n.scopes??["read:user","user:email"];return`https://github.com/login/oauth/authorize?${new URLSearchParams({client_id:n.clientId,redirect_uri:n.redirectUri,scope:t.join(" "),state:r,...n.extraAuthParams}).toString()}`}async function Ku(n,r){let t=await fetch("https://github.com/login/oauth/access_token",{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded",Accept:"application/json"},body:new URLSearchParams({code:n,client_id:r.clientId,client_secret:r.clientSecret,redirect_uri:r.redirectUri}).toString()});if(!t.ok){let f=await t.text();throw Error(`GitHub token exchange failed: ${f}`)}let o=await t.json();if(o.error)throw Error(`GitHub OAuth error: ${o.error_description||o.error}`);let c={accessToken:o.access_token,refreshToken:o.refresh_token,expiresAt:o.expires_in?new Date(Date.now()+o.expires_in*1000):void 0,scope:o.scope},i=await fetch("https://api.github.com/user",{headers:{Authorization:`Bearer ${o.access_token}`,Accept:"application/vnd.github+json"}});if(!i.ok)throw Error("Failed to fetch GitHub user info");let a=await i.json(),e=a.email;if(!e)try{let f=await fetch("https://api.github.com/user/emails",{headers:{Authorization:`Bearer ${o.access_token}`,Accept:"application/vnd.github+json"}});if(f.ok){let d=await f.json();e=d.find((w)=>w.primary&&w.verified)?.email??d[0]?.email}}catch{}return{profile:{providerAccountId:String(a.id),email:e,name:a.name??a.login,avatarUrl:a.avatar_url,rawProfile:a},tokens:c}}function vu(n,r){let t=n.scopes??["openid","email","profile"];return`https://accounts.google.com/o/oauth2/v2/auth?${new URLSearchParams({client_id:n.clientId,redirect_uri:n.redirectUri,response_type:"code",scope:t.join(" "),state:r,access_type:"offline",prompt:"select_account",...n.extraAuthParams}).toString()}`}async function Zu(n,r){let t=await fetch("https://oauth2.googleapis.com/token",{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({code:n,client_id:r.clientId,client_secret:r.clientSecret,redirect_uri:r.redirectUri,grant_type:"authorization_code"}).toString()});if(!t.ok){let s=await t.text();throw Error(`Google token exchange failed: ${s}`)}let o=await t.json(),c={accessToken:o.access_token,refreshToken:o.refresh_token,expiresAt:o.expires_in?new Date(Date.now()+o.expires_in*1000):void 0,scope:o.scope},i=await fetch("https://www.googleapis.com/oauth2/v3/userinfo",{headers:{Authorization:`Bearer ${o.access_token}`}});if(!i.ok)throw Error("Failed to fetch Google user info");let a=await i.json();return{profile:{providerAccountId:a.sub,email:a.email,name:a.name,avatarUrl:a.picture,rawProfile:a},tokens:c}}function pu(n){return`https://login.microsoftonline.com/${n.tenantId??"common"}/oauth2/v2.0`}function Iu(n,r){let t=n.scopes??["openid","email","profile","User.Read"],o=new URLSearchParams({client_id:n.clientId,redirect_uri:n.redirectUri,response_type:"code",scope:t.join(" "),state:r,response_mode:"query",...n.extraAuthParams});return`${pu(n)}/authorize?${o.toString()}`}async function yu(n,r){let t=await fetch(`${pu(r)}/token`,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({code:n,client_id:r.clientId,client_secret:r.clientSecret,redirect_uri:r.redirectUri,grant_type:"authorization_code"}).toString()});if(!t.ok){let s=await t.text();throw Error(`Microsoft token exchange failed: ${s}`)}let o=await t.json();if(o.error)throw Error(`Microsoft OAuth error: ${o.error_description||o.error}`);let c={accessToken:o.access_token,refreshToken:o.refresh_token,expiresAt:o.expires_in?new Date(Date.now()+o.expires_in*1000):void 0,scope:o.scope},i=await fetch("https://graph.microsoft.com/v1.0/me",{headers:{Authorization:`Bearer ${o.access_token}`}});if(!i.ok)throw Error("Failed to fetch Microsoft user info");let a=await i.json();return{profile:{providerAccountId:a.id,email:a.mail??a.userPrincipalName,name:a.displayName,avatarUrl:void 0,rawProfile:a},tokens:c}}import{randomBytes as rh}from"crypto";class ne{config;stateStore=new Map;cleanupInterval=null;constructor(n){this.config=n;let r=(n.stateTtlSeconds??600)*1000;this.cleanupInterval=setInterval(()=>{let t=Date.now();for(let[o,c]of this.stateStore.entries())if(c.expiresAt<t)this.stateStore.delete(o)},r)}stop(){if(this.cleanupInterval)clearInterval(this.cleanupInterval),this.cleanupInterval=null}isProviderEnabled(n){return!!(this.config.enabled&&this.config.providers[n])}getEnabledProviders(){if(!this.config.enabled)return[];return Object.keys(this.config.providers)}buildAuthorizationUrl(n,r,t){let o=this.config.providers[n];if(!o)throw Error(`OAuth provider "${n}" is not configured`);let c={provider:n,linkUserId:r,redirectUrl:t,createdAt:Date.now()},i=rh(32).toString("hex"),a=(this.config.stateTtlSeconds??600)*1000;switch(this.stateStore.set(i,{payload:c,expiresAt:Date.now()+a}),n){case"google":return vu(o,i);case"github":return ju(o,i);case"microsoft":return Iu(o,i);default:return qu(o,i)}}consumeState(n){let r=this.stateStore.get(n);if(!r)return null;if(r.expiresAt<Date.now())return this.stateStore.delete(n),null;return this.stateStore.delete(n),r.payload}async exchangeCode(n,r){let t=this.config.providers[n];if(!t)throw Error(`OAuth provider "${n}" is not configured`);switch(n){case"google":return Zu(r,t);case"github":return Ku(r,t);case"microsoft":return yu(r,t);default:return Fu(r,t)}}get allowAccountLinking(){return this.config.allowAccountLinking??!0}get autoCreateUser(){return this.config.autoCreateUser??!0}get successRedirectUrl(){return this.config.successRedirectUrl??"/"}get errorRedirectUrl(){return this.config.errorRedirectUrl??"/login"}get sendInviteOnCreate(){return this.config.sendInviteOnCreate??!1}get basePath(){return this.config.basePath??"/auth/oauth"}}var Tu=()=>{};var y0=b(()=>{Tu()});class T0{redis;logger;config;constructor(n){this.redis=n.redis,this.logger=n.logger,this.config=this.mergeConfig(n.config)}mergeConfig(n){return{enabled:n.enabled??hr.enabled,strategy:n.strategy??hr.strategy,keyPrefix:n.keyPrefix??hr.keyPrefix,authRoutes:{window:n.authRoutes?.window??hr.authRoutes.window,max:n.authRoutes?.max??hr.authRoutes.max,login:{window:n.authRoutes?.login?.window??re.window,max:n.authRoutes?.login?.max??re.max,blockDuration:n.authRoutes?.login?.blockDuration??re.blockDuration},register:{window:n.authRoutes?.register?.window??te.window,max:n.authRoutes?.register?.max??te.max,blockDuration:n.authRoutes?.register?.blockDuration??te.blockDuration},passwordReset:{window:n.authRoutes?.passwordReset?.window??oe.window,max:n.authRoutes?.passwordReset?.max??oe.max,blockDuration:n.authRoutes?.passwordReset?.blockDuration??oe.blockDuration},magicLink:{window:n.authRoutes?.magicLink?.window??ce.window,max:n.authRoutes?.magicLink?.max??ce.max,blockDuration:n.authRoutes?.magicLink?.blockDuration??ce.blockDuration}},publicRoutes:{window:n.publicRoutes?.window??hr.publicRoutes.window,max:n.publicRoutes?.max??hr.publicRoutes.max},privateRoutes:{window:n.privateRoutes?.window??hr.privateRoutes.window,max:n.privateRoutes?.max??hr.privateRoutes.max},byIp:n.byIp??hr.byIp,byUserId:n.byUserId??hr.byUserId,byEndpoint:n.byEndpoint??hr.byEndpoint,skipSuccessfulRequests:n.skipSuccessfulRequests??hr.skipSuccessfulRequests,headers:{remaining:n.headers?.remaining??hr.headers.remaining,reset:n.headers?.reset??hr.headers.reset,limit:n.headers?.limit??hr.headers.limit},whitelist:n.whitelist??hr.whitelist,blacklist:n.blacklist??hr.blacklist}}parseTimeToMs(n){let r=n.match(/^(\d+)(ms|s|m|h|d)$/);if(!r||!r[1]||!r[2])return 60000;let t=parseInt(r[1],10);switch(r[2]){case"ms":return t;case"s":return t*1000;case"m":return t*60*1000;case"h":return t*60*60*1000;case"d":return t*24*60*60*1000;default:return 60000}}buildKey(n){let r=[this.config.keyPrefix,n.category];if(n.authType&&n.authType!=="other")r.push(n.authType);if(this.config.byIp&&n.ip)r.push(`ip:${n.ip}`);if(this.config.byUserId&&n.userId)r.push(`user:${n.userId}`);if(this.config.byEndpoint&&n.endpoint)r.push(`ep:${n.endpoint.replace(/\//g,"_")}`);return r.join(":")}getLimits(n,r){if(n==="auth"){if(r&&r!=="other"){let t=this.config.authRoutes[r];if(t)return t}return{window:this.config.authRoutes.window,max:this.config.authRoutes.max}}if(n==="public")return this.config.publicRoutes;return this.config.privateRoutes}isWhitelisted(n){return this.config.whitelist.some((r)=>{if(r.includes("*"))return new RegExp(`^${r.replace(/\*/g,".*")}$`).test(n);return r===n})}isBlacklisted(n){return this.config.blacklist.some((r)=>{if(r.includes("*"))return new RegExp(`^${r.replace(/\*/g,".*")}$`).test(n);return r===n})}async readRedis(n){let r=await this.redis.read(n);if(r.success)return r.data;return null}async check(n){if(!this.config.enabled)return{allowed:!0,remaining:-1,resetAt:0,limit:-1};if(this.isWhitelisted(n.ip))return{allowed:!0,remaining:-1,resetAt:0,limit:-1};if(this.isBlacklisted(n.ip))return this.logger.warn(`[RateLimit] Blacklisted IP: ${n.ip}`),{allowed:!1,remaining:0,resetAt:Date.now()+86400000,limit:0,retryAfter:86400};let r=this.buildKey(n),t=this.getLimits(n.category,n.authType),o=this.parseTimeToMs(t.window),c=`${r}:blocked`,i=await this.readRedis(c);if(i&&i.until>Date.now()){let a=Math.ceil((i.until-Date.now())/1000);return this.logger.warn(`[RateLimit] Blocked: ${r}, retry after ${a}s`),{allowed:!1,remaining:0,resetAt:i.until,limit:t.max,retryAfter:a}}if(this.config.strategy==="sliding-window")return this.slidingWindowCheck(r,t.max,o,t.blockDuration);if(this.config.strategy==="fixed-window")return this.fixedWindowCheck(r,t.max,o,t.blockDuration);return this.tokenBucketCheck(r,t.max,o)}async slidingWindowCheck(n,r,t,o){let c=Date.now(),i=c-t,a=`${n}:sw`,s=(await this.readRedis(a))?.timestamps||[];s=s.filter((w)=>w>i);let f=s.length,d=s[0],l=d!==void 0?d+t:c+t;if(f>=r){if(o){let w=this.parseTimeToMs(o);await this.redis.create(`${n}:blocked`,{until:c+w},Math.ceil(w/1000))}return{allowed:!1,remaining:0,resetAt:l,limit:r,retryAfter:Math.ceil((l-c)/1000)}}return s.push(c),await this.redis.create(a,{timestamps:s},Math.ceil(t/1000)+1),{allowed:!0,remaining:r-s.length,resetAt:l,limit:r}}async fixedWindowCheck(n,r,t,o){let c=Date.now(),i=Math.floor(c/t),a=`${n}:fw:${i}`,e=(i+1)*t,f=(await this.readRedis(a))?.count||0;if(f>=r){if(o){let d=this.parseTimeToMs(o);await this.redis.create(`${n}:blocked`,{until:c+d},Math.ceil(d/1000))}return{allowed:!1,remaining:0,resetAt:e,limit:r,retryAfter:Math.ceil((e-c)/1000)}}return await this.redis.create(a,{count:f+1},Math.ceil(t/1000)+1),{allowed:!0,remaining:r-(f+1),resetAt:e,limit:r}}async tokenBucketCheck(n,r,t){let o=Date.now(),c=r/t,i=`${n}:tb`,a=await this.readRedis(i),e=a?.tokens??r,s=a?.lastRefill??o,d=(o-s)*c;if(e=Math.min(r,e+d),e<1){let l=Math.ceil((1-e)/c);return{allowed:!1,remaining:0,resetAt:o+l,limit:r,retryAfter:Math.ceil(l/1000)}}return e-=1,await this.redis.create(i,{tokens:e,lastRefill:o},Math.ceil(t/1000)*2),{allowed:!0,remaining:Math.floor(e),resetAt:o+t,limit:r}}async decrement(n){if(!this.config.skipSuccessfulRequests)return;let r=this.buildKey(n);if(this.config.strategy==="sliding-window"){let t=`${r}:sw`,o=await this.readRedis(t);if(o?.timestamps?.length){o.timestamps.pop();let c=this.parseTimeToMs(this.getLimits(n.category,n.authType).window);await this.redis.create(t,o,Math.ceil(c/1000)+1)}}else if(this.config.strategy==="fixed-window"){let t=this.parseTimeToMs(this.getLimits(n.category,n.authType).window),o=Math.floor(Date.now()/t),c=`${r}:fw:${o}`,i=await this.readRedis(c);if(i?.count)await this.redis.create(c,{count:i.count-1},Math.ceil(t/1000)+1)}}getHeaders(n){let r={};return r[this.config.headers.remaining]=String(n.remaining),r[this.config.headers.reset]=String(Math.ceil(n.resetAt/1000)),r[this.config.headers.limit]=String(n.limit),r}isEnabled(){return this.config.enabled}}var re,te,oe,ce,hr;var nb=b(()=>{re={window:"15m",max:5,blockDuration:"30m"},te={window:"1h",max:3,blockDuration:"1h"},oe={window:"1h",max:3,blockDuration:"1h"},ce={window:"1h",max:5,blockDuration:"1h"},hr={enabled:!0,strategy:"sliding-window",keyPrefix:"rl:",authRoutes:{window:"1m",max:10,login:re,register:te,passwordReset:oe,magicLink:ce},publicRoutes:{window:"1m",max:100},privateRoutes:{window:"1m",max:60},byIp:!0,byUserId:!0,byEndpoint:!1,skipSuccessfulRequests:!1,headers:{remaining:"X-RateLimit-Remaining",reset:"X-RateLimit-Reset",limit:"X-RateLimit-Limit"},whitelist:[],blacklist:[]}});var rb=()=>{};import{and as Zt,desc as nf,eq as an,inArray as tb}from"drizzle-orm";function zr(n){let r={};for(let[t,o]of Object.entries(n)){let c=t.replace(/_([a-z])/g,(i,a)=>a.toUpperCase());r[c]=o}return r}function Sr(n){let r={};for(let[t,o]of Object.entries(n)){let c=t.replace(/[A-Z]/g,(i)=>`_${i.toLowerCase()}`);r[c]=o}return r}class rf{db;schemaTables;config;logger;onNotificationTrigger;constructor(n){this.db=n.db,this.schemaTables=n.schemaTables,this.config=n.config,this.logger=n.logger}setNotificationHandler(n){this.onNotificationTrigger=n}getTable(n){return this.schemaTables[n]}getCol(n,r){return n[r]}async listFlows(n){let r=this.getTable("verificationFlows");if(!r)return[];return(await(n?this.db.select().from(r).where(an(this.getCol(r,"entityName"),n)):this.db.select().from(r))).map((c)=>Sr(c))}async getFlow(n){let r=this.getTable("verificationFlows"),t=this.getTable("verificationSteps"),o=this.getTable("verificationEdges"),c=this.getTable("verificationVerifierConfigs"),i=this.getTable("verificationNotificationRules"),a=this.getTable("verificationNotificationRecipients"),e=this.getTable("verificationNotificationChannels");if(!r)return null;let f=(await this.db.select().from(r).where(an(this.getCol(r,"id"),n)).limit(1))[0];if(!f)return null;let d=Sr(f),w=(t?await this.db.select().from(t).where(an(this.getCol(t,"flowId"),n)):[]).map((R)=>Sr(R)),u=(o?await this.db.select().from(o).where(an(this.getCol(o,"flowId"),n)):[]).map((R)=>Sr(R)),_=(c?await this.db.select().from(c).where(an(this.getCol(c,"flowId"),n)):[]).map((R)=>Sr(R)),h=(i?await this.db.select().from(i).where(an(this.getCol(i,"flowId"),n)):[]).map((R)=>Sr(R)),E=h.map((R)=>R.id),Y=(a&&E.length>0?await this.db.select().from(a).where(tb(this.getCol(a,"ruleId"),E)):[]).map((R)=>Sr(R)),D=(e&&E.length>0?await this.db.select().from(e).where(tb(this.getCol(e,"ruleId"),E)):[]).map((R)=>Sr(R));return{flow:d,graph:{steps:w,edges:u,verifier_configs:_,notification_rules:h,notification_recipients:Y,notification_channels:D}}}async saveFlow(n){let r=this.getTable("verificationFlows"),t=this.getTable("verificationSteps"),o=this.getTable("verificationEdges"),c=this.getTable("verificationVerifierConfigs"),i=this.getTable("verificationNotificationRules"),a=this.getTable("verificationNotificationRecipients"),e=this.getTable("verificationNotificationChannels");if(!r||!t||!o)throw Error("Verification tables not configured");let s=await this.db.select().from(r).where(an(this.getCol(r,"id"),n.flow_id)).limit(1),f=n.flow_id;if(s.length>0)await this.db.update(r).set(zr({entity_name:n.entity_name,name:n.name,description:n.description||null,trigger_on:n.trigger_on,trigger_fields:n.trigger_fields||null,is_draft:n.is_draft,viewport:n.viewport||null})).where(an(this.getCol(r,"id"),f));else{let[l]=await this.db.insert(r).values(zr({id:f,entity_name:n.entity_name,name:n.name,description:n.description||null,trigger_on:n.trigger_on,trigger_fields:n.trigger_fields||null,is_draft:n.is_draft,viewport:n.viewport||null})).returning();f=l.id}if(await this.db.delete(t).where(an(this.getCol(t,"flowId"),f)),o)await this.db.delete(o).where(an(this.getCol(o,"flowId"),f));if(c)await this.db.delete(c).where(an(this.getCol(c,"flowId"),f));if(i)await this.db.delete(i).where(an(this.getCol(i,"flowId"),f));let{graph:d}=n;if(d.steps.length>0)await this.db.insert(t).values(d.steps.map((l)=>zr({flow_id:f,entity_name:n.entity_name,node_id:l.node_id,node_type:l.node_type,step_order:l.step_order,name:l.name||null,description:l.description||null,position_x:l.position_x,position_y:l.position_y,width:l.width||null,height:l.height||null,style:l.style||null,data:l.data||null})));if(d.edges.length>0&&o)await this.db.insert(o).values(d.edges.map((l)=>zr({flow_id:f,edge_id:l.edge_id,source_node_id:l.source_node_id,target_node_id:l.target_node_id,source_handle:l.source_handle||null,target_handle:l.target_handle||null,edge_type:l.edge_type,label:l.label||null,condition:l.condition||null,style:l.style||null,animated:l.animated})));if(d.verifier_configs.length>0&&c)await this.db.insert(c).values(d.verifier_configs.map((l)=>zr({flow_id:f,node_id:l.node_id,verifier_type:l.verifier_type,verifier_user_id:l.verifier_user_id||null,verifier_role:l.verifier_role||null,require_signature:l.require_signature,all_must_approve:l.all_must_approve})));if(d.notification_rules.length>0&&i)for(let l of d.notification_rules){let[w]=await this.db.insert(i).values(zr({flow_id:f,node_id:l.node_id,trigger:l.trigger,title_template:l.title_template||null,body_template:l.body_template||null,starts_at:l.starts_at||null,expires_at:l.expires_at||null})).returning(),g=w.id,u=d.notification_recipients.filter((_)=>_.rule_id===l.node_id);if(u.length>0&&a)await this.db.insert(a).values(u.map((_)=>zr({rule_id:g,recipient_type:_.recipient_type,recipient_user_id:_.recipient_user_id||null,recipient_role:_.recipient_role||null})));let m=d.notification_channels.filter((_)=>_.rule_id===l.node_id);if(m.length>0&&e)await this.db.insert(e).values(m.map((_)=>zr({rule_id:g,channel:_.channel})))}return this.logger.info(`[Verification] Flow saved: ${f} for ${n.entity_name}`),{success:!0,flow_id:f}}async publishFlow(n){let r=this.getTable("verificationFlows");if(!r)return{success:!1,message:"Flow table not configured"};return await this.db.update(r).set(zr({is_draft:!1,published_at:new Date})).where(an(this.getCol(r,"id"),n)),this.logger.info(`[Verification] Flow published: ${n}`),{success:!0,message:"Flow published"}}async deleteFlow(n){let r=this.getTable("verificationFlows");if(!r)return{success:!1,message:"Flow table not configured"};return await this.db.delete(r).where(an(this.getCol(r,"id"),n)),this.logger.info(`[Verification] Flow deleted: ${n}`),{success:!0,message:"Flow deleted"}}async startFlow(n){let r=this.getTable("verificationFlows"),t=this.getTable("verificationSteps"),o=this.getTable("verificationEdges"),c=this.getTable("verificationVerifierConfigs"),i=this.getTable("verificationInstances"),a=this.getTable("verificationRequirements"),e=this.getTable("user_roles");if(!r||!t||!o||!i||!a)return{success:!1,message:"Verification tables not configured"};if(!(await this.db.select().from(r).where(Zt(an(this.getCol(r,"id"),n.flow_id),an(this.getCol(r,"isDraft"),!1))).limit(1))[0])return{success:!1,message:"Published flow not found"};if((await this.db.select().from(i).where(Zt(an(this.getCol(i,"entityName"),n.entity_name),an(this.getCol(i,"entityId"),n.entity_id),an(this.getCol(i,"status"),"active"))).limit(1)).length>0)return{success:!1,message:"An active verification instance already exists for this entity"};let l=await this.db.select().from(t).where(an(this.getCol(t,"flowId"),n.flow_id)),w=await this.db.select().from(o).where(an(this.getCol(o,"flowId"),n.flow_id)),g=l.filter((_)=>_.nodeType==="step");if(g.sort((_,S)=>_.stepOrder-S.stepOrder),g.length===0)return{success:!1,message:"Flow has no step nodes"};let[u]=await this.db.insert(i).values(zr({flow_id:n.flow_id,entity_name:n.entity_name,entity_id:n.entity_id,started_by:n.started_by||null,status:"active",current_step_order:1,started_at:new Date})).returning(),m=u.id;if(await this.materializeRequirementsForStep(m,n.flow_id,n.entity_name,n.entity_id,1,l,w,c,a,e),this.onNotificationTrigger)await this.onNotificationTrigger({trigger:"on_flow_started",flow_id:n.flow_id,entity_name:n.entity_name,entity_id:n.entity_id});return this.logger.info(`[Verification] Flow started: instance ${m} for ${n.entity_name}:${n.entity_id}`),{success:!0,instance_id:m,message:"Flow started"}}async materializeRequirementsForStep(n,r,t,o,c,i,a,e,s,f){if(!s)return;let d=i.find((_)=>_.nodeType==="step"&&_.stepOrder===c);if(!d)return;let l=d.nodeId,g=a.filter((_)=>_.targetNodeId===l).map((_)=>_.sourceNodeId),u=i.filter((_)=>_.nodeType==="verifier"&&g.includes(_.nodeId));if(u.length===0)return;let m=[];if(e)m=await this.db.select().from(e).where(an(this.getCol(e,"flowId"),r));for(let _ of u){let S=_.nodeId,h=m.find((Y)=>Y.nodeId===S);if(!h)continue;let{verifierType:E,allMustApprove:V}=h;if(E==="role"&&V&&f){let Y=this.getTable("roles");if(Y){let H=Y,D=f,$=(await this.db.select().from(Y).where(an(H.name,h.verifierRole)).limit(1))[0];if($){let A=await this.db.select({user_id:D.userId}).from(f).where(an(D.roleId,$.id));for(let M of A)await this.db.insert(s).values(zr({instance_id:n,step_node_id:l,verifier_node_id:S,entity_name:t,entity_id:o,verifier_type:"user",verifier_user_id:M.user_id,verifier_role:h.verifierRole||null,require_signature:h.requireSignature,all_must_approve:!0,step_order:c,status:"pending"}))}}}else await this.db.insert(s).values(zr({instance_id:n,step_node_id:l,verifier_node_id:S,entity_name:t,entity_id:o,verifier_type:E,verifier_user_id:h.verifierUserId||null,verifier_role:h.verifierRole||null,require_signature:h.requireSignature,all_must_approve:V,step_order:c,status:"pending"}))}if(this.onNotificationTrigger)await this.onNotificationTrigger({trigger:"on_step_reached",flow_id:r,entity_name:t,entity_id:o})}async getStatus(n,r){let t=this.getTable("verificationInstances"),o=this.getTable("verificationFlows"),c=this.getTable("verificationSteps"),i=this.getTable("verifications"),a=this.getTable("verificationRequirements"),e={entity_name:n,entity_id:r,instance:null,flow:null,current_step:0,total_steps:0,is_completed:!1,is_rejected:!1,verifications:[],pending_requirements:[]};if(!t||!o||!i||!a)return this.logger.error("[Verification] Required tables not found"),e;let f=(await this.db.select().from(t).where(Zt(an(this.getCol(t,"entityName"),n),an(this.getCol(t,"entityId"),r))).orderBy(nf(this.getCol(t,"createdAt"))).limit(1))[0];if(!f)return e;let d=Sr(f),l=await this.db.select().from(o).where(an(this.getCol(o,"id"),d.flow_id)).limit(1),w=l[0]?Sr(l[0]):void 0,u=(c?await this.db.select().from(c).where(Zt(an(this.getCol(c,"flowId"),d.flow_id),an(this.getCol(c,"nodeType"),"step"))):[]).length,_=(await this.db.select().from(i).where(an(this.getCol(i,"instanceId"),d.id)).orderBy(nf(this.getCol(i,"createdAt")))).map((E)=>Sr(E)),h=(await this.db.select().from(a).where(Zt(an(this.getCol(a,"instanceId"),d.id),an(this.getCol(a,"status"),"pending")))).map((E)=>Sr(E));return{entity_name:n,entity_id:r,instance:d,flow:w||null,current_step:d.current_step_order,total_steps:u,is_completed:d.status==="completed",is_rejected:d.status==="rejected",verifications:_,pending_requirements:h}}async decide(n){let{entity_name:r,entity_id:t,user_id:o,decision:c,reason:i,signature_id:a,diff:e}=n,s=this.getTable("verifications"),f=this.getTable("verificationRequirements"),d=this.getTable("verificationInstances"),l=this.getTable("verificationSteps"),w=this.getTable("verificationEdges"),g=this.getTable("verificationVerifierConfigs"),u=this.getTable("user_roles"),m=this.getTable("roles");if(!s||!f||!d)return{success:!1,message:"Verification tables not configured"};let _=await this.getStatus(r,t);if(!_.instance||_.instance.status!=="active")return{success:!1,message:"No active verification instance"};let S=_.pending_requirements.filter((R)=>R.step_order===_.current_step);if(S.length===0)return{success:!1,message:"No pending requirements for current step"};let h=null;for(let R of S){if(R.verifier_type==="user"&&R.verifier_user_id===o){h=R;break}if(R.verifier_type==="role"&&R.verifier_role&&u&&m){let $=u,A=m;if((await this.db.select({role_name:A.name}).from(u).innerJoin(m,an($.roleId,A.id)).where(an($.userId,o))).some((L)=>L.role_name===R.verifier_role)){h=R;break}}}if(!h)return{success:!1,message:"User is not authorized to verify at this step"};if(h.require_signature&&!a)return{success:!1,message:"Signature is required for this verification step"};let[E]=await this.db.insert(s).values(zr({instance_id:_.instance.id,requirement_id:h.id,verifier_id:o,signature_id:a||null,entity_name:r,entity_id:t,step_order:_.current_step,decision:c,reason:i||null,diff:e||null})).returning();if(await this.db.update(f).set({status:c}).where(an(this.getCol(f,"id"),h.id)),this.onNotificationTrigger&&_.instance)await this.onNotificationTrigger({trigger:c==="approved"?"on_approved":"on_rejected",flow_id:_.instance.flow_id,entity_name:r,entity_id:t,verifier_id:o,decision:c});if(c==="rejected"){await this.db.update(d).set(zr({status:"rejected",completed_at:new Date})).where(an(this.getCol(d,"id"),_.instance.id));let R;if(this.config.autoResetOnRejection){this.logger.info(`[Verification] Flow rejected for ${r}:${t}, auto-restarting from step 1`);let $=await this.startFlow({flow_id:_.instance.flow_id,entity_name:r,entity_id:t,started_by:_.instance.started_by});if($.success)R=$.instance_id}return{success:!0,message:this.config.autoResetOnRejection?"Verification rejected \u2014 flow restarted from step 1":"Verification rejected",verification:E,flow_completed:!1,new_instance_id:R}}let V=h.id,Y=S.filter((R)=>R.id!==V);if(Y.length>0)return{success:!0,message:`Step ${_.current_step} partially approved, ${Y.length} verifier(s) remaining`,verification:E,flow_completed:!1};let H=_.current_step+1;if(H>_.total_steps){if(await this.db.update(d).set(zr({status:"completed",completed_at:new Date})).where(an(this.getCol(d,"id"),_.instance.id)),this.onNotificationTrigger)await this.onNotificationTrigger({trigger:"on_flow_completed",flow_id:_.instance.flow_id,entity_name:r,entity_id:t});return{success:!0,message:"Verification flow completed",verification:E,flow_completed:!0}}if(await this.db.update(d).set(zr({current_step_order:H})).where(an(this.getCol(d,"id"),_.instance.id)),l&&w){let R=await this.db.select().from(l).where(an(this.getCol(l,"flowId"),_.instance.flow_id)),$=await this.db.select().from(w).where(an(this.getCol(w,"flowId"),_.instance.flow_id));await this.materializeRequirementsForStep(_.instance.id,_.instance.flow_id,r,t,H,R,$,g,f,u)}return{success:!0,message:`Step ${_.current_step} approved, moving to step ${H}`,verification:E,flow_completed:!1,next_step:H}}async startFlowForEntity(n){let r=this.getTable("verificationFlows");if(!r)return{success:!1,message:"Flow table not configured"};let o=(await this.db.select().from(r).where(Zt(an(this.getCol(r,"entityName"),n.entity_name),an(this.getCol(r,"isDraft"),!1))).limit(1))[0];if(!o)return{success:!1,message:`No published flow found for entity '${n.entity_name}'`};return this.startFlow({flow_id:o.id,entity_name:n.entity_name,entity_id:n.entity_id,started_by:n.started_by})}async listEntityStatuses(n){let r=this.getTable("verificationInstances"),t=this.getTable("verificationFlows"),o=this.getTable("verificationSteps"),c={items:[],total:0,page:1,limit:20};if(!r||!t)return c;let i=n.page||1,a=n.limit||20,e=(i-1)*a,s=[an(this.getCol(r,"entityName"),n.entity_name)];if(n.status)s.push(an(this.getCol(r,"status"),n.status));let f=s.length===1?s[0]:Zt(...s),l=(await this.db.select().from(r).where(f).orderBy(nf(this.getCol(r,"createdAt")))).map((m)=>Sr(m)),w=l.length,g=l.slice(e,e+a),u=[];for(let m of g){let _=m.flow_id,S=await this.db.select().from(t).where(an(this.getCol(t,"id"),_)).limit(1),h=S[0]?Sr(S[0]):void 0,E=0;if(o)E=(await this.db.select().from(o).where(Zt(an(this.getCol(o,"flowId"),_),an(this.getCol(o,"nodeType"),"step")))).length;u.push({instance_id:m.id,entity_name:m.entity_name,entity_id:m.entity_id,flow_id:_,flow_name:h?.name||"Unknown",status:m.status,current_step_order:m.current_step_order,total_steps:E,started_by:m.started_by,started_at:m.started_at,completed_at:m.completed_at})}return{items:u,total:w,page:i,limit:a}}async getPending(n){let r=this.getTable("verificationRequirements"),t=this.getTable("verificationInstances"),o=this.getTable("verificationFlows"),c=this.getTable("user_roles"),i=this.getTable("roles");if(this.logger.info(`[Verification.getPending] userId=${n}, tables: req=${!!r} inst=${!!t} flow=${!!o} roles=${!!i} userRoles=${!!c}`),!r||!t||!o)return this.logger.warn("[Verification.getPending] Missing required tables, returning empty"),[];let a=c,e=i,f=(c&&i?await this.db.select({role_name:e.name}).from(c).innerJoin(i,an(a.roleId,e.id)).where(an(a.userId,n)):[]).map((g)=>g.role_name),l=(await this.db.select().from(r).where(an(this.getCol(r,"status"),"pending"))).map((g)=>Sr(g));this.logger.info(`[Verification.getPending] Found ${l.length} pending requirements, userRoles=${JSON.stringify(f)}`);for(let g of l)this.logger.info(`[Verification.getPending] Req: verifier_type=${g.verifier_type} verifier_user_id=${g.verifier_user_id} verifier_role=${g.verifier_role} step_order=${g.step_order} entity=${g.entity_name}/${g.entity_id}`);let w=[];for(let g of l){if(!(g.verifier_type==="user"&&g.verifier_user_id===n||g.verifier_type==="role"&&f.includes(g.verifier_role))){this.logger.info(`[Verification.getPending] Skipping req: canVerify=false (type=${g.verifier_type}, reqUserId=${g.verifier_user_id}, loggedInUserId=${n})`);continue}let m=await this.db.select().from(t).where(Zt(an(this.getCol(t,"id"),g.instance_id),an(this.getCol(t,"status"),"active"))).limit(1),_=m[0]?Sr(m[0]):void 0;if(!_)continue;if(_.current_step_order!==g.step_order)continue;let S=await this.db.select().from(o).where(an(this.getCol(o,"id"),_.flow_id)).limit(1),h=S[0]?Sr(S[0]):void 0;if(!h)continue;w.push({instance_id:_.id,entity_name:g.entity_name,entity_id:g.entity_id,flow_name:h.name,step_order:g.step_order,step_name:void 0,require_signature:g.require_signature,created_at:g.created_at})}return w}}var tf=b(()=>{rb()});var of=b(()=>{mu();x0();q0();Ju();Xu();xu();I0();y0();nb();tf()});import{access as hM,mkdir as ah}from"fs/promises";import{dirname as eh,resolve as cb}from"path";var Wi,ef,Vn=(n)=>{if(!n||typeof n!=="string")throw or("INVALID_PATH","Path must be a non-empty string",n,"resolvePath");return cb(n)},pt=(n)=>{let r=Vn(n);return eh(r)},gt=async(n)=>{let r=cb(n);try{await ah(r,{recursive:!0})}catch(t){if(t.code!=="EEXIST")throw or("DIRECTORY_CREATE_FAILED",`Failed to create directory: ${r}`,r,"ensureDirectory")}},sf=(n)=>{let r=n,t=0;while(r>=1024&&t<ef.length-1)r/=1024,t++;return`${r.toFixed(2)} ${ef[t]}`},ib=(n,r)=>{return n.toLowerCase().endsWith(r.toLowerCase())},ff=(n,r)=>{let t=r.startsWith(".")?r:`.${r}`;if(ib(n,t))return n;return`${n}${t}`},or=(n,r,t,o)=>{return{code:n,message:r,path:t,operation:o||"unknown"}},ie=(n)=>{try{return JSON.stringify(n,null,2)}catch{return"{}"}},lf=async(n,r,t=Wi.maxConcurrency)=>{let o=[];for(let c=0;c<n.length;c+=t){let i=n.slice(c,c+t),a=[];for(let s of i)a.push(r(s));let e=await Promise.allSettled(a);o.push(...e)}return o},ae=(n,r={})=>{let t=[],o=[],c=r.strict??!0;if(n.defaultEncoding!==void 0){if(!["utf-8","utf8","ascii","base64","hex"].includes(n.defaultEncoding))t.push(`Invalid defaultEncoding: ${n.defaultEncoding}`)}if(n.maxConcurrency!==void 0){if(!Number.isInteger(n.maxConcurrency)||n.maxConcurrency<1)t.push("maxConcurrency must be a positive integer");if(n.maxConcurrency>50)o.push("maxConcurrency > 50 may cause performance issues")}if(n.defaultCreateDir!==void 0&&typeof n.defaultCreateDir!=="boolean")t.push("defaultCreateDir must be a boolean");if(n.defaultRecursive!==void 0&&typeof n.defaultRecursive!=="boolean")t.push("defaultRecursive must be a boolean");if(c&&!r.allowUnknownKeys){let i=["defaultEncoding","defaultCreateDir","defaultRecursive","maxConcurrency"],a=Object.keys(n);for(let e of a)if(!i.includes(e))t.push(`Unknown configuration key: ${e}`)}return{isValid:t.length===0,errors:t,warnings:o}},ab=(n,r=Wi)=>{let t=ae(n);if(!t.isValid)throw or("CONFIG_VALIDATION_FAILED",`Configuration validation failed: ${t.errors.join(", ")}`,void 0,"mergeConfig");return{...r,...n}},eb=(n)=>{let r=(i)=>({read:Boolean(i&4),write:Boolean(i&2),execute:Boolean(i&1)}),t=n>>6&7,o=n>>3&7,c=n&7;return{owner:r(t),group:r(o),others:r(c)}},sb=(n)=>{return Number.isInteger(n)&&n>=0&&n<=511};var zc=b(()=>{Wi={defaultEncoding:"utf-8",defaultCreateDir:!0,defaultRecursive:!0,maxConcurrency:5},ef=["B","KB","MB","GB","TB"]});import{copyFile as _f,rename as df,unlink as sh}from"fs/promises";import{basename as fb,dirname as lb,extname as fh,join as lh}from"path";var ee,_h=(n,r=".tmp")=>{let t=Vn(n),o=Date.now(),c=Math.random().toString(36).substring(2,8);return`${t}${r}.${o}.${c}`},_b=(n,r,t=!0)=>{let o=Vn(n),c=r?Vn(r):lb(o),i=fb(o),a=fh(i),e=fb(i,a),s=t?`.${new Date().toISOString().replace(/[:.]/g,"-")}`:"",f=`${e}.backup${s}${a}`;return lh(c,f)},Vi=async({path:n,data:r,tempSuffix:t=ee.tempSuffix,backup:o=ee.backup,sync:c=ee.sync})=>{let i=Vn(n),a=_h(i,t),e;try{if(await gt(pt(i)),o){if(await Bun.file(i).exists())e=_b(i),await _f(i,e)}let s=await Bun.write(a,r);return await df(a,i),{success:!0,bytesWritten:s,tempPath:a,backupPath:e}}catch(s){try{await sh(a)}catch{}throw or("ATOMIC_WRITE_FAILED",`Atomic write failed: ${s}`,i,"atomicWrite")}},db=async(n,r,t={})=>{let o=JSON.stringify(r,null,2);return Vi({path:n,data:o,...t})},uf=async({sourcePath:n,backupDir:r,keepOriginal:t=!0,timestamp:o=ee.timestamp})=>{let c=Vn(n);if(!await Bun.file(c).exists())throw or("SOURCE_NOT_FOUND",`Source file not found: ${n}`,c,"createBackup");let a=_b(c,r,o);if(await gt(lb(a)),t)await _f(c,a);else await df(c,a);return a},bf=async(n,r,t=!1)=>{let o=Vn(n),c=Vn(r);if(!await Bun.file(o).exists())throw or("BACKUP_NOT_FOUND",`Backup file not found: ${n}`,o,"restoreFromBackup");try{if(await gt(pt(c)),t)await df(o,c);else await _f(o,c);return!0}catch(a){return console.error(`Error restoring from backup ${n}:`,a),!1}},ub=async(n,r,t={})=>{let o=Vn(n),c=Bun.file(o),i;try{if(await c.exists())i=await uf({sourcePath:o,keepOriginal:!0,timestamp:!0});let a=await c.exists()?await c.text():"",e=await r(a),s=await Vi({path:o,data:e,backup:!1,...t});return{success:s.success,bytesWritten:s.bytesWritten,tempPath:s.tempPath,backupPath:i}}catch(a){if(i)try{await bf(i,o,!1)}catch(e){console.error("Rollback failed:",e)}throw a}},bb=async(n)=>{let r=[],t=[];for(let o of n)try{let c=await Vi(o);r.push(c)}catch(c){t.push({operation:o,error:c})}return{successful:r,failed:t}};var gb=b(()=>{zc();ee={tempSuffix:".tmp",backup:!1,sync:!0,timestamp:!0}});import{chmod as dh,stat as uh}from"fs/promises";var bh,So=async(n,r)=>{let t=Vn(n);if(!sb(r))throw or("INVALID_PERMISSION_MODE",`Invalid permission mode: ${r.toString(8)}`,t,"setFilePermissions");try{return await dh(t,r),!0}catch(o){return console.error(`Error setting permissions for ${n}:`,o),!1}},Io=async(n)=>{let r=Vn(n);try{let o=(await uh(r)).mode&511,c=eb(o);return{path:r,mode:o,owner:c.owner,group:c.group,others:c.others}}catch(t){throw or("PERMISSION_READ_FAILED",`Failed to read permissions: ${t}`,r,"getFilePermissions")}},wb=async(n,r)=>{try{return((await Io(n)).mode&r)===r}catch{return!1}},mb=async(n)=>{let t=(await Io(n)).mode|256;return So(n,t)},hb=async(n)=>{let t=(await Io(n)).mode|128;return So(n,t)},$b=async(n)=>{let t=(await Io(n)).mode|64;return So(n,t)},Ab=async(n)=>{let t=(await Io(n)).mode&-147;return So(n,t)},Eb=async(n,r)=>{let t=bh[r];return So(n,t)};var Sb=b(()=>{zc();bh={OWNER_READ_WRITE:384,OWNER_ALL:448,GROUP_READ:416,GROUP_READ_WRITE:432,ALL_READ:420,ALL_READ_WRITE:438,ALL_READ_EXECUTE:493,ALL_FULL:511,READ_ONLY:292,EXECUTABLE:493}});var gh,se=async(n,r={})=>{let t=Vn(n),o={...gh,...r};await gt(pt(t));let i=Bun.file(t).writer({highWaterMark:o.highWaterMark}),a=!1;return{write:(s)=>{if(a)throw or("WRITER_CLOSED","Cannot write to closed writer",t,"streamWrite");try{let f=i.write(s);if(o.autoFlush)i.flush();return f}catch(f){throw or("WRITE_FAILED",`Failed to write chunk: ${f}`,t,"streamWrite")}},flush:()=>{if(a)return 0;try{return i.flush()}catch(s){throw or("FLUSH_FAILED",`Failed to flush writer: ${s}`,t,"streamFlush")}},end:async(s)=>{if(a)return 0;try{let f=await i.end(s);return a=!0,f}catch(f){throw a=!0,or("END_FAILED",`Failed to end writer: ${f}`,t,"streamEnd")}},ref:()=>{if(!a)i.ref()},unref:()=>{if(!a)i.unref()}}},gf=async(n,r,t={})=>{let o=await se(n,t),c=0;try{for(let i of r){let a=o.write(i);c+=a}return await o.flush(),await o.end(),c}catch(i){try{await o.end(i)}catch{}throw i}},Rb=async(n,r,t={})=>{let o=Vn(n),c=Bun.file(o),i=await c.exists()?await c.arrayBuffer():new ArrayBuffer(0),a=[];if(i.byteLength>0)a.push(i);return a.push(...r),gf(o,a,t)},Db=async(n,r,t={})=>{let o=Vn(n),c=Bun.file(o);if(!await c.exists())throw or("SOURCE_NOT_FOUND",`Source file not found: ${n}`,o,"copyFileStream");let i=c.stream(),a=await se(r,t),e=0;try{let s=i.getReader();while(!0){let{done:f,value:d}=await s.read();if(f)break;let l=a.write(d);e+=l}return await a.flush(),await a.end(),e}catch(s){try{await a.end(s)}catch{}throw s}},kb=async(n,r)=>{let t=Vn(n),o=Bun.file(t);if(!await o.exists())throw or("FILE_NOT_FOUND",`File not found: ${n}`,t,"readFileStream");let i=o.stream().getReader();try{while(!0){let{done:a,value:e}=await i.read();if(a)break;await r(e)}}finally{i.releaseLock()}};var Mb=b(()=>{zc();gh={highWaterMark:1048576,autoFlush:!0,closeOnEnd:!0}});import{readdir as wh,rm as mh,rmdir as hh,stat as $h}from"fs/promises";import{extname as Ah,join as Eh}from"path";class Ro{static instance;config;constructor(){this.config={...Wi}}static getInstance(){if(!Ro.instance)Ro.instance=new Ro;return Ro.instance}async createFile({dir:n,name:r,data:t,options:o={}}){let c=Vn(Eh(n,r));if(o.createDir!==!1)await gt(pt(c));let i=o.type?new Blob([t],{type:o.type}):t;return await Bun.write(c,i)}async createJsonFile(n,r,t){let o=ff(r,".json"),c=ie(t);return this.createFile({dir:n,name:o,data:c,options:{type:"application/json"}})}async createDirectory({path:n}){await gt(n)}async readFile({path:n,format:r="text"}){let t=Vn(n),o=Bun.file(t);if(!await o.exists())throw or("FILE_NOT_FOUND",`File not found: ${n}`,t,"readFile");switch(r){case"text":return await o.text();case"json":return await o.json();case"buffer":return await o.arrayBuffer();case"bytes":return await o.bytes();case"stream":return o.stream();default:return await o.text()}}async readJsonFile(n){return this.readFile({path:n,format:"json"})}async getFileInfo(n){let r=Vn(n),t=Bun.file(r),o=n.split("/").pop()||n,c=null;try{c=await $h(r)}catch{}return{name:o,path:r,size:t.size,type:t.type,exists:await t.exists(),extension:Ah(o),createdAt:c?.birthtime,modifiedAt:c?.mtime}}async readDirectory({path:n,recursive:r=!1}){let t=Vn(n);return await wh(t,{recursive:r,encoding:"utf8"})}async getFilesByExtension(n,r){let t=await this.readDirectory({path:n}),o=r.startsWith(".")?r:`.${r}`;return t.filter((c)=>c.endsWith(o))}async updateFile({path:n,data:r,mode:t="overwrite"}){let o=Vn(n);if(t==="append"){let i=await this.readFile({path:n,format:"text"})+r;return await Bun.write(o,i)}return await Bun.write(o,r)}async updateJsonFile(n,r,t=!1){let o=r;if(t)try{let c=await this.readJsonFile(n);if(typeof c==="object"&&c!==null&&!Array.isArray(c)&&typeof r==="object"&&r!==null&&!Array.isArray(r))o={...c,...r}}catch{}return this.updateFile({path:n,data:ie(o),mode:"overwrite"})}async appendToFile(n,r){return this.updateFile({path:n,data:r,mode:"append"})}async deleteFile(n){try{let r=Vn(n);return await Bun.file(r).delete(),!0}catch(r){return console.error(`Error deleting file ${n}:`,r),!1}}async deleteDirectory({path:n,recursive:r=!1}){try{let t=Vn(n);if(r)await mh(t,{recursive:!0,force:!0});else await hh(t);return!0}catch(t){return console.error(`Error deleting directory ${n}:`,t),!1}}async deleteFiles(n){let r=await lf(n,async(c)=>{if(!await this.deleteFile(c))throw Error(`Failed to delete: ${c}`);return c}),t=[],o=[];for(let c=0;c<r.length;c++){let i=r[c],a=n[c];if(i?.status==="fulfilled")t.push(a||"");else o.push(a||"")}return{success:t,failed:o}}async exists(n){let r=Vn(n);return await Bun.file(r).exists()}async copyFile(n,r){let t=Vn(n),o=Vn(r),c=Bun.file(t);if(!await c.exists())throw or("SOURCE_NOT_FOUND",`Source file not found: ${n}`,t,"copyFile");return await gt(pt(o)),await Bun.write(o,c)}async moveFile(n,r){try{return await this.copyFile(n,r),await this.deleteFile(n),!0}catch(t){return console.error(`Error moving file from ${n} to ${r}:`,t),!1}}getFormattedFileSize(n){return sf(n)}getConfig(){return{...this.config}}updateConfig(n){let r=ae(n);if(r.isValid){let t=ab(n,this.config);Object.assign(this.config,t)}return r}validateConfiguration(n){return ae(n)}async createStreamWriter(n,r={}){return se(n,r)}async writeStream(n,r,t={}){return gf(n,r,t)}async appendStream(n,r,t={}){return Rb(n,r,t)}async copyFileStream(n,r,t={}){return Db(n,r,t)}async readFileStream(n,r){return kb(n,r)}async setPermissions(n,r){return So(n,r)}async setPermissionsAdvanced(n){return So(n.path,n.mode)}async getPermissions(n){return Io(n)}async checkPermissions(n,r){return wb(n,r)}async makeFileReadable(n){return mb(n)}async makeFileWritable(n){return hb(n)}async makeFileExecutable(n){return $b(n)}async makeFileReadOnly(n){return Ab(n)}async setCommonPermission(n,r){return Eb(n,r)}async atomicWrite(n){return Vi(n)}async atomicJsonWrite(n,r,t={}){return db(n,r,t)}async createFileBackup(n){return uf(n)}async restoreFileFromBackup(n,r,t=!1){return bf(n,r,t)}async safeFileUpdate(n,r,t={}){return ub(n,r,t)}async batchAtomicOperations(n){return bb(n)}}var wf=b(()=>{gb();Sb();Mb();zc()});var Xt;var fe=b(()=>{wf();zc();wf();Xt=Ro.getInstance()});import{Pool as KM}from"pg";var Hb=()=>{};var zb=b(()=>{z0();fe();Hb();vt()});function hf(n,r){let t=(n.get("cookie")?.split(";")||[]).reduce((o,c)=>{let[i,a]=c.trim().split("=");if(i&&a)o[i]=a;return o},{});return{access_token:t[r.access_token]||n.get("authorization")?.split(" ")[1],refresh_token:t[r.refresh_token],session_token:t[r.session_token]}}function $f(n){if(!n.redis){console.log("Redis not configured, skipping");return}if(n.redis.withDapr){mf=new tr({withDapr:!0,stateStoreName:n.redis.stateStoreName});return}let r=n.redis.url?process.env[n.redis.url]:void 0,t=n.redis.host?process.env[n.redis.host]:void 0,o=n.redis.port?parseInt(process.env[n.redis.port]||"",10):void 0;mf=new tr({url:r,host:t,port:Number.isNaN(o)?void 0:o})}function le(){return mf}function wt(n){if(typeof n==="number")return n;if(!n||n.trim()==="")throw Error("Time string cannot be empty");let r=n.trim().match(/^(\d+(?:\.\d+)?)\s*([smhdwMy])$/);if(!r||!r[1]||!r[2])throw Error(`Invalid time format: "${n}". Expected format: "75s", "10m", "2h", "1d", "1w", "2M", "1y"`);let t=parseFloat(r[1]),o=r[2],i={s:1,m:60,h:3600,d:86400,w:604800,M:2592000,y:31536000}[o];if(i===void 0)throw Error(`Unknown time unit: "${o}"`);let a=Math.floor(t*i);if(a<=0)throw Error(`Time value must be positive: "${n}"`);return a}function Ub({sessionData:n,options:r,refreshTokenId:t,roles:o,claims:c}){let i=r.authentication?.accessToken?.secret;if(!i)throw Error("Access token secret env name is not configured");let a=process.env[i];if(!a)throw Error(`Access token secret env "${i}" is not set`);return Di({subject:n.userId,issuer:r.authentication?.accessToken?.issuer,audience:r.authentication?.accessToken?.audience,algorithm:r.authentication?.accessToken?.algorithm,expiresInSeconds:wt(r.authentication?.accessToken?.expiresIn??"15m"),sessionId:n.id,customClaims:{refreshTokenId:t,...o&&o.length>0?{roles:o}:{},...c&&c.length>0?{claims:c}:{}}},a)}function It(n,r){return n?{entityName:n.entity_name,entityId:n.entity_id===" - "?null:n.entity_id,operation:n.operation_type,userId:n.user_id==="unknown"?null:n.user_id,summary:r,ipAddress:n.ip_address,userAgent:n.user_agent,path:n.path,query:n.query}:void 0}function Sh(n){let r={},t={};for(let[o,c]of Object.entries(n)){let i=o.match(/^(\w+)\[\d*\]\[(\w+)\]$/),a=i?.[1],e=i?.[2];if(a&&e){if(!t[a])t[a]={};let s=t[a];if(!s[e])s[e]=[];let f=s[e];if(Array.isArray(c))for(let d of c)f.push(d);else f.push(c)}else r[o]=c}for(let[o,c]of Object.entries(t)){let i=Object.keys(c);if(i.length===0)continue;let a=Math.max(...i.map((s)=>(c[s]||[]).length)),e=[];for(let s=0;s<a;s++){let f={};for(let d of i)f[d]=(c[d]||[])[s];e.push(f)}r[o]=e}return r}function Af(n){let r=Sh(n),t=(a)=>{if(a===void 0||a===null)return;if(typeof a==="object")return a;if(typeof a==="string")try{return JSON.parse(a)}catch{return}return},o=r.page?parseInt(r.page,10):1,c=r.limit?parseInt(r.limit,10):20,i=r.offset?parseInt(r.offset,10):(o-1)*c;return{page:o,limit:c,offset:i,search:r.search,searchFields:r.searchFields?r.searchFields.split(","):void 0,filters:t(r.filters),sort:t(r.sort),select:r.select?r.select.split(","):void 0,with:t(r.with),distinct:r.distinct==="true",distinctOn:r.distinctOn?r.distinctOn.split(","):void 0}}function Wb(n,r,t,o){let c=Math.ceil(o/r),i=n<c,a=n>1;return{page:n,limit:r,offset:t,totalItems:o,totalPages:c,hasNextPage:i,hasPrevPage:a,nextPage:i?n+1:null,prevPage:a?n-1:null}}function Dh(n){let r=["varchar","char","text","uuid","citext","bit","varbit"],t=["integer","smallint","bigint","serial","smallserial","bigserial","real","doublePrecision","numeric","decimal"],o=["boolean"];if(r.includes(n))return(c)=>({valid:typeof c==="string",expectedType:"string"});if(t.includes(n))return(c)=>({valid:typeof c==="number",expectedType:"number"});if(o.includes(n))return(c)=>({valid:typeof c==="boolean",expectedType:"boolean"});if(n==="json"||n==="jsonb")return(c)=>({valid:typeof c==="object",expectedType:"object"});return()=>({valid:!0,expectedType:"any"})}function Do(n,r,t=!1){let o=[];for(let c of r){let i=n[c.name]??n[c.name.replace(/_([a-z])/g,(s,f)=>f.toUpperCase())],a=c.notNull&&!c.nullable&&c.default===void 0&&!c.defaultRaw;if(i===void 0||i===null){if(a&&!t)o.push({field:c.name,message:c.validation?.customMessage||`${c.name} is required`});continue}let e=Dh(c.type)(i);if(!e.valid){o.push({field:c.name,message:c.validation?.customMessage||`${c.name} must be of type ${e.expectedType}`});continue}if(typeof i==="string"){let s=i.length;if(c.length&&s>c.length)o.push({field:c.name,message:c.validation?.customMessage||`${c.name} exceeds max length of ${c.length}`});if(c.validation?.minLength&&s<c.validation.minLength)o.push({field:c.name,message:c.validation.customMessage||`${c.name} must be at least ${c.validation.minLength} characters`});if(c.validation?.maxLength&&s>c.validation.maxLength)o.push({field:c.name,message:c.validation.customMessage||`${c.name} must be at most ${c.validation.maxLength} characters`});if(c.validation?.pattern){if(!new RegExp(c.validation.pattern).test(i))o.push({field:c.name,message:c.validation.customMessage||`${c.name} does not match required pattern`})}if(c.validation?.format){let f=Rh[c.validation.format];if(f&&!f.test(i))o.push({field:c.name,message:c.validation.customMessage||`${c.name} must be a valid ${c.validation.format}`})}}if(typeof i==="number"){if(c.validation?.min!==void 0&&i<c.validation.min)o.push({field:c.name,message:c.validation.customMessage||`${c.name} must be at least ${c.validation.min}`});if(c.validation?.max!==void 0&&i>c.validation.max)o.push({field:c.name,message:c.validation.customMessage||`${c.name} must be at most ${c.validation.max}`})}if(c.enumValues&&c.enumValues.length>0){if(!c.enumValues.includes(i))o.push({field:c.name,message:c.validation?.customMessage||`${c.name} must be one of: ${c.enumValues.join(", ")}`})}}return{valid:o.length===0,errors:o}}function Mh(n){return n.replace(/[&<>"'`=/]/g,(r)=>kh[r]||r)}function Hh(n){return n.replace(/<[^>]*>/g,"")}function zh(n){let r=n.split("@"),t=r[0],o=r[1];if(!t||!o)return n;let c=t.split("+")[0];if(!c)return n;return`${c.replace(/\./g,"")}@${o.toLowerCase()}`}function Bh(n){return n.toLowerCase().trim().replace(/[^\w\s-]/g,"").replace(/[\s_-]+/g,"-").replace(/^-+|-+$/g,"")}function Uh(n,r){if(n===null||n===void 0)return n;switch(r){case"trim":return typeof n==="string"?n.trim():n;case"lowercase":return typeof n==="string"?n.toLowerCase():n;case"uppercase":return typeof n==="string"?n.toUpperCase():n;case"escapeHtml":return typeof n==="string"?Mh(n):n;case"stripTags":return typeof n==="string"?Hh(n):n;case"normalizeEmail":return typeof n==="string"?zh(n):n;case"toNumber":if(typeof n==="number")return n;if(typeof n==="string"){let t=Number(n);return Number.isNaN(t)?n:t}return n;case"toBoolean":if(typeof n==="boolean")return n;if(typeof n==="string"){let t=n.toLowerCase();if(t==="true"||t==="1"||t==="yes")return!0;if(t==="false"||t==="0"||t==="no")return!1}if(typeof n==="number")return n!==0;return n;case"slugify":return typeof n==="string"?Bh(n):n;default:return n}}function ko(n,r){let t={},o=(c)=>c.replace(/_([a-z])/g,(i,a)=>a.toUpperCase());for(let c of Object.keys(n)){let i=n[c],a=c.replace(/[A-Z]/g,(f)=>`_${f.toLowerCase()}`),e=r.find((f)=>f.name===c||f.name===a);if(e?.sanitize&&e.sanitize.length>0)for(let f of e.sanitize)i=Uh(i,f);let s=c.includes("_")?o(c):c;t[s]=i}return t}async function Vb(n,r,t){let o=new tr,c=`${Vh}${n}`,i=`${Wh}${n}:${r}`,a=await o.read(i);if(a.success&&a.data)return{success:!0,accessToken:a.data,fromCache:!0};let e=await o.acquireLock(c,Yh);if(!e.success)return{success:!1,error:e.error};if(e.data)try{let l=t();return await o.create(i,l,Bb),{success:!0,accessToken:l,fromCache:!1}}finally{await o.releaseLock(c)}let s=await o.waitForLock(c,Jh,50);if(!s.success)return{success:!1,error:s.error};if(!s.data)return{success:!1,error:"Lock wait timeout"};let f=await o.read(i);if(f.success&&f.data)return{success:!0,accessToken:f.data,fromCache:!0};let d=t();return await o.create(i,d,Bb),{success:!0,accessToken:d,fromCache:!1}}function Yb(n){let r=[],t={};if(n.database?.url){let o=process.env[n.database.url];if(!o)r.push({field:"database.url",envName:n.database.url,message:`Environment variable "${n.database.url}" is not set. Please set it in your .env file.`});else t.databaseUrl=o}if(n.redis&&!n.redis.withDapr)if(n.redis.url){let o=process.env[n.redis.url];if(!o)r.push({field:"redis.url",envName:n.redis.url,message:`Environment variable "${n.redis.url}" is not set. Please set it in your .env file.`});else t.redisUrl=o}else{if(n.redis.host){if(!process.env[n.redis.host])r.push({field:"redis.host",envName:n.redis.host,message:`Environment variable "${n.redis.host}" is not set. Please set it in your .env file.`})}if(n.redis.port){if(!process.env[n.redis.port])r.push({field:"redis.port",envName:n.redis.port,message:`Environment variable "${n.redis.port}" is not set. Please set it in your .env file.`})}}if(n.authentication?.enabled){if(!n.authentication.mode)r.push({field:"authentication.mode",envName:"",message:'authentication.mode is required when authentication is enabled. Use "full" for IDP/standalone services, "consumer" for resource servers.'});if(n.authentication.accessToken?.secret){let c=process.env[n.authentication.accessToken.secret];if(!c)r.push({field:"authentication.accessToken.secret",envName:n.authentication.accessToken.secret,message:`Environment variable "${n.authentication.accessToken.secret}" is not set. Please set it in your .env file.`});else t.accessTokenSecret=c}else r.push({field:"authentication.accessToken.secret",envName:"",message:"authentication.accessToken.secret is required when authentication is enabled."});let o=n.authentication.mode==="consumer";if(n.authentication.refreshToken?.secret){let c=process.env[n.authentication.refreshToken.secret];if(!c)r.push({field:"authentication.refreshToken.secret",envName:n.authentication.refreshToken.secret,message:`Environment variable "${n.authentication.refreshToken.secret}" is not set. Please set it in your .env file.`});else t.refreshTokenSecret=c}else if(!o)r.push({field:"authentication.refreshToken.secret",envName:"",message:"authentication.refreshToken.secret is required when authentication is enabled."});if(n.authentication.sessionToken?.secret){let c=process.env[n.authentication.sessionToken.secret];if(!c)r.push({field:"authentication.sessionToken.secret",envName:n.authentication.sessionToken.secret,message:`Environment variable "${n.authentication.sessionToken.secret}" is not set. Please set it in your .env file.`});else t.sessionTokenSecret=c}else if(!o)r.push({field:"authentication.sessionToken.secret",envName:"",message:"authentication.sessionToken.secret is required when authentication is enabled."})}if(n.authentication?.oauth?.enabled&&n.authentication.oauth.providers){let o={};for(let[c,i]of Object.entries(n.authentication.oauth.providers)){if(!i)continue;let{clientId:a,clientSecret:e,redirectUri:s}=i,f=process.env[a],d=process.env[e],l=process.env[s]??s;if(!f)r.push({field:`authentication.oauth.providers.${c}.clientId`,envName:a,message:`Environment variable "${a}" is not set (OAuth ${c} clientId).`});if(!d)r.push({field:`authentication.oauth.providers.${c}.clientSecret`,envName:e,message:`Environment variable "${e}" is not set (OAuth ${c} clientSecret).`});if(f&&d)o[c]={clientId:f,clientSecret:d,redirectUri:l,scopes:i.scopes,authorizationUrl:i.authorizationUrl,tokenUrl:i.tokenUrl,userInfoUrl:i.userInfoUrl,extraAuthParams:i.extraAuthParams}}if(Object.keys(o).length>0)t.oauthProviders=o}return{valid:r.length===0,errors:r,resolved:t}}async function Jb(n,r){let{Pool:t}=await import("pg"),c=new URL(n).pathname.replace("/","");if(!c)return;let i=new URL(n);i.pathname="/postgres";let a=new t({connectionString:i.toString()});try{if((await a.query("SELECT 1 FROM pg_database WHERE datname = $1",[c])).rowCount===0)r.info(`[Database] Creating database "${c}"...`),await a.query(`CREATE DATABASE "${c}" TEMPLATE template0`),r.info(`[Database] Database "${c}" created successfully`);else r.info(`[Database] Database "${c}" exists`)}catch(e){let s=e instanceof Error?e.message:String(e);r.warn(`[Database] Could not auto-create database: ${s}`)}finally{await a.end()}}var mf=null,Rh,kh,Wh="access_token:",Vh="refresh_lock:",Yh=5,Jh=3000,Bb=60;var _e=b(()=>{zb();of();Rh={email:/^[^\s@]+@[^\s@]+\.[^\s@]+$/,url:/^https?:\/\/.+/,uuid:/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i,date:/^\d{4}-\d{2}-\d{2}$/,datetime:/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}/,time:/^\d{2}:\d{2}:\d{2}$/,uri:/^[a-z][a-z0-9+.-]*:/i,ipv4:/^(\d{1,3}\.){3}\d{1,3}$/,ipv6:/^([0-9a-f]{1,4}:){7}[0-9a-f]{1,4}$/i};kh={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#x27;","/":"&#x2F;","`":"&#96;","=":"&#x3D;"}});import de from"path";import Xh,{t as ue}from"elysia";function Ef(n){if(!n)return yo;return{enabled:n.enabled??yo.enabled,basePath:n.basePath??yo.basePath,cacheMaxAge:n.cacheMaxAge??yo.cacheMaxAge,enableRangeRequests:n.enableRangeRequests??yo.enableRangeRequests,enableEtag:n.enableEtag??yo.enableEtag,corsOrigins:n.corsOrigins??yo.corsOrigins}}function Lh(n){let r=["image/","video/","audio/","text/","application/pdf"];for(let t of r)if(n.startsWith(t)||n===t)return"inline";return"attachment"}function Qh(n){return n.replace(/[^A-Za-z0-9._-]+/g,"_").replace(/_{2,}/g,"_").slice(0,200)}function Sf(n){let{cdn:r,storagePath:t,logger:o,getFileRecord:c}=n,i=new Xh({prefix:r.basePath});if(!r.enabled)return i;return i.get("/:id",async({params:a,request:e,set:s})=>{let{id:f}=a,d=e.headers.get("x-schema-name")||void 0,l,w,g;if(c){let A=await c(f,d);if(!A)return s.status=404,{success:!1,message:"File not found"};l=de.join(A.path,A.name),w=A.name,g=A.mimeType||A.mime_type||"application/octet-stream"}else l=de.join(t,f),w=f,g="application/octet-stream";if(!await Xt.exists(l))return s.status=404,{success:!1,message:"Physical file not found"};let m=await Xt.getFileInfo(l),_=new Date(m.modifiedAt||Date.now()).toUTCString(),S=r.enableEtag?`"${m.size}-${m.modifiedAt?.getTime()||Date.now()}"`:void 0,h={"Cache-Control":`public, max-age=${r.cacheMaxAge}`,"Last-Modified":_};if(S)h.ETag=S;if(r.corsOrigins.length>0)h["Access-Control-Allow-Origin"]=r.corsOrigins[0]==="*"?"*":r.corsOrigins.join(", "),h["Access-Control-Allow-Methods"]="GET, HEAD, OPTIONS";let E=e.headers.get("if-none-match");if(S&&E===S)return new Response(null,{status:304,headers:h});let V=Bun.file(l),Y=e.headers.get("range");if(r.enableRangeRequests&&Y){let A=Y.match(/bytes=(\d*)-(\d*)/);if(!A)return s.status=416,new Response("Range not satisfiable",{status:416,headers:{"Content-Range":`bytes */${m.size}`,"Content-Type":g,...h}});let M=A[1]||"0",z=A[2]||"",L=parseInt(M,10),O=z?parseInt(z,10):m.size-1;if(L>=m.size||O>=m.size||L>O)return new Response("Range not satisfiable",{status:416,headers:{"Content-Range":`bytes */${m.size}`,"Content-Type":g,...h}});let B=O-L+1,W=V.slice(L,O+1);return new Response(W,{status:206,headers:{"Content-Range":`bytes ${L}-${O}/${m.size}`,"Accept-Ranges":"bytes","Content-Length":B.toString(),"Content-Type":g,...h}})}let H=Lh(g),D=Qh(w),R=encodeURIComponent(w),$=`${H}; filename="${D}"; filename*=UTF-8''${R}`;return new Response(V,{status:200,headers:{"Content-Length":m.size.toString(),"Content-Type":g,"Accept-Ranges":r.enableRangeRequests?"bytes":"none","Content-Disposition":$,...h}})},{params:ue.Object({id:ue.String()}),detail:{tags:["CDN"],summary:"Get file by ID",description:"Serve file with streaming, range requests, and caching support"}}),i.head("/:id",async({params:a,request:e,set:s})=>{let{id:f}=a,d=e.headers.get("x-schema-name")||void 0,l,w;if(c){let h=await c(f,d);if(!h)return s.status=404,new Response(null,{status:404});l=de.join(h.path,h.name),w=h.mime_type||"application/octet-stream"}else l=de.join(t,f),w="application/octet-stream";if(!await Xt.exists(l))return s.status=404,new Response(null,{status:404});let u=await Xt.getFileInfo(l),m=new Date(u.modifiedAt||Date.now()).toUTCString(),_=r.enableEtag?`"${u.size}-${u.modifiedAt?.getTime()||Date.now()}"`:void 0,S={"Content-Length":u.size.toString(),"Content-Type":w,"Accept-Ranges":r.enableRangeRequests?"bytes":"none","Cache-Control":`public, max-age=${r.cacheMaxAge}`,"Last-Modified":m};if(_)S.ETag=_;if(r.corsOrigins.length>0)S["Access-Control-Allow-Origin"]=r.corsOrigins[0]==="*"?"*":r.corsOrigins.join(", "),S["Access-Control-Allow-Methods"]="GET, HEAD, OPTIONS";return new Response(null,{status:200,headers:S})},{params:ue.Object({id:ue.String()}),detail:{tags:["CDN"],summary:"Get file metadata",description:"Get file headers without body for preflight checks"}}),o.info(`[CDN] Routes enabled at ${r.basePath}`),i}var yo;var Xb=b(()=>{fe();yo={enabled:!0,basePath:"/cdn",cacheMaxAge:86400,enableRangeRequests:!0,enableEtag:!0,corsOrigins:["*"]}});import{randomUUID as Oh}from"crypto";import Rf from"path";function Yi(n){if(!n)return yt;return{enabled:n.enabled??yt.enabled,basePath:n.basePath??yt.basePath,maxFileSizeBytes:n.maxFileSizeBytes??yt.maxFileSizeBytes,allowedMimeTypes:n.allowedMimeTypes??yt.allowedMimeTypes,blockedMimeTypes:n.blockedMimeTypes??yt.blockedMimeTypes,formData:{filesField:n.formData?.filesField??yt.formData.filesField,dataField:n.formData?.dataField??yt.formData.dataField,maxFiles:n.formData?.maxFiles??yt.formData.maxFiles}}}function Ji(n,r){let t={data:{},files:[]};if(!n||typeof n!=="object")return t;let o=n,c=o[r.formData.dataField];if(c){if(typeof c==="string")try{t.data=JSON.parse(c)}catch{t.data={}}else if(typeof c==="object")t.data=c}let i=o[r.formData.filesField];if(i){if(i instanceof File)t.files=[i];else if(Array.isArray(i))t.files=i.filter((a)=>a instanceof File)}return t}function Df(n,r){if(n.size>r.maxFileSizeBytes)return{valid:!1,error:`File ${n.name} exceeds maximum size of ${r.maxFileSizeBytes} bytes`};if(r.blockedMimeTypes.length>0&&r.blockedMimeTypes.includes(n.type))return{valid:!1,error:`File type ${n.type} is not allowed`};if(r.allowedMimeTypes.length>0&&!r.allowedMimeTypes.includes(n.type))return{valid:!1,error:`File type ${n.type} is not in allowed list`};return{valid:!0}}async function kf(n,r,t){let o=Oh(),c=Rf.extname(n.name),i=`${o}${c}`,a=t?Rf.join(r.basePath,t):r.basePath,e=await n.arrayBuffer(),s=new Uint8Array(e);return await Xt.createFile({dir:a,name:i,data:s,options:{type:n.type,createDir:!0}}),{id:o,name:i,originalName:n.name,path:a,mimeType:n.type,size:n.size,createdAt:new Date}}async function Xi(n,r,t){let o=[],c=[];for(let i of n.slice(0,r.formData.maxFiles)){let a=Df(i,r);if(!a.valid){c.push({file:i.name,error:a.error||"Unknown error"});continue}try{let e=await kf(i,r,t);o.push(e)}catch(e){c.push({file:i.name,error:e instanceof Error?e.message:"Upload failed"})}}return{success:o,failed:c}}async function Lb(n,r){try{let t=Rf.join(n,r);return await Xt.deleteFile(t)}catch{return!1}}var yt;var Qb=b(()=>{fe();yt={enabled:!1,basePath:"./uploads",maxFileSizeBytes:104857600,allowedMimeTypes:[],blockedMimeTypes:["application/x-executable","application/x-msdos-program"],formData:{filesField:"files",dataField:"data",maxFiles:10}}});var Ob={};go(Ob,{validateFile:()=>Df,uploadFiles:()=>Xi,uploadFile:()=>kf,parseFormDataBody:()=>Ji,mergeStorageConfig:()=>Yi,mergeCdnConfig:()=>Ef,deleteFile:()=>Lb,createCdnRoutes:()=>Sf});var be=b(()=>{Xb();Qb()});import{eq as Pf,sql as to}from"drizzle-orm";import{Elysia as V3,t as Cf}from"elysia";function Se(n,r="public"){let{db:t,logger:o,usersTable:c}=n,i=new V3;return i.post("/auth/admin/change-user-id",async(a)=>{if(!t||!c)return{success:!1,message:"Database not configured"};let e=a.request.headers.get("x-user-id");if(!e)return a.set.status=401,{success:!1,message:"Unauthorized"};let f=(await t.select().from(c).where(Pf(c.id,e)).limit(1))[0];if(!f||!f.isGod)return a.set.status=403,{success:!1,message:"Forbidden: godmin privileges required"};let{currentId:d,newId:l}=a.body;if(!d||!l)return a.set.status=400,{success:!1,message:"currentId and newId are required"};if(d===l)return a.set.status=400,{success:!1,message:"New ID must be different from current ID"};if(!/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(l))return a.set.status=400,{success:!1,message:"newId must be a valid UUID"};let u=(await t.select().from(c).where(Pf(c.id,d)).limit(1))[0];if(!u)return a.set.status=404,{success:!1,message:"User not found"};if((await t.select().from(c).where(Pf(c.id,l)).limit(1)).length>0)return a.set.status=409,{success:!1,message:"A user with this ID already exists"};try{let _=await t.execute(to`
 					SELECT
 						tc.constraint_name,
 						tc.table_name,
@@ -76,19 +76,19 @@ var p2=Object.create;var{getPrototypeOf:I2,defineProperty:hi,getOwnPropertyNames
 						AND ccu.table_name = 'users'
 						AND ccu.column_name = 'id'
 						AND tc.table_schema = ${r}
-				`),h=(Array.isArray(_)?_:_.rows||[]).map((B)=>{let L=B;return{constraint_name:String(L.constraint_name||""),table_name:String(L.table_name||""),column_name:String(L.column_name||""),delete_rule:String(L.delete_rule||"NO ACTION")}}),E=await t.execute(to`
+				`),h=(Array.isArray(_)?_:_.rows||[]).map((B)=>{let W=B;return{constraint_name:String(W.constraint_name||""),table_name:String(W.table_name||""),column_name:String(W.column_name||""),delete_rule:String(W.delete_rule||"NO ACTION")}}),E=await t.execute(to`
 					SELECT table_name, column_name
 					FROM information_schema.columns
 					WHERE column_name = 'user_id'
 						AND table_schema = ${r}
 						AND table_name != 'users'
-				`),V=(Array.isArray(E)?E:E.rows||[]).map((B)=>{let L=B;return{table_name:String(L.table_name||""),column_name:String(L.column_name||"")}}),H=await t.execute(to`
+				`),Y=(Array.isArray(E)?E:E.rows||[]).map((B)=>{let W=B;return{table_name:String(W.table_name||""),column_name:String(W.column_name||"")}}),H=await t.execute(to`
 					SELECT table_name, column_name
 					FROM information_schema.columns
 					WHERE column_name IN ('created_by', 'updated_by')
 						AND table_schema = ${r}
 						AND data_type = 'uuid'
-				`),R=(Array.isArray(H)?H:H.rows||[]).map((B)=>{let L=B;return{table_name:String(L.table_name||""),column_name:String(L.column_name||"")}}),$=await t.execute(to`
+				`),R=(Array.isArray(H)?H:H.rows||[]).map((B)=>{let W=B;return{table_name:String(W.table_name||""),column_name:String(W.column_name||"")}}),$=await t.execute(to`
 					SELECT c1.table_name
 					FROM information_schema.columns c1
 					JOIN information_schema.columns c2
@@ -98,12 +98,12 @@ var p2=Object.create;var{getPrototypeOf:I2,defineProperty:hi,getOwnPropertyNames
 						AND c2.column_name = 'owner_type'
 						AND c1.table_schema = ${r}
 						AND c1.data_type = 'uuid'
-				`),M=(Array.isArray($)?$:$.rows||[]).map((B)=>String(B.table_name||""));o.info("[AUTH] Change User ID - discovered schema references",{fkConstraints:h.map((B)=>`${B.table_name}.${B.column_name} (${B.constraint_name})`),userIdColumns:V.map((B)=>`${B.table_name}.${B.column_name}`),auditColumns:R.map((B)=>`${B.table_name}.${B.column_name}`),polyTables:M});let z=new Map,X=(B,L)=>{if(!z.has(B))z.set(B,new Set);z.get(B)?.add(L)};for(let B of h)X(B.table_name,B.column_name);for(let B of V)X(B.table_name,B.column_name);for(let B of R)X(B.table_name,B.column_name);o.info("[AUTH] Change User ID - all column updates to execute",{updates:Array.from(z.entries()).map(([B,L])=>`${B}: [${Array.from(L).join(", ")}]`)}),await t.transaction(async(B)=>{for(let L of h)await B.execute(to.raw(`ALTER TABLE "${r}"."${L.table_name}" DROP CONSTRAINT "${L.constraint_name}"`));await B.execute(to.raw(`UPDATE "${r}"."users" SET "id" = '${l}' WHERE "id" = '${d}'`));for(let[L,G]of z.entries())for(let j of G)await B.execute(to.raw(`UPDATE "${r}"."${L}" SET "${j}" = '${l}' WHERE "${j}" = '${d}'`));for(let L of M)await B.execute(to.raw(`UPDATE "${r}"."${L}" SET "owner_id" = '${l}' WHERE "owner_id" = '${d}' AND "owner_type" IN ('user', 'users', 'User')`));for(let L of h){let G=L.delete_rule==="CASCADE"?"ON DELETE CASCADE":L.delete_rule==="SET NULL"?"ON DELETE SET NULL":"";await B.execute(to.raw(`ALTER TABLE "${r}"."${L.table_name}" ADD CONSTRAINT "${L.constraint_name}" FOREIGN KEY ("${L.column_name}") REFERENCES "${r}"."users" ("id") ${G}`))}});let O=[...new Set([...h.map((B)=>B.table_name),...V.map((B)=>B.table_name),...R.map((B)=>B.table_name),...M])];return o.info("[AUTH] User ID changed successfully",{godminId:e,currentId:d,newId:l,email:u.email,affectedTables:O,fkConstraintsDroppedAndReadded:h.length}),await o.audit({entityName:"users",entityId:l,operation:"CHANGE_USER_ID",userId:e,summary:`Godmin changed user ID: ${d} \u2192 ${l} (${u.email})`,oldValues:{id:d},newValues:{id:l},ipAddress:a.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||"unknown",userAgent:a.request.headers.get("user-agent")||"unknown",path:new URL(a.request.url).pathname,query:""}),{success:!0,data:{oldId:d,newId:l,email:u.email,affectedTables:O}}}catch(_){return o.error("[AUTH] Failed to change user ID",{error:_ instanceof Error?_.message:String(_),stack:_ instanceof Error?_.stack:void 0,currentId:d,newId:l}),a.set.status=500,{success:!1,message:_ instanceof Error?_.message:"Failed to change user ID"}}},{body:Cf.Object({currentId:Cf.String(),newId:Cf.String()}),detail:{tags:["Authentication"],summary:"Change User ID",description:"Godmin: change a user's UUID while preserving all FK relations, audit columns, and polymorphic references"}}),i}var qf=()=>{};import{eq as Ff}from"drizzle-orm";import{Elysia as Y3,t as Hg}from"elysia";function Re(n,r,t,o,c,i){let{db:a,logger:e,usersTable:s}=n,f=new Y3,d={accessTokenName:i?.accessTokenName||"access_token",refreshTokenName:i?.refreshTokenName||"refresh_token",sessionTokenName:i?.sessionTokenName||"session_token",accessTokenMaxAge:i?.accessTokenMaxAge||900,refreshTokenMaxAge:i?.refreshTokenMaxAge||604800,sessionTokenMaxAge:i?.sessionTokenMaxAge||900,secure:i?.secure??!0,sameSite:i?.sameSite||"strict",path:i?.path||"/"};return f.post("/auth/admin/impersonate",async(l)=>{if(!a||!s)return{success:!1,message:"Database not configured"};let w=l.request.headers.get("x-user-id");if(!w)return l.set.status=401,{success:!1,message:"Unauthorized"};let{targetUserId:g}=l.body,m=(await a.select().from(s).where(Ff(s.id,w)).limit(1))[0];if(!m||!m.isGod)return l.set.status=403,{success:!1,message:"Forbidden: godmin privileges required"};if(w===g)return l.set.status=400,{success:!1,message:"Cannot impersonate yourself"};let S=(await a.select().from(s).where(Ff(s.id,g)).limit(1))[0];if(!S)return l.set.status=404,{success:!1,message:"Target user not found"};let h=r(g),E=t(g),W=l.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||"unknown",V={userId:g,deviceInfo:{deviceName:"Impersonation Session",browserName:"Admin",osName:"Admin",ipAddress:W},loginMethod:"impersonation"},H=await o(V);if(c)await c(H,V);e.info("[AUTH] Impersonation started",{godminId:w,targetUserId:g,targetEmail:S.email}),await e.audit({entityName:"users",entityId:g,operation:"IMPERSONATE_START",userId:w,summary:`Godmin ${m.email} started impersonating ${S.email}`,ipAddress:l.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||"unknown",userAgent:l.request.headers.get("user-agent")||"unknown",path:new URL(l.request.url).pathname,query:""});let D=d.secure?"; Secure":"",R=`; Path=${d.path}; HttpOnly; SameSite=${d.sameSite}${D}`,$=[`${d.accessTokenName}=${h}${R}; Max-Age=${d.accessTokenMaxAge}`,`${d.refreshTokenName}=${E}${R}; Max-Age=${d.refreshTokenMaxAge}`,`${d.sessionTokenName}=${H}${R}; Max-Age=${d.sessionTokenMaxAge}`,`nucleus_impersonating_as=${g}${R}; Max-Age=${d.sessionTokenMaxAge}`,`nucleus_godmin_id=${w}${R}; Max-Age=${d.sessionTokenMaxAge}`,`nucleus_impersonating_email=${encodeURIComponent(String(S.email))}${R}; Max-Age=${d.sessionTokenMaxAge}`],A=JSON.stringify({success:!0,data:{targetUser:{id:S.id,email:S.email},godminId:w,sessionId:H}}),M=new Headers;M.set("Content-Type","application/json");for(let z of $)M.append("Set-Cookie",z);return new Response(A,{status:200,headers:M})},{body:Hg.Object({targetUserId:Hg.String()}),detail:{tags:["Authentication"],summary:"Impersonate User",description:"Godmin: start a session as another user"}}),f.post("/auth/admin/impersonate/stop",async(l)=>{if(!a||!s)return{success:!1,message:"Database not configured"};let w=l.request.headers.get("cookie")||"",u=Object.fromEntries(w.split(";").map((z)=>{let[X,...O]=z.trim().split("=");return[X?.trim(),O.join("=")]})).nucleus_godmin_id;if(!u)return l.set.status=400,{success:!1,message:"No active impersonation session"};let _=(await a.select().from(s).where(Ff(s.id,u)).limit(1))[0];if(!_)return l.set.status=404,{success:!1,message:"Godmin user not found"};let S=r(u),h=t(u),E=l.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||"unknown",W={userId:u,deviceInfo:{deviceName:"Restored Admin Session",browserName:"Admin",osName:"Admin",ipAddress:E},loginMethod:"impersonation_stop"},V=await o(W);if(c)await c(V,W);e.info("[AUTH] Impersonation stopped",{godminId:u}),await e.audit({entityName:"users",entityId:u,operation:"IMPERSONATE_STOP",userId:u,summary:`Godmin ${_.email} stopped impersonation`,ipAddress:l.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||"unknown",userAgent:l.request.headers.get("user-agent")||"unknown",path:new URL(l.request.url).pathname,query:""});let H=d.secure?"; Secure":"",D=`; Path=${d.path}; HttpOnly; SameSite=${d.sameSite}${H}`,R=`; Path=${d.path}; HttpOnly; SameSite=${d.sameSite}${H}; Max-Age=0`,$=[`${d.accessTokenName}=${S}${D}; Max-Age=${d.accessTokenMaxAge}`,`${d.refreshTokenName}=${h}${D}; Max-Age=${d.refreshTokenMaxAge}`,`${d.sessionTokenName}=${V}${D}; Max-Age=${d.sessionTokenMaxAge}`,`nucleus_impersonating_as=deleted${R}`,`nucleus_godmin_id=deleted${R}`,`nucleus_impersonating_email=deleted${R}`],A=JSON.stringify({success:!0,data:{godminUser:{id:_.id,email:_.email},sessionId:V}}),M=new Headers;M.set("Content-Type","application/json");for(let z of $)M.append("Set-Cookie",z);return new Response(A,{status:200,headers:M})},{detail:{tags:["Authentication"],summary:"Stop Impersonation",description:"Godmin: restore own session after impersonation"}}),f}var jf=()=>{};import{Elysia as J3,t as Jr}from"elysia";function zg(n){let{captchaService:r,logger:t,basePath:o="/auth/captcha"}=n,c=new J3;if(!r.isEnabled())return c;return c.get(`${o}/generate`,async(i)=>{let{type:a,difficulty:e}=i.query,s=i.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||i.request.headers.get("x-real-ip")?.trim()||i.request.headers.get("cf-connecting-ip")?.trim()||"unknown",f=await r.generate(a,e,s);if(f.rateLimited)return i.set.status=429,{success:!1,message:f.message??"Too many requests. Please try again later."};return t.info("[CAPTCHA] Challenge generated via endpoint",{challengeId:f.challengeId,type:f.type,ipAddress:s}),{success:!0,data:{challengeId:f.challengeId,type:f.type,question:f.question,expiresAt:f.expiresAt,...f.imageData?{imageData:f.imageData}:{},...f.puzzleData?{puzzleData:{pieces:f.puzzleData.pieces}}:{}}}},{query:X3,detail:{tags:["Captcha"],summary:"Generate Captcha",description:"Generate a new captcha challenge"}}),c.post(`${o}/validate`,async(i)=>{let{challengeId:a,answer:e}=i.body,s=await r.validate(a,e);if(!s.valid)i.set.status=400;return s},{body:L3,detail:{tags:["Captcha"],summary:"Validate Captcha",description:"Validate a captcha answer"}}),c}var X3,L3;var Bg=b(()=>{X3=Jr.Object({type:Jr.Optional(Jr.Union([Jr.Literal("math"),Jr.Literal("image"),Jr.Literal("puzzle"),Jr.Literal("text")])),difficulty:Jr.Optional(Jr.Union([Jr.Literal("easy"),Jr.Literal("medium"),Jr.Literal("hard")]))}),L3=Jr.Object({challengeId:Jr.String(),answer:Jr.String()})});function Ug(n,r){let{db:t,logger:o}=n,c=r.route||"/auth/check";return(i)=>i.post(c,async(a)=>{let{body:e,request:s,set:f}=a,d=s.headers.get("x-user-id");if(!d)return f.status=401,{isSuccess:!1,message:"Unauthenticated",data:null};if(!t)return f.status=503,{isSuccess:!1,message:"Authorization service unavailable",data:null};let l=n.schemaTables;if(!l)return f.status=503,{isSuccess:!1,message:"Authorization tables not available",data:null};let{entity:w,method:g,fields:u,relations:m}=e;if(!w||!g)return f.status=400,{isSuccess:!1,message:"entity and method are required",data:null};let _=await pa({userId:d,method:g,entity:w,requestedFields:u,requestedRelations:m,db:t,schemaTables:l,logger:o});return{isSuccess:!0,message:_.authorized?"Authorized":"Forbidden",data:{authorized:_.authorized,reason:_.reason,allowedFields:_.allowedFields,allowedRelations:_.allowedRelations,scopeFilters:_.scopeFilters}}},{detail:{tags:["Auth"],summary:"Check authorization for a given entity and method",description:"Allows consumer/resource servers to perform full claim checks (including scope) against the IDP's authorization system."}})}var Wg=b(()=>{N0()});import Q3 from"crypto";var{password:O3}=globalThis.Bun;async function Wo(n){return await O3.hash(n,{algorithm:"bcrypt",cost:10})}function De(){return Q3.randomBytes(32).toString("hex")}function Fc(n){let r=n.match(/^(\d+)(s|m|h|d)$/);if(!r||!r[1]||!r[2])return 86400000;let t=Number.parseInt(r[1],10);switch(r[2]){case"s":return t*1000;case"m":return t*60*1000;case"h":return t*60*60*1000;case"d":return t*24*60*60*1000;default:return 86400000}}function Vg(n){let r=[];if(n.length<8)r.push("Password must be at least 8 characters");if(!/[A-Z]/.test(n))r.push("Password must contain uppercase letter");if(!/[a-z]/.test(n))r.push("Password must contain lowercase letter");if(!/[0-9]/.test(n))r.push("Password must contain a number");return{valid:r.length===0,errors:r}}var jc=()=>{};import{sql as ke}from"drizzle-orm";import{Elysia as G3,t as Me}from"elysia";function He(n){let{authConfig:r,registerConfig:t,emailService:o,appName:c}=n,{db:i,logger:a,usersTable:e}=r,s=new G3;if(!t.enabled||!t.emailVerification?.enabled)return s;let f="/verify-email",d="/resend-verification";return s.get(f,async(l)=>{if(!i||!e)return{success:!1,message:"Database not configured"};let w=l.query.token;if(!w)return{success:!1,message:"Verification token is required"};let g=await i.select().from(e).where(ke`email_verification_token = ${w}`).limit(1);if(g.length===0)return a.warn("[AUTH] Email verification failed - invalid token"),{success:!1,message:"Invalid or expired verification token"};let u=g[0],m=u.emailVerificationTokenExpiresAt;if(m&&new Date>new Date(m))return a.warn("[AUTH] Email verification failed - token expired",{userId:u.id,email:u.email}),{success:!1,message:"Verification token has expired. Please request a new one."};if(await i.update(e).set({verifiedAt:new Date,emailVerificationToken:null,emailVerificationTokenExpiresAt:null}).where(ke`id = ${u.id}`),a.info("[AUTH] Email verified successfully",{userId:u.id,email:u.email}),t.emailVerification?.templates?.welcome?.enabled&&o?.isAvailable())o.sendWelcomeEmail(u.email,u.email.split("@")[0]||"User",c||"Nucleus").catch((S)=>{a.error("[AUTH] Failed to send welcome email after verification",{email:u.email,error:S})});return{success:!0,message:"Email verified successfully. You can now log in.",data:{redirectUrl:t.emailVerification?.redirectUrl||"/login",verified:!0}}},{query:Me.Object({token:Me.String()}),detail:{tags:["Authentication"],summary:"Verify Email",description:"Verify user email address using the verification token"}}),s.post(d,async(l)=>{if(!i||!e)return{success:!1,message:"Database not configured"};if(!o?.isAvailable())return{success:!1,message:"Email service not available"};let{email:w}=l.body,g=await i.select().from(e).where(ke`email = ${w}`).limit(1);if(g.length===0)return{success:!0,message:"If your email is registered, you will receive a verification email."};let u=g[0];if(u.verifiedAt)return{success:!1,message:"Email is already verified"};let m=t.emailVerification?.maxResendAttempts||3,_=u.emailVerificationAttempts||0;if(_>=m)return a.warn("[AUTH] Resend verification failed - max attempts reached",{email:w,attempts:_}),{success:!1,message:"Maximum resend attempts reached. Please contact support.",data:{maxAttemptsReached:!0,attemptsUsed:_,maxAttempts:m}};let S=t.emailVerification?.resendCooldown||"60s",h=Fc(S),E=u.emailVerificationSentAt;if(E){let A=Date.now()-new Date(E).getTime();if(A<h){let M=Math.ceil((h-A)/1000);return{success:!1,message:`Please wait ${M} seconds before requesting another verification email.`,data:{cooldownRemaining:M,canResendAt:new Date(Date.now()+M*1000).toISOString()}}}}let W=De(),V=t.emailVerification?.tokenExpiresIn||"24h",H=new Date(Date.now()+Fc(V));await i.update(e).set({emailVerificationToken:W,emailVerificationTokenExpiresAt:H,emailVerificationSentAt:new Date,emailVerificationAttempts:_+1}).where(ke`id = ${u.id}`);let R=`${(t.emailVerification?.redirectUrl||"http://localhost:3000/login").replace("/login","/verify-email")}?token=${W}`,$=await o.sendVerificationEmail(w,w.split("@")[0]||"User",R,c||"Nucleus");if($.success)return a.info("[AUTH] Verification email resent",{email:w}),{success:!0,message:"Verification email sent. Please check your inbox.",data:{cooldownSeconds:Math.ceil(h/1000),canResendAt:new Date(Date.now()+h).toISOString(),attemptsRemaining:m-(_+1)}};return a.error("[AUTH] Failed to resend verification email",{email:w,error:$.error}),{success:!1,message:"Failed to send verification email. Please try again later."}},{body:Me.Object({email:Me.String({format:"email"})}),detail:{tags:["Authentication"],summary:"Resend Verification Email",description:"Resend the email verification link to the user"}}),s}var Kf=b(()=>{jc()});import Yg from"crypto";function Kc(){return Yg.randomBytes(32).toString("hex")}function St(n){return Yg.createHash("sha256").update(n).digest("hex")}function vc(n){let r=n.match(/^(\d+)(s|m|h|d)$/);if(!r?.[1]||!r[2])return 900000;let t=parseInt(r[1],10);switch(r[2]){case"s":return t*1000;case"m":return t*60*1000;case"h":return t*60*60*1000;case"d":return t*24*60*60*1000;default:return 900000}}var Ki=()=>{};import{eq as N3}from"drizzle-orm";import{Elysia as x3,t as ze}from"elysia";function Be(n,r,t,o,c,i){let{db:a,logger:e,usersTable:s}=n,f=r.route||"/auth/invite",d=r.tokenExpiresIn||"7d",l=r.redirectUrl||"",w=new x3;if(!r.enabled)return w;if(w.post(f,async(g)=>{if(!a||!s)return{success:!1,message:"Database not configured"};if(!t?.isAvailable())return e.error("[AUTH] Invite requested but email service not available"),{success:!1,message:"Email service not available"};let{email:u}=g.body,m=await a.select().from(s).where(N3(s.email,u)).limit(1),_;if(m.length>0){let H=m[0];if(H.verifiedAt||H.password)return e.warn("[AUTH] Invite failed - user already verified",{email:u}),{success:!1,message:"User with this email is already verified"};_=H.id,e.info("[AUTH] Resending invitation to existing unverified user",{userId:_,email:u})}else{let H={email:u,password:null,emailVerified:!1,isLocked:!1,createdAt:new Date,updatedAt:new Date},R=(await a.insert(s).values(H).returning())[0];if(!R)return e.error("[AUTH] Failed to create invited user",{email:u}),{success:!1,message:"Failed to create user"};_=R.id,e.info("[AUTH] Invited user created",{userId:_,email:u})}let S=Kc(),h=St(S),E=new Date(Date.now()+vc(d));await o({userId:_,email:u,tokenHash:h,expiresAt:E});let W=l?`${l}?token=${S}&invite=true`:`/auth/magic-link/verify?token=${S}`,V=await t.sendInvitationEmail(u,W,c||"Nucleus");if(!V.success)return e.error("[AUTH] Failed to send invitation email",{email:u,error:V.error}),{success:!0,message:"User created but failed to send invitation email",data:{id:_,email:u}};return e.info("[AUTH] Invitation email sent",{email:u,userId:_}),{success:!0,message:"Invitation sent successfully",data:{id:_,email:u}}},{body:P3,detail:{tags:["Authentication"],summary:"Invite User",description:"Invite a new user by sending them an email with a magic link to set their password"}}),i)w.post(`${f}/verify`,async(g)=>{let{token:u}=g.body;if(!u)return{success:!1,message:"Token is required"};let m=St(u),_=await i(m);if(!_)return e.warn("[AUTH] Invalid invite verify token"),{success:!1,message:"Invalid or expired token"};if(new Date>_.expiresAt)return e.warn("[AUTH] Expired invite verify token",{email:_.email}),{success:!1,message:"Invalid or expired token"};return e.info("[AUTH] Invite token verified (not consumed)",{email:_.email,userId:_.userId}),{success:!0,data:{userId:_.userId,email:_.email}}},{body:ze.Object({token:ze.String()}),detail:{tags:["Authentication"],summary:"Verify Invite Token",description:"Validate an invite token without consuming it. Returns user info if valid."}});return w}var P3;var vf=b(()=>{Ki();P3=ze.Object({email:ze.String({format:"email"})})});import{t as nr}from"elysia";var Zf,C3;var pf=b(()=>{Zf=nr.Object({email:nr.String({format:"email"}),password:nr.String({minLength:1}),rememberMe:nr.Optional(nr.Boolean()),captchaId:nr.Optional(nr.String()),captchaAnswer:nr.Optional(nr.String()),deviceHint:nr.Optional(nr.String())}),C3=nr.Object({success:nr.Boolean(),message:nr.Optional(nr.String()),data:nr.Optional(nr.Object({user:nr.Object({id:nr.String(),email:nr.String()}),accessToken:nr.String(),refreshToken:nr.String()}))})});var{password:q3}=globalThis.Bun;async function Ue(n,r){try{return await q3.verify(n,r)}catch{return!1}}function We(n,r,t){let o=n.toLowerCase(),c=["headlesschrome","headless","phantomjs","nightmare","selenium","webdriver","puppeteer","playwright"],i=["bot","crawler","spider","scraper","curl","wget","python-requests","python-urllib","java/","httpclient","go-http-client","node-fetch","axios","postman","insomnia","httpie"],a=c.some((_)=>o.includes(_)),e=i.some((_)=>o.includes(_)),s=a||e,f=[];if(a)f.push("headless_browser");if(e)f.push("bot_user_agent");if(!o||o.length<10)f.push("missing_or_short_ua");if(o==="mozilla/5.0")f.push("generic_ua");if(o.includes("nucleusserveraction")||o.includes("serveraction"))f.push("server_action");let d="unknown";if(o.includes("ipad"))d="tablet";else if(o.includes("iphone"))d="mobile";else if(o.includes("macintosh")||o.includes("windows")&&!o.includes("windows phone")||o.includes("linux")&&!o.includes("android"))d="desktop";else if(o.includes("tablet")||o.includes("android")&&o.includes("tablet"))d="tablet";else if(o.includes("mobile")||o.includes("android"))d="mobile";let l,w;if(a)l="Headless Browser";else if(e)l="Bot/Crawler";else if(o.includes("chrome")&&!o.includes("edg")){l="Chrome";let _=n.match(/Chrome\/(\d+\.\d+)/i);if(_?.[1])w=_[1]}else if(o.includes("firefox")){l="Firefox";let _=n.match(/Firefox\/(\d+\.\d+)/i);if(_?.[1])w=_[1]}else if(o.includes("safari")&&!o.includes("chrome")){l="Safari";let _=n.match(/Version\/(\d+\.\d+)/i);if(_?.[1])w=_[1]}else if(o.includes("edg")){l="Edge";let _=n.match(/Edg\/(\d+\.\d+)/i);if(_?.[1])w=_[1]}let g,u;if(o.includes("windows nt 10"))g="Windows",u="10/11";else if(o.includes("windows nt"))g="Windows";else if(o.includes("mac os x")){g="macOS";let _=n.match(/Mac OS X (\d+[._]\d+)/i);if(_?.[1])u=_[1].replace("_",".")}else if(o.includes("android")){g="Android";let _=n.match(/Android (\d+\.?\d*)/i);if(_?.[1])u=_[1]}else if(o.includes("iphone")||o.includes("ipad")){g="iOS";let _=n.match(/OS (\d+[._]\d+)/i);if(_?.[1])u=_[1].replace("_",".")}else if(o.includes("linux"))g="Linux";return{deviceName:l&&g?`${l} on ${g}`:"Unknown Device",deviceType:d,browserName:l,browserVersion:w,osName:g,osVersion:u,ipAddress:r,userAgent:n,deviceHint:t,locationCountry:void 0,locationCity:void 0,isHeadless:a,isBot:e,isSuspicious:s,suspiciousPatterns:f}}var Ve=()=>{};import{eq as If}from"drizzle-orm";import{Elysia as F3}from"elysia";function Ye(n,r,t,o,c,i,a,e,s){let{db:f,logger:d,usersTable:l}=n,w=r.route||"/auth/login",g={accessTokenName:a?.accessTokenName||"access_token",refreshTokenName:a?.refreshTokenName||"refresh_token",sessionTokenName:a?.sessionTokenName||"session_token",accessTokenMaxAge:a?.accessTokenMaxAge||900,refreshTokenMaxAge:a?.refreshTokenMaxAge||604800,sessionTokenMaxAge:a?.sessionTokenMaxAge||900,secure:a?.secure??!0,httpOnly:a?.httpOnly??!0,sameSite:a?.sameSite||"strict",path:a?.path||"/",domain:a?.domain},u=new F3;if(!r.enabled)return u;return u.post(w,async(m)=>{if(!f||!l)return{success:!1,message:"Database not configured"};let{email:_,password:S,rememberMe:h,captchaId:E,captchaAnswer:W,deviceHint:V}=m.body;if(s?.isEnabled()){if(!E||!W)return m.set.status=400,{success:!1,message:"Captcha is required"};let rn=await s.validate(E,W);if(!rn.valid)return m.set.status=400,{success:!1,message:rn.message||"Invalid captcha",attemptsRemaining:rn.attemptsRemaining}}let D=(await f.select().from(l).where(If(l.email,_)).limit(1))[0],R=new URL(m.request.url),$=m.request.headers.get("cf-connecting-ip")?.trim()||m.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||m.request.headers.get("x-real-ip")?.trim()||"unknown",A=m.request.headers.get("user-agent")||"unknown";if(!D)return d.warn("[AUTH] Login failed - user not found",{email:_}),await d.audit({entityName:"users",operation:"LOGIN_FAILED",summary:`Login failed: user not found (${_})`,ipAddress:$,userAgent:A,path:R.pathname,query:R.search}),{success:!1,message:"Invalid email or password"};if(D.isLocked)return d.warn("[AUTH] Login failed - account locked",{email:_,userId:D.id}),await d.audit({entityName:"users",entityId:D.id,operation:"LOGIN_FAILED",userId:D.id,summary:`Login failed: account locked (${_})`,ipAddress:$,userAgent:A,path:R.pathname,query:R.search}),{success:!1,message:"Account is locked"};if(!await Ue(S,D.password)){let rn=(D.failedLoginAttempts||0)+1;return await f.update(l).set({failedLoginAttempts:rn,isLocked:rn>=5,lockedUntil:rn>=5?new Date(Date.now()+1800000):null}).where(If(l.id,D.id)),d.warn("[AUTH] Login failed - invalid password",{email:_,failedAttempts:rn}),await d.audit({entityName:"users",entityId:D.id,operation:"LOGIN_FAILED",userId:D.id,summary:`Login failed: invalid password (${_}, attempt ${rn})`,ipAddress:$,userAgent:A,path:R.pathname,query:R.search}),{success:!1,message:"Invalid email or password"}}await f.update(l).set({failedLoginAttempts:0,lastLoginAt:new Date,loginCount:(D.loginCount||0)+1}).where(If(l.id,D.id));let z={};m.request.headers.forEach((rn,Hn)=>{z[Hn]=rn}),d.info("[AUTH] Login request headers",{headers:z});let X=m.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim(),O=(rn)=>!rn||rn==="127.0.0.1"||rn==="::1"||rn==="localhost"||rn.startsWith("10.")||rn.startsWith("192.168.")||rn.startsWith("172."),B=m.request.headers.get("cf-connecting-ip")?.trim()||m.request.headers.get("true-client-ip")?.trim()||(!O(X)?X:void 0)||m.request.headers.get("x-real-ip")?.trim()||m.request.headers.get("x-client-ip")?.trim()||X||"127.0.0.1",L=m.request.headers.get("user-agent")||"Unknown Browser";d.info("[AUTH] Parsed device info",{ipAddress:B,userAgent:L});let G=We(L,B,V);try{if(!O(B)){let rn=await fetch(`http://ip-api.com/json/${B}?fields=country,city`);if(rn.ok){let Hn=await rn.json();if(Hn.country)G.locationCountry=Hn.country;if(Hn.city)G.locationCity=Hn.city}}}catch{}let j=[],N=[],x=n.userRolesTable,I=n.rolesTable,Q=n.roleClaimsTable,v=n.claimsTable;if(f&&x&&I)try{let{eq:rn,inArray:Hn}=await import("drizzle-orm"),Kn=(await f.select().from(x).where(rn(x.userId,D.id))).map((Lr)=>Lr.roleId);if(Kn.length>0){if(j=(await f.select().from(I).where(Hn(I.id,Kn))).map((Fr)=>Fr.name),Q&&v){let Fr=await f.select().from(Q).innerJoin(v,rn(Q.claimId,v.id)).where(Hn(Q.roleId,Kn)),wr=new Set;for(let dr of Fr){let Sa=dr.claims?.action;if(Sa)wr.add(Sa)}N=Array.from(wr)}}}catch{}let C=t(D.id,j.length>0?j:void 0,N.length>0?N:void 0),y=o(D.id),p=m.request.headers.get("origin")||m.request.headers.get("referer")?.replace(/\/[^/]*$/,"")||void 0,F={userId:D.id,deviceInfo:G,loginMethod:"password",rememberMe:h,requestOrigin:p},nn=await c(F),cn=!1,hn=nn;if(i){let rn=await i(nn,F);if(rn?.requiresApproval){if(cn=!0,rn.sessionId)hn=rn.sessionId}}if(cn)return m.set.status=202,new Response(JSON.stringify({success:!1,requiresApproval:!0,sessionId:hn,message:"Login requires approval. Please check your email to approve this device."}),{status:202,headers:{"Content-Type":"application/json"}});d.info("[AUTH] Login successful",{userId:D.id,email:_,rememberMe:h}),await d.audit({entityName:"users",entityId:D.id,operation:"LOGIN",userId:D.id,summary:`${_} logged in successfully`,ipAddress:B,userAgent:L,path:R.pathname,query:R.search});let dn={accessToken:{setHeadersEnabled:e?.accessToken?.setHeadersEnabled??!0,returnJson:e?.accessToken?.returnJson??!0},refreshToken:{setHeadersEnabled:e?.refreshToken?.setHeadersEnabled??!0,returnJson:e?.refreshToken?.returnJson??!0},sessionToken:{setHeadersEnabled:e?.sessionToken?.setHeadersEnabled??!0,returnJson:e?.sessionToken?.returnJson??!0}},On=g.secure?"; Secure":"",vn=g.domain?`; Domain=${g.domain}`:"",ln=`; Path=${g.path}; HttpOnly; SameSite=${g.sameSite}${On}${vn}`,gr=[];if(dn.accessToken.setHeadersEnabled)gr.push(`${g.accessTokenName}=${C}${ln}; Max-Age=${g.accessTokenMaxAge}`);if(dn.refreshToken.setHeadersEnabled)gr.push(`${g.refreshTokenName}=${y}${ln}; Max-Age=${g.refreshTokenMaxAge}`);if(dn.sessionToken.setHeadersEnabled)gr.push(`${g.sessionTokenName}=${nn}${ln}; Max-Age=${g.sessionTokenMaxAge}`);m.set.headers["x-session-id"]=nn;let ot={user:{id:D.id,email:D.email}};if(dn.accessToken.returnJson)ot.accessToken=C;if(dn.refreshToken.returnJson)ot.refreshToken=y;if(dn.sessionToken.returnJson)ot.sessionId=nn;let Gn=JSON.stringify({success:!0,data:ot}),Yn=new Headers;Yn.set("Content-Type","application/json"),Yn.set("x-session-id",nn);for(let rn of gr)Yn.append("Set-Cookie",rn);return new Response(Gn,{status:200,headers:Yn})},{body:Zf,detail:{tags:["Authentication"],summary:"Login",description:"Authenticate user with email and password"}}),u}var yf=b(()=>{pf();Ve();pf()});function Jg(n){let r=n?.path||"/",t=n?.sameSite||"Strict",o=n?.secure!==!1?"; Secure":"",c=n?.domain?`; Domain=${n.domain}`:"",i=n?.accessTokenName||"access_token",a=n?.refreshTokenName||"refresh_token",e=n?.sessionTokenName||"session_token",s=`; Path=${r}; HttpOnly; SameSite=${t}${o}${c}; Max-Age=0`;return{"Set-Cookie":[`${i}=${s}`,`${a}=${s}`,`${e}=${s}`].join(", ")}}import{t as Je}from"elysia";var j3;var Xg=b(()=>{j3=Je.Object({success:Je.Boolean(),message:Je.Optional(Je.String())})});import{Elysia as K3}from"elysia";function Xe(n,r,t,o,c){let{logger:i}=n,a=r.route||"/auth/logout",e=new K3;if(!r.enabled)return e;return e.post(a,async(s)=>{let f=s.request.headers.get("x-session-id"),d=s.request.headers.get("x-user-id");if(f){if(await t(f),o)await o(f,"user_logout")}let l=Jg(c);for(let[g,u]of Object.entries(l))s.set.headers[g]=u;i.info("[AUTH] Logout successful",{userId:d,sessionId:f});let w=new URL(s.request.url);return i.audit({entityName:"users",entityId:d||void 0,operation:"LOGOUT",userId:d||void 0,summary:`User logged out${f?` (session: ${f.substring(0,8)}...)`:""}`,ipAddress:s.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||s.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:s.request.headers.get("user-agent")||"unknown",path:w.pathname,query:w.search}),{success:!0,message:"Logged out successfully"}},{detail:{tags:["Authentication"],summary:"Logout",description:"Logout and invalidate session"}}),e}var Tf=b(()=>{Xg()});var Ur={};go(Ur,{IsUndefined:()=>ir,IsUint8Array:()=>co,IsSymbol:()=>cl,IsString:()=>xn,IsRegExp:()=>Zi,IsObject:()=>Jn,IsNumber:()=>Zr,IsNull:()=>ol,IsIterator:()=>tl,IsFunction:()=>rl,IsDate:()=>ic,IsBoolean:()=>oo,IsBigInt:()=>vi,IsAsyncIterator:()=>nl,IsArray:()=>cr,HasPropertyKey:()=>Le});function Le(n,r){return r in n}function nl(n){return Jn(n)&&!cr(n)&&!co(n)&&Symbol.asyncIterator in n}function cr(n){return Array.isArray(n)}function vi(n){return typeof n==="bigint"}function oo(n){return typeof n==="boolean"}function ic(n){return n instanceof globalThis.Date}function rl(n){return typeof n==="function"}function tl(n){return Jn(n)&&!cr(n)&&!co(n)&&Symbol.iterator in n}function ol(n){return n===null}function Zr(n){return typeof n==="number"}function Jn(n){return typeof n==="object"&&n!==null}function Zi(n){return n instanceof globalThis.RegExp}function xn(n){return typeof n==="string"}function cl(n){return typeof n==="symbol"}function co(n){return n instanceof globalThis.Uint8Array}function ir(n){return n===void 0}function v3(n){return n.map((r)=>Qe(r))}function Z3(n){return new Date(n.getTime())}function p3(n){return new Uint8Array(n)}function I3(n){return new RegExp(n.source,n.flags)}function y3(n){let r={};for(let t of Object.getOwnPropertyNames(n))r[t]=Qe(n[t]);for(let t of Object.getOwnPropertySymbols(n))r[t]=Qe(n[t]);return r}function Qe(n){return cr(n)?v3(n):ic(n)?Z3(n):co(n)?p3(n):Zi(n)?I3(n):Jn(n)?y3(n):n}function Fn(n){return Qe(n)}var Or=()=>{};function Zc(n,r){return r===void 0?Fn(n):Fn({...r,...n})}var Oe=b(()=>{Or()});var il=b(()=>{Oe();Or()});function Lg(n){return n!==null&&typeof n==="object"}function Qg(n){return globalThis.Array.isArray(n)&&!globalThis.ArrayBuffer.isView(n)}function Og(n){return n===void 0}function Gg(n){return typeof n==="number"}var Ng=()=>{};var Ge;var xg=b(()=>{Ng();(function(n){n.InstanceMode="default",n.ExactOptionalPropertyTypes=!1,n.AllowArrayObject=!1,n.AllowNaN=!1,n.AllowNullVoid=!1;function r(a,e){return n.ExactOptionalPropertyTypes?e in a:a[e]!==void 0}n.IsExactOptionalProperty=r;function t(a){let e=Lg(a);return n.AllowArrayObject?e:e&&!Qg(a)}n.IsObjectLike=t;function o(a){return t(a)&&!(a instanceof Date)&&!(a instanceof Uint8Array)}n.IsRecordLike=o;function c(a){return n.AllowNaN?Gg(a):Number.isFinite(a)}n.IsNumberLike=c;function i(a){let e=Og(a);return n.AllowNullVoid?e||a===null:e}n.IsVoidLike=i})(Ge||(Ge={}))});function T3(n){return globalThis.Object.freeze(n).map((r)=>pi(r))}function nA(n){return n}function rA(n){return n}function tA(n){return n}function oA(n){let r={};for(let t of Object.getOwnPropertyNames(n))r[t]=pi(n[t]);for(let t of Object.getOwnPropertySymbols(n))r[t]=pi(n[t]);return globalThis.Object.freeze(r)}function pi(n){return cr(n)?T3(n):ic(n)?nA(n):co(n)?rA(n):Zi(n)?tA(n):Jn(n)?oA(n):n}var Pg=()=>{};function Y(n,r){let t=r!==void 0?{...r,...n}:n;switch(Ge.InstanceMode){case"freeze":return pi(t);case"clone":return Fn(t);default:return t}}var en=b(()=>{xg();Pg();Or()});var io=b(()=>{en()});var Dr;var Cg=b(()=>{Dr=class Dr extends Error{constructor(n){super(n)}}});var Gt=b(()=>{Cg()});var er,Rt,kr,st,q;var Ii=b(()=>{er=Symbol.for("TypeBox.Transform"),Rt=Symbol.for("TypeBox.Readonly"),kr=Symbol.for("TypeBox.Optional"),st=Symbol.for("TypeBox.Hint"),q=Symbol.for("TypeBox.Kind")});var fn=b(()=>{Ii()});function pc(n){return Jn(n)&&n[Rt]==="Readonly"}function Gr(n){return Jn(n)&&n[kr]==="Optional"}function al(n){return An(n,"Any")}function el(n){return An(n,"Argument")}function Dt(n){return An(n,"Array")}function ac(n){return An(n,"AsyncIterator")}function ec(n){return An(n,"BigInt")}function ao(n){return An(n,"Boolean")}function kt(n){return An(n,"Computed")}function Mt(n){return An(n,"Constructor")}function cA(n){return An(n,"Date")}function Ht(n){return An(n,"Function")}function zt(n){return An(n,"Integer")}function pn(n){return An(n,"Intersect")}function sc(n){return An(n,"Iterator")}function An(n,r){return Jn(n)&&q in n&&n[q]===r}function Ne(n){return oo(n)||Zr(n)||xn(n)}function pr(n){return An(n,"Literal")}function Ir(n){return An(n,"MappedKey")}function jn(n){return An(n,"MappedResult")}function Vo(n){return An(n,"Never")}function iA(n){return An(n,"Not")}function yi(n){return An(n,"Null")}function Bt(n){return An(n,"Number")}function ar(n){return An(n,"Object")}function fc(n){return An(n,"Promise")}function lc(n){return An(n,"Record")}function rr(n){return An(n,"Ref")}function sl(n){return An(n,"RegExp")}function eo(n){return An(n,"String")}function Ti(n){return An(n,"Symbol")}function yr(n){return An(n,"TemplateLiteral")}function aA(n){return An(n,"This")}function Yo(n){return Jn(n)&&er in n}function Tr(n){return An(n,"Tuple")}function na(n){return An(n,"Undefined")}function En(n){return An(n,"Union")}function eA(n){return An(n,"Uint8Array")}function sA(n){return An(n,"Unknown")}function fA(n){return An(n,"Unsafe")}function lA(n){return An(n,"Void")}function _A(n){return Jn(n)&&q in n&&xn(n[q])}function nt(n){return al(n)||el(n)||Dt(n)||ao(n)||ec(n)||ac(n)||kt(n)||Mt(n)||cA(n)||Ht(n)||zt(n)||pn(n)||sc(n)||pr(n)||Ir(n)||jn(n)||Vo(n)||iA(n)||yi(n)||Bt(n)||ar(n)||fc(n)||lc(n)||rr(n)||sl(n)||eo(n)||Ti(n)||yr(n)||aA(n)||Tr(n)||na(n)||En(n)||eA(n)||sA(n)||fA(n)||lA(n)||_A(n)}var kn=b(()=>{fn()});var k={};go(k,{TypeGuardUnknownTypeError:()=>qg,IsVoid:()=>Ww,IsUnsafe:()=>Uw,IsUnknown:()=>Bw,IsUnionLiteral:()=>AA,IsUnion:()=>_l,IsUndefined:()=>Hw,IsUint8Array:()=>zw,IsTuple:()=>Mw,IsTransform:()=>kw,IsThis:()=>Dw,IsTemplateLiteral:()=>Rw,IsSymbol:()=>Sw,IsString:()=>Ew,IsSchema:()=>Ar,IsRegExp:()=>Aw,IsRef:()=>$w,IsRecursive:()=>$A,IsRecord:()=>hw,IsReadonly:()=>gA,IsProperties:()=>xe,IsPromise:()=>mw,IsOptional:()=>wA,IsObject:()=>ww,IsNumber:()=>gw,IsNull:()=>bw,IsNot:()=>uw,IsNever:()=>dw,IsMappedResult:()=>_w,IsMappedKey:()=>lw,IsLiteralValue:()=>fw,IsLiteralString:()=>ew,IsLiteralNumber:()=>sw,IsLiteralBoolean:()=>hA,IsLiteral:()=>ta,IsKindOf:()=>mn,IsKind:()=>Vw,IsIterator:()=>aw,IsIntersect:()=>iw,IsInteger:()=>cw,IsImport:()=>mA,IsFunction:()=>ow,IsDate:()=>tw,IsConstructor:()=>rw,IsComputed:()=>nw,IsBoolean:()=>Tg,IsBigInt:()=>yg,IsAsyncIterator:()=>Ig,IsArray:()=>pg,IsArgument:()=>Zg,IsAny:()=>vg});function Fg(n){try{return new RegExp(n),!0}catch{return!1}}function fl(n){if(!xn(n))return!1;for(let r=0;r<n.length;r++){let t=n.charCodeAt(r);if(t>=7&&t<=13||t===27||t===127)return!1}return!0}function jg(n){return ll(n)||Ar(n)}function ra(n){return ir(n)||vi(n)}function Pn(n){return ir(n)||Zr(n)}function ll(n){return ir(n)||oo(n)}function Xn(n){return ir(n)||xn(n)}function uA(n){return ir(n)||xn(n)&&fl(n)&&Fg(n)}function bA(n){return ir(n)||xn(n)&&fl(n)}function Kg(n){return ir(n)||Ar(n)}function gA(n){return Jn(n)&&n[Rt]==="Readonly"}function wA(n){return Jn(n)&&n[kr]==="Optional"}function vg(n){return mn(n,"Any")&&Xn(n.$id)}function Zg(n){return mn(n,"Argument")&&Zr(n.index)}function pg(n){return mn(n,"Array")&&n.type==="array"&&Xn(n.$id)&&Ar(n.items)&&Pn(n.minItems)&&Pn(n.maxItems)&&ll(n.uniqueItems)&&Kg(n.contains)&&Pn(n.minContains)&&Pn(n.maxContains)}function Ig(n){return mn(n,"AsyncIterator")&&n.type==="AsyncIterator"&&Xn(n.$id)&&Ar(n.items)}function yg(n){return mn(n,"BigInt")&&n.type==="bigint"&&Xn(n.$id)&&ra(n.exclusiveMaximum)&&ra(n.exclusiveMinimum)&&ra(n.maximum)&&ra(n.minimum)&&ra(n.multipleOf)}function Tg(n){return mn(n,"Boolean")&&n.type==="boolean"&&Xn(n.$id)}function nw(n){return mn(n,"Computed")&&xn(n.target)&&cr(n.parameters)&&n.parameters.every((r)=>Ar(r))}function rw(n){return mn(n,"Constructor")&&n.type==="Constructor"&&Xn(n.$id)&&cr(n.parameters)&&n.parameters.every((r)=>Ar(r))&&Ar(n.returns)}function tw(n){return mn(n,"Date")&&n.type==="Date"&&Xn(n.$id)&&Pn(n.exclusiveMaximumTimestamp)&&Pn(n.exclusiveMinimumTimestamp)&&Pn(n.maximumTimestamp)&&Pn(n.minimumTimestamp)&&Pn(n.multipleOfTimestamp)}function ow(n){return mn(n,"Function")&&n.type==="Function"&&Xn(n.$id)&&cr(n.parameters)&&n.parameters.every((r)=>Ar(r))&&Ar(n.returns)}function mA(n){return mn(n,"Import")&&Le(n,"$defs")&&Jn(n.$defs)&&xe(n.$defs)&&Le(n,"$ref")&&xn(n.$ref)&&n.$ref in n.$defs}function cw(n){return mn(n,"Integer")&&n.type==="integer"&&Xn(n.$id)&&Pn(n.exclusiveMaximum)&&Pn(n.exclusiveMinimum)&&Pn(n.maximum)&&Pn(n.minimum)&&Pn(n.multipleOf)}function xe(n){return Jn(n)&&Object.entries(n).every(([r,t])=>fl(r)&&Ar(t))}function iw(n){return mn(n,"Intersect")&&(xn(n.type)&&n.type!=="object"?!1:!0)&&cr(n.allOf)&&n.allOf.every((r)=>Ar(r)&&!kw(r))&&Xn(n.type)&&(ll(n.unevaluatedProperties)||Kg(n.unevaluatedProperties))&&Xn(n.$id)}function aw(n){return mn(n,"Iterator")&&n.type==="Iterator"&&Xn(n.$id)&&Ar(n.items)}function mn(n,r){return Jn(n)&&q in n&&n[q]===r}function ew(n){return ta(n)&&xn(n.const)}function sw(n){return ta(n)&&Zr(n.const)}function hA(n){return ta(n)&&oo(n.const)}function ta(n){return mn(n,"Literal")&&Xn(n.$id)&&fw(n.const)}function fw(n){return oo(n)||Zr(n)||xn(n)}function lw(n){return mn(n,"MappedKey")&&cr(n.keys)&&n.keys.every((r)=>Zr(r)||xn(r))}function _w(n){return mn(n,"MappedResult")&&xe(n.properties)}function dw(n){return mn(n,"Never")&&Jn(n.not)&&Object.getOwnPropertyNames(n.not).length===0}function uw(n){return mn(n,"Not")&&Ar(n.not)}function bw(n){return mn(n,"Null")&&n.type==="null"&&Xn(n.$id)}function gw(n){return mn(n,"Number")&&n.type==="number"&&Xn(n.$id)&&Pn(n.exclusiveMaximum)&&Pn(n.exclusiveMinimum)&&Pn(n.maximum)&&Pn(n.minimum)&&Pn(n.multipleOf)}function ww(n){return mn(n,"Object")&&n.type==="object"&&Xn(n.$id)&&xe(n.properties)&&jg(n.additionalProperties)&&Pn(n.minProperties)&&Pn(n.maxProperties)}function mw(n){return mn(n,"Promise")&&n.type==="Promise"&&Xn(n.$id)&&Ar(n.item)}function hw(n){return mn(n,"Record")&&n.type==="object"&&Xn(n.$id)&&jg(n.additionalProperties)&&Jn(n.patternProperties)&&((r)=>{let t=Object.getOwnPropertyNames(r.patternProperties);return t.length===1&&Fg(t[0])&&Jn(r.patternProperties)&&Ar(r.patternProperties[t[0]])})(n)}function $A(n){return Jn(n)&&st in n&&n[st]==="Recursive"}function $w(n){return mn(n,"Ref")&&Xn(n.$id)&&xn(n.$ref)}function Aw(n){return mn(n,"RegExp")&&Xn(n.$id)&&xn(n.source)&&xn(n.flags)&&Pn(n.maxLength)&&Pn(n.minLength)}function Ew(n){return mn(n,"String")&&n.type==="string"&&Xn(n.$id)&&Pn(n.minLength)&&Pn(n.maxLength)&&uA(n.pattern)&&bA(n.format)}function Sw(n){return mn(n,"Symbol")&&n.type==="symbol"&&Xn(n.$id)}function Rw(n){return mn(n,"TemplateLiteral")&&n.type==="string"&&xn(n.pattern)&&n.pattern[0]==="^"&&n.pattern[n.pattern.length-1]==="$"}function Dw(n){return mn(n,"This")&&Xn(n.$id)&&xn(n.$ref)}function kw(n){return Jn(n)&&er in n}function Mw(n){return mn(n,"Tuple")&&n.type==="array"&&Xn(n.$id)&&Zr(n.minItems)&&Zr(n.maxItems)&&n.minItems===n.maxItems&&(ir(n.items)&&ir(n.additionalItems)&&n.minItems===0||cr(n.items)&&n.items.every((r)=>Ar(r)))}function Hw(n){return mn(n,"Undefined")&&n.type==="undefined"&&Xn(n.$id)}function AA(n){return _l(n)&&n.anyOf.every((r)=>ew(r)||sw(r))}function _l(n){return mn(n,"Union")&&Xn(n.$id)&&Jn(n)&&cr(n.anyOf)&&n.anyOf.every((r)=>Ar(r))}function zw(n){return mn(n,"Uint8Array")&&n.type==="Uint8Array"&&Xn(n.$id)&&Pn(n.minByteLength)&&Pn(n.maxByteLength)}function Bw(n){return mn(n,"Unknown")&&Xn(n.$id)}function Uw(n){return mn(n,"Unsafe")}function Ww(n){return mn(n,"Void")&&n.type==="void"&&Xn(n.$id)}function Vw(n){return Jn(n)&&q in n&&xn(n[q])&&!dA.includes(n[q])}function Ar(n){return Jn(n)&&(vg(n)||Zg(n)||pg(n)||Tg(n)||yg(n)||Ig(n)||nw(n)||rw(n)||tw(n)||ow(n)||cw(n)||iw(n)||aw(n)||ta(n)||lw(n)||_w(n)||dw(n)||uw(n)||bw(n)||gw(n)||ww(n)||mw(n)||hw(n)||$w(n)||Aw(n)||Ew(n)||Sw(n)||Rw(n)||Dw(n)||Mw(n)||Hw(n)||_l(n)||zw(n)||Bw(n)||Uw(n)||Ww(n)||Vw(n))}var qg,dA;var Yw=b(()=>{fn();Gt();qg=class qg extends Dr{};dA=["Argument","Any","Array","AsyncIterator","BigInt","Boolean","Computed","Constructor","Date","Enum","Function","Integer","Intersect","Iterator","Literal","MappedKey","MappedResult","Not","Null","Number","Object","Promise","Record","Ref","RegExp","String","Symbol","TemplateLiteral","This","Tuple","Undefined","Union","Uint8Array","Unknown","Void"]});var dl=b(()=>{kn();Yw()});var Jw=()=>{};var Xw="(true|false)",Pe="(0|[1-9][0-9]*)",Lw="(.*)",Jo="^(0|[1-9][0-9]*)$",Xo="^(.*)$",Qw="^(?!.*)$";var oa=()=>{};var Ow=()=>{};var Gw=()=>{};var Nw=b(()=>{Ow();Gw()});function xw(n,r){return n.includes(r)}function Pw(n){return[...new Set(n)]}function RA(n,r){return n.filter((t)=>r.includes(t))}function DA(n,r){return n.reduce((t,o)=>{return RA(t,o)},r)}function Cw(n){return n.length===1?n[0]:n.length>1?DA(n.slice(1),n[0]):[]}function qw(n){let r=[];for(let t of n)r.push(...t);return r}var ca=()=>{};function Lo(n){return Y({[q]:"Any"},n)}var Fw=b(()=>{io();fn()});var ia=b(()=>{Fw()});function Ic(n,r){return Y({[q]:"Array",type:"array",items:n},r)}var jw=b(()=>{en();fn()});var aa=b(()=>{jw()});function Kw(n){return Y({[q]:"Argument",index:n})}var vw=b(()=>{en();fn()});var ul=b(()=>{vw()});function yc(n,r){return Y({[q]:"AsyncIterator",type:"AsyncIterator",items:n},r)}var Zw=b(()=>{fn();en()});var ea=b(()=>{Zw()});function Cn(n,r,t){return Y({[q]:"Computed",target:n,parameters:r},t)}var pw=b(()=>{io();Ii()});var Qo=b(()=>{pw()});function kA(n,r){let{[r]:t,...o}=n;return o}function In(n,r){return r.reduce((t,o)=>kA(t,o),n)}var fo=()=>{};function Sn(n){return Y({[q]:"Never",not:{}},n)}var Iw=b(()=>{en();fn()});var Mr=b(()=>{Iw()});var yw=()=>{};function Mn(n){return Y({[q]:"MappedResult",properties:n})}var bl=b(()=>{en();fn()});function Tc(n,r,t){return Y({[q]:"Constructor",type:"Constructor",parameters:n,returns:r},t)}var Tw=b(()=>{en();fn()});var sa=b(()=>{Tw()});function Nt(n,r,t){return Y({[q]:"Function",type:"Function",parameters:n,returns:r},t)}var n1=b(()=>{en();fn()});var _c=b(()=>{n1()});function fa(n,r){return Y({[q]:"Union",anyOf:n},r)}var gl=b(()=>{en();fn()});function MA(n){return n.some((r)=>Gr(r))}function r1(n){return n.map((r)=>Gr(r)?HA(r):r)}function HA(n){return In(n,[kr])}function zA(n,r){return MA(n)?Wr(fa(r1(n),r)):fa(r1(n),r)}function xt(n,r){return n.length===1?Y(n[0],r):n.length===0?Sn(r):zA(n,r)}var t1=b(()=>{en();fn();fo();Mr();lo();gl();kn()});var o1=()=>{};function Wn(n,r){return n.length===0?Sn(r):n.length===1?Y(n[0],r):fa(n,r)}var c1=b(()=>{Mr();en();gl()});var sr=b(()=>{t1();o1();c1()});function BA(n){return n.replace(/\\\$/g,"$").replace(/\\\*/g,"*").replace(/\\\^/g,"^").replace(/\\\|/g,"|").replace(/\\\(/g,"(").replace(/\\\)/g,")")}function ml(n,r,t){return n[r]===t&&n.charCodeAt(r-1)!==92}function _o(n,r){return ml(n,r,"(")}function la(n,r){return ml(n,r,")")}function i1(n,r){return ml(n,r,"|")}function UA(n){if(!(_o(n,0)&&la(n,n.length-1)))return!1;let r=0;for(let t=0;t<n.length;t++){if(_o(n,t))r+=1;if(la(n,t))r-=1;if(r===0&&t!==n.length-1)return!1}return!0}function WA(n){return n.slice(1,n.length-1)}function VA(n){let r=0;for(let t=0;t<n.length;t++){if(_o(n,t))r+=1;if(la(n,t))r-=1;if(i1(n,t)&&r===0)return!0}return!1}function YA(n){for(let r=0;r<n.length;r++)if(_o(n,r))return!0;return!1}function JA(n){let[r,t]=[0,0],o=[];for(let i=0;i<n.length;i++){if(_o(n,i))r+=1;if(la(n,i))r-=1;if(i1(n,i)&&r===0){let a=n.slice(t,i);if(a.length>0)o.push(ni(a));t=i+1}}let c=n.slice(t);if(c.length>0)o.push(ni(c));if(o.length===0)return{type:"const",const:""};if(o.length===1)return o[0];return{type:"or",expr:o}}function XA(n){function r(c,i){if(!_o(c,i))throw new wl("TemplateLiteralParser: Index must point to open parens");let a=0;for(let e=i;e<c.length;e++){if(_o(c,e))a+=1;if(la(c,e))a-=1;if(a===0)return[i,e]}throw new wl("TemplateLiteralParser: Unclosed group parens in expression")}function t(c,i){for(let a=i;a<c.length;a++)if(_o(c,a))return[i,a];return[i,c.length]}let o=[];for(let c=0;c<n.length;c++)if(_o(n,c)){let[i,a]=r(n,c),e=n.slice(i,a+1);o.push(ni(e)),c=a}else{let[i,a]=t(n,c),e=n.slice(i,a);if(e.length>0)o.push(ni(e));c=a-1}return o.length===0?{type:"const",const:""}:o.length===1?o[0]:{type:"and",expr:o}}function ni(n){return UA(n)?ni(WA(n)):VA(n)?JA(n):YA(n)?XA(n):{type:"const",const:BA(n)}}function ri(n){return ni(n.slice(1,n.length-1))}var wl;var Ce=b(()=>{Gt();wl=class wl extends Dr{}});function LA(n){return n.type==="or"&&n.expr.length===2&&n.expr[0].type==="const"&&n.expr[0].const==="0"&&n.expr[1].type==="const"&&n.expr[1].const==="[1-9][0-9]*"}function QA(n){return n.type==="or"&&n.expr.length===2&&n.expr[0].type==="const"&&n.expr[0].const==="true"&&n.expr[1].type==="const"&&n.expr[1].const==="false"}function OA(n){return n.type==="const"&&n.const===".*"}function dc(n){return LA(n)||OA(n)?!1:QA(n)?!0:n.type==="and"?n.expr.every((r)=>dc(r)):n.type==="or"?n.expr.every((r)=>dc(r)):n.type==="const"?!0:(()=>{throw new a1("Unknown expression type")})()}function e1(n){let r=ri(n.pattern);return dc(r)}var a1;var hl=b(()=>{Ce();Gt();a1=class a1 extends Dr{}});function*f1(n){if(n.length===1)return yield*n[0];for(let r of n[0])for(let t of f1(n.slice(1)))yield`${r}${t}`}function*GA(n){return yield*f1(n.expr.map((r)=>[..._a(r)]))}function*NA(n){for(let r of n.expr)yield*_a(r)}function*xA(n){return yield n.const}function*_a(n){return n.type==="and"?yield*GA(n):n.type==="or"?yield*NA(n):n.type==="const"?yield*xA(n):(()=>{throw new s1("Unknown expression")})()}function qe(n){let r=ri(n.pattern);return dc(r)?[..._a(r)]:[]}var s1;var $l=b(()=>{hl();Ce();Gt();s1=class s1 extends Dr{}});function zn(n,r){return Y({[q]:"Literal",const:n,type:typeof n},r)}var l1=b(()=>{en();fn()});var Nr=b(()=>{l1()});function Fe(n){return Y({[q]:"Boolean",type:"boolean"},n)}var _1=b(()=>{fn();io()});var je=b(()=>{_1()});function ti(n){return Y({[q]:"BigInt",type:"bigint"},n)}var d1=b(()=>{fn();io()});var da=b(()=>{d1()});function ft(n){return Y({[q]:"Number",type:"number"},n)}var u1=b(()=>{en();fn()});var uc=b(()=>{u1()});function Ut(n){return Y({[q]:"String",type:"string"},n)}var b1=b(()=>{en();fn()});var oi=b(()=>{b1()});function*PA(n){let r=n.trim().replace(/"|'/g,"");return r==="boolean"?yield Fe():r==="number"?yield ft():r==="bigint"?yield ti():r==="string"?yield Ut():yield(()=>{let t=r.split("|").map((o)=>zn(o.trim()));return t.length===0?Sn():t.length===1?t[0]:xt(t)})()}function*CA(n){if(n[1]!=="{"){let r=zn("$"),t=Al(n.slice(1));return yield*[r,...t]}for(let r=2;r<n.length;r++)if(n[r]==="}"){let t=PA(n.slice(2,r)),o=Al(n.slice(r+1));return yield*[...t,...o]}yield zn(n)}function*Al(n){for(let r=0;r<n.length;r++)if(n[r]==="$"){let t=zn(n.slice(0,r)),o=CA(n.slice(r));return yield*[t,...o]}yield zn(n)}function g1(n){return[...Al(n)]}var El=b(()=>{Nr();je();da();uc();oi();sr();Mr()});function qA(n){return n.replace(/[.*+?^${}()|[\]\\]/g,"\\$&")}function m1(n,r){return yr(n)?n.pattern.slice(1,n.pattern.length-1):En(n)?`(${n.anyOf.map((t)=>m1(t,r)).join("|")})`:Bt(n)?`${r}${Pe}`:zt(n)?`${r}${Pe}`:ec(n)?`${r}${Pe}`:eo(n)?`${r}${Lw}`:pr(n)?`${r}${qA(n.const.toString())}`:ao(n)?`${r}${Xw}`:(()=>{throw new w1(`Unexpected Kind '${n[q]}'`)})()}function Sl(n){return`^${n.map((r)=>m1(r,"")).join("")}$`}var w1;var Rl=b(()=>{oa();fn();Gt();kn();w1=class w1 extends Dr{}});function bc(n){let t=qe(n).map((o)=>zn(o));return xt(t)}var h1=b(()=>{sr();Nr();$l()});function Ke(n,r){let t=xn(n)?Sl(g1(n)):Sl(n);return Y({[q]:"TemplateLiteral",type:"string",pattern:t},r)}var $1=b(()=>{en();El();Rl();fn()});var uo=b(()=>{hl();$l();El();Ce();Rl();h1();$1()});function FA(n){return qe(n).map((t)=>t.toString())}function jA(n){let r=[];for(let t of n)r.push(...xr(t));return r}function KA(n){return[n.toString()]}function xr(n){return[...new Set(yr(n)?FA(n):En(n)?jA(n.anyOf):pr(n)?KA(n.const):Bt(n)?["[number]"]:zt(n)?["[number]"]:[])]}var ve=b(()=>{uo();kn()});function vA(n,r,t){let o={};for(let c of Object.getOwnPropertyNames(r))o[c]=Oo(n,xr(r[c]),t);return o}function ZA(n,r,t){return vA(n,r.properties,t)}function A1(n,r,t){let o=ZA(n,r,t);return Mn(o)}var Dl=b(()=>{br();ve();Pt()});function S1(n,r){return n.map((t)=>R1(t,r))}function pA(n){return n.filter((r)=>!Vo(r))}function IA(n,r){return Ze(pA(S1(n,r)))}function yA(n){return n.some((r)=>Vo(r))?[]:n}function TA(n,r){return xt(yA(S1(n,r)))}function nE(n,r){return r in n?n[r]:r==="[number]"?xt(n):Sn()}function rE(n,r){return r==="[number]"?n:Sn()}function tE(n,r){return r in n?n[r]:Sn()}function R1(n,r){return pn(n)?IA(n.allOf,r):En(n)?TA(n.anyOf,r):Tr(n)?nE(n.items??[],r):Dt(n)?rE(n.items,r):ar(n)?tE(n.properties,r):Sn()}function kl(n,r){return r.map((t)=>R1(n,t))}function E1(n,r){return xt(kl(n,r))}function Oo(n,r,t){if(rr(n)||rr(r)){if(!nt(n)||!nt(r))throw new Dr("Index types using Ref parameters require both Type and Key to be of TSchema");return Cn("Index",[n,r])}if(jn(r))return A1(n,r,t);if(Ir(r))return D1(n,r,t);return Y(nt(r)?E1(n,xr(r)):E1(n,r),t)}var Ml=b(()=>{en();Gt();Qo();Mr();lt();sr();ve();Hl();Dl();kn()});function oE(n,r,t){return{[r]:Oo(n,[r],Fn(t))}}function cE(n,r,t){return r.reduce((o,c)=>{return{...o,...oE(n,c,t)}},{})}function iE(n,r,t){return cE(n,r.keys,t)}function D1(n,r,t){let o=iE(n,r,t);return Mn(o)}var Hl=b(()=>{Ml();br();Or()});var Pt=b(()=>{Hl();Dl();ve();Ml()});function ci(n,r){return Y({[q]:"Iterator",type:"Iterator",items:n},r)}var k1=b(()=>{en();fn()});var ua=b(()=>{k1()});function aE(n){return globalThis.Object.keys(n).filter((r)=>!Gr(n[r]))}function eE(n,r){let t=aE(n),o=t.length>0?{[q]:"Object",type:"object",required:t,properties:n}:{[q]:"Object",type:"object",properties:n};return Y(o,r)}var Ln;var M1=b(()=>{en();fn();kn();Ln=eE});var rt=b(()=>{M1()});function pe(n,r){return Y({[q]:"Promise",type:"Promise",item:n},r)}var H1=b(()=>{en();fn()});var Ie=b(()=>{H1()});function sE(n){return Y(In(n,[Rt]))}function fE(n){return Y({...n,[Rt]:"Readonly"})}function lE(n,r){return r===!1?sE(n):fE(n)}function Pr(n,r){let t=r??!0;return jn(n)?z1(n,t):lE(n,t)}var zl=b(()=>{en();fn();fo();Bl();kn()});function _E(n,r){let t={};for(let o of globalThis.Object.getOwnPropertyNames(n))t[o]=Pr(n[o],r);return t}function dE(n,r){return _E(n.properties,r)}function z1(n,r){let t=dE(n,r);return Mn(t)}var Bl=b(()=>{br();zl()});var gc=b(()=>{Bl();zl()});function _t(n,r){return Y(n.length>0?{[q]:"Tuple",type:"array",items:n,additionalItems:!1,minItems:n.length,maxItems:n.length}:{[q]:"Tuple",type:"array",minItems:n.length,maxItems:n.length},r)}var B1=b(()=>{en();fn()});var Go=b(()=>{B1()});function U1(n,r){return n in r?dt(n,r[n]):Mn(r)}function uE(n){return{[n]:zn(n)}}function bE(n){let r={};for(let t of n)r[t]=zn(t);return r}function gE(n,r){return xw(r,n)?uE(n):bE(r)}function wE(n,r){let t=gE(n,r);return U1(n,t)}function ba(n,r){return r.map((t)=>dt(n,t))}function mE(n,r){let t={};for(let o of globalThis.Object.getOwnPropertyNames(r))t[o]=dt(n,r[o]);return t}function dt(n,r){let t={...r};return Gr(r)?Wr(dt(n,In(r,[kr]))):pc(r)?Pr(dt(n,In(r,[Rt]))):jn(r)?U1(n,r.properties):Ir(r)?wE(n,r.keys):Mt(r)?Tc(ba(n,r.parameters),dt(n,r.returns),t):Ht(r)?Nt(ba(n,r.parameters),dt(n,r.returns),t):ac(r)?yc(dt(n,r.items),t):sc(r)?ci(dt(n,r.items),t):pn(r)?Vr(ba(n,r.allOf),t):En(r)?Wn(ba(n,r.anyOf),t):Tr(r)?_t(ba(n,r.items??[]),t):ar(r)?Ln(mE(n,r.properties),t):Dt(r)?Ic(dt(n,r.items),t):fc(r)?pe(dt(n,r.item),t):r}function hE(n,r){let t={};for(let o of n)t[o]=dt(o,r);return t}function W1(n,r,t){let o=nt(n)?xr(n):n,c=r({[q]:"MappedKey",keys:o}),i=hE(o,c);return Ln(i,t)}var V1=b(()=>{fn();fo();aa();ea();sa();_c();Pt();lt();ua();Nr();rt();lo();Ie();gc();Go();sr();ca();bl();kn()});var br=b(()=>{yw();bl();V1()});function $E(n){return Y(In(n,[kr]))}function AE(n){return Y({...n,[kr]:"Optional"})}function EE(n,r){return r===!1?$E(n):AE(n)}function Wr(n,r){let t=r??!0;return jn(n)?Y1(n,t):EE(n,t)}var Ul=b(()=>{en();fn();fo();Wl();kn()});function SE(n,r){let t={};for(let o of globalThis.Object.getOwnPropertyNames(n))t[o]=Wr(n[o],r);return t}function RE(n,r){return SE(n.properties,r)}function Y1(n,r){let t=RE(n,r);return Mn(t)}var Wl=b(()=>{br();Ul()});var lo=b(()=>{Wl();Ul()});function ga(n,r={}){let t=n.every((c)=>ar(c)),o=nt(r.unevaluatedProperties)?{unevaluatedProperties:r.unevaluatedProperties}:{};return Y(r.unevaluatedProperties===!1||nt(r.unevaluatedProperties)||t?{...o,[q]:"Intersect",type:"object",allOf:n}:{...o,[q]:"Intersect",allOf:n},r)}var Vl=b(()=>{en();fn();kn()});function DE(n){return n.every((r)=>Gr(r))}function kE(n){return In(n,[kr])}function J1(n){return n.map((r)=>Gr(r)?kE(r):r)}function ME(n,r){return DE(n)?Wr(ga(J1(n),r)):ga(J1(n),r)}function Ze(n,r={}){if(n.length===1)return Y(n[0],r);if(n.length===0)return Sn(r);if(n.some((t)=>Yo(t)))throw Error("Cannot intersect transform types");return ME(n,r)}var X1=b(()=>{fn();en();fo();Mr();lo();Vl();kn()});var L1=()=>{};function Vr(n,r){if(n.length===1)return Y(n[0],r);if(n.length===0)return Sn(r);if(n.some((t)=>Yo(t)))throw Error("Cannot intersect transform types");return ga(n,r)}var Q1=b(()=>{en();Mr();Vl();kn()});var lt=b(()=>{X1();L1();Q1()});function Ct(...n){let[r,t]=typeof n[0]==="string"?[n[0],n[1]]:[n[0].$id,n[1]];if(typeof r!=="string")throw new Dr("Ref: $ref must be a string");return Y({[q]:"Ref",$ref:r},t)}var O1=b(()=>{Gt();en();fn()});var wc=b(()=>{O1()});function HE(n,r){return Cn("Awaited",[Cn(n,r)])}function zE(n){return Cn("Awaited",[Ct(n)])}function BE(n){return Vr(G1(n))}function UE(n){return Wn(G1(n))}function WE(n){return ii(n)}function G1(n){return n.map((r)=>ii(r))}function ii(n,r){return Y(kt(n)?HE(n.target,n.parameters):pn(n)?BE(n.allOf):En(n)?UE(n.anyOf):fc(n)?WE(n.item):rr(n)?zE(n.$ref):n,r)}var N1=b(()=>{en();Qo();lt();sr();wc();kn()});var ye=b(()=>{N1()});function x1(n){let r=[];for(let t of n)r.push(wa(t));return r}function VE(n){let r=x1(n);return qw(r)}function YE(n){let r=x1(n);return Cw(r)}function JE(n){return n.map((r,t)=>t.toString())}function XE(n){return["[number]"]}function LE(n){return globalThis.Object.getOwnPropertyNames(n)}function QE(n){if(!OE)return[];return globalThis.Object.getOwnPropertyNames(n).map((t)=>{return t[0]==="^"&&t[t.length-1]==="$"?t.slice(1,t.length-1):t})}function wa(n){return pn(n)?VE(n.allOf):En(n)?YE(n.anyOf):Tr(n)?JE(n.items??[]):Dt(n)?XE(n.items):ar(n)?LE(n.properties):lc(n)?QE(n.patternProperties):[]}var OE=!1;var Yl=b(()=>{ca();kn()});function GE(n,r){return Cn("KeyOf",[Cn(n,r)])}function NE(n){return Cn("KeyOf",[Ct(n)])}function xE(n,r){let t=wa(n),o=PE(t),c=xt(o);return Y(c,r)}function PE(n){return n.map((r)=>r==="[number]"?ft():zn(r))}function ai(n,r){return kt(n)?GE(n.target,n.parameters):rr(n)?NE(n.$ref):jn(n)?P1(n,r):xE(n,r)}var Jl=b(()=>{en();Nr();uc();Qo();wc();Yl();sr();Xl();kn()});function CE(n,r){let t={};for(let o of globalThis.Object.getOwnPropertyNames(n))t[o]=ai(n[o],Fn(r));return t}function qE(n,r){return CE(n.properties,r)}function P1(n,r){let t=qE(n,r);return Mn(t)}var Xl=b(()=>{br();Jl();Or()});var C1=()=>{};var ma=b(()=>{Xl();C1();Yl();Jl()});function FE(n){let r=[];for(let t of n)r.push(...wa(t));return Pw(r)}function jE(n){return n.filter((r)=>!Vo(r))}function KE(n,r){let t=[];for(let o of n)t.push(...kl(o,[r]));return jE(t)}function vE(n,r){let t={};for(let o of r)t[o]=Ze(KE(n,o));return t}function q1(n,r){let t=FE(n),o=vE(n,t);return Ln(o,r)}var F1=b(()=>{lt();Pt();ma();rt();ca();kn()});var Ll=b(()=>{F1()});function Te(n){return Y({[q]:"Date",type:"Date"},n)}var j1=b(()=>{fn();en()});var ns=b(()=>{j1()});function rs(n){return Y({[q]:"Null",type:"null"},n)}var K1=b(()=>{en();fn()});var ts=b(()=>{K1()});function os(n){return Y({[q]:"Symbol",type:"symbol"},n)}var v1=b(()=>{en();fn()});var cs=b(()=>{v1()});function is(n){return Y({[q]:"Undefined",type:"undefined"},n)}var Z1=b(()=>{en();fn()});var as=b(()=>{Z1()});function es(n){return Y({[q]:"Uint8Array",type:"Uint8Array"},n)}var p1=b(()=>{en();fn()});var ss=b(()=>{p1()});function No(n){return Y({[q]:"Unknown"},n)}var I1=b(()=>{en();fn()});var ei=b(()=>{I1()});function ZE(n){return n.map((r)=>Ql(r,!1))}function pE(n){let r={};for(let t of globalThis.Object.getOwnPropertyNames(n))r[t]=Pr(Ql(n[t],!1));return r}function fs(n,r){return r===!0?n:Pr(n)}function Ql(n,r){return nl(n)?fs(Lo(),r):tl(n)?fs(Lo(),r):cr(n)?Pr(_t(ZE(n))):co(n)?es():ic(n)?Te():Jn(n)?fs(Ln(pE(n)),r):rl(n)?fs(Nt([],No()),r):ir(n)?is():ol(n)?rs():cl(n)?os():vi(n)?ti():Zr(n)?zn(n):oo(n)?zn(n):xn(n)?zn(n):Ln({})}function y1(n,r){return Y(Ql(n,!0),r)}var T1=b(()=>{ia();da();ns();_c();Nr();ts();rt();cs();Go();gc();as();ss();ei();io()});var Ol=b(()=>{T1()});function nm(n,r){return Mt(n)?_t(n.parameters,r):Sn(r)}var rm=b(()=>{Go();Mr();kn()});var Gl=b(()=>{rm()});function tm(n,r){if(ir(n))throw Error("Enum undefined or empty");let t=globalThis.Object.getOwnPropertyNames(n).filter((i)=>isNaN(i)).map((i)=>n[i]),c=[...new Set(t)].map((i)=>zn(i));return Wn(c,{...r,[st]:"Enum"})}var om=b(()=>{Nr();fn();sr()});var Nl=b(()=>{om()});function ut(n){return n===J.False?n:J.True}function si(n){throw new sm(n)}function fr(n){return k.IsNever(n)||k.IsIntersect(n)||k.IsUnion(n)||k.IsUnknown(n)||k.IsAny(n)}function lr(n,r){return k.IsNever(r)?_m(n,r):k.IsIntersect(r)?ls(n,r):k.IsUnion(r)?Fl(n,r):k.IsUnknown(r)?gm(n,r):k.IsAny(r)?ql(n,r):si("StructuralRight")}function ql(n,r){return J.True}function IE(n,r){return k.IsIntersect(r)?ls(n,r):k.IsUnion(r)&&r.anyOf.some((t)=>k.IsAny(t)||k.IsUnknown(t))?J.True:k.IsUnion(r)?J.Union:k.IsUnknown(r)?J.True:k.IsAny(r)?J.True:J.Union}function yE(n,r){return k.IsUnknown(n)?J.False:k.IsAny(n)?J.Union:k.IsNever(n)?J.True:J.False}function TE(n,r){return k.IsObject(r)&&_s(r)?J.True:fr(r)?lr(n,r):!k.IsArray(r)?J.False:ut(Qn(n.items,r.items))}function n4(n,r){return fr(r)?lr(n,r):!k.IsAsyncIterator(r)?J.False:ut(Qn(n.items,r.items))}function r4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):k.IsBigInt(r)?J.True:J.False}function fm(n,r){return k.IsLiteralBoolean(n)?J.True:k.IsBoolean(n)?J.True:J.False}function t4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):k.IsBoolean(r)?J.True:J.False}function o4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):!k.IsConstructor(r)?J.False:n.parameters.length>r.parameters.length?J.False:!n.parameters.every((t,o)=>ut(Qn(r.parameters[o],t))===J.True)?J.False:ut(Qn(n.returns,r.returns))}function c4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):k.IsDate(r)?J.True:J.False}function i4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):!k.IsFunction(r)?J.False:n.parameters.length>r.parameters.length?J.False:!n.parameters.every((t,o)=>ut(Qn(r.parameters[o],t))===J.True)?J.False:ut(Qn(n.returns,r.returns))}function lm(n,r){return k.IsLiteral(n)&&Ur.IsNumber(n.const)?J.True:k.IsNumber(n)||k.IsInteger(n)?J.True:J.False}function a4(n,r){return k.IsInteger(r)||k.IsNumber(r)?J.True:fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):J.False}function ls(n,r){return r.allOf.every((t)=>Qn(n,t)===J.True)?J.True:J.False}function e4(n,r){return n.allOf.some((t)=>Qn(t,r)===J.True)?J.True:J.False}function s4(n,r){return fr(r)?lr(n,r):!k.IsIterator(r)?J.False:ut(Qn(n.items,r.items))}function f4(n,r){return k.IsLiteral(r)&&r.const===n.const?J.True:fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):k.IsString(r)?bm(n,r):k.IsNumber(r)?dm(n,r):k.IsInteger(r)?lm(n,r):k.IsBoolean(r)?fm(n,r):J.False}function _m(n,r){return J.False}function l4(n,r){return J.True}function cm(n){let[r,t]=[n,0];while(!0){if(!k.IsNot(r))break;r=r.not,t+=1}return t%2===0?r:No()}function _4(n,r){return k.IsNot(n)?Qn(cm(n),r):k.IsNot(r)?Qn(n,cm(r)):si("Invalid fallthrough for Not")}function d4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):k.IsNull(r)?J.True:J.False}function dm(n,r){return k.IsLiteralNumber(n)?J.True:k.IsNumber(n)||k.IsInteger(n)?J.True:J.False}function u4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):k.IsInteger(r)||k.IsNumber(r)?J.True:J.False}function Cr(n,r){return Object.getOwnPropertyNames(n.properties).length===r}function im(n){return _s(n)}function am(n){return Cr(n,0)||Cr(n,1)&&"description"in n.properties&&k.IsUnion(n.properties.description)&&n.properties.description.anyOf.length===2&&(k.IsString(n.properties.description.anyOf[0])&&k.IsUndefined(n.properties.description.anyOf[1])||k.IsString(n.properties.description.anyOf[1])&&k.IsUndefined(n.properties.description.anyOf[0]))}function xl(n){return Cr(n,0)}function em(n){return Cr(n,0)}function b4(n){return Cr(n,0)}function g4(n){return Cr(n,0)}function w4(n){return _s(n)}function m4(n){let r=ft();return Cr(n,0)||Cr(n,1)&&"length"in n.properties&&ut(Qn(n.properties.length,r))===J.True}function h4(n){return Cr(n,0)}function _s(n){let r=ft();return Cr(n,0)||Cr(n,1)&&"length"in n.properties&&ut(Qn(n.properties.length,r))===J.True}function $4(n){let r=Nt([Lo()],Lo());return Cr(n,0)||Cr(n,1)&&"then"in n.properties&&ut(Qn(n.properties.then,r))===J.True}function um(n,r){return Qn(n,r)===J.False?J.False:k.IsOptional(n)&&!k.IsOptional(r)?J.False:J.True}function Yr(n,r){return k.IsUnknown(n)?J.False:k.IsAny(n)?J.Union:k.IsNever(n)||k.IsLiteralString(n)&&im(r)||k.IsLiteralNumber(n)&&xl(r)||k.IsLiteralBoolean(n)&&em(r)||k.IsSymbol(n)&&am(r)||k.IsBigInt(n)&&b4(r)||k.IsString(n)&&im(r)||k.IsSymbol(n)&&am(r)||k.IsNumber(n)&&xl(r)||k.IsInteger(n)&&xl(r)||k.IsBoolean(n)&&em(r)||k.IsUint8Array(n)&&w4(r)||k.IsDate(n)&&g4(r)||k.IsConstructor(n)&&h4(r)||k.IsFunction(n)&&m4(r)?J.True:k.IsRecord(n)&&k.IsString(Pl(n))?(()=>{return r[st]==="Record"?J.True:J.False})():k.IsRecord(n)&&k.IsNumber(Pl(n))?(()=>{return Cr(r,0)?J.True:J.False})():J.False}function A4(n,r){return fr(r)?lr(n,r):k.IsRecord(r)?bt(n,r):!k.IsObject(r)?J.False:(()=>{for(let t of Object.getOwnPropertyNames(r.properties)){if(!(t in n.properties)&&!k.IsOptional(r.properties[t]))return J.False;if(k.IsOptional(r.properties[t]))return J.True;if(um(n.properties[t],r.properties[t])===J.False)return J.False}return J.True})()}function E4(n,r){return fr(r)?lr(n,r):k.IsObject(r)&&$4(r)?J.True:!k.IsPromise(r)?J.False:ut(Qn(n.item,r.item))}function Pl(n){return Jo in n.patternProperties?ft():(Xo in n.patternProperties)?Ut():si("Unknown record key pattern")}function Cl(n){return Jo in n.patternProperties?n.patternProperties[Jo]:(Xo in n.patternProperties)?n.patternProperties[Xo]:si("Unable to get record value schema")}function bt(n,r){let[t,o]=[Pl(r),Cl(r)];return k.IsLiteralString(n)&&k.IsNumber(t)&&ut(Qn(n,o))===J.True?J.True:k.IsUint8Array(n)&&k.IsNumber(t)?Qn(n,o):k.IsString(n)&&k.IsNumber(t)?Qn(n,o):k.IsArray(n)&&k.IsNumber(t)?Qn(n,o):k.IsObject(n)?(()=>{for(let c of Object.getOwnPropertyNames(n.properties))if(um(o,n.properties[c])===J.False)return J.False;return J.True})():J.False}function S4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):!k.IsRecord(r)?J.False:Qn(Cl(n),Cl(r))}function R4(n,r){let t=k.IsRegExp(n)?Ut():n,o=k.IsRegExp(r)?Ut():r;return Qn(t,o)}function bm(n,r){return k.IsLiteral(n)&&Ur.IsString(n.const)?J.True:k.IsString(n)?J.True:J.False}function D4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):k.IsString(r)?J.True:J.False}function k4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):k.IsSymbol(r)?J.True:J.False}function M4(n,r){return k.IsTemplateLiteral(n)?Qn(bc(n),r):k.IsTemplateLiteral(r)?Qn(n,bc(r)):si("Invalid fallthrough for TemplateLiteral")}function H4(n,r){return k.IsArray(r)&&n.items!==void 0&&n.items.every((t)=>Qn(t,r.items)===J.True)}function z4(n,r){return k.IsNever(n)?J.True:k.IsUnknown(n)?J.False:k.IsAny(n)?J.Union:J.False}function B4(n,r){return fr(r)?lr(n,r):k.IsObject(r)&&_s(r)?J.True:k.IsArray(r)&&H4(n,r)?J.True:!k.IsTuple(r)?J.False:Ur.IsUndefined(n.items)&&!Ur.IsUndefined(r.items)||!Ur.IsUndefined(n.items)&&Ur.IsUndefined(r.items)?J.False:Ur.IsUndefined(n.items)&&!Ur.IsUndefined(r.items)?J.True:n.items.every((t,o)=>Qn(t,r.items[o])===J.True)?J.True:J.False}function U4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):k.IsUint8Array(r)?J.True:J.False}function W4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):k.IsVoid(r)?J4(n,r):k.IsUndefined(r)?J.True:J.False}function Fl(n,r){return r.anyOf.some((t)=>Qn(n,t)===J.True)?J.True:J.False}function V4(n,r){return n.anyOf.every((t)=>Qn(t,r)===J.True)?J.True:J.False}function gm(n,r){return J.True}function Y4(n,r){return k.IsNever(r)?_m(n,r):k.IsIntersect(r)?ls(n,r):k.IsUnion(r)?Fl(n,r):k.IsAny(r)?ql(n,r):k.IsString(r)?bm(n,r):k.IsNumber(r)?dm(n,r):k.IsInteger(r)?lm(n,r):k.IsBoolean(r)?fm(n,r):k.IsArray(r)?yE(n,r):k.IsTuple(r)?z4(n,r):k.IsObject(r)?Yr(n,r):k.IsUnknown(r)?J.True:J.False}function J4(n,r){return k.IsUndefined(n)?J.True:k.IsUndefined(n)?J.True:J.False}function X4(n,r){return k.IsIntersect(r)?ls(n,r):k.IsUnion(r)?Fl(n,r):k.IsUnknown(r)?gm(n,r):k.IsAny(r)?ql(n,r):k.IsObject(r)?Yr(n,r):k.IsVoid(r)?J.True:J.False}function Qn(n,r){return k.IsTemplateLiteral(n)||k.IsTemplateLiteral(r)?M4(n,r):k.IsRegExp(n)||k.IsRegExp(r)?R4(n,r):k.IsNot(n)||k.IsNot(r)?_4(n,r):k.IsAny(n)?IE(n,r):k.IsArray(n)?TE(n,r):k.IsBigInt(n)?r4(n,r):k.IsBoolean(n)?t4(n,r):k.IsAsyncIterator(n)?n4(n,r):k.IsConstructor(n)?o4(n,r):k.IsDate(n)?c4(n,r):k.IsFunction(n)?i4(n,r):k.IsInteger(n)?a4(n,r):k.IsIntersect(n)?e4(n,r):k.IsIterator(n)?s4(n,r):k.IsLiteral(n)?f4(n,r):k.IsNever(n)?l4(n,r):k.IsNull(n)?d4(n,r):k.IsNumber(n)?u4(n,r):k.IsObject(n)?A4(n,r):k.IsRecord(n)?S4(n,r):k.IsString(n)?D4(n,r):k.IsSymbol(n)?k4(n,r):k.IsTuple(n)?B4(n,r):k.IsPromise(n)?E4(n,r):k.IsUint8Array(n)?U4(n,r):k.IsUndefined(n)?W4(n,r):k.IsUnion(n)?V4(n,r):k.IsUnknown(n)?Y4(n,r):k.IsVoid(n)?X4(n,r):si(`Unknown left type operand '${n[q]}'`)}function xo(n,r){return Qn(n,r)}var sm,J;var jl=b(()=>{ia();_c();uc();oi();ei();uo();oa();fn();Gt();dl();sm=class sm extends Dr{};(function(n){n[n.Union=0]="Union",n[n.True=1]="True",n[n.False=2]="False"})(J||(J={}))});function L4(n,r,t,o,c){let i={};for(let a of globalThis.Object.getOwnPropertyNames(n))i[a]=fi(n[a],r,t,o,Fn(c));return i}function Q4(n,r,t,o,c){return L4(n.properties,r,t,o,c)}function wm(n,r,t,o,c){let i=Q4(n,r,t,o,c);return Mn(i)}var Kl=b(()=>{br();ds();Or()});function O4(n,r,t,o){let c=xo(n,r);return c===J.Union?Wn([t,o]):c===J.True?t:o}function fi(n,r,t,o,c){return jn(n)?wm(n,r,t,o,c):Ir(n)?Y(mm(n,r,t,o,c)):Y(O4(n,r,t,o),c)}var ds=b(()=>{en();sr();jl();vl();Kl();kn()});function G4(n,r,t,o,c){return{[n]:fi(zn(n),r,t,o,Fn(c))}}function N4(n,r,t,o,c){return n.reduce((i,a)=>{return{...i,...G4(a,r,t,o,c)}},{})}function x4(n,r,t,o,c){return N4(n.keys,r,t,o,c)}function mm(n,r,t,o,c){let i=x4(n,r,t,o,c);return Mn(i)}var vl=b(()=>{br();Nr();ds();Or()});var hm=()=>{};var ha=b(()=>{jl();vl();Kl();hm();ds()});function $m(n,r){return li(bc(n),r)}var Zl=b(()=>{us();uo()});function P4(n,r){let t=n.filter((o)=>xo(o,r)===J.False);return t.length===1?t[0]:Wn(t)}function li(n,r,t={}){if(yr(n))return Y($m(n,r),t);if(jn(n))return Y(Am(n,r),t);return Y(En(n)?P4(n.anyOf,r):xo(n,r)!==J.False?Sn():n,t)}var us=b(()=>{en();sr();Mr();ha();pl();Zl();kn()});function C4(n,r){let t={};for(let o of globalThis.Object.getOwnPropertyNames(n))t[o]=li(n[o],r);return t}function q4(n,r){return C4(n.properties,r)}function Am(n,r){let t=q4(n,r);return Mn(t)}var pl=b(()=>{br();us()});var Il=b(()=>{pl();Zl();us()});function Em(n,r){return _i(bc(n),r)}var yl=b(()=>{bs();uo()});function F4(n,r){let t=n.filter((o)=>xo(o,r)!==J.False);return t.length===1?t[0]:Wn(t)}function _i(n,r,t){if(yr(n))return Y(Em(n,r),t);if(jn(n))return Y(Sm(n,r),t);return Y(En(n)?F4(n.anyOf,r):xo(n,r)!==J.False?n:Sn(),t)}var bs=b(()=>{en();sr();Mr();ha();Tl();yl();kn()});function j4(n,r){let t={};for(let o of globalThis.Object.getOwnPropertyNames(n))t[o]=_i(n[o],r);return t}function K4(n,r){return j4(n.properties,r)}function Sm(n,r){let t=K4(n,r);return Mn(t)}var Tl=b(()=>{br();bs()});var n_=b(()=>{Tl();yl();bs()});function Rm(n,r){return Mt(n)?Y(n.returns,r):Sn(r)}var Dm=b(()=>{en();Mr();kn()});var r_=b(()=>{Dm()});function gs(n){return Pr(Wr(n))}var km=b(()=>{gc();lo()});var ws=b(()=>{km()});function mc(n,r,t){return Y({[q]:"Record",type:"object",patternProperties:{[n]:r}},t)}function t_(n,r,t){let o={};for(let c of n)o[c]=r;return Ln(o,{...t,[st]:"Record"})}function v4(n,r,t){return e1(n)?t_(xr(n),r,t):mc(n.pattern,r,t)}function Z4(n,r,t){return t_(xr(Wn(n)),r,t)}function p4(n,r,t){return t_([n.toString()],r,t)}function I4(n,r,t){return mc(n.source,r,t)}function y4(n,r,t){let o=ir(n.pattern)?Xo:n.pattern;return mc(o,r,t)}function T4(n,r,t){return mc(Xo,r,t)}function n6(n,r,t){return mc(Qw,r,t)}function r6(n,r,t){return Ln({true:r,false:r},t)}function t6(n,r,t){return mc(Jo,r,t)}function o6(n,r,t){return mc(Jo,r,t)}function ms(n,r,t={}){return En(n)?Z4(n.anyOf,r,t):yr(n)?v4(n,r,t):pr(n)?p4(n.const,r,t):ao(n)?r6(n,r,t):zt(n)?t6(n,r,t):Bt(n)?o6(n,r,t):sl(n)?I4(n,r,t):eo(n)?y4(n,r,t):al(n)?T4(n,r,t):Vo(n)?n6(n,r,t):Sn(t)}function hs(n){return globalThis.Object.getOwnPropertyNames(n.patternProperties)[0]}function Mm(n){let r=hs(n);return r===Xo?Ut():r===Jo?ft():Ut({pattern:r})}function $s(n){return n.patternProperties[hs(n)]}var Hm=b(()=>{en();fn();Mr();uc();rt();oi();sr();uo();oa();Pt();kn()});var $a=b(()=>{Hm()});function c6(n,r){return r.parameters=Aa(n,r.parameters),r.returns=Wt(n,r.returns),r}function i6(n,r){return r.parameters=Aa(n,r.parameters),r.returns=Wt(n,r.returns),r}function a6(n,r){return r.allOf=Aa(n,r.allOf),r}function e6(n,r){return r.anyOf=Aa(n,r.anyOf),r}function s6(n,r){if(ir(r.items))return r;return r.items=Aa(n,r.items),r}function f6(n,r){return r.items=Wt(n,r.items),r}function l6(n,r){return r.items=Wt(n,r.items),r}function _6(n,r){return r.items=Wt(n,r.items),r}function d6(n,r){return r.item=Wt(n,r.item),r}function u6(n,r){let t=m6(n,r.properties);return{...r,...Ln(t)}}function b6(n,r){let t=Wt(n,Mm(r)),o=Wt(n,$s(r)),c=ms(t,o);return{...r,...c}}function g6(n,r){return r.index in n?n[r.index]:No()}function w6(n,r){let t=pc(r),o=Gr(r),c=Wt(n,r);return t&&o?gs(c):t&&!o?Pr(c):!t&&o?Wr(c):c}function m6(n,r){return globalThis.Object.getOwnPropertyNames(r).reduce((t,o)=>{return{...t,[o]:w6(n,r[o])}},{})}function Aa(n,r){return r.map((t)=>Wt(n,t))}function Wt(n,r){return Mt(r)?c6(n,r):Ht(r)?i6(n,r):pn(r)?a6(n,r):En(r)?e6(n,r):Tr(r)?s6(n,r):Dt(r)?f6(n,r):ac(r)?l6(n,r):sc(r)?_6(n,r):fc(r)?d6(n,r):ar(r)?u6(n,r):lc(r)?b6(n,r):el(r)?g6(n,r):r}function zm(n,r){return Wt(r,Zc(n))}var Bm=b(()=>{Oe();ei();ws();gc();lo();rt();$a();kn()});var o_=b(()=>{Bm()});function Um(n){return Y({[q]:"Integer",type:"integer"},n)}var Wm=b(()=>{en();fn()});var c_=b(()=>{Wm()});function h6(n,r,t){return{[n]:Vt(zn(n),r,Fn(t))}}function $6(n,r,t){return n.reduce((c,i)=>{return{...c,...h6(i,r,t)}},{})}function A6(n,r,t){return $6(n.keys,r,t)}function Vm(n,r,t){let o=A6(n,r,t);return Mn(o)}var i_=b(()=>{br();hc();Nr();Or()});function E6(n){let[r,t]=[n.slice(0,1),n.slice(1)];return[r.toLowerCase(),t].join("")}function S6(n){let[r,t]=[n.slice(0,1),n.slice(1)];return[r.toUpperCase(),t].join("")}function R6(n){return n.toUpperCase()}function D6(n){return n.toLowerCase()}function k6(n,r,t){let o=ri(n.pattern);if(!dc(o))return{...n,pattern:Ym(n.pattern,r)};let a=[..._a(o)].map((f)=>zn(f)),e=Jm(a,r),s=Wn(e);return Ke([s],t)}function Ym(n,r){return typeof n==="string"?r==="Uncapitalize"?E6(n):r==="Capitalize"?S6(n):r==="Uppercase"?R6(n):r==="Lowercase"?D6(n):n:n.toString()}function Jm(n,r){return n.map((t)=>Vt(t,r))}function Vt(n,r,t={}){return Ir(n)?Vm(n,r,t):yr(n)?k6(n,r,t):En(n)?Wn(Jm(n.anyOf,r),t):pr(n)?zn(Ym(n.const,r),t):Y(n,t)}var hc=b(()=>{en();uo();i_();Nr();sr();kn()});function Xm(n,r={}){return Vt(n,"Capitalize",r)}var Lm=b(()=>{hc()});function Qm(n,r={}){return Vt(n,"Lowercase",r)}var Om=b(()=>{hc()});function Gm(n,r={}){return Vt(n,"Uncapitalize",r)}var Nm=b(()=>{hc()});function xm(n,r={}){return Vt(n,"Uppercase",r)}var Pm=b(()=>{hc()});var a_=b(()=>{Lm();i_();hc();Om();Nm();Pm()});function M6(n,r,t){let o={};for(let c of globalThis.Object.getOwnPropertyNames(n))o[c]=Po(n[c],r,Fn(t));return o}function H6(n,r,t){return M6(n.properties,r,t)}function Cm(n,r,t){let o=H6(n,r,t);return Mn(o)}var e_=b(()=>{br();As();Or()});function z6(n,r){return n.map((t)=>s_(t,r))}function B6(n,r){return n.map((t)=>s_(t,r))}function U6(n,r){let{[r]:t,...o}=n;return o}function W6(n,r){return r.reduce((t,o)=>U6(t,o),n)}function V6(n,r,t){let o=In(n,[er,"$id","required","properties"]),c=W6(t,r);return Ln(c,o)}function Y6(n){let r=n.reduce((t,o)=>Ne(o)?[...t,zn(o)]:t,[]);return Wn(r)}function s_(n,r){return pn(n)?Vr(z6(n.allOf,r)):En(n)?Wn(B6(n.anyOf,r)):ar(n)?V6(n,r,n.properties):Ln({})}function Po(n,r,t){let o=cr(r)?Y6(r):r,c=nt(r)?xr(r):r,i=rr(n),a=rr(r);return jn(n)?Cm(n,c,t):Ir(r)?qm(n,r,t):i&&a?Cn("Omit",[n,o],t):!i&&a?Cn("Omit",[n,o],t):i&&!a?Cn("Omit",[n,o],t):Y({...s_(n,c),...t})}var As=b(()=>{en();Ii();Qo();Nr();Pt();lt();sr();rt();f_();e_();kn()});function J6(n,r,t){return{[r]:Po(n,[r],Fn(t))}}function X6(n,r,t){return r.reduce((o,c)=>{return{...o,...J6(n,c,t)}},{})}function L6(n,r,t){return X6(n,r.keys,t)}function qm(n,r,t){let o=L6(n,r,t);return Mn(o)}var f_=b(()=>{br();As();Or()});var Es=b(()=>{f_();e_();As()});function Q6(n,r,t){let o={};for(let c of globalThis.Object.getOwnPropertyNames(n))o[c]=Co(n[c],r,Fn(t));return o}function O6(n,r,t){return Q6(n.properties,r,t)}function Fm(n,r,t){let o=O6(n,r,t);return Mn(o)}var l_=b(()=>{br();Ss();Or()});function G6(n,r){return n.map((t)=>__(t,r))}function N6(n,r){return n.map((t)=>__(t,r))}function x6(n,r){let t={};for(let o of r)if(o in n)t[o]=n[o];return t}function P6(n,r,t){let o=In(n,[er,"$id","required","properties"]),c=x6(t,r);return Ln(c,o)}function C6(n){let r=n.reduce((t,o)=>Ne(o)?[...t,zn(o)]:t,[]);return Wn(r)}function __(n,r){return pn(n)?Vr(G6(n.allOf,r)):En(n)?Wn(N6(n.anyOf,r)):ar(n)?P6(n,r,n.properties):Ln({})}function Co(n,r,t){let o=cr(r)?C6(r):r,c=nt(r)?xr(r):r,i=rr(n),a=rr(r);return jn(n)?Fm(n,c,t):Ir(r)?jm(n,r,t):i&&a?Cn("Pick",[n,o],t):!i&&a?Cn("Pick",[n,o],t):i&&!a?Cn("Pick",[n,o],t):Y({...__(n,c),...t})}var Ss=b(()=>{en();Qo();lt();Nr();rt();sr();Pt();Ii();kn();d_();l_()});function q6(n,r,t){return{[r]:Co(n,[r],Fn(t))}}function F6(n,r,t){return r.reduce((o,c)=>{return{...o,...q6(n,c,t)}},{})}function j6(n,r,t){return F6(n,r.keys,t)}function jm(n,r,t){let o=j6(n,r,t);return Mn(o)}var d_=b(()=>{br();Ss();Or()});var Rs=b(()=>{d_();l_();Ss()});function K6(n,r){return Cn("Partial",[Cn(n,r)])}function v6(n){return Cn("Partial",[Ct(n)])}function Z6(n){let r={};for(let t of globalThis.Object.getOwnPropertyNames(n))r[t]=Wr(n[t]);return r}function p6(n,r){let t=In(n,[er,"$id","required","properties"]),o=Z6(r);return Ln(o,t)}function Km(n){return n.map((r)=>vm(r))}function vm(n){return kt(n)?K6(n.target,n.parameters):rr(n)?v6(n.$ref):pn(n)?Vr(Km(n.allOf)):En(n)?Wn(Km(n.anyOf)):ar(n)?p6(n,n.properties):ec(n)?n:ao(n)?n:zt(n)?n:pr(n)?n:yi(n)?n:Bt(n)?n:eo(n)?n:Ti(n)?n:na(n)?n:Ln({})}function di(n,r){if(jn(n))return Zm(n,r);else return Y({...vm(n),...r})}var u_=b(()=>{en();Qo();lo();rt();lt();sr();wc();fo();fn();b_();kn()});function I6(n,r){let t={};for(let o of globalThis.Object.getOwnPropertyNames(n))t[o]=di(n[o],Fn(r));return t}function y6(n,r){return I6(n.properties,r)}function Zm(n,r){let t=y6(n,r);return Mn(t)}var b_=b(()=>{br();u_();Or()});var Ds=b(()=>{b_();u_()});function T6(n,r){return Cn("Required",[Cn(n,r)])}function n8(n){return Cn("Required",[Ct(n)])}function r8(n){let r={};for(let t of globalThis.Object.getOwnPropertyNames(n))r[t]=In(n[t],[kr]);return r}function t8(n,r){let t=In(n,[er,"$id","required","properties"]),o=r8(r);return Ln(o,t)}function pm(n){return n.map((r)=>Im(r))}function Im(n){return kt(n)?T6(n.target,n.parameters):rr(n)?n8(n.$ref):pn(n)?Vr(pm(n.allOf)):En(n)?Wn(pm(n.anyOf)):ar(n)?t8(n,n.properties):ec(n)?n:ao(n)?n:zt(n)?n:pr(n)?n:yi(n)?n:Bt(n)?n:eo(n)?n:Ti(n)?n:na(n)?n:Ln({})}function ui(n,r){if(jn(n))return ym(n,r);else return Y({...Im(n),...r})}var g_=b(()=>{en();Qo();rt();lt();sr();wc();fn();fo();w_();kn()});function o8(n,r){let t={};for(let o of globalThis.Object.getOwnPropertyNames(n))t[o]=ui(n[o],r);return t}function c8(n,r){return o8(n.properties,r)}function ym(n,r){let t=c8(n,r);return Mn(t)}var w_=b(()=>{br();g_()});var ks=b(()=>{w_();g_()});function i8(n,r){return r.map((t)=>{return rr(t)?m_(n,t.$ref):tt(n,t)})}function m_(n,r){return r in n?rr(n[r])?m_(n,n[r].$ref):tt(n,n[r]):Sn()}function a8(n){return ii(n[0])}function e8(n){return Oo(n[0],n[1])}function s8(n){return ai(n[0])}function f8(n){return di(n[0])}function l8(n){return Po(n[0],n[1])}function _8(n){return Co(n[0],n[1])}function d8(n){return ui(n[0])}function u8(n,r,t){let o=i8(n,t);return r==="Awaited"?a8(o):r==="Index"?e8(o):r==="KeyOf"?s8(o):r==="Partial"?f8(o):r==="Omit"?l8(o):r==="Pick"?_8(o):r==="Required"?d8(o):Sn()}function b8(n,r){return Ic(tt(n,r))}function g8(n,r){return yc(tt(n,r))}function w8(n,r,t){return Tc(Ea(n,r),tt(n,t))}function m8(n,r,t){return Nt(Ea(n,r),tt(n,t))}function h8(n,r){return Vr(Ea(n,r))}function $8(n,r){return ci(tt(n,r))}function A8(n,r){return Ln(globalThis.Object.keys(r).reduce((t,o)=>{return{...t,[o]:tt(n,r[o])}},{}))}function E8(n,r){let[t,o]=[tt(n,$s(r)),hs(r)],c=Zc(r);return c.patternProperties[o]=t,c}function S8(n,r){return rr(r)?{...m_(n,r.$ref),[er]:r[er]}:r}function R8(n,r){return _t(Ea(n,r))}function D8(n,r){return Wn(Ea(n,r))}function Ea(n,r){return r.map((t)=>tt(n,t))}function tt(n,r){return Gr(r)?Y(tt(n,In(r,[kr])),r):pc(r)?Y(tt(n,In(r,[Rt])),r):Yo(r)?Y(S8(n,r),r):Dt(r)?Y(b8(n,r.items),r):ac(r)?Y(g8(n,r.items),r):kt(r)?Y(u8(n,r.target,r.parameters)):Mt(r)?Y(w8(n,r.parameters,r.returns),r):Ht(r)?Y(m8(n,r.parameters,r.returns),r):pn(r)?Y(h8(n,r.allOf),r):sc(r)?Y($8(n,r.items),r):ar(r)?Y(A8(n,r.properties),r):lc(r)?Y(E8(n,r)):Tr(r)?Y(R8(n,r.items||[]),r):En(r)?Y(D8(n,r.anyOf),r):r}function k8(n,r){return r in n?tt(n,n[r]):Sn()}function Tm(n){return globalThis.Object.getOwnPropertyNames(n).reduce((r,t)=>{return{...r,[t]:k8(n,t)}},{})}var n2=b(()=>{io();il();fo();aa();ye();ea();sa();Pt();_c();lt();ua();ma();rt();Es();Rs();Mr();Ds();$a();ks();Go();sr();fn();kn()});class r2{constructor(n){let r=Tm(n),t=this.WithIdentifiers(r);this.$defs=t}Import(n,r){let t={...this.$defs,[n]:Y(this.$defs[n],r)};return Y({[q]:"Import",$defs:t,$ref:n})}WithIdentifiers(n){return globalThis.Object.getOwnPropertyNames(n).reduce((r,t)=>{return{...r,[t]:{...n[t],$id:t}}},{})}}function t2(n){return new r2(n)}var o2=b(()=>{io();fn();n2()});var h_=b(()=>{o2()});function c2(n,r){return Y({[q]:"Not",not:n},r)}var i2=b(()=>{en();fn()});var $_=b(()=>{i2()});function a2(n,r){return Ht(n)?_t(n.parameters,r):Sn()}var e2=b(()=>{Go();Mr();kn()});var A_=b(()=>{e2()});function s2(n,r={}){if(ir(r.$id))r.$id=`T${M8++}`;let t=Zc(n({[q]:"This",$ref:`${r.$id}`}));return t.$id=r.$id,Y({[st]:"Recursive",...t},r)}var M8=0;var f2=b(()=>{Oe();en();fn()});var E_=b(()=>{f2()});function l2(n,r){let t=xn(n)?new globalThis.RegExp(n):n;return Y({[q]:"RegExp",type:"RegExp",source:t.source,flags:t.flags},r)}var _2=b(()=>{en();fn()});var S_=b(()=>{_2()});function H8(n){return pn(n)?n.allOf:En(n)?n.anyOf:Tr(n)?n.items??[]:[]}function d2(n){return H8(n)}var u2=b(()=>{kn()});var R_=b(()=>{u2()});function b2(n,r){return Ht(n)?Y(n.returns,r):Sn(r)}var g2=b(()=>{en();Mr();kn()});var D_=b(()=>{g2()});var w2=()=>{};var m2=()=>{};var h2=b(()=>{w2();m2()});var $2=()=>{};var A2=b(()=>{$2()});class E2{constructor(n){this.schema=n}Decode(n){return new S2(this.schema,n)}}class S2{constructor(n,r){this.schema=n,this.decode=r}EncodeTransform(n,r){let c={Encode:(i)=>r[er].Encode(n(i)),Decode:(i)=>this.decode(r[er].Decode(i))};return{...r,[er]:c}}EncodeSchema(n,r){let t={Decode:this.decode,Encode:n};return{...r,[er]:t}}Encode(n){return Yo(this.schema)?this.EncodeTransform(n,this.schema):this.EncodeSchema(n,this.schema)}}function R2(n){return new E2(n)}var D2=b(()=>{fn();kn()});var k_=b(()=>{D2()});function k2(n={}){return Y({[q]:n[q]??"Unsafe"},n)}var M2=b(()=>{en();fn()});var M_=b(()=>{M2()});function H2(n){return Y({[q]:"Void",type:"void"},n)}var z2=b(()=>{en();fn()});var H_=b(()=>{z2()});var z_={};go(z_,{Void:()=>H2,Uppercase:()=>xm,Unsafe:()=>k2,Unknown:()=>No,Union:()=>Wn,Undefined:()=>is,Uncapitalize:()=>Gm,Uint8Array:()=>es,Tuple:()=>_t,Transform:()=>R2,TemplateLiteral:()=>Ke,Symbol:()=>os,String:()=>Ut,ReturnType:()=>b2,Rest:()=>d2,Required:()=>ui,RegExp:()=>l2,Ref:()=>Ct,Recursive:()=>s2,Record:()=>ms,ReadonlyOptional:()=>gs,Readonly:()=>Pr,Promise:()=>pe,Pick:()=>Co,Partial:()=>di,Parameters:()=>a2,Optional:()=>Wr,Omit:()=>Po,Object:()=>Ln,Number:()=>ft,Null:()=>rs,Not:()=>c2,Never:()=>Sn,Module:()=>t2,Mapped:()=>W1,Lowercase:()=>Qm,Literal:()=>zn,KeyOf:()=>ai,Iterator:()=>ci,Intersect:()=>Vr,Integer:()=>Um,Instantiate:()=>zm,InstanceType:()=>Rm,Index:()=>Oo,Function:()=>Nt,Extract:()=>_i,Extends:()=>fi,Exclude:()=>li,Enum:()=>tm,Date:()=>Te,ConstructorParameters:()=>nm,Constructor:()=>Tc,Const:()=>y1,Composite:()=>q1,Capitalize:()=>Xm,Boolean:()=>Fe,BigInt:()=>ti,Awaited:()=>ii,AsyncIterator:()=>yc,Array:()=>Ic,Argument:()=>Kw,Any:()=>Lo});var B2=b(()=>{ia();ul();aa();ea();ye();da();je();Ll();Ol();sa();Gl();ns();Nl();Il();ha();n_();_c();Pt();r_();o_();c_();lt();a_();ua();ma();Nr();br();h_();Mr();$_();ts();uc();rt();Es();lo();A_();Ds();Rs();Ie();gc();ws();$a();E_();wc();S_();ks();R_();D_();oi();cs();uo();k_();Go();ss();as();sr();ei();M_();H_()});var _r;var U2=b(()=>{B2();_r=z_});var W2=b(()=>{il();io();Gt();dl();Jw();oa();Nw();ca();fn();ia();aa();ul();ea();ye();da();je();Ll();Ol();sa();Gl();ns();Nl();Il();ha();n_();_c();Pt();r_();o_();c_();lt();ua();a_();ma();Nr();h_();br();Mr();$_();ts();uc();rt();Es();lo();A_();Ds();Rs();Ie();gc();ws();$a();E_();wc();S_();ks();R_();D_();h2();A2();oi();cs();uo();k_();Go();ss();as();sr();ei();M_();H_();U2()});var B_,U_,uq,bq;var W_=b(()=>{W2();B_=_r.Object({email:_r.String({format:"email"})}),U_=_r.Object({token:_r.String()}),uq=_r.Object({success:_r.Boolean(),message:_r.Optional(_r.String())}),bq=_r.Object({success:_r.Boolean(),message:_r.Optional(_r.String()),data:_r.Optional(_r.Object({user:_r.Object({id:_r.String(),email:_r.String()}),accessToken:_r.String(),refreshToken:_r.String()}))})});import{eq as V_}from"drizzle-orm";import{Elysia as z8}from"elysia";function Ms(n,r,t,o,c,i,a,e,s,f){let{db:d,logger:l,usersTable:w}=n,g=r.route||"/auth/magic-link",u=r.verifyRoute||"/auth/magic-link/verify",m=r.expiresIn||"15m",_=r.redirectUrl||"",S=new z8;if(!r.enabled)return S;return S.post(g,async(h)=>{if(!d||!w)return{success:!1,message:"Database not configured"};if(!t?.isAvailable())return l.error("[AUTH] Magic link requested but email service not available"),{success:!1,message:"Email service not available"};let{email:E}=h.body,V=(await d.select().from(w).where(V_(w.email,E)).limit(1))[0];if(!V)return l.info("[AUTH] Magic link requested for non-existent email",{email:E}),{success:!0,message:"If an account exists, a magic link has been sent"};if(V.isLocked)return l.warn("[AUTH] Magic link requested for locked account",{email:E}),{success:!0,message:"If an account exists, a magic link has been sent"};let H=Kc(),D=St(H),R=new Date(Date.now()+vc(m));await a({userId:V.id,email:E,tokenHash:D,expiresAt:R});let $=_?`${_}?token=${H}`:`${u}?token=${H}`,A=await t.sendMagicLinkEmail(E,$,f);if(!A.success)return l.error("[AUTH] Failed to send magic link email",{email:E,error:A.error}),{success:!1,message:"Failed to send email"};return l.info("[AUTH] Magic link sent",{email:E,userId:V.id}),{success:!0,message:"If an account exists, a magic link has been sent"}},{body:B_,detail:{tags:["Authentication"],summary:"Request Magic Link",description:"Send a magic link to the user's email for passwordless login"}}),S.get(u,async(h)=>{if(!d||!w)return{success:!1,message:"Database not configured"};let E=h.query.token;if(!E)return{success:!1,message:"Token is required"};let W=St(E),V=await e(W);if(!V)return l.warn("[AUTH] Invalid magic link token"),{success:!1,message:"Invalid or expired token"};if(new Date>V.expiresAt)return await s(W),l.warn("[AUTH] Expired magic link token",{email:V.email}),{success:!1,message:"Invalid or expired token"};let D=(await d.select().from(w).where(V_(w.id,V.userId)).limit(1))[0];if(!D)return await s(W),{success:!1,message:"User not found"};await s(W),await d.update(w).set({lastLoginAt:new Date,loginCount:(D.loginCount||0)+1,emailVerified:!0}).where(V_(w.id,D.id));let R=h.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||h.request.headers.get("x-real-ip")?.trim()||"unknown",$=h.request.headers.get("user-agent")||"",A=o(D.id),M=c(D.id),z=await i({userId:D.id,deviceInfo:{ipAddress:R,userAgent:$,deviceType:"unknown"},loginMethod:"magic_link"});return l.info("[AUTH] Magic link login successful",{userId:D.id,email:D.email}),h.set.headers["x-session-id"]=z,{success:!0,data:{user:{id:D.id,email:D.email},accessToken:A,refreshToken:M}}},{query:U_,detail:{tags:["Authentication"],summary:"Verify Magic Link",description:"Verify magic link token and login user"}}),S}var Y_=b(()=>{W_();Ki();W_()});import{eq as bi}from"drizzle-orm";import{Elysia as B8}from"elysia";function Hs(n,r,t,o,c){let{db:i,logger:a,usersTable:e}=n,s=r.route||"/auth/me",f=new B8;if(!r.enabled)return f;return f.get(s,async(d)=>{if(!i||!e)return{success:!1,message:"Database not configured"};let l=d.request.headers.get("x-user-id");if(!l)return d.set.status=401,{success:!1,message:"Unauthorized"};let g=(await i.select().from(e).where(bi(e.id,l)).limit(1))[0];if(!g)return d.set.status=404,{success:!1,message:"User not found"};let{password:u,...m}=g,_=null,S=[],h=[],E=[],W=[];if(r.includeProfile&&t){let H=t.profiles;if(H&&i)_=(await i.select().from(H).where(bi(H.userId,l)).limit(1))[0]||null}if(r.includeAddresses&&t){let H=t.addresses;if(H&&i)S=await i.select().from(H).where(bi(H.ownerId,l))}if(r.includePhones&&t){let H=t.phones;if(H&&i)h=await i.select().from(H).where(bi(H.ownerId,l))}if(r.includeFiles&&t){let H=t.files;if(H&&i)E=await i.select().from(H).where(bi(H.uploadedBy,l))}if(r.includeRoles&&t){let{userRoles:H,roles:D}=t;if(H&&D&&i){let $=(await i.select().from(H).where(bi(H.userId,l))).map((A)=>A.roleId);if($.length>0){let{inArray:A}=await import("drizzle-orm");W=await i.select().from(D).where(A(D.id,$))}}}return a.info("[AUTH] Me endpoint accessed",{userId:l}),JSON.parse(JSON.stringify({success:!0,data:{user:m,profile:_,addresses:S,phones:h,files:E,roles:W}},(H,D)=>typeof D==="bigint"?Number(D):D))},{detail:{tags:["Authentication"],summary:"Get current user",description:"Get the currently authenticated user with profile, addresses, phones and files"}}),f}var J_=()=>{};import{and as zs,eq as Xr}from"drizzle-orm";import{Elysia as U8}from"elysia";function V2(n,r,t,o,c,i,a,e,s,f,d){let{db:l,logger:w,usersTable:g}=n,u=r.basePath,m={accessTokenName:a?.accessTokenName||"access_token",refreshTokenName:a?.refreshTokenName||"refresh_token",sessionTokenName:a?.sessionTokenName||"session_token",accessTokenMaxAge:a?.accessTokenMaxAge||900,refreshTokenMaxAge:a?.refreshTokenMaxAge||604800,sessionTokenMaxAge:a?.sessionTokenMaxAge||900,secure:a?.secure??!0,httpOnly:a?.httpOnly??!0,sameSite:a?.sameSite||"lax",path:a?.path||"/",domain:a?.domain},_={accessToken:{setHeadersEnabled:e?.accessToken?.setHeadersEnabled??!0,returnJson:e?.accessToken?.returnJson??!0},refreshToken:{setHeadersEnabled:e?.refreshToken?.setHeadersEnabled??!0,returnJson:e?.refreshToken?.returnJson??!0},sessionToken:{setHeadersEnabled:e?.sessionToken?.setHeadersEnabled??!0,returnJson:e?.sessionToken?.returnJson??!0}},S=new U8;return S.get(`${u}/:provider`,async(h)=>{let E=h.params.provider;if(!r.isProviderEnabled(E))return h.set.status=404,{success:!1,message:`OAuth provider "${E}" is not enabled`};let W=h.query.link_user_id,V=h.query.redirect_url,H=r.buildAuthorizationUrl(E,W,V);return h.set.status=302,h.set.headers.Location=H,null},{detail:{tags:["Authentication"],summary:"OAuth Redirect",description:"Redirects to the OAuth provider authorization page"}}),S.get(`${u}/:provider/callback`,async(h)=>{let E=h.params.provider,W=h.query,{code:V,state:H,error:D,error_description:R}=W,$=r.errorRedirectUrl;if(D)return w.warn("[OAUTH] Provider returned error",{provider:E,error:D,error_description:R}),h.set.status=302,h.set.headers.Location=`${$}?error=${encodeURIComponent(R||D)}`,null;if(!V||!H)return h.set.status=302,h.set.headers.Location=`${$}?error=missing_code_or_state`,null;let A=r.consumeState(H);if(!A)return w.warn("[OAUTH] Invalid or expired state",{provider:E,state:H}),h.set.status=302,h.set.headers.Location=`${$}?error=invalid_state`,null;if(A.provider!==E)return w.warn("[OAUTH] State provider mismatch",{expected:A.provider,got:E}),h.set.status=302,h.set.headers.Location=`${$}?error=provider_mismatch`,null;if(!l||!g)return h.set.status=302,h.set.headers.Location=`${$}?error=server_error`,null;let M;try{M=await r.exchangeCode(E,V)}catch(dn){return w.error("[OAUTH] Code exchange failed",{provider:E,error:dn}),h.set.status=302,h.set.headers.Location=`${$}?error=token_exchange_failed`,null}let{profile:z,tokens:X}=M,O=n.oauthAccountsTable,B=null;if(A.linkUserId&&r.allowAccountLinking){if(B=A.linkUserId,O){let On=await l.select().from(O).where(zs(Xr(O.provider,E),Xr(O.providerAccountId,z.providerAccountId))).limit(1);if(On.length>0){let vn=On[0];if(vn.userId!==B)return h.set.status=302,h.set.headers.Location=`${$}?error=account_already_linked_to_another_user`,null;await l.update(O).set({accessToken:X.accessToken,refreshToken:X.refreshToken??null,tokenExpiresAt:X.expiresAt??null,scope:X.scope??null,rawProfile:z.rawProfile,lastUsedAt:new Date}).where(Xr(O.id,vn.id))}else await l.insert(O).values({userId:B,provider:E,providerAccountId:z.providerAccountId,providerEmail:z.email??null,providerName:z.name??null,providerAvatarUrl:z.avatarUrl??null,accessToken:X.accessToken,refreshToken:X.refreshToken??null,tokenExpiresAt:X.expiresAt??null,scope:X.scope??null,rawProfile:z.rawProfile,isPrimary:!1,lastUsedAt:new Date})}w.info("[OAUTH] Account linked successfully",{userId:B,provider:E});let dn=A.redirectUrl||r.successRedirectUrl;return h.set.status=302,h.set.headers.Location=`${dn}?linked=true&provider=${E}`,null}if(O){let dn=await l.select().from(O).where(zs(Xr(O.provider,E),Xr(O.providerAccountId,z.providerAccountId))).limit(1);if(dn.length>0){let On=dn[0];B=On.userId,await l.update(O).set({accessToken:X.accessToken,refreshToken:X.refreshToken??null,tokenExpiresAt:X.expiresAt??null,scope:X.scope??null,rawProfile:z.rawProfile,lastUsedAt:new Date}).where(Xr(O.id,On.id))}}if(!B&&z.email){let dn=await l.select().from(g).where(Xr(g.email,z.email)).limit(1);if(dn.length>0){if(B=dn[0].id,O)await l.insert(O).values({userId:B,provider:E,providerAccountId:z.providerAccountId,providerEmail:z.email??null,providerName:z.name??null,providerAvatarUrl:z.avatarUrl??null,accessToken:X.accessToken,refreshToken:X.refreshToken??null,tokenExpiresAt:X.expiresAt??null,scope:X.scope??null,rawProfile:z.rawProfile,isPrimary:!1,lastUsedAt:new Date}).onConflictDoNothing();w.info("[OAUTH] Merged OAuth account with existing user by email",{userId:B,provider:E,email:z.email})}}if(!B){if(!r.autoCreateUser)return h.set.status=302,h.set.headers.Location=`${$}?error=user_not_found`,null;let dn=z.email??`${E}_${z.providerAccountId}@oauth.local`;if(B=(await l.insert(g).values({email:dn,password:null,verifiedAt:z.email?new Date:null,isActive:!0}).returning())[0].id,O)await l.insert(O).values({userId:B,provider:E,providerAccountId:z.providerAccountId,providerEmail:z.email??null,providerName:z.name??null,providerAvatarUrl:z.avatarUrl??null,accessToken:X.accessToken,refreshToken:X.refreshToken??null,tokenExpiresAt:X.expiresAt??null,scope:X.scope??null,rawProfile:z.rawProfile,isPrimary:!0,lastUsedAt:new Date});if(w.info("[OAUTH] Created new user via OAuth",{userId:B,provider:E,email:z.email}),r.sendInviteOnCreate&&z.email&&s?.isAvailable()&&f)try{let ln=Kc(),gr=St(ln),ot=new Date(Date.now()+vc("7d"));await f({userId:B,email:z.email,tokenHash:gr,expiresAt:ot});let Yn=`${r.successRedirectUrl.replace(/\/$/,"").replace(/\/[^/]+$/,"/set-password")}?token=${ln}`;await s.sendEmail({to:z.email,subject:`Welcome to ${d??"the platform"} \u2014 Set your password`,html:`
+				`),M=(Array.isArray($)?$:$.rows||[]).map((B)=>String(B.table_name||""));o.info("[AUTH] Change User ID - discovered schema references",{fkConstraints:h.map((B)=>`${B.table_name}.${B.column_name} (${B.constraint_name})`),userIdColumns:Y.map((B)=>`${B.table_name}.${B.column_name}`),auditColumns:R.map((B)=>`${B.table_name}.${B.column_name}`),polyTables:M});let z=new Map,L=(B,W)=>{if(!z.has(B))z.set(B,new Set);z.get(B)?.add(W)};for(let B of h)L(B.table_name,B.column_name);for(let B of Y)L(B.table_name,B.column_name);for(let B of R)L(B.table_name,B.column_name);o.info("[AUTH] Change User ID - all column updates to execute",{updates:Array.from(z.entries()).map(([B,W])=>`${B}: [${Array.from(W).join(", ")}]`)}),await t.transaction(async(B)=>{for(let W of h)await B.execute(to.raw(`ALTER TABLE "${r}"."${W.table_name}" DROP CONSTRAINT "${W.constraint_name}"`));await B.execute(to.raw(`UPDATE "${r}"."users" SET "id" = '${l}' WHERE "id" = '${d}'`));for(let[W,G]of z.entries())for(let j of G)await B.execute(to.raw(`UPDATE "${r}"."${W}" SET "${j}" = '${l}' WHERE "${j}" = '${d}'`));for(let W of M)await B.execute(to.raw(`UPDATE "${r}"."${W}" SET "owner_id" = '${l}' WHERE "owner_id" = '${d}' AND "owner_type" IN ('user', 'users', 'User')`));for(let W of h){let G=W.delete_rule==="CASCADE"?"ON DELETE CASCADE":W.delete_rule==="SET NULL"?"ON DELETE SET NULL":"";await B.execute(to.raw(`ALTER TABLE "${r}"."${W.table_name}" ADD CONSTRAINT "${W.constraint_name}" FOREIGN KEY ("${W.column_name}") REFERENCES "${r}"."users" ("id") ${G}`))}});let O=[...new Set([...h.map((B)=>B.table_name),...Y.map((B)=>B.table_name),...R.map((B)=>B.table_name),...M])];return o.info("[AUTH] User ID changed successfully",{godminId:e,currentId:d,newId:l,email:u.email,affectedTables:O,fkConstraintsDroppedAndReadded:h.length}),await o.audit({entityName:"users",entityId:l,operation:"CHANGE_USER_ID",userId:e,summary:`Godmin changed user ID: ${d} \u2192 ${l} (${u.email})`,oldValues:{id:d},newValues:{id:l},ipAddress:a.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||"unknown",userAgent:a.request.headers.get("user-agent")||"unknown",path:new URL(a.request.url).pathname,query:""}),{success:!0,data:{oldId:d,newId:l,email:u.email,affectedTables:O}}}catch(_){return o.error("[AUTH] Failed to change user ID",{error:_ instanceof Error?_.message:String(_),stack:_ instanceof Error?_.stack:void 0,currentId:d,newId:l}),a.set.status=500,{success:!1,message:_ instanceof Error?_.message:"Failed to change user ID"}}},{body:Cf.Object({currentId:Cf.String(),newId:Cf.String()}),detail:{tags:["Authentication"],summary:"Change User ID",description:"Godmin: change a user's UUID while preserving all FK relations, audit columns, and polymorphic references"}}),i}var qf=()=>{};import{eq as Ff}from"drizzle-orm";import{Elysia as Y3,t as Hg}from"elysia";function Re(n,r,t,o,c,i){let{db:a,logger:e,usersTable:s}=n,f=new Y3,d={accessTokenName:i?.accessTokenName||"access_token",refreshTokenName:i?.refreshTokenName||"refresh_token",sessionTokenName:i?.sessionTokenName||"session_token",accessTokenMaxAge:i?.accessTokenMaxAge||900,refreshTokenMaxAge:i?.refreshTokenMaxAge||604800,sessionTokenMaxAge:i?.sessionTokenMaxAge||900,secure:i?.secure??!0,sameSite:i?.sameSite||"strict",path:i?.path||"/"};return f.post("/auth/admin/impersonate",async(l)=>{if(!a||!s)return{success:!1,message:"Database not configured"};let w=l.request.headers.get("x-user-id");if(!w)return l.set.status=401,{success:!1,message:"Unauthorized"};let{targetUserId:g}=l.body,m=(await a.select().from(s).where(Ff(s.id,w)).limit(1))[0];if(!m||!m.isGod)return l.set.status=403,{success:!1,message:"Forbidden: godmin privileges required"};if(w===g)return l.set.status=400,{success:!1,message:"Cannot impersonate yourself"};let S=(await a.select().from(s).where(Ff(s.id,g)).limit(1))[0];if(!S)return l.set.status=404,{success:!1,message:"Target user not found"};let h=r(g),E=t(g),V=l.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||"unknown",Y={userId:g,deviceInfo:{deviceName:"Impersonation Session",browserName:"Admin",osName:"Admin",ipAddress:V},loginMethod:"impersonation"},H=await o(Y);if(c)await c(H,Y);e.info("[AUTH] Impersonation started",{godminId:w,targetUserId:g,targetEmail:S.email}),await e.audit({entityName:"users",entityId:g,operation:"IMPERSONATE_START",userId:w,summary:`Godmin ${m.email} started impersonating ${S.email}`,ipAddress:l.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||"unknown",userAgent:l.request.headers.get("user-agent")||"unknown",path:new URL(l.request.url).pathname,query:""});let D=d.secure?"; Secure":"",R=`; Path=${d.path}; HttpOnly; SameSite=${d.sameSite}${D}`,$=[`${d.accessTokenName}=${h}${R}; Max-Age=${d.accessTokenMaxAge}`,`${d.refreshTokenName}=${E}${R}; Max-Age=${d.refreshTokenMaxAge}`,`${d.sessionTokenName}=${H}${R}; Max-Age=${d.sessionTokenMaxAge}`,`nucleus_impersonating_as=${g}${R}; Max-Age=${d.sessionTokenMaxAge}`,`nucleus_godmin_id=${w}${R}; Max-Age=${d.sessionTokenMaxAge}`,`nucleus_impersonating_email=${encodeURIComponent(String(S.email))}${R}; Max-Age=${d.sessionTokenMaxAge}`],A=JSON.stringify({success:!0,data:{targetUser:{id:S.id,email:S.email},godminId:w,sessionId:H}}),M=new Headers;M.set("Content-Type","application/json");for(let z of $)M.append("Set-Cookie",z);return new Response(A,{status:200,headers:M})},{body:Hg.Object({targetUserId:Hg.String()}),detail:{tags:["Authentication"],summary:"Impersonate User",description:"Godmin: start a session as another user"}}),f.post("/auth/admin/impersonate/stop",async(l)=>{if(!a||!s)return{success:!1,message:"Database not configured"};let w=l.request.headers.get("cookie")||"",u=Object.fromEntries(w.split(";").map((z)=>{let[L,...O]=z.trim().split("=");return[L?.trim(),O.join("=")]})).nucleus_godmin_id;if(!u)return l.set.status=400,{success:!1,message:"No active impersonation session"};let _=(await a.select().from(s).where(Ff(s.id,u)).limit(1))[0];if(!_)return l.set.status=404,{success:!1,message:"Godmin user not found"};let S=r(u),h=t(u),E=l.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||"unknown",V={userId:u,deviceInfo:{deviceName:"Restored Admin Session",browserName:"Admin",osName:"Admin",ipAddress:E},loginMethod:"impersonation_stop"},Y=await o(V);if(c)await c(Y,V);e.info("[AUTH] Impersonation stopped",{godminId:u}),await e.audit({entityName:"users",entityId:u,operation:"IMPERSONATE_STOP",userId:u,summary:`Godmin ${_.email} stopped impersonation`,ipAddress:l.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||"unknown",userAgent:l.request.headers.get("user-agent")||"unknown",path:new URL(l.request.url).pathname,query:""});let H=d.secure?"; Secure":"",D=`; Path=${d.path}; HttpOnly; SameSite=${d.sameSite}${H}`,R=`; Path=${d.path}; HttpOnly; SameSite=${d.sameSite}${H}; Max-Age=0`,$=[`${d.accessTokenName}=${S}${D}; Max-Age=${d.accessTokenMaxAge}`,`${d.refreshTokenName}=${h}${D}; Max-Age=${d.refreshTokenMaxAge}`,`${d.sessionTokenName}=${Y}${D}; Max-Age=${d.sessionTokenMaxAge}`,`nucleus_impersonating_as=deleted${R}`,`nucleus_godmin_id=deleted${R}`,`nucleus_impersonating_email=deleted${R}`],A=JSON.stringify({success:!0,data:{godminUser:{id:_.id,email:_.email},sessionId:Y}}),M=new Headers;M.set("Content-Type","application/json");for(let z of $)M.append("Set-Cookie",z);return new Response(A,{status:200,headers:M})},{detail:{tags:["Authentication"],summary:"Stop Impersonation",description:"Godmin: restore own session after impersonation"}}),f}var jf=()=>{};import{Elysia as J3,t as Jr}from"elysia";function zg(n){let{captchaService:r,logger:t,basePath:o="/auth/captcha"}=n,c=new J3;if(!r.isEnabled())return c;return c.get(`${o}/generate`,async(i)=>{let{type:a,difficulty:e}=i.query,s=i.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||i.request.headers.get("x-real-ip")?.trim()||i.request.headers.get("cf-connecting-ip")?.trim()||"unknown",f=await r.generate(a,e,s);if(f.rateLimited)return i.set.status=429,{success:!1,message:f.message??"Too many requests. Please try again later."};return t.info("[CAPTCHA] Challenge generated via endpoint",{challengeId:f.challengeId,type:f.type,ipAddress:s}),{success:!0,data:{challengeId:f.challengeId,type:f.type,question:f.question,expiresAt:f.expiresAt,...f.imageData?{imageData:f.imageData}:{},...f.puzzleData?{puzzleData:{pieces:f.puzzleData.pieces}}:{}}}},{query:X3,detail:{tags:["Captcha"],summary:"Generate Captcha",description:"Generate a new captcha challenge"}}),c.post(`${o}/validate`,async(i)=>{let{challengeId:a,answer:e}=i.body,s=await r.validate(a,e);if(!s.valid)i.set.status=400;return s},{body:L3,detail:{tags:["Captcha"],summary:"Validate Captcha",description:"Validate a captcha answer"}}),c}var X3,L3;var Bg=b(()=>{X3=Jr.Object({type:Jr.Optional(Jr.Union([Jr.Literal("math"),Jr.Literal("image"),Jr.Literal("puzzle"),Jr.Literal("text")])),difficulty:Jr.Optional(Jr.Union([Jr.Literal("easy"),Jr.Literal("medium"),Jr.Literal("hard")]))}),L3=Jr.Object({challengeId:Jr.String(),answer:Jr.String()})});function Ug(n,r){let{db:t,logger:o}=n,c=r.route||"/auth/check";return(i)=>i.post(c,async(a)=>{let{body:e,request:s,set:f}=a,d=s.headers.get("x-user-id");if(!d)return f.status=401,{isSuccess:!1,message:"Unauthenticated",data:null};if(!t)return f.status=503,{isSuccess:!1,message:"Authorization service unavailable",data:null};let l=n.schemaTables;if(!l)return f.status=503,{isSuccess:!1,message:"Authorization tables not available",data:null};let{entity:w,method:g,fields:u,relations:m}=e;if(!w||!g)return f.status=400,{isSuccess:!1,message:"entity and method are required",data:null};let _=await pa({userId:d,method:g,entity:w,requestedFields:u,requestedRelations:m,db:t,schemaTables:l,logger:o});return{isSuccess:!0,message:_.authorized?"Authorized":"Forbidden",data:{authorized:_.authorized,reason:_.reason,allowedFields:_.allowedFields,allowedRelations:_.allowedRelations,scopeFilters:_.scopeFilters}}},{detail:{tags:["Auth"],summary:"Check authorization for a given entity and method",description:"Allows consumer/resource servers to perform full claim checks (including scope) against the IDP's authorization system."}})}var Wg=b(()=>{N0()});import Q3 from"crypto";var{password:O3}=globalThis.Bun;async function Wo(n){return await O3.hash(n,{algorithm:"bcrypt",cost:10})}function De(){return Q3.randomBytes(32).toString("hex")}function Fc(n){let r=n.match(/^(\d+)(s|m|h|d)$/);if(!r||!r[1]||!r[2])return 86400000;let t=Number.parseInt(r[1],10);switch(r[2]){case"s":return t*1000;case"m":return t*60*1000;case"h":return t*60*60*1000;case"d":return t*24*60*60*1000;default:return 86400000}}function Vg(n){let r=[];if(n.length<8)r.push("Password must be at least 8 characters");if(!/[A-Z]/.test(n))r.push("Password must contain uppercase letter");if(!/[a-z]/.test(n))r.push("Password must contain lowercase letter");if(!/[0-9]/.test(n))r.push("Password must contain a number");return{valid:r.length===0,errors:r}}var jc=()=>{};import{sql as ke}from"drizzle-orm";import{Elysia as G3,t as Me}from"elysia";function He(n){let{authConfig:r,registerConfig:t,emailService:o,appName:c}=n,{db:i,logger:a,usersTable:e}=r,s=new G3;if(!t.enabled||!t.emailVerification?.enabled)return s;let f="/verify-email",d="/resend-verification";return s.get(f,async(l)=>{if(!i||!e)return{success:!1,message:"Database not configured"};let w=l.query.token;if(!w)return{success:!1,message:"Verification token is required"};let g=await i.select().from(e).where(ke`email_verification_token = ${w}`).limit(1);if(g.length===0)return a.warn("[AUTH] Email verification failed - invalid token"),{success:!1,message:"Invalid or expired verification token"};let u=g[0],m=u.emailVerificationTokenExpiresAt;if(m&&new Date>new Date(m))return a.warn("[AUTH] Email verification failed - token expired",{userId:u.id,email:u.email}),{success:!1,message:"Verification token has expired. Please request a new one."};if(await i.update(e).set({verifiedAt:new Date,emailVerificationToken:null,emailVerificationTokenExpiresAt:null}).where(ke`id = ${u.id}`),a.info("[AUTH] Email verified successfully",{userId:u.id,email:u.email}),t.emailVerification?.templates?.welcome?.enabled&&o?.isAvailable())o.sendWelcomeEmail(u.email,u.email.split("@")[0]||"User",c||"Nucleus").catch((S)=>{a.error("[AUTH] Failed to send welcome email after verification",{email:u.email,error:S})});return{success:!0,message:"Email verified successfully. You can now log in.",data:{redirectUrl:t.emailVerification?.redirectUrl||"/login",verified:!0}}},{query:Me.Object({token:Me.String()}),detail:{tags:["Authentication"],summary:"Verify Email",description:"Verify user email address using the verification token"}}),s.post(d,async(l)=>{if(!i||!e)return{success:!1,message:"Database not configured"};if(!o?.isAvailable())return{success:!1,message:"Email service not available"};let{email:w}=l.body,g=await i.select().from(e).where(ke`email = ${w}`).limit(1);if(g.length===0)return{success:!0,message:"If your email is registered, you will receive a verification email."};let u=g[0];if(u.verifiedAt)return{success:!1,message:"Email is already verified"};let m=t.emailVerification?.maxResendAttempts||3,_=u.emailVerificationAttempts||0;if(_>=m)return a.warn("[AUTH] Resend verification failed - max attempts reached",{email:w,attempts:_}),{success:!1,message:"Maximum resend attempts reached. Please contact support.",data:{maxAttemptsReached:!0,attemptsUsed:_,maxAttempts:m}};let S=t.emailVerification?.resendCooldown||"60s",h=Fc(S),E=u.emailVerificationSentAt;if(E){let A=Date.now()-new Date(E).getTime();if(A<h){let M=Math.ceil((h-A)/1000);return{success:!1,message:`Please wait ${M} seconds before requesting another verification email.`,data:{cooldownRemaining:M,canResendAt:new Date(Date.now()+M*1000).toISOString()}}}}let V=De(),Y=t.emailVerification?.tokenExpiresIn||"24h",H=new Date(Date.now()+Fc(Y));await i.update(e).set({emailVerificationToken:V,emailVerificationTokenExpiresAt:H,emailVerificationSentAt:new Date,emailVerificationAttempts:_+1}).where(ke`id = ${u.id}`);let R=`${(t.emailVerification?.redirectUrl||"http://localhost:3000/login").replace("/login","/verify-email")}?token=${V}`,$=await o.sendVerificationEmail(w,w.split("@")[0]||"User",R,c||"Nucleus");if($.success)return a.info("[AUTH] Verification email resent",{email:w}),{success:!0,message:"Verification email sent. Please check your inbox.",data:{cooldownSeconds:Math.ceil(h/1000),canResendAt:new Date(Date.now()+h).toISOString(),attemptsRemaining:m-(_+1)}};return a.error("[AUTH] Failed to resend verification email",{email:w,error:$.error}),{success:!1,message:"Failed to send verification email. Please try again later."}},{body:Me.Object({email:Me.String({format:"email"})}),detail:{tags:["Authentication"],summary:"Resend Verification Email",description:"Resend the email verification link to the user"}}),s}var Kf=b(()=>{jc()});import Yg from"crypto";function Kc(){return Yg.randomBytes(32).toString("hex")}function St(n){return Yg.createHash("sha256").update(n).digest("hex")}function vc(n){let r=n.match(/^(\d+)(s|m|h|d)$/);if(!r?.[1]||!r[2])return 900000;let t=parseInt(r[1],10);switch(r[2]){case"s":return t*1000;case"m":return t*60*1000;case"h":return t*60*60*1000;case"d":return t*24*60*60*1000;default:return 900000}}var Ki=()=>{};import{eq as N3}from"drizzle-orm";import{Elysia as x3,t as ze}from"elysia";function Be(n,r,t,o,c,i){let{db:a,logger:e,usersTable:s}=n,f=r.route||"/auth/invite",d=r.tokenExpiresIn||"7d",l=r.redirectUrl||"",w=new x3;if(!r.enabled)return w;if(w.post(f,async(g)=>{if(!a||!s)return{success:!1,message:"Database not configured"};if(!t?.isAvailable())return e.error("[AUTH] Invite requested but email service not available"),{success:!1,message:"Email service not available"};let{email:u}=g.body,m=await a.select().from(s).where(N3(s.email,u)).limit(1),_;if(m.length>0){let H=m[0];if(H.verifiedAt||H.password)return e.warn("[AUTH] Invite failed - user already verified",{email:u}),{success:!1,message:"User with this email is already verified"};_=H.id,e.info("[AUTH] Resending invitation to existing unverified user",{userId:_,email:u})}else{let H={email:u,password:null,emailVerified:!1,isLocked:!1,createdAt:new Date,updatedAt:new Date},R=(await a.insert(s).values(H).returning())[0];if(!R)return e.error("[AUTH] Failed to create invited user",{email:u}),{success:!1,message:"Failed to create user"};_=R.id,e.info("[AUTH] Invited user created",{userId:_,email:u})}let S=Kc(),h=St(S),E=new Date(Date.now()+vc(d));await o({userId:_,email:u,tokenHash:h,expiresAt:E});let V=l?`${l}?token=${S}&invite=true`:`/auth/magic-link/verify?token=${S}`,Y=await t.sendInvitationEmail(u,V,c||"Nucleus");if(!Y.success)return e.error("[AUTH] Failed to send invitation email",{email:u,error:Y.error}),{success:!0,message:"User created but failed to send invitation email",data:{id:_,email:u}};return e.info("[AUTH] Invitation email sent",{email:u,userId:_}),{success:!0,message:"Invitation sent successfully",data:{id:_,email:u}}},{body:P3,detail:{tags:["Authentication"],summary:"Invite User",description:"Invite a new user by sending them an email with a magic link to set their password"}}),i)w.post(`${f}/verify`,async(g)=>{let{token:u}=g.body;if(!u)return{success:!1,message:"Token is required"};let m=St(u),_=await i(m);if(!_)return e.warn("[AUTH] Invalid invite verify token"),{success:!1,message:"Invalid or expired token"};if(new Date>_.expiresAt)return e.warn("[AUTH] Expired invite verify token",{email:_.email}),{success:!1,message:"Invalid or expired token"};return e.info("[AUTH] Invite token verified (not consumed)",{email:_.email,userId:_.userId}),{success:!0,data:{userId:_.userId,email:_.email}}},{body:ze.Object({token:ze.String()}),detail:{tags:["Authentication"],summary:"Verify Invite Token",description:"Validate an invite token without consuming it. Returns user info if valid."}});return w}var P3;var vf=b(()=>{Ki();P3=ze.Object({email:ze.String({format:"email"})})});import{t as nr}from"elysia";var Zf,C3;var pf=b(()=>{Zf=nr.Object({email:nr.String({format:"email"}),password:nr.String({minLength:1}),rememberMe:nr.Optional(nr.Boolean()),captchaId:nr.Optional(nr.String()),captchaAnswer:nr.Optional(nr.String()),deviceHint:nr.Optional(nr.String())}),C3=nr.Object({success:nr.Boolean(),message:nr.Optional(nr.String()),data:nr.Optional(nr.Object({user:nr.Object({id:nr.String(),email:nr.String()}),accessToken:nr.String(),refreshToken:nr.String()}))})});var{password:q3}=globalThis.Bun;async function Ue(n,r){try{return await q3.verify(n,r)}catch{return!1}}function We(n,r,t){let o=n.toLowerCase(),c=["headlesschrome","headless","phantomjs","nightmare","selenium","webdriver","puppeteer","playwright"],i=["bot","crawler","spider","scraper","curl","wget","python-requests","python-urllib","java/","httpclient","go-http-client","node-fetch","axios","postman","insomnia","httpie"],a=c.some((_)=>o.includes(_)),e=i.some((_)=>o.includes(_)),s=a||e,f=[];if(a)f.push("headless_browser");if(e)f.push("bot_user_agent");if(!o||o.length<10)f.push("missing_or_short_ua");if(o==="mozilla/5.0")f.push("generic_ua");if(o.includes("nucleusserveraction")||o.includes("serveraction"))f.push("server_action");let d="unknown";if(o.includes("ipad"))d="tablet";else if(o.includes("iphone"))d="mobile";else if(o.includes("macintosh")||o.includes("windows")&&!o.includes("windows phone")||o.includes("linux")&&!o.includes("android"))d="desktop";else if(o.includes("tablet")||o.includes("android")&&o.includes("tablet"))d="tablet";else if(o.includes("mobile")||o.includes("android"))d="mobile";let l,w;if(a)l="Headless Browser";else if(e)l="Bot/Crawler";else if(o.includes("chrome")&&!o.includes("edg")){l="Chrome";let _=n.match(/Chrome\/(\d+\.\d+)/i);if(_?.[1])w=_[1]}else if(o.includes("firefox")){l="Firefox";let _=n.match(/Firefox\/(\d+\.\d+)/i);if(_?.[1])w=_[1]}else if(o.includes("safari")&&!o.includes("chrome")){l="Safari";let _=n.match(/Version\/(\d+\.\d+)/i);if(_?.[1])w=_[1]}else if(o.includes("edg")){l="Edge";let _=n.match(/Edg\/(\d+\.\d+)/i);if(_?.[1])w=_[1]}let g,u;if(o.includes("windows nt 10"))g="Windows",u="10/11";else if(o.includes("windows nt"))g="Windows";else if(o.includes("mac os x")){g="macOS";let _=n.match(/Mac OS X (\d+[._]\d+)/i);if(_?.[1])u=_[1].replace("_",".")}else if(o.includes("android")){g="Android";let _=n.match(/Android (\d+\.?\d*)/i);if(_?.[1])u=_[1]}else if(o.includes("iphone")||o.includes("ipad")){g="iOS";let _=n.match(/OS (\d+[._]\d+)/i);if(_?.[1])u=_[1].replace("_",".")}else if(o.includes("linux"))g="Linux";return{deviceName:l&&g?`${l} on ${g}`:"Unknown Device",deviceType:d,browserName:l,browserVersion:w,osName:g,osVersion:u,ipAddress:r,userAgent:n,deviceHint:t,locationCountry:void 0,locationCity:void 0,isHeadless:a,isBot:e,isSuspicious:s,suspiciousPatterns:f}}var Ve=()=>{};import{eq as If}from"drizzle-orm";import{Elysia as F3}from"elysia";function Ye(n,r,t,o,c,i,a,e,s){let{db:f,logger:d,usersTable:l}=n,w=r.route||"/auth/login",g={accessTokenName:a?.accessTokenName||"access_token",refreshTokenName:a?.refreshTokenName||"refresh_token",sessionTokenName:a?.sessionTokenName||"session_token",accessTokenMaxAge:a?.accessTokenMaxAge||900,refreshTokenMaxAge:a?.refreshTokenMaxAge||604800,sessionTokenMaxAge:a?.sessionTokenMaxAge||900,secure:a?.secure??!0,httpOnly:a?.httpOnly??!0,sameSite:a?.sameSite||"strict",path:a?.path||"/",domain:a?.domain},u=new F3;if(!r.enabled)return u;return u.post(w,async(m)=>{if(!f||!l)return{success:!1,message:"Database not configured"};let{email:_,password:S,rememberMe:h,captchaId:E,captchaAnswer:V,deviceHint:Y}=m.body;if(s?.isEnabled()){if(!E||!V)return m.set.status=400,{success:!1,message:"Captcha is required"};let rn=await s.validate(E,V);if(!rn.valid)return m.set.status=400,{success:!1,message:rn.message||"Invalid captcha",attemptsRemaining:rn.attemptsRemaining}}let D=(await f.select().from(l).where(If(l.email,_)).limit(1))[0],R=new URL(m.request.url),$=m.request.headers.get("cf-connecting-ip")?.trim()||m.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||m.request.headers.get("x-real-ip")?.trim()||"unknown",A=m.request.headers.get("user-agent")||"unknown";if(!D)return d.warn("[AUTH] Login failed - user not found",{email:_}),await d.audit({entityName:"users",operation:"LOGIN_FAILED",summary:`Login failed: user not found (${_})`,ipAddress:$,userAgent:A,path:R.pathname,query:R.search}),{success:!1,message:"Invalid email or password"};if(D.isLocked)return d.warn("[AUTH] Login failed - account locked",{email:_,userId:D.id}),await d.audit({entityName:"users",entityId:D.id,operation:"LOGIN_FAILED",userId:D.id,summary:`Login failed: account locked (${_})`,ipAddress:$,userAgent:A,path:R.pathname,query:R.search}),{success:!1,message:"Account is locked"};if(!await Ue(S,D.password)){let rn=(D.failedLoginAttempts||0)+1;return await f.update(l).set({failedLoginAttempts:rn,isLocked:rn>=5,lockedUntil:rn>=5?new Date(Date.now()+1800000):null}).where(If(l.id,D.id)),d.warn("[AUTH] Login failed - invalid password",{email:_,failedAttempts:rn}),await d.audit({entityName:"users",entityId:D.id,operation:"LOGIN_FAILED",userId:D.id,summary:`Login failed: invalid password (${_}, attempt ${rn})`,ipAddress:$,userAgent:A,path:R.pathname,query:R.search}),{success:!1,message:"Invalid email or password"}}await f.update(l).set({failedLoginAttempts:0,lastLoginAt:new Date,loginCount:(D.loginCount||0)+1}).where(If(l.id,D.id));let z={};m.request.headers.forEach((rn,Hn)=>{z[Hn]=rn}),d.info("[AUTH] Login request headers",{headers:z});let L=m.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim(),O=(rn)=>!rn||rn==="127.0.0.1"||rn==="::1"||rn==="localhost"||rn.startsWith("10.")||rn.startsWith("192.168.")||rn.startsWith("172."),B=m.request.headers.get("cf-connecting-ip")?.trim()||m.request.headers.get("true-client-ip")?.trim()||(!O(L)?L:void 0)||m.request.headers.get("x-real-ip")?.trim()||m.request.headers.get("x-client-ip")?.trim()||L||"127.0.0.1",W=m.request.headers.get("user-agent")||"Unknown Browser";d.info("[AUTH] Parsed device info",{ipAddress:B,userAgent:W});let G=We(W,B,Y);try{if(!O(B)){let rn=await fetch(`http://ip-api.com/json/${B}?fields=country,city`);if(rn.ok){let Hn=await rn.json();if(Hn.country)G.locationCountry=Hn.country;if(Hn.city)G.locationCity=Hn.city}}}catch{}let j=[],N=[],x=n.userRolesTable,I=n.rolesTable,Q=n.roleClaimsTable,v=n.claimsTable;if(f&&x&&I)try{let{eq:rn,inArray:Hn}=await import("drizzle-orm"),Kn=(await f.select().from(x).where(rn(x.userId,D.id))).map((Lr)=>Lr.roleId);if(Kn.length>0){if(j=(await f.select().from(I).where(Hn(I.id,Kn))).map((Fr)=>Fr.name),Q&&v){let Fr=await f.select().from(Q).innerJoin(v,rn(Q.claimId,v.id)).where(Hn(Q.roleId,Kn)),wr=new Set;for(let dr of Fr){let Sa=dr.claims?.action;if(Sa)wr.add(Sa)}N=Array.from(wr)}}}catch{}let C=t(D.id,j.length>0?j:void 0,N.length>0?N:void 0),y=o(D.id),p=m.request.headers.get("origin")||m.request.headers.get("referer")?.replace(/\/[^/]*$/,"")||void 0,F={userId:D.id,deviceInfo:G,loginMethod:"password",rememberMe:h,requestOrigin:p},nn=await c(F),cn=!1,hn=nn;if(i){let rn=await i(nn,F);if(rn?.requiresApproval){if(cn=!0,rn.sessionId)hn=rn.sessionId}}if(cn)return m.set.status=202,new Response(JSON.stringify({success:!1,requiresApproval:!0,sessionId:hn,message:"Login requires approval. Please check your email to approve this device."}),{status:202,headers:{"Content-Type":"application/json"}});d.info("[AUTH] Login successful",{userId:D.id,email:_,rememberMe:h}),await d.audit({entityName:"users",entityId:D.id,operation:"LOGIN",userId:D.id,summary:`${_} logged in successfully`,ipAddress:B,userAgent:W,path:R.pathname,query:R.search});let dn={accessToken:{setHeadersEnabled:e?.accessToken?.setHeadersEnabled??!0,returnJson:e?.accessToken?.returnJson??!0},refreshToken:{setHeadersEnabled:e?.refreshToken?.setHeadersEnabled??!0,returnJson:e?.refreshToken?.returnJson??!0},sessionToken:{setHeadersEnabled:e?.sessionToken?.setHeadersEnabled??!0,returnJson:e?.sessionToken?.returnJson??!0}},On=g.secure?"; Secure":"",vn=g.domain?`; Domain=${g.domain}`:"",ln=`; Path=${g.path}; HttpOnly; SameSite=${g.sameSite}${On}${vn}`,gr=[];if(dn.accessToken.setHeadersEnabled)gr.push(`${g.accessTokenName}=${C}${ln}; Max-Age=${g.accessTokenMaxAge}`);if(dn.refreshToken.setHeadersEnabled)gr.push(`${g.refreshTokenName}=${y}${ln}; Max-Age=${g.refreshTokenMaxAge}`);if(dn.sessionToken.setHeadersEnabled)gr.push(`${g.sessionTokenName}=${nn}${ln}; Max-Age=${g.sessionTokenMaxAge}`);m.set.headers["x-session-id"]=nn;let ot={user:{id:D.id,email:D.email}};if(dn.accessToken.returnJson)ot.accessToken=C;if(dn.refreshToken.returnJson)ot.refreshToken=y;if(dn.sessionToken.returnJson)ot.sessionId=nn;let Gn=JSON.stringify({success:!0,data:ot}),Yn=new Headers;Yn.set("Content-Type","application/json"),Yn.set("x-session-id",nn);for(let rn of gr)Yn.append("Set-Cookie",rn);return new Response(Gn,{status:200,headers:Yn})},{body:Zf,detail:{tags:["Authentication"],summary:"Login",description:"Authenticate user with email and password"}}),u}var yf=b(()=>{pf();Ve();pf()});function Jg(n){let r=n?.path||"/",t=n?.sameSite||"Strict",o=n?.secure!==!1?"; Secure":"",c=n?.domain?`; Domain=${n.domain}`:"",i=n?.accessTokenName||"access_token",a=n?.refreshTokenName||"refresh_token",e=n?.sessionTokenName||"session_token",s=`; Path=${r}; HttpOnly; SameSite=${t}${o}${c}; Max-Age=0`;return{"Set-Cookie":[`${i}=${s}`,`${a}=${s}`,`${e}=${s}`].join(", ")}}import{t as Je}from"elysia";var j3;var Xg=b(()=>{j3=Je.Object({success:Je.Boolean(),message:Je.Optional(Je.String())})});import{Elysia as K3}from"elysia";function Xe(n,r,t,o,c){let{logger:i}=n,a=r.route||"/auth/logout",e=new K3;if(!r.enabled)return e;return e.post(a,async(s)=>{let f=s.request.headers.get("x-session-id"),d=s.request.headers.get("x-user-id");if(f){if(await t(f),o)await o(f,"user_logout")}let l=Jg(c);for(let[g,u]of Object.entries(l))s.set.headers[g]=u;i.info("[AUTH] Logout successful",{userId:d,sessionId:f});let w=new URL(s.request.url);return i.audit({entityName:"users",entityId:d||void 0,operation:"LOGOUT",userId:d||void 0,summary:`User logged out${f?` (session: ${f.substring(0,8)}...)`:""}`,ipAddress:s.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||s.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:s.request.headers.get("user-agent")||"unknown",path:w.pathname,query:w.search}),{success:!0,message:"Logged out successfully"}},{detail:{tags:["Authentication"],summary:"Logout",description:"Logout and invalidate session"}}),e}var Tf=b(()=>{Xg()});var Ur={};go(Ur,{IsUndefined:()=>ir,IsUint8Array:()=>co,IsSymbol:()=>cl,IsString:()=>xn,IsRegExp:()=>Zi,IsObject:()=>Jn,IsNumber:()=>Zr,IsNull:()=>ol,IsIterator:()=>tl,IsFunction:()=>rl,IsDate:()=>ic,IsBoolean:()=>oo,IsBigInt:()=>vi,IsAsyncIterator:()=>nl,IsArray:()=>cr,HasPropertyKey:()=>Le});function Le(n,r){return r in n}function nl(n){return Jn(n)&&!cr(n)&&!co(n)&&Symbol.asyncIterator in n}function cr(n){return Array.isArray(n)}function vi(n){return typeof n==="bigint"}function oo(n){return typeof n==="boolean"}function ic(n){return n instanceof globalThis.Date}function rl(n){return typeof n==="function"}function tl(n){return Jn(n)&&!cr(n)&&!co(n)&&Symbol.iterator in n}function ol(n){return n===null}function Zr(n){return typeof n==="number"}function Jn(n){return typeof n==="object"&&n!==null}function Zi(n){return n instanceof globalThis.RegExp}function xn(n){return typeof n==="string"}function cl(n){return typeof n==="symbol"}function co(n){return n instanceof globalThis.Uint8Array}function ir(n){return n===void 0}function v3(n){return n.map((r)=>Qe(r))}function Z3(n){return new Date(n.getTime())}function p3(n){return new Uint8Array(n)}function I3(n){return new RegExp(n.source,n.flags)}function y3(n){let r={};for(let t of Object.getOwnPropertyNames(n))r[t]=Qe(n[t]);for(let t of Object.getOwnPropertySymbols(n))r[t]=Qe(n[t]);return r}function Qe(n){return cr(n)?v3(n):ic(n)?Z3(n):co(n)?p3(n):Zi(n)?I3(n):Jn(n)?y3(n):n}function Fn(n){return Qe(n)}var Or=()=>{};function Zc(n,r){return r===void 0?Fn(n):Fn({...r,...n})}var Oe=b(()=>{Or()});var il=b(()=>{Oe();Or()});function Lg(n){return n!==null&&typeof n==="object"}function Qg(n){return globalThis.Array.isArray(n)&&!globalThis.ArrayBuffer.isView(n)}function Og(n){return n===void 0}function Gg(n){return typeof n==="number"}var Ng=()=>{};var Ge;var xg=b(()=>{Ng();(function(n){n.InstanceMode="default",n.ExactOptionalPropertyTypes=!1,n.AllowArrayObject=!1,n.AllowNaN=!1,n.AllowNullVoid=!1;function r(a,e){return n.ExactOptionalPropertyTypes?e in a:a[e]!==void 0}n.IsExactOptionalProperty=r;function t(a){let e=Lg(a);return n.AllowArrayObject?e:e&&!Qg(a)}n.IsObjectLike=t;function o(a){return t(a)&&!(a instanceof Date)&&!(a instanceof Uint8Array)}n.IsRecordLike=o;function c(a){return n.AllowNaN?Gg(a):Number.isFinite(a)}n.IsNumberLike=c;function i(a){let e=Og(a);return n.AllowNullVoid?e||a===null:e}n.IsVoidLike=i})(Ge||(Ge={}))});function T3(n){return globalThis.Object.freeze(n).map((r)=>pi(r))}function nA(n){return n}function rA(n){return n}function tA(n){return n}function oA(n){let r={};for(let t of Object.getOwnPropertyNames(n))r[t]=pi(n[t]);for(let t of Object.getOwnPropertySymbols(n))r[t]=pi(n[t]);return globalThis.Object.freeze(r)}function pi(n){return cr(n)?T3(n):ic(n)?nA(n):co(n)?rA(n):Zi(n)?tA(n):Jn(n)?oA(n):n}var Pg=()=>{};function J(n,r){let t=r!==void 0?{...r,...n}:n;switch(Ge.InstanceMode){case"freeze":return pi(t);case"clone":return Fn(t);default:return t}}var en=b(()=>{xg();Pg();Or()});var io=b(()=>{en()});var Dr;var Cg=b(()=>{Dr=class Dr extends Error{constructor(n){super(n)}}});var Gt=b(()=>{Cg()});var er,Rt,kr,st,q;var Ii=b(()=>{er=Symbol.for("TypeBox.Transform"),Rt=Symbol.for("TypeBox.Readonly"),kr=Symbol.for("TypeBox.Optional"),st=Symbol.for("TypeBox.Hint"),q=Symbol.for("TypeBox.Kind")});var fn=b(()=>{Ii()});function pc(n){return Jn(n)&&n[Rt]==="Readonly"}function Gr(n){return Jn(n)&&n[kr]==="Optional"}function al(n){return An(n,"Any")}function el(n){return An(n,"Argument")}function Dt(n){return An(n,"Array")}function ac(n){return An(n,"AsyncIterator")}function ec(n){return An(n,"BigInt")}function ao(n){return An(n,"Boolean")}function kt(n){return An(n,"Computed")}function Mt(n){return An(n,"Constructor")}function cA(n){return An(n,"Date")}function Ht(n){return An(n,"Function")}function zt(n){return An(n,"Integer")}function pn(n){return An(n,"Intersect")}function sc(n){return An(n,"Iterator")}function An(n,r){return Jn(n)&&q in n&&n[q]===r}function Ne(n){return oo(n)||Zr(n)||xn(n)}function pr(n){return An(n,"Literal")}function Ir(n){return An(n,"MappedKey")}function jn(n){return An(n,"MappedResult")}function Vo(n){return An(n,"Never")}function iA(n){return An(n,"Not")}function yi(n){return An(n,"Null")}function Bt(n){return An(n,"Number")}function ar(n){return An(n,"Object")}function fc(n){return An(n,"Promise")}function lc(n){return An(n,"Record")}function rr(n){return An(n,"Ref")}function sl(n){return An(n,"RegExp")}function eo(n){return An(n,"String")}function Ti(n){return An(n,"Symbol")}function yr(n){return An(n,"TemplateLiteral")}function aA(n){return An(n,"This")}function Yo(n){return Jn(n)&&er in n}function Tr(n){return An(n,"Tuple")}function na(n){return An(n,"Undefined")}function En(n){return An(n,"Union")}function eA(n){return An(n,"Uint8Array")}function sA(n){return An(n,"Unknown")}function fA(n){return An(n,"Unsafe")}function lA(n){return An(n,"Void")}function _A(n){return Jn(n)&&q in n&&xn(n[q])}function nt(n){return al(n)||el(n)||Dt(n)||ao(n)||ec(n)||ac(n)||kt(n)||Mt(n)||cA(n)||Ht(n)||zt(n)||pn(n)||sc(n)||pr(n)||Ir(n)||jn(n)||Vo(n)||iA(n)||yi(n)||Bt(n)||ar(n)||fc(n)||lc(n)||rr(n)||sl(n)||eo(n)||Ti(n)||yr(n)||aA(n)||Tr(n)||na(n)||En(n)||eA(n)||sA(n)||fA(n)||lA(n)||_A(n)}var kn=b(()=>{fn()});var k={};go(k,{TypeGuardUnknownTypeError:()=>qg,IsVoid:()=>Ww,IsUnsafe:()=>Uw,IsUnknown:()=>Bw,IsUnionLiteral:()=>AA,IsUnion:()=>_l,IsUndefined:()=>Hw,IsUint8Array:()=>zw,IsTuple:()=>Mw,IsTransform:()=>kw,IsThis:()=>Dw,IsTemplateLiteral:()=>Rw,IsSymbol:()=>Sw,IsString:()=>Ew,IsSchema:()=>Ar,IsRegExp:()=>Aw,IsRef:()=>$w,IsRecursive:()=>$A,IsRecord:()=>hw,IsReadonly:()=>gA,IsProperties:()=>xe,IsPromise:()=>mw,IsOptional:()=>wA,IsObject:()=>ww,IsNumber:()=>gw,IsNull:()=>bw,IsNot:()=>uw,IsNever:()=>dw,IsMappedResult:()=>_w,IsMappedKey:()=>lw,IsLiteralValue:()=>fw,IsLiteralString:()=>ew,IsLiteralNumber:()=>sw,IsLiteralBoolean:()=>hA,IsLiteral:()=>ta,IsKindOf:()=>mn,IsKind:()=>Vw,IsIterator:()=>aw,IsIntersect:()=>iw,IsInteger:()=>cw,IsImport:()=>mA,IsFunction:()=>ow,IsDate:()=>tw,IsConstructor:()=>rw,IsComputed:()=>nw,IsBoolean:()=>Tg,IsBigInt:()=>yg,IsAsyncIterator:()=>Ig,IsArray:()=>pg,IsArgument:()=>Zg,IsAny:()=>vg});function Fg(n){try{return new RegExp(n),!0}catch{return!1}}function fl(n){if(!xn(n))return!1;for(let r=0;r<n.length;r++){let t=n.charCodeAt(r);if(t>=7&&t<=13||t===27||t===127)return!1}return!0}function jg(n){return ll(n)||Ar(n)}function ra(n){return ir(n)||vi(n)}function Pn(n){return ir(n)||Zr(n)}function ll(n){return ir(n)||oo(n)}function Xn(n){return ir(n)||xn(n)}function uA(n){return ir(n)||xn(n)&&fl(n)&&Fg(n)}function bA(n){return ir(n)||xn(n)&&fl(n)}function Kg(n){return ir(n)||Ar(n)}function gA(n){return Jn(n)&&n[Rt]==="Readonly"}function wA(n){return Jn(n)&&n[kr]==="Optional"}function vg(n){return mn(n,"Any")&&Xn(n.$id)}function Zg(n){return mn(n,"Argument")&&Zr(n.index)}function pg(n){return mn(n,"Array")&&n.type==="array"&&Xn(n.$id)&&Ar(n.items)&&Pn(n.minItems)&&Pn(n.maxItems)&&ll(n.uniqueItems)&&Kg(n.contains)&&Pn(n.minContains)&&Pn(n.maxContains)}function Ig(n){return mn(n,"AsyncIterator")&&n.type==="AsyncIterator"&&Xn(n.$id)&&Ar(n.items)}function yg(n){return mn(n,"BigInt")&&n.type==="bigint"&&Xn(n.$id)&&ra(n.exclusiveMaximum)&&ra(n.exclusiveMinimum)&&ra(n.maximum)&&ra(n.minimum)&&ra(n.multipleOf)}function Tg(n){return mn(n,"Boolean")&&n.type==="boolean"&&Xn(n.$id)}function nw(n){return mn(n,"Computed")&&xn(n.target)&&cr(n.parameters)&&n.parameters.every((r)=>Ar(r))}function rw(n){return mn(n,"Constructor")&&n.type==="Constructor"&&Xn(n.$id)&&cr(n.parameters)&&n.parameters.every((r)=>Ar(r))&&Ar(n.returns)}function tw(n){return mn(n,"Date")&&n.type==="Date"&&Xn(n.$id)&&Pn(n.exclusiveMaximumTimestamp)&&Pn(n.exclusiveMinimumTimestamp)&&Pn(n.maximumTimestamp)&&Pn(n.minimumTimestamp)&&Pn(n.multipleOfTimestamp)}function ow(n){return mn(n,"Function")&&n.type==="Function"&&Xn(n.$id)&&cr(n.parameters)&&n.parameters.every((r)=>Ar(r))&&Ar(n.returns)}function mA(n){return mn(n,"Import")&&Le(n,"$defs")&&Jn(n.$defs)&&xe(n.$defs)&&Le(n,"$ref")&&xn(n.$ref)&&n.$ref in n.$defs}function cw(n){return mn(n,"Integer")&&n.type==="integer"&&Xn(n.$id)&&Pn(n.exclusiveMaximum)&&Pn(n.exclusiveMinimum)&&Pn(n.maximum)&&Pn(n.minimum)&&Pn(n.multipleOf)}function xe(n){return Jn(n)&&Object.entries(n).every(([r,t])=>fl(r)&&Ar(t))}function iw(n){return mn(n,"Intersect")&&(xn(n.type)&&n.type!=="object"?!1:!0)&&cr(n.allOf)&&n.allOf.every((r)=>Ar(r)&&!kw(r))&&Xn(n.type)&&(ll(n.unevaluatedProperties)||Kg(n.unevaluatedProperties))&&Xn(n.$id)}function aw(n){return mn(n,"Iterator")&&n.type==="Iterator"&&Xn(n.$id)&&Ar(n.items)}function mn(n,r){return Jn(n)&&q in n&&n[q]===r}function ew(n){return ta(n)&&xn(n.const)}function sw(n){return ta(n)&&Zr(n.const)}function hA(n){return ta(n)&&oo(n.const)}function ta(n){return mn(n,"Literal")&&Xn(n.$id)&&fw(n.const)}function fw(n){return oo(n)||Zr(n)||xn(n)}function lw(n){return mn(n,"MappedKey")&&cr(n.keys)&&n.keys.every((r)=>Zr(r)||xn(r))}function _w(n){return mn(n,"MappedResult")&&xe(n.properties)}function dw(n){return mn(n,"Never")&&Jn(n.not)&&Object.getOwnPropertyNames(n.not).length===0}function uw(n){return mn(n,"Not")&&Ar(n.not)}function bw(n){return mn(n,"Null")&&n.type==="null"&&Xn(n.$id)}function gw(n){return mn(n,"Number")&&n.type==="number"&&Xn(n.$id)&&Pn(n.exclusiveMaximum)&&Pn(n.exclusiveMinimum)&&Pn(n.maximum)&&Pn(n.minimum)&&Pn(n.multipleOf)}function ww(n){return mn(n,"Object")&&n.type==="object"&&Xn(n.$id)&&xe(n.properties)&&jg(n.additionalProperties)&&Pn(n.minProperties)&&Pn(n.maxProperties)}function mw(n){return mn(n,"Promise")&&n.type==="Promise"&&Xn(n.$id)&&Ar(n.item)}function hw(n){return mn(n,"Record")&&n.type==="object"&&Xn(n.$id)&&jg(n.additionalProperties)&&Jn(n.patternProperties)&&((r)=>{let t=Object.getOwnPropertyNames(r.patternProperties);return t.length===1&&Fg(t[0])&&Jn(r.patternProperties)&&Ar(r.patternProperties[t[0]])})(n)}function $A(n){return Jn(n)&&st in n&&n[st]==="Recursive"}function $w(n){return mn(n,"Ref")&&Xn(n.$id)&&xn(n.$ref)}function Aw(n){return mn(n,"RegExp")&&Xn(n.$id)&&xn(n.source)&&xn(n.flags)&&Pn(n.maxLength)&&Pn(n.minLength)}function Ew(n){return mn(n,"String")&&n.type==="string"&&Xn(n.$id)&&Pn(n.minLength)&&Pn(n.maxLength)&&uA(n.pattern)&&bA(n.format)}function Sw(n){return mn(n,"Symbol")&&n.type==="symbol"&&Xn(n.$id)}function Rw(n){return mn(n,"TemplateLiteral")&&n.type==="string"&&xn(n.pattern)&&n.pattern[0]==="^"&&n.pattern[n.pattern.length-1]==="$"}function Dw(n){return mn(n,"This")&&Xn(n.$id)&&xn(n.$ref)}function kw(n){return Jn(n)&&er in n}function Mw(n){return mn(n,"Tuple")&&n.type==="array"&&Xn(n.$id)&&Zr(n.minItems)&&Zr(n.maxItems)&&n.minItems===n.maxItems&&(ir(n.items)&&ir(n.additionalItems)&&n.minItems===0||cr(n.items)&&n.items.every((r)=>Ar(r)))}function Hw(n){return mn(n,"Undefined")&&n.type==="undefined"&&Xn(n.$id)}function AA(n){return _l(n)&&n.anyOf.every((r)=>ew(r)||sw(r))}function _l(n){return mn(n,"Union")&&Xn(n.$id)&&Jn(n)&&cr(n.anyOf)&&n.anyOf.every((r)=>Ar(r))}function zw(n){return mn(n,"Uint8Array")&&n.type==="Uint8Array"&&Xn(n.$id)&&Pn(n.minByteLength)&&Pn(n.maxByteLength)}function Bw(n){return mn(n,"Unknown")&&Xn(n.$id)}function Uw(n){return mn(n,"Unsafe")}function Ww(n){return mn(n,"Void")&&n.type==="void"&&Xn(n.$id)}function Vw(n){return Jn(n)&&q in n&&xn(n[q])&&!dA.includes(n[q])}function Ar(n){return Jn(n)&&(vg(n)||Zg(n)||pg(n)||Tg(n)||yg(n)||Ig(n)||nw(n)||rw(n)||tw(n)||ow(n)||cw(n)||iw(n)||aw(n)||ta(n)||lw(n)||_w(n)||dw(n)||uw(n)||bw(n)||gw(n)||ww(n)||mw(n)||hw(n)||$w(n)||Aw(n)||Ew(n)||Sw(n)||Rw(n)||Dw(n)||Mw(n)||Hw(n)||_l(n)||zw(n)||Bw(n)||Uw(n)||Ww(n)||Vw(n))}var qg,dA;var Yw=b(()=>{fn();Gt();qg=class qg extends Dr{};dA=["Argument","Any","Array","AsyncIterator","BigInt","Boolean","Computed","Constructor","Date","Enum","Function","Integer","Intersect","Iterator","Literal","MappedKey","MappedResult","Not","Null","Number","Object","Promise","Record","Ref","RegExp","String","Symbol","TemplateLiteral","This","Tuple","Undefined","Union","Uint8Array","Unknown","Void"]});var dl=b(()=>{kn();Yw()});var Jw=()=>{};var Xw="(true|false)",Pe="(0|[1-9][0-9]*)",Lw="(.*)",Jo="^(0|[1-9][0-9]*)$",Xo="^(.*)$",Qw="^(?!.*)$";var oa=()=>{};var Ow=()=>{};var Gw=()=>{};var Nw=b(()=>{Ow();Gw()});function xw(n,r){return n.includes(r)}function Pw(n){return[...new Set(n)]}function RA(n,r){return n.filter((t)=>r.includes(t))}function DA(n,r){return n.reduce((t,o)=>{return RA(t,o)},r)}function Cw(n){return n.length===1?n[0]:n.length>1?DA(n.slice(1),n[0]):[]}function qw(n){let r=[];for(let t of n)r.push(...t);return r}var ca=()=>{};function Lo(n){return J({[q]:"Any"},n)}var Fw=b(()=>{io();fn()});var ia=b(()=>{Fw()});function Ic(n,r){return J({[q]:"Array",type:"array",items:n},r)}var jw=b(()=>{en();fn()});var aa=b(()=>{jw()});function Kw(n){return J({[q]:"Argument",index:n})}var vw=b(()=>{en();fn()});var ul=b(()=>{vw()});function yc(n,r){return J({[q]:"AsyncIterator",type:"AsyncIterator",items:n},r)}var Zw=b(()=>{fn();en()});var ea=b(()=>{Zw()});function Cn(n,r,t){return J({[q]:"Computed",target:n,parameters:r},t)}var pw=b(()=>{io();Ii()});var Qo=b(()=>{pw()});function kA(n,r){let{[r]:t,...o}=n;return o}function In(n,r){return r.reduce((t,o)=>kA(t,o),n)}var fo=()=>{};function Sn(n){return J({[q]:"Never",not:{}},n)}var Iw=b(()=>{en();fn()});var Mr=b(()=>{Iw()});var yw=()=>{};function Mn(n){return J({[q]:"MappedResult",properties:n})}var bl=b(()=>{en();fn()});function Tc(n,r,t){return J({[q]:"Constructor",type:"Constructor",parameters:n,returns:r},t)}var Tw=b(()=>{en();fn()});var sa=b(()=>{Tw()});function Nt(n,r,t){return J({[q]:"Function",type:"Function",parameters:n,returns:r},t)}var n1=b(()=>{en();fn()});var _c=b(()=>{n1()});function fa(n,r){return J({[q]:"Union",anyOf:n},r)}var gl=b(()=>{en();fn()});function MA(n){return n.some((r)=>Gr(r))}function r1(n){return n.map((r)=>Gr(r)?HA(r):r)}function HA(n){return In(n,[kr])}function zA(n,r){return MA(n)?Wr(fa(r1(n),r)):fa(r1(n),r)}function xt(n,r){return n.length===1?J(n[0],r):n.length===0?Sn(r):zA(n,r)}var t1=b(()=>{en();fn();fo();Mr();lo();gl();kn()});var o1=()=>{};function Wn(n,r){return n.length===0?Sn(r):n.length===1?J(n[0],r):fa(n,r)}var c1=b(()=>{Mr();en();gl()});var sr=b(()=>{t1();o1();c1()});function BA(n){return n.replace(/\\\$/g,"$").replace(/\\\*/g,"*").replace(/\\\^/g,"^").replace(/\\\|/g,"|").replace(/\\\(/g,"(").replace(/\\\)/g,")")}function ml(n,r,t){return n[r]===t&&n.charCodeAt(r-1)!==92}function _o(n,r){return ml(n,r,"(")}function la(n,r){return ml(n,r,")")}function i1(n,r){return ml(n,r,"|")}function UA(n){if(!(_o(n,0)&&la(n,n.length-1)))return!1;let r=0;for(let t=0;t<n.length;t++){if(_o(n,t))r+=1;if(la(n,t))r-=1;if(r===0&&t!==n.length-1)return!1}return!0}function WA(n){return n.slice(1,n.length-1)}function VA(n){let r=0;for(let t=0;t<n.length;t++){if(_o(n,t))r+=1;if(la(n,t))r-=1;if(i1(n,t)&&r===0)return!0}return!1}function YA(n){for(let r=0;r<n.length;r++)if(_o(n,r))return!0;return!1}function JA(n){let[r,t]=[0,0],o=[];for(let i=0;i<n.length;i++){if(_o(n,i))r+=1;if(la(n,i))r-=1;if(i1(n,i)&&r===0){let a=n.slice(t,i);if(a.length>0)o.push(ni(a));t=i+1}}let c=n.slice(t);if(c.length>0)o.push(ni(c));if(o.length===0)return{type:"const",const:""};if(o.length===1)return o[0];return{type:"or",expr:o}}function XA(n){function r(c,i){if(!_o(c,i))throw new wl("TemplateLiteralParser: Index must point to open parens");let a=0;for(let e=i;e<c.length;e++){if(_o(c,e))a+=1;if(la(c,e))a-=1;if(a===0)return[i,e]}throw new wl("TemplateLiteralParser: Unclosed group parens in expression")}function t(c,i){for(let a=i;a<c.length;a++)if(_o(c,a))return[i,a];return[i,c.length]}let o=[];for(let c=0;c<n.length;c++)if(_o(n,c)){let[i,a]=r(n,c),e=n.slice(i,a+1);o.push(ni(e)),c=a}else{let[i,a]=t(n,c),e=n.slice(i,a);if(e.length>0)o.push(ni(e));c=a-1}return o.length===0?{type:"const",const:""}:o.length===1?o[0]:{type:"and",expr:o}}function ni(n){return UA(n)?ni(WA(n)):VA(n)?JA(n):YA(n)?XA(n):{type:"const",const:BA(n)}}function ri(n){return ni(n.slice(1,n.length-1))}var wl;var Ce=b(()=>{Gt();wl=class wl extends Dr{}});function LA(n){return n.type==="or"&&n.expr.length===2&&n.expr[0].type==="const"&&n.expr[0].const==="0"&&n.expr[1].type==="const"&&n.expr[1].const==="[1-9][0-9]*"}function QA(n){return n.type==="or"&&n.expr.length===2&&n.expr[0].type==="const"&&n.expr[0].const==="true"&&n.expr[1].type==="const"&&n.expr[1].const==="false"}function OA(n){return n.type==="const"&&n.const===".*"}function dc(n){return LA(n)||OA(n)?!1:QA(n)?!0:n.type==="and"?n.expr.every((r)=>dc(r)):n.type==="or"?n.expr.every((r)=>dc(r)):n.type==="const"?!0:(()=>{throw new a1("Unknown expression type")})()}function e1(n){let r=ri(n.pattern);return dc(r)}var a1;var hl=b(()=>{Ce();Gt();a1=class a1 extends Dr{}});function*f1(n){if(n.length===1)return yield*n[0];for(let r of n[0])for(let t of f1(n.slice(1)))yield`${r}${t}`}function*GA(n){return yield*f1(n.expr.map((r)=>[..._a(r)]))}function*NA(n){for(let r of n.expr)yield*_a(r)}function*xA(n){return yield n.const}function*_a(n){return n.type==="and"?yield*GA(n):n.type==="or"?yield*NA(n):n.type==="const"?yield*xA(n):(()=>{throw new s1("Unknown expression")})()}function qe(n){let r=ri(n.pattern);return dc(r)?[..._a(r)]:[]}var s1;var $l=b(()=>{hl();Ce();Gt();s1=class s1 extends Dr{}});function zn(n,r){return J({[q]:"Literal",const:n,type:typeof n},r)}var l1=b(()=>{en();fn()});var Nr=b(()=>{l1()});function Fe(n){return J({[q]:"Boolean",type:"boolean"},n)}var _1=b(()=>{fn();io()});var je=b(()=>{_1()});function ti(n){return J({[q]:"BigInt",type:"bigint"},n)}var d1=b(()=>{fn();io()});var da=b(()=>{d1()});function ft(n){return J({[q]:"Number",type:"number"},n)}var u1=b(()=>{en();fn()});var uc=b(()=>{u1()});function Ut(n){return J({[q]:"String",type:"string"},n)}var b1=b(()=>{en();fn()});var oi=b(()=>{b1()});function*PA(n){let r=n.trim().replace(/"|'/g,"");return r==="boolean"?yield Fe():r==="number"?yield ft():r==="bigint"?yield ti():r==="string"?yield Ut():yield(()=>{let t=r.split("|").map((o)=>zn(o.trim()));return t.length===0?Sn():t.length===1?t[0]:xt(t)})()}function*CA(n){if(n[1]!=="{"){let r=zn("$"),t=Al(n.slice(1));return yield*[r,...t]}for(let r=2;r<n.length;r++)if(n[r]==="}"){let t=PA(n.slice(2,r)),o=Al(n.slice(r+1));return yield*[...t,...o]}yield zn(n)}function*Al(n){for(let r=0;r<n.length;r++)if(n[r]==="$"){let t=zn(n.slice(0,r)),o=CA(n.slice(r));return yield*[t,...o]}yield zn(n)}function g1(n){return[...Al(n)]}var El=b(()=>{Nr();je();da();uc();oi();sr();Mr()});function qA(n){return n.replace(/[.*+?^${}()|[\]\\]/g,"\\$&")}function m1(n,r){return yr(n)?n.pattern.slice(1,n.pattern.length-1):En(n)?`(${n.anyOf.map((t)=>m1(t,r)).join("|")})`:Bt(n)?`${r}${Pe}`:zt(n)?`${r}${Pe}`:ec(n)?`${r}${Pe}`:eo(n)?`${r}${Lw}`:pr(n)?`${r}${qA(n.const.toString())}`:ao(n)?`${r}${Xw}`:(()=>{throw new w1(`Unexpected Kind '${n[q]}'`)})()}function Sl(n){return`^${n.map((r)=>m1(r,"")).join("")}$`}var w1;var Rl=b(()=>{oa();fn();Gt();kn();w1=class w1 extends Dr{}});function bc(n){let t=qe(n).map((o)=>zn(o));return xt(t)}var h1=b(()=>{sr();Nr();$l()});function Ke(n,r){let t=xn(n)?Sl(g1(n)):Sl(n);return J({[q]:"TemplateLiteral",type:"string",pattern:t},r)}var $1=b(()=>{en();El();Rl();fn()});var uo=b(()=>{hl();$l();El();Ce();Rl();h1();$1()});function FA(n){return qe(n).map((t)=>t.toString())}function jA(n){let r=[];for(let t of n)r.push(...xr(t));return r}function KA(n){return[n.toString()]}function xr(n){return[...new Set(yr(n)?FA(n):En(n)?jA(n.anyOf):pr(n)?KA(n.const):Bt(n)?["[number]"]:zt(n)?["[number]"]:[])]}var ve=b(()=>{uo();kn()});function vA(n,r,t){let o={};for(let c of Object.getOwnPropertyNames(r))o[c]=Oo(n,xr(r[c]),t);return o}function ZA(n,r,t){return vA(n,r.properties,t)}function A1(n,r,t){let o=ZA(n,r,t);return Mn(o)}var Dl=b(()=>{br();ve();Pt()});function S1(n,r){return n.map((t)=>R1(t,r))}function pA(n){return n.filter((r)=>!Vo(r))}function IA(n,r){return Ze(pA(S1(n,r)))}function yA(n){return n.some((r)=>Vo(r))?[]:n}function TA(n,r){return xt(yA(S1(n,r)))}function nE(n,r){return r in n?n[r]:r==="[number]"?xt(n):Sn()}function rE(n,r){return r==="[number]"?n:Sn()}function tE(n,r){return r in n?n[r]:Sn()}function R1(n,r){return pn(n)?IA(n.allOf,r):En(n)?TA(n.anyOf,r):Tr(n)?nE(n.items??[],r):Dt(n)?rE(n.items,r):ar(n)?tE(n.properties,r):Sn()}function kl(n,r){return r.map((t)=>R1(n,t))}function E1(n,r){return xt(kl(n,r))}function Oo(n,r,t){if(rr(n)||rr(r)){if(!nt(n)||!nt(r))throw new Dr("Index types using Ref parameters require both Type and Key to be of TSchema");return Cn("Index",[n,r])}if(jn(r))return A1(n,r,t);if(Ir(r))return D1(n,r,t);return J(nt(r)?E1(n,xr(r)):E1(n,r),t)}var Ml=b(()=>{en();Gt();Qo();Mr();lt();sr();ve();Hl();Dl();kn()});function oE(n,r,t){return{[r]:Oo(n,[r],Fn(t))}}function cE(n,r,t){return r.reduce((o,c)=>{return{...o,...oE(n,c,t)}},{})}function iE(n,r,t){return cE(n,r.keys,t)}function D1(n,r,t){let o=iE(n,r,t);return Mn(o)}var Hl=b(()=>{Ml();br();Or()});var Pt=b(()=>{Hl();Dl();ve();Ml()});function ci(n,r){return J({[q]:"Iterator",type:"Iterator",items:n},r)}var k1=b(()=>{en();fn()});var ua=b(()=>{k1()});function aE(n){return globalThis.Object.keys(n).filter((r)=>!Gr(n[r]))}function eE(n,r){let t=aE(n),o=t.length>0?{[q]:"Object",type:"object",required:t,properties:n}:{[q]:"Object",type:"object",properties:n};return J(o,r)}var Ln;var M1=b(()=>{en();fn();kn();Ln=eE});var rt=b(()=>{M1()});function pe(n,r){return J({[q]:"Promise",type:"Promise",item:n},r)}var H1=b(()=>{en();fn()});var Ie=b(()=>{H1()});function sE(n){return J(In(n,[Rt]))}function fE(n){return J({...n,[Rt]:"Readonly"})}function lE(n,r){return r===!1?sE(n):fE(n)}function Pr(n,r){let t=r??!0;return jn(n)?z1(n,t):lE(n,t)}var zl=b(()=>{en();fn();fo();Bl();kn()});function _E(n,r){let t={};for(let o of globalThis.Object.getOwnPropertyNames(n))t[o]=Pr(n[o],r);return t}function dE(n,r){return _E(n.properties,r)}function z1(n,r){let t=dE(n,r);return Mn(t)}var Bl=b(()=>{br();zl()});var gc=b(()=>{Bl();zl()});function _t(n,r){return J(n.length>0?{[q]:"Tuple",type:"array",items:n,additionalItems:!1,minItems:n.length,maxItems:n.length}:{[q]:"Tuple",type:"array",minItems:n.length,maxItems:n.length},r)}var B1=b(()=>{en();fn()});var Go=b(()=>{B1()});function U1(n,r){return n in r?dt(n,r[n]):Mn(r)}function uE(n){return{[n]:zn(n)}}function bE(n){let r={};for(let t of n)r[t]=zn(t);return r}function gE(n,r){return xw(r,n)?uE(n):bE(r)}function wE(n,r){let t=gE(n,r);return U1(n,t)}function ba(n,r){return r.map((t)=>dt(n,t))}function mE(n,r){let t={};for(let o of globalThis.Object.getOwnPropertyNames(r))t[o]=dt(n,r[o]);return t}function dt(n,r){let t={...r};return Gr(r)?Wr(dt(n,In(r,[kr]))):pc(r)?Pr(dt(n,In(r,[Rt]))):jn(r)?U1(n,r.properties):Ir(r)?wE(n,r.keys):Mt(r)?Tc(ba(n,r.parameters),dt(n,r.returns),t):Ht(r)?Nt(ba(n,r.parameters),dt(n,r.returns),t):ac(r)?yc(dt(n,r.items),t):sc(r)?ci(dt(n,r.items),t):pn(r)?Vr(ba(n,r.allOf),t):En(r)?Wn(ba(n,r.anyOf),t):Tr(r)?_t(ba(n,r.items??[]),t):ar(r)?Ln(mE(n,r.properties),t):Dt(r)?Ic(dt(n,r.items),t):fc(r)?pe(dt(n,r.item),t):r}function hE(n,r){let t={};for(let o of n)t[o]=dt(o,r);return t}function W1(n,r,t){let o=nt(n)?xr(n):n,c=r({[q]:"MappedKey",keys:o}),i=hE(o,c);return Ln(i,t)}var V1=b(()=>{fn();fo();aa();ea();sa();_c();Pt();lt();ua();Nr();rt();lo();Ie();gc();Go();sr();ca();bl();kn()});var br=b(()=>{yw();bl();V1()});function $E(n){return J(In(n,[kr]))}function AE(n){return J({...n,[kr]:"Optional"})}function EE(n,r){return r===!1?$E(n):AE(n)}function Wr(n,r){let t=r??!0;return jn(n)?Y1(n,t):EE(n,t)}var Ul=b(()=>{en();fn();fo();Wl();kn()});function SE(n,r){let t={};for(let o of globalThis.Object.getOwnPropertyNames(n))t[o]=Wr(n[o],r);return t}function RE(n,r){return SE(n.properties,r)}function Y1(n,r){let t=RE(n,r);return Mn(t)}var Wl=b(()=>{br();Ul()});var lo=b(()=>{Wl();Ul()});function ga(n,r={}){let t=n.every((c)=>ar(c)),o=nt(r.unevaluatedProperties)?{unevaluatedProperties:r.unevaluatedProperties}:{};return J(r.unevaluatedProperties===!1||nt(r.unevaluatedProperties)||t?{...o,[q]:"Intersect",type:"object",allOf:n}:{...o,[q]:"Intersect",allOf:n},r)}var Vl=b(()=>{en();fn();kn()});function DE(n){return n.every((r)=>Gr(r))}function kE(n){return In(n,[kr])}function J1(n){return n.map((r)=>Gr(r)?kE(r):r)}function ME(n,r){return DE(n)?Wr(ga(J1(n),r)):ga(J1(n),r)}function Ze(n,r={}){if(n.length===1)return J(n[0],r);if(n.length===0)return Sn(r);if(n.some((t)=>Yo(t)))throw Error("Cannot intersect transform types");return ME(n,r)}var X1=b(()=>{fn();en();fo();Mr();lo();Vl();kn()});var L1=()=>{};function Vr(n,r){if(n.length===1)return J(n[0],r);if(n.length===0)return Sn(r);if(n.some((t)=>Yo(t)))throw Error("Cannot intersect transform types");return ga(n,r)}var Q1=b(()=>{en();Mr();Vl();kn()});var lt=b(()=>{X1();L1();Q1()});function Ct(...n){let[r,t]=typeof n[0]==="string"?[n[0],n[1]]:[n[0].$id,n[1]];if(typeof r!=="string")throw new Dr("Ref: $ref must be a string");return J({[q]:"Ref",$ref:r},t)}var O1=b(()=>{Gt();en();fn()});var wc=b(()=>{O1()});function HE(n,r){return Cn("Awaited",[Cn(n,r)])}function zE(n){return Cn("Awaited",[Ct(n)])}function BE(n){return Vr(G1(n))}function UE(n){return Wn(G1(n))}function WE(n){return ii(n)}function G1(n){return n.map((r)=>ii(r))}function ii(n,r){return J(kt(n)?HE(n.target,n.parameters):pn(n)?BE(n.allOf):En(n)?UE(n.anyOf):fc(n)?WE(n.item):rr(n)?zE(n.$ref):n,r)}var N1=b(()=>{en();Qo();lt();sr();wc();kn()});var ye=b(()=>{N1()});function x1(n){let r=[];for(let t of n)r.push(wa(t));return r}function VE(n){let r=x1(n);return qw(r)}function YE(n){let r=x1(n);return Cw(r)}function JE(n){return n.map((r,t)=>t.toString())}function XE(n){return["[number]"]}function LE(n){return globalThis.Object.getOwnPropertyNames(n)}function QE(n){if(!OE)return[];return globalThis.Object.getOwnPropertyNames(n).map((t)=>{return t[0]==="^"&&t[t.length-1]==="$"?t.slice(1,t.length-1):t})}function wa(n){return pn(n)?VE(n.allOf):En(n)?YE(n.anyOf):Tr(n)?JE(n.items??[]):Dt(n)?XE(n.items):ar(n)?LE(n.properties):lc(n)?QE(n.patternProperties):[]}var OE=!1;var Yl=b(()=>{ca();kn()});function GE(n,r){return Cn("KeyOf",[Cn(n,r)])}function NE(n){return Cn("KeyOf",[Ct(n)])}function xE(n,r){let t=wa(n),o=PE(t),c=xt(o);return J(c,r)}function PE(n){return n.map((r)=>r==="[number]"?ft():zn(r))}function ai(n,r){return kt(n)?GE(n.target,n.parameters):rr(n)?NE(n.$ref):jn(n)?P1(n,r):xE(n,r)}var Jl=b(()=>{en();Nr();uc();Qo();wc();Yl();sr();Xl();kn()});function CE(n,r){let t={};for(let o of globalThis.Object.getOwnPropertyNames(n))t[o]=ai(n[o],Fn(r));return t}function qE(n,r){return CE(n.properties,r)}function P1(n,r){let t=qE(n,r);return Mn(t)}var Xl=b(()=>{br();Jl();Or()});var C1=()=>{};var ma=b(()=>{Xl();C1();Yl();Jl()});function FE(n){let r=[];for(let t of n)r.push(...wa(t));return Pw(r)}function jE(n){return n.filter((r)=>!Vo(r))}function KE(n,r){let t=[];for(let o of n)t.push(...kl(o,[r]));return jE(t)}function vE(n,r){let t={};for(let o of r)t[o]=Ze(KE(n,o));return t}function q1(n,r){let t=FE(n),o=vE(n,t);return Ln(o,r)}var F1=b(()=>{lt();Pt();ma();rt();ca();kn()});var Ll=b(()=>{F1()});function Te(n){return J({[q]:"Date",type:"Date"},n)}var j1=b(()=>{fn();en()});var ns=b(()=>{j1()});function rs(n){return J({[q]:"Null",type:"null"},n)}var K1=b(()=>{en();fn()});var ts=b(()=>{K1()});function os(n){return J({[q]:"Symbol",type:"symbol"},n)}var v1=b(()=>{en();fn()});var cs=b(()=>{v1()});function is(n){return J({[q]:"Undefined",type:"undefined"},n)}var Z1=b(()=>{en();fn()});var as=b(()=>{Z1()});function es(n){return J({[q]:"Uint8Array",type:"Uint8Array"},n)}var p1=b(()=>{en();fn()});var ss=b(()=>{p1()});function No(n){return J({[q]:"Unknown"},n)}var I1=b(()=>{en();fn()});var ei=b(()=>{I1()});function ZE(n){return n.map((r)=>Ql(r,!1))}function pE(n){let r={};for(let t of globalThis.Object.getOwnPropertyNames(n))r[t]=Pr(Ql(n[t],!1));return r}function fs(n,r){return r===!0?n:Pr(n)}function Ql(n,r){return nl(n)?fs(Lo(),r):tl(n)?fs(Lo(),r):cr(n)?Pr(_t(ZE(n))):co(n)?es():ic(n)?Te():Jn(n)?fs(Ln(pE(n)),r):rl(n)?fs(Nt([],No()),r):ir(n)?is():ol(n)?rs():cl(n)?os():vi(n)?ti():Zr(n)?zn(n):oo(n)?zn(n):xn(n)?zn(n):Ln({})}function y1(n,r){return J(Ql(n,!0),r)}var T1=b(()=>{ia();da();ns();_c();Nr();ts();rt();cs();Go();gc();as();ss();ei();io()});var Ol=b(()=>{T1()});function nm(n,r){return Mt(n)?_t(n.parameters,r):Sn(r)}var rm=b(()=>{Go();Mr();kn()});var Gl=b(()=>{rm()});function tm(n,r){if(ir(n))throw Error("Enum undefined or empty");let t=globalThis.Object.getOwnPropertyNames(n).filter((i)=>isNaN(i)).map((i)=>n[i]),c=[...new Set(t)].map((i)=>zn(i));return Wn(c,{...r,[st]:"Enum"})}var om=b(()=>{Nr();fn();sr()});var Nl=b(()=>{om()});function ut(n){return n===X.False?n:X.True}function si(n){throw new sm(n)}function fr(n){return k.IsNever(n)||k.IsIntersect(n)||k.IsUnion(n)||k.IsUnknown(n)||k.IsAny(n)}function lr(n,r){return k.IsNever(r)?_m(n,r):k.IsIntersect(r)?ls(n,r):k.IsUnion(r)?Fl(n,r):k.IsUnknown(r)?gm(n,r):k.IsAny(r)?ql(n,r):si("StructuralRight")}function ql(n,r){return X.True}function IE(n,r){return k.IsIntersect(r)?ls(n,r):k.IsUnion(r)&&r.anyOf.some((t)=>k.IsAny(t)||k.IsUnknown(t))?X.True:k.IsUnion(r)?X.Union:k.IsUnknown(r)?X.True:k.IsAny(r)?X.True:X.Union}function yE(n,r){return k.IsUnknown(n)?X.False:k.IsAny(n)?X.Union:k.IsNever(n)?X.True:X.False}function TE(n,r){return k.IsObject(r)&&_s(r)?X.True:fr(r)?lr(n,r):!k.IsArray(r)?X.False:ut(Qn(n.items,r.items))}function n4(n,r){return fr(r)?lr(n,r):!k.IsAsyncIterator(r)?X.False:ut(Qn(n.items,r.items))}function r4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):k.IsBigInt(r)?X.True:X.False}function fm(n,r){return k.IsLiteralBoolean(n)?X.True:k.IsBoolean(n)?X.True:X.False}function t4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):k.IsBoolean(r)?X.True:X.False}function o4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):!k.IsConstructor(r)?X.False:n.parameters.length>r.parameters.length?X.False:!n.parameters.every((t,o)=>ut(Qn(r.parameters[o],t))===X.True)?X.False:ut(Qn(n.returns,r.returns))}function c4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):k.IsDate(r)?X.True:X.False}function i4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):!k.IsFunction(r)?X.False:n.parameters.length>r.parameters.length?X.False:!n.parameters.every((t,o)=>ut(Qn(r.parameters[o],t))===X.True)?X.False:ut(Qn(n.returns,r.returns))}function lm(n,r){return k.IsLiteral(n)&&Ur.IsNumber(n.const)?X.True:k.IsNumber(n)||k.IsInteger(n)?X.True:X.False}function a4(n,r){return k.IsInteger(r)||k.IsNumber(r)?X.True:fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):X.False}function ls(n,r){return r.allOf.every((t)=>Qn(n,t)===X.True)?X.True:X.False}function e4(n,r){return n.allOf.some((t)=>Qn(t,r)===X.True)?X.True:X.False}function s4(n,r){return fr(r)?lr(n,r):!k.IsIterator(r)?X.False:ut(Qn(n.items,r.items))}function f4(n,r){return k.IsLiteral(r)&&r.const===n.const?X.True:fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):k.IsString(r)?bm(n,r):k.IsNumber(r)?dm(n,r):k.IsInteger(r)?lm(n,r):k.IsBoolean(r)?fm(n,r):X.False}function _m(n,r){return X.False}function l4(n,r){return X.True}function cm(n){let[r,t]=[n,0];while(!0){if(!k.IsNot(r))break;r=r.not,t+=1}return t%2===0?r:No()}function _4(n,r){return k.IsNot(n)?Qn(cm(n),r):k.IsNot(r)?Qn(n,cm(r)):si("Invalid fallthrough for Not")}function d4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):k.IsNull(r)?X.True:X.False}function dm(n,r){return k.IsLiteralNumber(n)?X.True:k.IsNumber(n)||k.IsInteger(n)?X.True:X.False}function u4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):k.IsInteger(r)||k.IsNumber(r)?X.True:X.False}function Cr(n,r){return Object.getOwnPropertyNames(n.properties).length===r}function im(n){return _s(n)}function am(n){return Cr(n,0)||Cr(n,1)&&"description"in n.properties&&k.IsUnion(n.properties.description)&&n.properties.description.anyOf.length===2&&(k.IsString(n.properties.description.anyOf[0])&&k.IsUndefined(n.properties.description.anyOf[1])||k.IsString(n.properties.description.anyOf[1])&&k.IsUndefined(n.properties.description.anyOf[0]))}function xl(n){return Cr(n,0)}function em(n){return Cr(n,0)}function b4(n){return Cr(n,0)}function g4(n){return Cr(n,0)}function w4(n){return _s(n)}function m4(n){let r=ft();return Cr(n,0)||Cr(n,1)&&"length"in n.properties&&ut(Qn(n.properties.length,r))===X.True}function h4(n){return Cr(n,0)}function _s(n){let r=ft();return Cr(n,0)||Cr(n,1)&&"length"in n.properties&&ut(Qn(n.properties.length,r))===X.True}function $4(n){let r=Nt([Lo()],Lo());return Cr(n,0)||Cr(n,1)&&"then"in n.properties&&ut(Qn(n.properties.then,r))===X.True}function um(n,r){return Qn(n,r)===X.False?X.False:k.IsOptional(n)&&!k.IsOptional(r)?X.False:X.True}function Yr(n,r){return k.IsUnknown(n)?X.False:k.IsAny(n)?X.Union:k.IsNever(n)||k.IsLiteralString(n)&&im(r)||k.IsLiteralNumber(n)&&xl(r)||k.IsLiteralBoolean(n)&&em(r)||k.IsSymbol(n)&&am(r)||k.IsBigInt(n)&&b4(r)||k.IsString(n)&&im(r)||k.IsSymbol(n)&&am(r)||k.IsNumber(n)&&xl(r)||k.IsInteger(n)&&xl(r)||k.IsBoolean(n)&&em(r)||k.IsUint8Array(n)&&w4(r)||k.IsDate(n)&&g4(r)||k.IsConstructor(n)&&h4(r)||k.IsFunction(n)&&m4(r)?X.True:k.IsRecord(n)&&k.IsString(Pl(n))?(()=>{return r[st]==="Record"?X.True:X.False})():k.IsRecord(n)&&k.IsNumber(Pl(n))?(()=>{return Cr(r,0)?X.True:X.False})():X.False}function A4(n,r){return fr(r)?lr(n,r):k.IsRecord(r)?bt(n,r):!k.IsObject(r)?X.False:(()=>{for(let t of Object.getOwnPropertyNames(r.properties)){if(!(t in n.properties)&&!k.IsOptional(r.properties[t]))return X.False;if(k.IsOptional(r.properties[t]))return X.True;if(um(n.properties[t],r.properties[t])===X.False)return X.False}return X.True})()}function E4(n,r){return fr(r)?lr(n,r):k.IsObject(r)&&$4(r)?X.True:!k.IsPromise(r)?X.False:ut(Qn(n.item,r.item))}function Pl(n){return Jo in n.patternProperties?ft():(Xo in n.patternProperties)?Ut():si("Unknown record key pattern")}function Cl(n){return Jo in n.patternProperties?n.patternProperties[Jo]:(Xo in n.patternProperties)?n.patternProperties[Xo]:si("Unable to get record value schema")}function bt(n,r){let[t,o]=[Pl(r),Cl(r)];return k.IsLiteralString(n)&&k.IsNumber(t)&&ut(Qn(n,o))===X.True?X.True:k.IsUint8Array(n)&&k.IsNumber(t)?Qn(n,o):k.IsString(n)&&k.IsNumber(t)?Qn(n,o):k.IsArray(n)&&k.IsNumber(t)?Qn(n,o):k.IsObject(n)?(()=>{for(let c of Object.getOwnPropertyNames(n.properties))if(um(o,n.properties[c])===X.False)return X.False;return X.True})():X.False}function S4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):!k.IsRecord(r)?X.False:Qn(Cl(n),Cl(r))}function R4(n,r){let t=k.IsRegExp(n)?Ut():n,o=k.IsRegExp(r)?Ut():r;return Qn(t,o)}function bm(n,r){return k.IsLiteral(n)&&Ur.IsString(n.const)?X.True:k.IsString(n)?X.True:X.False}function D4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):k.IsString(r)?X.True:X.False}function k4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):k.IsSymbol(r)?X.True:X.False}function M4(n,r){return k.IsTemplateLiteral(n)?Qn(bc(n),r):k.IsTemplateLiteral(r)?Qn(n,bc(r)):si("Invalid fallthrough for TemplateLiteral")}function H4(n,r){return k.IsArray(r)&&n.items!==void 0&&n.items.every((t)=>Qn(t,r.items)===X.True)}function z4(n,r){return k.IsNever(n)?X.True:k.IsUnknown(n)?X.False:k.IsAny(n)?X.Union:X.False}function B4(n,r){return fr(r)?lr(n,r):k.IsObject(r)&&_s(r)?X.True:k.IsArray(r)&&H4(n,r)?X.True:!k.IsTuple(r)?X.False:Ur.IsUndefined(n.items)&&!Ur.IsUndefined(r.items)||!Ur.IsUndefined(n.items)&&Ur.IsUndefined(r.items)?X.False:Ur.IsUndefined(n.items)&&!Ur.IsUndefined(r.items)?X.True:n.items.every((t,o)=>Qn(t,r.items[o])===X.True)?X.True:X.False}function U4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):k.IsUint8Array(r)?X.True:X.False}function W4(n,r){return fr(r)?lr(n,r):k.IsObject(r)?Yr(n,r):k.IsRecord(r)?bt(n,r):k.IsVoid(r)?J4(n,r):k.IsUndefined(r)?X.True:X.False}function Fl(n,r){return r.anyOf.some((t)=>Qn(n,t)===X.True)?X.True:X.False}function V4(n,r){return n.anyOf.every((t)=>Qn(t,r)===X.True)?X.True:X.False}function gm(n,r){return X.True}function Y4(n,r){return k.IsNever(r)?_m(n,r):k.IsIntersect(r)?ls(n,r):k.IsUnion(r)?Fl(n,r):k.IsAny(r)?ql(n,r):k.IsString(r)?bm(n,r):k.IsNumber(r)?dm(n,r):k.IsInteger(r)?lm(n,r):k.IsBoolean(r)?fm(n,r):k.IsArray(r)?yE(n,r):k.IsTuple(r)?z4(n,r):k.IsObject(r)?Yr(n,r):k.IsUnknown(r)?X.True:X.False}function J4(n,r){return k.IsUndefined(n)?X.True:k.IsUndefined(n)?X.True:X.False}function X4(n,r){return k.IsIntersect(r)?ls(n,r):k.IsUnion(r)?Fl(n,r):k.IsUnknown(r)?gm(n,r):k.IsAny(r)?ql(n,r):k.IsObject(r)?Yr(n,r):k.IsVoid(r)?X.True:X.False}function Qn(n,r){return k.IsTemplateLiteral(n)||k.IsTemplateLiteral(r)?M4(n,r):k.IsRegExp(n)||k.IsRegExp(r)?R4(n,r):k.IsNot(n)||k.IsNot(r)?_4(n,r):k.IsAny(n)?IE(n,r):k.IsArray(n)?TE(n,r):k.IsBigInt(n)?r4(n,r):k.IsBoolean(n)?t4(n,r):k.IsAsyncIterator(n)?n4(n,r):k.IsConstructor(n)?o4(n,r):k.IsDate(n)?c4(n,r):k.IsFunction(n)?i4(n,r):k.IsInteger(n)?a4(n,r):k.IsIntersect(n)?e4(n,r):k.IsIterator(n)?s4(n,r):k.IsLiteral(n)?f4(n,r):k.IsNever(n)?l4(n,r):k.IsNull(n)?d4(n,r):k.IsNumber(n)?u4(n,r):k.IsObject(n)?A4(n,r):k.IsRecord(n)?S4(n,r):k.IsString(n)?D4(n,r):k.IsSymbol(n)?k4(n,r):k.IsTuple(n)?B4(n,r):k.IsPromise(n)?E4(n,r):k.IsUint8Array(n)?U4(n,r):k.IsUndefined(n)?W4(n,r):k.IsUnion(n)?V4(n,r):k.IsUnknown(n)?Y4(n,r):k.IsVoid(n)?X4(n,r):si(`Unknown left type operand '${n[q]}'`)}function xo(n,r){return Qn(n,r)}var sm,X;var jl=b(()=>{ia();_c();uc();oi();ei();uo();oa();fn();Gt();dl();sm=class sm extends Dr{};(function(n){n[n.Union=0]="Union",n[n.True=1]="True",n[n.False=2]="False"})(X||(X={}))});function L4(n,r,t,o,c){let i={};for(let a of globalThis.Object.getOwnPropertyNames(n))i[a]=fi(n[a],r,t,o,Fn(c));return i}function Q4(n,r,t,o,c){return L4(n.properties,r,t,o,c)}function wm(n,r,t,o,c){let i=Q4(n,r,t,o,c);return Mn(i)}var Kl=b(()=>{br();ds();Or()});function O4(n,r,t,o){let c=xo(n,r);return c===X.Union?Wn([t,o]):c===X.True?t:o}function fi(n,r,t,o,c){return jn(n)?wm(n,r,t,o,c):Ir(n)?J(mm(n,r,t,o,c)):J(O4(n,r,t,o),c)}var ds=b(()=>{en();sr();jl();vl();Kl();kn()});function G4(n,r,t,o,c){return{[n]:fi(zn(n),r,t,o,Fn(c))}}function N4(n,r,t,o,c){return n.reduce((i,a)=>{return{...i,...G4(a,r,t,o,c)}},{})}function x4(n,r,t,o,c){return N4(n.keys,r,t,o,c)}function mm(n,r,t,o,c){let i=x4(n,r,t,o,c);return Mn(i)}var vl=b(()=>{br();Nr();ds();Or()});var hm=()=>{};var ha=b(()=>{jl();vl();Kl();hm();ds()});function $m(n,r){return li(bc(n),r)}var Zl=b(()=>{us();uo()});function P4(n,r){let t=n.filter((o)=>xo(o,r)===X.False);return t.length===1?t[0]:Wn(t)}function li(n,r,t={}){if(yr(n))return J($m(n,r),t);if(jn(n))return J(Am(n,r),t);return J(En(n)?P4(n.anyOf,r):xo(n,r)!==X.False?Sn():n,t)}var us=b(()=>{en();sr();Mr();ha();pl();Zl();kn()});function C4(n,r){let t={};for(let o of globalThis.Object.getOwnPropertyNames(n))t[o]=li(n[o],r);return t}function q4(n,r){return C4(n.properties,r)}function Am(n,r){let t=q4(n,r);return Mn(t)}var pl=b(()=>{br();us()});var Il=b(()=>{pl();Zl();us()});function Em(n,r){return _i(bc(n),r)}var yl=b(()=>{bs();uo()});function F4(n,r){let t=n.filter((o)=>xo(o,r)!==X.False);return t.length===1?t[0]:Wn(t)}function _i(n,r,t){if(yr(n))return J(Em(n,r),t);if(jn(n))return J(Sm(n,r),t);return J(En(n)?F4(n.anyOf,r):xo(n,r)!==X.False?n:Sn(),t)}var bs=b(()=>{en();sr();Mr();ha();Tl();yl();kn()});function j4(n,r){let t={};for(let o of globalThis.Object.getOwnPropertyNames(n))t[o]=_i(n[o],r);return t}function K4(n,r){return j4(n.properties,r)}function Sm(n,r){let t=K4(n,r);return Mn(t)}var Tl=b(()=>{br();bs()});var n_=b(()=>{Tl();yl();bs()});function Rm(n,r){return Mt(n)?J(n.returns,r):Sn(r)}var Dm=b(()=>{en();Mr();kn()});var r_=b(()=>{Dm()});function gs(n){return Pr(Wr(n))}var km=b(()=>{gc();lo()});var ws=b(()=>{km()});function mc(n,r,t){return J({[q]:"Record",type:"object",patternProperties:{[n]:r}},t)}function t_(n,r,t){let o={};for(let c of n)o[c]=r;return Ln(o,{...t,[st]:"Record"})}function v4(n,r,t){return e1(n)?t_(xr(n),r,t):mc(n.pattern,r,t)}function Z4(n,r,t){return t_(xr(Wn(n)),r,t)}function p4(n,r,t){return t_([n.toString()],r,t)}function I4(n,r,t){return mc(n.source,r,t)}function y4(n,r,t){let o=ir(n.pattern)?Xo:n.pattern;return mc(o,r,t)}function T4(n,r,t){return mc(Xo,r,t)}function n6(n,r,t){return mc(Qw,r,t)}function r6(n,r,t){return Ln({true:r,false:r},t)}function t6(n,r,t){return mc(Jo,r,t)}function o6(n,r,t){return mc(Jo,r,t)}function ms(n,r,t={}){return En(n)?Z4(n.anyOf,r,t):yr(n)?v4(n,r,t):pr(n)?p4(n.const,r,t):ao(n)?r6(n,r,t):zt(n)?t6(n,r,t):Bt(n)?o6(n,r,t):sl(n)?I4(n,r,t):eo(n)?y4(n,r,t):al(n)?T4(n,r,t):Vo(n)?n6(n,r,t):Sn(t)}function hs(n){return globalThis.Object.getOwnPropertyNames(n.patternProperties)[0]}function Mm(n){let r=hs(n);return r===Xo?Ut():r===Jo?ft():Ut({pattern:r})}function $s(n){return n.patternProperties[hs(n)]}var Hm=b(()=>{en();fn();Mr();uc();rt();oi();sr();uo();oa();Pt();kn()});var $a=b(()=>{Hm()});function c6(n,r){return r.parameters=Aa(n,r.parameters),r.returns=Wt(n,r.returns),r}function i6(n,r){return r.parameters=Aa(n,r.parameters),r.returns=Wt(n,r.returns),r}function a6(n,r){return r.allOf=Aa(n,r.allOf),r}function e6(n,r){return r.anyOf=Aa(n,r.anyOf),r}function s6(n,r){if(ir(r.items))return r;return r.items=Aa(n,r.items),r}function f6(n,r){return r.items=Wt(n,r.items),r}function l6(n,r){return r.items=Wt(n,r.items),r}function _6(n,r){return r.items=Wt(n,r.items),r}function d6(n,r){return r.item=Wt(n,r.item),r}function u6(n,r){let t=m6(n,r.properties);return{...r,...Ln(t)}}function b6(n,r){let t=Wt(n,Mm(r)),o=Wt(n,$s(r)),c=ms(t,o);return{...r,...c}}function g6(n,r){return r.index in n?n[r.index]:No()}function w6(n,r){let t=pc(r),o=Gr(r),c=Wt(n,r);return t&&o?gs(c):t&&!o?Pr(c):!t&&o?Wr(c):c}function m6(n,r){return globalThis.Object.getOwnPropertyNames(r).reduce((t,o)=>{return{...t,[o]:w6(n,r[o])}},{})}function Aa(n,r){return r.map((t)=>Wt(n,t))}function Wt(n,r){return Mt(r)?c6(n,r):Ht(r)?i6(n,r):pn(r)?a6(n,r):En(r)?e6(n,r):Tr(r)?s6(n,r):Dt(r)?f6(n,r):ac(r)?l6(n,r):sc(r)?_6(n,r):fc(r)?d6(n,r):ar(r)?u6(n,r):lc(r)?b6(n,r):el(r)?g6(n,r):r}function zm(n,r){return Wt(r,Zc(n))}var Bm=b(()=>{Oe();ei();ws();gc();lo();rt();$a();kn()});var o_=b(()=>{Bm()});function Um(n){return J({[q]:"Integer",type:"integer"},n)}var Wm=b(()=>{en();fn()});var c_=b(()=>{Wm()});function h6(n,r,t){return{[n]:Vt(zn(n),r,Fn(t))}}function $6(n,r,t){return n.reduce((c,i)=>{return{...c,...h6(i,r,t)}},{})}function A6(n,r,t){return $6(n.keys,r,t)}function Vm(n,r,t){let o=A6(n,r,t);return Mn(o)}var i_=b(()=>{br();hc();Nr();Or()});function E6(n){let[r,t]=[n.slice(0,1),n.slice(1)];return[r.toLowerCase(),t].join("")}function S6(n){let[r,t]=[n.slice(0,1),n.slice(1)];return[r.toUpperCase(),t].join("")}function R6(n){return n.toUpperCase()}function D6(n){return n.toLowerCase()}function k6(n,r,t){let o=ri(n.pattern);if(!dc(o))return{...n,pattern:Ym(n.pattern,r)};let a=[..._a(o)].map((f)=>zn(f)),e=Jm(a,r),s=Wn(e);return Ke([s],t)}function Ym(n,r){return typeof n==="string"?r==="Uncapitalize"?E6(n):r==="Capitalize"?S6(n):r==="Uppercase"?R6(n):r==="Lowercase"?D6(n):n:n.toString()}function Jm(n,r){return n.map((t)=>Vt(t,r))}function Vt(n,r,t={}){return Ir(n)?Vm(n,r,t):yr(n)?k6(n,r,t):En(n)?Wn(Jm(n.anyOf,r),t):pr(n)?zn(Ym(n.const,r),t):J(n,t)}var hc=b(()=>{en();uo();i_();Nr();sr();kn()});function Xm(n,r={}){return Vt(n,"Capitalize",r)}var Lm=b(()=>{hc()});function Qm(n,r={}){return Vt(n,"Lowercase",r)}var Om=b(()=>{hc()});function Gm(n,r={}){return Vt(n,"Uncapitalize",r)}var Nm=b(()=>{hc()});function xm(n,r={}){return Vt(n,"Uppercase",r)}var Pm=b(()=>{hc()});var a_=b(()=>{Lm();i_();hc();Om();Nm();Pm()});function M6(n,r,t){let o={};for(let c of globalThis.Object.getOwnPropertyNames(n))o[c]=Po(n[c],r,Fn(t));return o}function H6(n,r,t){return M6(n.properties,r,t)}function Cm(n,r,t){let o=H6(n,r,t);return Mn(o)}var e_=b(()=>{br();As();Or()});function z6(n,r){return n.map((t)=>s_(t,r))}function B6(n,r){return n.map((t)=>s_(t,r))}function U6(n,r){let{[r]:t,...o}=n;return o}function W6(n,r){return r.reduce((t,o)=>U6(t,o),n)}function V6(n,r,t){let o=In(n,[er,"$id","required","properties"]),c=W6(t,r);return Ln(c,o)}function Y6(n){let r=n.reduce((t,o)=>Ne(o)?[...t,zn(o)]:t,[]);return Wn(r)}function s_(n,r){return pn(n)?Vr(z6(n.allOf,r)):En(n)?Wn(B6(n.anyOf,r)):ar(n)?V6(n,r,n.properties):Ln({})}function Po(n,r,t){let o=cr(r)?Y6(r):r,c=nt(r)?xr(r):r,i=rr(n),a=rr(r);return jn(n)?Cm(n,c,t):Ir(r)?qm(n,r,t):i&&a?Cn("Omit",[n,o],t):!i&&a?Cn("Omit",[n,o],t):i&&!a?Cn("Omit",[n,o],t):J({...s_(n,c),...t})}var As=b(()=>{en();Ii();Qo();Nr();Pt();lt();sr();rt();f_();e_();kn()});function J6(n,r,t){return{[r]:Po(n,[r],Fn(t))}}function X6(n,r,t){return r.reduce((o,c)=>{return{...o,...J6(n,c,t)}},{})}function L6(n,r,t){return X6(n,r.keys,t)}function qm(n,r,t){let o=L6(n,r,t);return Mn(o)}var f_=b(()=>{br();As();Or()});var Es=b(()=>{f_();e_();As()});function Q6(n,r,t){let o={};for(let c of globalThis.Object.getOwnPropertyNames(n))o[c]=Co(n[c],r,Fn(t));return o}function O6(n,r,t){return Q6(n.properties,r,t)}function Fm(n,r,t){let o=O6(n,r,t);return Mn(o)}var l_=b(()=>{br();Ss();Or()});function G6(n,r){return n.map((t)=>__(t,r))}function N6(n,r){return n.map((t)=>__(t,r))}function x6(n,r){let t={};for(let o of r)if(o in n)t[o]=n[o];return t}function P6(n,r,t){let o=In(n,[er,"$id","required","properties"]),c=x6(t,r);return Ln(c,o)}function C6(n){let r=n.reduce((t,o)=>Ne(o)?[...t,zn(o)]:t,[]);return Wn(r)}function __(n,r){return pn(n)?Vr(G6(n.allOf,r)):En(n)?Wn(N6(n.anyOf,r)):ar(n)?P6(n,r,n.properties):Ln({})}function Co(n,r,t){let o=cr(r)?C6(r):r,c=nt(r)?xr(r):r,i=rr(n),a=rr(r);return jn(n)?Fm(n,c,t):Ir(r)?jm(n,r,t):i&&a?Cn("Pick",[n,o],t):!i&&a?Cn("Pick",[n,o],t):i&&!a?Cn("Pick",[n,o],t):J({...__(n,c),...t})}var Ss=b(()=>{en();Qo();lt();Nr();rt();sr();Pt();Ii();kn();d_();l_()});function q6(n,r,t){return{[r]:Co(n,[r],Fn(t))}}function F6(n,r,t){return r.reduce((o,c)=>{return{...o,...q6(n,c,t)}},{})}function j6(n,r,t){return F6(n,r.keys,t)}function jm(n,r,t){let o=j6(n,r,t);return Mn(o)}var d_=b(()=>{br();Ss();Or()});var Rs=b(()=>{d_();l_();Ss()});function K6(n,r){return Cn("Partial",[Cn(n,r)])}function v6(n){return Cn("Partial",[Ct(n)])}function Z6(n){let r={};for(let t of globalThis.Object.getOwnPropertyNames(n))r[t]=Wr(n[t]);return r}function p6(n,r){let t=In(n,[er,"$id","required","properties"]),o=Z6(r);return Ln(o,t)}function Km(n){return n.map((r)=>vm(r))}function vm(n){return kt(n)?K6(n.target,n.parameters):rr(n)?v6(n.$ref):pn(n)?Vr(Km(n.allOf)):En(n)?Wn(Km(n.anyOf)):ar(n)?p6(n,n.properties):ec(n)?n:ao(n)?n:zt(n)?n:pr(n)?n:yi(n)?n:Bt(n)?n:eo(n)?n:Ti(n)?n:na(n)?n:Ln({})}function di(n,r){if(jn(n))return Zm(n,r);else return J({...vm(n),...r})}var u_=b(()=>{en();Qo();lo();rt();lt();sr();wc();fo();fn();b_();kn()});function I6(n,r){let t={};for(let o of globalThis.Object.getOwnPropertyNames(n))t[o]=di(n[o],Fn(r));return t}function y6(n,r){return I6(n.properties,r)}function Zm(n,r){let t=y6(n,r);return Mn(t)}var b_=b(()=>{br();u_();Or()});var Ds=b(()=>{b_();u_()});function T6(n,r){return Cn("Required",[Cn(n,r)])}function n8(n){return Cn("Required",[Ct(n)])}function r8(n){let r={};for(let t of globalThis.Object.getOwnPropertyNames(n))r[t]=In(n[t],[kr]);return r}function t8(n,r){let t=In(n,[er,"$id","required","properties"]),o=r8(r);return Ln(o,t)}function pm(n){return n.map((r)=>Im(r))}function Im(n){return kt(n)?T6(n.target,n.parameters):rr(n)?n8(n.$ref):pn(n)?Vr(pm(n.allOf)):En(n)?Wn(pm(n.anyOf)):ar(n)?t8(n,n.properties):ec(n)?n:ao(n)?n:zt(n)?n:pr(n)?n:yi(n)?n:Bt(n)?n:eo(n)?n:Ti(n)?n:na(n)?n:Ln({})}function ui(n,r){if(jn(n))return ym(n,r);else return J({...Im(n),...r})}var g_=b(()=>{en();Qo();rt();lt();sr();wc();fn();fo();w_();kn()});function o8(n,r){let t={};for(let o of globalThis.Object.getOwnPropertyNames(n))t[o]=ui(n[o],r);return t}function c8(n,r){return o8(n.properties,r)}function ym(n,r){let t=c8(n,r);return Mn(t)}var w_=b(()=>{br();g_()});var ks=b(()=>{w_();g_()});function i8(n,r){return r.map((t)=>{return rr(t)?m_(n,t.$ref):tt(n,t)})}function m_(n,r){return r in n?rr(n[r])?m_(n,n[r].$ref):tt(n,n[r]):Sn()}function a8(n){return ii(n[0])}function e8(n){return Oo(n[0],n[1])}function s8(n){return ai(n[0])}function f8(n){return di(n[0])}function l8(n){return Po(n[0],n[1])}function _8(n){return Co(n[0],n[1])}function d8(n){return ui(n[0])}function u8(n,r,t){let o=i8(n,t);return r==="Awaited"?a8(o):r==="Index"?e8(o):r==="KeyOf"?s8(o):r==="Partial"?f8(o):r==="Omit"?l8(o):r==="Pick"?_8(o):r==="Required"?d8(o):Sn()}function b8(n,r){return Ic(tt(n,r))}function g8(n,r){return yc(tt(n,r))}function w8(n,r,t){return Tc(Ea(n,r),tt(n,t))}function m8(n,r,t){return Nt(Ea(n,r),tt(n,t))}function h8(n,r){return Vr(Ea(n,r))}function $8(n,r){return ci(tt(n,r))}function A8(n,r){return Ln(globalThis.Object.keys(r).reduce((t,o)=>{return{...t,[o]:tt(n,r[o])}},{}))}function E8(n,r){let[t,o]=[tt(n,$s(r)),hs(r)],c=Zc(r);return c.patternProperties[o]=t,c}function S8(n,r){return rr(r)?{...m_(n,r.$ref),[er]:r[er]}:r}function R8(n,r){return _t(Ea(n,r))}function D8(n,r){return Wn(Ea(n,r))}function Ea(n,r){return r.map((t)=>tt(n,t))}function tt(n,r){return Gr(r)?J(tt(n,In(r,[kr])),r):pc(r)?J(tt(n,In(r,[Rt])),r):Yo(r)?J(S8(n,r),r):Dt(r)?J(b8(n,r.items),r):ac(r)?J(g8(n,r.items),r):kt(r)?J(u8(n,r.target,r.parameters)):Mt(r)?J(w8(n,r.parameters,r.returns),r):Ht(r)?J(m8(n,r.parameters,r.returns),r):pn(r)?J(h8(n,r.allOf),r):sc(r)?J($8(n,r.items),r):ar(r)?J(A8(n,r.properties),r):lc(r)?J(E8(n,r)):Tr(r)?J(R8(n,r.items||[]),r):En(r)?J(D8(n,r.anyOf),r):r}function k8(n,r){return r in n?tt(n,n[r]):Sn()}function Tm(n){return globalThis.Object.getOwnPropertyNames(n).reduce((r,t)=>{return{...r,[t]:k8(n,t)}},{})}var n2=b(()=>{io();il();fo();aa();ye();ea();sa();Pt();_c();lt();ua();ma();rt();Es();Rs();Mr();Ds();$a();ks();Go();sr();fn();kn()});class r2{constructor(n){let r=Tm(n),t=this.WithIdentifiers(r);this.$defs=t}Import(n,r){let t={...this.$defs,[n]:J(this.$defs[n],r)};return J({[q]:"Import",$defs:t,$ref:n})}WithIdentifiers(n){return globalThis.Object.getOwnPropertyNames(n).reduce((r,t)=>{return{...r,[t]:{...n[t],$id:t}}},{})}}function t2(n){return new r2(n)}var o2=b(()=>{io();fn();n2()});var h_=b(()=>{o2()});function c2(n,r){return J({[q]:"Not",not:n},r)}var i2=b(()=>{en();fn()});var $_=b(()=>{i2()});function a2(n,r){return Ht(n)?_t(n.parameters,r):Sn()}var e2=b(()=>{Go();Mr();kn()});var A_=b(()=>{e2()});function s2(n,r={}){if(ir(r.$id))r.$id=`T${M8++}`;let t=Zc(n({[q]:"This",$ref:`${r.$id}`}));return t.$id=r.$id,J({[st]:"Recursive",...t},r)}var M8=0;var f2=b(()=>{Oe();en();fn()});var E_=b(()=>{f2()});function l2(n,r){let t=xn(n)?new globalThis.RegExp(n):n;return J({[q]:"RegExp",type:"RegExp",source:t.source,flags:t.flags},r)}var _2=b(()=>{en();fn()});var S_=b(()=>{_2()});function H8(n){return pn(n)?n.allOf:En(n)?n.anyOf:Tr(n)?n.items??[]:[]}function d2(n){return H8(n)}var u2=b(()=>{kn()});var R_=b(()=>{u2()});function b2(n,r){return Ht(n)?J(n.returns,r):Sn(r)}var g2=b(()=>{en();Mr();kn()});var D_=b(()=>{g2()});var w2=()=>{};var m2=()=>{};var h2=b(()=>{w2();m2()});var $2=()=>{};var A2=b(()=>{$2()});class E2{constructor(n){this.schema=n}Decode(n){return new S2(this.schema,n)}}class S2{constructor(n,r){this.schema=n,this.decode=r}EncodeTransform(n,r){let c={Encode:(i)=>r[er].Encode(n(i)),Decode:(i)=>this.decode(r[er].Decode(i))};return{...r,[er]:c}}EncodeSchema(n,r){let t={Decode:this.decode,Encode:n};return{...r,[er]:t}}Encode(n){return Yo(this.schema)?this.EncodeTransform(n,this.schema):this.EncodeSchema(n,this.schema)}}function R2(n){return new E2(n)}var D2=b(()=>{fn();kn()});var k_=b(()=>{D2()});function k2(n={}){return J({[q]:n[q]??"Unsafe"},n)}var M2=b(()=>{en();fn()});var M_=b(()=>{M2()});function H2(n){return J({[q]:"Void",type:"void"},n)}var z2=b(()=>{en();fn()});var H_=b(()=>{z2()});var z_={};go(z_,{Void:()=>H2,Uppercase:()=>xm,Unsafe:()=>k2,Unknown:()=>No,Union:()=>Wn,Undefined:()=>is,Uncapitalize:()=>Gm,Uint8Array:()=>es,Tuple:()=>_t,Transform:()=>R2,TemplateLiteral:()=>Ke,Symbol:()=>os,String:()=>Ut,ReturnType:()=>b2,Rest:()=>d2,Required:()=>ui,RegExp:()=>l2,Ref:()=>Ct,Recursive:()=>s2,Record:()=>ms,ReadonlyOptional:()=>gs,Readonly:()=>Pr,Promise:()=>pe,Pick:()=>Co,Partial:()=>di,Parameters:()=>a2,Optional:()=>Wr,Omit:()=>Po,Object:()=>Ln,Number:()=>ft,Null:()=>rs,Not:()=>c2,Never:()=>Sn,Module:()=>t2,Mapped:()=>W1,Lowercase:()=>Qm,Literal:()=>zn,KeyOf:()=>ai,Iterator:()=>ci,Intersect:()=>Vr,Integer:()=>Um,Instantiate:()=>zm,InstanceType:()=>Rm,Index:()=>Oo,Function:()=>Nt,Extract:()=>_i,Extends:()=>fi,Exclude:()=>li,Enum:()=>tm,Date:()=>Te,ConstructorParameters:()=>nm,Constructor:()=>Tc,Const:()=>y1,Composite:()=>q1,Capitalize:()=>Xm,Boolean:()=>Fe,BigInt:()=>ti,Awaited:()=>ii,AsyncIterator:()=>yc,Array:()=>Ic,Argument:()=>Kw,Any:()=>Lo});var B2=b(()=>{ia();ul();aa();ea();ye();da();je();Ll();Ol();sa();Gl();ns();Nl();Il();ha();n_();_c();Pt();r_();o_();c_();lt();a_();ua();ma();Nr();br();h_();Mr();$_();ts();uc();rt();Es();lo();A_();Ds();Rs();Ie();gc();ws();$a();E_();wc();S_();ks();R_();D_();oi();cs();uo();k_();Go();ss();as();sr();ei();M_();H_()});var _r;var U2=b(()=>{B2();_r=z_});var W2=b(()=>{il();io();Gt();dl();Jw();oa();Nw();ca();fn();ia();aa();ul();ea();ye();da();je();Ll();Ol();sa();Gl();ns();Nl();Il();ha();n_();_c();Pt();r_();o_();c_();lt();ua();a_();ma();Nr();h_();br();Mr();$_();ts();uc();rt();Es();lo();A_();Ds();Rs();Ie();gc();ws();$a();E_();wc();S_();ks();R_();D_();h2();A2();oi();cs();uo();k_();Go();ss();as();sr();ei();M_();H_();U2()});var B_,U_,uq,bq;var W_=b(()=>{W2();B_=_r.Object({email:_r.String({format:"email"})}),U_=_r.Object({token:_r.String()}),uq=_r.Object({success:_r.Boolean(),message:_r.Optional(_r.String())}),bq=_r.Object({success:_r.Boolean(),message:_r.Optional(_r.String()),data:_r.Optional(_r.Object({user:_r.Object({id:_r.String(),email:_r.String()}),accessToken:_r.String(),refreshToken:_r.String()}))})});import{eq as V_}from"drizzle-orm";import{Elysia as z8}from"elysia";function Ms(n,r,t,o,c,i,a,e,s,f){let{db:d,logger:l,usersTable:w}=n,g=r.route||"/auth/magic-link",u=r.verifyRoute||"/auth/magic-link/verify",m=r.expiresIn||"15m",_=r.redirectUrl||"",S=new z8;if(!r.enabled)return S;return S.post(g,async(h)=>{if(!d||!w)return{success:!1,message:"Database not configured"};if(!t?.isAvailable())return l.error("[AUTH] Magic link requested but email service not available"),{success:!1,message:"Email service not available"};let{email:E}=h.body,Y=(await d.select().from(w).where(V_(w.email,E)).limit(1))[0];if(!Y)return l.info("[AUTH] Magic link requested for non-existent email",{email:E}),{success:!0,message:"If an account exists, a magic link has been sent"};if(Y.isLocked)return l.warn("[AUTH] Magic link requested for locked account",{email:E}),{success:!0,message:"If an account exists, a magic link has been sent"};let H=Kc(),D=St(H),R=new Date(Date.now()+vc(m));await a({userId:Y.id,email:E,tokenHash:D,expiresAt:R});let $=_?`${_}?token=${H}`:`${u}?token=${H}`,A=await t.sendMagicLinkEmail(E,$,f);if(!A.success)return l.error("[AUTH] Failed to send magic link email",{email:E,error:A.error}),{success:!1,message:"Failed to send email"};return l.info("[AUTH] Magic link sent",{email:E,userId:Y.id}),{success:!0,message:"If an account exists, a magic link has been sent"}},{body:B_,detail:{tags:["Authentication"],summary:"Request Magic Link",description:"Send a magic link to the user's email for passwordless login"}}),S.get(u,async(h)=>{if(!d||!w)return{success:!1,message:"Database not configured"};let E=h.query.token;if(!E)return{success:!1,message:"Token is required"};let V=St(E),Y=await e(V);if(!Y)return l.warn("[AUTH] Invalid magic link token"),{success:!1,message:"Invalid or expired token"};if(new Date>Y.expiresAt)return await s(V),l.warn("[AUTH] Expired magic link token",{email:Y.email}),{success:!1,message:"Invalid or expired token"};let D=(await d.select().from(w).where(V_(w.id,Y.userId)).limit(1))[0];if(!D)return await s(V),{success:!1,message:"User not found"};await s(V),await d.update(w).set({lastLoginAt:new Date,loginCount:(D.loginCount||0)+1,emailVerified:!0}).where(V_(w.id,D.id));let R=h.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||h.request.headers.get("x-real-ip")?.trim()||"unknown",$=h.request.headers.get("user-agent")||"",A=o(D.id),M=c(D.id),z=await i({userId:D.id,deviceInfo:{ipAddress:R,userAgent:$,deviceType:"unknown"},loginMethod:"magic_link"});return l.info("[AUTH] Magic link login successful",{userId:D.id,email:D.email}),h.set.headers["x-session-id"]=z,{success:!0,data:{user:{id:D.id,email:D.email},accessToken:A,refreshToken:M}}},{query:U_,detail:{tags:["Authentication"],summary:"Verify Magic Link",description:"Verify magic link token and login user"}}),S}var Y_=b(()=>{W_();Ki();W_()});import{eq as bi}from"drizzle-orm";import{Elysia as B8}from"elysia";function Hs(n,r,t,o,c){let{db:i,logger:a,usersTable:e}=n,s=r.route||"/auth/me",f=new B8;if(!r.enabled)return f;return f.get(s,async(d)=>{if(!i||!e)return{success:!1,message:"Database not configured"};let l=d.request.headers.get("x-user-id");if(!l)return d.set.status=401,{success:!1,message:"Unauthorized"};let g=(await i.select().from(e).where(bi(e.id,l)).limit(1))[0];if(!g)return d.set.status=404,{success:!1,message:"User not found"};let{password:u,...m}=g,_=null,S=[],h=[],E=[],V=[];if(r.includeProfile&&t){let H=t.profiles;if(H&&i)_=(await i.select().from(H).where(bi(H.userId,l)).limit(1))[0]||null}if(r.includeAddresses&&t){let H=t.addresses;if(H&&i)S=await i.select().from(H).where(bi(H.ownerId,l))}if(r.includePhones&&t){let H=t.phones;if(H&&i)h=await i.select().from(H).where(bi(H.ownerId,l))}if(r.includeFiles&&t){let H=t.files;if(H&&i)E=await i.select().from(H).where(bi(H.uploadedBy,l))}if(r.includeRoles&&t){let{userRoles:H,roles:D}=t;if(H&&D&&i){let $=(await i.select().from(H).where(bi(H.userId,l))).map((A)=>A.roleId);if($.length>0){let{inArray:A}=await import("drizzle-orm");V=await i.select().from(D).where(A(D.id,$))}}}return a.info("[AUTH] Me endpoint accessed",{userId:l}),JSON.parse(JSON.stringify({success:!0,data:{user:m,profile:_,addresses:S,phones:h,files:E,roles:V}},(H,D)=>typeof D==="bigint"?Number(D):D))},{detail:{tags:["Authentication"],summary:"Get current user",description:"Get the currently authenticated user with profile, addresses, phones and files"}}),f}var J_=()=>{};import{and as zs,eq as Xr}from"drizzle-orm";import{Elysia as U8}from"elysia";function V2(n,r,t,o,c,i,a,e,s,f,d){let{db:l,logger:w,usersTable:g}=n,u=r.basePath,m={accessTokenName:a?.accessTokenName||"access_token",refreshTokenName:a?.refreshTokenName||"refresh_token",sessionTokenName:a?.sessionTokenName||"session_token",accessTokenMaxAge:a?.accessTokenMaxAge||900,refreshTokenMaxAge:a?.refreshTokenMaxAge||604800,sessionTokenMaxAge:a?.sessionTokenMaxAge||900,secure:a?.secure??!0,httpOnly:a?.httpOnly??!0,sameSite:a?.sameSite||"lax",path:a?.path||"/",domain:a?.domain},_={accessToken:{setHeadersEnabled:e?.accessToken?.setHeadersEnabled??!0,returnJson:e?.accessToken?.returnJson??!0},refreshToken:{setHeadersEnabled:e?.refreshToken?.setHeadersEnabled??!0,returnJson:e?.refreshToken?.returnJson??!0},sessionToken:{setHeadersEnabled:e?.sessionToken?.setHeadersEnabled??!0,returnJson:e?.sessionToken?.returnJson??!0}},S=new U8;return S.get(`${u}/:provider`,async(h)=>{let E=h.params.provider;if(!r.isProviderEnabled(E))return h.set.status=404,{success:!1,message:`OAuth provider "${E}" is not enabled`};let V=h.query.link_user_id,Y=h.query.redirect_url,H=r.buildAuthorizationUrl(E,V,Y);return h.set.status=302,h.set.headers.Location=H,null},{detail:{tags:["Authentication"],summary:"OAuth Redirect",description:"Redirects to the OAuth provider authorization page"}}),S.get(`${u}/:provider/callback`,async(h)=>{let E=h.params.provider,V=h.query,{code:Y,state:H,error:D,error_description:R}=V,$=r.errorRedirectUrl;if(D)return w.warn("[OAUTH] Provider returned error",{provider:E,error:D,error_description:R}),h.set.status=302,h.set.headers.Location=`${$}?error=${encodeURIComponent(R||D)}`,null;if(!Y||!H)return h.set.status=302,h.set.headers.Location=`${$}?error=missing_code_or_state`,null;let A=r.consumeState(H);if(!A)return w.warn("[OAUTH] Invalid or expired state",{provider:E,state:H}),h.set.status=302,h.set.headers.Location=`${$}?error=invalid_state`,null;if(A.provider!==E)return w.warn("[OAUTH] State provider mismatch",{expected:A.provider,got:E}),h.set.status=302,h.set.headers.Location=`${$}?error=provider_mismatch`,null;if(!l||!g)return h.set.status=302,h.set.headers.Location=`${$}?error=server_error`,null;let M;try{M=await r.exchangeCode(E,Y)}catch(dn){return w.error("[OAUTH] Code exchange failed",{provider:E,error:dn}),h.set.status=302,h.set.headers.Location=`${$}?error=token_exchange_failed`,null}let{profile:z,tokens:L}=M,O=n.oauthAccountsTable,B=null;if(A.linkUserId&&r.allowAccountLinking){if(B=A.linkUserId,O){let On=await l.select().from(O).where(zs(Xr(O.provider,E),Xr(O.providerAccountId,z.providerAccountId))).limit(1);if(On.length>0){let vn=On[0];if(vn.userId!==B)return h.set.status=302,h.set.headers.Location=`${$}?error=account_already_linked_to_another_user`,null;await l.update(O).set({accessToken:L.accessToken,refreshToken:L.refreshToken??null,tokenExpiresAt:L.expiresAt??null,scope:L.scope??null,rawProfile:z.rawProfile,lastUsedAt:new Date}).where(Xr(O.id,vn.id))}else await l.insert(O).values({userId:B,provider:E,providerAccountId:z.providerAccountId,providerEmail:z.email??null,providerName:z.name??null,providerAvatarUrl:z.avatarUrl??null,accessToken:L.accessToken,refreshToken:L.refreshToken??null,tokenExpiresAt:L.expiresAt??null,scope:L.scope??null,rawProfile:z.rawProfile,isPrimary:!1,lastUsedAt:new Date})}w.info("[OAUTH] Account linked successfully",{userId:B,provider:E});let dn=A.redirectUrl||r.successRedirectUrl;return h.set.status=302,h.set.headers.Location=`${dn}?linked=true&provider=${E}`,null}if(O){let dn=await l.select().from(O).where(zs(Xr(O.provider,E),Xr(O.providerAccountId,z.providerAccountId))).limit(1);if(dn.length>0){let On=dn[0];B=On.userId,await l.update(O).set({accessToken:L.accessToken,refreshToken:L.refreshToken??null,tokenExpiresAt:L.expiresAt??null,scope:L.scope??null,rawProfile:z.rawProfile,lastUsedAt:new Date}).where(Xr(O.id,On.id))}}if(!B&&z.email){let dn=await l.select().from(g).where(Xr(g.email,z.email)).limit(1);if(dn.length>0){if(B=dn[0].id,O)await l.insert(O).values({userId:B,provider:E,providerAccountId:z.providerAccountId,providerEmail:z.email??null,providerName:z.name??null,providerAvatarUrl:z.avatarUrl??null,accessToken:L.accessToken,refreshToken:L.refreshToken??null,tokenExpiresAt:L.expiresAt??null,scope:L.scope??null,rawProfile:z.rawProfile,isPrimary:!1,lastUsedAt:new Date}).onConflictDoNothing();w.info("[OAUTH] Merged OAuth account with existing user by email",{userId:B,provider:E,email:z.email})}}if(!B){if(!r.autoCreateUser)return h.set.status=302,h.set.headers.Location=`${$}?error=user_not_found`,null;let dn=z.email??`${E}_${z.providerAccountId}@oauth.local`;if(B=(await l.insert(g).values({email:dn,password:null,verifiedAt:z.email?new Date:null,isActive:!0}).returning())[0].id,O)await l.insert(O).values({userId:B,provider:E,providerAccountId:z.providerAccountId,providerEmail:z.email??null,providerName:z.name??null,providerAvatarUrl:z.avatarUrl??null,accessToken:L.accessToken,refreshToken:L.refreshToken??null,tokenExpiresAt:L.expiresAt??null,scope:L.scope??null,rawProfile:z.rawProfile,isPrimary:!0,lastUsedAt:new Date});if(w.info("[OAUTH] Created new user via OAuth",{userId:B,provider:E,email:z.email}),r.sendInviteOnCreate&&z.email&&s?.isAvailable()&&f)try{let ln=Kc(),gr=St(ln),ot=new Date(Date.now()+vc("7d"));await f({userId:B,email:z.email,tokenHash:gr,expiresAt:ot});let Yn=`${r.successRedirectUrl.replace(/\/$/,"").replace(/\/[^/]+$/,"/set-password")}?token=${ln}`;await s.sendEmail({to:z.email,subject:`Welcome to ${d??"the platform"} \u2014 Set your password`,html:`
 								<p>Hi${z.name?` ${z.name}`:""},</p>
 								<p>Your account has been created via ${E} login. You can optionally set a password to also sign in with your email and password.</p>
 								<p><a href="${Yn}">Set your password</a></p>
 								<p>This link expires in 7 days. If you don't want to set a password, you can always sign in with ${E}.</p>
-							`}),w.info("[OAUTH] Invite email sent to new OAuth user",{userId:B,email:z.email,provider:E})}catch(ln){w.warn("[OAUTH] Failed to send invite email",{userId:B,error:ln})}}await l.update(g).set({lastLoginAt:new Date}).where(Xr(g.id,B));let L=h.request.headers.get("cf-connecting-ip")?.trim()||h.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||h.request.headers.get("x-real-ip")?.trim()||"127.0.0.1",G=h.request.headers.get("user-agent")||"Unknown Browser",j=We(G,L),N=t(B),x=o(B),I=h.request.headers.get("origin")||h.request.headers.get("referer")?.replace(/\/[^/]*$/,"")||void 0,Q={userId:B,deviceInfo:j,loginMethod:`oauth:${E}`,rememberMe:!0,requestOrigin:I},v=await c(Q),C=!1;if(i){if((await i(v,Q))?.requiresApproval)C=!0}if(C){w.info("[OAUTH] Login requires device approval",{userId:B,provider:E});let dn=A.redirectUrl||r.successRedirectUrl;return h.set.status=302,h.set.headers.Location=`${dn}?requires_approval=true&provider=${E}`,null}await w.audit({entityName:"users",entityId:B,operation:"LOGIN",userId:B,summary:`${z.email??z.providerAccountId} logged in via OAuth (${E})`,ipAddress:L,userAgent:G,path:`${u}/${E}/callback`,query:""});let y=m.secure?"; Secure":"",p=m.domain?`; Domain=${m.domain}`:"",F=`; Path=${m.path}; HttpOnly; SameSite=${m.sameSite}${y}${p}`,nn=[];if(_.accessToken.setHeadersEnabled)nn.push(`${m.accessTokenName}=${N}${F}; Max-Age=${m.accessTokenMaxAge}`);if(_.refreshToken.setHeadersEnabled)nn.push(`${m.refreshTokenName}=${x}${F}; Max-Age=${m.refreshTokenMaxAge}`);if(_.sessionToken.setHeadersEnabled)nn.push(`${m.sessionTokenName}=${v}${F}; Max-Age=${m.sessionTokenMaxAge}`);let cn=A.redirectUrl||r.successRedirectUrl,hn=new Headers;hn.set("Location",cn);for(let dn of nn)hn.append("Set-Cookie",dn);return new Response(null,{status:302,headers:hn})},{detail:{tags:["Authentication"],summary:"OAuth Callback",description:"Handles the OAuth provider callback, creates session and sets cookies"}}),S.get(`${u}/providers`,()=>{return{success:!0,data:{providers:r.getEnabledProviders()}}},{detail:{tags:["Authentication"],summary:"List OAuth Providers",description:"Returns the list of enabled OAuth providers"}}),S.get(`${u}/link/:provider`,async(h)=>{let E=h.params.provider;if(!r.isProviderEnabled(E))return h.set.status=404,{success:!1,message:`OAuth provider "${E}" is not enabled`};if(!r.allowAccountLinking)return h.set.status=403,{success:!1,message:"Account linking is disabled"};let W=h.request.headers.get("x-user-id");if(!W)return h.set.status=401,{success:!1,message:"Authentication required to link accounts"};let V=h.query.redirect_url,H=r.buildAuthorizationUrl(E,W,V);return h.set.status=302,h.set.headers.Location=H,null},{detail:{tags:["Authentication"],summary:"Link OAuth Account",description:"Redirects to provider to link an OAuth account to the current user"}}),S.delete(`${u}/unlink/:provider`,async(h)=>{let E=h.params.provider,W=h.request.headers.get("x-user-id");if(!W)return h.set.status=401,{success:!1,message:"Authentication required"};if(!l)return h.set.status=500,{success:!1,message:"Database not configured"};let V=n.oauthAccountsTable;if(!V)return h.set.status=500,{success:!1,message:"OAuth accounts table not configured"};if((await l.select().from(V).where(zs(Xr(V.userId,W),Xr(V.provider,E))).limit(1)).length===0)return{success:!1,message:`No linked ${E} account found`};let $=!!(await l.select().from(g).where(Xr(g.id,W)).limit(1))[0]?.password,A=await l.select().from(V).where(Xr(V.userId,W));if(!$&&A.length<=1)return h.set.status=400,{success:!1,message:"Cannot unlink the only login method. Set a password first."};return await l.delete(V).where(zs(Xr(V.userId,W),Xr(V.provider,E))),w.info("[OAUTH] Account unlinked",{userId:W,provider:E}),{success:!0,message:`${E} account unlinked successfully`}},{detail:{tags:["Authentication"],summary:"Unlink OAuth Account",description:"Removes a linked OAuth account from the current user"}}),S.get(`${u}/accounts`,async(h)=>{let E=h.request.headers.get("x-user-id");if(!E)return h.set.status=401,{success:!1,message:"Authentication required"};if(!l)return h.set.status=500,{success:!1,message:"Database not configured"};let W=n.oauthAccountsTable;if(!W)return{success:!0,data:{accounts:[]}};return{success:!0,data:{accounts:(await l.select().from(W).where(Xr(W.userId,E))).map((D)=>({id:D.id,provider:D.provider,providerEmail:D.providerEmail,providerName:D.providerName,providerAvatarUrl:D.providerAvatarUrl,isPrimary:D.isPrimary,lastUsedAt:D.lastUsedAt,createdAt:D.createdAt}))}}},{detail:{tags:["Authentication"],summary:"List Linked OAuth Accounts",description:"Returns all OAuth accounts linked to the current user"}}),S}var Y2=b(()=>{Ve();Ki()});import{t as qo}from"elysia";var X_,W8;var L_=b(()=>{X_=qo.Object({currentPassword:qo.String({minLength:1}),newPassword:qo.String({minLength:8}),confirmPassword:qo.String({minLength:8})}),W8=qo.Object({success:qo.Boolean(),message:qo.Optional(qo.String())})});function J2(n,r){return n===r}import{eq as X2}from"drizzle-orm";import{Elysia as V8}from"elysia";function Bs(n,r){let{db:t,logger:o,usersTable:c}=n,i=r.route||"/auth/password-change",a=new V8;if(!r.enabled)return a;return a.post(i,async(e)=>{if(!t||!c)return e.set.status=500,{success:!1,message:"Database not configured"};let s=e.request.headers.get("x-user-id");if(!s)return e.set.status=401,{success:!1,message:"Authentication required"};let{currentPassword:f,newPassword:d,confirmPassword:l}=e.body;if(!J2(d,l))return e.set.status=422,{success:!1,message:"New passwords do not match"};let g=(await t.select().from(c).where(X2(c.id,s)).limit(1))[0];if(!g)return e.set.status=404,{success:!1,message:"User not found"};let u=await Ue(f,g.password),m=new URL(e.request.url),_=e.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||e.request.headers.get("x-real-ip")?.trim()||"unknown",S=e.request.headers.get("user-agent")||"unknown";if(!u)return o.warn("[AUTH] Password change failed - invalid current password",{userId:s}),o.audit({entityName:"users",entityId:s,operation:"PASSWORD_CHANGE_FAILED",userId:s,summary:"Password change failed: invalid current password",ipAddress:_,userAgent:S,path:m.pathname,query:m.search}),e.set.status=400,{success:!1,message:"Current password is incorrect"};let h=await Wo(d);return await t.update(c).set({password:h,updatedAt:new Date}).where(X2(c.id,s)),o.info("[AUTH] Password change successful",{userId:s}),o.audit({entityName:"users",entityId:s,operation:"PASSWORD_CHANGE",userId:s,summary:"Password changed successfully",ipAddress:_,userAgent:S,path:m.pathname,query:m.search}),{success:!0,message:"Password changed successfully"}},{body:X_,detail:{tags:["Authentication"],summary:"Change Password",description:"Change password for authenticated user"}}),a}var Q_=b(()=>{Ve();jc();L_();L_()});import{t as qt}from"elysia";var O_,G_,Y8;var N_=b(()=>{O_=qt.Object({email:qt.String({format:"email"})}),G_=qt.Object({token:qt.String(),newPassword:qt.String({minLength:8}),confirmPassword:qt.String({minLength:8})}),Y8=qt.Object({success:qt.Boolean(),message:qt.Optional(qt.String())})});import{randomBytes as J8}from"crypto";function L2(){return J8(32).toString("hex")}function Q2(n){return new Date>n}var O2=()=>{};import{Elysia as X8}from"elysia";function Us(n,r,t,o,c,i){let{db:a,logger:e,usersTable:s}=n,f=r.route||"/auth/password-reset",d=new X8;if(!r.enabled)return d;return d.post(`${f}/request`,async(l)=>{if(!a||!s)return{success:!1,message:"Database not configured"};let{email:w}=l.body,{eq:g}=await import("drizzle-orm"),m=(await a.select().from(s).where(g(s.email,w)).limit(1))[0];if(!m)return{success:!0,message:"If email exists, reset link will be sent"};let _=L2(),S=new Date(Date.now()+3600000);if(await t(m.id,_,S),i)try{await i(w,_),e.info("[AUTH] Password reset email sent",{email:w})}catch(E){e.error("[AUTH] Failed to send password reset email",{email:w,error:E})}else e.warn("[AUTH] sendResetEmail not configured - email not sent",{email:w});e.info("[AUTH] Password reset requested",{userId:m.id,email:w});let h=new URL(l.request.url);return e.audit({entityName:"users",entityId:m.id,operation:"PASSWORD_RESET_REQUEST",userId:m.id,summary:`Password reset requested for ${w}`,ipAddress:l.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||l.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:l.request.headers.get("user-agent")||"unknown",path:h.pathname,query:h.search}),{success:!0,message:"If email exists, reset link will be sent"}},{body:O_,detail:{tags:["Authentication"],summary:"Request Password Reset",description:"Request a password reset email"}}),d.post(`${f}/confirm`,async(l)=>{if(!a||!s)return{success:!1,message:"Database not configured"};let{token:w,newPassword:g,confirmPassword:u}=l.body;if(g!==u)return{success:!1,message:"Passwords do not match"};let m=await o(w);if(!m)return{success:!1,message:"Invalid or expired reset token"};if(Q2(m.expiresAt))return await c(w),{success:!1,message:"Reset token has expired"};let _=await Wo(g),{eq:S}=await import("drizzle-orm");await a.update(s).set({password:_}).where(S(s.id,m.userId)),await c(w),e.info("[AUTH] Password reset successful",{userId:m.userId});let h=new URL(l.request.url);return e.audit({entityName:"users",entityId:m.userId,operation:"PASSWORD_RESET",userId:m.userId,summary:"Password reset completed successfully",ipAddress:l.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||l.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:l.request.headers.get("user-agent")||"unknown",path:h.pathname,query:h.search}),{success:!0,message:"Password has been reset"}},{body:G_,detail:{tags:["Authentication"],summary:"Confirm Password Reset",description:"Reset password with token"}}),d}var x_=b(()=>{jc();N_();O2();N_()});import{t as bo}from"elysia";var P_,L8;var C_=b(()=>{P_=bo.Object({newPassword:bo.String({minLength:8}),userId:bo.Optional(bo.String()),token:bo.Optional(bo.String())}),L8=bo.Object({success:bo.Boolean(),message:bo.String()})});import{eq as G2}from"drizzle-orm";import{Elysia as Q8}from"elysia";function Ws(n,r,t,o){let{db:c,logger:i,usersTable:a}=n,e=r.route||"/auth/password-set",s=new Q8;if(!r.enabled)return s;return s.post(e,async(f)=>{if(i.info("[AUTH] Password set request received"),!c||!a)return i.error("[AUTH] Password set failed - database not configured"),{success:!1,message:"Database not configured"};let{newPassword:d,userId:l,token:w}=f.body,g=l;if(w&&t&&o){let h=St(w),E=await t(h);if(!E)return i.warn("[AUTH] Password set failed - invalid token"),{success:!1,message:"Invalid or expired token"};if(new Date>E.expiresAt)return await o(h),i.warn("[AUTH] Password set failed - expired token",{email:E.email}),{success:!1,message:"Invalid or expired token"};g=E.userId,i.info("[AUTH] Password set - userId resolved from token",{userId:g,email:E.email})}if(!g)return i.warn("[AUTH] Password set failed - no userId in payload or token"),{success:!1,message:"User ID or token required"};let m=(await c.select().from(a).where(G2(a.id,g)).limit(1))[0];if(i.info("[AUTH] Password set - user found",{found:!!m,hasPassword:!!m?.password}),!m)return{success:!1,message:"User not found"};if(m.password)return i.warn("[AUTH] Password set failed - user already has password",{userId:g}),{success:!1,message:"Password already set. Use password change instead."};let _=await Wo(d);i.info("[AUTH] Password set - updating user with verifiedAt",{userId:g});let S=await c.update(a).set({password:_,verifiedAt:new Date,updatedAt:new Date}).where(G2(a.id,g));if(i.info("[AUTH] Password set successful for invited user",{userId:g,updateResult:S}),w&&o){let h=St(w);await o(h),i.info("[AUTH] Invite token consumed after password set",{userId:g})}return{success:!0,message:"Password set successfully"}},{body:P_,detail:{tags:["Authentication"],summary:"Set Password",description:"Set password for the first time (for invited users who do not have a password yet)"}}),s}var q_=b(()=>{Ki();jc();C_();C_()});function F_(n){let r=n.match(/^(\d+)([smhd])$/);if(!r)return 900;let t=r[1],o=r[2];if(!t||!o)return 900;let c=parseInt(t,10);switch(o){case"s":return c;case"m":return c*60;case"h":return c*3600;case"d":return c*86400;default:return 900}}import{t as $c}from"elysia";var O8;var N2=b(()=>{O8=$c.Object({success:$c.Boolean(),message:$c.Optional($c.String()),data:$c.Optional($c.Object({accessToken:$c.String()}))})});import{Elysia as G8}from"elysia";function Vs(n,r,t,o,c,i,a,e){let{logger:s,authentication:f}=n,d=r.route||"/auth/refresh",l=new G8;if(!r.enabled)return l;return l.post(d,async(w)=>{let g=f?.refreshToken?.name||"refresh_token",u=f?.accessToken?.name||"access_token",m=w.request.headers.get("x-refresh-token");if(!m){let x=w.request.headers.get("cookie");if(x)m=x.split(";").reduce((Q,v)=>{let[C,y]=v.trim().split("=");if(C&&y)Q[C]=y;return Q},{})[g]||null}if(!m)return w.set.status=401,{success:!1,message:"Refresh token required"};let _=t(m);if(!_.valid||!_.payload)return s.warn("[AUTH] Refresh failed - invalid token"),w.set.status=401,{success:!1,message:"Invalid refresh token"};let S=_.payload.sub,h=o(S),E=c?c(S):null,W=i?.accessToken?.setHeadersEnabled??!0,V=i?.accessToken?.returnJson??!0,H=i?.refreshToken?.setHeadersEnabled??!0,D=i?.refreshToken?.returnJson??!1,R=f?.accessToken?.expiresIn||"15m",$=Math.max(0,F_(R)-(a??0)),A=f?.refreshToken?.expiresIn||"7d",M=F_(A),z=new Headers;z.set("Content-Type","application/json");let X=e?.path||"/",O=e?.sameSite||"Strict",B=e?.secure!==!1?"; Secure":"",L=e?.domain?`; Domain=${e.domain}`:"",G=`; Path=${X}; HttpOnly; SameSite=${O}${B}${L}`;if(W)z.append("Set-Cookie",`${u}=${h}${G}; Max-Age=${$}`);if(E&&H)z.append("Set-Cookie",`${g}=${E}${G}; Max-Age=${M}`);s.info("[AUTH] Token refresh successful",{userId:S,rotatedRefreshToken:!!E});let j={};if(V)j.accessToken=h;if(E&&D)j.refreshToken=E;let N=JSON.stringify({success:!0,data:j});return new Response(N,{status:200,headers:z})},{detail:{tags:["Authentication"],summary:"Refresh Token",description:"Get new access token using refresh token"}}),l}var j_=b(()=>{N2()});import{t as qr}from"elysia";var K_,N8;var v_=b(()=>{K_=qr.Object({email:qr.String({format:"email"}),password:qr.String({minLength:8}),confirmPassword:qr.Optional(qr.String({minLength:8}))}),N8=qr.Object({success:qr.Boolean(),message:qr.Optional(qr.String()),data:qr.Optional(qr.Object({user:qr.Object({id:qr.String(),email:qr.String()})}))})});import{eq as x8}from"drizzle-orm";import{Elysia as P8}from"elysia";function Ys(n,r,t,o,c,i,a,e,s,f){let{db:d,logger:l,usersTable:w}=n,g=r.route||"/auth/register",u={accessTokenName:a?.accessTokenName||"access_token",refreshTokenName:a?.refreshTokenName||"refresh_token",sessionTokenName:a?.sessionTokenName||"session_token",accessTokenMaxAge:a?.accessTokenMaxAge||900,refreshTokenMaxAge:a?.refreshTokenMaxAge||604800,sessionTokenMaxAge:a?.sessionTokenMaxAge||900,secure:a?.secure??!0,httpOnly:a?.httpOnly??!0,sameSite:a?.sameSite||"strict",path:a?.path||"/"},m=new P8;if(!r.enabled)return m;return m.post(g,async(_)=>{if(!d||!w)return _.set.status=500,{success:!1,message:"Database not configured"};let{email:S,password:h,confirmPassword:E}=_.body;if(E&&h!==E)return _.set.status=400,{success:!1,message:"Passwords do not match"};let W=Vg(h);if(!W.valid)return _.set.status=400,{success:!1,message:"Password too weak",errors:W.errors};let V=await d.select().from(w).where(x8(w.email,S)).limit(1),H=new URL(_.request.url),D=_.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||_.request.headers.get("x-real-ip")?.trim()||"unknown",R=_.request.headers.get("user-agent")||"unknown";if(V.length>0)return l.warn("[AUTH] Registration failed - email exists",{email:S}),l.audit({entityName:"users",operation:"REGISTER_FAILED",summary:`Registration failed: email already exists (${S})`,ipAddress:D,userAgent:R,path:H.pathname,query:H.search}),_.set.status=409,{success:!1,message:"Email already registered"};let $=await Wo(h),A=r.emailVerification?.enabled&&s?.isAvailable(),M=A?De():null,z=r.emailVerification?.tokenExpiresIn||"24h",X=A?new Date(Date.now()+Fc(z)):null,O={email:S,password:$};if(A&&M)O.emailVerificationToken=M,O.emailVerificationTokenExpiresAt=X,O.emailVerificationSentAt=new Date,O.emailVerificationAttempts=1;let L=(await d.insert(w).values(O).returning())[0];if(l.info("[AUTH] Registration successful",{userId:L.id,email:S,emailVerificationEnabled:A}),l.audit({entityName:"users",entityId:L.id,operation:"REGISTER",userId:L.id,summary:`New user registered: ${S}`,ipAddress:D,userAgent:R,path:H.pathname,query:H.search}),A&&s&&M){let j=`${(r.emailVerification?.redirectUrl||"http://localhost:3000/login").replace("/login","/verify-email")}?token=${M}`;s.sendVerificationEmail(S,S.split("@")[0]||"User",j,f||"Nucleus").then((Q)=>{if(Q.success)l.info("[AUTH] Verification email sent",{email:S});else l.error("[AUTH] Failed to send verification email",{email:S,error:Q.error})}).catch((Q)=>{l.error("[AUTH] Failed to send verification email",{email:S,error:Q})});let N=r.emailVerification?.resendCooldown||"60s",x=Fc(N)/1000,I=r.emailVerification?.maxResendAttempts||3;return{success:!0,message:"Registration successful. Please check your email to verify your account.",data:{user:{id:L.id,email:L.email},emailVerificationRequired:!0,verification:{cooldownSeconds:x,canResendAt:new Date(Date.now()+x*1000).toISOString(),attemptsRemaining:I-1,maxAttempts:I}}}}if(t)t(S,S.split("@")[0]||"User").catch((G)=>{l.error("[AUTH] Failed to send welcome email",{email:S,error:G})});if(o&&c&&i){let G=_.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||_.request.headers.get("x-real-ip")?.trim()||"unknown",j=_.request.headers.get("user-agent")||"",N=o(L.id),x=c(L.id),I=await i({userId:L.id,deviceInfo:{ipAddress:G,userAgent:j},loginMethod:"register"}),Q={accessToken:{setHeadersEnabled:e?.accessToken?.setHeadersEnabled??!0,returnJson:e?.accessToken?.returnJson??!0},refreshToken:{setHeadersEnabled:e?.refreshToken?.setHeadersEnabled??!0,returnJson:e?.refreshToken?.returnJson??!0},sessionToken:{setHeadersEnabled:e?.sessionToken?.setHeadersEnabled??!0,returnJson:e?.sessionToken?.returnJson??!0}},v=u.secure?"; Secure":"",C=`; Path=${u.path}; HttpOnly; SameSite=${u.sameSite}${v}`,y=[];if(Q.accessToken.setHeadersEnabled)y.push(`${u.accessTokenName}=${N}${C}; Max-Age=${u.accessTokenMaxAge}`);if(Q.refreshToken.setHeadersEnabled)y.push(`${u.refreshTokenName}=${x}${C}; Max-Age=${u.refreshTokenMaxAge}`);if(Q.sessionToken.setHeadersEnabled)y.push(`${u.sessionTokenName}=${I}${C}; Max-Age=${u.sessionTokenMaxAge}`);let p={user:{id:L.id,email:L.email}};if(Q.accessToken.returnJson)p.accessToken=N;if(Q.refreshToken.returnJson)p.refreshToken=x;if(Q.sessionToken.returnJson)p.sessionId=I;let F=JSON.stringify({success:!0,data:p}),nn=new Headers;nn.set("Content-Type","application/json"),nn.set("x-session-id",I);for(let cn of y)nn.append("Set-Cookie",cn);return new Response(F,{status:200,headers:nn})}return{success:!0,data:{user:{id:L.id,email:L.email}}}},{body:K_,detail:{tags:["Authentication"],summary:"Register",description:"Register a new user account"}}),m}var Z_=b(()=>{v_();jc();v_()});import{t as on}from"elysia";var x2,C8,p_,I_,SF;var y_=b(()=>{x2=on.Object({id:on.String(),deviceName:on.Optional(on.String()),deviceType:on.Optional(on.String()),browserName:on.Optional(on.String()),browserVersion:on.Optional(on.String()),osName:on.Optional(on.String()),osVersion:on.Optional(on.String()),ipAddress:on.String(),locationCountry:on.Optional(on.String()),locationCity:on.Optional(on.String()),lastActivityAt:on.String(),createdAt:on.String(),isCurrent:on.Boolean(),loginMethod:on.Optional(on.String()),trustScore:on.Optional(on.Number())}),C8=on.Object({success:on.Boolean(),data:on.Optional(on.Object({sessions:on.Array(x2),currentSessionId:on.Optional(on.String()),totalCount:on.Number()})),message:on.Optional(on.String())}),p_=on.Object({reason:on.Optional(on.String())}),I_=on.Object({excludeCurrent:on.Optional(on.Boolean()),reason:on.Optional(on.String())}),SF=on.Object({success:on.Boolean(),data:on.Optional(on.Object({recentActivity:on.Array(on.Object({sessionId:on.String(),action:on.String(),ipAddress:on.String(),timestamp:on.String(),deviceInfo:on.Optional(on.String())}))})),message:on.Optional(on.String())})});function Js(n){let r=(o,c)=>n[o]??n[c],t=(o,c)=>{let i=n[o]??n[c];if(!i)return;return i instanceof Date?i.toISOString():String(i)};return{id:n.id,deviceName:r("device_name","deviceName"),deviceType:r("device_type","deviceType"),deviceFingerprint:r("device_fingerprint","deviceFingerprint"),browserName:r("browser_name","browserName"),browserVersion:r("browser_version","browserVersion"),osName:r("os_name","osName"),osVersion:r("os_version","osVersion"),ipAddress:r("ip_address","ipAddress"),locationCountry:r("location_country","locationCountry"),locationCity:r("location_city","locationCity"),lastActivityAt:t("last_activity_at","lastActivityAt"),createdAt:t("created_at","createdAt"),isCurrent:r("is_current","isCurrent"),loginMethod:r("login_method","loginMethod"),trustScore:r("trust_score","trustScore")}}var P2=()=>{};import{and as Fo,desc as C2,eq as qn,isNull as q2}from"drizzle-orm";import{Elysia as q8}from"elysia";function Xs(n,r,t){let{db:o,logger:c}=n,i=r.route||"/auth/sessions",a=new q8;if(!r.enabled||!t)return a;let e=t,s=(u)=>{let m=u.replace(/([A-Z])/g,"_$1").toLowerCase();return e[u]||e[m]};a.get(i,async(u)=>{if(!o)return{success:!1,message:"Database not configured"};let m=u.request.headers.get("x-user-id");if(!m)return{success:!1,message:"Authentication required"};let _=u.request.headers.get("x-session-id"),S=await o.select().from(t).where(Fo(qn(s("userId"),m),qn(s("isActive"),!0),q2(s("revokedAt")))).orderBy(C2(s("lastActivityAt"))),h=S.filter((W)=>{let V=W,H=(V.deviceFingerprint||"").toLowerCase(),D=V.ipAddress||"";return!((!H||H==="--"||H==="--unknown"||H.includes("bot/crawler")||H.includes("headless")||H.includes("unknown-unknown"))&&(D==="127.0.0.1"||D==="::1"||D==="localhost"||!D))}),E=h.map((W)=>{let V=W,H=Js(V);return H.isCurrent=V.id===_,H});return c.info("[AUTH] Sessions list retrieved",{userId:m,totalInDb:S.length,filteredCount:h.length,hiddenBotSessions:S.length-h.length}),{success:!0,data:{sessions:E,currentSessionId:_,totalCount:h.length}}},{detail:{tags:["Authentication"],summary:"List active sessions",description:"Get all active sessions for the current user"}}),a.get(`${i}/current`,async(u)=>{if(!o)return{success:!1,message:"Database not configured"};let m=u.request.headers.get("x-user-id"),_=u.request.headers.get("x-session-id");if(!m||!_)return{success:!1,message:"Authentication required"};let S=await o.select().from(t).where(qn(s("id"),_)).limit(1);if(S.length===0)return{success:!1,message:"Session not found"};let h=S[0],E=Js(h);return E.isCurrent=!0,{success:!0,data:E}},{detail:{tags:["Authentication"],summary:"Get current session",description:"Get details of the current session"}}),a.delete(`${i}/:sessionId`,async(u)=>{if(!o)return{success:!1,message:"Database not configured"};let m=u.request.headers.get("x-user-id");if(!m)return{success:!1,message:"Authentication required"};let{sessionId:_}=u.params,S=u.body,h=u.request.headers.get("x-session-id");if((await o.select().from(t).where(Fo(qn(s("id"),_),qn(s("userId"),m))).limit(1)).length===0)return{success:!1,message:"Session not found"};let W=_===h;await o.update(t).set({isActive:!1,revokedAt:new Date,revokedReason:W?"user_logout":S.reason||"user_revoked"}).where(qn(s("id"),_)),c.info("[AUTH] Session revoked",{userId:m,sessionId:_,isCurrentSession:W,reason:S.reason||"user_revoked"});let V=new URL(u.request.url);return c.audit({entityName:"user_sessions",entityId:_,operation:W?"LOGOUT":"SESSION_REVOKE",userId:m||void 0,summary:W?"User logged out via session revoke":`Session revoked (${_.substring(0,8)}...)`,ipAddress:u.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||u.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:u.request.headers.get("user-agent")||"unknown",path:V.pathname,query:V.search}),{success:!0,message:W?"Logged out successfully":"Session revoked successfully"}},{body:p_,detail:{tags:["Authentication"],summary:"Revoke session",description:"Revoke a specific session by ID"}}),a.delete(`${i}/all`,async(u)=>{if(!o)return{success:!1,message:"Database not configured"};let m=u.request.headers.get("x-user-id");if(!m)return{success:!1,message:"Authentication required"};let _=u.body,S=u.request.headers.get("x-session-id"),h=o.update(t).set({isActive:!1,revokedAt:new Date,revokedReason:_.reason||"user_revoked"}).where(Fo(qn(s("userId"),m),qn(s("isActive"),!0)));if(_.excludeCurrent&&S){let{ne:W}=await import("drizzle-orm");h=o.update(t).set({isActive:!1,revokedAt:new Date,revokedReason:_.reason||"user_revoked"}).where(Fo(qn(s("userId"),m),qn(s("isActive"),!0),W(s("id"),S)))}await h,c.info("[AUTH] All sessions revoked",{userId:m,excludeCurrent:_.excludeCurrent,reason:_.reason||"user_revoked"});let E=new URL(u.request.url);return c.audit({entityName:"user_sessions",operation:"SESSION_REVOKE_ALL",userId:m||void 0,summary:_.excludeCurrent?"All other sessions revoked":"All sessions revoked",ipAddress:u.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||u.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:u.request.headers.get("user-agent")||"unknown",path:E.pathname,query:E.search}),{success:!0,message:_.excludeCurrent?"All other sessions revoked successfully":"All sessions revoked successfully"}},{body:I_,detail:{tags:["Authentication"],summary:"Revoke all sessions",description:"Revoke all sessions for the current user (optionally exclude current)"}}),a.get(`${i}/stats`,async(u)=>{if(!o)return{success:!1,message:"Database not configured"};let m=u.request.headers.get("x-user-id");if(!m)return{success:!1,message:"Authentication required"};let{count:_,countDistinct:S}=await import("drizzle-orm"),h=await o.select({count:_()}).from(t).where(Fo(qn(s("userId"),m),qn(s("isActive"),!0),q2(s("revokedAt")))),E=await o.select({count:S(s("deviceFingerprint"))}).from(t).where(Fo(qn(s("userId"),m),qn(s("isActive"),!0))),W=await o.select({count:S(s("ipAddress"))}).from(t).where(Fo(qn(s("userId"),m),qn(s("isActive"),!0)));return{success:!0,data:{activeSessions:h[0]?.count||0,uniqueDevices:E[0]?.count||0,uniqueIpAddresses:W[0]?.count||0}}},{detail:{tags:["Authentication"],summary:"Session statistics",description:"Get session statistics for the current user"}});let f=86400000,d=(u,m,_)=>{let S=m?u==="approve"?"\u2705":"\uD83D\uDEAB":"\u274C",h=m?u==="approve"?"Device Approved":"Device Rejected":"Action Failed",E=r.brandName||"Nucleus";return`<!DOCTYPE html>
+							`}),w.info("[OAUTH] Invite email sent to new OAuth user",{userId:B,email:z.email,provider:E})}catch(ln){w.warn("[OAUTH] Failed to send invite email",{userId:B,error:ln})}}await l.update(g).set({lastLoginAt:new Date}).where(Xr(g.id,B));let W=h.request.headers.get("cf-connecting-ip")?.trim()||h.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||h.request.headers.get("x-real-ip")?.trim()||"127.0.0.1",G=h.request.headers.get("user-agent")||"Unknown Browser",j=We(G,W),N=t(B),x=o(B),I=h.request.headers.get("origin")||h.request.headers.get("referer")?.replace(/\/[^/]*$/,"")||void 0,Q={userId:B,deviceInfo:j,loginMethod:`oauth:${E}`,rememberMe:!0,requestOrigin:I},v=await c(Q),C=!1;if(i){if((await i(v,Q))?.requiresApproval)C=!0}if(C){w.info("[OAUTH] Login requires device approval",{userId:B,provider:E});let dn=A.redirectUrl||r.successRedirectUrl;return h.set.status=302,h.set.headers.Location=`${dn}?requires_approval=true&provider=${E}`,null}await w.audit({entityName:"users",entityId:B,operation:"LOGIN",userId:B,summary:`${z.email??z.providerAccountId} logged in via OAuth (${E})`,ipAddress:W,userAgent:G,path:`${u}/${E}/callback`,query:""});let y=m.secure?"; Secure":"",p=m.domain?`; Domain=${m.domain}`:"",F=`; Path=${m.path}; HttpOnly; SameSite=${m.sameSite}${y}${p}`,nn=[];if(_.accessToken.setHeadersEnabled)nn.push(`${m.accessTokenName}=${N}${F}; Max-Age=${m.accessTokenMaxAge}`);if(_.refreshToken.setHeadersEnabled)nn.push(`${m.refreshTokenName}=${x}${F}; Max-Age=${m.refreshTokenMaxAge}`);if(_.sessionToken.setHeadersEnabled)nn.push(`${m.sessionTokenName}=${v}${F}; Max-Age=${m.sessionTokenMaxAge}`);let cn=A.redirectUrl||r.successRedirectUrl,hn=new Headers;hn.set("Location",cn);for(let dn of nn)hn.append("Set-Cookie",dn);return new Response(null,{status:302,headers:hn})},{detail:{tags:["Authentication"],summary:"OAuth Callback",description:"Handles the OAuth provider callback, creates session and sets cookies"}}),S.get(`${u}/providers`,()=>{return{success:!0,data:{providers:r.getEnabledProviders()}}},{detail:{tags:["Authentication"],summary:"List OAuth Providers",description:"Returns the list of enabled OAuth providers"}}),S.get(`${u}/link/:provider`,async(h)=>{let E=h.params.provider;if(!r.isProviderEnabled(E))return h.set.status=404,{success:!1,message:`OAuth provider "${E}" is not enabled`};if(!r.allowAccountLinking)return h.set.status=403,{success:!1,message:"Account linking is disabled"};let V=h.request.headers.get("x-user-id");if(!V)return h.set.status=401,{success:!1,message:"Authentication required to link accounts"};let Y=h.query.redirect_url,H=r.buildAuthorizationUrl(E,V,Y);return h.set.status=302,h.set.headers.Location=H,null},{detail:{tags:["Authentication"],summary:"Link OAuth Account",description:"Redirects to provider to link an OAuth account to the current user"}}),S.delete(`${u}/unlink/:provider`,async(h)=>{let E=h.params.provider,V=h.request.headers.get("x-user-id");if(!V)return h.set.status=401,{success:!1,message:"Authentication required"};if(!l)return h.set.status=500,{success:!1,message:"Database not configured"};let Y=n.oauthAccountsTable;if(!Y)return h.set.status=500,{success:!1,message:"OAuth accounts table not configured"};if((await l.select().from(Y).where(zs(Xr(Y.userId,V),Xr(Y.provider,E))).limit(1)).length===0)return{success:!1,message:`No linked ${E} account found`};let $=!!(await l.select().from(g).where(Xr(g.id,V)).limit(1))[0]?.password,A=await l.select().from(Y).where(Xr(Y.userId,V));if(!$&&A.length<=1)return h.set.status=400,{success:!1,message:"Cannot unlink the only login method. Set a password first."};return await l.delete(Y).where(zs(Xr(Y.userId,V),Xr(Y.provider,E))),w.info("[OAUTH] Account unlinked",{userId:V,provider:E}),{success:!0,message:`${E} account unlinked successfully`}},{detail:{tags:["Authentication"],summary:"Unlink OAuth Account",description:"Removes a linked OAuth account from the current user"}}),S.get(`${u}/accounts`,async(h)=>{let E=h.request.headers.get("x-user-id");if(!E)return h.set.status=401,{success:!1,message:"Authentication required"};if(!l)return h.set.status=500,{success:!1,message:"Database not configured"};let V=n.oauthAccountsTable;if(!V)return{success:!0,data:{accounts:[]}};return{success:!0,data:{accounts:(await l.select().from(V).where(Xr(V.userId,E))).map((D)=>({id:D.id,provider:D.provider,providerEmail:D.providerEmail,providerName:D.providerName,providerAvatarUrl:D.providerAvatarUrl,isPrimary:D.isPrimary,lastUsedAt:D.lastUsedAt,createdAt:D.createdAt}))}}},{detail:{tags:["Authentication"],summary:"List Linked OAuth Accounts",description:"Returns all OAuth accounts linked to the current user"}}),S}var Y2=b(()=>{Ve();Ki()});import{t as qo}from"elysia";var X_,W8;var L_=b(()=>{X_=qo.Object({currentPassword:qo.String({minLength:1}),newPassword:qo.String({minLength:8}),confirmPassword:qo.String({minLength:8})}),W8=qo.Object({success:qo.Boolean(),message:qo.Optional(qo.String())})});function J2(n,r){return n===r}import{eq as X2}from"drizzle-orm";import{Elysia as V8}from"elysia";function Bs(n,r){let{db:t,logger:o,usersTable:c}=n,i=r.route||"/auth/password-change",a=new V8;if(!r.enabled)return a;return a.post(i,async(e)=>{if(!t||!c)return e.set.status=500,{success:!1,message:"Database not configured"};let s=e.request.headers.get("x-user-id");if(!s)return e.set.status=401,{success:!1,message:"Authentication required"};let{currentPassword:f,newPassword:d,confirmPassword:l}=e.body;if(!J2(d,l))return e.set.status=422,{success:!1,message:"New passwords do not match"};let g=(await t.select().from(c).where(X2(c.id,s)).limit(1))[0];if(!g)return e.set.status=404,{success:!1,message:"User not found"};let u=await Ue(f,g.password),m=new URL(e.request.url),_=e.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||e.request.headers.get("x-real-ip")?.trim()||"unknown",S=e.request.headers.get("user-agent")||"unknown";if(!u)return o.warn("[AUTH] Password change failed - invalid current password",{userId:s}),o.audit({entityName:"users",entityId:s,operation:"PASSWORD_CHANGE_FAILED",userId:s,summary:"Password change failed: invalid current password",ipAddress:_,userAgent:S,path:m.pathname,query:m.search}),e.set.status=400,{success:!1,message:"Current password is incorrect"};let h=await Wo(d);return await t.update(c).set({password:h,updatedAt:new Date}).where(X2(c.id,s)),o.info("[AUTH] Password change successful",{userId:s}),o.audit({entityName:"users",entityId:s,operation:"PASSWORD_CHANGE",userId:s,summary:"Password changed successfully",ipAddress:_,userAgent:S,path:m.pathname,query:m.search}),{success:!0,message:"Password changed successfully"}},{body:X_,detail:{tags:["Authentication"],summary:"Change Password",description:"Change password for authenticated user"}}),a}var Q_=b(()=>{Ve();jc();L_();L_()});import{t as qt}from"elysia";var O_,G_,Y8;var N_=b(()=>{O_=qt.Object({email:qt.String({format:"email"})}),G_=qt.Object({token:qt.String(),newPassword:qt.String({minLength:8}),confirmPassword:qt.String({minLength:8})}),Y8=qt.Object({success:qt.Boolean(),message:qt.Optional(qt.String())})});import{randomBytes as J8}from"crypto";function L2(){return J8(32).toString("hex")}function Q2(n){return new Date>n}var O2=()=>{};import{Elysia as X8}from"elysia";function Us(n,r,t,o,c,i){let{db:a,logger:e,usersTable:s}=n,f=r.route||"/auth/password-reset",d=new X8;if(!r.enabled)return d;return d.post(`${f}/request`,async(l)=>{if(!a||!s)return{success:!1,message:"Database not configured"};let{email:w}=l.body,{eq:g}=await import("drizzle-orm"),m=(await a.select().from(s).where(g(s.email,w)).limit(1))[0];if(!m)return{success:!0,message:"If email exists, reset link will be sent"};let _=L2(),S=new Date(Date.now()+3600000);if(await t(m.id,_,S),i)try{await i(w,_),e.info("[AUTH] Password reset email sent",{email:w})}catch(E){e.error("[AUTH] Failed to send password reset email",{email:w,error:E})}else e.warn("[AUTH] sendResetEmail not configured - email not sent",{email:w});e.info("[AUTH] Password reset requested",{userId:m.id,email:w});let h=new URL(l.request.url);return e.audit({entityName:"users",entityId:m.id,operation:"PASSWORD_RESET_REQUEST",userId:m.id,summary:`Password reset requested for ${w}`,ipAddress:l.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||l.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:l.request.headers.get("user-agent")||"unknown",path:h.pathname,query:h.search}),{success:!0,message:"If email exists, reset link will be sent"}},{body:O_,detail:{tags:["Authentication"],summary:"Request Password Reset",description:"Request a password reset email"}}),d.post(`${f}/confirm`,async(l)=>{if(!a||!s)return{success:!1,message:"Database not configured"};let{token:w,newPassword:g,confirmPassword:u}=l.body;if(g!==u)return{success:!1,message:"Passwords do not match"};let m=await o(w);if(!m)return{success:!1,message:"Invalid or expired reset token"};if(Q2(m.expiresAt))return await c(w),{success:!1,message:"Reset token has expired"};let _=await Wo(g),{eq:S}=await import("drizzle-orm");await a.update(s).set({password:_}).where(S(s.id,m.userId)),await c(w),e.info("[AUTH] Password reset successful",{userId:m.userId});let h=new URL(l.request.url);return e.audit({entityName:"users",entityId:m.userId,operation:"PASSWORD_RESET",userId:m.userId,summary:"Password reset completed successfully",ipAddress:l.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||l.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:l.request.headers.get("user-agent")||"unknown",path:h.pathname,query:h.search}),{success:!0,message:"Password has been reset"}},{body:G_,detail:{tags:["Authentication"],summary:"Confirm Password Reset",description:"Reset password with token"}}),d}var x_=b(()=>{jc();N_();O2();N_()});import{t as bo}from"elysia";var P_,L8;var C_=b(()=>{P_=bo.Object({newPassword:bo.String({minLength:8}),userId:bo.Optional(bo.String()),token:bo.Optional(bo.String())}),L8=bo.Object({success:bo.Boolean(),message:bo.String()})});import{eq as G2}from"drizzle-orm";import{Elysia as Q8}from"elysia";function Ws(n,r,t,o){let{db:c,logger:i,usersTable:a}=n,e=r.route||"/auth/password-set",s=new Q8;if(!r.enabled)return s;return s.post(e,async(f)=>{if(i.info("[AUTH] Password set request received"),!c||!a)return i.error("[AUTH] Password set failed - database not configured"),{success:!1,message:"Database not configured"};let{newPassword:d,userId:l,token:w}=f.body,g=l;if(w&&t&&o){let h=St(w),E=await t(h);if(!E)return i.warn("[AUTH] Password set failed - invalid token"),{success:!1,message:"Invalid or expired token"};if(new Date>E.expiresAt)return await o(h),i.warn("[AUTH] Password set failed - expired token",{email:E.email}),{success:!1,message:"Invalid or expired token"};g=E.userId,i.info("[AUTH] Password set - userId resolved from token",{userId:g,email:E.email})}if(!g)return i.warn("[AUTH] Password set failed - no userId in payload or token"),{success:!1,message:"User ID or token required"};let m=(await c.select().from(a).where(G2(a.id,g)).limit(1))[0];if(i.info("[AUTH] Password set - user found",{found:!!m,hasPassword:!!m?.password}),!m)return{success:!1,message:"User not found"};if(m.password)return i.warn("[AUTH] Password set failed - user already has password",{userId:g}),{success:!1,message:"Password already set. Use password change instead."};let _=await Wo(d);i.info("[AUTH] Password set - updating user with verifiedAt",{userId:g});let S=await c.update(a).set({password:_,verifiedAt:new Date,updatedAt:new Date}).where(G2(a.id,g));if(i.info("[AUTH] Password set successful for invited user",{userId:g,updateResult:S}),w&&o){let h=St(w);await o(h),i.info("[AUTH] Invite token consumed after password set",{userId:g})}return{success:!0,message:"Password set successfully"}},{body:P_,detail:{tags:["Authentication"],summary:"Set Password",description:"Set password for the first time (for invited users who do not have a password yet)"}}),s}var q_=b(()=>{Ki();jc();C_();C_()});function F_(n){let r=n.match(/^(\d+)([smhd])$/);if(!r)return 900;let t=r[1],o=r[2];if(!t||!o)return 900;let c=parseInt(t,10);switch(o){case"s":return c;case"m":return c*60;case"h":return c*3600;case"d":return c*86400;default:return 900}}import{t as $c}from"elysia";var O8;var N2=b(()=>{O8=$c.Object({success:$c.Boolean(),message:$c.Optional($c.String()),data:$c.Optional($c.Object({accessToken:$c.String()}))})});import{Elysia as G8}from"elysia";function Vs(n,r,t,o,c,i,a,e){let{logger:s,authentication:f}=n,d=r.route||"/auth/refresh",l=new G8;if(!r.enabled)return l;return l.post(d,async(w)=>{let g=f?.refreshToken?.name||"refresh_token",u=f?.accessToken?.name||"access_token",m=w.request.headers.get("x-refresh-token");if(!m){let x=w.request.headers.get("cookie");if(x)m=x.split(";").reduce((Q,v)=>{let[C,y]=v.trim().split("=");if(C&&y)Q[C]=y;return Q},{})[g]||null}if(!m)return w.set.status=401,{success:!1,message:"Refresh token required"};let _=t(m);if(!_.valid||!_.payload)return s.warn("[AUTH] Refresh failed - invalid token"),w.set.status=401,{success:!1,message:"Invalid refresh token"};let S=_.payload.sub,h=o(S),E=c?c(S):null,V=i?.accessToken?.setHeadersEnabled??!0,Y=i?.accessToken?.returnJson??!0,H=i?.refreshToken?.setHeadersEnabled??!0,D=i?.refreshToken?.returnJson??!1,R=f?.accessToken?.expiresIn||"15m",$=Math.max(0,F_(R)-(a??0)),A=f?.refreshToken?.expiresIn||"7d",M=F_(A),z=new Headers;z.set("Content-Type","application/json");let L=e?.path||"/",O=e?.sameSite||"Strict",B=e?.secure!==!1?"; Secure":"",W=e?.domain?`; Domain=${e.domain}`:"",G=`; Path=${L}; HttpOnly; SameSite=${O}${B}${W}`;if(V)z.append("Set-Cookie",`${u}=${h}${G}; Max-Age=${$}`);if(E&&H)z.append("Set-Cookie",`${g}=${E}${G}; Max-Age=${M}`);s.info("[AUTH] Token refresh successful",{userId:S,rotatedRefreshToken:!!E});let j={};if(Y)j.accessToken=h;if(E&&D)j.refreshToken=E;let N=JSON.stringify({success:!0,data:j});return new Response(N,{status:200,headers:z})},{detail:{tags:["Authentication"],summary:"Refresh Token",description:"Get new access token using refresh token"}}),l}var j_=b(()=>{N2()});import{t as qr}from"elysia";var K_,N8;var v_=b(()=>{K_=qr.Object({email:qr.String({format:"email"}),password:qr.String({minLength:8}),confirmPassword:qr.Optional(qr.String({minLength:8}))}),N8=qr.Object({success:qr.Boolean(),message:qr.Optional(qr.String()),data:qr.Optional(qr.Object({user:qr.Object({id:qr.String(),email:qr.String()})}))})});import{eq as x8}from"drizzle-orm";import{Elysia as P8}from"elysia";function Ys(n,r,t,o,c,i,a,e,s,f){let{db:d,logger:l,usersTable:w}=n,g=r.route||"/auth/register",u={accessTokenName:a?.accessTokenName||"access_token",refreshTokenName:a?.refreshTokenName||"refresh_token",sessionTokenName:a?.sessionTokenName||"session_token",accessTokenMaxAge:a?.accessTokenMaxAge||900,refreshTokenMaxAge:a?.refreshTokenMaxAge||604800,sessionTokenMaxAge:a?.sessionTokenMaxAge||900,secure:a?.secure??!0,httpOnly:a?.httpOnly??!0,sameSite:a?.sameSite||"strict",path:a?.path||"/"},m=new P8;if(!r.enabled)return m;return m.post(g,async(_)=>{if(!d||!w)return _.set.status=500,{success:!1,message:"Database not configured"};let{email:S,password:h,confirmPassword:E}=_.body;if(E&&h!==E)return _.set.status=400,{success:!1,message:"Passwords do not match"};let V=Vg(h);if(!V.valid)return _.set.status=400,{success:!1,message:"Password too weak",errors:V.errors};let Y=await d.select().from(w).where(x8(w.email,S)).limit(1),H=new URL(_.request.url),D=_.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||_.request.headers.get("x-real-ip")?.trim()||"unknown",R=_.request.headers.get("user-agent")||"unknown";if(Y.length>0)return l.warn("[AUTH] Registration failed - email exists",{email:S}),l.audit({entityName:"users",operation:"REGISTER_FAILED",summary:`Registration failed: email already exists (${S})`,ipAddress:D,userAgent:R,path:H.pathname,query:H.search}),_.set.status=409,{success:!1,message:"Email already registered"};let $=await Wo(h),A=r.emailVerification?.enabled&&s?.isAvailable(),M=A?De():null,z=r.emailVerification?.tokenExpiresIn||"24h",L=A?new Date(Date.now()+Fc(z)):null,O={email:S,password:$};if(A&&M)O.emailVerificationToken=M,O.emailVerificationTokenExpiresAt=L,O.emailVerificationSentAt=new Date,O.emailVerificationAttempts=1;let W=(await d.insert(w).values(O).returning())[0];if(l.info("[AUTH] Registration successful",{userId:W.id,email:S,emailVerificationEnabled:A}),l.audit({entityName:"users",entityId:W.id,operation:"REGISTER",userId:W.id,summary:`New user registered: ${S}`,ipAddress:D,userAgent:R,path:H.pathname,query:H.search}),A&&s&&M){let j=`${(r.emailVerification?.redirectUrl||"http://localhost:3000/login").replace("/login","/verify-email")}?token=${M}`;s.sendVerificationEmail(S,S.split("@")[0]||"User",j,f||"Nucleus").then((Q)=>{if(Q.success)l.info("[AUTH] Verification email sent",{email:S});else l.error("[AUTH] Failed to send verification email",{email:S,error:Q.error})}).catch((Q)=>{l.error("[AUTH] Failed to send verification email",{email:S,error:Q})});let N=r.emailVerification?.resendCooldown||"60s",x=Fc(N)/1000,I=r.emailVerification?.maxResendAttempts||3;return{success:!0,message:"Registration successful. Please check your email to verify your account.",data:{user:{id:W.id,email:W.email},emailVerificationRequired:!0,verification:{cooldownSeconds:x,canResendAt:new Date(Date.now()+x*1000).toISOString(),attemptsRemaining:I-1,maxAttempts:I}}}}if(t)t(S,S.split("@")[0]||"User").catch((G)=>{l.error("[AUTH] Failed to send welcome email",{email:S,error:G})});if(o&&c&&i){let G=_.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||_.request.headers.get("x-real-ip")?.trim()||"unknown",j=_.request.headers.get("user-agent")||"",N=o(W.id),x=c(W.id),I=await i({userId:W.id,deviceInfo:{ipAddress:G,userAgent:j},loginMethod:"register"}),Q={accessToken:{setHeadersEnabled:e?.accessToken?.setHeadersEnabled??!0,returnJson:e?.accessToken?.returnJson??!0},refreshToken:{setHeadersEnabled:e?.refreshToken?.setHeadersEnabled??!0,returnJson:e?.refreshToken?.returnJson??!0},sessionToken:{setHeadersEnabled:e?.sessionToken?.setHeadersEnabled??!0,returnJson:e?.sessionToken?.returnJson??!0}},v=u.secure?"; Secure":"",C=`; Path=${u.path}; HttpOnly; SameSite=${u.sameSite}${v}`,y=[];if(Q.accessToken.setHeadersEnabled)y.push(`${u.accessTokenName}=${N}${C}; Max-Age=${u.accessTokenMaxAge}`);if(Q.refreshToken.setHeadersEnabled)y.push(`${u.refreshTokenName}=${x}${C}; Max-Age=${u.refreshTokenMaxAge}`);if(Q.sessionToken.setHeadersEnabled)y.push(`${u.sessionTokenName}=${I}${C}; Max-Age=${u.sessionTokenMaxAge}`);let p={user:{id:W.id,email:W.email}};if(Q.accessToken.returnJson)p.accessToken=N;if(Q.refreshToken.returnJson)p.refreshToken=x;if(Q.sessionToken.returnJson)p.sessionId=I;let F=JSON.stringify({success:!0,data:p}),nn=new Headers;nn.set("Content-Type","application/json"),nn.set("x-session-id",I);for(let cn of y)nn.append("Set-Cookie",cn);return new Response(F,{status:200,headers:nn})}return{success:!0,data:{user:{id:W.id,email:W.email}}}},{body:K_,detail:{tags:["Authentication"],summary:"Register",description:"Register a new user account"}}),m}var Z_=b(()=>{v_();jc();v_()});import{t as on}from"elysia";var x2,C8,p_,I_,SF;var y_=b(()=>{x2=on.Object({id:on.String(),deviceName:on.Optional(on.String()),deviceType:on.Optional(on.String()),browserName:on.Optional(on.String()),browserVersion:on.Optional(on.String()),osName:on.Optional(on.String()),osVersion:on.Optional(on.String()),ipAddress:on.String(),locationCountry:on.Optional(on.String()),locationCity:on.Optional(on.String()),lastActivityAt:on.String(),createdAt:on.String(),isCurrent:on.Boolean(),loginMethod:on.Optional(on.String()),trustScore:on.Optional(on.Number())}),C8=on.Object({success:on.Boolean(),data:on.Optional(on.Object({sessions:on.Array(x2),currentSessionId:on.Optional(on.String()),totalCount:on.Number()})),message:on.Optional(on.String())}),p_=on.Object({reason:on.Optional(on.String())}),I_=on.Object({excludeCurrent:on.Optional(on.Boolean()),reason:on.Optional(on.String())}),SF=on.Object({success:on.Boolean(),data:on.Optional(on.Object({recentActivity:on.Array(on.Object({sessionId:on.String(),action:on.String(),ipAddress:on.String(),timestamp:on.String(),deviceInfo:on.Optional(on.String())}))})),message:on.Optional(on.String())})});function Js(n){let r=(o,c)=>n[o]??n[c],t=(o,c)=>{let i=n[o]??n[c];if(!i)return;return i instanceof Date?i.toISOString():String(i)};return{id:n.id,deviceName:r("device_name","deviceName"),deviceType:r("device_type","deviceType"),deviceFingerprint:r("device_fingerprint","deviceFingerprint"),browserName:r("browser_name","browserName"),browserVersion:r("browser_version","browserVersion"),osName:r("os_name","osName"),osVersion:r("os_version","osVersion"),ipAddress:r("ip_address","ipAddress"),locationCountry:r("location_country","locationCountry"),locationCity:r("location_city","locationCity"),lastActivityAt:t("last_activity_at","lastActivityAt"),createdAt:t("created_at","createdAt"),isCurrent:r("is_current","isCurrent"),loginMethod:r("login_method","loginMethod"),trustScore:r("trust_score","trustScore")}}var P2=()=>{};import{and as Fo,desc as C2,eq as qn,isNull as q2}from"drizzle-orm";import{Elysia as q8}from"elysia";function Xs(n,r,t){let{db:o,logger:c}=n,i=r.route||"/auth/sessions",a=new q8;if(!r.enabled||!t)return a;let e=t,s=(u)=>{let m=u.replace(/([A-Z])/g,"_$1").toLowerCase();return e[u]||e[m]};a.get(i,async(u)=>{if(!o)return{success:!1,message:"Database not configured"};let m=u.request.headers.get("x-user-id");if(!m)return{success:!1,message:"Authentication required"};let _=u.request.headers.get("x-session-id"),S=await o.select().from(t).where(Fo(qn(s("userId"),m),qn(s("isActive"),!0),q2(s("revokedAt")))).orderBy(C2(s("lastActivityAt"))),h=S.filter((V)=>{let Y=V,H=(Y.deviceFingerprint||"").toLowerCase(),D=Y.ipAddress||"";return!((!H||H==="--"||H==="--unknown"||H.includes("bot/crawler")||H.includes("headless")||H.includes("unknown-unknown"))&&(D==="127.0.0.1"||D==="::1"||D==="localhost"||!D))}),E=h.map((V)=>{let Y=V,H=Js(Y);return H.isCurrent=Y.id===_,H});return c.info("[AUTH] Sessions list retrieved",{userId:m,totalInDb:S.length,filteredCount:h.length,hiddenBotSessions:S.length-h.length}),{success:!0,data:{sessions:E,currentSessionId:_,totalCount:h.length}}},{detail:{tags:["Authentication"],summary:"List active sessions",description:"Get all active sessions for the current user"}}),a.get(`${i}/current`,async(u)=>{if(!o)return{success:!1,message:"Database not configured"};let m=u.request.headers.get("x-user-id"),_=u.request.headers.get("x-session-id");if(!m||!_)return{success:!1,message:"Authentication required"};let S=await o.select().from(t).where(qn(s("id"),_)).limit(1);if(S.length===0)return{success:!1,message:"Session not found"};let h=S[0],E=Js(h);return E.isCurrent=!0,{success:!0,data:E}},{detail:{tags:["Authentication"],summary:"Get current session",description:"Get details of the current session"}}),a.delete(`${i}/:sessionId`,async(u)=>{if(!o)return{success:!1,message:"Database not configured"};let m=u.request.headers.get("x-user-id");if(!m)return{success:!1,message:"Authentication required"};let{sessionId:_}=u.params,S=u.body,h=u.request.headers.get("x-session-id");if((await o.select().from(t).where(Fo(qn(s("id"),_),qn(s("userId"),m))).limit(1)).length===0)return{success:!1,message:"Session not found"};let V=_===h;await o.update(t).set({isActive:!1,revokedAt:new Date,revokedReason:V?"user_logout":S.reason||"user_revoked"}).where(qn(s("id"),_)),c.info("[AUTH] Session revoked",{userId:m,sessionId:_,isCurrentSession:V,reason:S.reason||"user_revoked"});let Y=new URL(u.request.url);return c.audit({entityName:"user_sessions",entityId:_,operation:V?"LOGOUT":"SESSION_REVOKE",userId:m||void 0,summary:V?"User logged out via session revoke":`Session revoked (${_.substring(0,8)}...)`,ipAddress:u.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||u.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:u.request.headers.get("user-agent")||"unknown",path:Y.pathname,query:Y.search}),{success:!0,message:V?"Logged out successfully":"Session revoked successfully"}},{body:p_,detail:{tags:["Authentication"],summary:"Revoke session",description:"Revoke a specific session by ID"}}),a.delete(`${i}/all`,async(u)=>{if(!o)return{success:!1,message:"Database not configured"};let m=u.request.headers.get("x-user-id");if(!m)return{success:!1,message:"Authentication required"};let _=u.body,S=u.request.headers.get("x-session-id"),h=o.update(t).set({isActive:!1,revokedAt:new Date,revokedReason:_.reason||"user_revoked"}).where(Fo(qn(s("userId"),m),qn(s("isActive"),!0)));if(_.excludeCurrent&&S){let{ne:V}=await import("drizzle-orm");h=o.update(t).set({isActive:!1,revokedAt:new Date,revokedReason:_.reason||"user_revoked"}).where(Fo(qn(s("userId"),m),qn(s("isActive"),!0),V(s("id"),S)))}await h,c.info("[AUTH] All sessions revoked",{userId:m,excludeCurrent:_.excludeCurrent,reason:_.reason||"user_revoked"});let E=new URL(u.request.url);return c.audit({entityName:"user_sessions",operation:"SESSION_REVOKE_ALL",userId:m||void 0,summary:_.excludeCurrent?"All other sessions revoked":"All sessions revoked",ipAddress:u.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||u.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:u.request.headers.get("user-agent")||"unknown",path:E.pathname,query:E.search}),{success:!0,message:_.excludeCurrent?"All other sessions revoked successfully":"All sessions revoked successfully"}},{body:I_,detail:{tags:["Authentication"],summary:"Revoke all sessions",description:"Revoke all sessions for the current user (optionally exclude current)"}}),a.get(`${i}/stats`,async(u)=>{if(!o)return{success:!1,message:"Database not configured"};let m=u.request.headers.get("x-user-id");if(!m)return{success:!1,message:"Authentication required"};let{count:_,countDistinct:S}=await import("drizzle-orm"),h=await o.select({count:_()}).from(t).where(Fo(qn(s("userId"),m),qn(s("isActive"),!0),q2(s("revokedAt")))),E=await o.select({count:S(s("deviceFingerprint"))}).from(t).where(Fo(qn(s("userId"),m),qn(s("isActive"),!0))),V=await o.select({count:S(s("ipAddress"))}).from(t).where(Fo(qn(s("userId"),m),qn(s("isActive"),!0)));return{success:!0,data:{activeSessions:h[0]?.count||0,uniqueDevices:E[0]?.count||0,uniqueIpAddresses:V[0]?.count||0}}},{detail:{tags:["Authentication"],summary:"Session statistics",description:"Get session statistics for the current user"}});let f=86400000,d=(u,m,_)=>{let S=m?u==="approve"?"\u2705":"\uD83D\uDEAB":"\u274C",h=m?u==="approve"?"Device Approved":"Device Rejected":"Action Failed",E=r.brandName||"Nucleus";return`<!DOCTYPE html>
 <html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1.0">
 <title>${h} \u2014 ${E}</title>
 <style>*{box-sizing:border-box}body{margin:0;padding:0;background-color:#f4f4f5;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;}</style>
@@ -123,7 +123,7 @@ var p2=Object.create;var{getPrototypeOf:I2,defineProperty:hi,getOwnPropertyNames
 </table>
 </td></tr>
 </table>
-</body></html>`},l=async(u)=>{if((u.request.headers.get("content-type")||"").includes("application/x-www-form-urlencoded")){let S=await u.request.clone().text();return{token:new URLSearchParams(S).get("token"),isFormSubmission:!0}}return{token:u.body?.token||null,isFormSubmission:!1}};a.post(`${i}/approve`,async(u)=>{if(!o)return{success:!1,message:"Database not configured"};let{token:m,isFormSubmission:_}=await l(u);if(!m){if(_)return new Response(d("approve",!1,"Token is required"),{status:400,headers:{"Content-Type":"text/html; charset=utf-8"}});return{success:!1,message:"Token is required"}}let S=await o.select().from(t).where(qn(s("approvalToken"),m)).limit(1);if(S.length===0){if(_)return new Response(d("approve",!1,"This approval link is invalid or has already been used."),{status:404,headers:{"Content-Type":"text/html; charset=utf-8"}});return{success:!1,message:"Invalid or expired approval token"}}let h=S[0];if(h.approvalStatus!=="pending"){if(_)return new Response(d("approve",!0,"This device has already been processed."),{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}});return{success:!1,message:"Session already processed"}}let E=h.approvalRequestedAt||h.approval_requested_at;if(E){let W=new Date(E).getTime();if(Date.now()-W>f){await o.update(t).set({approvalStatus:"rejected",isActive:!1,revokedAt:new Date,revokedReason:"approval_token_expired",approvalRespondedAt:new Date,approvalToken:null}).where(qn(s("id"),h.id)),c.info("[AUTH] Approval token expired",{sessionId:h.id});let V="This approval link has expired (24h limit). Please log in again.";if(_)return new Response(d("approve",!1,V),{status:410,headers:{"Content-Type":"text/html; charset=utf-8"}});return{success:!1,message:V}}}if(await o.update(t).set({approvalStatus:"approved",isActive:!0,approvalRespondedAt:new Date,approvalToken:null}).where(qn(s("id"),h.id)),c.info("[AUTH] Device approved",{sessionId:h.id,userId:h.userId}),_)return new Response(d("approve",!0,"The device has been approved and can now access the account."),{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}});return{success:!0,message:"Device approved successfully"}},{detail:{tags:["Authentication"],summary:"Approve pending device",description:"Approve a pending device login request"}}),a.post(`${i}/reject`,async(u)=>{if(!o)return{success:!1,message:"Database not configured"};let{token:m,isFormSubmission:_}=await l(u);if(!m){if(_)return new Response(d("reject",!1,"Token is required"),{status:400,headers:{"Content-Type":"text/html; charset=utf-8"}});return{success:!1,message:"Token is required"}}let S=await o.select().from(t).where(qn(s("approvalToken"),m)).limit(1);if(S.length===0){if(_)return new Response(d("reject",!1,"This approval link is invalid or has already been used."),{status:404,headers:{"Content-Type":"text/html; charset=utf-8"}});return{success:!1,message:"Invalid or expired approval token"}}let h=S[0];if(h.approvalStatus!=="pending"){if(_)return new Response(d("reject",!0,"This device has already been processed."),{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}});return{success:!1,message:"Session already processed"}}let E=h.approvalRequestedAt||h.approval_requested_at,W=E?Date.now()-new Date(E).getTime()>f:!1;await o.update(t).set({approvalStatus:"rejected",isActive:!1,revokedAt:new Date,revokedReason:W?"approval_token_expired":"user_rejected",approvalRespondedAt:new Date,approvalToken:null}).where(qn(s("id"),h.id)),c.info("[AUTH] Device rejected",{sessionId:h.id,userId:h.userId,isExpired:W});let V=W?"Approval link has expired. The session was automatically rejected.":"Device rejected and blocked. The login attempt has been denied.";if(_)return new Response(d("reject",!0,V),{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}});return{success:!0,message:V}},{detail:{tags:["Authentication"],summary:"Reject pending device",description:"Reject a pending device login request"}}),a.get(`${i}/pending`,async(u)=>{if(!o)return{success:!1,message:"Database not configured"};let m=u.request.headers.get("x-user-id");if(!m)return{success:!1,message:"Authentication required"};let _=await o.select().from(t).where(Fo(qn(s("userId"),m),qn(s("approvalStatus"),"pending"))).orderBy(C2(s("createdAt")));return{success:!0,data:{sessions:_.map((h)=>{let E=h;return{...Js(E),approvalStatus:E.approval_status||E.approvalStatus,approvalToken:E.approval_token||E.approvalToken,approvalRequestedAt:E.approval_requested_at?.toISOString()||E.approvalRequestedAt?.toISOString()}}),totalCount:_.length}}},{detail:{tags:["Authentication"],summary:"List pending devices",description:"Get all pending device approval requests for the current user"}});let w=r.brandName||"Nucleus",g=(u,m,_,S)=>{let h=m==="approve",E=h?"#16a34a":"#dc2626",W=h?"Approve Device":"Reject & Block",V=h?"\u2713":"\u2717",H;if(S==="invalid")H=`
+</body></html>`},l=async(u)=>{if((u.request.headers.get("content-type")||"").includes("application/x-www-form-urlencoded")){let S=await u.request.clone().text();return{token:new URLSearchParams(S).get("token"),isFormSubmission:!0}}return{token:u.body?.token||null,isFormSubmission:!1}};a.post(`${i}/approve`,async(u)=>{if(!o)return{success:!1,message:"Database not configured"};let{token:m,isFormSubmission:_}=await l(u);if(!m){if(_)return new Response(d("approve",!1,"Token is required"),{status:400,headers:{"Content-Type":"text/html; charset=utf-8"}});return{success:!1,message:"Token is required"}}let S=await o.select().from(t).where(qn(s("approvalToken"),m)).limit(1);if(S.length===0){if(_)return new Response(d("approve",!1,"This approval link is invalid or has already been used."),{status:404,headers:{"Content-Type":"text/html; charset=utf-8"}});return{success:!1,message:"Invalid or expired approval token"}}let h=S[0];if(h.approvalStatus!=="pending"){if(_)return new Response(d("approve",!0,"This device has already been processed."),{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}});return{success:!1,message:"Session already processed"}}let E=h.approvalRequestedAt||h.approval_requested_at;if(E){let V=new Date(E).getTime();if(Date.now()-V>f){await o.update(t).set({approvalStatus:"rejected",isActive:!1,revokedAt:new Date,revokedReason:"approval_token_expired",approvalRespondedAt:new Date,approvalToken:null}).where(qn(s("id"),h.id)),c.info("[AUTH] Approval token expired",{sessionId:h.id});let Y="This approval link has expired (24h limit). Please log in again.";if(_)return new Response(d("approve",!1,Y),{status:410,headers:{"Content-Type":"text/html; charset=utf-8"}});return{success:!1,message:Y}}}if(await o.update(t).set({approvalStatus:"approved",isActive:!0,approvalRespondedAt:new Date,approvalToken:null}).where(qn(s("id"),h.id)),c.info("[AUTH] Device approved",{sessionId:h.id,userId:h.userId}),_)return new Response(d("approve",!0,"The device has been approved and can now access the account."),{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}});return{success:!0,message:"Device approved successfully"}},{detail:{tags:["Authentication"],summary:"Approve pending device",description:"Approve a pending device login request"}}),a.post(`${i}/reject`,async(u)=>{if(!o)return{success:!1,message:"Database not configured"};let{token:m,isFormSubmission:_}=await l(u);if(!m){if(_)return new Response(d("reject",!1,"Token is required"),{status:400,headers:{"Content-Type":"text/html; charset=utf-8"}});return{success:!1,message:"Token is required"}}let S=await o.select().from(t).where(qn(s("approvalToken"),m)).limit(1);if(S.length===0){if(_)return new Response(d("reject",!1,"This approval link is invalid or has already been used."),{status:404,headers:{"Content-Type":"text/html; charset=utf-8"}});return{success:!1,message:"Invalid or expired approval token"}}let h=S[0];if(h.approvalStatus!=="pending"){if(_)return new Response(d("reject",!0,"This device has already been processed."),{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}});return{success:!1,message:"Session already processed"}}let E=h.approvalRequestedAt||h.approval_requested_at,V=E?Date.now()-new Date(E).getTime()>f:!1;await o.update(t).set({approvalStatus:"rejected",isActive:!1,revokedAt:new Date,revokedReason:V?"approval_token_expired":"user_rejected",approvalRespondedAt:new Date,approvalToken:null}).where(qn(s("id"),h.id)),c.info("[AUTH] Device rejected",{sessionId:h.id,userId:h.userId,isExpired:V});let Y=V?"Approval link has expired. The session was automatically rejected.":"Device rejected and blocked. The login attempt has been denied.";if(_)return new Response(d("reject",!0,Y),{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}});return{success:!0,message:Y}},{detail:{tags:["Authentication"],summary:"Reject pending device",description:"Reject a pending device login request"}}),a.get(`${i}/pending`,async(u)=>{if(!o)return{success:!1,message:"Database not configured"};let m=u.request.headers.get("x-user-id");if(!m)return{success:!1,message:"Authentication required"};let _=await o.select().from(t).where(Fo(qn(s("userId"),m),qn(s("approvalStatus"),"pending"))).orderBy(C2(s("createdAt")));return{success:!0,data:{sessions:_.map((h)=>{let E=h;return{...Js(E),approvalStatus:E.approval_status||E.approvalStatus,approvalToken:E.approval_token||E.approvalToken,approvalRequestedAt:E.approval_requested_at?.toISOString()||E.approvalRequestedAt?.toISOString()}}),totalCount:_.length}}},{detail:{tags:["Authentication"],summary:"List pending devices",description:"Get all pending device approval requests for the current user"}});let w=r.brandName||"Nucleus",g=(u,m,_,S)=>{let h=m==="approve",E=h?"#16a34a":"#dc2626",V=h?"Approve Device":"Reject & Block",Y=h?"\u2713":"\u2717",H;if(S==="invalid")H=`
 				<div style="text-align:center;padding:40px 20px;">
 					<div style="font-size:48px;margin-bottom:16px;">\u26A0\uFE0F</div>
 					<h2 style="margin:0 0 8px;color:#111827;font-size:20px;">Invalid Token</h2>
@@ -138,7 +138,7 @@ var p2=Object.create;var{getPrototypeOf:I2,defineProperty:hi,getOwnPropertyNames
 					<div style="font-size:48px;margin-bottom:16px;">${D==="approved"?"\u2705":"\uD83D\uDEAB"}</div>
 					<h2 style="margin:0 0 8px;color:#111827;font-size:20px;">Already Processed</h2>
 					<p style="color:#6b7280;font-size:14px;">This device has ${D==="approved"?"already been approved":"already been rejected"}. No further action needed.</p>
-				</div>`}else{let D=u.deviceName||u.device_name||"Unknown",R=u.browserName||u.browser_name||"Unknown",$=u.browserVersion||u.browser_version||"",A=u.osName||u.os_name||"Unknown",M=u.osVersion||u.os_version||"",z=u.ipAddress||u.ip_address||"Unknown",X=u.createdAt||u.created_at,O=X?new Date(X).toLocaleString("en-US",{dateStyle:"medium",timeStyle:"short"}):"Unknown";H=`
+				</div>`}else{let D=u.deviceName||u.device_name||"Unknown",R=u.browserName||u.browser_name||"Unknown",$=u.browserVersion||u.browser_version||"",A=u.osName||u.os_name||"Unknown",M=u.osVersion||u.os_version||"",z=u.ipAddress||u.ip_address||"Unknown",L=u.createdAt||u.created_at,O=L?new Date(L).toLocaleString("en-US",{dateStyle:"medium",timeStyle:"short"}):"Unknown";H=`
 				<h2 style="margin:0 0 8px;color:#111827;font-size:20px;font-weight:700;">
 					${h?"Approve this device?":"Reject this device?"}
 				</h2>
@@ -154,12 +154,12 @@ var p2=Object.create;var{getPrototypeOf:I2,defineProperty:hi,getOwnPropertyNames
 				<form method="POST" action="${i}/${m}" style="margin:24px 0 0;">
 					<input type="hidden" name="token" value="${_}" />
 					<button type="submit" style="width:100%;padding:14px 24px;background-color:${E};color:#ffffff;border:none;border-radius:8px;font-size:15px;font-weight:600;cursor:pointer;">
-						${V} ${W}
+						${Y} ${V}
 					</button>
 				</form>
 				<p style="margin:16px 0 0;color:#9ca3af;font-size:12px;text-align:center;">This link expires 24 hours after the login attempt.</p>`}return`<!DOCTYPE html>
 <html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1.0">
-<title>${W} \u2014 ${w}</title>
+<title>${V} \u2014 ${w}</title>
 <style>*{box-sizing:border-box}body{margin:0;padding:0;background-color:#f4f4f5;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;}</style>
 </head><body>
 <table width="100%" cellpadding="0" cellspacing="0" style="background-color:#f4f4f5;padding:40px 20px;min-height:100vh;">
@@ -172,10 +172,10 @@ var p2=Object.create;var{getPrototypeOf:I2,defineProperty:hi,getOwnPropertyNames
 </table>
 </td></tr>
 </table>
-</body></html>`};return a.get(`${i}/approve-page`,async(u)=>{if(!o)return new Response("Service unavailable",{status:503});let _=new URL(u.request.url).searchParams.get("token");if(!_){let V=g({},"approve","","invalid");return new Response(V,{status:400,headers:{"Content-Type":"text/html; charset=utf-8"}})}let S=await o.select().from(t).where(qn(s("approvalToken"),_)).limit(1);if(S.length===0){let V=g({},"approve",_,"invalid");return new Response(V,{status:404,headers:{"Content-Type":"text/html; charset=utf-8"}})}let h=S[0];if(h.approvalStatus!=="pending"&&h.approval_status!=="pending"){let V=g(h,"approve",_,"already_processed");return new Response(V,{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}})}let E=h.approvalRequestedAt||h.approval_requested_at;if(E&&Date.now()-new Date(E).getTime()>f){let V=g(h,"approve",_,"expired");return new Response(V,{status:410,headers:{"Content-Type":"text/html; charset=utf-8"}})}let W=g(h,"approve",_,"pending");return new Response(W,{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}})},{detail:{tags:["Authentication"],summary:"Approval page",description:"Standalone HTML page for approving a device (no frontend auth required)"}}),a.get(`${i}/reject-page`,async(u)=>{if(!o)return new Response("Service unavailable",{status:503});let _=new URL(u.request.url).searchParams.get("token");if(!_){let V=g({},"reject","","invalid");return new Response(V,{status:400,headers:{"Content-Type":"text/html; charset=utf-8"}})}let S=await o.select().from(t).where(qn(s("approvalToken"),_)).limit(1);if(S.length===0){let V=g({},"reject",_,"invalid");return new Response(V,{status:404,headers:{"Content-Type":"text/html; charset=utf-8"}})}let h=S[0];if(h.approvalStatus!=="pending"&&h.approval_status!=="pending"){let V=g(h,"reject",_,"already_processed");return new Response(V,{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}})}let E=h.approvalRequestedAt||h.approval_requested_at;if(E&&Date.now()-new Date(E).getTime()>f){let V=g(h,"reject",_,"expired");return new Response(V,{status:410,headers:{"Content-Type":"text/html; charset=utf-8"}})}let W=g(h,"reject",_,"pending");return new Response(W,{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}})},{detail:{tags:["Authentication"],summary:"Rejection page",description:"Standalone HTML page for rejecting a device (no frontend auth required)"}}),a.get(`${i}/approval-status`,async(u)=>{if(!o)return{success:!1,message:"Database not configured"};let _=new URL(u.request.url).searchParams.get("sessionId");if(!_)return{success:!1,message:"sessionId is required"};let S=await o.select().from(t).where(qn(s("id"),_)).limit(1);if(S.length===0)return{success:!1,message:"Session not found"};let h=S[0];return{success:!0,data:{approvalStatus:h.approvalStatus||h.approval_status||"unknown",isActive:h.isActive||h.is_active}}},{detail:{tags:["Authentication"],summary:"Check approval status",description:"Poll the approval status of a pending session (used by login form)"}}),a}var T_=b(()=>{y_();P2();y_()});var j2={};go(j2,{createSessionsRoute:()=>Xs,createRegisterRoute:()=>Ys,createRefreshRoute:()=>Vs,createPasswordSetRoute:()=>Ws,createPasswordResetRoute:()=>Us,createPasswordChangeRoute:()=>Bs,createMeRoute:()=>Hs,createMagicLinkRoute:()=>Ms,createLogoutRoute:()=>Xe,createLoginRoute:()=>Ye,createInviteRoute:()=>Be,createImpersonateRoute:()=>Re,createEmailVerificationRoutes:()=>He,createChangeUserIdRoute:()=>Se,createAuthRoutes:()=>F2});function F2(n,r){let{authConfig:t,features:o,helpers:c}=r;if(r.oauthAccountsTable)t.oauthAccountsTable=r.oauthAccountsTable;if(r.schemaTables)t.schemaTables=r.schemaTables;let i=t.authentication?.cookieMaxAgeBufferSeconds??0,a=t.authentication?.cookieDomain,e=a?process.env[a]??a:void 0,s=e==="localhost"||e===".localhost"?void 0:e,f={accessTokenName:t.authentication?.accessToken?.name||"access_token",refreshTokenName:t.authentication?.refreshToken?.name||"refresh_token",sessionTokenName:t.authentication?.sessionToken?.name||"session_token",accessTokenMaxAge:Math.max(0,wt(t.authentication?.accessToken?.expiresIn||"15m")-i),refreshTokenMaxAge:wt(t.authentication?.refreshToken?.expiresIn||"7d"),sessionTokenMaxAge:wt(t.authentication?.sessionToken?.expiresIn||"30d"),domain:s};if(t.logger.info("[AUTH] Cookie config created",{accessTokenMaxAge:f.accessTokenMaxAge,refreshTokenMaxAge:f.refreshTokenMaxAge,sessionTokenMaxAge:f.sessionTokenMaxAge,accessTokenExpiresIn:t.authentication?.accessToken?.expiresIn,sessionTokenExpiresIn:t.authentication?.sessionToken?.expiresIn}),o.login?.enabled){let l=Ye(t,o.login,c.signAccessToken,c.signRefreshToken,c.createSession,c.saveSessionToDb,f,r.tokenResponseConfig);n.use(l)}if(o.register?.enabled){let l=Ys(t,o.register,c.sendWelcomeEmail,c.signAccessToken,c.signRefreshToken,c.createSession,f,r.tokenResponseConfig,r.emailService,r.appName);if(n.use(l),o.register.emailVerification?.enabled){let w=He({authConfig:t,registerConfig:o.register,emailService:r.emailService,appName:r.appName});n.use(w)}}if(o.logout?.enabled){let l=Xe(t,o.logout,c.destroySession,c.revokeSessionInDb,f);n.use(l)}if(o.refresh?.enabled){let l=Vs(t,o.refresh,c.verifyRefreshToken,c.signAccessToken,c.signRefreshToken,r.tokenResponseConfig,i,f);n.use(l)}if(o.passwordReset?.enabled&&c.storeResetToken&&c.getResetToken&&c.deleteResetToken){let l=Us(t,o.passwordReset,c.storeResetToken,c.getResetToken,c.deleteResetToken,c.sendResetEmail);n.use(l)}if(o.passwordChange?.enabled){let l=Bs(t,o.passwordChange);n.use(l)}if(o.passwordSet?.enabled){let l=Ws(t,o.passwordSet,c.getMagicToken,c.deleteMagicToken);n.use(l)}if(o.sessions?.enabled&&r.sessionsTable){let l=Xs(t,o.sessions,r.sessionsTable);n.use(l)}if(o.magicLink?.enabled&&r.emailService?.isAvailable()&&c.storeMagicToken&&c.getMagicToken&&c.deleteMagicToken){let l=Ms(t,o.magicLink,r.emailService,c.signAccessToken,c.signRefreshToken,c.createSession,c.storeMagicToken,c.getMagicToken,c.deleteMagicToken,r.appName);n.use(l)}if(o.me?.enabled){let l=Hs(t,o.me,r.schemaTables||{},r.schemaRelations||{},r.databaseUrl);n.use(l)}if(o.invite?.enabled&&r.emailService?.isAvailable()&&c.storeMagicToken){let l=Be(t,o.invite,r.emailService,c.storeMagicToken,r.appName,c.getMagicToken);n.use(l)}if(o.captcha?.enabled&&r.captchaService){let l=zg({captchaService:r.captchaService,logger:t.logger,basePath:o.captcha.route||"/auth/captcha"});n.use(l)}if(o.oauth?.enabled&&o.oauth.providers){let l=new ne(o.oauth),w=V2(t,l,c.signAccessToken,c.signRefreshToken,c.createSession,c.saveSessionToDb,f,r.tokenResponseConfig,r.emailService,c.storeMagicToken,r.appName);n.use(w)}let d=Ug(t,{route:"/auth/check",isPublic:!1,enabled:!0});if(n.use(d),r.admin?.impersonate?.enabled!==!1){let l=Re(t,c.signAccessToken,c.signRefreshToken,c.createSession,c.saveSessionToDb,f);n.use(l)}if(r.admin?.changeUserId?.enabled!==!1){let l=Se(t,r.schemaName||"public");n.use(l)}return n}var nd=b(()=>{y0();_e();qf();jf();Bg();Wg();Kf();vf();yf();Tf();Y_();J_();Y2();Q_();x_();q_();j_();Z_();T_();qf();jf();Kf();vf();yf();Tf();Y_();J_();Q_();x_();q_();j_();Z_();T_()});import{batch as Os,createStore as n5}from"h-state";import{useEffectEvent as r5}from"react";function t5(n){let r={};for(let t of Object.keys(n))r[t]={isPending:!1,data:null,error:null,code:null};return r}function o5(n,r){let{useStore:t}=n5(t5(n),{_callEndpoint:(o)=>async(c,i)=>{if(!o[c])return;Os(()=>{o[c].isPending=!0,o[c].error=null});try{let e=await r(c,i.payload);if(Os(()=>{if(o[c].isPending=!1,o[c].code=e.code??null,e.isSuccess&&e.data!==void 0)o[c].data=e.data,o[c].error=null;else o[c].error=e.errors??null}),e.isSuccess)i.onAfterHandle?.(e.data??e);else i.onErrorHandle?.(e.errors??{message:"Request failed"},e.code)}catch(e){Os(()=>{o[c].isPending=!1,o[c].error={message:e instanceof Error?e.message:"Unknown error"}}),i.onErrorHandle?.({message:e instanceof Error?e.message:"Unknown error"},null)}}});return function(){let c=t(),i=r5((e,s)=>{c._callEndpoint(e,s)}),a={};for(let e of Object.keys(n)){let s=(f)=>{i(e,f)};a[e]={state:c[e],start:s}}return a}}var ad={$schema:"../schemas/nucleus.tables.schema.json",tables:[{table_name:"users",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"email",type:"varchar",length:255},{name:"password",type:"varchar",length:255},{name:"verified_at",type:"timestamp"},{name:"email_verification_token",type:"varchar",length:255},{name:"email_verification_token_expires_at",type:"timestamp"},{name:"email_verification_sent_at",type:"timestamp"},{name:"email_verification_attempts",type:"integer",default:0},{name:"last_login_at",type:"timestamp"},{name:"login_count",type:"integer",default:0},{name:"is_locked",type:"boolean",default:!1},{name:"locked_until",type:"timestamp"},{name:"failed_login_attempts",type:"integer",default:0},{name:"is_god",type:"boolean",default:!1}],indexes:[{columns:["email"],unique:!0},{columns:["email","is_active"]},{columns:["last_login_at"]},{columns:["is_locked","locked_until"]}]},{table_name:"profiles",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"first_name",type:"varchar",length:100,notNull:!0},{name:"last_name",type:"varchar",length:100,notNull:!0}],indexes:[{columns:["user_id"],unique:!0},{columns:["first_name","last_name"]}]},{table_name:"roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500}],indexes:[{columns:["name"],unique:!0}]},{table_name:"claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"action",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500},{name:"path",type:"varchar",length:200,notNull:!0},{name:"method",type:"varchar",length:10,notNull:!0}],indexes:[{columns:["action"],unique:!0},{columns:["path","method"]}]},{table_name:"user_roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}}],indexes:[{columns:["user_id"]},{columns:["role_id"]}],constraints:{unique:[{name:"unique_user_role",columns:["user_id","role_id"]}]}},{table_name:"role_claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}},{name:"claim_id",type:"uuid",notNull:!0,references:{table:"claims",column:"id",onDelete:"cascade"}},{name:"scope",type:"text"}],indexes:[{columns:["role_id"]},{columns:["claim_id"]},{columns:["role_id","claim_id","scope"]}]},{table_name:"files",feature_set:["storage"],add_base_columns:!0,is_form_data:!0,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:255,notNull:!0},{name:"original_name",type:"varchar",length:255,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["image","document","video","audio","profile_picture"]},{name:"path",type:"varchar",length:500,notNull:!0},{name:"size",type:"bigint",mode:"number",notNull:!0},{name:"mime_type",type:"varchar",length:100,notNull:!0},{name:"extension",type:"varchar",length:10,notNull:!0},{name:"uploaded_by",type:"uuid",references:{table:"users",column:"id"}}],indexes:[{columns:["type"]},{columns:["uploaded_by"]},{columns:["size"]}]},{table_name:"addresses",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"street",type:"varchar",length:255},{name:"city",type:"varchar",length:100},{name:"state",type:"varchar",length:50},{name:"zip",type:"varchar",length:20},{name:"country",type:"varchar",length:50,default:"US"},{name:"latitude",type:"decimal",precision:10,scale:8},{name:"longitude",type:"decimal",precision:11,scale:8},{name:"neighborhood",type:"varchar",length:100},{name:"apartment",type:"varchar",length:50},{name:"province",type:"varchar",length:100},{name:"district",type:"varchar",length:100},{name:"type",type:"varchar",length:50}],indexes:[{columns:["city","state"]},{columns:["latitude","longitude"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"phones",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["mobile","office","fax"]},{name:"number",type:"varchar",length:20,notNull:!0},{name:"country_code",type:"varchar",length:10,notNull:!0,default:"+1"},{name:"extension",type:"varchar",length:10}],indexes:[{columns:["number"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"notifications",feature_set:["notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",notNull:!0},{name:"title",type:"varchar",length:255,notNull:!0},{name:"body",type:"varchar",length:1000},{name:"entity_name",type:"varchar",length:100},{name:"entity_id",type:"uuid"},{name:"type",type:"varchar",length:50,notNull:!0,default:"system",enumValues:["verification","system","custom"]},{name:"source",type:"varchar",length:100},{name:"is_seen",type:"boolean",notNull:!0,default:!1},{name:"seen_at",type:"timestamptz"}],indexes:[{columns:["user_id","created_at"]},{columns:["is_seen"]},{columns:["type"]},{columns:["user_id","type","is_seen"]}]},{table_name:"tenants",feature_set:["multi-tenant"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:[],columns:[{name:"subdomain",type:"varchar",length:100,notNull:!0,unique:!0},{name:"company_id",type:"uuid",notNull:!0},{name:"schema_name",type:"varchar",length:100,notNull:!0,unique:!0},{name:"company_name",type:"varchar",length:255},{name:"god_admin_email",type:"varchar",length:255}],indexes:[]},{table_name:"verifications",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"instance_id",type:"uuid",notNull:!0,references:{table:"verificationInstances",column:"id",onDelete:"cascade"}},{name:"requirement_id",type:"uuid",notNull:!0,references:{table:"verificationRequirements",column:"id"}},{name:"verifier_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"signature_id",type:"uuid",references:{table:"files",column:"id"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"decision",type:"varchar",length:50,notNull:!0,default:"pending",enumValues:["approved","rejected","pending"]},{name:"reason",type:"text"},{name:"diff",type:"jsonb"}],indexes:[{columns:["instance_id"]},{columns:["requirement_id"]},{columns:["verifier_id"]},{columns:["entity_name","entity_id"]},{columns:["entity_name","entity_id","step_order"]},{columns:["decision"]}]},{table_name:"verificationRequirements",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"instance_id",type:"uuid",notNull:!0,references:{table:"verificationInstances",column:"id",onDelete:"cascade"}},{name:"step_node_id",type:"varchar",length:100,notNull:!0},{name:"verifier_node_id",type:"varchar",length:100,notNull:!0},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"verifier_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role"]},{name:"verifier_user_id",type:"uuid"},{name:"verifier_role",type:"varchar",length:100},{name:"require_signature",type:"boolean",notNull:!0,default:!1},{name:"all_must_approve",type:"boolean",notNull:!0,default:!1},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"status",type:"varchar",length:30,notNull:!0,default:"pending",enumValues:["pending","approved","rejected"]}],indexes:[{columns:["instance_id"]},{columns:["instance_id","step_order"]},{columns:["entity_name","entity_id"]},{columns:["verifier_user_id"]},{columns:["status"]}]},{table_name:"verificationFlows",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"trigger_on",type:"varchar",length:50,notNull:!0,default:"update",enumValues:["create","update","delete","manual"]},{name:"trigger_fields",type:"jsonb"},{name:"is_draft",type:"boolean",notNull:!0,default:!0},{name:"published_at",type:"timestamptz"},{name:"viewport",type:"jsonb"}],indexes:[{columns:["entity_name"]},{columns:["entity_name","trigger_on"]},{columns:["is_draft"]}]},{table_name:"verificationSteps",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"node_type",type:"varchar",length:50,notNull:!0,default:"step",enumValues:["step","verifier","notification"]},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"name",type:"varchar",length:255},{name:"description",type:"text"},{name:"position_x",type:"numeric",notNull:!0,default:0},{name:"position_y",type:"numeric",notNull:!0,default:0},{name:"width",type:"numeric"},{name:"height",type:"numeric"},{name:"style",type:"jsonb"},{name:"data",type:"jsonb"}],indexes:[{columns:["flow_id"]},{columns:["entity_name"]},{columns:["flow_id","node_id"],unique:!0},{columns:["entity_name","step_order"]}]},{table_name:"verificationEdges",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"edge_id",type:"varchar",length:100,notNull:!0},{name:"source_node_id",type:"varchar",length:100,notNull:!0},{name:"target_node_id",type:"varchar",length:100,notNull:!0},{name:"source_handle",type:"varchar",length:50},{name:"target_handle",type:"varchar",length:50},{name:"edge_type",type:"varchar",length:50,default:"default",enumValues:["default","conditional","success","failure"]},{name:"label",type:"varchar",length:255},{name:"condition",type:"jsonb"},{name:"style",type:"jsonb"},{name:"animated",type:"boolean",default:!1}],indexes:[{columns:["flow_id"]},{columns:["flow_id","edge_id"],unique:!0},{columns:["source_node_id"]},{columns:["target_node_id"]}]},{table_name:"verificationNotificationRules",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"trigger",type:"varchar",length:50,notNull:!0,enumValues:["on_flow_started","on_step_reached","on_approved","on_rejected","on_flow_completed"]},{name:"title_template",type:"varchar",length:255},{name:"body_template",type:"text"},{name:"starts_at",type:"timestamptz"},{name:"expires_at",type:"timestamptz"}],indexes:[{columns:["flow_id"]},{columns:["flow_id","node_id"],unique:!0},{columns:["trigger"]}]},{table_name:"verificationNotificationRecipients",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"rule_id",type:"uuid",notNull:!0,references:{table:"verificationNotificationRules",column:"id",onDelete:"cascade"}},{name:"recipient_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role","all_verifiers","step_verifier","entity_creator"]},{name:"recipient_user_id",type:"uuid"},{name:"recipient_role",type:"varchar",length:100}],indexes:[{columns:["rule_id"]},{columns:["recipient_type"]}]},{table_name:"verificationVerifierConfigs",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"verifier_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role"]},{name:"verifier_user_id",type:"uuid"},{name:"verifier_role",type:"varchar",length:100},{name:"require_signature",type:"boolean",notNull:!0,default:!1},{name:"all_must_approve",type:"boolean",notNull:!0,default:!1}],indexes:[{columns:["flow_id"]},{columns:["flow_id","node_id"],unique:!0},{columns:["verifier_type"]}]},{table_name:"verificationInstances",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"started_by",type:"uuid",references:{table:"users",column:"id"}},{name:"status",type:"varchar",length:30,notNull:!0,default:"active",enumValues:["active","completed","rejected","cancelled"]},{name:"current_step_order",type:"integer",notNull:!0,default:1},{name:"started_at",type:"timestamptz",notNull:!0,defaultRaw:"now()"},{name:"completed_at",type:"timestamptz"}],indexes:[{columns:["flow_id"]},{columns:["entity_name","entity_id"]},{columns:["entity_name","entity_id","status"]},{columns:["status"]},{columns:["started_by"]}]},{table_name:"verificationNotificationChannels",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"rule_id",type:"uuid",notNull:!0,references:{table:"verificationNotificationRules",column:"id",onDelete:"cascade"}},{name:"channel",type:"varchar",length:30,notNull:!0,enumValues:["portal","email","sms","telegram","webhook"]}],indexes:[{columns:["rule_id"]},{columns:["rule_id","channel"],unique:!0},{columns:["channel"]}]},{table_name:"user_sessions",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"refresh_token_hash",type:"varchar",length:255},{name:"device_fingerprint",type:"varchar",length:255},{name:"device_name",type:"varchar",length:100},{name:"device_type",type:"varchar",length:50,enumValues:["desktop","mobile","tablet","unknown"]},{name:"browser_name",type:"varchar",length:50},{name:"browser_version",type:"varchar",length:20},{name:"os_name",type:"varchar",length:50},{name:"os_version",type:"varchar",length:20},{name:"ip_address",type:"varchar",length:45,notNull:!0},{name:"location_country",type:"varchar",length:100},{name:"location_city",type:"varchar",length:100},{name:"location_coordinates",type:"varchar",length:50},{name:"last_activity_at",type:"timestamptz",notNull:!0,defaultRaw:"now()"},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"revoked_at",type:"timestamptz"},{name:"revoked_reason",type:"varchar",length:100,enumValues:["user_logout","user_revoked","admin_revoked","security_concern","password_changed","expired","replaced"]},{name:"is_current",type:"boolean",notNull:!0,default:!1},{name:"login_method",type:"varchar",length:50,enumValues:["password","oauth_google","oauth_github","oauth_microsoft","magic_link","sso","api_key"]},{name:"remember_me",type:"boolean",notNull:!0,default:!1},{name:"trust_score",type:"integer",default:100},{name:"approval_status",type:"varchar",length:20,default:"approved",enumValues:["approved","pending","rejected"]},{name:"approval_token",type:"varchar",length:64},{name:"approval_requested_at",type:"timestamptz"},{name:"approval_responded_at",type:"timestamptz"}],indexes:[{columns:["user_id"]},{columns:["token_hash"],unique:!0},{columns:["refresh_token_hash"]},{columns:["user_id","is_active"]},{columns:["expires_at"]},{columns:["device_fingerprint"]},{columns:["ip_address"]},{columns:["last_activity_at"]},{columns:["approval_status"]},{columns:["approval_token"]}]},{table_name:"password_reset_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["expires_at"]}]},{table_name:"magic_link_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"email",type:"varchar",length:255,notNull:!0},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["email"]},{columns:["expires_at"]}]},{table_name:"audit_logs",feature_set:["audit"],add_base_columns:!1,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","DELETE","PATCH","TOGGLE","VERIFICATION"],columns:[{name:"id",type:"uuid",primaryKey:!0,defaultRaw:"gen_random_uuid()"},{name:"entity_id",type:"uuid"},{name:"entity_name",type:"text",notNull:!0},{name:"operation_type",type:"text",notNull:!0},{name:"user_id",type:"uuid"},{name:"ip_address",type:"text"},{name:"user_agent",type:"text"},{name:"summary",type:"text"},{name:"old_values",type:"jsonb"},{name:"new_values",type:"jsonb"},{name:"created_at",type:"timestamp",notNull:!0,defaultRaw:"now()"},{name:"path",type:"text"},{name:"query",type:"text"}],indexes:[{columns:["entity_id"]},{columns:["entity_name"]},{columns:["user_id"]},{columns:["created_at"]}]},{table_name:"oauth_accounts",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!1,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:50,notNull:!0,enumValues:["google","github","microsoft","discord","facebook","twitter","apple","custom"]},{name:"provider_account_id",type:"varchar",length:255,notNull:!0},{name:"provider_email",type:"varchar",length:255},{name:"provider_name",type:"varchar",length:255},{name:"provider_avatar_url",type:"text"},{name:"access_token",type:"text"},{name:"refresh_token",type:"text"},{name:"token_expires_at",type:"timestamp"},{name:"scope",type:"text"},{name:"raw_profile",type:"jsonb"},{name:"is_primary",type:"boolean",notNull:!0,default:!1},{name:"last_used_at",type:"timestamp"}],indexes:[{columns:["user_id"]},{columns:["provider","provider_account_id"],unique:!0},{columns:["provider_email"]},{columns:["user_id","provider"]}],constraints:{unique:[{name:"unique_provider_account",columns:["provider","provider_account_id"]}]}}]};var Gs={login:{key:"LOGIN",method:"POST",defaultRoute:"/auth/login",defaultIsPublic:!0,_payload:void 0,_success:void 0,_error:void 0},register:{key:"REGISTER",method:"POST",defaultRoute:"/auth/register",defaultIsPublic:!0,_payload:void 0,_success:void 0,_error:void 0},logout:{key:"LOGOUT",method:"POST",defaultRoute:"/auth/logout",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},refresh:{key:"REFRESH",method:"POST",defaultRoute:"/auth/refresh",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},me:{key:"ME",method:"GET",defaultRoute:"/auth/me",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},passwordChange:{key:"PASSWORD_CHANGE",method:"POST",defaultRoute:"/auth/password-change",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},passwordSet:{key:"PASSWORD_SET",method:"POST",defaultRoute:"/auth/password-set",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},passwordReset:{key:"PASSWORD_RESET_REQUEST",method:"POST",defaultRoute:"/auth/password-reset",defaultIsPublic:!0,subEndpoints:[{key:"PASSWORD_RESET_REQUEST",method:"POST",suffix:"/request",_payload:void 0,_success:void 0,_error:void 0},{key:"PASSWORD_RESET_CONFIRM",method:"POST",suffix:"/confirm",_payload:void 0,_success:void 0,_error:void 0}]},sessions:{key:"SESSIONS",method:"GET",defaultRoute:"/auth/sessions",defaultIsPublic:!1,subEndpoints:[{key:"SESSIONS",method:"GET",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_CURRENT",method:"GET",suffix:"/current",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_STATS",method:"GET",suffix:"/stats",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_PENDING",method:"GET",suffix:"/pending",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_REVOKE",method:"DELETE",suffix:"/:sessionId",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_REVOKE_ALL",method:"DELETE",suffix:"/all",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_APPROVE",method:"POST",suffix:"/approve",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_REJECT",method:"POST",suffix:"/reject",_payload:void 0,_success:void 0,_error:void 0}]},magicLink:{key:"MAGIC_LINK",method:"POST",defaultRoute:"/auth/magic-link",defaultIsPublic:!0,subEndpoints:[{key:"MAGIC_LINK",method:"POST",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"MAGIC_LINK_VERIFY",method:"GET",suffix:"/verify",routeKey:"verifyRoute",_payload:void 0,_success:void 0,_error:void 0}]},invite:{key:"INVITE",method:"POST",defaultRoute:"/auth/invite",defaultIsPublic:!1,subEndpoints:[{key:"INVITE",method:"POST",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"INVITE_VERIFY",method:"POST",suffix:"/verify",_payload:void 0,_success:void 0,_error:void 0}]},emailVerification:{key:"VERIFY_EMAIL",method:"GET",defaultRoute:"/verify-email",defaultIsPublic:!0,subEndpoints:[{key:"VERIFY_EMAIL",method:"GET",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"RESEND_VERIFICATION",method:"POST",suffix:"",routeKey:"resendRoute",defaultRoute:"/resend-verification",_payload:void 0,_success:void 0,_error:void 0}]},captcha:{key:"CAPTCHA",method:"GET",defaultRoute:"/auth/captcha",defaultIsPublic:!0,subEndpoints:[{key:"CAPTCHA_GENERATE",method:"GET",suffix:"/generate",_payload:void 0,_success:void 0,_error:void 0},{key:"CAPTCHA_VALIDATE",method:"POST",suffix:"/validate",_payload:void 0,_success:void 0,_error:void 0}]},oauth:{key:"OAUTH_PROVIDERS",method:"GET",defaultRoute:"/auth/oauth/providers",defaultIsPublic:!0,subEndpoints:[{key:"OAUTH_PROVIDERS",method:"GET",suffix:"/providers",_payload:void 0,_success:void 0,_error:void 0},{key:"OAUTH_REDIRECT",method:"GET",suffix:"/:provider",_payload:void 0,_success:void 0,_error:void 0},{key:"OAUTH_ACCOUNTS",method:"GET",suffix:"/accounts",_payload:void 0,_success:void 0,_error:void 0},{key:"OAUTH_UNLINK",method:"DELETE",suffix:"/unlink/:provider",_payload:void 0,_success:void 0,_error:void 0}]}},ed={healthCheck:{key:"MONITORING_HEALTH_CHECK",method:"GET",suffix:"/health",_payload:void 0,_success:void 0,_error:void 0},getSettings:{key:"MONITORING_GET_SETTINGS",method:"GET",suffix:"/settings",_payload:void 0,_success:void 0,_error:void 0},changeSettings:{key:"MONITORING_CHANGE_SETTINGS",method:"PATCH",suffix:"/settings",_payload:void 0,_success:void 0,_error:void 0},getLogs:{key:"MONITORING_GET_LOGS",method:"GET",suffix:"/logs",_payload:void 0,_success:void 0,_error:void 0}};var i5=["profiles","addresses","phones","files","users","roles","claims","user_roles","role_claims","audit_logs"],a5=ad.tables.filter((n)=>i5.includes(n.table_name));function Ec(n){return n.replace(/([a-z])([A-Z])/g,"$1_$2").replace(/[\s-]+/g,"_").toUpperCase()}function e5(n){return n.replace(/_([a-z])/g,(r,t)=>t.toUpperCase())}function Ns(n){if(n.endsWith("ies"))return`${n.slice(0,-3)}y`;if(n.endsWith("ses"))return`${n.slice(0,-2)}`;if(n.endsWith("s"))return n.slice(0,-1);return n}function Yt(n,r){let t=Ec(n),o=Ec(Ns(n));switch(r){case"GET":return`GET_${t}`;case"POST":return`ADD_${o}`;case"PUT":return`UPDATE_${o}`;case"PATCH":return`PATCH_${o}`;case"DELETE":return`DELETE_${o}`}}function Ac(n,r){let t=Ec(n);switch(r){case"POST":return`BULK_ADD_${t}`;case"PUT":return`BULK_UPDATE_${t}`;case"DELETE":return`BULK_DELETE_${t}`}}function wo(n,r){if(!n.excluded_methods)return!1;let t={GET:"GET",POST:"POST",PUT:"PUT",PATCH:"PATCH",DELETE:"DELETE"};return n.excluded_methods.includes(t[r])}function sd(n){let r={};for(let t of n.entities){let o=t.table_name,c=`/${o}`,i=t.serviceId;if(!wo(t,"GET")){r[Yt(o,"GET")]={method:"GET",path:c,isPublic:t.is_public?.GET??!1,serviceId:i,_payload:void 0,_success:void 0,_error:void 0};let a=Ec(Ns(o));r[`GET_${a}_BY_ID`]={method:"GET",path:`${c}/:id`,isPublic:t.is_public?.GET??!1,serviceId:i,_payload:void 0,_success:void 0,_error:void 0},r[`GET_${Ec(o)}_DISTINCT`]={method:"GET",path:`${c}/distinct/:field`,isPublic:t.is_public?.GET??!1,serviceId:i,_payload:void 0,_success:void 0,_error:void 0}}if(!wo(t,"POST"))r[Yt(o,"POST")]={method:"POST",path:c,isPublic:t.is_public?.POST??!1,isFormData:t.is_form_data,serviceId:i,_payload:void 0,_success:void 0,_error:void 0};if(!wo(t,"PUT"))r[Yt(o,"PUT")]={method:"PUT",path:`${c}/:id`,isPublic:t.is_public?.PUT??!1,isFormData:t.is_form_data,serviceId:i,_payload:void 0,_success:void 0,_error:void 0};if(!wo(t,"PATCH"))r[Yt(o,"PATCH")]={method:"PATCH",path:`${c}/:id`,isPublic:t.is_public?.PATCH??!1,serviceId:i,_payload:void 0,_success:void 0,_error:void 0};if(!wo(t,"DELETE"))r[Yt(o,"DELETE")]={method:"DELETE",path:`${c}/:id`,isPublic:t.is_public?.DELETE??!1,serviceId:i,_payload:void 0,_success:void 0,_error:void 0};if(t.bulk_endpoints_enabled){if(!wo(t,"POST"))r[Ac(o,"POST")]={method:"POST",path:`${c}/bulk`,isPublic:t.is_public?.POST??!1,serviceId:i,_payload:void 0,_success:void 0,_error:void 0};if(!wo(t,"PUT"))r[Ac(o,"PUT")]={method:"PUT",path:`${c}/bulk`,isPublic:t.is_public?.PUT??!1,serviceId:i,_payload:void 0,_success:void 0,_error:void 0};if(!wo(t,"DELETE"))r[Ac(o,"DELETE")]={method:"DELETE",path:`${c}/bulk`,isPublic:t.is_public?.DELETE??!1,serviceId:i,_payload:void 0,_success:void 0,_error:void 0}}}return r}function fd(n){let r={},t=n.authentication;if(!t?.enabled)return r;for(let[o,c]of Object.entries(Gs)){let i=t[o];if(!i?.enabled)continue;let a=i.route||c.defaultRoute,e=i.isPublic??c.defaultIsPublic;if("subEndpoints"in c&&c.subEndpoints)for(let s of c.subEndpoints){let f="routeKey"in s&&s.routeKey&&i[s.routeKey]?String(i[s.routeKey]):("defaultRoute"in s)&&s.defaultRoute?String(s.defaultRoute):`${a}${s.suffix}`;r[s.key]={method:s.method,path:f,isPublic:s.key==="MAGIC_LINK_VERIFY"?!0:e,_payload:s._payload,_success:s._success,_error:s._error}}else if("_payload"in c)r[c.key]={method:c.method,path:a,isPublic:e,_payload:c._payload,_success:c._success,_error:c._error}}return r}function ld(){let n={};for(let r of a5){let t=r.table_name,c=`/${e5(t)}`,i=t==="files";n[Yt(t,"GET")]={method:"GET",path:c,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0};let a=Ec(Ns(t));if(n[`GET_${a}_BY_ID`]={method:"GET",path:`${c}/:id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},n[Yt(t,"POST")]={method:"POST",path:c,isPublic:!1,isFormData:i,_payload:void 0,_success:void 0,_error:void 0},n[Yt(t,"PUT")]={method:"PUT",path:`${c}/:id`,isPublic:!1,isFormData:i,_payload:void 0,_success:void 0,_error:void 0},n[Yt(t,"PATCH")]={method:"PATCH",path:`${c}/:id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},n[Yt(t,"DELETE")]={method:"DELETE",path:`${c}/:id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.bulk_endpoints_enabled)n[Ac(t,"POST")]={method:"POST",path:`${c}/bulk`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},n[Ac(t,"PUT")]={method:"PUT",path:`${c}/bulk`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},n[Ac(t,"DELETE")]={method:"DELETE",path:`${c}/bulk`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}}return n}function _d(n){let r={},t=n.liveMonitoring;if(!t?.enabled)return r;let o=t.basePath||"/monitoring";for(let c of Object.values(ed))r[c.key]={method:c.method,path:`${o}${c.suffix}`,isPublic:!1,_payload:c._payload,_success:c._success,_error:c._error};return r}function dd(n){let r={};if(!n.authentication?.enabled)return r;return r.ADMIN_IMPERSONATE={method:"POST",path:"/auth/admin/impersonate",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.ADMIN_IMPERSONATE_STOP={method:"POST",path:"/auth/admin/impersonate/stop",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.ADMIN_CHANGE_USER_ID={method:"POST",path:"/auth/admin/change-user-id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r}function ud(n){let r={},t=n.verification,o=n.notification;if(!t?.enabled)return r;let c=t.endpoints?.basePath||"/verifications",i=t.flowEndpoints?.basePath||"/verification-flows",a=o?.endpoints?.basePath||"/notifications";if(r.VERIFICATION_STATUS={method:"GET",path:`${c}/status/:entity_name/:entity_id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.VERIFICATION_DECIDE={method:"POST",path:`${c}/:entity_name/:entity_id/decide`,isPublic:!1,skipCamelCase:!0,_payload:void 0,_success:void 0,_error:void 0},r.VERIFICATION_PENDING={method:"GET",path:`${c}/pending`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.VERIFICATION_HISTORY={method:"GET",path:`${c}/history/:entity_name/:entity_id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.VERIFICATION_START={method:"POST",path:`${c}/start`,isPublic:!1,skipCamelCase:!0,_payload:void 0,_success:void 0,_error:void 0},r.VERIFICATION_START_FOR_ENTITY={method:"POST",path:`${c}/start-for-entity`,isPublic:!1,skipCamelCase:!0,_payload:void 0,_success:void 0,_error:void 0},r.VERIFICATION_ENTITY_STATUSES={method:"GET",path:`${c}/statuses/:entity_name`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},t.flowEndpoints?.enabled)r.FLOW_LIST={method:"GET",path:i,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.FLOW_GET={method:"GET",path:`${i}/:flow_id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.FLOW_SAVE={method:"POST",path:i,isPublic:!1,skipCamelCase:!0,_payload:void 0,_success:void 0,_error:void 0},r.FLOW_PUBLISH={method:"POST",path:`${i}/:flow_id/publish`,isPublic:!1,skipCamelCase:!0,_payload:void 0,_success:void 0,_error:void 0},r.FLOW_DELETE={method:"DELETE",path:`${i}/:flow_id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0};if(o?.enabled&&o.endpoints?.enabled)r.NOTIFICATION_LIST={method:"GET",path:a,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.NOTIFICATION_UNSEEN_COUNT={method:"GET",path:`${a}/unseen-count`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.NOTIFICATION_MARK_SEEN={method:"POST",path:`${a}/:notification_id/seen`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.NOTIFICATION_MARK_ALL_SEEN={method:"POST",path:`${a}/seen-all`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0};return r}function s5(n,r){let t=sd(n),o=fd(n),c=dd(n),i=ld(),a=_d(n),e=ud(n);return{...t,...o,...c,...i,...a,...e,...r??{}}}ps();import{randomUUID as u5}from"crypto";var b5={timeout:30000,retries:0,retryDelay:1000,debug:!1};class Ai{config;logger;constructor(n={}){this.config={...b5,...n},this.logger=new jr({service:"ServerFetch",prettyPrint:this.config.debug,colorize:this.config.debug,auditEnabled:!1})}buildUrl(n){if(n.startsWith("http://")||n.startsWith("https://"))return n;return this.config.baseUrl?`${this.config.baseUrl}${n}`:n}buildHeaders(n){let r=new Headers;if(this.config.defaultHeaders)for(let[t,o]of Object.entries(this.config.defaultHeaders))r.set(t,o);if(n)if(n instanceof Headers)n.forEach((t,o)=>{r.set(o,t)});else if(Array.isArray(n))for(let[t,o]of n)r.set(t,o);else for(let[t,o]of Object.entries(n))r.set(t,o);return r}parseResponseHeaders(n){let r={};if(n.forEach((t,o)=>{if(o.toLowerCase()==="set-cookie"){let c=r[o];r[o]=c?`${c}, ${t}`:t}else r[o]=t}),typeof n.getSetCookie==="function"){let t=n.getSetCookie();if(t.length>0)r["set-cookie"]=t.join(", ")}return r}async executeWithTimeout(n,r,t){let o=new AbortController,c=setTimeout(()=>o.abort(),r);try{return await Promise.race([n,new Promise((a,e)=>{o.signal.addEventListener("abort",()=>{e(Error(`Request timeout after ${r}ms`))})})])}finally{clearTimeout(c)}}async fetch(n){let r=u5(),t=performance.now(),o=this.buildUrl(n.url),c=this.buildHeaders(n.headers),i=n.timeout??this.config.timeout??30000,a=n.retries??this.config.retries??0,e=n.retryDelay??this.config.retryDelay??1000,s;if(n.body)if(typeof n.body==="object"&&!(n.body instanceof FormData)&&!(n.body instanceof URLSearchParams)&&!(n.body instanceof Blob)&&!(n.body instanceof ArrayBuffer)){if(s=JSON.stringify(n.body),!c.has("content-type"))c.set("content-type","application/json")}else s=n.body;this.logger.debug(`[${r}] ${n.method} ${o}`,{method:n.method,url:o,hasBody:!!s});let f=null,d=0;while(d<=a)try{let w=await this.executeWithTimeout(fetch(o,{method:n.method,headers:c,body:s}),i,r),g=performance.now()-t,u=this.parseResponseHeaders(w.headers),m,_,S=await w.text();if(S)try{let E=JSON.parse(S);if(w.ok)m=E;else _=E}catch{if(!w.ok)_={message:S||w.statusText}}else if(!w.ok)_={message:w.statusText};let h={isSuccess:w.ok,response:m,errors:_,code:w.status,headers:u,durationMs:g,requestId:r,createdAt:new Date};if(w.ok)this.logger.info(`[${r}] ${n.method} ${o} ${w.status}`,{method:n.method,url:o,statusCode:w.status,durationMs:Math.round(g)});else this.logger.warn(`[${r}] ${n.method} ${o} ${w.status}`,{method:n.method,url:o,statusCode:w.status,durationMs:Math.round(g),error:_});return h}catch(w){if(f=w instanceof Error?w:Error(String(w)),d++,d<=a)this.logger.warn(`[${r}] Retry ${d}/${a} after error`,{method:n.method,url:o,error:f.message,attempt:d,retries:a}),await new Promise((g)=>setTimeout(g,e))}let l=performance.now()-t;return this.logger.error(`[${r}] ${n.method} ${o} failed`,f,{method:n.method,url:o,durationMs:Math.round(l),attempts:d}),{isSuccess:!1,response:void 0,errors:{message:f?.message||"Unknown error"},code:null,headers:{},durationMs:l,requestId:r,createdAt:new Date}}async get(n,r){return this.fetch({...r,url:n,method:"GET"})}async post(n,r,t){return this.fetch({...t,url:n,method:"POST",body:r})}async put(n,r,t){return this.fetch({...t,url:n,method:"PUT",body:r})}async patch(n,r,t){return this.fetch({...t,url:n,method:"PATCH",body:r})}async delete(n,r){return this.fetch({...r,url:n,method:"DELETE"})}}var g5=new Ai;var w5={accessToken:"access_token",refreshToken:"refresh_token",sessionToken:"session_token"};function m5(n){let r=[],t="";for(let o=0;o<n.length;o++){let c=n[o];if(c===","){let i=n.slice(o+1).trimStart();if(/^[a-zA-Z0-9_-]+=/.test(i)){r.push(t.trim()),t="";continue}}t+=c}if(t.trim())r.push(t.trim());return r}function h5(n,r){let t={},o=["x-forwarded-for","x-real-ip","user-agent","accept-language","x-request-id","x-client-ip","cf-connecting-ip","true-client-ip"];for(let s of o){let f=n.get(s);if(f)t[s]=f}if(!t["user-agent"])t["user-agent"]="Nucleus-ServerAction/1.0";let c=n.get(`x-${r.accessToken}`),i=n.get(`x-${r.refreshToken}`),a=n.get(`x-${r.sessionToken}`);if(c)t[`x-${r.accessToken}`]=c;if(i)t[`x-${r.refreshToken}`]=i;if(a)t[`x-${r.sessionToken}`]=a;let e=n.get("cookie");if(e)t.cookie=e;return t}function $5(n){return n.replace(/_([a-z])/g,(r,t)=>t.toUpperCase())}function Is(n){let r={};for(let[t,o]of Object.entries(n)){let c=t.startsWith("_")?t:$5(t);if(o instanceof Date)r[c]=o.toISOString();else if(o&&typeof o==="object"&&!Array.isArray(o))r[c]=Is(o);else r[c]=o}return r}function A5(n,r){let t=new URLSearchParams,o=(i,a)=>{if(a===void 0||a===null)return;if(Array.isArray(a))for(let e of a)o(`${i}[]`,e);else if(a instanceof Date)t.append(i,a.toISOString());else if(typeof a==="object")for(let[e,s]of Object.entries(a))o(`${i}[${e}]`,s);else t.append(i,String(a))};for(let[i,a]of Object.entries(r))o(i,a);let c=t.toString();if(!c)return n;return n.includes("?")?`${n}&${c}`:`${n}?${c}`}function E5(n,r,t,o){let c={...w5,...r.tokenNames},i=new Ai({baseUrl:r.baseUrl,debug:r.debug,timeout:30000,retries:0});return async function(e,s){let f=n[e];if(!f)return{isSuccess:!1,errors:{message:`Endpoint "${e}" not found`},code:404};let d=await t(),l=await o(),w={};if(l.forEach((H,D)=>{w[D]=H}),(f.path.includes("/auth/login")||f.path.includes("/auth/oauth"))&&f.method==="POST")try{d.delete(c.accessToken),d.delete(c.refreshToken),d.delete(c.sessionToken)}catch(H){}let u=h5(l,c),m=f.path,_,S=new Set,h=/:([a-zA-Z_][a-zA-Z0-9_]*)/g,E=h.exec(m);while(E!==null){if(E[1])S.add(E[1]);E=h.exec(m)}if(s&&typeof s==="object"&&!(s instanceof FormData)){let H=s;for(let[D,R]of Object.entries(H))if(R!=null){if(S.has(D))m=m.replace(`:${D}`,String(R));else if(D.startsWith("_")&&S.has(D.substring(1)))m=m.replace(`:${D.substring(1)}`,String(R));else if(D==="id"&&S.has("id"))m=m.replace(":id",String(R))}}if(f.method==="GET"&&s&&typeof s==="object"){let H={...s};for(let D of S)delete H[D],delete H[`_${D}`];m=A5(m,H)}else if(s!==void 0){if(f.isFormData&&s instanceof FormData)_=s;else if(Array.isArray(s)){if(_=s.map((H)=>H&&typeof H==="object"?Is(H):H),!u["content-type"])u["content-type"]="application/json"}else if(_=f.skipCamelCase?s:Is(s),!u["content-type"])u["content-type"]="application/json"}let W=await i.fetch({url:m,method:f.method,headers:u,body:_});if(W.headers["set-cookie"])try{let H=W.headers["set-cookie"],D=m5(H);for(let R of D){let[$,...A]=R.split(";");if(!$)continue;let[M,z]=$.split("=");if(M&&z){let X={};for(let O of A){let[B,L]=O.trim().split("=");if(!B)continue;let G=B.toLowerCase();if(G==="path")X.path=L;else if(G==="domain")X.domain=L;else if(G==="max-age")X.maxAge=Number(L);else if(G==="expires"&&L)X.expires=new Date(L);else if(G==="httponly")X.httpOnly=!0;else if(G==="secure")X.secure=!0;else if(G==="samesite")X.sameSite=L}d.set(M.trim(),z.trim(),X)}}}catch(H){console.warn("[ServerFactory] Failed to process Set-Cookie headers:",H instanceof Error?H.message:String(H))}let V=W.response;if(W.isSuccess&&V&&typeof V==="object"&&!Array.isArray(V)){let H=V;if("success"in H&&!("data"in H)){let{success:D,message:R,error:$,...A}=H;V={success:D,...R!==void 0?{message:R}:{},...$!==void 0?{error:$}:{},...Object.keys(A).length>0?{data:A}:{}}}}return{isSuccess:W.isSuccess,data:V,errors:W.errors,code:W.code,message:W.isSuccess?void 0:W.errors?.message}}}import{batch as S5,createStore as R5}from"h-state";var D5={connection:{status:"disconnected",clientId:null,subscribedTopics:[],error:null,reconnectAttempt:0},events:[],maxEvents:100},{useStore:ys}=R5(D5,{setConnectionStatus:(n)=>(r)=>{n.connection.status=r},setClientId:(n)=>(r)=>{n.connection.clientId=r},setSubscribedTopics:(n)=>(r)=>{n.connection.subscribedTopics=r},setError:(n)=>(r)=>{n.connection.error=r},setReconnectAttempt:(n)=>(r)=>{n.connection.reconnectAttempt=r},addEvent:(n)=>(r)=>{let t=[r,...n.events];n.events=t.slice(0,n.maxEvents)},clearEvents:(n)=>()=>{n.events=[]},reset:(n)=>()=>{S5(()=>{n.connection.status="disconnected",n.connection.clientId=null,n.connection.subscribedTopics=[],n.connection.error=null,n.connection.reconnectAttempt=0,n.events=[]})}});import{useEffect as md,useEffectEvent as jo,useRef as Ei}from"react";function k5(n){if(n.wsUrl){let i=n.wsUrl.replace(/\/$/,""),a=n.wsPath||"/api/events/subscribe",e=(n.topics||["*"]).join(",");return`${i}${a}?userId=${encodeURIComponent(n.userId)}&topics=${encodeURIComponent(e)}`}if(typeof window>"u")return"";let r=window.location.protocol==="https:"?"wss:":"ws:",t=window.location.host,o=n.wsPath||"/api/events/subscribe",c=(n.topics||["*"]).join(",");return`${r}//${t}${o}?userId=${encodeURIComponent(n.userId)}&topics=${encodeURIComponent(c)}`}var M5=0;function H5(n){let r=ys(),t=Ei(null),o=Ei(null),c=Ei(null),i=Ei(!1),a=Ei(n);a.current=n;let e=n.autoReconnect??!0,s=n.maxReconnectAttempts??10,f=n.reconnectBaseDelay??1000,d=n.reconnectMaxDelay??30000,l=n.heartbeatInterval??30000,w=n.debug??!1,g=(...R)=>{if(w)console.log("[usePubSub]",...R)},u=()=>{if(o.current)clearInterval(o.current),o.current=null},m=()=>{if(c.current)clearTimeout(c.current),c.current=null},_=(R)=>{u(),o.current=setInterval(()=>{if(R.readyState===WebSocket.OPEN)R.send(JSON.stringify({type:"ping"}))},l)},S=jo((R)=>{try{let $=JSON.parse(R.data);switch($.type){case"connected":r.setConnectionStatus("connected"),r.setClientId($.clientId),r.setSubscribedTopics($.subscribedTopics),r.setReconnectAttempt(0),r.setError(null),g("Connected, clientId:",$.clientId);break;case"subscribed":r.setSubscribedTopics($.topics),g("Subscribed to:",$.topics);break;case"event":{let A={id:`evt_${Date.now()}_${M5++}`,topic:$.topic,data:$.data,timestamp:$.timestamp,receivedAt:Date.now(),messageId:$.messageId,isRedelivery:$.isRedelivery};if(r.addEvent(A),$.messageId&&t.current?.readyState===WebSocket.OPEN)t.current.send(JSON.stringify({type:"ack",messageId:$.messageId}));break}case"pong":break;case"error":r.setError(Error($.error)),g("Server error:",$.error);break}}catch{g("Failed to parse message")}}),h=jo((R)=>{if(i.current)return;if(!e)return;if(R>=s){r.setConnectionStatus("disconnected"),r.setError(Error("Max reconnection attempts reached")),g("Max reconnect attempts reached");return}let $=Math.min(f*2**R,d);g(`Reconnecting in ${$}ms (attempt ${R+1}/${s})`),r.setConnectionStatus("reconnecting"),r.setReconnectAttempt(R+1),m(),c.current=setTimeout(()=>{if(!i.current)E()},$)}),E=jo(()=>{if(i.current)return;if(t.current?.readyState===WebSocket.OPEN)return;if(!a.current.userId)return;if(t.current){if(t.current.onopen=null,t.current.onmessage=null,t.current.onerror=null,t.current.onclose=null,t.current.readyState===WebSocket.OPEN||t.current.readyState===WebSocket.CONNECTING)t.current.close();t.current=null}let R=k5(a.current);if(!R)return;r.setConnectionStatus("connecting"),r.setError(null),g("Connecting to:",R);let $=new WebSocket(R);t.current=$,$.onopen=()=>{g("WebSocket opened"),_($)},$.onmessage=S,$.onerror=()=>{g("WebSocket error"),r.setError(Error("WebSocket connection error"))},$.onclose=(A)=>{if(g("WebSocket closed",A.code,A.reason),u(),r.setConnectionStatus("disconnected"),r.setClientId(null),!i.current&&A.code!==4001){let M=r.connection.reconnectAttempt;h(M)}}}),W=jo(()=>{if(u(),m(),t.current){if(t.current.onopen=null,t.current.onmessage=null,t.current.onerror=null,t.current.onclose=null,t.current.readyState===WebSocket.OPEN||t.current.readyState===WebSocket.CONNECTING)t.current.close();t.current=null}r.setConnectionStatus("disconnected"),r.setClientId(null)}),V=jo((R)=>{if(t.current?.readyState!==WebSocket.OPEN)return;t.current.send(JSON.stringify({type:"subscribe",topics:R}))}),H=jo((R)=>{if(t.current?.readyState!==WebSocket.OPEN)return;t.current.send(JSON.stringify({type:"unsubscribe",topics:R}))}),D=jo((R)=>{return r.events.filter(($)=>$.topic===R)});return md(()=>{if(i.current=!1,n.userId)E();return()=>{i.current=!0,W()}},[n.userId]),md(()=>{if(r.connection.status==="connected"&&n.topics)V(n.topics)},[n.topics?.join(",")]),{isConnected:r.connection.status==="connected",isConnecting:r.connection.status==="connecting"||r.connection.status==="reconnecting",clientId:r.connection.clientId,subscribedTopics:r.connection.subscribedTopics,events:r.events,error:r.connection.error,reconnectAttempt:r.connection.reconnectAttempt,connect:E,disconnect:W,subscribe:V,unsubscribe:H,clearEvents:r.clearEvents,getEventsByTopic:D}}import{randomUUID as F8}from"crypto";var i0=Hr(Ed(),1);import{Elysia as Ba,NotFoundError as Rc}from"elysia";var ct,mo,Ft=typeof Bun<"u"&&!!Bun.file;function Sc(){if(ct||(ct=process.getBuiltinModule("fs/promises")),mo||(mo=process.getBuiltinModule("path")),!mo){console.warn("@elysiajs/static require path to be available.");return}return[ct,mo]}async function Sd(n){if(ct||Sc(),Ft){let r=new Bun.Glob("**/*.html"),t=[];for await(let o of r.scan(n))t.push(mo.join(n,o));return t}return[]}async function n0(n){if(ct||Sc(),Ft){let t=new Bun.Glob("**/*"),o=[];for await(let c of t.scan(n))o.push(mo.join(n,c));return o}let r=await ct.readdir(n).catch(()=>[]);return(await Promise.all(r.map(async(t)=>{let o=n+mo.sep+t,c=await ct.stat(o).catch(()=>null);return c?c.isDirectory()?await n0(o):[mo.resolve(n,o)]:[]}))).flat()}function r0(n){return ct||Sc(),ct.stat(n).then(()=>!0,()=>!1)}class t0{constructor(n=250,r=10800){this.max=n,this.ttl=r,this.map=new Map}get(n){let r=this.map.get(n);if(r)return r[1]<=Date.now()?void this.delete(n):(this.map.delete(n),this.map.set(n,r),r[0])}set(n,r){if(this.interval||(this.interval=setInterval(()=>{let t=Date.now();for(let[o,c]of this.map)c[1]<=t&&this.map.delete(o)},this.ttl)),this.map.has(n))this.map.delete(n);else if(this.map.size>=this.max){let t=this.map.keys().next().value;t!==void 0&&this.delete(t)}this.map.set(n,[r,Date.now()+this.ttl*1000])}delete(n){this.map.get(n)&&this.map.delete(n)}clear(){this.map.clear()}size(){return this.map.size}[Symbol.dispose](){this.interval&&clearInterval(this.interval)}}function o0(n,r,t){if(n["cache-control"]&&/no-cache|no-store/.test(n["cache-control"]))return!1;if("if-none-match"in n){let o=n["if-none-match"];return o==="*"?!0:o===null||typeof r!="string"?!1:o===r}if(n["if-modified-since"]){let o=n["if-modified-since"];try{return ct.stat(t).then((c)=>{if(c.mtime!==void 0&&c.mtime.getTime()<=Date.parse(o))return!0})}catch{}}return!1}var za;function Si(n){return Ft?Bun.file(n):(ct||Sc(),ct.readFile(n))}async function c0(n){return Ft?new Bun.CryptoHasher("md5").update(await n.arrayBuffer()).digest("base64"):(za||(za=process.getBuiltinModule("crypto")),za?za.createHash("md5").update(n).digest("base64"):void console.warn("[@elysiajs/static] crypto is required to generate etag."))}var Ri=(n)=>{if(!n)return!1;for(let r in n)return!0;return!1};async function Rd({assets:n="public",prefix:r="/public",staticLimit:t=1024,alwaysStatic:o=!1,ignorePatterns:c=[".DS_Store",".git",".env"],headers:i,maxAge:a=86400,directive:e="public",etag:s=!0,extension:f=!0,indexHTML:d=!0,decodeURI:l,silent:w}={}){if(typeof process>"u"||typeof process.getBuiltinModule>"u")return w||console.warn("[@elysiajs/static] require process.getBuiltinModule. Static plugin is disabled"),new Ba;let g=Sc();if(!g)return new Ba;let[u,m]=g,_=m.sep!=="/"?(H)=>H.replace(/\\/g,"/"):(H)=>H,S=new t0;r===m.sep&&(r="");let h=m.resolve(n),E=c.length?(H)=>c.find((D)=>typeof D=="string"?D.includes(H):D.test(H)):()=>!1,W=new Ba({name:"static",seed:r});if(o){let H=await n0(m.resolve(n));if(H.length<=t)for(let D of H){let R=function({headers:X}){if(z){let L=o0(X,z,D);if(L===!0)return new Response(null,{status:304,headers:Ri(i)?i:void 0});if(L!==!1){let G=S.get(A);return G?G.clone():L.then((j)=>{if(j)return new Response(null,{status:304,headers:i||void 0});let N=new Response(M,{headers:Object.assign({"Cache-Control":a?`${e}, max-age=${a}`:e},i,z?{Etag:z}:{})});return S.set(r,N),N.clone()})}}let O=S.get(A);if(O)return O.clone();let B=new Response(M,{headers:Object.assign({"Cache-Control":a?`${e}, max-age=${a}`:e},i,z?{Etag:z}:{})});return S.set(A,B),B.clone()};var V=R;if(!D||E(D))continue;let $=D.replace(h,"");l&&($=i0.default($)??$);let A=_(m.join(r,$));if(Ft&&D.endsWith(".html")){let X=await import(D);W.get(A,X.default),d&&A.endsWith("/index.html")&&W.get(A.replace("/index.html",""),X.default);continue}f||(A=_(A.slice(0,A.lastIndexOf("."))));let M=Ft?Si(D):await Si(D);if(!M)return w||console.warn(`[@elysiajs/static] Failed to load file: ${D}`),new Ba;let z=await c0(M);W.get(A,s?R:new Response(M,Ri(i)?{headers:i}:void 0)),d&&A.endsWith("/index.html")&&W.get(A.replace("/index.html",""),s?R:new Response(M,Ri(i)?{headers:i}:void 0))}return W}if(!(`GET_${r}/*`in W.routeTree)){if(Ft){let H=await Sd(m.resolve(n));for(let D of H){if(!D||E(D))continue;let R=D.replace(h,""),$=_(m.join(r,R)),A=await import(D);W.get($,A.default),d&&$.endsWith("/index.html")&&W.get($.replace("/index.html",""),A.default)}}W.onError(()=>{}).get(`${r.endsWith("/")?r.slice(0,-1):r}/*`,async({params:H,headers:D})=>{let R=_(m.join(n,l?i0.default(H["*"])??H["*"]:H["*"]));if(E(R))throw new Rc;let $=S.get(R);if($)return $.clone();try{let A=await u.stat(R).catch(()=>null);if(!A)throw new Rc;if(!d&&A.isDirectory())throw new Rc;let M;if(!Ft&&d){let O=m.join(R,"index.html"),B=S.get(O);if(B)return B.clone();await r0(O)&&(M=await Si(O))}if(!M&&!A.isDirectory()&&await r0(R))M=await Si(R);else throw new Rc;if(!s)return new Response(M,Ri(i)?{headers:i}:void 0);let z=await c0(M);if(z&&await o0(D,z,R))return new Response(null,{status:304});let X=new Response(M,{headers:Object.assign({"Cache-Control":a?`${e}, max-age=${a}`:e},i,z?{Etag:z}:{})});return S.set(R,X),X.clone()}catch(A){throw A instanceof Rc?A:(w||console.error("[@elysiajs/static]",A),new Rc)}})}return W}of();q0();import{pushSchema as j8}from"drizzle-kit/api";import{and as gi,eq as Er}from"drizzle-orm";import{drizzle as K8}from"drizzle-orm/node-postgres";import{pgSchema as v8}from"drizzle-orm/pg-core";import Z8 from"elysia";var Ui=[{table_name:"users",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"email",type:"varchar",length:255},{name:"password",type:"varchar",length:255},{name:"verified_at",type:"timestamp"},{name:"email_verification_token",type:"varchar",length:255},{name:"email_verification_token_expires_at",type:"timestamp"},{name:"email_verification_sent_at",type:"timestamp"},{name:"email_verification_attempts",type:"integer",default:0},{name:"last_login_at",type:"timestamp"},{name:"login_count",type:"integer",default:0},{name:"is_locked",type:"boolean",default:!1},{name:"locked_until",type:"timestamp"},{name:"failed_login_attempts",type:"integer",default:0},{name:"is_god",type:"boolean",default:!1}],indexes:[{columns:["email"],unique:!0},{columns:["email","is_active"]},{columns:["last_login_at"]},{columns:["is_locked","locked_until"]}]},{table_name:"profiles",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"first_name",type:"varchar",length:100,notNull:!0},{name:"last_name",type:"varchar",length:100,notNull:!0}],indexes:[{columns:["user_id"],unique:!0},{columns:["first_name","last_name"]}]},{table_name:"roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500}],indexes:[{columns:["name"],unique:!0}]},{table_name:"claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"action",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500},{name:"path",type:"varchar",length:200,notNull:!0},{name:"method",type:"varchar",length:10,notNull:!0}],indexes:[{columns:["action"],unique:!0},{columns:["path","method"]}]},{table_name:"user_roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}}],indexes:[{columns:["user_id"]},{columns:["role_id"]}],constraints:{unique:[{name:"unique_user_role",columns:["user_id","role_id"]}]}},{table_name:"role_claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}},{name:"claim_id",type:"uuid",notNull:!0,references:{table:"claims",column:"id",onDelete:"cascade"}},{name:"scope",type:"text"}],indexes:[{columns:["role_id"]},{columns:["claim_id"]},{columns:["role_id","claim_id","scope"]}]},{table_name:"files",feature_set:["storage"],add_base_columns:!0,is_form_data:!0,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:255,notNull:!0},{name:"original_name",type:"varchar",length:255,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["image","document","video","audio","profile_picture"]},{name:"path",type:"varchar",length:500,notNull:!0},{name:"size",type:"bigint",mode:"number",notNull:!0},{name:"mime_type",type:"varchar",length:100,notNull:!0},{name:"extension",type:"varchar",length:10,notNull:!0},{name:"uploaded_by",type:"uuid",references:{table:"users",column:"id"}}],indexes:[{columns:["type"]},{columns:["uploaded_by"]},{columns:["size"]}]},{table_name:"addresses",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"street",type:"varchar",length:255},{name:"city",type:"varchar",length:100},{name:"state",type:"varchar",length:50},{name:"zip",type:"varchar",length:20},{name:"country",type:"varchar",length:50,default:"US"},{name:"latitude",type:"decimal",precision:10,scale:8},{name:"longitude",type:"decimal",precision:11,scale:8},{name:"neighborhood",type:"varchar",length:100},{name:"apartment",type:"varchar",length:50},{name:"province",type:"varchar",length:100},{name:"district",type:"varchar",length:100},{name:"type",type:"varchar",length:50}],indexes:[{columns:["city","state"]},{columns:["latitude","longitude"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"phones",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["mobile","office","fax"]},{name:"number",type:"varchar",length:20,notNull:!0},{name:"country_code",type:"varchar",length:10,notNull:!0,default:"+1"},{name:"extension",type:"varchar",length:10}],indexes:[{columns:["number"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"notifications",feature_set:["notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",notNull:!0},{name:"title",type:"varchar",length:255,notNull:!0},{name:"body",type:"varchar",length:1000},{name:"entity_name",type:"varchar",length:100},{name:"entity_id",type:"uuid"},{name:"type",type:"varchar",length:50,notNull:!0,default:"system",enumValues:["verification","system","custom"]},{name:"source",type:"varchar",length:100},{name:"is_seen",type:"boolean",notNull:!0,default:!1},{name:"seen_at",type:"timestamptz"}],indexes:[{columns:["user_id","created_at"]},{columns:["is_seen"]},{columns:["type"]},{columns:["user_id","type","is_seen"]}]},{table_name:"tenants",feature_set:["multi-tenant"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:[],columns:[{name:"subdomain",type:"varchar",length:100,notNull:!0,unique:!0},{name:"company_id",type:"uuid",notNull:!0},{name:"schema_name",type:"varchar",length:100,notNull:!0,unique:!0},{name:"company_name",type:"varchar",length:255},{name:"god_admin_email",type:"varchar",length:255}],indexes:[]},{table_name:"verifications",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"instance_id",type:"uuid",notNull:!0,references:{table:"verificationInstances",column:"id",onDelete:"cascade"}},{name:"requirement_id",type:"uuid",notNull:!0,references:{table:"verificationRequirements",column:"id"}},{name:"verifier_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"signature_id",type:"uuid",references:{table:"files",column:"id"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"decision",type:"varchar",length:50,notNull:!0,default:"pending",enumValues:["approved","rejected","pending"]},{name:"reason",type:"text"},{name:"diff",type:"jsonb"}],indexes:[{columns:["instance_id"]},{columns:["requirement_id"]},{columns:["verifier_id"]},{columns:["entity_name","entity_id"]},{columns:["entity_name","entity_id","step_order"]},{columns:["decision"]}]},{table_name:"verificationRequirements",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"instance_id",type:"uuid",notNull:!0,references:{table:"verificationInstances",column:"id",onDelete:"cascade"}},{name:"step_node_id",type:"varchar",length:100,notNull:!0},{name:"verifier_node_id",type:"varchar",length:100,notNull:!0},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"verifier_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role"]},{name:"verifier_user_id",type:"uuid"},{name:"verifier_role",type:"varchar",length:100},{name:"require_signature",type:"boolean",notNull:!0,default:!1},{name:"all_must_approve",type:"boolean",notNull:!0,default:!1},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"status",type:"varchar",length:30,notNull:!0,default:"pending",enumValues:["pending","approved","rejected"]}],indexes:[{columns:["instance_id"]},{columns:["instance_id","step_order"]},{columns:["entity_name","entity_id"]},{columns:["verifier_user_id"]},{columns:["status"]}]},{table_name:"verificationFlows",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"trigger_on",type:"varchar",length:50,notNull:!0,default:"update",enumValues:["create","update","delete","manual"]},{name:"trigger_fields",type:"jsonb"},{name:"is_draft",type:"boolean",notNull:!0,default:!0},{name:"published_at",type:"timestamptz"},{name:"viewport",type:"jsonb"}],indexes:[{columns:["entity_name"]},{columns:["entity_name","trigger_on"]},{columns:["is_draft"]}]},{table_name:"verificationSteps",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"node_type",type:"varchar",length:50,notNull:!0,default:"step",enumValues:["step","verifier","notification"]},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"name",type:"varchar",length:255},{name:"description",type:"text"},{name:"position_x",type:"numeric",notNull:!0,default:0},{name:"position_y",type:"numeric",notNull:!0,default:0},{name:"width",type:"numeric"},{name:"height",type:"numeric"},{name:"style",type:"jsonb"},{name:"data",type:"jsonb"}],indexes:[{columns:["flow_id"]},{columns:["entity_name"]},{columns:["flow_id","node_id"],unique:!0},{columns:["entity_name","step_order"]}]},{table_name:"verificationEdges",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"edge_id",type:"varchar",length:100,notNull:!0},{name:"source_node_id",type:"varchar",length:100,notNull:!0},{name:"target_node_id",type:"varchar",length:100,notNull:!0},{name:"source_handle",type:"varchar",length:50},{name:"target_handle",type:"varchar",length:50},{name:"edge_type",type:"varchar",length:50,default:"default",enumValues:["default","conditional","success","failure"]},{name:"label",type:"varchar",length:255},{name:"condition",type:"jsonb"},{name:"style",type:"jsonb"},{name:"animated",type:"boolean",default:!1}],indexes:[{columns:["flow_id"]},{columns:["flow_id","edge_id"],unique:!0},{columns:["source_node_id"]},{columns:["target_node_id"]}]},{table_name:"verificationNotificationRules",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"trigger",type:"varchar",length:50,notNull:!0,enumValues:["on_flow_started","on_step_reached","on_approved","on_rejected","on_flow_completed"]},{name:"title_template",type:"varchar",length:255},{name:"body_template",type:"text"},{name:"starts_at",type:"timestamptz"},{name:"expires_at",type:"timestamptz"}],indexes:[{columns:["flow_id"]},{columns:["flow_id","node_id"],unique:!0},{columns:["trigger"]}]},{table_name:"verificationNotificationRecipients",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"rule_id",type:"uuid",notNull:!0,references:{table:"verificationNotificationRules",column:"id",onDelete:"cascade"}},{name:"recipient_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role","all_verifiers","step_verifier","entity_creator"]},{name:"recipient_user_id",type:"uuid"},{name:"recipient_role",type:"varchar",length:100}],indexes:[{columns:["rule_id"]},{columns:["recipient_type"]}]},{table_name:"verificationVerifierConfigs",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"verifier_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role"]},{name:"verifier_user_id",type:"uuid"},{name:"verifier_role",type:"varchar",length:100},{name:"require_signature",type:"boolean",notNull:!0,default:!1},{name:"all_must_approve",type:"boolean",notNull:!0,default:!1}],indexes:[{columns:["flow_id"]},{columns:["flow_id","node_id"],unique:!0},{columns:["verifier_type"]}]},{table_name:"verificationInstances",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"started_by",type:"uuid",references:{table:"users",column:"id"}},{name:"status",type:"varchar",length:30,notNull:!0,default:"active",enumValues:["active","completed","rejected","cancelled"]},{name:"current_step_order",type:"integer",notNull:!0,default:1},{name:"started_at",type:"timestamptz",notNull:!0,defaultRaw:"now()"},{name:"completed_at",type:"timestamptz"}],indexes:[{columns:["flow_id"]},{columns:["entity_name","entity_id"]},{columns:["entity_name","entity_id","status"]},{columns:["status"]},{columns:["started_by"]}]},{table_name:"verificationNotificationChannels",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"rule_id",type:"uuid",notNull:!0,references:{table:"verificationNotificationRules",column:"id",onDelete:"cascade"}},{name:"channel",type:"varchar",length:30,notNull:!0,enumValues:["portal","email","sms","telegram","webhook"]}],indexes:[{columns:["rule_id"]},{columns:["rule_id","channel"],unique:!0},{columns:["channel"]}]},{table_name:"user_sessions",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"refresh_token_hash",type:"varchar",length:255},{name:"device_fingerprint",type:"varchar",length:255},{name:"device_name",type:"varchar",length:100},{name:"device_type",type:"varchar",length:50,enumValues:["desktop","mobile","tablet","unknown"]},{name:"browser_name",type:"varchar",length:50},{name:"browser_version",type:"varchar",length:20},{name:"os_name",type:"varchar",length:50},{name:"os_version",type:"varchar",length:20},{name:"ip_address",type:"varchar",length:45,notNull:!0},{name:"location_country",type:"varchar",length:100},{name:"location_city",type:"varchar",length:100},{name:"location_coordinates",type:"varchar",length:50},{name:"last_activity_at",type:"timestamptz",notNull:!0,defaultRaw:"now()"},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"revoked_at",type:"timestamptz"},{name:"revoked_reason",type:"varchar",length:100,enumValues:["user_logout","user_revoked","admin_revoked","security_concern","password_changed","expired","replaced"]},{name:"is_current",type:"boolean",notNull:!0,default:!1},{name:"login_method",type:"varchar",length:50,enumValues:["password","oauth_google","oauth_github","oauth_microsoft","magic_link","sso","api_key"]},{name:"remember_me",type:"boolean",notNull:!0,default:!1},{name:"trust_score",type:"integer",default:100},{name:"approval_status",type:"varchar",length:20,default:"approved",enumValues:["approved","pending","rejected"]},{name:"approval_token",type:"varchar",length:64},{name:"approval_requested_at",type:"timestamptz"},{name:"approval_responded_at",type:"timestamptz"}],indexes:[{columns:["user_id"]},{columns:["token_hash"],unique:!0},{columns:["refresh_token_hash"]},{columns:["user_id","is_active"]},{columns:["expires_at"]},{columns:["device_fingerprint"]},{columns:["ip_address"]},{columns:["last_activity_at"]},{columns:["approval_status"]},{columns:["approval_token"]}]},{table_name:"password_reset_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["expires_at"]}]},{table_name:"magic_link_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"email",type:"varchar",length:255,notNull:!0},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["email"]},{columns:["expires_at"]}]},{table_name:"audit_logs",feature_set:["audit"],add_base_columns:!1,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","DELETE","PATCH","TOGGLE","VERIFICATION"],columns:[{name:"id",type:"uuid",primaryKey:!0,defaultRaw:"gen_random_uuid()"},{name:"entity_id",type:"uuid"},{name:"entity_name",type:"text",notNull:!0},{name:"operation_type",type:"text",notNull:!0},{name:"user_id",type:"uuid"},{name:"ip_address",type:"text"},{name:"user_agent",type:"text"},{name:"summary",type:"text"},{name:"old_values",type:"jsonb"},{name:"new_values",type:"jsonb"},{name:"created_at",type:"timestamp",notNull:!0,defaultRaw:"now()"},{name:"path",type:"text"},{name:"query",type:"text"}],indexes:[{columns:["entity_id"]},{columns:["entity_name"]},{columns:["user_id"]},{columns:["created_at"]}]},{table_name:"oauth_accounts",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!1,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:50,notNull:!0,enumValues:["google","github","microsoft","discord","facebook","twitter","apple","custom"]},{name:"provider_account_id",type:"varchar",length:255,notNull:!0},{name:"provider_email",type:"varchar",length:255},{name:"provider_name",type:"varchar",length:255},{name:"provider_avatar_url",type:"text"},{name:"access_token",type:"text"},{name:"refresh_token",type:"text"},{name:"token_expires_at",type:"timestamp"},{name:"scope",type:"text"},{name:"raw_profile",type:"jsonb"},{name:"is_primary",type:"boolean",notNull:!0,default:!1},{name:"last_used_at",type:"timestamp"}],indexes:[{columns:["user_id"]},{columns:["provider","provider_account_id"],unique:!0},{columns:["provider_email"]},{columns:["user_id","provider"]}],constraints:{unique:[{name:"unique_provider_account",columns:["provider","provider_account_id"]}]}}];var th={GET:["GET"],POST:["POST"],PUT:["PUT"],DELETE:["DELETE"],PATCH:["PATCH"],TOGGLE:["PATCH"],VERIFICATION:["POST"]};function oh(n,r){let t=[],o=n.authentication;if(!o)return t;if(o.login?.enabled&&o.login?.isPublic)t.push({path:o.login.route||`${r}/auth/login`,method:"POST",source:"auth"});if(o.register?.enabled&&o.register?.isPublic)t.push({path:o.register.route||`${r}/auth/register`,method:"POST",source:"auth"});if(o.logout?.enabled&&o.logout?.isPublic)t.push({path:o.logout.route||`${r}/auth/logout`,method:"POST",source:"auth"});if(o.refresh?.enabled&&o.refresh?.isPublic)t.push({path:o.refresh.route||`${r}/auth/refresh`,method:"POST",source:"auth"});if(o.passwordReset?.enabled&&o.passwordReset?.isPublic){let c=o.passwordReset.route||`${r}/auth/password-reset`;t.push({path:`${c}/request`,method:"POST",source:"auth"},{path:`${c}/confirm`,method:"POST",source:"auth"})}if(o.passwordChange?.enabled&&o.passwordChange?.isPublic)t.push({path:o.passwordChange.route||`${r}/auth/password-change`,method:"POST",source:"auth"});if(o.magicLink?.enabled&&o.magicLink?.isPublic)t.push({path:o.magicLink.route||`${r}/auth/magic-link`,method:"POST",source:"auth"},{path:o.magicLink.verifyRoute||`${r}/auth/magic-link/verify`,method:"GET",source:"auth"});if(o.register?.enabled&&o.register?.emailVerification?.enabled)t.push({path:`${r}/verify-email`,method:"GET",source:"auth"},{path:`${r}/resend-verification`,method:"POST",source:"auth"});if(o.invite?.enabled&&o.invite?.isPublic)t.push({path:o.invite.route||`${r}/auth/invite`,method:"POST",source:"auth"});if(o.invite?.enabled){let c=o.invite.route||`${r}/auth/invite`;t.push({path:`${c}/verify`,method:"POST",source:"auth"})}if(o.passwordSet?.enabled)t.push({path:o.passwordSet.route||`${r}/auth/password-set`,method:"POST",source:"auth"});if(o.captcha?.enabled&&o.captcha?.isPublic){let c=o.captcha.route||`${r}/auth/captcha`;t.push({path:`${c}/generate`,method:"GET",source:"auth"},{path:`${c}/validate`,method:"POST",source:"auth"})}if(o.sessions?.enabled){let c=o.sessions.route||`${r}/auth/sessions`;t.push({path:`${c}/approve`,method:"POST",source:"auth"},{path:`${c}/reject`,method:"POST",source:"auth"},{path:`${c}/approve-page`,method:"GET",source:"auth"},{path:`${c}/reject-page`,method:"GET",source:"auth"},{path:`${c}/approval-status`,method:"GET",source:"auth"})}if(o.oauth?.enabled){let c=o.oauth.basePath||`${r}/auth/oauth`,i=["google","github","microsoft","discord","facebook","twitter","apple","custom"];t.push({path:`${c}/providers`,method:"GET",source:"auth"});for(let a of i)t.push({path:`${c}/${a}`,method:"GET",source:"auth"},{path:`${c}/${a}/callback`,method:"GET",source:"auth"})}return t}function ob(n,r,t){let o=[];for(let c of n){if(!c.is_public)continue;let i=`${r}/${t}/${c.table_name}`;for(let[a,e]of Object.entries(c.is_public)){if(!e)continue;let s=th[a];if(!s)continue;for(let f of s)if(f==="GET")o.push({path:i,method:"GET",source:"entity"}),o.push({path:`${i}/:id`,method:"GET",source:"entity"});else if(f==="POST")o.push({path:i,method:"POST",source:"entity"});else if(f==="PUT"||f==="PATCH")o.push({path:`${i}/:id`,method:f,source:"entity"});else if(f==="DELETE")o.push({path:`${i}/:id`,method:"DELETE",source:"entity"})}}return o}function ch(n,r,t){return ob(n,r,t)}function cf(n,r,t="",o="public"){let c=oh(n,t),i=ob(n.entities||[],t,o),a=ch(r,t,o),e=[];if(n.pubsub?.enabled){let f=n.pubsub.basePath||"/subs",d=n.pubsub.wsPath||"/api/events/subscribe";e.push({path:`${f}/:topic`,method:"POST",source:"system"},{path:d,method:"GET",source:"system"})}let s=[{path:"/nucleus-core",method:"GET",source:"custom"},{path:"/public",method:"GET",source:"custom"},{path:"/docs",method:"GET",source:"custom"},{path:"/docs/json",method:"GET",source:"custom"},{path:"/swagger",method:"GET",source:"custom"},{path:"/swagger/json",method:"GET",source:"custom"}];return[...c,...i,...a,...e,...s]}function af(n,r,t){let o=r.replace(/\/$/,""),c=t.toUpperCase();for(let i of n){if(i.method!==c)continue;if(ih(i.path,o))return!0}return!1}function ih(n,r){if(n===r)return!0;let t=n.split("/").filter(Boolean),o=r.split("/").filter(Boolean);if(t.length!==o.length)return!1;for(let c=0;c<t.length;c++){let i=t[c],a=o[c];if(i?.startsWith(":"))continue;if(i!==a)return!1}return!0}import{asc as Nh,desc as xh,eq as $r,ilike as Nb,inArray as Ph,notInArray as Ch,or as qh}from"drizzle-orm";import{drizzle as Fh}from"drizzle-orm/node-postgres";import{Elysia as jh,t as Nn}from"elysia";x0();_e();be();import{t as Tn}from"elysia";function Gh(n){let r={};if(!n||n.length===0)return Tn.Object({},{additionalProperties:!0});for(let t of n)switch(t.type?.toLowerCase()||"string"){case"integer":case"int":case"serial":case"bigserial":case"numeric":case"decimal":r[t.name]=t.notNull?Tn.Number():Tn.Optional(Tn.Number());break;case"boolean":r[t.name]=t.notNull?Tn.Boolean():Tn.Optional(Tn.Boolean());break;case"timestamp":case"timestamptz":case"date":r[t.name]=t.notNull?Tn.String({format:"date-time"}):Tn.Optional(Tn.String({format:"date-time"}));break;case"json":case"jsonb":r[t.name]=Tn.Optional(Tn.Unknown());break;case"uuid":r[t.name]=t.notNull?Tn.String({format:"uuid"}):Tn.Optional(Tn.String({format:"uuid"}));break;default:r[t.name]=t.notNull?Tn.String():Tn.Optional(Tn.String())}return Tn.Object(r,{additionalProperties:!0})}function Gb(n){return Tn.Array(Tn.Object({id:Tn.String(),data:Gh(n)}))}function Mf(n,r){let{db:t,schemaTables:o,schemaRelations:c,entities:i,logger:a,databaseUrl:e,storage:s,authorization:f,authMode:d,idpUrl:l}=r,w=Yi(s),g=f?.enabled??!1,u=d==="consumer";if(!t)return n;let m=Object.keys(o),_=i.map(($)=>$.table_name),S=m.filter(($)=>!_.includes($)),h=["userSessions","passwordResetTokens","magicLinkTokens"],E=["passwordResetTokens","magicLinkTokens"],W=["files"];function V($){return $.replace(/_([a-z])/g,(A,M)=>M.toUpperCase())}let H=new Map(Ui.map(($)=>[V($.table_name),$])),D=S.filter(($)=>{if(E.includes($)&&!r.emailServiceAvailable)return a.info(`Skipping ${$} routes - email service not available`),!1;return!0}).map(($)=>{let A=H.get($);return{table_name:$,group_name:h.includes($)?"Authentication":$,is_form_data:W.includes($),bulk_endpoints_enabled:A?.bulk_endpoints_enabled??!1,excluded_methods:A?.excluded_methods?[...A.excluded_methods]:[]}}),R=[...i,...D];a.info(`All entities: ${R.map(($)=>$.table_name).join(", ")}`);for(let $ of R){let A=$.table_name,M=$.group_name||$.table_name,z=o[A];if(!z)continue;let X=c[`${A}Relations`];a.info(`Creating routes for table: ${A}`);let O=z,B=O.id,L=t,G=(Q)=>O[Q]??O[V(Q)],j=Gb($.columns),N=Nn.Array(Nn.String()),x=async(Q,v,C,y)=>{let p=Q.headers.get("x-user-id");if(!g||!p)return null;if(u){let F=(Q.headers.get("x-user-claims")||"").split(",").filter(Boolean),nn=(Q.headers.get("x-user-roles")||"").split(",").filter(Boolean);if(l){let cn=Q.headers.get("x-access-token")||(Q.headers.get("cookie")||"").match(/access_token=([^;]+)/)?.[1]||"";return ku({idpUrl:l,accessToken:cn,method:v,entity:$.table_name,requestedFields:C,requestedRelations:y,logger:a})}return Du({userClaims:F,userRoles:nn,method:v,entity:$.table_name,requestedFields:C,requestedRelations:y,logger:a})}return pa({userId:p,method:v,entity:$.table_name,requestedFields:C,requestedRelations:y,db:L,schemaTables:o,logger:a})},I=new jh({prefix:`/${A}`});if(!$.excluded_methods?.includes("GET"))I.get("/",async(Q)=>{if(!L)return{success:!1,message:"DB not initialized"};let v=$.columns?.map((Gn)=>Gn.name),C=Object.keys(c).filter((Gn)=>Gn.startsWith(`${$.table_name}Relations`)).map((Gn)=>Gn.replace("Relations","")),y=await x(Q.request,"GET",v,C);if(y&&!y.authorized)return{success:!1,message:y.reason||"Unauthorized",status:403};let p=Af(Q.query),F=[];if(g&&y?.scopeFilters)for(let[Gn,Yn]of Object.entries(y.scopeFilters)){let rn=G(Gn);if(rn)F.push($r(rn,Yn))}if(p.search&&p.searchFields){let Gn=p.searchFields.map((Yn)=>{let rn=Yn.trim(),Hn=G(rn);return Hn?Nb(Hn,`%${p.search}%`):null}).filter((Yn)=>Yn!==null);if(Gn.length>0){let Yn=qh(...Gn);if(Yn)F.push(Yn)}}if(p.filters){let{ne:Gn,gt:Yn,gte:rn,lt:Hn,lte:yn,like:Kn,isNull:Lr,isNotNull:Fr}=await import("drizzle-orm");for(let wr of p.filters){let dr=G(wr.field);if(!dr)continue;switch(wr.operator){case"eq":F.push($r(dr,wr.value));break;case"neq":F.push(Gn(dr,wr.value));break;case"gt":F.push(Yn(dr,wr.value));break;case"gte":F.push(rn(dr,wr.value));break;case"lt":F.push(Hn(dr,wr.value));break;case"lte":F.push(yn(dr,wr.value));break;case"like":F.push(Kn(dr,wr.value));break;case"ilike":F.push(Nb(dr,wr.value));break;case"in":F.push(Ph(dr,wr.value));break;case"notIn":F.push(Ch(dr,wr.value));break;case"isNull":F.push(Lr(dr));break;case"isNotNull":F.push(Fr(dr));break}}}let nn=L.select().from(z);if(F.length>0){let{and:Gn}=await import("drizzle-orm"),Yn=Gn(...F);if(Yn)nn=nn.where(Yn)}if(p.sort&&p.sort.length>0){let Gn=p.sort.map((Yn)=>{let rn=G(Yn.field);if(!rn)return null;return Yn.direction==="desc"?xh(rn):Nh(rn)}).filter((Yn)=>Yn!==null);if(Gn.length>0)nn=nn.orderBy(...Gn)}let cn=p.page??1,hn=p.limit??20,dn=p.offset??(cn-1)*hn,On=L.select().from(z);if(F.length>0){let{and:Gn}=await import("drizzle-orm"),Yn=Gn(...F);if(Yn)On.where(Yn)}let ln=(await On).length;nn=nn.limit(hn).offset(dn);let gr=await nn,ot=Wb(cn,hn,dn,ln);if(g&&y?.allowedFields)gr=Ia(gr,y.allowedFields);return{success:!0,data:{items:gr,meta:ot}}},{detail:{tags:[M],summary:`List ${A}`,description:`Get paginated list of ${A} records with filtering, sorting, and search`}}),I.get("/:id",async(Q)=>{if(!L||!B)return{success:!1,message:"No id column or DB"};let v=Q.params,C=Af(Q.query),y=$.columns?.map((hn)=>hn.name),p=C.with?.map((hn)=>hn.name),F=await x(Q.request,"GET",y,p);if(F&&!F.authorized)return{success:!1,message:F.reason||"Unauthorized",status:403};if(C.with&&C.with.length>0&&X&&e){let hn=g&&F?.allowedRelations?C.with.filter((vn)=>F.allowedRelations?.includes(vn.name)??!1):C.with,On=await Fh(e,{schema:{...o,...c}}).query[$.table_name]?.findFirst({where:$r(B,v.id),with:hn.reduce((vn,ln)=>{return vn[ln.name]=ln.limit?{limit:ln.limit}:!0,vn},{})});if(g&&F?.allowedFields&&On)On=Ia(On,F.allowedFields);if(g&&F?.allowedRelations&&On)On=Mu(On,F.allowedRelations);return{success:!0,data:On||null}}let cn=(await L.select().from(z).where($r(B,v.id)))[0]||null;if(g&&F?.allowedFields&&cn)cn=Ia(cn,F.allowedFields);return{success:!0,data:cn}},{detail:{tags:[M],summary:`Get ${A} by ID`,description:`Get a single ${A} record by its ID with optional relations`}}),I.get("/distinct/:field",async(Q)=>{if(!L)return{success:!1,message:"DB not initialized"};let v=Q.params,C=G(v.field);if(!C)return{success:!1,message:"Field not found"};return{success:!0,data:await L.selectDistinct({value:C}).from(z)}},{detail:{tags:[M],summary:`Get distinct ${A} values`,description:`Get distinct values for a specific field in ${A}`}});if(!$.excluded_methods?.includes("POST"))if($.is_form_data&&w.enabled)I.post("/",async(Q)=>{if(!L)return{success:!1,message:"DB not initialized"};let v=Q.request.headers.get("x-user-id"),{data:C,files:y}=Ji(Q.body,w),p=C;if($.columns){p=ko(p,$.columns);let cn=Do(p,$.columns,!1);if(!cn.valid)return{success:!1,message:"Validation failed",errors:cn.errors}}let F=null;if(y.length>0){if(F=await Xi(y,w,$.table_name),F.failed.length>0&&F.success.length===0)return{success:!1,message:"File upload failed",errors:F.failed};if(F.success.length>0){let cn=F.success[0];if(cn){let hn=cn.originalName.split(".").pop()||"";p={...p,id:cn.id,name:cn.name,originalName:cn.originalName,path:cn.path,mimeType:cn.mimeType,size:cn.size,extension:hn,uploadedBy:v}}}}if(v)p.createdBy=v;let nn=await L.insert(z).values(p).returning();{let cn=new URL(Q.request.url);a.audit({entityName:$.table_name,entityId:String(nn[0]?.id??""),operation:"CREATE",userId:v||void 0,summary:`Created ${$.table_name}`,newValues:nn[0],ipAddress:Q.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||Q.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:Q.request.headers.get("user-agent")||"unknown",path:cn.pathname,query:cn.search})}return{success:!0,data:nn[0]}},{type:"formdata",body:Nn.Object({[w.formData.dataField]:Nn.Optional(Nn.Union([Nn.String(),Nn.Any()])),[w.formData.filesField]:Nn.Optional(Nn.Union([Nn.File(),Nn.Array(Nn.File())]))}),detail:{tags:[M],summary:`Create ${A} with files`,description:`Create a new ${A} record with file upload support`}});else I.post("/",async(Q)=>{if(!L)return{success:!1,message:"DB not initialized"};let v=Q.body,C=Q.request.headers.get("x-user-id");if($.columns){v=ko(v,$.columns);let p=Do(v,$.columns,!1);if(!p.valid)return{success:!1,message:"Validation failed",errors:p.errors}}if(C)v.createdBy=C;let y=await L.insert(z).values(v).returning();if(A==="userRoles"&&v.roleId&&v.userId)try{let{roles:p,users:F}=o;if(p&&F){if((await L.select().from(p).where($r(p.id,v.roleId)).limit(1))[0]?.name==="godmin")await L.update(F).set({isGod:!0}).where($r(F.id,v.userId))}}catch(p){a.warn("[Entity] Failed to sync is_god flag on userRole create")}{let p=new URL(Q.request.url);a.audit({entityName:$.table_name,entityId:String(y[0]?.id??""),operation:"CREATE",userId:C||void 0,summary:`Created ${$.table_name}`,newValues:y[0],ipAddress:Q.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||Q.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:Q.request.headers.get("user-agent")||"unknown",path:p.pathname,query:p.search})}return{success:!0,data:y[0]}},{body:Nn.Object({},{additionalProperties:!0}),detail:{tags:[M],summary:`Create ${A}`,description:`Create a new ${A} record`}});if(!$.excluded_methods?.includes("PUT"))if($.is_form_data&&w.enabled)I.put("/:id",async(Q)=>{if(!L||!B)return{success:!1,message:"No id column or DB"};let v=Q.params,C=Q.request.headers.get("x-user-id"),{data:y,files:p}=Ji(Q.body,w),F=y,nn=await L.select().from(z).where($r(B,v.id)).limit(1);if($.columns){F=ko(F,$.columns);let dn=Do(F,$.columns,!1);if(!dn.valid)return{success:!1,message:"Validation failed",errors:dn.errors}}let cn=null;if(p.length>0)cn=await Xi(p,w,$.table_name);let hn=await L.update(z).set(F).where($r(B,v.id)).returning();{let dn=new URL(Q.request.url);a.audit({entityName:$.table_name,entityId:v.id,operation:"UPDATE",userId:C||void 0,summary:`Updated ${$.table_name} (${v.id})`,oldValues:nn[0],newValues:hn[0],ipAddress:Q.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||Q.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:Q.request.headers.get("user-agent")||"unknown",path:dn.pathname,query:dn.search})}return{success:!0,data:{record:hn[0],files:cn?.success||[],fileErrors:cn?.failed||[]}}},{type:"formdata",body:Nn.Object({[w.formData.dataField]:Nn.Optional(Nn.Union([Nn.String(),Nn.Any()])),[w.formData.filesField]:Nn.Optional(Nn.Union([Nn.File(),Nn.Array(Nn.File())]))}),detail:{tags:[M],summary:`Update ${A} with files`,description:`Full update of ${A} record with file upload support`}});else I.put("/:id",async(Q)=>{if(!L||!B)return{success:!1,message:"No id column or DB"};let{params:v,body:C}=Q,y=Q.request.headers.get("x-user-id"),p=await L.select().from(z).where($r(B,v.id)).limit(1);if($.columns){C=ko(C,$.columns);let nn=Do(C,$.columns,!1);if(!nn.valid)return{success:!1,message:"Validation failed",errors:nn.errors}}if(C.updatedAt=new Date,y)C.updatedBy=y;let F=await L.update(z).set(C).where($r(B,v.id)).returning();{let nn=new URL(Q.request.url);a.audit({entityName:$.table_name,entityId:v.id,operation:"UPDATE",userId:y||void 0,summary:`Updated ${$.table_name} (${v.id})`,oldValues:p[0],newValues:F[0],ipAddress:Q.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||Q.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:Q.request.headers.get("user-agent")||"unknown",path:nn.pathname,query:nn.search})}return{success:!0,data:F[0]}},{body:Nn.Object({},{additionalProperties:!0}),detail:{tags:[M],summary:`Update ${A}`,description:`Full update of ${A} record`}});if(!$.excluded_methods?.includes("PATCH"))I.patch("/:id",async(Q)=>{if(!L||!B)return{success:!1,message:"No id column or DB"};let{params:v,body:C}=Q,y=Q.request.headers.get("x-user-id"),p=await L.select().from(z).where($r(B,v.id)).limit(1);if($.columns){C=ko(C,$.columns);let nn=Do(C,$.columns,!0);if(!nn.valid)return{success:!1,message:"Validation failed",errors:nn.errors}}if(C.updatedAt=new Date,y)C.updatedBy=y;let F=await L.update(z).set(C).where($r(B,v.id)).returning();{let nn=new URL(Q.request.url);a.audit({entityName:$.table_name,entityId:v.id,operation:"PATCH",userId:y||void 0,summary:`Patched ${$.table_name} (${v.id})`,oldValues:p[0],newValues:F[0],ipAddress:Q.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||Q.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:Q.request.headers.get("user-agent")||"unknown",path:nn.pathname,query:nn.search})}return{success:!0,data:F[0]}},{body:Nn.Object({},{additionalProperties:!0}),detail:{tags:[M],summary:`Patch ${A}`,description:`Partial update of ${A} record`}});if(!$.excluded_methods?.includes("DELETE"))I.delete("/:id",async(Q)=>{if(!L||!B)return{success:!1,message:"No id column or DB"};let v=Q.params,C=Q.request.headers.get("x-user-id"),y=await L.select().from(z).where($r(B,v.id)).limit(1);if(await L.delete(z).where($r(B,v.id)),A==="userRoles"&&y[0])try{let p=y[0],F=o.roles,nn=o.users;if(F&&nn&&p.roleId&&p.userId){if((await L.select().from(F).where($r(F.id,p.roleId)).limit(1))[0]?.name==="godmin")await L.update(nn).set({isGod:!1}).where($r(nn.id,p.userId))}}catch(p){a.warn("[Entity] Failed to sync is_god flag on userRole delete")}{let p=new URL(Q.request.url);a.audit({entityName:$.table_name,entityId:v.id,operation:"DELETE",userId:C||void 0,summary:`Deleted ${$.table_name} (${v.id})`,oldValues:y[0],ipAddress:Q.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||Q.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:Q.request.headers.get("user-agent")||"unknown",path:p.pathname,query:p.search})}return{success:!0,data:null}},{detail:{tags:[M],summary:`Delete ${A}`,description:`Delete a ${A} record`}});if($.bulk_endpoints_enabled){if(!$.excluded_methods?.includes("POST"))I.post("/bulk",async(Q)=>{if(!L)return{success:!1,message:"DB not initialized"};let v=Q.body;if(!Array.isArray(v))return{success:!1,message:"Body must be an array"};let C=Q.request.headers.get("x-user-id");try{let y=[];for(let F of v){let nn=F;if($.columns){nn=ko(nn,$.columns);let cn=Do(nn,$.columns,!1);if(!cn.valid)return{success:!1,message:"Validation failed",errors:cn.errors}}if(C)nn.createdBy=C;y.push(nn)}return{success:!0,data:await L.transaction(async(F)=>{let nn=[];for(let cn of y){let hn=await F.insert(z).values(cn).returning();nn.push(hn[0])}return nn})}}catch(y){return{success:!1,message:y instanceof Error?y.message:"Transaction failed"}}},{body:Nn.Array(Nn.Object({},{additionalProperties:!0})),detail:{tags:[M],summary:`Bulk create ${A}`,description:`Create multiple ${A} records`}});if(!$.excluded_methods?.includes("PUT"))I.put("/bulk",async(Q)=>{if(!L||!B)return{success:!1,message:"No id column or DB"};let v=Q.body;if(!Array.isArray(v))return{success:!1,message:"Body must be an array"};let C=Q.request.headers.get("x-user-id");try{return{success:!0,data:await L.transaction(async(p)=>{let F=[];for(let nn of v){let cn=nn.data;if($.columns){cn=ko(cn,$.columns);let dn=Do(cn,$.columns,!0);if(!dn.valid)return{success:!1,message:"Validation failed",errors:dn.errors}}if(cn.updatedAt=new Date,C)cn.updatedBy=C;let hn=await p.update(z).set(cn).where($r(B,nn.id)).returning();F.push(hn[0])}return F})}}catch(y){return{success:!1,message:y instanceof Error?y.message:"Transaction failed"}}},{body:j,detail:{tags:[M],summary:`Bulk update ${A}`,description:`Update multiple ${A} records`}});if(!$.excluded_methods?.includes("DELETE"))I.delete("/bulk",async(Q)=>{if(!L||!B)return{success:!1,message:"No id column or DB"};let v=Q.body;if(!Array.isArray(v))return{success:!1,message:"Body must be an array of ids"};try{return await L.transaction(async(C)=>{for(let y of v)await C.delete(z).where($r(B,y))}),{success:!0,data:{deleted:v.length}}}catch(C){return{success:!1,message:C instanceof Error?C.message:"Transaction failed"}}},{body:N,detail:{tags:[M],summary:`Bulk delete ${A}`,description:`Delete multiple ${A} records`}})}n.use(I)}return n}import Kh,{t as Li}from"elysia";function vh(n){let r=n.match(/^(\d+)(ms|s|m|h)$/);if(!r||!r[1]||!r[2])return 5000;let t=parseInt(r[1],10);switch(r[2]){case"ms":return t;case"s":return t*1000;case"m":return t*60*1000;case"h":return t*60*60*1000;default:return 5000}}function Hf(n){let{monitoringService:r,logger:t,endpoints:o}=n,c=new Kh({prefix:o.basePath});if(!o.enabled)return c;if(o.stream.enabled)c.get(o.stream.path,async function*({request:i}){t.info("[Monitoring] SSE stream connected");let a=vh(o.stream.interval),e=!0;i.signal.addEventListener("abort",()=>{e=!1,t.info("[Monitoring] SSE stream disconnected")});let s=await r.getLatestSnapshot();if(s)yield{event:"snapshot",data:JSON.stringify(s)};while(e){if(await new Promise((l)=>setTimeout(l,a)),!e)break;let f=await r.getLatestSnapshot();if(f)yield{event:"snapshot",data:JSON.stringify(f)};let d=r.getActiveAlerts();if(d.length>0)yield{event:"alerts",data:JSON.stringify(d)}}},{detail:{tags:["Monitoring"],summary:"Stream real-time monitoring data",description:"Server-Sent Events stream for real-time monitoring metrics"}});if(o.snapshot.enabled)c.get(o.snapshot.path,async()=>{let i=await r.getLatestSnapshot();if(!i)return{isSuccess:!1,message:"No monitoring data available",data:null};return{isSuccess:!0,message:"Current monitoring snapshot",data:i}},{detail:{tags:["Monitoring"],summary:"Get current monitoring snapshot",description:"Returns the latest monitoring metrics snapshot"}});if(o.history.enabled)c.get(o.history.path,async({query:i})=>{let a=Math.min(i.minutes?parseInt(String(i.minutes),10):60,o.history.maxMinutes),e=await r.getHistory(a);return{isSuccess:!0,message:`Monitoring history for last ${a} minutes`,data:{minutes:a,count:e.length,snapshots:e}}},{query:Li.Object({minutes:Li.Optional(Li.Numeric())}),detail:{tags:["Monitoring"],summary:"Get monitoring history",description:"Returns historical monitoring data for the specified time range"}});if(o.alerts.enabled)c.get(o.alerts.path,()=>{let i=r.getActiveAlerts();return{isSuccess:!0,message:"Active alerts",data:{count:i.length,alerts:i}}},{detail:{tags:["Monitoring"],summary:"Get active alerts",description:"Returns all currently active monitoring alerts"}}),c.post(`${o.alerts.path}/:alertId/acknowledge`,({params:i})=>{if(!r.acknowledgeAlert(i.alertId))return{isSuccess:!1,message:"Alert not found",data:null};return{isSuccess:!0,message:"Alert acknowledged",data:{alertId:i.alertId}}},{params:Li.Object({alertId:Li.String()}),detail:{tags:["Monitoring"],summary:"Acknowledge an alert",description:"Mark an alert as acknowledged"}});return t.info(`[Monitoring] Routes enabled at ${o.basePath} (stream: ${o.stream.enabled}, snapshot: ${o.snapshot.enabled}, history: ${o.history.enabled}, alerts: ${o.alerts.enabled})`),c}import Zh,{t as vr}from"elysia";var ph={"Content-Type":"text/event-stream; charset=utf-8","Cache-Control":"no-cache, no-transform",Connection:"keep-alive"},Ih=new TextEncoder,zf=(n,r)=>{let t=typeof r==="string"?r:JSON.stringify(r);return Ih.encode(`event: ${n}
+</body></html>`};return a.get(`${i}/approve-page`,async(u)=>{if(!o)return new Response("Service unavailable",{status:503});let _=new URL(u.request.url).searchParams.get("token");if(!_){let Y=g({},"approve","","invalid");return new Response(Y,{status:400,headers:{"Content-Type":"text/html; charset=utf-8"}})}let S=await o.select().from(t).where(qn(s("approvalToken"),_)).limit(1);if(S.length===0){let Y=g({},"approve",_,"invalid");return new Response(Y,{status:404,headers:{"Content-Type":"text/html; charset=utf-8"}})}let h=S[0];if(h.approvalStatus!=="pending"&&h.approval_status!=="pending"){let Y=g(h,"approve",_,"already_processed");return new Response(Y,{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}})}let E=h.approvalRequestedAt||h.approval_requested_at;if(E&&Date.now()-new Date(E).getTime()>f){let Y=g(h,"approve",_,"expired");return new Response(Y,{status:410,headers:{"Content-Type":"text/html; charset=utf-8"}})}let V=g(h,"approve",_,"pending");return new Response(V,{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}})},{detail:{tags:["Authentication"],summary:"Approval page",description:"Standalone HTML page for approving a device (no frontend auth required)"}}),a.get(`${i}/reject-page`,async(u)=>{if(!o)return new Response("Service unavailable",{status:503});let _=new URL(u.request.url).searchParams.get("token");if(!_){let Y=g({},"reject","","invalid");return new Response(Y,{status:400,headers:{"Content-Type":"text/html; charset=utf-8"}})}let S=await o.select().from(t).where(qn(s("approvalToken"),_)).limit(1);if(S.length===0){let Y=g({},"reject",_,"invalid");return new Response(Y,{status:404,headers:{"Content-Type":"text/html; charset=utf-8"}})}let h=S[0];if(h.approvalStatus!=="pending"&&h.approval_status!=="pending"){let Y=g(h,"reject",_,"already_processed");return new Response(Y,{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}})}let E=h.approvalRequestedAt||h.approval_requested_at;if(E&&Date.now()-new Date(E).getTime()>f){let Y=g(h,"reject",_,"expired");return new Response(Y,{status:410,headers:{"Content-Type":"text/html; charset=utf-8"}})}let V=g(h,"reject",_,"pending");return new Response(V,{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}})},{detail:{tags:["Authentication"],summary:"Rejection page",description:"Standalone HTML page for rejecting a device (no frontend auth required)"}}),a.get(`${i}/approval-status`,async(u)=>{if(!o)return{success:!1,message:"Database not configured"};let _=new URL(u.request.url).searchParams.get("sessionId");if(!_)return{success:!1,message:"sessionId is required"};let S=await o.select().from(t).where(qn(s("id"),_)).limit(1);if(S.length===0)return{success:!1,message:"Session not found"};let h=S[0];return{success:!0,data:{approvalStatus:h.approvalStatus||h.approval_status||"unknown",isActive:h.isActive||h.is_active}}},{detail:{tags:["Authentication"],summary:"Check approval status",description:"Poll the approval status of a pending session (used by login form)"}}),a}var T_=b(()=>{y_();P2();y_()});var j2={};go(j2,{createSessionsRoute:()=>Xs,createRegisterRoute:()=>Ys,createRefreshRoute:()=>Vs,createPasswordSetRoute:()=>Ws,createPasswordResetRoute:()=>Us,createPasswordChangeRoute:()=>Bs,createMeRoute:()=>Hs,createMagicLinkRoute:()=>Ms,createLogoutRoute:()=>Xe,createLoginRoute:()=>Ye,createInviteRoute:()=>Be,createImpersonateRoute:()=>Re,createEmailVerificationRoutes:()=>He,createChangeUserIdRoute:()=>Se,createAuthRoutes:()=>F2});function F2(n,r){let{authConfig:t,features:o,helpers:c}=r;if(r.oauthAccountsTable)t.oauthAccountsTable=r.oauthAccountsTable;if(r.schemaTables)t.schemaTables=r.schemaTables;let i=t.authentication?.cookieMaxAgeBufferSeconds??0,a=t.authentication?.cookieDomain,e=a?process.env[a]??a:void 0,s=e==="localhost"||e===".localhost"?void 0:e,f={accessTokenName:t.authentication?.accessToken?.name||"access_token",refreshTokenName:t.authentication?.refreshToken?.name||"refresh_token",sessionTokenName:t.authentication?.sessionToken?.name||"session_token",accessTokenMaxAge:Math.max(0,wt(t.authentication?.accessToken?.expiresIn||"15m")-i),refreshTokenMaxAge:wt(t.authentication?.refreshToken?.expiresIn||"7d"),sessionTokenMaxAge:wt(t.authentication?.sessionToken?.expiresIn||"30d"),domain:s};if(t.logger.info("[AUTH] Cookie config created",{accessTokenMaxAge:f.accessTokenMaxAge,refreshTokenMaxAge:f.refreshTokenMaxAge,sessionTokenMaxAge:f.sessionTokenMaxAge,accessTokenExpiresIn:t.authentication?.accessToken?.expiresIn,sessionTokenExpiresIn:t.authentication?.sessionToken?.expiresIn}),o.login?.enabled){let l=Ye(t,o.login,c.signAccessToken,c.signRefreshToken,c.createSession,c.saveSessionToDb,f,r.tokenResponseConfig);n.use(l)}if(o.register?.enabled){let l=Ys(t,o.register,c.sendWelcomeEmail,c.signAccessToken,c.signRefreshToken,c.createSession,f,r.tokenResponseConfig,r.emailService,r.appName);if(n.use(l),o.register.emailVerification?.enabled){let w=He({authConfig:t,registerConfig:o.register,emailService:r.emailService,appName:r.appName});n.use(w)}}if(o.logout?.enabled){let l=Xe(t,o.logout,c.destroySession,c.revokeSessionInDb,f);n.use(l)}if(o.refresh?.enabled){let l=Vs(t,o.refresh,c.verifyRefreshToken,c.signAccessToken,c.signRefreshToken,r.tokenResponseConfig,i,f);n.use(l)}if(o.passwordReset?.enabled&&c.storeResetToken&&c.getResetToken&&c.deleteResetToken){let l=Us(t,o.passwordReset,c.storeResetToken,c.getResetToken,c.deleteResetToken,c.sendResetEmail);n.use(l)}if(o.passwordChange?.enabled){let l=Bs(t,o.passwordChange);n.use(l)}if(o.passwordSet?.enabled){let l=Ws(t,o.passwordSet,c.getMagicToken,c.deleteMagicToken);n.use(l)}if(o.sessions?.enabled&&r.sessionsTable){let l=Xs(t,o.sessions,r.sessionsTable);n.use(l)}if(o.magicLink?.enabled&&r.emailService?.isAvailable()&&c.storeMagicToken&&c.getMagicToken&&c.deleteMagicToken){let l=Ms(t,o.magicLink,r.emailService,c.signAccessToken,c.signRefreshToken,c.createSession,c.storeMagicToken,c.getMagicToken,c.deleteMagicToken,r.appName);n.use(l)}if(o.me?.enabled){let l=Hs(t,o.me,r.schemaTables||{},r.schemaRelations||{},r.databaseUrl);n.use(l)}if(o.invite?.enabled&&r.emailService?.isAvailable()&&c.storeMagicToken){let l=Be(t,o.invite,r.emailService,c.storeMagicToken,r.appName,c.getMagicToken);n.use(l)}if(o.captcha?.enabled&&r.captchaService){let l=zg({captchaService:r.captchaService,logger:t.logger,basePath:o.captcha.route||"/auth/captcha"});n.use(l)}if(o.oauth?.enabled&&o.oauth.providers){let l=new ne(o.oauth),w=V2(t,l,c.signAccessToken,c.signRefreshToken,c.createSession,c.saveSessionToDb,f,r.tokenResponseConfig,r.emailService,c.storeMagicToken,r.appName);n.use(w)}let d=Ug(t,{route:"/auth/check",isPublic:!1,enabled:!0});if(n.use(d),r.admin?.impersonate?.enabled!==!1){let l=Re(t,c.signAccessToken,c.signRefreshToken,c.createSession,c.saveSessionToDb,f);n.use(l)}if(r.admin?.changeUserId?.enabled!==!1){let l=Se(t,r.schemaName||"public");n.use(l)}return n}var nd=b(()=>{y0();_e();qf();jf();Bg();Wg();Kf();vf();yf();Tf();Y_();J_();Y2();Q_();x_();q_();j_();Z_();T_();qf();jf();Kf();vf();yf();Tf();Y_();J_();Q_();x_();q_();j_();Z_();T_()});import{batch as Os,createStore as n5}from"h-state";import{useEffectEvent as r5}from"react";function t5(n){let r={};for(let t of Object.keys(n))r[t]={isPending:!1,data:null,error:null,code:null};return r}function o5(n,r){let{useStore:t}=n5(t5(n),{_callEndpoint:(o)=>async(c,i)=>{if(!o[c])return;Os(()=>{o[c].isPending=!0,o[c].error=null});try{let e=await r(c,i.payload);if(Os(()=>{if(o[c].isPending=!1,o[c].code=e.code??null,e.isSuccess&&e.data!==void 0)o[c].data=e.data,o[c].error=null;else o[c].error=e.errors??null}),e.isSuccess)i.onAfterHandle?.(e.data??e);else i.onErrorHandle?.(e.errors??{message:"Request failed"},e.code)}catch(e){Os(()=>{o[c].isPending=!1,o[c].error={message:e instanceof Error?e.message:"Unknown error"}}),i.onErrorHandle?.({message:e instanceof Error?e.message:"Unknown error"},null)}}});return function(){let c=t(),i=r5((e,s)=>{c._callEndpoint(e,s)}),a={};for(let e of Object.keys(n)){let s=(f)=>{i(e,f)};a[e]={state:c[e],start:s}}return a}}var ad={$schema:"../schemas/nucleus.tables.schema.json",tables:[{table_name:"users",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"email",type:"varchar",length:255},{name:"password",type:"varchar",length:255},{name:"verified_at",type:"timestamp"},{name:"email_verification_token",type:"varchar",length:255},{name:"email_verification_token_expires_at",type:"timestamp"},{name:"email_verification_sent_at",type:"timestamp"},{name:"email_verification_attempts",type:"integer",default:0},{name:"last_login_at",type:"timestamp"},{name:"login_count",type:"integer",default:0},{name:"is_locked",type:"boolean",default:!1},{name:"locked_until",type:"timestamp"},{name:"failed_login_attempts",type:"integer",default:0},{name:"is_god",type:"boolean",default:!1}],indexes:[{columns:["email"],unique:!0},{columns:["email","is_active"]},{columns:["last_login_at"]},{columns:["is_locked","locked_until"]}]},{table_name:"profiles",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"first_name",type:"varchar",length:100,notNull:!0},{name:"last_name",type:"varchar",length:100,notNull:!0}],indexes:[{columns:["user_id"],unique:!0},{columns:["first_name","last_name"]}]},{table_name:"roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500}],indexes:[{columns:["name"],unique:!0}]},{table_name:"claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"action",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500},{name:"path",type:"varchar",length:200,notNull:!0},{name:"method",type:"varchar",length:10,notNull:!0}],indexes:[{columns:["action"],unique:!0},{columns:["path","method"]}]},{table_name:"user_roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}}],indexes:[{columns:["user_id"]},{columns:["role_id"]}],constraints:{unique:[{name:"unique_user_role",columns:["user_id","role_id"]}]}},{table_name:"role_claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}},{name:"claim_id",type:"uuid",notNull:!0,references:{table:"claims",column:"id",onDelete:"cascade"}},{name:"scope",type:"text"}],indexes:[{columns:["role_id"]},{columns:["claim_id"]},{columns:["role_id","claim_id","scope"]}]},{table_name:"files",feature_set:["storage"],add_base_columns:!0,is_form_data:!0,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:255,notNull:!0},{name:"original_name",type:"varchar",length:255,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["image","document","video","audio","profile_picture"]},{name:"path",type:"varchar",length:500,notNull:!0},{name:"size",type:"bigint",mode:"number",notNull:!0},{name:"mime_type",type:"varchar",length:100,notNull:!0},{name:"extension",type:"varchar",length:10,notNull:!0},{name:"uploaded_by",type:"uuid",references:{table:"users",column:"id"}}],indexes:[{columns:["type"]},{columns:["uploaded_by"]},{columns:["size"]}]},{table_name:"addresses",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"street",type:"varchar",length:255},{name:"city",type:"varchar",length:100},{name:"state",type:"varchar",length:50},{name:"zip",type:"varchar",length:20},{name:"country",type:"varchar",length:50,default:"US"},{name:"latitude",type:"decimal",precision:10,scale:8},{name:"longitude",type:"decimal",precision:11,scale:8},{name:"neighborhood",type:"varchar",length:100},{name:"apartment",type:"varchar",length:50},{name:"province",type:"varchar",length:100},{name:"district",type:"varchar",length:100},{name:"type",type:"varchar",length:50}],indexes:[{columns:["city","state"]},{columns:["latitude","longitude"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"phones",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["mobile","office","fax"]},{name:"number",type:"varchar",length:20,notNull:!0},{name:"country_code",type:"varchar",length:10,notNull:!0,default:"+1"},{name:"extension",type:"varchar",length:10}],indexes:[{columns:["number"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"notifications",feature_set:["notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",notNull:!0},{name:"title",type:"varchar",length:255,notNull:!0},{name:"body",type:"varchar",length:1000},{name:"entity_name",type:"varchar",length:100},{name:"entity_id",type:"uuid"},{name:"type",type:"varchar",length:50,notNull:!0,default:"system",enumValues:["verification","system","custom"]},{name:"source",type:"varchar",length:100},{name:"is_seen",type:"boolean",notNull:!0,default:!1},{name:"seen_at",type:"timestamptz"}],indexes:[{columns:["user_id","created_at"]},{columns:["is_seen"]},{columns:["type"]},{columns:["user_id","type","is_seen"]}]},{table_name:"tenants",feature_set:["multi-tenant"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:[],columns:[{name:"subdomain",type:"varchar",length:100,notNull:!0,unique:!0},{name:"company_id",type:"uuid",notNull:!0},{name:"schema_name",type:"varchar",length:100,notNull:!0,unique:!0},{name:"company_name",type:"varchar",length:255},{name:"god_admin_email",type:"varchar",length:255}],indexes:[]},{table_name:"verifications",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"instance_id",type:"uuid",notNull:!0,references:{table:"verificationInstances",column:"id",onDelete:"cascade"}},{name:"requirement_id",type:"uuid",notNull:!0,references:{table:"verificationRequirements",column:"id"}},{name:"verifier_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"signature_id",type:"uuid",references:{table:"files",column:"id"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"decision",type:"varchar",length:50,notNull:!0,default:"pending",enumValues:["approved","rejected","pending"]},{name:"reason",type:"text"},{name:"diff",type:"jsonb"}],indexes:[{columns:["instance_id"]},{columns:["requirement_id"]},{columns:["verifier_id"]},{columns:["entity_name","entity_id"]},{columns:["entity_name","entity_id","step_order"]},{columns:["decision"]}]},{table_name:"verificationRequirements",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"instance_id",type:"uuid",notNull:!0,references:{table:"verificationInstances",column:"id",onDelete:"cascade"}},{name:"step_node_id",type:"varchar",length:100,notNull:!0},{name:"verifier_node_id",type:"varchar",length:100,notNull:!0},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"verifier_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role"]},{name:"verifier_user_id",type:"uuid"},{name:"verifier_role",type:"varchar",length:100},{name:"require_signature",type:"boolean",notNull:!0,default:!1},{name:"all_must_approve",type:"boolean",notNull:!0,default:!1},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"status",type:"varchar",length:30,notNull:!0,default:"pending",enumValues:["pending","approved","rejected"]}],indexes:[{columns:["instance_id"]},{columns:["instance_id","step_order"]},{columns:["entity_name","entity_id"]},{columns:["verifier_user_id"]},{columns:["status"]}]},{table_name:"verificationFlows",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"trigger_on",type:"varchar",length:50,notNull:!0,default:"update",enumValues:["create","update","delete","manual"]},{name:"trigger_fields",type:"jsonb"},{name:"is_draft",type:"boolean",notNull:!0,default:!0},{name:"published_at",type:"timestamptz"},{name:"viewport",type:"jsonb"}],indexes:[{columns:["entity_name"]},{columns:["entity_name","trigger_on"]},{columns:["is_draft"]}]},{table_name:"verificationSteps",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"node_type",type:"varchar",length:50,notNull:!0,default:"step",enumValues:["step","verifier","notification"]},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"name",type:"varchar",length:255},{name:"description",type:"text"},{name:"position_x",type:"numeric",notNull:!0,default:0},{name:"position_y",type:"numeric",notNull:!0,default:0},{name:"width",type:"numeric"},{name:"height",type:"numeric"},{name:"style",type:"jsonb"},{name:"data",type:"jsonb"}],indexes:[{columns:["flow_id"]},{columns:["entity_name"]},{columns:["flow_id","node_id"],unique:!0},{columns:["entity_name","step_order"]}]},{table_name:"verificationEdges",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"edge_id",type:"varchar",length:100,notNull:!0},{name:"source_node_id",type:"varchar",length:100,notNull:!0},{name:"target_node_id",type:"varchar",length:100,notNull:!0},{name:"source_handle",type:"varchar",length:50},{name:"target_handle",type:"varchar",length:50},{name:"edge_type",type:"varchar",length:50,default:"default",enumValues:["default","conditional","success","failure"]},{name:"label",type:"varchar",length:255},{name:"condition",type:"jsonb"},{name:"style",type:"jsonb"},{name:"animated",type:"boolean",default:!1}],indexes:[{columns:["flow_id"]},{columns:["flow_id","edge_id"],unique:!0},{columns:["source_node_id"]},{columns:["target_node_id"]}]},{table_name:"verificationNotificationRules",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"trigger",type:"varchar",length:50,notNull:!0,enumValues:["on_flow_started","on_step_reached","on_approved","on_rejected","on_flow_completed"]},{name:"title_template",type:"varchar",length:255},{name:"body_template",type:"text"},{name:"starts_at",type:"timestamptz"},{name:"expires_at",type:"timestamptz"}],indexes:[{columns:["flow_id"]},{columns:["flow_id","node_id"],unique:!0},{columns:["trigger"]}]},{table_name:"verificationNotificationRecipients",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"rule_id",type:"uuid",notNull:!0,references:{table:"verificationNotificationRules",column:"id",onDelete:"cascade"}},{name:"recipient_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role","all_verifiers","step_verifier","entity_creator"]},{name:"recipient_user_id",type:"uuid"},{name:"recipient_role",type:"varchar",length:100}],indexes:[{columns:["rule_id"]},{columns:["recipient_type"]}]},{table_name:"verificationVerifierConfigs",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"verifier_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role"]},{name:"verifier_user_id",type:"uuid"},{name:"verifier_role",type:"varchar",length:100},{name:"require_signature",type:"boolean",notNull:!0,default:!1},{name:"all_must_approve",type:"boolean",notNull:!0,default:!1}],indexes:[{columns:["flow_id"]},{columns:["flow_id","node_id"],unique:!0},{columns:["verifier_type"]}]},{table_name:"verificationInstances",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"started_by",type:"uuid",references:{table:"users",column:"id"}},{name:"status",type:"varchar",length:30,notNull:!0,default:"active",enumValues:["active","completed","rejected","cancelled"]},{name:"current_step_order",type:"integer",notNull:!0,default:1},{name:"started_at",type:"timestamptz",notNull:!0,defaultRaw:"now()"},{name:"completed_at",type:"timestamptz"}],indexes:[{columns:["flow_id"]},{columns:["entity_name","entity_id"]},{columns:["entity_name","entity_id","status"]},{columns:["status"]},{columns:["started_by"]}]},{table_name:"verificationNotificationChannels",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"rule_id",type:"uuid",notNull:!0,references:{table:"verificationNotificationRules",column:"id",onDelete:"cascade"}},{name:"channel",type:"varchar",length:30,notNull:!0,enumValues:["portal","email","sms","telegram","webhook"]}],indexes:[{columns:["rule_id"]},{columns:["rule_id","channel"],unique:!0},{columns:["channel"]}]},{table_name:"user_sessions",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"refresh_token_hash",type:"varchar",length:255},{name:"device_fingerprint",type:"varchar",length:255},{name:"device_name",type:"varchar",length:100},{name:"device_type",type:"varchar",length:50,enumValues:["desktop","mobile","tablet","unknown"]},{name:"browser_name",type:"varchar",length:50},{name:"browser_version",type:"varchar",length:20},{name:"os_name",type:"varchar",length:50},{name:"os_version",type:"varchar",length:20},{name:"ip_address",type:"varchar",length:45,notNull:!0},{name:"location_country",type:"varchar",length:100},{name:"location_city",type:"varchar",length:100},{name:"location_coordinates",type:"varchar",length:50},{name:"last_activity_at",type:"timestamptz",notNull:!0,defaultRaw:"now()"},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"revoked_at",type:"timestamptz"},{name:"revoked_reason",type:"varchar",length:100,enumValues:["user_logout","user_revoked","admin_revoked","security_concern","password_changed","expired","replaced"]},{name:"is_current",type:"boolean",notNull:!0,default:!1},{name:"login_method",type:"varchar",length:50,enumValues:["password","oauth_google","oauth_github","oauth_microsoft","magic_link","sso","api_key"]},{name:"remember_me",type:"boolean",notNull:!0,default:!1},{name:"trust_score",type:"integer",default:100},{name:"approval_status",type:"varchar",length:20,default:"approved",enumValues:["approved","pending","rejected"]},{name:"approval_token",type:"varchar",length:64},{name:"approval_requested_at",type:"timestamptz"},{name:"approval_responded_at",type:"timestamptz"}],indexes:[{columns:["user_id"]},{columns:["token_hash"],unique:!0},{columns:["refresh_token_hash"]},{columns:["user_id","is_active"]},{columns:["expires_at"]},{columns:["device_fingerprint"]},{columns:["ip_address"]},{columns:["last_activity_at"]},{columns:["approval_status"]},{columns:["approval_token"]}]},{table_name:"password_reset_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["expires_at"]}]},{table_name:"magic_link_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"email",type:"varchar",length:255,notNull:!0},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["email"]},{columns:["expires_at"]}]},{table_name:"audit_logs",feature_set:["audit"],add_base_columns:!1,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","DELETE","PATCH","TOGGLE","VERIFICATION"],columns:[{name:"id",type:"uuid",primaryKey:!0,defaultRaw:"gen_random_uuid()"},{name:"entity_id",type:"uuid"},{name:"entity_name",type:"text",notNull:!0},{name:"operation_type",type:"text",notNull:!0},{name:"user_id",type:"uuid"},{name:"ip_address",type:"text"},{name:"user_agent",type:"text"},{name:"summary",type:"text"},{name:"old_values",type:"jsonb"},{name:"new_values",type:"jsonb"},{name:"created_at",type:"timestamp",notNull:!0,defaultRaw:"now()"},{name:"path",type:"text"},{name:"query",type:"text"}],indexes:[{columns:["entity_id"]},{columns:["entity_name"]},{columns:["user_id"]},{columns:["created_at"]}]},{table_name:"oauth_accounts",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!1,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:50,notNull:!0,enumValues:["google","github","microsoft","discord","facebook","twitter","apple","custom"]},{name:"provider_account_id",type:"varchar",length:255,notNull:!0},{name:"provider_email",type:"varchar",length:255},{name:"provider_name",type:"varchar",length:255},{name:"provider_avatar_url",type:"text"},{name:"access_token",type:"text"},{name:"refresh_token",type:"text"},{name:"token_expires_at",type:"timestamp"},{name:"scope",type:"text"},{name:"raw_profile",type:"jsonb"},{name:"is_primary",type:"boolean",notNull:!0,default:!1},{name:"last_used_at",type:"timestamp"}],indexes:[{columns:["user_id"]},{columns:["provider","provider_account_id"],unique:!0},{columns:["provider_email"]},{columns:["user_id","provider"]}],constraints:{unique:[{name:"unique_provider_account",columns:["provider","provider_account_id"]}]}}]};var Gs={login:{key:"LOGIN",method:"POST",defaultRoute:"/auth/login",defaultIsPublic:!0,_payload:void 0,_success:void 0,_error:void 0},register:{key:"REGISTER",method:"POST",defaultRoute:"/auth/register",defaultIsPublic:!0,_payload:void 0,_success:void 0,_error:void 0},logout:{key:"LOGOUT",method:"POST",defaultRoute:"/auth/logout",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},refresh:{key:"REFRESH",method:"POST",defaultRoute:"/auth/refresh",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},me:{key:"ME",method:"GET",defaultRoute:"/auth/me",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},passwordChange:{key:"PASSWORD_CHANGE",method:"POST",defaultRoute:"/auth/password-change",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},passwordSet:{key:"PASSWORD_SET",method:"POST",defaultRoute:"/auth/password-set",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},passwordReset:{key:"PASSWORD_RESET_REQUEST",method:"POST",defaultRoute:"/auth/password-reset",defaultIsPublic:!0,subEndpoints:[{key:"PASSWORD_RESET_REQUEST",method:"POST",suffix:"/request",_payload:void 0,_success:void 0,_error:void 0},{key:"PASSWORD_RESET_CONFIRM",method:"POST",suffix:"/confirm",_payload:void 0,_success:void 0,_error:void 0}]},sessions:{key:"SESSIONS",method:"GET",defaultRoute:"/auth/sessions",defaultIsPublic:!1,subEndpoints:[{key:"SESSIONS",method:"GET",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_CURRENT",method:"GET",suffix:"/current",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_STATS",method:"GET",suffix:"/stats",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_PENDING",method:"GET",suffix:"/pending",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_REVOKE",method:"DELETE",suffix:"/:sessionId",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_REVOKE_ALL",method:"DELETE",suffix:"/all",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_APPROVE",method:"POST",suffix:"/approve",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_REJECT",method:"POST",suffix:"/reject",_payload:void 0,_success:void 0,_error:void 0}]},magicLink:{key:"MAGIC_LINK",method:"POST",defaultRoute:"/auth/magic-link",defaultIsPublic:!0,subEndpoints:[{key:"MAGIC_LINK",method:"POST",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"MAGIC_LINK_VERIFY",method:"GET",suffix:"/verify",routeKey:"verifyRoute",_payload:void 0,_success:void 0,_error:void 0}]},invite:{key:"INVITE",method:"POST",defaultRoute:"/auth/invite",defaultIsPublic:!1,subEndpoints:[{key:"INVITE",method:"POST",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"INVITE_VERIFY",method:"POST",suffix:"/verify",_payload:void 0,_success:void 0,_error:void 0}]},emailVerification:{key:"VERIFY_EMAIL",method:"GET",defaultRoute:"/verify-email",defaultIsPublic:!0,subEndpoints:[{key:"VERIFY_EMAIL",method:"GET",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"RESEND_VERIFICATION",method:"POST",suffix:"",routeKey:"resendRoute",defaultRoute:"/resend-verification",_payload:void 0,_success:void 0,_error:void 0}]},captcha:{key:"CAPTCHA",method:"GET",defaultRoute:"/auth/captcha",defaultIsPublic:!0,subEndpoints:[{key:"CAPTCHA_GENERATE",method:"GET",suffix:"/generate",_payload:void 0,_success:void 0,_error:void 0},{key:"CAPTCHA_VALIDATE",method:"POST",suffix:"/validate",_payload:void 0,_success:void 0,_error:void 0}]},oauth:{key:"OAUTH_PROVIDERS",method:"GET",defaultRoute:"/auth/oauth/providers",defaultIsPublic:!0,subEndpoints:[{key:"OAUTH_PROVIDERS",method:"GET",suffix:"/providers",_payload:void 0,_success:void 0,_error:void 0},{key:"OAUTH_REDIRECT",method:"GET",suffix:"/:provider",_payload:void 0,_success:void 0,_error:void 0},{key:"OAUTH_ACCOUNTS",method:"GET",suffix:"/accounts",_payload:void 0,_success:void 0,_error:void 0},{key:"OAUTH_UNLINK",method:"DELETE",suffix:"/unlink/:provider",_payload:void 0,_success:void 0,_error:void 0}]}},ed={healthCheck:{key:"MONITORING_HEALTH_CHECK",method:"GET",suffix:"/health",_payload:void 0,_success:void 0,_error:void 0},getSettings:{key:"MONITORING_GET_SETTINGS",method:"GET",suffix:"/settings",_payload:void 0,_success:void 0,_error:void 0},changeSettings:{key:"MONITORING_CHANGE_SETTINGS",method:"PATCH",suffix:"/settings",_payload:void 0,_success:void 0,_error:void 0},getLogs:{key:"MONITORING_GET_LOGS",method:"GET",suffix:"/logs",_payload:void 0,_success:void 0,_error:void 0}};var i5=["profiles","addresses","phones","files","users","roles","claims","user_roles","role_claims","audit_logs"],a5=ad.tables.filter((n)=>i5.includes(n.table_name));function Ec(n){return n.replace(/([a-z])([A-Z])/g,"$1_$2").replace(/[\s-]+/g,"_").toUpperCase()}function e5(n){return n.replace(/_([a-z])/g,(r,t)=>t.toUpperCase())}function Ns(n){if(n.endsWith("ies"))return`${n.slice(0,-3)}y`;if(n.endsWith("ses"))return`${n.slice(0,-2)}`;if(n.endsWith("s"))return n.slice(0,-1);return n}function Yt(n,r){let t=Ec(n),o=Ec(Ns(n));switch(r){case"GET":return`GET_${t}`;case"POST":return`ADD_${o}`;case"PUT":return`UPDATE_${o}`;case"PATCH":return`PATCH_${o}`;case"DELETE":return`DELETE_${o}`}}function Ac(n,r){let t=Ec(n);switch(r){case"POST":return`BULK_ADD_${t}`;case"PUT":return`BULK_UPDATE_${t}`;case"DELETE":return`BULK_DELETE_${t}`}}function wo(n,r){if(!n.excluded_methods)return!1;let t={GET:"GET",POST:"POST",PUT:"PUT",PATCH:"PATCH",DELETE:"DELETE"};return n.excluded_methods.includes(t[r])}function sd(n){let r={};for(let t of n.entities){let o=t.table_name,c=`/${o}`,i=t.serviceId;if(!wo(t,"GET")){r[Yt(o,"GET")]={method:"GET",path:c,isPublic:t.is_public?.GET??!1,serviceId:i,_payload:void 0,_success:void 0,_error:void 0};let a=Ec(Ns(o));r[`GET_${a}_BY_ID`]={method:"GET",path:`${c}/:id`,isPublic:t.is_public?.GET??!1,serviceId:i,_payload:void 0,_success:void 0,_error:void 0},r[`GET_${Ec(o)}_DISTINCT`]={method:"GET",path:`${c}/distinct/:field`,isPublic:t.is_public?.GET??!1,serviceId:i,_payload:void 0,_success:void 0,_error:void 0}}if(!wo(t,"POST"))r[Yt(o,"POST")]={method:"POST",path:c,isPublic:t.is_public?.POST??!1,isFormData:t.is_form_data,serviceId:i,_payload:void 0,_success:void 0,_error:void 0};if(!wo(t,"PUT"))r[Yt(o,"PUT")]={method:"PUT",path:`${c}/:id`,isPublic:t.is_public?.PUT??!1,isFormData:t.is_form_data,serviceId:i,_payload:void 0,_success:void 0,_error:void 0};if(!wo(t,"PATCH"))r[Yt(o,"PATCH")]={method:"PATCH",path:`${c}/:id`,isPublic:t.is_public?.PATCH??!1,serviceId:i,_payload:void 0,_success:void 0,_error:void 0};if(!wo(t,"DELETE"))r[Yt(o,"DELETE")]={method:"DELETE",path:`${c}/:id`,isPublic:t.is_public?.DELETE??!1,serviceId:i,_payload:void 0,_success:void 0,_error:void 0};if(t.bulk_endpoints_enabled){if(!wo(t,"POST"))r[Ac(o,"POST")]={method:"POST",path:`${c}/bulk`,isPublic:t.is_public?.POST??!1,serviceId:i,_payload:void 0,_success:void 0,_error:void 0};if(!wo(t,"PUT"))r[Ac(o,"PUT")]={method:"PUT",path:`${c}/bulk`,isPublic:t.is_public?.PUT??!1,serviceId:i,_payload:void 0,_success:void 0,_error:void 0};if(!wo(t,"DELETE"))r[Ac(o,"DELETE")]={method:"DELETE",path:`${c}/bulk`,isPublic:t.is_public?.DELETE??!1,serviceId:i,_payload:void 0,_success:void 0,_error:void 0}}}return r}function fd(n){let r={},t=n.authentication;if(!t?.enabled)return r;for(let[o,c]of Object.entries(Gs)){let i=t[o];if(!i?.enabled)continue;let a=i.route||c.defaultRoute,e=i.isPublic??c.defaultIsPublic;if("subEndpoints"in c&&c.subEndpoints)for(let s of c.subEndpoints){let f="routeKey"in s&&s.routeKey&&i[s.routeKey]?String(i[s.routeKey]):("defaultRoute"in s)&&s.defaultRoute?String(s.defaultRoute):`${a}${s.suffix}`;r[s.key]={method:s.method,path:f,isPublic:s.key==="MAGIC_LINK_VERIFY"?!0:e,_payload:s._payload,_success:s._success,_error:s._error}}else if("_payload"in c)r[c.key]={method:c.method,path:a,isPublic:e,_payload:c._payload,_success:c._success,_error:c._error}}return r}function ld(){let n={};for(let r of a5){let t=r.table_name,c=`/${e5(t)}`,i=t==="files";n[Yt(t,"GET")]={method:"GET",path:c,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0};let a=Ec(Ns(t));if(n[`GET_${a}_BY_ID`]={method:"GET",path:`${c}/:id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},n[Yt(t,"POST")]={method:"POST",path:c,isPublic:!1,isFormData:i,_payload:void 0,_success:void 0,_error:void 0},n[Yt(t,"PUT")]={method:"PUT",path:`${c}/:id`,isPublic:!1,isFormData:i,_payload:void 0,_success:void 0,_error:void 0},n[Yt(t,"PATCH")]={method:"PATCH",path:`${c}/:id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},n[Yt(t,"DELETE")]={method:"DELETE",path:`${c}/:id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.bulk_endpoints_enabled)n[Ac(t,"POST")]={method:"POST",path:`${c}/bulk`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},n[Ac(t,"PUT")]={method:"PUT",path:`${c}/bulk`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},n[Ac(t,"DELETE")]={method:"DELETE",path:`${c}/bulk`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}}return n}function _d(n){let r={},t=n.liveMonitoring;if(!t?.enabled)return r;let o=t.basePath||"/monitoring";for(let c of Object.values(ed))r[c.key]={method:c.method,path:`${o}${c.suffix}`,isPublic:!1,_payload:c._payload,_success:c._success,_error:c._error};return r}function dd(n){let r={};if(!n.authentication?.enabled)return r;return r.ADMIN_IMPERSONATE={method:"POST",path:"/auth/admin/impersonate",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.ADMIN_IMPERSONATE_STOP={method:"POST",path:"/auth/admin/impersonate/stop",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.ADMIN_CHANGE_USER_ID={method:"POST",path:"/auth/admin/change-user-id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r}function ud(n){let r={},t=n.verification,o=n.notification;if(!t?.enabled)return r;let c=t.endpoints?.basePath||"/verifications",i=t.flowEndpoints?.basePath||"/verification-flows",a=o?.endpoints?.basePath||"/notifications";if(r.VERIFICATION_STATUS={method:"GET",path:`${c}/status/:entity_name/:entity_id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.VERIFICATION_DECIDE={method:"POST",path:`${c}/:entity_name/:entity_id/decide`,isPublic:!1,skipCamelCase:!0,_payload:void 0,_success:void 0,_error:void 0},r.VERIFICATION_PENDING={method:"GET",path:`${c}/pending`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.VERIFICATION_HISTORY={method:"GET",path:`${c}/history/:entity_name/:entity_id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.VERIFICATION_START={method:"POST",path:`${c}/start`,isPublic:!1,skipCamelCase:!0,_payload:void 0,_success:void 0,_error:void 0},r.VERIFICATION_START_FOR_ENTITY={method:"POST",path:`${c}/start-for-entity`,isPublic:!1,skipCamelCase:!0,_payload:void 0,_success:void 0,_error:void 0},r.VERIFICATION_ENTITY_STATUSES={method:"GET",path:`${c}/statuses/:entity_name`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},t.flowEndpoints?.enabled)r.FLOW_LIST={method:"GET",path:i,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.FLOW_GET={method:"GET",path:`${i}/:flow_id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.FLOW_SAVE={method:"POST",path:i,isPublic:!1,skipCamelCase:!0,_payload:void 0,_success:void 0,_error:void 0},r.FLOW_PUBLISH={method:"POST",path:`${i}/:flow_id/publish`,isPublic:!1,skipCamelCase:!0,_payload:void 0,_success:void 0,_error:void 0},r.FLOW_DELETE={method:"DELETE",path:`${i}/:flow_id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0};if(o?.enabled&&o.endpoints?.enabled)r.NOTIFICATION_LIST={method:"GET",path:a,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.NOTIFICATION_UNSEEN_COUNT={method:"GET",path:`${a}/unseen-count`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.NOTIFICATION_MARK_SEEN={method:"POST",path:`${a}/:notification_id/seen`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},r.NOTIFICATION_MARK_ALL_SEEN={method:"POST",path:`${a}/seen-all`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0};return r}function s5(n,r){let t=sd(n),o=fd(n),c=dd(n),i=ld(),a=_d(n),e=ud(n);return{...t,...o,...c,...i,...a,...e,...r??{}}}ps();import{randomUUID as u5}from"crypto";var b5={timeout:30000,retries:0,retryDelay:1000,debug:!1};class Ai{config;logger;constructor(n={}){this.config={...b5,...n},this.logger=new jr({service:"ServerFetch",prettyPrint:this.config.debug,colorize:this.config.debug,auditEnabled:!1})}buildUrl(n){if(n.startsWith("http://")||n.startsWith("https://"))return n;return this.config.baseUrl?`${this.config.baseUrl}${n}`:n}buildHeaders(n){let r=new Headers;if(this.config.defaultHeaders)for(let[t,o]of Object.entries(this.config.defaultHeaders))r.set(t,o);if(n)if(n instanceof Headers)n.forEach((t,o)=>{r.set(o,t)});else if(Array.isArray(n))for(let[t,o]of n)r.set(t,o);else for(let[t,o]of Object.entries(n))r.set(t,o);return r}parseResponseHeaders(n){let r={};if(n.forEach((t,o)=>{if(o.toLowerCase()==="set-cookie"){let c=r[o];r[o]=c?`${c}, ${t}`:t}else r[o]=t}),typeof n.getSetCookie==="function"){let t=n.getSetCookie();if(t.length>0)r["set-cookie"]=t.join(", ")}return r}async executeWithTimeout(n,r,t){let o=new AbortController,c=setTimeout(()=>o.abort(),r);try{return await Promise.race([n,new Promise((a,e)=>{o.signal.addEventListener("abort",()=>{e(Error(`Request timeout after ${r}ms`))})})])}finally{clearTimeout(c)}}async fetch(n){let r=u5(),t=performance.now(),o=this.buildUrl(n.url),c=this.buildHeaders(n.headers),i=n.timeout??this.config.timeout??30000,a=n.retries??this.config.retries??0,e=n.retryDelay??this.config.retryDelay??1000,s;if(n.body)if(typeof n.body==="object"&&!(n.body instanceof FormData)&&!(n.body instanceof URLSearchParams)&&!(n.body instanceof Blob)&&!(n.body instanceof ArrayBuffer)){if(s=JSON.stringify(n.body),!c.has("content-type"))c.set("content-type","application/json")}else s=n.body;this.logger.debug(`[${r}] ${n.method} ${o}`,{method:n.method,url:o,hasBody:!!s});let f=null,d=0;while(d<=a)try{let w=await this.executeWithTimeout(fetch(o,{method:n.method,headers:c,body:s}),i,r),g=performance.now()-t,u=this.parseResponseHeaders(w.headers),m,_,S=await w.text();if(S)try{let E=JSON.parse(S);if(w.ok)m=E;else _=E}catch{if(!w.ok)_={message:S||w.statusText}}else if(!w.ok)_={message:w.statusText};let h={isSuccess:w.ok,response:m,errors:_,code:w.status,headers:u,durationMs:g,requestId:r,createdAt:new Date};if(w.ok)this.logger.info(`[${r}] ${n.method} ${o} ${w.status}`,{method:n.method,url:o,statusCode:w.status,durationMs:Math.round(g)});else this.logger.warn(`[${r}] ${n.method} ${o} ${w.status}`,{method:n.method,url:o,statusCode:w.status,durationMs:Math.round(g),error:_});return h}catch(w){if(f=w instanceof Error?w:Error(String(w)),d++,d<=a)this.logger.warn(`[${r}] Retry ${d}/${a} after error`,{method:n.method,url:o,error:f.message,attempt:d,retries:a}),await new Promise((g)=>setTimeout(g,e))}let l=performance.now()-t;return this.logger.error(`[${r}] ${n.method} ${o} failed`,f,{method:n.method,url:o,durationMs:Math.round(l),attempts:d}),{isSuccess:!1,response:void 0,errors:{message:f?.message||"Unknown error"},code:null,headers:{},durationMs:l,requestId:r,createdAt:new Date}}async get(n,r){return this.fetch({...r,url:n,method:"GET"})}async post(n,r,t){return this.fetch({...t,url:n,method:"POST",body:r})}async put(n,r,t){return this.fetch({...t,url:n,method:"PUT",body:r})}async patch(n,r,t){return this.fetch({...t,url:n,method:"PATCH",body:r})}async delete(n,r){return this.fetch({...r,url:n,method:"DELETE"})}}var g5=new Ai;var w5={accessToken:"access_token",refreshToken:"refresh_token",sessionToken:"session_token"};function m5(n){let r=[],t="";for(let o=0;o<n.length;o++){let c=n[o];if(c===","){let i=n.slice(o+1).trimStart();if(/^[a-zA-Z0-9_-]+=/.test(i)){r.push(t.trim()),t="";continue}}t+=c}if(t.trim())r.push(t.trim());return r}function h5(n,r){let t={},o=["x-forwarded-for","x-real-ip","user-agent","accept-language","x-request-id","x-client-ip","cf-connecting-ip","true-client-ip"];for(let s of o){let f=n.get(s);if(f)t[s]=f}if(!t["user-agent"])t["user-agent"]="Nucleus-ServerAction/1.0";let c=n.get(`x-${r.accessToken}`),i=n.get(`x-${r.refreshToken}`),a=n.get(`x-${r.sessionToken}`);if(c)t[`x-${r.accessToken}`]=c;if(i)t[`x-${r.refreshToken}`]=i;if(a)t[`x-${r.sessionToken}`]=a;let e=n.get("cookie");if(e)t.cookie=e;return t}function $5(n){return n.replace(/_([a-z])/g,(r,t)=>t.toUpperCase())}function Is(n){let r={};for(let[t,o]of Object.entries(n)){let c=t.startsWith("_")?t:$5(t);if(o instanceof Date)r[c]=o.toISOString();else if(o&&typeof o==="object"&&!Array.isArray(o))r[c]=Is(o);else r[c]=o}return r}function A5(n,r){let t=new URLSearchParams,o=(i,a)=>{if(a===void 0||a===null)return;if(Array.isArray(a))for(let e of a)o(`${i}[]`,e);else if(a instanceof Date)t.append(i,a.toISOString());else if(typeof a==="object")for(let[e,s]of Object.entries(a))o(`${i}[${e}]`,s);else t.append(i,String(a))};for(let[i,a]of Object.entries(r))o(i,a);let c=t.toString();if(!c)return n;return n.includes("?")?`${n}&${c}`:`${n}?${c}`}function E5(n,r,t,o){let c={...w5,...r.tokenNames},i=new Ai({baseUrl:r.baseUrl,debug:r.debug,timeout:30000,retries:0});return async function(e,s){let f=n[e];if(!f)return{isSuccess:!1,errors:{message:`Endpoint "${e}" not found`},code:404};let d=await t(),l=await o(),w={};if(l.forEach((H,D)=>{w[D]=H}),(f.path.includes("/auth/login")||f.path.includes("/auth/oauth"))&&f.method==="POST")try{d.delete(c.accessToken),d.delete(c.refreshToken),d.delete(c.sessionToken)}catch(H){}let u=h5(l,c),m=f.path,_,S=new Set,h=/:([a-zA-Z_][a-zA-Z0-9_]*)/g,E=h.exec(m);while(E!==null){if(E[1])S.add(E[1]);E=h.exec(m)}if(s&&typeof s==="object"&&!(s instanceof FormData)){let H=s;for(let[D,R]of Object.entries(H))if(R!=null){if(S.has(D))m=m.replace(`:${D}`,String(R));else if(D.startsWith("_")&&S.has(D.substring(1)))m=m.replace(`:${D.substring(1)}`,String(R));else if(D==="id"&&S.has("id"))m=m.replace(":id",String(R))}}if(f.method==="GET"&&s&&typeof s==="object"){let H={...s};for(let D of S)delete H[D],delete H[`_${D}`];m=A5(m,H)}else if(s!==void 0){if(f.isFormData&&s instanceof FormData)_=s;else if(Array.isArray(s)){if(_=s.map((H)=>H&&typeof H==="object"?Is(H):H),!u["content-type"])u["content-type"]="application/json"}else if(_=f.skipCamelCase?s:Is(s),!u["content-type"])u["content-type"]="application/json"}let V=await i.fetch({url:m,method:f.method,headers:u,body:_});if(V.headers["set-cookie"])try{let H=V.headers["set-cookie"],D=m5(H);for(let R of D){let[$,...A]=R.split(";");if(!$)continue;let[M,z]=$.split("=");if(M&&z){let L={};for(let O of A){let[B,W]=O.trim().split("=");if(!B)continue;let G=B.toLowerCase();if(G==="path")L.path=W;else if(G==="domain")L.domain=W;else if(G==="max-age")L.maxAge=Number(W);else if(G==="expires"&&W)L.expires=new Date(W);else if(G==="httponly")L.httpOnly=!0;else if(G==="secure")L.secure=!0;else if(G==="samesite")L.sameSite=W}d.set(M.trim(),z.trim(),L)}}}catch(H){console.warn("[ServerFactory] Failed to process Set-Cookie headers:",H instanceof Error?H.message:String(H))}let Y=V.response;if(V.isSuccess&&Y&&typeof Y==="object"&&!Array.isArray(Y)){let H=Y;if("success"in H&&!("data"in H)){let{success:D,message:R,error:$,...A}=H;Y={success:D,...R!==void 0?{message:R}:{},...$!==void 0?{error:$}:{},...Object.keys(A).length>0?{data:A}:{}}}}return{isSuccess:V.isSuccess,data:Y,errors:V.errors,code:V.code,message:V.isSuccess?void 0:V.errors?.message}}}import{batch as S5,createStore as R5}from"h-state";var D5={connection:{status:"disconnected",clientId:null,subscribedTopics:[],error:null,reconnectAttempt:0},events:[],maxEvents:100},{useStore:ys}=R5(D5,{setConnectionStatus:(n)=>(r)=>{n.connection.status=r},setClientId:(n)=>(r)=>{n.connection.clientId=r},setSubscribedTopics:(n)=>(r)=>{n.connection.subscribedTopics=r},setError:(n)=>(r)=>{n.connection.error=r},setReconnectAttempt:(n)=>(r)=>{n.connection.reconnectAttempt=r},addEvent:(n)=>(r)=>{let t=[r,...n.events];n.events=t.slice(0,n.maxEvents)},clearEvents:(n)=>()=>{n.events=[]},reset:(n)=>()=>{S5(()=>{n.connection.status="disconnected",n.connection.clientId=null,n.connection.subscribedTopics=[],n.connection.error=null,n.connection.reconnectAttempt=0,n.events=[]})}});import{useEffect as md,useEffectEvent as jo,useRef as Ei}from"react";function k5(n){if(n.wsUrl){let i=n.wsUrl.replace(/\/$/,""),a=n.wsPath||"/api/events/subscribe",e=(n.topics||["*"]).join(",");return`${i}${a}?userId=${encodeURIComponent(n.userId)}&topics=${encodeURIComponent(e)}`}if(typeof window>"u")return"";let r=window.location.protocol==="https:"?"wss:":"ws:",t=window.location.host,o=n.wsPath||"/api/events/subscribe",c=(n.topics||["*"]).join(",");return`${r}//${t}${o}?userId=${encodeURIComponent(n.userId)}&topics=${encodeURIComponent(c)}`}var M5=0;function H5(n){let r=ys(),t=Ei(null),o=Ei(null),c=Ei(null),i=Ei(!1),a=Ei(n);a.current=n;let e=n.autoReconnect??!0,s=n.maxReconnectAttempts??10,f=n.reconnectBaseDelay??1000,d=n.reconnectMaxDelay??30000,l=n.heartbeatInterval??30000,w=n.debug??!1,g=(...R)=>{if(w)console.log("[usePubSub]",...R)},u=()=>{if(o.current)clearInterval(o.current),o.current=null},m=()=>{if(c.current)clearTimeout(c.current),c.current=null},_=(R)=>{u(),o.current=setInterval(()=>{if(R.readyState===WebSocket.OPEN)R.send(JSON.stringify({type:"ping"}))},l)},S=jo((R)=>{try{let $=JSON.parse(R.data);switch($.type){case"connected":r.setConnectionStatus("connected"),r.setClientId($.clientId),r.setSubscribedTopics($.subscribedTopics),r.setReconnectAttempt(0),r.setError(null),g("Connected, clientId:",$.clientId);break;case"subscribed":r.setSubscribedTopics($.topics),g("Subscribed to:",$.topics);break;case"event":{let A={id:`evt_${Date.now()}_${M5++}`,topic:$.topic,data:$.data,timestamp:$.timestamp,receivedAt:Date.now(),messageId:$.messageId,isRedelivery:$.isRedelivery};if(r.addEvent(A),$.messageId&&t.current?.readyState===WebSocket.OPEN)t.current.send(JSON.stringify({type:"ack",messageId:$.messageId}));break}case"pong":break;case"error":r.setError(Error($.error)),g("Server error:",$.error);break}}catch{g("Failed to parse message")}}),h=jo((R)=>{if(i.current)return;if(!e)return;if(R>=s){r.setConnectionStatus("disconnected"),r.setError(Error("Max reconnection attempts reached")),g("Max reconnect attempts reached");return}let $=Math.min(f*2**R,d);g(`Reconnecting in ${$}ms (attempt ${R+1}/${s})`),r.setConnectionStatus("reconnecting"),r.setReconnectAttempt(R+1),m(),c.current=setTimeout(()=>{if(!i.current)E()},$)}),E=jo(()=>{if(i.current)return;if(t.current?.readyState===WebSocket.OPEN)return;if(!a.current.userId)return;if(t.current){if(t.current.onopen=null,t.current.onmessage=null,t.current.onerror=null,t.current.onclose=null,t.current.readyState===WebSocket.OPEN||t.current.readyState===WebSocket.CONNECTING)t.current.close();t.current=null}let R=k5(a.current);if(!R)return;r.setConnectionStatus("connecting"),r.setError(null),g("Connecting to:",R);let $=new WebSocket(R);t.current=$,$.onopen=()=>{g("WebSocket opened"),_($)},$.onmessage=S,$.onerror=()=>{g("WebSocket error"),r.setError(Error("WebSocket connection error"))},$.onclose=(A)=>{if(g("WebSocket closed",A.code,A.reason),u(),r.setConnectionStatus("disconnected"),r.setClientId(null),!i.current&&A.code!==4001){let M=r.connection.reconnectAttempt;h(M)}}}),V=jo(()=>{if(u(),m(),t.current){if(t.current.onopen=null,t.current.onmessage=null,t.current.onerror=null,t.current.onclose=null,t.current.readyState===WebSocket.OPEN||t.current.readyState===WebSocket.CONNECTING)t.current.close();t.current=null}r.setConnectionStatus("disconnected"),r.setClientId(null)}),Y=jo((R)=>{if(t.current?.readyState!==WebSocket.OPEN)return;t.current.send(JSON.stringify({type:"subscribe",topics:R}))}),H=jo((R)=>{if(t.current?.readyState!==WebSocket.OPEN)return;t.current.send(JSON.stringify({type:"unsubscribe",topics:R}))}),D=jo((R)=>{return r.events.filter(($)=>$.topic===R)});return md(()=>{if(i.current=!1,n.userId)E();return()=>{i.current=!0,V()}},[n.userId]),md(()=>{if(r.connection.status==="connected"&&n.topics)Y(n.topics)},[n.topics?.join(",")]),{isConnected:r.connection.status==="connected",isConnecting:r.connection.status==="connecting"||r.connection.status==="reconnecting",clientId:r.connection.clientId,subscribedTopics:r.connection.subscribedTopics,events:r.events,error:r.connection.error,reconnectAttempt:r.connection.reconnectAttempt,connect:E,disconnect:V,subscribe:Y,unsubscribe:H,clearEvents:r.clearEvents,getEventsByTopic:D}}import{randomUUID as F8}from"crypto";var i0=Hr(Ed(),1);import{Elysia as Ba,NotFoundError as Rc}from"elysia";var ct,mo,Ft=typeof Bun<"u"&&!!Bun.file;function Sc(){if(ct||(ct=process.getBuiltinModule("fs/promises")),mo||(mo=process.getBuiltinModule("path")),!mo){console.warn("@elysiajs/static require path to be available.");return}return[ct,mo]}async function Sd(n){if(ct||Sc(),Ft){let r=new Bun.Glob("**/*.html"),t=[];for await(let o of r.scan(n))t.push(mo.join(n,o));return t}return[]}async function n0(n){if(ct||Sc(),Ft){let t=new Bun.Glob("**/*"),o=[];for await(let c of t.scan(n))o.push(mo.join(n,c));return o}let r=await ct.readdir(n).catch(()=>[]);return(await Promise.all(r.map(async(t)=>{let o=n+mo.sep+t,c=await ct.stat(o).catch(()=>null);return c?c.isDirectory()?await n0(o):[mo.resolve(n,o)]:[]}))).flat()}function r0(n){return ct||Sc(),ct.stat(n).then(()=>!0,()=>!1)}class t0{constructor(n=250,r=10800){this.max=n,this.ttl=r,this.map=new Map}get(n){let r=this.map.get(n);if(r)return r[1]<=Date.now()?void this.delete(n):(this.map.delete(n),this.map.set(n,r),r[0])}set(n,r){if(this.interval||(this.interval=setInterval(()=>{let t=Date.now();for(let[o,c]of this.map)c[1]<=t&&this.map.delete(o)},this.ttl)),this.map.has(n))this.map.delete(n);else if(this.map.size>=this.max){let t=this.map.keys().next().value;t!==void 0&&this.delete(t)}this.map.set(n,[r,Date.now()+this.ttl*1000])}delete(n){this.map.get(n)&&this.map.delete(n)}clear(){this.map.clear()}size(){return this.map.size}[Symbol.dispose](){this.interval&&clearInterval(this.interval)}}function o0(n,r,t){if(n["cache-control"]&&/no-cache|no-store/.test(n["cache-control"]))return!1;if("if-none-match"in n){let o=n["if-none-match"];return o==="*"?!0:o===null||typeof r!="string"?!1:o===r}if(n["if-modified-since"]){let o=n["if-modified-since"];try{return ct.stat(t).then((c)=>{if(c.mtime!==void 0&&c.mtime.getTime()<=Date.parse(o))return!0})}catch{}}return!1}var za;function Si(n){return Ft?Bun.file(n):(ct||Sc(),ct.readFile(n))}async function c0(n){return Ft?new Bun.CryptoHasher("md5").update(await n.arrayBuffer()).digest("base64"):(za||(za=process.getBuiltinModule("crypto")),za?za.createHash("md5").update(n).digest("base64"):void console.warn("[@elysiajs/static] crypto is required to generate etag."))}var Ri=(n)=>{if(!n)return!1;for(let r in n)return!0;return!1};async function Rd({assets:n="public",prefix:r="/public",staticLimit:t=1024,alwaysStatic:o=!1,ignorePatterns:c=[".DS_Store",".git",".env"],headers:i,maxAge:a=86400,directive:e="public",etag:s=!0,extension:f=!0,indexHTML:d=!0,decodeURI:l,silent:w}={}){if(typeof process>"u"||typeof process.getBuiltinModule>"u")return w||console.warn("[@elysiajs/static] require process.getBuiltinModule. Static plugin is disabled"),new Ba;let g=Sc();if(!g)return new Ba;let[u,m]=g,_=m.sep!=="/"?(H)=>H.replace(/\\/g,"/"):(H)=>H,S=new t0;r===m.sep&&(r="");let h=m.resolve(n),E=c.length?(H)=>c.find((D)=>typeof D=="string"?D.includes(H):D.test(H)):()=>!1,V=new Ba({name:"static",seed:r});if(o){let H=await n0(m.resolve(n));if(H.length<=t)for(let D of H){let R=function({headers:L}){if(z){let W=o0(L,z,D);if(W===!0)return new Response(null,{status:304,headers:Ri(i)?i:void 0});if(W!==!1){let G=S.get(A);return G?G.clone():W.then((j)=>{if(j)return new Response(null,{status:304,headers:i||void 0});let N=new Response(M,{headers:Object.assign({"Cache-Control":a?`${e}, max-age=${a}`:e},i,z?{Etag:z}:{})});return S.set(r,N),N.clone()})}}let O=S.get(A);if(O)return O.clone();let B=new Response(M,{headers:Object.assign({"Cache-Control":a?`${e}, max-age=${a}`:e},i,z?{Etag:z}:{})});return S.set(A,B),B.clone()};var Y=R;if(!D||E(D))continue;let $=D.replace(h,"");l&&($=i0.default($)??$);let A=_(m.join(r,$));if(Ft&&D.endsWith(".html")){let L=await import(D);V.get(A,L.default),d&&A.endsWith("/index.html")&&V.get(A.replace("/index.html",""),L.default);continue}f||(A=_(A.slice(0,A.lastIndexOf("."))));let M=Ft?Si(D):await Si(D);if(!M)return w||console.warn(`[@elysiajs/static] Failed to load file: ${D}`),new Ba;let z=await c0(M);V.get(A,s?R:new Response(M,Ri(i)?{headers:i}:void 0)),d&&A.endsWith("/index.html")&&V.get(A.replace("/index.html",""),s?R:new Response(M,Ri(i)?{headers:i}:void 0))}return V}if(!(`GET_${r}/*`in V.routeTree)){if(Ft){let H=await Sd(m.resolve(n));for(let D of H){if(!D||E(D))continue;let R=D.replace(h,""),$=_(m.join(r,R)),A=await import(D);V.get($,A.default),d&&$.endsWith("/index.html")&&V.get($.replace("/index.html",""),A.default)}}V.onError(()=>{}).get(`${r.endsWith("/")?r.slice(0,-1):r}/*`,async({params:H,headers:D})=>{let R=_(m.join(n,l?i0.default(H["*"])??H["*"]:H["*"]));if(E(R))throw new Rc;let $=S.get(R);if($)return $.clone();try{let A=await u.stat(R).catch(()=>null);if(!A)throw new Rc;if(!d&&A.isDirectory())throw new Rc;let M;if(!Ft&&d){let O=m.join(R,"index.html"),B=S.get(O);if(B)return B.clone();await r0(O)&&(M=await Si(O))}if(!M&&!A.isDirectory()&&await r0(R))M=await Si(R);else throw new Rc;if(!s)return new Response(M,Ri(i)?{headers:i}:void 0);let z=await c0(M);if(z&&await o0(D,z,R))return new Response(null,{status:304});let L=new Response(M,{headers:Object.assign({"Cache-Control":a?`${e}, max-age=${a}`:e},i,z?{Etag:z}:{})});return S.set(R,L),L.clone()}catch(A){throw A instanceof Rc?A:(w||console.error("[@elysiajs/static]",A),new Rc)}})}return V}of();q0();import{pushSchema as j8}from"drizzle-kit/api";import{and as gi,eq as Er}from"drizzle-orm";import{drizzle as K8}from"drizzle-orm/node-postgres";import{pgSchema as v8}from"drizzle-orm/pg-core";import Z8 from"elysia";var Ui=[{table_name:"users",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"email",type:"varchar",length:255},{name:"password",type:"varchar",length:255},{name:"verified_at",type:"timestamp"},{name:"email_verification_token",type:"varchar",length:255},{name:"email_verification_token_expires_at",type:"timestamp"},{name:"email_verification_sent_at",type:"timestamp"},{name:"email_verification_attempts",type:"integer",default:0},{name:"last_login_at",type:"timestamp"},{name:"login_count",type:"integer",default:0},{name:"is_locked",type:"boolean",default:!1},{name:"locked_until",type:"timestamp"},{name:"failed_login_attempts",type:"integer",default:0},{name:"is_god",type:"boolean",default:!1}],indexes:[{columns:["email"],unique:!0},{columns:["email","is_active"]},{columns:["last_login_at"]},{columns:["is_locked","locked_until"]}]},{table_name:"profiles",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"first_name",type:"varchar",length:100,notNull:!0},{name:"last_name",type:"varchar",length:100,notNull:!0}],indexes:[{columns:["user_id"],unique:!0},{columns:["first_name","last_name"]}]},{table_name:"roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500}],indexes:[{columns:["name"],unique:!0}]},{table_name:"claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"action",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500},{name:"path",type:"varchar",length:200,notNull:!0},{name:"method",type:"varchar",length:10,notNull:!0}],indexes:[{columns:["action"],unique:!0},{columns:["path","method"]}]},{table_name:"user_roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}}],indexes:[{columns:["user_id"]},{columns:["role_id"]}],constraints:{unique:[{name:"unique_user_role",columns:["user_id","role_id"]}]}},{table_name:"role_claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}},{name:"claim_id",type:"uuid",notNull:!0,references:{table:"claims",column:"id",onDelete:"cascade"}},{name:"scope",type:"text"}],indexes:[{columns:["role_id"]},{columns:["claim_id"]},{columns:["role_id","claim_id","scope"]}]},{table_name:"files",feature_set:["storage"],add_base_columns:!0,is_form_data:!0,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:255,notNull:!0},{name:"original_name",type:"varchar",length:255,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["image","document","video","audio","profile_picture"]},{name:"path",type:"varchar",length:500,notNull:!0},{name:"size",type:"bigint",mode:"number",notNull:!0},{name:"mime_type",type:"varchar",length:100,notNull:!0},{name:"extension",type:"varchar",length:10,notNull:!0},{name:"uploaded_by",type:"uuid",references:{table:"users",column:"id"}}],indexes:[{columns:["type"]},{columns:["uploaded_by"]},{columns:["size"]}]},{table_name:"addresses",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"street",type:"varchar",length:255},{name:"city",type:"varchar",length:100},{name:"state",type:"varchar",length:50},{name:"zip",type:"varchar",length:20},{name:"country",type:"varchar",length:50,default:"US"},{name:"latitude",type:"decimal",precision:10,scale:8},{name:"longitude",type:"decimal",precision:11,scale:8},{name:"neighborhood",type:"varchar",length:100},{name:"apartment",type:"varchar",length:50},{name:"province",type:"varchar",length:100},{name:"district",type:"varchar",length:100},{name:"type",type:"varchar",length:50}],indexes:[{columns:["city","state"]},{columns:["latitude","longitude"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"phones",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["mobile","office","fax"]},{name:"number",type:"varchar",length:20,notNull:!0},{name:"country_code",type:"varchar",length:10,notNull:!0,default:"+1"},{name:"extension",type:"varchar",length:10}],indexes:[{columns:["number"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"notifications",feature_set:["notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",notNull:!0},{name:"title",type:"varchar",length:255,notNull:!0},{name:"body",type:"varchar",length:1000},{name:"entity_name",type:"varchar",length:100},{name:"entity_id",type:"uuid"},{name:"type",type:"varchar",length:50,notNull:!0,default:"system",enumValues:["verification","system","custom"]},{name:"source",type:"varchar",length:100},{name:"is_seen",type:"boolean",notNull:!0,default:!1},{name:"seen_at",type:"timestamptz"}],indexes:[{columns:["user_id","created_at"]},{columns:["is_seen"]},{columns:["type"]},{columns:["user_id","type","is_seen"]}]},{table_name:"tenants",feature_set:["multi-tenant"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:[],columns:[{name:"subdomain",type:"varchar",length:100,notNull:!0,unique:!0},{name:"company_id",type:"uuid",notNull:!0},{name:"schema_name",type:"varchar",length:100,notNull:!0,unique:!0},{name:"company_name",type:"varchar",length:255},{name:"god_admin_email",type:"varchar",length:255}],indexes:[]},{table_name:"verifications",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"instance_id",type:"uuid",notNull:!0,references:{table:"verificationInstances",column:"id",onDelete:"cascade"}},{name:"requirement_id",type:"uuid",notNull:!0,references:{table:"verificationRequirements",column:"id"}},{name:"verifier_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"signature_id",type:"uuid",references:{table:"files",column:"id"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"decision",type:"varchar",length:50,notNull:!0,default:"pending",enumValues:["approved","rejected","pending"]},{name:"reason",type:"text"},{name:"diff",type:"jsonb"}],indexes:[{columns:["instance_id"]},{columns:["requirement_id"]},{columns:["verifier_id"]},{columns:["entity_name","entity_id"]},{columns:["entity_name","entity_id","step_order"]},{columns:["decision"]}]},{table_name:"verificationRequirements",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"instance_id",type:"uuid",notNull:!0,references:{table:"verificationInstances",column:"id",onDelete:"cascade"}},{name:"step_node_id",type:"varchar",length:100,notNull:!0},{name:"verifier_node_id",type:"varchar",length:100,notNull:!0},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"verifier_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role"]},{name:"verifier_user_id",type:"uuid"},{name:"verifier_role",type:"varchar",length:100},{name:"require_signature",type:"boolean",notNull:!0,default:!1},{name:"all_must_approve",type:"boolean",notNull:!0,default:!1},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"status",type:"varchar",length:30,notNull:!0,default:"pending",enumValues:["pending","approved","rejected"]}],indexes:[{columns:["instance_id"]},{columns:["instance_id","step_order"]},{columns:["entity_name","entity_id"]},{columns:["verifier_user_id"]},{columns:["status"]}]},{table_name:"verificationFlows",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"trigger_on",type:"varchar",length:50,notNull:!0,default:"update",enumValues:["create","update","delete","manual"]},{name:"trigger_fields",type:"jsonb"},{name:"is_draft",type:"boolean",notNull:!0,default:!0},{name:"published_at",type:"timestamptz"},{name:"viewport",type:"jsonb"}],indexes:[{columns:["entity_name"]},{columns:["entity_name","trigger_on"]},{columns:["is_draft"]}]},{table_name:"verificationSteps",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"node_type",type:"varchar",length:50,notNull:!0,default:"step",enumValues:["step","verifier","notification"]},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"name",type:"varchar",length:255},{name:"description",type:"text"},{name:"position_x",type:"numeric",notNull:!0,default:0},{name:"position_y",type:"numeric",notNull:!0,default:0},{name:"width",type:"numeric"},{name:"height",type:"numeric"},{name:"style",type:"jsonb"},{name:"data",type:"jsonb"}],indexes:[{columns:["flow_id"]},{columns:["entity_name"]},{columns:["flow_id","node_id"],unique:!0},{columns:["entity_name","step_order"]}]},{table_name:"verificationEdges",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"edge_id",type:"varchar",length:100,notNull:!0},{name:"source_node_id",type:"varchar",length:100,notNull:!0},{name:"target_node_id",type:"varchar",length:100,notNull:!0},{name:"source_handle",type:"varchar",length:50},{name:"target_handle",type:"varchar",length:50},{name:"edge_type",type:"varchar",length:50,default:"default",enumValues:["default","conditional","success","failure"]},{name:"label",type:"varchar",length:255},{name:"condition",type:"jsonb"},{name:"style",type:"jsonb"},{name:"animated",type:"boolean",default:!1}],indexes:[{columns:["flow_id"]},{columns:["flow_id","edge_id"],unique:!0},{columns:["source_node_id"]},{columns:["target_node_id"]}]},{table_name:"verificationNotificationRules",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"trigger",type:"varchar",length:50,notNull:!0,enumValues:["on_flow_started","on_step_reached","on_approved","on_rejected","on_flow_completed"]},{name:"title_template",type:"varchar",length:255},{name:"body_template",type:"text"},{name:"starts_at",type:"timestamptz"},{name:"expires_at",type:"timestamptz"}],indexes:[{columns:["flow_id"]},{columns:["flow_id","node_id"],unique:!0},{columns:["trigger"]}]},{table_name:"verificationNotificationRecipients",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"rule_id",type:"uuid",notNull:!0,references:{table:"verificationNotificationRules",column:"id",onDelete:"cascade"}},{name:"recipient_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role","all_verifiers","step_verifier","entity_creator"]},{name:"recipient_user_id",type:"uuid"},{name:"recipient_role",type:"varchar",length:100}],indexes:[{columns:["rule_id"]},{columns:["recipient_type"]}]},{table_name:"verificationVerifierConfigs",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"verifier_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role"]},{name:"verifier_user_id",type:"uuid"},{name:"verifier_role",type:"varchar",length:100},{name:"require_signature",type:"boolean",notNull:!0,default:!1},{name:"all_must_approve",type:"boolean",notNull:!0,default:!1}],indexes:[{columns:["flow_id"]},{columns:["flow_id","node_id"],unique:!0},{columns:["verifier_type"]}]},{table_name:"verificationInstances",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"started_by",type:"uuid",references:{table:"users",column:"id"}},{name:"status",type:"varchar",length:30,notNull:!0,default:"active",enumValues:["active","completed","rejected","cancelled"]},{name:"current_step_order",type:"integer",notNull:!0,default:1},{name:"started_at",type:"timestamptz",notNull:!0,defaultRaw:"now()"},{name:"completed_at",type:"timestamptz"}],indexes:[{columns:["flow_id"]},{columns:["entity_name","entity_id"]},{columns:["entity_name","entity_id","status"]},{columns:["status"]},{columns:["started_by"]}]},{table_name:"verificationNotificationChannels",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"rule_id",type:"uuid",notNull:!0,references:{table:"verificationNotificationRules",column:"id",onDelete:"cascade"}},{name:"channel",type:"varchar",length:30,notNull:!0,enumValues:["portal","email","sms","telegram","webhook"]}],indexes:[{columns:["rule_id"]},{columns:["rule_id","channel"],unique:!0},{columns:["channel"]}]},{table_name:"user_sessions",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"refresh_token_hash",type:"varchar",length:255},{name:"device_fingerprint",type:"varchar",length:255},{name:"device_name",type:"varchar",length:100},{name:"device_type",type:"varchar",length:50,enumValues:["desktop","mobile","tablet","unknown"]},{name:"browser_name",type:"varchar",length:50},{name:"browser_version",type:"varchar",length:20},{name:"os_name",type:"varchar",length:50},{name:"os_version",type:"varchar",length:20},{name:"ip_address",type:"varchar",length:45,notNull:!0},{name:"location_country",type:"varchar",length:100},{name:"location_city",type:"varchar",length:100},{name:"location_coordinates",type:"varchar",length:50},{name:"last_activity_at",type:"timestamptz",notNull:!0,defaultRaw:"now()"},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"revoked_at",type:"timestamptz"},{name:"revoked_reason",type:"varchar",length:100,enumValues:["user_logout","user_revoked","admin_revoked","security_concern","password_changed","expired","replaced"]},{name:"is_current",type:"boolean",notNull:!0,default:!1},{name:"login_method",type:"varchar",length:50,enumValues:["password","oauth_google","oauth_github","oauth_microsoft","magic_link","sso","api_key"]},{name:"remember_me",type:"boolean",notNull:!0,default:!1},{name:"trust_score",type:"integer",default:100},{name:"approval_status",type:"varchar",length:20,default:"approved",enumValues:["approved","pending","rejected"]},{name:"approval_token",type:"varchar",length:64},{name:"approval_requested_at",type:"timestamptz"},{name:"approval_responded_at",type:"timestamptz"}],indexes:[{columns:["user_id"]},{columns:["token_hash"],unique:!0},{columns:["refresh_token_hash"]},{columns:["user_id","is_active"]},{columns:["expires_at"]},{columns:["device_fingerprint"]},{columns:["ip_address"]},{columns:["last_activity_at"]},{columns:["approval_status"]},{columns:["approval_token"]}]},{table_name:"password_reset_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["expires_at"]}]},{table_name:"magic_link_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"email",type:"varchar",length:255,notNull:!0},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["email"]},{columns:["expires_at"]}]},{table_name:"audit_logs",feature_set:["audit"],add_base_columns:!1,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","DELETE","PATCH","TOGGLE","VERIFICATION"],columns:[{name:"id",type:"uuid",primaryKey:!0,defaultRaw:"gen_random_uuid()"},{name:"entity_id",type:"uuid"},{name:"entity_name",type:"text",notNull:!0},{name:"operation_type",type:"text",notNull:!0},{name:"user_id",type:"uuid"},{name:"ip_address",type:"text"},{name:"user_agent",type:"text"},{name:"summary",type:"text"},{name:"old_values",type:"jsonb"},{name:"new_values",type:"jsonb"},{name:"created_at",type:"timestamp",notNull:!0,defaultRaw:"now()"},{name:"path",type:"text"},{name:"query",type:"text"}],indexes:[{columns:["entity_id"]},{columns:["entity_name"]},{columns:["user_id"]},{columns:["created_at"]}]},{table_name:"oauth_accounts",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!1,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:50,notNull:!0,enumValues:["google","github","microsoft","discord","facebook","twitter","apple","custom"]},{name:"provider_account_id",type:"varchar",length:255,notNull:!0},{name:"provider_email",type:"varchar",length:255},{name:"provider_name",type:"varchar",length:255},{name:"provider_avatar_url",type:"text"},{name:"access_token",type:"text"},{name:"refresh_token",type:"text"},{name:"token_expires_at",type:"timestamp"},{name:"scope",type:"text"},{name:"raw_profile",type:"jsonb"},{name:"is_primary",type:"boolean",notNull:!0,default:!1},{name:"last_used_at",type:"timestamp"}],indexes:[{columns:["user_id"]},{columns:["provider","provider_account_id"],unique:!0},{columns:["provider_email"]},{columns:["user_id","provider"]}],constraints:{unique:[{name:"unique_provider_account",columns:["provider","provider_account_id"]}]}}];var th={GET:["GET"],POST:["POST"],PUT:["PUT"],DELETE:["DELETE"],PATCH:["PATCH"],TOGGLE:["PATCH"],VERIFICATION:["POST"]};function oh(n,r){let t=[],o=n.authentication;if(!o)return t;if(o.login?.enabled&&o.login?.isPublic)t.push({path:o.login.route||`${r}/auth/login`,method:"POST",source:"auth"});if(o.register?.enabled&&o.register?.isPublic)t.push({path:o.register.route||`${r}/auth/register`,method:"POST",source:"auth"});if(o.logout?.enabled&&o.logout?.isPublic)t.push({path:o.logout.route||`${r}/auth/logout`,method:"POST",source:"auth"});if(o.refresh?.enabled&&o.refresh?.isPublic)t.push({path:o.refresh.route||`${r}/auth/refresh`,method:"POST",source:"auth"});if(o.passwordReset?.enabled&&o.passwordReset?.isPublic){let c=o.passwordReset.route||`${r}/auth/password-reset`;t.push({path:`${c}/request`,method:"POST",source:"auth"},{path:`${c}/confirm`,method:"POST",source:"auth"})}if(o.passwordChange?.enabled&&o.passwordChange?.isPublic)t.push({path:o.passwordChange.route||`${r}/auth/password-change`,method:"POST",source:"auth"});if(o.magicLink?.enabled&&o.magicLink?.isPublic)t.push({path:o.magicLink.route||`${r}/auth/magic-link`,method:"POST",source:"auth"},{path:o.magicLink.verifyRoute||`${r}/auth/magic-link/verify`,method:"GET",source:"auth"});if(o.register?.enabled&&o.register?.emailVerification?.enabled)t.push({path:`${r}/verify-email`,method:"GET",source:"auth"},{path:`${r}/resend-verification`,method:"POST",source:"auth"});if(o.invite?.enabled&&o.invite?.isPublic)t.push({path:o.invite.route||`${r}/auth/invite`,method:"POST",source:"auth"});if(o.invite?.enabled){let c=o.invite.route||`${r}/auth/invite`;t.push({path:`${c}/verify`,method:"POST",source:"auth"})}if(o.passwordSet?.enabled)t.push({path:o.passwordSet.route||`${r}/auth/password-set`,method:"POST",source:"auth"});if(o.captcha?.enabled&&o.captcha?.isPublic){let c=o.captcha.route||`${r}/auth/captcha`;t.push({path:`${c}/generate`,method:"GET",source:"auth"},{path:`${c}/validate`,method:"POST",source:"auth"})}if(o.sessions?.enabled){let c=o.sessions.route||`${r}/auth/sessions`;t.push({path:`${c}/approve`,method:"POST",source:"auth"},{path:`${c}/reject`,method:"POST",source:"auth"},{path:`${c}/approve-page`,method:"GET",source:"auth"},{path:`${c}/reject-page`,method:"GET",source:"auth"},{path:`${c}/approval-status`,method:"GET",source:"auth"})}if(o.oauth?.enabled){let c=o.oauth.basePath||`${r}/auth/oauth`,i=["google","github","microsoft","discord","facebook","twitter","apple","custom"];t.push({path:`${c}/providers`,method:"GET",source:"auth"});for(let a of i)t.push({path:`${c}/${a}`,method:"GET",source:"auth"},{path:`${c}/${a}/callback`,method:"GET",source:"auth"})}return t}function ob(n,r,t){let o=[];for(let c of n){if(!c.is_public)continue;let i=`${r}/${t}/${c.table_name}`;for(let[a,e]of Object.entries(c.is_public)){if(!e)continue;let s=th[a];if(!s)continue;for(let f of s)if(f==="GET")o.push({path:i,method:"GET",source:"entity"}),o.push({path:`${i}/:id`,method:"GET",source:"entity"});else if(f==="POST")o.push({path:i,method:"POST",source:"entity"});else if(f==="PUT"||f==="PATCH")o.push({path:`${i}/:id`,method:f,source:"entity"});else if(f==="DELETE")o.push({path:`${i}/:id`,method:"DELETE",source:"entity"})}}return o}function ch(n,r,t){return ob(n,r,t)}function cf(n,r,t="",o="public"){let c=oh(n,t),i=ob(n.entities||[],t,o),a=ch(r,t,o),e=[];if(n.pubsub?.enabled){let f=n.pubsub.basePath||"/subs",d=n.pubsub.wsPath||"/api/events/subscribe";e.push({path:`${f}/:topic`,method:"POST",source:"system"},{path:d,method:"GET",source:"system"})}let s=[{path:"/nucleus-core",method:"GET",source:"custom"},{path:"/public",method:"GET",source:"custom"},{path:"/docs",method:"GET",source:"custom"},{path:"/docs/json",method:"GET",source:"custom"},{path:"/swagger",method:"GET",source:"custom"},{path:"/swagger/json",method:"GET",source:"custom"}];return[...c,...i,...a,...e,...s]}function af(n,r,t){let o=r.replace(/\/$/,""),c=t.toUpperCase();for(let i of n){if(i.method!==c)continue;if(ih(i.path,o))return!0}return!1}function ih(n,r){if(n===r)return!0;let t=n.split("/").filter(Boolean),o=r.split("/").filter(Boolean);if(t.length!==o.length)return!1;for(let c=0;c<t.length;c++){let i=t[c],a=o[c];if(i?.startsWith(":"))continue;if(i!==a)return!1}return!0}import{asc as Nh,desc as xh,eq as $r,ilike as Nb,inArray as Ph,notInArray as Ch,or as qh}from"drizzle-orm";import{drizzle as Fh}from"drizzle-orm/node-postgres";import{Elysia as jh,t as Nn}from"elysia";x0();_e();be();import{t as Tn}from"elysia";function Gh(n){let r={};if(!n||n.length===0)return Tn.Object({},{additionalProperties:!0});for(let t of n)switch(t.type?.toLowerCase()||"string"){case"integer":case"int":case"serial":case"bigserial":case"numeric":case"decimal":r[t.name]=t.notNull?Tn.Number():Tn.Optional(Tn.Number());break;case"boolean":r[t.name]=t.notNull?Tn.Boolean():Tn.Optional(Tn.Boolean());break;case"timestamp":case"timestamptz":case"date":r[t.name]=t.notNull?Tn.String({format:"date-time"}):Tn.Optional(Tn.String({format:"date-time"}));break;case"json":case"jsonb":r[t.name]=Tn.Optional(Tn.Unknown());break;case"uuid":r[t.name]=t.notNull?Tn.String({format:"uuid"}):Tn.Optional(Tn.String({format:"uuid"}));break;default:r[t.name]=t.notNull?Tn.String():Tn.Optional(Tn.String())}return Tn.Object(r,{additionalProperties:!0})}function Gb(n){return Tn.Array(Tn.Object({id:Tn.String(),data:Gh(n)}))}function Mf(n,r){let{db:t,schemaTables:o,schemaRelations:c,entities:i,logger:a,databaseUrl:e,storage:s,authorization:f,authMode:d,idpUrl:l}=r,w=Yi(s),g=f?.enabled??!1,u=d==="consumer";if(!t)return n;let m=Object.keys(o),_=i.map(($)=>$.table_name),S=m.filter(($)=>!_.includes($)),h=["userSessions","passwordResetTokens","magicLinkTokens"],E=["passwordResetTokens","magicLinkTokens"],V=["files"];function Y($){return $.replace(/_([a-z])/g,(A,M)=>M.toUpperCase())}let H=new Map(Ui.map(($)=>[Y($.table_name),$])),D=S.filter(($)=>{if(E.includes($)&&!r.emailServiceAvailable)return a.info(`Skipping ${$} routes - email service not available`),!1;return!0}).map(($)=>{let A=H.get($);return{table_name:$,group_name:h.includes($)?"Authentication":$,is_form_data:V.includes($),bulk_endpoints_enabled:A?.bulk_endpoints_enabled??!1,excluded_methods:A?.excluded_methods?[...A.excluded_methods]:[]}}),R=[...i,...D];a.info(`All entities: ${R.map(($)=>$.table_name).join(", ")}`);for(let $ of R){let A=$.table_name,M=$.group_name||$.table_name,z=o[A];if(!z)continue;let L=c[`${A}Relations`];a.info(`Creating routes for table: ${A}`);let O=z,B=O.id,W=t,G=(Q)=>O[Q]??O[Y(Q)],j=Gb($.columns),N=Nn.Array(Nn.String()),x=async(Q,v,C,y)=>{let p=Q.headers.get("x-user-id");if(!g||!p)return null;if(u){let F=(Q.headers.get("x-user-claims")||"").split(",").filter(Boolean),nn=(Q.headers.get("x-user-roles")||"").split(",").filter(Boolean);if(l){let cn=Q.headers.get("x-access-token")||(Q.headers.get("cookie")||"").match(/access_token=([^;]+)/)?.[1]||"";return ku({idpUrl:l,accessToken:cn,method:v,entity:$.table_name,requestedFields:C,requestedRelations:y,logger:a})}return Du({userClaims:F,userRoles:nn,method:v,entity:$.table_name,requestedFields:C,requestedRelations:y,logger:a})}return pa({userId:p,method:v,entity:$.table_name,requestedFields:C,requestedRelations:y,db:W,schemaTables:o,logger:a})},I=new jh({prefix:`/${A}`});if(!$.excluded_methods?.includes("GET"))I.get("/",async(Q)=>{if(!W)return{success:!1,message:"DB not initialized"};let v=$.columns?.map((Gn)=>Gn.name),C=Object.keys(c).filter((Gn)=>Gn.startsWith(`${$.table_name}Relations`)).map((Gn)=>Gn.replace("Relations","")),y=await x(Q.request,"GET",v,C);if(y&&!y.authorized)return{success:!1,message:y.reason||"Unauthorized",status:403};let p=Af(Q.query),F=[];if(g&&y?.scopeFilters)for(let[Gn,Yn]of Object.entries(y.scopeFilters)){let rn=G(Gn);if(rn)F.push($r(rn,Yn))}if(p.search&&p.searchFields){let Gn=p.searchFields.map((Yn)=>{let rn=Yn.trim(),Hn=G(rn);return Hn?Nb(Hn,`%${p.search}%`):null}).filter((Yn)=>Yn!==null);if(Gn.length>0){let Yn=qh(...Gn);if(Yn)F.push(Yn)}}if(p.filters){let{ne:Gn,gt:Yn,gte:rn,lt:Hn,lte:yn,like:Kn,isNull:Lr,isNotNull:Fr}=await import("drizzle-orm");for(let wr of p.filters){let dr=G(wr.field);if(!dr)continue;switch(wr.operator){case"eq":F.push($r(dr,wr.value));break;case"neq":F.push(Gn(dr,wr.value));break;case"gt":F.push(Yn(dr,wr.value));break;case"gte":F.push(rn(dr,wr.value));break;case"lt":F.push(Hn(dr,wr.value));break;case"lte":F.push(yn(dr,wr.value));break;case"like":F.push(Kn(dr,wr.value));break;case"ilike":F.push(Nb(dr,wr.value));break;case"in":F.push(Ph(dr,wr.value));break;case"notIn":F.push(Ch(dr,wr.value));break;case"isNull":F.push(Lr(dr));break;case"isNotNull":F.push(Fr(dr));break}}}let nn=W.select().from(z);if(F.length>0){let{and:Gn}=await import("drizzle-orm"),Yn=Gn(...F);if(Yn)nn=nn.where(Yn)}if(p.sort&&p.sort.length>0){let Gn=p.sort.map((Yn)=>{let rn=G(Yn.field);if(!rn)return null;return Yn.direction==="desc"?xh(rn):Nh(rn)}).filter((Yn)=>Yn!==null);if(Gn.length>0)nn=nn.orderBy(...Gn)}let cn=p.page??1,hn=p.limit??20,dn=p.offset??(cn-1)*hn,On=W.select().from(z);if(F.length>0){let{and:Gn}=await import("drizzle-orm"),Yn=Gn(...F);if(Yn)On.where(Yn)}let ln=(await On).length;nn=nn.limit(hn).offset(dn);let gr=await nn,ot=Wb(cn,hn,dn,ln);if(g&&y?.allowedFields)gr=Ia(gr,y.allowedFields);return{success:!0,data:{items:gr,meta:ot}}},{detail:{tags:[M],summary:`List ${A}`,description:`Get paginated list of ${A} records with filtering, sorting, and search`}}),I.get("/:id",async(Q)=>{if(!W||!B)return{success:!1,message:"No id column or DB"};let v=Q.params,C=Af(Q.query),y=$.columns?.map((hn)=>hn.name),p=C.with?.map((hn)=>hn.name),F=await x(Q.request,"GET",y,p);if(F&&!F.authorized)return{success:!1,message:F.reason||"Unauthorized",status:403};if(C.with&&C.with.length>0&&L&&e){let hn=g&&F?.allowedRelations?C.with.filter((vn)=>F.allowedRelations?.includes(vn.name)??!1):C.with,On=await Fh(e,{schema:{...o,...c}}).query[$.table_name]?.findFirst({where:$r(B,v.id),with:hn.reduce((vn,ln)=>{return vn[ln.name]=ln.limit?{limit:ln.limit}:!0,vn},{})});if(g&&F?.allowedFields&&On)On=Ia(On,F.allowedFields);if(g&&F?.allowedRelations&&On)On=Mu(On,F.allowedRelations);return{success:!0,data:On||null}}let cn=(await W.select().from(z).where($r(B,v.id)))[0]||null;if(g&&F?.allowedFields&&cn)cn=Ia(cn,F.allowedFields);return{success:!0,data:cn}},{detail:{tags:[M],summary:`Get ${A} by ID`,description:`Get a single ${A} record by its ID with optional relations`}}),I.get("/distinct/:field",async(Q)=>{if(!W)return{success:!1,message:"DB not initialized"};let v=Q.params,C=G(v.field);if(!C)return{success:!1,message:"Field not found"};return{success:!0,data:await W.selectDistinct({value:C}).from(z)}},{detail:{tags:[M],summary:`Get distinct ${A} values`,description:`Get distinct values for a specific field in ${A}`}});if(!$.excluded_methods?.includes("POST"))if($.is_form_data&&w.enabled)I.post("/",async(Q)=>{if(!W)return{success:!1,message:"DB not initialized"};let v=Q.request.headers.get("x-user-id"),{data:C,files:y}=Ji(Q.body,w),p=C;if($.columns){p=ko(p,$.columns);let cn=Do(p,$.columns,!1);if(!cn.valid)return{success:!1,message:"Validation failed",errors:cn.errors}}let F=null;if(y.length>0){if(F=await Xi(y,w,$.table_name),F.failed.length>0&&F.success.length===0)return{success:!1,message:"File upload failed",errors:F.failed};if(F.success.length>0){let cn=F.success[0];if(cn){let hn=cn.originalName.split(".").pop()||"";p={...p,id:cn.id,name:cn.name,originalName:cn.originalName,path:cn.path,mimeType:cn.mimeType,size:cn.size,extension:hn,uploadedBy:v}}}}if(v)p.createdBy=v;let nn=await W.insert(z).values(p).returning();{let cn=new URL(Q.request.url);a.audit({entityName:$.table_name,entityId:String(nn[0]?.id??""),operation:"CREATE",userId:v||void 0,summary:`Created ${$.table_name}`,newValues:nn[0],ipAddress:Q.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||Q.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:Q.request.headers.get("user-agent")||"unknown",path:cn.pathname,query:cn.search})}return{success:!0,data:nn[0]}},{type:"formdata",body:Nn.Object({[w.formData.dataField]:Nn.Optional(Nn.Union([Nn.String(),Nn.Any()])),[w.formData.filesField]:Nn.Optional(Nn.Union([Nn.File(),Nn.Array(Nn.File())]))}),detail:{tags:[M],summary:`Create ${A} with files`,description:`Create a new ${A} record with file upload support`}});else I.post("/",async(Q)=>{if(!W)return{success:!1,message:"DB not initialized"};let v=Q.body,C=Q.request.headers.get("x-user-id");if($.columns){v=ko(v,$.columns);let p=Do(v,$.columns,!1);if(!p.valid)return{success:!1,message:"Validation failed",errors:p.errors}}if(C)v.createdBy=C;let y=await W.insert(z).values(v).returning();if(A==="userRoles"&&v.roleId&&v.userId)try{let{roles:p,users:F}=o;if(p&&F){if((await W.select().from(p).where($r(p.id,v.roleId)).limit(1))[0]?.name==="godmin")await W.update(F).set({isGod:!0}).where($r(F.id,v.userId))}}catch(p){a.warn("[Entity] Failed to sync is_god flag on userRole create")}{let p=new URL(Q.request.url);a.audit({entityName:$.table_name,entityId:String(y[0]?.id??""),operation:"CREATE",userId:C||void 0,summary:`Created ${$.table_name}`,newValues:y[0],ipAddress:Q.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||Q.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:Q.request.headers.get("user-agent")||"unknown",path:p.pathname,query:p.search})}return{success:!0,data:y[0]}},{body:Nn.Object({},{additionalProperties:!0}),detail:{tags:[M],summary:`Create ${A}`,description:`Create a new ${A} record`}});if(!$.excluded_methods?.includes("PUT"))if($.is_form_data&&w.enabled)I.put("/:id",async(Q)=>{if(!W||!B)return{success:!1,message:"No id column or DB"};let v=Q.params,C=Q.request.headers.get("x-user-id"),{data:y,files:p}=Ji(Q.body,w),F=y,nn=await W.select().from(z).where($r(B,v.id)).limit(1);if($.columns){F=ko(F,$.columns);let dn=Do(F,$.columns,!1);if(!dn.valid)return{success:!1,message:"Validation failed",errors:dn.errors}}let cn=null;if(p.length>0)cn=await Xi(p,w,$.table_name);let hn=await W.update(z).set(F).where($r(B,v.id)).returning();{let dn=new URL(Q.request.url);a.audit({entityName:$.table_name,entityId:v.id,operation:"UPDATE",userId:C||void 0,summary:`Updated ${$.table_name} (${v.id})`,oldValues:nn[0],newValues:hn[0],ipAddress:Q.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||Q.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:Q.request.headers.get("user-agent")||"unknown",path:dn.pathname,query:dn.search})}return{success:!0,data:{record:hn[0],files:cn?.success||[],fileErrors:cn?.failed||[]}}},{type:"formdata",body:Nn.Object({[w.formData.dataField]:Nn.Optional(Nn.Union([Nn.String(),Nn.Any()])),[w.formData.filesField]:Nn.Optional(Nn.Union([Nn.File(),Nn.Array(Nn.File())]))}),detail:{tags:[M],summary:`Update ${A} with files`,description:`Full update of ${A} record with file upload support`}});else I.put("/:id",async(Q)=>{if(!W||!B)return{success:!1,message:"No id column or DB"};let{params:v,body:C}=Q,y=Q.request.headers.get("x-user-id"),p=await W.select().from(z).where($r(B,v.id)).limit(1);if($.columns){C=ko(C,$.columns);let nn=Do(C,$.columns,!1);if(!nn.valid)return{success:!1,message:"Validation failed",errors:nn.errors}}if(C.updatedAt=new Date,y)C.updatedBy=y;let F=await W.update(z).set(C).where($r(B,v.id)).returning();{let nn=new URL(Q.request.url);a.audit({entityName:$.table_name,entityId:v.id,operation:"UPDATE",userId:y||void 0,summary:`Updated ${$.table_name} (${v.id})`,oldValues:p[0],newValues:F[0],ipAddress:Q.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||Q.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:Q.request.headers.get("user-agent")||"unknown",path:nn.pathname,query:nn.search})}return{success:!0,data:F[0]}},{body:Nn.Object({},{additionalProperties:!0}),detail:{tags:[M],summary:`Update ${A}`,description:`Full update of ${A} record`}});if(!$.excluded_methods?.includes("PATCH"))I.patch("/:id",async(Q)=>{if(!W||!B)return{success:!1,message:"No id column or DB"};let{params:v,body:C}=Q,y=Q.request.headers.get("x-user-id"),p=await W.select().from(z).where($r(B,v.id)).limit(1);if($.columns){C=ko(C,$.columns);let nn=Do(C,$.columns,!0);if(!nn.valid)return{success:!1,message:"Validation failed",errors:nn.errors}}if(C.updatedAt=new Date,y)C.updatedBy=y;let F=await W.update(z).set(C).where($r(B,v.id)).returning();{let nn=new URL(Q.request.url);a.audit({entityName:$.table_name,entityId:v.id,operation:"PATCH",userId:y||void 0,summary:`Patched ${$.table_name} (${v.id})`,oldValues:p[0],newValues:F[0],ipAddress:Q.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||Q.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:Q.request.headers.get("user-agent")||"unknown",path:nn.pathname,query:nn.search})}return{success:!0,data:F[0]}},{body:Nn.Object({},{additionalProperties:!0}),detail:{tags:[M],summary:`Patch ${A}`,description:`Partial update of ${A} record`}});if(!$.excluded_methods?.includes("DELETE"))I.delete("/:id",async(Q)=>{if(!W||!B)return{success:!1,message:"No id column or DB"};let v=Q.params,C=Q.request.headers.get("x-user-id"),y=await W.select().from(z).where($r(B,v.id)).limit(1);if(await W.delete(z).where($r(B,v.id)),A==="userRoles"&&y[0])try{let p=y[0],F=o.roles,nn=o.users;if(F&&nn&&p.roleId&&p.userId){if((await W.select().from(F).where($r(F.id,p.roleId)).limit(1))[0]?.name==="godmin")await W.update(nn).set({isGod:!1}).where($r(nn.id,p.userId))}}catch(p){a.warn("[Entity] Failed to sync is_god flag on userRole delete")}{let p=new URL(Q.request.url);a.audit({entityName:$.table_name,entityId:v.id,operation:"DELETE",userId:C||void 0,summary:`Deleted ${$.table_name} (${v.id})`,oldValues:y[0],ipAddress:Q.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||Q.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:Q.request.headers.get("user-agent")||"unknown",path:p.pathname,query:p.search})}return{success:!0,data:null}},{detail:{tags:[M],summary:`Delete ${A}`,description:`Delete a ${A} record`}});if($.bulk_endpoints_enabled){if(!$.excluded_methods?.includes("POST"))I.post("/bulk",async(Q)=>{if(!W)return{success:!1,message:"DB not initialized"};let v=Q.body;if(!Array.isArray(v))return{success:!1,message:"Body must be an array"};let C=Q.request.headers.get("x-user-id");try{let y=[];for(let F of v){let nn=F;if($.columns){nn=ko(nn,$.columns);let cn=Do(nn,$.columns,!1);if(!cn.valid)return{success:!1,message:"Validation failed",errors:cn.errors}}if(C)nn.createdBy=C;y.push(nn)}return{success:!0,data:await W.transaction(async(F)=>{let nn=[];for(let cn of y){let hn=await F.insert(z).values(cn).returning();nn.push(hn[0])}return nn})}}catch(y){return{success:!1,message:y instanceof Error?y.message:"Transaction failed"}}},{body:Nn.Array(Nn.Object({},{additionalProperties:!0})),detail:{tags:[M],summary:`Bulk create ${A}`,description:`Create multiple ${A} records`}});if(!$.excluded_methods?.includes("PUT"))I.put("/bulk",async(Q)=>{if(!W||!B)return{success:!1,message:"No id column or DB"};let v=Q.body;if(!Array.isArray(v))return{success:!1,message:"Body must be an array"};let C=Q.request.headers.get("x-user-id");try{return{success:!0,data:await W.transaction(async(p)=>{let F=[];for(let nn of v){let cn=nn.data;if($.columns){cn=ko(cn,$.columns);let dn=Do(cn,$.columns,!0);if(!dn.valid)return{success:!1,message:"Validation failed",errors:dn.errors}}if(cn.updatedAt=new Date,C)cn.updatedBy=C;let hn=await p.update(z).set(cn).where($r(B,nn.id)).returning();F.push(hn[0])}return F})}}catch(y){return{success:!1,message:y instanceof Error?y.message:"Transaction failed"}}},{body:j,detail:{tags:[M],summary:`Bulk update ${A}`,description:`Update multiple ${A} records`}});if(!$.excluded_methods?.includes("DELETE"))I.delete("/bulk",async(Q)=>{if(!W||!B)return{success:!1,message:"No id column or DB"};let v=Q.body;if(!Array.isArray(v))return{success:!1,message:"Body must be an array of ids"};try{return await W.transaction(async(C)=>{for(let y of v)await C.delete(z).where($r(B,y))}),{success:!0,data:{deleted:v.length}}}catch(C){return{success:!1,message:C instanceof Error?C.message:"Transaction failed"}}},{body:N,detail:{tags:[M],summary:`Bulk delete ${A}`,description:`Delete multiple ${A} records`}})}n.use(I)}return n}import Kh,{t as Li}from"elysia";function vh(n){let r=n.match(/^(\d+)(ms|s|m|h)$/);if(!r||!r[1]||!r[2])return 5000;let t=parseInt(r[1],10);switch(r[2]){case"ms":return t;case"s":return t*1000;case"m":return t*60*1000;case"h":return t*60*60*1000;default:return 5000}}function Hf(n){let{monitoringService:r,logger:t,endpoints:o}=n,c=new Kh({prefix:o.basePath});if(!o.enabled)return c;if(o.stream.enabled)c.get(o.stream.path,async function*({request:i}){t.info("[Monitoring] SSE stream connected");let a=vh(o.stream.interval),e=!0;i.signal.addEventListener("abort",()=>{e=!1,t.info("[Monitoring] SSE stream disconnected")});let s=await r.getLatestSnapshot();if(s)yield{event:"snapshot",data:JSON.stringify(s)};while(e){if(await new Promise((l)=>setTimeout(l,a)),!e)break;let f=await r.getLatestSnapshot();if(f)yield{event:"snapshot",data:JSON.stringify(f)};let d=r.getActiveAlerts();if(d.length>0)yield{event:"alerts",data:JSON.stringify(d)}}},{detail:{tags:["Monitoring"],summary:"Stream real-time monitoring data",description:"Server-Sent Events stream for real-time monitoring metrics"}});if(o.snapshot.enabled)c.get(o.snapshot.path,async()=>{let i=await r.getLatestSnapshot();if(!i)return{isSuccess:!1,message:"No monitoring data available",data:null};return{isSuccess:!0,message:"Current monitoring snapshot",data:i}},{detail:{tags:["Monitoring"],summary:"Get current monitoring snapshot",description:"Returns the latest monitoring metrics snapshot"}});if(o.history.enabled)c.get(o.history.path,async({query:i})=>{let a=Math.min(i.minutes?parseInt(String(i.minutes),10):60,o.history.maxMinutes),e=await r.getHistory(a);return{isSuccess:!0,message:`Monitoring history for last ${a} minutes`,data:{minutes:a,count:e.length,snapshots:e}}},{query:Li.Object({minutes:Li.Optional(Li.Numeric())}),detail:{tags:["Monitoring"],summary:"Get monitoring history",description:"Returns historical monitoring data for the specified time range"}});if(o.alerts.enabled)c.get(o.alerts.path,()=>{let i=r.getActiveAlerts();return{isSuccess:!0,message:"Active alerts",data:{count:i.length,alerts:i}}},{detail:{tags:["Monitoring"],summary:"Get active alerts",description:"Returns all currently active monitoring alerts"}}),c.post(`${o.alerts.path}/:alertId/acknowledge`,({params:i})=>{if(!r.acknowledgeAlert(i.alertId))return{isSuccess:!1,message:"Alert not found",data:null};return{isSuccess:!0,message:"Alert acknowledged",data:{alertId:i.alertId}}},{params:Li.Object({alertId:Li.String()}),detail:{tags:["Monitoring"],summary:"Acknowledge an alert",description:"Mark an alert as acknowledged"}});return t.info(`[Monitoring] Routes enabled at ${o.basePath} (stream: ${o.stream.enabled}, snapshot: ${o.snapshot.enabled}, history: ${o.history.enabled}, alerts: ${o.alerts.enabled})`),c}import Zh,{t as vr}from"elysia";var ph={"Content-Type":"text/event-stream; charset=utf-8","Cache-Control":"no-cache, no-transform",Connection:"keep-alive"},Ih=new TextEncoder,zf=(n,r)=>{let t=typeof r==="string"?r:JSON.stringify(r);return Ih.encode(`event: ${n}
 data: ${t}
-`)};function xb(n){let{getService:r,logger:t,basePath:o,streamInterval:c}=n,i=new Zh({prefix:o}),a=()=>{let e=r();if(!e)throw Error("Live monitoring service not initialized");return e};return i.get("/health",()=>{let e=r();return{status:e?"ok":"initializing",timestamp:Date.now(),monitoring:e?.isEnabled()??!1}},{detail:{tags:["Live Monitoring"],summary:"Health check for live monitoring"}}),i.get("/settings",()=>{return a().getSettings()},{detail:{tags:["Live Monitoring"],summary:"Get live monitoring settings"}}),i.patch("/settings",({body:e})=>{return a().changeSettings(e)},{body:vr.Partial(vr.Object({logMemory:vr.Boolean(),logCpu:vr.Boolean(),logDapr:vr.Boolean(),logWebSocket:vr.Boolean(),memoryLogInterval:vr.Number(),cpuLogInterval:vr.Number(),memoryLogLimit:vr.Number(),cpuLogLimit:vr.Number(),daprLogLimit:vr.Number(),wsLogLimit:vr.Number(),requestLogLimit:vr.Number()})),detail:{tags:["Live Monitoring"],summary:"Change live monitoring settings"}}),i.get("/logs",()=>{return a().getLogs()},{detail:{tags:["Live Monitoring"],summary:"Get all live monitoring logs"}}),i.get("/logs/stream",({request:e})=>{let s=e.signal,f,d=a(),l=d.getSnapshot(),w={memory:l.memory.length?l.memory[l.memory.length-1]?.timestamp??0:0,cpu:l.cpu.length?l.cpu[l.cpu.length-1]?.timestamp??0:0,request:l.requests.length?l.requests[l.requests.length-1]?.timestamp??0:0,dapr:l.dapr.length?l.dapr[l.dapr.length-1]?.timestamp??0:0,ws:l.ws.length?l.ws[l.ws.length-1]?.timestamp??0:0},g=new ReadableStream({start(u){let m=!1;u.enqueue(zf("snapshot",l));let S=setInterval(()=>{if(m)return;let E=d.getUpdatesSince(w);if(!E){u.enqueue(zf("heartbeat",{timestamp:Date.now()}));return}if(E.memory.length)w.memory=E.memory[E.memory.length-1]?.timestamp??w.memory;if(E.cpu.length)w.cpu=E.cpu[E.cpu.length-1]?.timestamp??w.cpu;if(E.requests.length)w.request=E.requests[E.requests.length-1]?.timestamp??w.request;if(E.dapr.length)w.dapr=E.dapr[E.dapr.length-1]?.timestamp??w.dapr;if(E.ws.length)w.ws=E.ws[E.ws.length-1]?.timestamp??w.ws;u.enqueue(zf("update",E))},c),h=()=>{if(m)return;m=!0,clearInterval(S),s?.removeEventListener("abort",h);try{u.close()}catch{}};f=h,s?.addEventListener("abort",h)},cancel(){f?.()}});return new Response(g,{headers:ph})},{detail:{tags:["Live Monitoring"],summary:"Stream real-time live monitoring data via SSE"}}),t.info(`[LiveMonitoring] Routes enabled at ${o} (stream interval: ${c}ms)`),i}import t$ from"elysia";var Qi=new Map;var Pb=null;function yh(){let n=Date.now();for(let[r,t]of Qi)if(n-t>1e4)Qi.delete(r)}var To={totalSent:0,totalAcked:0,totalFailed:0,averageLatencyMs:0};function Cb(){if(Pb)return;Pb=setInterval(yh,30000)}function Bf(){return`msg_${Date.now()}_${Math.random().toString(36).substring(2,11)}`}async function Uf(n,r,t){if(!r.userId)return;let o=`pubsub:pending:user:${r.userId}:${r.messageId}`,c=`pubsub:user:pending-set:${r.userId}`;await n.create(o,r,t);let i=await n.read(c),a=i.success&&i.data?i.data:[];if(!a.includes(r.messageId))a.push(r.messageId),await n.create(c,a,t)}async function qb(n,r,t,o){let c=`${r}:${t}`;if(Qi.has(c))return!1;let i=`pubsub:pending:user:${r}:${t}`,a=`pubsub:user:pending-set:${r}`,e=`pubsub:ack:${r}:${t}`,s=await n.read(i);if(!s.success||!s.data)return Qi.set(c,Date.now()),!1;Qi.set(c,Date.now());let f=s.data,d={messageId:t,clientId:f.clientId,ackedAt:Date.now()};await n.create(e,d,60),await n.remove(i);let l=await n.read(a),g=(l.success&&l.data?l.data:[]).filter((m)=>m!==t);if(g.length>0)await n.create(a,g,o);else await n.remove(a);let u=Date.now()-f.sentAt;return n$(u),!0}async function Fb(n,r){if(!r)return[];let t=`pubsub:user:pending-set:${r}`,o=await n.read(t),c=o.success&&o.data?o.data:[],i=[];for(let a of c){let e=`pubsub:pending:user:${r}:${a}`,s=await n.read(e);if(s.success&&s.data)i.push(s.data)}return i.sort((a,e)=>a.sentAt-e.sentAt),i}async function jb(n,r){if(!r)return 0;let t=`pubsub:user:pending-set:${r}`,o=await n.read(t);return(o.success&&o.data?o.data:[]).length}async function Kb(n,r,t,o,c){let i=`pubsub:pending:user:${r}:${t}`,a=await n.read(i);if(!a.success||!a.data)return!1;let e={...a.data,retryCount:a.data.retryCount+1};if(e.retryCount>=c)return await Th(n,r,t),r$(),!1;return await n.create(i,e,o),!0}async function Th(n,r,t){let o=`pubsub:pending:user:${r}:${t}`,c=`pubsub:user:pending-set:${r}`;await n.remove(o);let i=await n.read(c),e=(i.success&&i.data?i.data:[]).filter((s)=>s!==t);if(e.length>0)await n.create(c,e,300);else await n.remove(c)}function Wf(){To.totalSent++}function n$(n){To.totalAcked++,To.averageLatencyMs=(To.averageLatencyMs*(To.totalAcked-1)+n)/To.totalAcked}function r$(){To.totalFailed++}var ur=new Map,Oi=new Map;function vb(n){let{redis:r,logger:t}=n,o=n.ack.ttlSeconds,c=n.ack.enabled,i=n.ack.maxRetries,a=n.presence.enabled,e=n.presence.debounceMs,s=n.maxClientsPerUser;function f(){return`client_${Date.now()}_${Math.random().toString(36).substring(2,9)}`}function d(D,R,$,A){let M=g($);if(M.length>=s){let z=M[0];if(z)t.info("[PubSub] Max clients reached, closing oldest",{userId:$,oldestClientId:z}),l(z)}ur.set(D,{ws:R,userId:$,subscribedTopics:new Set(A),connectedAt:Date.now(),pendingAcks:new Map}),t.info("[PubSub] Client registered",{clientId:D,userId:$,topics:A,totalClients:ur.size})}function l(D){let R=ur.get(D);if(!R)return;let $=R.userId;if(ur.delete(D),t.info("[PubSub] Client unregistered",{clientId:D,userId:$,totalClients:ur.size}),a&&$){if(g($).length===0)W($,"offline")}}function w(D,R){let $=ur.get(D);if($)$.subscribedTopics=new Set(R)}function g(D){let R=[];for(let[$,A]of ur)if(A.userId===D)R.push($);return R}function u(){let D=new Set;for(let[,R]of ur)if(R.userId)D.add(R.userId);return D}function m(){return ur.size}function _(D,R){let $=ur.get(D);if(!$)return!1;try{return $.ws.send(JSON.stringify(R)),!0}catch{return ur.delete(D),!1}}function S(D,R){let $=Bf(),A=Date.now(),M=JSON.stringify({type:"event",messageId:c?$:void 0,topic:D,data:R,timestamp:A}),z=0;for(let[X,O]of ur)if(O.subscribedTopics.has("*")||O.subscribedTopics.has(D))try{if(O.ws.send(M),z++,c){if(O.pendingAcks.set($,{sentAt:A,retryCount:0}),Wf(),O.userId)Uf(r,{messageId:$,topic:D,clientId:X,userId:O.userId,data:R,sentAt:A,retryCount:0,maxRetries:i},o).catch(()=>{})}}catch{ur.delete(X)}t.info("[PubSub] Broadcasted event",{topic:D,messageId:$,sentCount:z})}function h(D,R,$){let A=Bf(),M=Date.now(),z=JSON.stringify({type:"event",messageId:c?A:void 0,topic:R,data:$,timestamp:M}),X=0,O=!1;for(let[B,L]of ur){if(L.userId!==D)continue;if(!L.subscribedTopics.has("*")&&!L.subscribedTopics.has(R))continue;try{if(L.ws.send(z),X++,O=!0,c)L.pendingAcks.set(A,{sentAt:M,retryCount:0}),Wf()}catch{ur.delete(B)}}if(c)Uf(r,{messageId:A,topic:R,clientId:O?"delivered":"pending",userId:D,data:$,sentAt:M,retryCount:0,maxRetries:i},o).catch(()=>{});t.info("[PubSub] Broadcasted to user",{userId:D,topic:R,messageId:A,sentCount:X,storedForOffline:!O})}function E(D,R,$){let A=Date.now(),M=JSON.stringify({type:"event",topic:R,data:$,timestamp:A});for(let[z,X]of ur){if(X.userId!==D)continue;if(!X.subscribedTopics.has("*")&&!X.subscribedTopics.has(R))continue;try{X.ws.send(M)}catch{ur.delete(z)}}}function W(D,R){let $=`${D}:${R}`,A=Date.now(),M=Oi.get($);if(M&&A-M<e)return;if(Oi.set($,A),Oi.size>1000){let X=A-e*2;for(let[O,B]of Oi)if(B<X)Oi.delete(O)}let z=u();for(let X of z)if(X!==D)E(X,"user-presence",{type:"user-presence",data:{userId:D,status:R}})}async function V(D,R){if(!c)return!0;let $=ur.get(D);if(!$)return!1;if($.pendingAcks.get(R))$.pendingAcks.delete(R);if($.userId)return qb(r,$.userId,R,o);return!0}async function H(D,R){if(!c)return 0;let $=ur.get(R);if(!$||$.userId!==D)return 0;let A=await Fb(r,D);if(A.length===0)return 0;t.info("[PubSub] Delivering pending messages",{userId:D,count:A.length});let M=0;for(let z of A){if(!$.subscribedTopics.has("*")&&!$.subscribedTopics.has(z.topic))continue;let X=JSON.stringify({type:"event",messageId:z.messageId,topic:z.topic,data:z.data,timestamp:z.sentAt,isRedelivery:!0});try{$.ws.send(X),$.pendingAcks.set(z.messageId,{sentAt:Date.now(),retryCount:z.retryCount+1}),await Kb(r,D,z.messageId,o,i),M++}catch{break}}return M}return{generateClientId:f,registerClient:d,unregisterClient:l,updateClientTopics:w,getClientsByUser:g,getConnectedUserIds:u,getClientCount:m,sendToClient:_,broadcastEvent:S,broadcastToUser:h,broadcastToUserNoAck:E,broadcastPresenceToOthers:W,handleClientAck:V,deliverPendingMessages:H,getPendingMessageCount:(D)=>jb(r,D)}}function Vf(n){let{logger:r,getLiveMonitoringService:t}=n,o=vb(n);if(n.ack.enabled)Cb();let c=null,i=new t$;return i.onStart(()=>{if(n.cleanupIntervalMs>0)c=setInterval(()=>{r.info("[PubSub] Periodic cleanup running",{totalClients:o.getClientCount()})},n.cleanupIntervalMs);r.info("[PubSub] Routes initialized",{basePath:n.basePath,wsPath:n.wsPath,ackEnabled:n.ack.enabled,presenceEnabled:n.presence.enabled})}),i.onStop(()=>{if(c)clearInterval(c),c=null}),i.post(`${n.basePath}/:topic`,async({params:a,body:e,request:s,set:f})=>{let d=a.topic,l;try{if(!e){let g=await s.text();l=JSON.parse(g)}else l=e}catch{return f.status=200,{status:"DROP"}}r.info("[PubSub] Dapr event received",{topic:d,eventId:l.id,source:l.source});let w=l.data?.user_id;if(w)o.broadcastToUser(w,d,l);else o.broadcastEvent(d,l);return t?.()?.recordDaprEvent("pubsub_subscribe",{topic:d,success:!0,metadata:{eventId:l.id,source:l.source,userId:w||null}}),f.status=200,{status:"SUCCESS"}}),i.ws(n.wsPath,{idleTimeout:n.wsIdleTimeout,open(a){let e=a.data?.query||{};if(!e.userId){a.send(JSON.stringify({type:"error",error:"userId is required for WebSocket connection",timestamp:Date.now()})),a.close(4001,"userId is required"),t?.()?.recordWsEvent("error",{success:!1,error:"userId is required"});return}let s=o.generateClientId(),f=e.topics?.split(",").map((l)=>l.trim())||["*"];if(a.data.clientId=s,o.registerClient(s,a,e.userId,f),a.send(JSON.stringify({type:"connected",clientId:s,subscribedTopics:f,timestamp:Date.now()})),t?.()?.recordWsEvent("connection",{clientId:s,userId:e.userId,topic:f.join(","),success:!0}),n.presence.enabled)o.broadcastPresenceToOthers(e.userId,"online");let d=e.userId;if(n.ack.enabled&&d)o.getPendingMessageCount(d).then((l)=>{if(l>0)r.info("[PubSub] Delivering pending messages",{userId:d,count:l}),o.deliverPendingMessages(d,s).catch(()=>{})}).catch(()=>{})},message(a,e){let s=a.data.clientId;try{let f=null;if(typeof e==="string")f=JSON.parse(e);else if(e&&typeof e==="object"){if(f="type"in e?e:null,typeof f==="string")f=JSON.parse(f)}if(!f?.type)return;switch(t?.()?.recordWsEvent("message",{clientId:s,messageType:f.type,success:!0,dataSize:typeof e==="string"?e.length:0}),f.type){case"subscribe":if(Array.isArray(f.topics))o.updateClientTopics(s,f.topics),o.sendToClient(s,{type:"subscribed",topics:f.topics,timestamp:Date.now()});break;case"unsubscribe":r.info("[PubSub] Unsubscribe request",{clientId:s,topics:f.topics});break;case"ping":o.sendToClient(s,{type:"pong",timestamp:Date.now()});break;case"ack":if(f.messageId)o.handleClientAck(s,f.messageId).catch(()=>{});break}}catch{r.warn("[PubSub] Failed to parse client message",{clientId:s})}},close(a,e,s){let f=a.data.clientId;if(f)o.unregisterClient(f);t?.()?.recordWsEvent("close",{clientId:f,success:!0,metadata:{code:e,reason:s||""}}),r.info("[PubSub] Client disconnected",{clientId:f,code:e,reason:s})}}),{plugin:i,clientManager:o}}I0();tf();import{Elysia as ge,t as K}from"elysia";function Zb(n){let{db:r,schemaTables:t,config:o,logger:c}=n,i=new rf({db:r,schemaTables:t,config:o,logger:c}),a=new p0({db:r,schemaTables:t,config:n.notificationConfig||{enabled:!1},logger:c,gmailService:n.gmailService});i.setNotificationHandler(async(w)=>{if(!n.notificationConfig?.enabled)return;await a.triggerNotifications({trigger:w.trigger,flow_id:w.flow_id,entity_name:w.entity_name,entity_id:w.entity_id,node_id:w.node_id,verifier_id:w.verifier_id,decision:w.decision})});let e=o.endpoints?.basePath||"/verifications",s=o.flowEndpoints?.basePath||"/verification-flows",f=n.notificationConfig?.endpoints?.basePath||"/notifications",d=new ge,l=new ge({prefix:e});if(l.get("/status/:entity_name/:entity_id",async({params:w})=>{return{success:!0,data:await i.getStatus(w.entity_name,w.entity_id)}},{params:K.Object({entity_name:K.String(),entity_id:K.String()})}),l.post("/:entity_name/:entity_id/decide",async({params:w,body:g,request:u})=>{let m=u.headers.get("x-user-id");if(!m)return{success:!1,message:"User ID required",status:401};return await i.decide({entity_name:w.entity_name,entity_id:w.entity_id,user_id:m,decision:g.decision,reason:g.reason,signature_id:g.signature_id,diff:g.diff})},{params:K.Object({entity_name:K.String(),entity_id:K.String()}),body:K.Object({decision:K.Union([K.Literal("approved"),K.Literal("rejected")]),reason:K.Optional(K.String()),signature_id:K.Optional(K.String()),diff:K.Optional(K.Record(K.String(),K.Unknown()))})}),l.get("/pending",async({request:w})=>{let g=w.headers.get("x-user-id");if(!g)return{success:!1,message:"User ID required",status:401};return{success:!0,data:await i.getPending(g)}}),l.get("/history/:entity_name/:entity_id",async({params:w})=>{let g=await i.getStatus(w.entity_name,w.entity_id);return{success:!0,data:{verifications:g.verifications,current_step:g.current_step,total_steps:g.total_steps,is_completed:g.is_completed,is_rejected:g.is_rejected}}},{params:K.Object({entity_name:K.String(),entity_id:K.String()})}),l.post("/start",async({body:w,request:g})=>{let u=g.headers.get("x-user-id");return await i.startFlow({flow_id:w.flow_id,entity_name:w.entity_name,entity_id:w.entity_id,started_by:u||void 0})},{body:K.Object({flow_id:K.String(),entity_name:K.String(),entity_id:K.String()})}),l.post("/start-for-entity",async({body:w,request:g})=>{let u=g.headers.get("x-user-id");return await i.startFlowForEntity({entity_name:w.entity_name,entity_id:w.entity_id,started_by:u||void 0})},{body:K.Object({entity_name:K.String(),entity_id:K.String()})}),l.get("/statuses/:entity_name",async({params:w,query:g})=>{return{success:!0,data:await i.listEntityStatuses({entity_name:w.entity_name,status:g.status||void 0,page:g.page?Number(g.page):void 0,limit:g.limit?Number(g.limit):void 0})}},{params:K.Object({entity_name:K.String()}),query:K.Object({status:K.Optional(K.String()),page:K.Optional(K.String()),limit:K.Optional(K.String())})}),d.use(l),c.info(`[Verification] Routes registered at ${e}`),o.flowEndpoints?.enabled!==!1){let w=new ge({prefix:s});w.get("/",async({query:g})=>{return{success:!0,data:await i.listFlows(g.entity_name||void 0)}},{query:K.Object({entity_name:K.Optional(K.String())})}),w.get("/:flow_id",async({params:g})=>{let u=await i.getFlow(g.flow_id);if(!u)return{success:!1,message:"Flow not found"};return{success:!0,data:u}},{params:K.Object({flow_id:K.String()})}),w.post("/",async({body:g})=>{return await i.saveFlow(g)},{body:K.Object({flow_id:K.String(),entity_name:K.String(),name:K.String(),description:K.Optional(K.String()),trigger_on:K.Union([K.Literal("create"),K.Literal("update"),K.Literal("delete"),K.Literal("manual")]),trigger_fields:K.Optional(K.Array(K.String())),is_draft:K.Boolean(),viewport:K.Optional(K.Object({x:K.Number(),y:K.Number(),zoom:K.Number()})),graph:K.Object({steps:K.Array(K.Any()),edges:K.Array(K.Any()),verifier_configs:K.Array(K.Any()),notification_rules:K.Array(K.Any()),notification_recipients:K.Array(K.Any()),notification_channels:K.Array(K.Any())})})}),w.post("/:flow_id/publish",async({params:g})=>{return await i.publishFlow(g.flow_id)},{params:K.Object({flow_id:K.String()})}),w.delete("/:flow_id",async({params:g})=>{return await i.deleteFlow(g.flow_id)},{params:K.Object({flow_id:K.String()})}),d.use(w),c.info(`[Verification] Flow routes registered at ${s}`)}if(n.notificationConfig?.enabled&&n.notificationConfig?.endpoints?.enabled!==!1){let w=new ge({prefix:f});w.get("/",async({request:g,query:u})=>{let m=g.headers.get("x-user-id");if(!m)return{success:!1,message:"User ID required"};return{success:!0,data:await a.getNotifications(m,{limit:u.limit?Number(u.limit):void 0,offset:u.offset?Number(u.offset):void 0,type:u.type||void 0})}},{query:K.Object({limit:K.Optional(K.String()),offset:K.Optional(K.String()),type:K.Optional(K.String())})}),w.get("/unseen-count",async({request:g})=>{let u=g.headers.get("x-user-id");if(!u)return{success:!1,message:"User ID required"};return{success:!0,data:{count:await a.getUnseenCount(u)}}}),w.post("/:notification_id/seen",async({params:g,request:u})=>{let m=u.headers.get("x-user-id");if(!m)return{success:!1,message:"User ID required"};let _=await a.markAsSeen(g.notification_id,m);return{success:_,message:_?"Marked as seen":"Failed"}},{params:K.Object({notification_id:K.String()})}),w.post("/seen-all",async({request:g})=>{let u=g.headers.get("x-user-id");if(!u)return{success:!1,message:"User ID required"};return{success:!0,data:{count:await a.markAllAsSeen(u)}}}),d.use(w),c.info(`[Notification] Routes registered at ${f}`)}return{routes:d,verificationService:i,notificationService:a}}import{Elysia as D3}from"elysia";var pb=`/* basic theme */
+`)};function xb(n){let{getService:r,logger:t,basePath:o,streamInterval:c}=n,i=new Zh({prefix:o}),a=()=>{let e=r();if(!e)throw Error("Live monitoring service not initialized");return e};return i.get("/health",()=>{let e=r();return{status:e?"ok":"initializing",timestamp:Date.now(),monitoring:e?.isEnabled()??!1}},{detail:{tags:["Live Monitoring"],summary:"Health check for live monitoring"}}),i.get("/settings",()=>{return a().getSettings()},{detail:{tags:["Live Monitoring"],summary:"Get live monitoring settings"}}),i.patch("/settings",({body:e})=>{return a().changeSettings(e)},{body:vr.Partial(vr.Object({logMemory:vr.Boolean(),logCpu:vr.Boolean(),logDapr:vr.Boolean(),logWebSocket:vr.Boolean(),memoryLogInterval:vr.Number(),cpuLogInterval:vr.Number(),memoryLogLimit:vr.Number(),cpuLogLimit:vr.Number(),daprLogLimit:vr.Number(),wsLogLimit:vr.Number(),requestLogLimit:vr.Number()})),detail:{tags:["Live Monitoring"],summary:"Change live monitoring settings"}}),i.get("/logs",()=>{return a().getLogs()},{detail:{tags:["Live Monitoring"],summary:"Get all live monitoring logs"}}),i.get("/logs/stream",({request:e})=>{let s=e.signal,f,d=a(),l=d.getSnapshot(),w={memory:l.memory.length?l.memory[l.memory.length-1]?.timestamp??0:0,cpu:l.cpu.length?l.cpu[l.cpu.length-1]?.timestamp??0:0,request:l.requests.length?l.requests[l.requests.length-1]?.timestamp??0:0,dapr:l.dapr.length?l.dapr[l.dapr.length-1]?.timestamp??0:0,ws:l.ws.length?l.ws[l.ws.length-1]?.timestamp??0:0},g=new ReadableStream({start(u){let m=!1;u.enqueue(zf("snapshot",l));let S=setInterval(()=>{if(m)return;let E=d.getUpdatesSince(w);if(!E){u.enqueue(zf("heartbeat",{timestamp:Date.now()}));return}if(E.memory.length)w.memory=E.memory[E.memory.length-1]?.timestamp??w.memory;if(E.cpu.length)w.cpu=E.cpu[E.cpu.length-1]?.timestamp??w.cpu;if(E.requests.length)w.request=E.requests[E.requests.length-1]?.timestamp??w.request;if(E.dapr.length)w.dapr=E.dapr[E.dapr.length-1]?.timestamp??w.dapr;if(E.ws.length)w.ws=E.ws[E.ws.length-1]?.timestamp??w.ws;u.enqueue(zf("update",E))},c),h=()=>{if(m)return;m=!0,clearInterval(S),s?.removeEventListener("abort",h);try{u.close()}catch{}};f=h,s?.addEventListener("abort",h)},cancel(){f?.()}});return new Response(g,{headers:ph})},{detail:{tags:["Live Monitoring"],summary:"Stream real-time live monitoring data via SSE"}}),t.info(`[LiveMonitoring] Routes enabled at ${o} (stream interval: ${c}ms)`),i}import t$ from"elysia";var Qi=new Map;var Pb=null;function yh(){let n=Date.now();for(let[r,t]of Qi)if(n-t>1e4)Qi.delete(r)}var To={totalSent:0,totalAcked:0,totalFailed:0,averageLatencyMs:0};function Cb(){if(Pb)return;Pb=setInterval(yh,30000)}function Bf(){return`msg_${Date.now()}_${Math.random().toString(36).substring(2,11)}`}async function Uf(n,r,t){if(!r.userId)return;let o=`pubsub:pending:user:${r.userId}:${r.messageId}`,c=`pubsub:user:pending-set:${r.userId}`;await n.create(o,r,t);let i=await n.read(c),a=i.success&&i.data?i.data:[];if(!a.includes(r.messageId))a.push(r.messageId),await n.create(c,a,t)}async function qb(n,r,t,o){let c=`${r}:${t}`;if(Qi.has(c))return!1;let i=`pubsub:pending:user:${r}:${t}`,a=`pubsub:user:pending-set:${r}`,e=`pubsub:ack:${r}:${t}`,s=await n.read(i);if(!s.success||!s.data)return Qi.set(c,Date.now()),!1;Qi.set(c,Date.now());let f=s.data,d={messageId:t,clientId:f.clientId,ackedAt:Date.now()};await n.create(e,d,60),await n.remove(i);let l=await n.read(a),g=(l.success&&l.data?l.data:[]).filter((m)=>m!==t);if(g.length>0)await n.create(a,g,o);else await n.remove(a);let u=Date.now()-f.sentAt;return n$(u),!0}async function Fb(n,r){if(!r)return[];let t=`pubsub:user:pending-set:${r}`,o=await n.read(t),c=o.success&&o.data?o.data:[],i=[];for(let a of c){let e=`pubsub:pending:user:${r}:${a}`,s=await n.read(e);if(s.success&&s.data)i.push(s.data)}return i.sort((a,e)=>a.sentAt-e.sentAt),i}async function jb(n,r){if(!r)return 0;let t=`pubsub:user:pending-set:${r}`,o=await n.read(t);return(o.success&&o.data?o.data:[]).length}async function Kb(n,r,t,o,c){let i=`pubsub:pending:user:${r}:${t}`,a=await n.read(i);if(!a.success||!a.data)return!1;let e={...a.data,retryCount:a.data.retryCount+1};if(e.retryCount>=c)return await Th(n,r,t),r$(),!1;return await n.create(i,e,o),!0}async function Th(n,r,t){let o=`pubsub:pending:user:${r}:${t}`,c=`pubsub:user:pending-set:${r}`;await n.remove(o);let i=await n.read(c),e=(i.success&&i.data?i.data:[]).filter((s)=>s!==t);if(e.length>0)await n.create(c,e,300);else await n.remove(c)}function Wf(){To.totalSent++}function n$(n){To.totalAcked++,To.averageLatencyMs=(To.averageLatencyMs*(To.totalAcked-1)+n)/To.totalAcked}function r$(){To.totalFailed++}var ur=new Map,Oi=new Map;function vb(n){let{redis:r,logger:t}=n,o=n.ack.ttlSeconds,c=n.ack.enabled,i=n.ack.maxRetries,a=n.presence.enabled,e=n.presence.debounceMs,s=n.maxClientsPerUser;function f(){return`client_${Date.now()}_${Math.random().toString(36).substring(2,9)}`}function d(D,R,$,A){let M=g($);if(M.length>=s){let z=M[0];if(z)t.info("[PubSub] Max clients reached, closing oldest",{userId:$,oldestClientId:z}),l(z)}ur.set(D,{ws:R,userId:$,subscribedTopics:new Set(A),connectedAt:Date.now(),pendingAcks:new Map}),t.info("[PubSub] Client registered",{clientId:D,userId:$,topics:A,totalClients:ur.size})}function l(D){let R=ur.get(D);if(!R)return;let $=R.userId;if(ur.delete(D),t.info("[PubSub] Client unregistered",{clientId:D,userId:$,totalClients:ur.size}),a&&$){if(g($).length===0)V($,"offline")}}function w(D,R){let $=ur.get(D);if($)$.subscribedTopics=new Set(R)}function g(D){let R=[];for(let[$,A]of ur)if(A.userId===D)R.push($);return R}function u(){let D=new Set;for(let[,R]of ur)if(R.userId)D.add(R.userId);return D}function m(){return ur.size}function _(D,R){let $=ur.get(D);if(!$)return!1;try{return $.ws.send(JSON.stringify(R)),!0}catch{return ur.delete(D),!1}}function S(D,R){let $=Bf(),A=Date.now(),M=JSON.stringify({type:"event",messageId:c?$:void 0,topic:D,data:R,timestamp:A}),z=0;for(let[L,O]of ur)if(O.subscribedTopics.has("*")||O.subscribedTopics.has(D))try{if(O.ws.send(M),z++,c){if(O.pendingAcks.set($,{sentAt:A,retryCount:0}),Wf(),O.userId)Uf(r,{messageId:$,topic:D,clientId:L,userId:O.userId,data:R,sentAt:A,retryCount:0,maxRetries:i},o).catch(()=>{})}}catch{ur.delete(L)}t.info("[PubSub] Broadcasted event",{topic:D,messageId:$,sentCount:z})}function h(D,R,$){let A=Bf(),M=Date.now(),z=JSON.stringify({type:"event",messageId:c?A:void 0,topic:R,data:$,timestamp:M}),L=0,O=!1;for(let[B,W]of ur){if(W.userId!==D)continue;if(!W.subscribedTopics.has("*")&&!W.subscribedTopics.has(R))continue;try{if(W.ws.send(z),L++,O=!0,c)W.pendingAcks.set(A,{sentAt:M,retryCount:0}),Wf()}catch{ur.delete(B)}}if(c)Uf(r,{messageId:A,topic:R,clientId:O?"delivered":"pending",userId:D,data:$,sentAt:M,retryCount:0,maxRetries:i},o).catch(()=>{});t.info("[PubSub] Broadcasted to user",{userId:D,topic:R,messageId:A,sentCount:L,storedForOffline:!O})}function E(D,R,$){let A=Date.now(),M=JSON.stringify({type:"event",topic:R,data:$,timestamp:A});for(let[z,L]of ur){if(L.userId!==D)continue;if(!L.subscribedTopics.has("*")&&!L.subscribedTopics.has(R))continue;try{L.ws.send(M)}catch{ur.delete(z)}}}function V(D,R){let $=`${D}:${R}`,A=Date.now(),M=Oi.get($);if(M&&A-M<e)return;if(Oi.set($,A),Oi.size>1000){let L=A-e*2;for(let[O,B]of Oi)if(B<L)Oi.delete(O)}let z=u();for(let L of z)if(L!==D)E(L,"user-presence",{type:"user-presence",data:{userId:D,status:R}})}async function Y(D,R){if(!c)return!0;let $=ur.get(D);if(!$)return!1;if($.pendingAcks.get(R))$.pendingAcks.delete(R);if($.userId)return qb(r,$.userId,R,o);return!0}async function H(D,R){if(!c)return 0;let $=ur.get(R);if(!$||$.userId!==D)return 0;let A=await Fb(r,D);if(A.length===0)return 0;t.info("[PubSub] Delivering pending messages",{userId:D,count:A.length});let M=0;for(let z of A){if(!$.subscribedTopics.has("*")&&!$.subscribedTopics.has(z.topic))continue;let L=JSON.stringify({type:"event",messageId:z.messageId,topic:z.topic,data:z.data,timestamp:z.sentAt,isRedelivery:!0});try{$.ws.send(L),$.pendingAcks.set(z.messageId,{sentAt:Date.now(),retryCount:z.retryCount+1}),await Kb(r,D,z.messageId,o,i),M++}catch{break}}return M}return{generateClientId:f,registerClient:d,unregisterClient:l,updateClientTopics:w,getClientsByUser:g,getConnectedUserIds:u,getClientCount:m,sendToClient:_,broadcastEvent:S,broadcastToUser:h,broadcastToUserNoAck:E,broadcastPresenceToOthers:V,handleClientAck:Y,deliverPendingMessages:H,getPendingMessageCount:(D)=>jb(r,D)}}function Vf(n){let{logger:r,getLiveMonitoringService:t}=n,o=vb(n);if(n.ack.enabled)Cb();let c=null,i=new t$;return i.onStart(()=>{if(n.cleanupIntervalMs>0)c=setInterval(()=>{r.info("[PubSub] Periodic cleanup running",{totalClients:o.getClientCount()})},n.cleanupIntervalMs);r.info("[PubSub] Routes initialized",{basePath:n.basePath,wsPath:n.wsPath,ackEnabled:n.ack.enabled,presenceEnabled:n.presence.enabled})}),i.onStop(()=>{if(c)clearInterval(c),c=null}),i.post(`${n.basePath}/:topic`,async({params:a,body:e,request:s,set:f})=>{let d=a.topic,l;try{if(!e){let g=await s.text();l=JSON.parse(g)}else l=e}catch{return f.status=200,{status:"DROP"}}r.info("[PubSub] Dapr event received",{topic:d,eventId:l.id,source:l.source});let w=l.data?.user_id;if(w)o.broadcastToUser(w,d,l);else o.broadcastEvent(d,l);return t?.()?.recordDaprEvent("pubsub_subscribe",{topic:d,success:!0,metadata:{eventId:l.id,source:l.source,userId:w||null}}),f.status=200,{status:"SUCCESS"}}),i.ws(n.wsPath,{idleTimeout:n.wsIdleTimeout,open(a){let e=a.data?.query||{};if(!e.userId){a.send(JSON.stringify({type:"error",error:"userId is required for WebSocket connection",timestamp:Date.now()})),a.close(4001,"userId is required"),t?.()?.recordWsEvent("error",{success:!1,error:"userId is required"});return}let s=o.generateClientId(),f=e.topics?.split(",").map((l)=>l.trim())||["*"];if(a.data.clientId=s,o.registerClient(s,a,e.userId,f),a.send(JSON.stringify({type:"connected",clientId:s,subscribedTopics:f,timestamp:Date.now()})),t?.()?.recordWsEvent("connection",{clientId:s,userId:e.userId,topic:f.join(","),success:!0}),n.presence.enabled)o.broadcastPresenceToOthers(e.userId,"online");let d=e.userId;if(n.ack.enabled&&d)o.getPendingMessageCount(d).then((l)=>{if(l>0)r.info("[PubSub] Delivering pending messages",{userId:d,count:l}),o.deliverPendingMessages(d,s).catch(()=>{})}).catch(()=>{})},message(a,e){let s=a.data.clientId;try{let f=null;if(typeof e==="string")f=JSON.parse(e);else if(e&&typeof e==="object"){if(f="type"in e?e:null,typeof f==="string")f=JSON.parse(f)}if(!f?.type)return;switch(t?.()?.recordWsEvent("message",{clientId:s,messageType:f.type,success:!0,dataSize:typeof e==="string"?e.length:0}),f.type){case"subscribe":if(Array.isArray(f.topics))o.updateClientTopics(s,f.topics),o.sendToClient(s,{type:"subscribed",topics:f.topics,timestamp:Date.now()});break;case"unsubscribe":r.info("[PubSub] Unsubscribe request",{clientId:s,topics:f.topics});break;case"ping":o.sendToClient(s,{type:"pong",timestamp:Date.now()});break;case"ack":if(f.messageId)o.handleClientAck(s,f.messageId).catch(()=>{});break}}catch{r.warn("[PubSub] Failed to parse client message",{clientId:s})}},close(a,e,s){let f=a.data.clientId;if(f)o.unregisterClient(f);t?.()?.recordWsEvent("close",{clientId:f,success:!0,metadata:{code:e,reason:s||""}}),r.info("[PubSub] Client disconnected",{clientId:f,code:e,reason:s})}}),{plugin:i,clientManager:o}}I0();tf();import{Elysia as ge,t as K}from"elysia";function Zb(n){let{db:r,schemaTables:t,config:o,logger:c}=n,i=new rf({db:r,schemaTables:t,config:o,logger:c}),a=new p0({db:r,schemaTables:t,config:n.notificationConfig||{enabled:!1},logger:c,gmailService:n.gmailService});i.setNotificationHandler(async(w)=>{if(!n.notificationConfig?.enabled)return;await a.triggerNotifications({trigger:w.trigger,flow_id:w.flow_id,entity_name:w.entity_name,entity_id:w.entity_id,node_id:w.node_id,verifier_id:w.verifier_id,decision:w.decision})});let e=o.endpoints?.basePath||"/verifications",s=o.flowEndpoints?.basePath||"/verification-flows",f=n.notificationConfig?.endpoints?.basePath||"/notifications",d=new ge,l=new ge({prefix:e});if(l.get("/status/:entity_name/:entity_id",async({params:w})=>{return{success:!0,data:await i.getStatus(w.entity_name,w.entity_id)}},{params:K.Object({entity_name:K.String(),entity_id:K.String()})}),l.post("/:entity_name/:entity_id/decide",async({params:w,body:g,request:u})=>{let m=u.headers.get("x-user-id");if(!m)return{success:!1,message:"User ID required",status:401};return await i.decide({entity_name:w.entity_name,entity_id:w.entity_id,user_id:m,decision:g.decision,reason:g.reason,signature_id:g.signature_id,diff:g.diff})},{params:K.Object({entity_name:K.String(),entity_id:K.String()}),body:K.Object({decision:K.Union([K.Literal("approved"),K.Literal("rejected")]),reason:K.Optional(K.String()),signature_id:K.Optional(K.String()),diff:K.Optional(K.Record(K.String(),K.Unknown()))})}),l.get("/pending",async({request:w})=>{let g=w.headers.get("x-user-id");if(!g)return{success:!1,message:"User ID required",status:401};return{success:!0,data:await i.getPending(g)}}),l.get("/history/:entity_name/:entity_id",async({params:w})=>{let g=await i.getStatus(w.entity_name,w.entity_id);return{success:!0,data:{verifications:g.verifications,current_step:g.current_step,total_steps:g.total_steps,is_completed:g.is_completed,is_rejected:g.is_rejected}}},{params:K.Object({entity_name:K.String(),entity_id:K.String()})}),l.post("/start",async({body:w,request:g})=>{let u=g.headers.get("x-user-id");return await i.startFlow({flow_id:w.flow_id,entity_name:w.entity_name,entity_id:w.entity_id,started_by:u||void 0})},{body:K.Object({flow_id:K.String(),entity_name:K.String(),entity_id:K.String()})}),l.post("/start-for-entity",async({body:w,request:g})=>{let u=g.headers.get("x-user-id");return await i.startFlowForEntity({entity_name:w.entity_name,entity_id:w.entity_id,started_by:u||void 0})},{body:K.Object({entity_name:K.String(),entity_id:K.String()})}),l.get("/statuses/:entity_name",async({params:w,query:g})=>{return{success:!0,data:await i.listEntityStatuses({entity_name:w.entity_name,status:g.status||void 0,page:g.page?Number(g.page):void 0,limit:g.limit?Number(g.limit):void 0})}},{params:K.Object({entity_name:K.String()}),query:K.Object({status:K.Optional(K.String()),page:K.Optional(K.String()),limit:K.Optional(K.String())})}),d.use(l),c.info(`[Verification] Routes registered at ${e}`),o.flowEndpoints?.enabled!==!1){let w=new ge({prefix:s});w.get("/",async({query:g})=>{return{success:!0,data:await i.listFlows(g.entity_name||void 0)}},{query:K.Object({entity_name:K.Optional(K.String())})}),w.get("/:flow_id",async({params:g})=>{let u=await i.getFlow(g.flow_id);if(!u)return{success:!1,message:"Flow not found"};return{success:!0,data:u}},{params:K.Object({flow_id:K.String()})}),w.post("/",async({body:g})=>{return await i.saveFlow(g)},{body:K.Object({flow_id:K.String(),entity_name:K.String(),name:K.String(),description:K.Optional(K.String()),trigger_on:K.Union([K.Literal("create"),K.Literal("update"),K.Literal("delete"),K.Literal("manual")]),trigger_fields:K.Optional(K.Array(K.String())),is_draft:K.Boolean(),viewport:K.Optional(K.Object({x:K.Number(),y:K.Number(),zoom:K.Number()})),graph:K.Object({steps:K.Array(K.Any()),edges:K.Array(K.Any()),verifier_configs:K.Array(K.Any()),notification_rules:K.Array(K.Any()),notification_recipients:K.Array(K.Any()),notification_channels:K.Array(K.Any())})})}),w.post("/:flow_id/publish",async({params:g})=>{return await i.publishFlow(g.flow_id)},{params:K.Object({flow_id:K.String()})}),w.delete("/:flow_id",async({params:g})=>{return await i.deleteFlow(g.flow_id)},{params:K.Object({flow_id:K.String()})}),d.use(w),c.info(`[Verification] Flow routes registered at ${s}`)}if(n.notificationConfig?.enabled&&n.notificationConfig?.endpoints?.enabled!==!1){let w=new ge({prefix:f});w.get("/",async({request:g,query:u})=>{let m=g.headers.get("x-user-id");if(!m)return{success:!1,message:"User ID required"};return{success:!0,data:await a.getNotifications(m,{limit:u.limit?Number(u.limit):void 0,offset:u.offset?Number(u.offset):void 0,type:u.type||void 0})}},{query:K.Object({limit:K.Optional(K.String()),offset:K.Optional(K.String()),type:K.Optional(K.String())})}),w.get("/unseen-count",async({request:g})=>{let u=g.headers.get("x-user-id");if(!u)return{success:!1,message:"User ID required"};return{success:!0,data:{count:await a.getUnseenCount(u)}}}),w.post("/:notification_id/seen",async({params:g,request:u})=>{let m=u.headers.get("x-user-id");if(!m)return{success:!1,message:"User ID required"};let _=await a.markAsSeen(g.notification_id,m);return{success:_,message:_?"Marked as seen":"Failed"}},{params:K.Object({notification_id:K.String()})}),w.post("/seen-all",async({request:g})=>{let u=g.headers.get("x-user-id");if(!u)return{success:!1,message:"User ID required"};return{success:!0,data:{count:await a.markAllAsSeen(u)}}}),d.use(w),c.info(`[Notification] Routes registered at ${f}`)}return{routes:d,verificationService:i,notificationService:a}}import{Elysia as D3}from"elysia";var pb=`/* basic theme */
 :root {
   --scalar-text-decoration: underline;
   --scalar-text-decoration-hover: underline;
@@ -1616,7 +1616,7 @@ data: ${t}
     </script>
     <script src="${o?o:`https://cdn.jsdelivr.net/npm/@scalar/api-reference@${r}/dist/browser/standalone.min.js`}" crossorigin></script>
   </body>
-</html>`;var Nf=Symbol.for("TypeBox.Kind"),B3=(n)=>n.split("/").map((r)=>{if(r.startsWith(":")){if(r=r.slice(1,r.length),r.endsWith("?"))r=r.slice(0,-1);r=`{${r}}`}return r}).join("/"),Gf=(n,r,t)=>{if(r===void 0)return[];if(typeof r==="string")if(r in t)r=t[r];else throw Error(`Can't find model ${r}`);return Object.entries(r?.properties??[]).map(([o,c])=>{let{type:i=void 0,description:a,examples:e,...s}=c;return{description:a,examples:e,schema:{type:i,...s},in:n,name:o,required:r.required?.includes(o)??!1}})},ji=(n,r)=>{if(typeof r==="object"&&["void","undefined","null"].includes(r.type))return;let t={};for(let o of n)t[o]={schema:typeof r==="string"?{$ref:`#/components/schemas/${r}`}:("$ref"in r)&&(Nf in r)&&r[Nf]==="Ref"?{...r,$ref:`#/components/schemas/${r.$ref}`}:z3({...r},{from:Of.Ref(""),to:({$ref:c,...i})=>{if(!c.startsWith("#/components/schemas/"))return Of.Ref(`#/components/schemas/${c}`,i);return Of.Ref(c,i)}})};return t},Rg=(n)=>n.charAt(0).toUpperCase()+n.slice(1),U3=(n,r)=>{let t=n.toLowerCase();if(r==="/")return t+"Index";for(let o of r.split("/"))if(o.charCodeAt(0)===123)t+="By"+Rg(o.slice(1,-1));else t+=Rg(o);return t},qc=(n)=>{if(!n)return;if(typeof n==="string")return n;if(Array.isArray(n))return[...n];return{...n}},Dg=({schema:n,path:r,method:t,hook:o,models:c})=>{if(o=qc(o),o.parse&&!Array.isArray(o.parse))o.parse=[o.parse];let i=o.parse?.map((g)=>{switch(typeof g){case"string":return g;case"object":if(g&&typeof g?.fn!=="string")return;switch(g?.fn){case"json":case"application/json":return"application/json";case"text":case"text/plain":return"text/plain";case"urlencoded":case"application/x-www-form-urlencoded":return"application/x-www-form-urlencoded";case"arrayBuffer":case"application/octet-stream":return"application/octet-stream";case"formdata":case"multipart/form-data":return"multipart/form-data"}}}).filter((g)=>g!==void 0);if(!i||i.length===0)i=["application/json","multipart/form-data","text/plain"];r=B3(r);let a=typeof i==="string"?[i]:i??["application/json"],e=qc(o?.body),s=qc(o?.params),f=qc(o?.headers),d=qc(o?.query),l=qc(o?.response);if(typeof l==="object")if(Nf in l){let{type:g,properties:u,required:m,additionalProperties:_,patternProperties:S,$ref:h,...E}=l;l={"200":{...E,description:E.description,content:ji(a,g==="object"||g==="array"?{type:g,properties:u,patternProperties:S,items:l.items,required:m}:l)}}}else Object.entries(l).forEach(([g,u])=>{if(typeof u==="string"){if(!c[u])return;let{type:m,properties:_,required:S,additionalProperties:h,patternProperties:E,...W}=c[u];l[g]={...W,description:W.description,content:ji(a,u)}}else{let{type:m,properties:_,required:S,additionalProperties:h,patternProperties:E,...W}=u;l[g]={...W,description:W.description,content:ji(a,m==="object"||m==="array"?{type:m,properties:_,patternProperties:E,items:u.items,required:S}:u)}}});else if(typeof l==="string"){if(!(l in c))return;let{type:g,properties:u,required:m,$ref:_,additionalProperties:S,patternProperties:h,...E}=c[l];l={"200":{...E,content:ji(a,l)}}}let w=[...Gf("header",f,c),...Gf("path",s,c),...Gf("query",d,c)];n[r]={...n[r]?n[r]:{},[t.toLowerCase()]:{...f||s||d||e?{parameters:w}:{},...l?{responses:l}:{},operationId:o?.detail?.operationId??U3(t,r),...o?.detail,...e?{requestBody:{required:!0,content:ji(a,typeof e==="string"?{$ref:`#/components/schemas/${e}`}:e)}}:null}}},W3=(n,{excludeStaticFile:r=!0,exclude:t=[]})=>{let o={};for(let[c,i]of Object.entries(n))if(!t.some((a)=>{if(typeof a==="string")return c===a;return a.test(c)})&&!c.includes("*")&&(r?!c.includes("."):!0))Object.keys(i).forEach((a)=>{let e=i[a];if(c.includes("{")){if(!e.parameters)e.parameters=[];e.parameters=[...c.split("/").filter((s)=>s.startsWith("{")&&!e.parameters.find((f)=>f.in==="path"&&f.name===s.slice(1,s.length-1))).map((s)=>({schema:{type:"string"},in:"path",name:s.slice(1,s.length-1),required:!0})),...e.parameters]}if(!e.responses)e.responses={200:{}}}),o[c]=i;return o},Mg=({provider:n="scalar",scalarVersion:r="latest",scalarCDN:t="",scalarConfig:o={},documentation:c={},version:i="5.9.0",excludeStaticFile:a=!0,path:e="/swagger",specPath:s=`${e}/json`,exclude:f=[],swaggerOptions:d={},theme:l=`https://unpkg.com/swagger-ui-dist@${i}/swagger-ui.css`,autoDarkMode:w=!0,excludeMethods:g=["OPTIONS"],excludeTags:u=[]}={})=>{let m={},_=0;if(!i)i=`https://unpkg.com/swagger-ui-dist@${i}/swagger-ui.css`;let S={title:"Elysia Documentation",description:"Development documentation",version:"0.0.0",...c.info},h=s.startsWith("/")?s.slice(1):s,E=new D3({name:"@elysiajs/swagger"}),W=new Response(n==="swagger-ui"?M3(S,i,l,JSON.stringify({url:h,dom_id:"#swagger-ui",...d},(V,H)=>typeof H==="function"?void 0:H),w):H3(S,r,{spec:{url:h,...o.spec},...o,_integration:"elysiajs"},t),{headers:{"content-type":"text/html; charset=utf8"}});return E.get(e,W,{detail:{hide:!0}}).get(s,function(){let H=E.getGlobalRoutes();if(H.length!==_){let D=["GET","PUT","POST","DELETE","OPTIONS","HEAD","PATCH","TRACE"];_=H.length,H.forEach((R)=>{if(R.hooks?.detail?.hide===!0)return;if(g.includes(R.method))return;if(D.includes(R.method)===!1&&R.method!=="ALL")return;if(R.method==="ALL")D.forEach(($)=>{Dg({schema:m,hook:R.hooks,method:$,path:R.path,models:E.getGlobalDefinitions?.().type,contentType:R.hooks.type})});else Dg({schema:m,hook:R.hooks,method:R.method,path:R.path,models:E.getGlobalDefinitions?.().type,contentType:R.hooks.type})})}return{openapi:"3.0.3",...{...c,tags:c.tags?.filter((D)=>!u?.includes(D?.name)),info:{title:"Elysia Documentation",description:"Development documentation",version:"0.0.0",...c.info}},paths:{...W3(m,{excludeStaticFile:a,exclude:Array.isArray(f)?f:[f]}),...c.paths},components:{...c.components,schemas:{...E.getGlobalDefinitions?.().type,...c.components?.schemas}}}},{detail:{hide:!0}}),E};function xf(n){if(n?.enabled===!1)return null;let r={path:n?.path??"/swagger",provider:n?.provider??"scalar",excludeStaticFile:n?.excludeStaticFile??!0,exclude:n?.exclude??[],documentation:{info:{title:n?.documentation?.info?.title??"Nucleus API",description:n?.documentation?.info?.description??"Auto-generated API documentation",version:n?.documentation?.info?.version??"1.0.0",contact:n?.documentation?.info?.contact,license:n?.documentation?.info?.license},tags:n?.documentation?.tags??[],servers:n?.documentation?.servers},scalarConfig:n?.scalarConfig};return Mg(r)}_e();nd();be();var p8=(n)=>{let r=new Map;for(let t of n){let o=r.get(t.table_name),c=t.columns??o?.columns;r.set(t.table_name,{...o||{},...t,columns:c})}return Array.from(r.values())},I8=(n)=>({table_name:n.table_name,excluded_methods:n.excluded_methods?[...n.excluded_methods]:void 0,columns:n.columns?n.columns.map((r)=>({name:r.name,type:r.type})):void 0}),y8=(n)=>{let r=[];for(let[t,o]of Object.entries(n)){if(!o||typeof o!=="object")continue;let c=o,i=c._;if(i?.name){r.push({table_name:i.name});continue}let a=Object.getOwnPropertySymbols(c);for(let e of a){let s=c[e];if(s&&typeof s==="object"){let f=s;if(f.name&&typeof f.name==="string"){r.push({table_name:f.name});break}}}}return r};async function T8(n){let r=new Z8;if(r.get("/health",()=>({status:"ok",timestamp:Date.now()})),n.staticAssets!==!1){let A=Bn("path"),M=Bn("fs"),z;if(typeof n.staticAssets==="string")z=n.staticAssets;else{let X=A.join(process.cwd(),"public"),O="";for(let B of["nucleus-core-ts","nucleus-core"])try{let L=Bn.resolve(`${B}/package.json`),G=A.join(A.dirname(L),"public");if(M.existsSync(G)){O=G;break}}catch{}if(O)z=O;else if(M.existsSync(X))z=X;else z=X}try{r.use(await Rd({prefix:"/nucleus-core",assets:z}))}catch{}}let t=[],o,c=process.cwd();if(typeof n.options==="string"){let A=Bn("fs"),M=Bn("path"),z=M.isAbsolute(n.options)?n.options:M.resolve(process.cwd(),n.options);c=M.dirname(z);let X=A.readFileSync(z,"utf-8");o=JSON.parse(X)}else o=n.options;if(o.email?.gmail?.json_file_path){let A=Bn("path"),M=o.email.gmail.json_file_path;if(!A.isAbsolute(M))o.email.gmail.json_file_path=A.resolve(c,M)}let{authentication:i,audit:a,entities:e,database:s}=o,f=o.mode==="development",d=new jr({service:o.appId||"nucleus",prettyPrint:f,colorize:f,auditEnabled:a?.enabled??!1}),l=Yb(o);if(!l.valid){for(let A of l.errors)d.error(`[CONFIG] ${A.message}`,{field:A.field,envName:A.envName});throw Error("Nucleus configuration error: Missing required environment variables. Check logs for details.")}let{resolved:w}=l,g={access_token:i?.accessToken?.name||"access_token",refresh_token:i?.refreshToken?.name||"refresh_token",session_token:i?.sessionToken?.name||"session_token"},u=s?.schemas?.[0]||"main",m=v8(u);if(w.databaseUrl)await Jb(w.databaseUrl,d);let _=w.databaseUrl?K8(w.databaseUrl):null,S={},h={};if(n.schema){let M=Bn("path").resolve(process.cwd(),n.schema),z=Bn(M);S=z.createAllTablesForSchema?z.createAllTablesForSchema(m):{}}if(n.relations){let M=Bn("path").resolve(process.cwd(),n.relations);h=Bn(M)}let E=xf(n.swagger);if(E)r.use(E);let W=n.systemTables||[];t=cf(o,W,"",u),d.info(`[AUTH] Built ${t.length} public routes`);let V=null,H=null,D=null,R=null;if(o.email?.gmail?.enabled&&o.email.gmail.json_file_path)d.info("[GmailService] Initializing...",{jsonFilePath:o.email.gmail.json_file_path,fromEmail:o.email.gmail.from_email}),R=new F0({enabled:!0,jsonFilePath:o.email.gmail.json_file_path,fromEmail:o.email.gmail.from_email||"",fromName:o.email.gmail.from_name},d),d.info("[GmailService] isAvailable:",{available:R.isAvailable()});if(o.liveMonitoring?.enabled){let A=o.liveMonitoring.basePath||"/monitoring",M=o.liveMonitoring.streamInterval||150;r.use(xb({getService:()=>D,logger:d,basePath:A,streamInterval:M}))}r.onStart(async()=>{$f(o);let A=le();if(A&&o.rateLimit?.enabled!==!1)V=new T0({redis:A,logger:d,config:o.rateLimit||{}}),d.info(`[RateLimit] Enabled with strategy: ${o.rateLimit?.strategy||"sliding-window"}`);if(A&&o.monitoring?.enabled){if(H=new v0({redis:A,logger:d,gmail:R||void 0,config:o.monitoring,appId:o.appId}),H.start(),d.info("[Monitoring] Service started"),o.monitoring.endpoints?.enabled){let X={enabled:!0,basePath:o.monitoring.endpoints.basePath||"/monitoring",stream:{enabled:o.monitoring.endpoints.stream?.enabled!==!1,path:o.monitoring.endpoints.stream?.path||"/stream",interval:o.monitoring.endpoints.stream?.interval||"5s"},snapshot:{enabled:o.monitoring.endpoints.snapshot?.enabled!==!1,path:o.monitoring.endpoints.snapshot?.path||"/snapshot"},history:{enabled:o.monitoring.endpoints.history?.enabled!==!1,path:o.monitoring.endpoints.history?.path||"/history",maxMinutes:o.monitoring.endpoints.history?.maxMinutes||60},alerts:{enabled:o.monitoring.endpoints.alerts?.enabled!==!1,path:o.monitoring.endpoints.alerts?.path||"/alerts"}};r.use(Hf({monitoringService:H,logger:d,endpoints:X}))}}if(o.liveMonitoring?.enabled)D=new Ta(o.liveMonitoring),D.start(),d.info("[LiveMonitoring] Service started");let M=i?.mode==="consumer",z=M&&e?new Set(e.map((X)=>X.table_name.replace(/_([a-z])/g,(O,B)=>B.toUpperCase()))):null;if(z){let X=o,O=X.verification?.enabled===!0,B=X.notification?.enabled===!0,L=X.audit?.enabled===!0;for(let G of Ui)if(G.feature_set.some((x)=>{if(x==="authentication"||x==="authorization")return!1;if(x==="verification")return O;if(x==="notification")return B;if(x==="audit")return L;return!1})){let x=G.table_name.replace(/_([a-z])/g,(I,Q)=>Q.toUpperCase());z.add(x)}}if(_&&n.schema){let B=await import(Bn("path").resolve(process.cwd(),n.schema)),L=S.auditLogs||B.auditLogs;if(a?.enabled&&L)d.addAuditTransport(new Ma({db:_,table:L,enabled:!0}));try{d.info(`Syncing schema to database (target: ${u})...`);let{sql:j}=await import("drizzle-orm");await _.execute(j.raw(`CREATE SCHEMA IF NOT EXISTS "${u}"`));try{let N=Object.fromEntries(Object.entries(S).filter(([Q,v])=>{if(v===void 0||v===null)return!1;if(z&&!z.has(Q))return!1;if(typeof v==="object"&&v!==null)return Object.getOwnPropertySymbols(v).length>0||v._!==void 0;return!1})),x=Object.keys(N);if(d.info("[Schema] Tables to sync:",{tables:x,count:x.length,mode:M?"consumer":"full"}),!M){let Q=N.users;if(Q){let v=Object.getOwnPropertyNames(Q).filter((C)=>!C.startsWith("_"));d.info("[Schema] Users table columns:",{columns:v})}}await(await j8({schema:m,...N},_,[u])).apply(),d.info("[Schema] pushSchema completed successfully")}catch(N){let x=N instanceof Error?N.message:String(N);d.warn(`[Schema] pushSchema warning: ${x}`)}console.log("Schema sync completed")}catch(j){let N=j instanceof Error?j.message:String(j);console.error("Schema sync failed:",N)}if(console.log("Database connection established"),o.authorization?.enabled&&!M){let j={...Hu,...o.authorization};if(j.autoSeedClaims){let N=y8(S),x=Ui.map((C)=>I8(C)),I=o.entities||[],Q=o.authorization?.externalEntities||[],v=p8([...N,...I,...x,...n.systemTables||[],...Q]);d.info("[Authorization] Seeding claims...",{schemaEntities:N.length,systemEntities:x.length,configEntities:I.length,externalEntities:Q.length,totalEntities:v.length}),await hu(_,S,h,v,j,d)}if(j.godminEmail&&j.godminPassword)d.info("[Authorization] Setting up godmin..."),await Au(_,S,j,d);d.info("[Authorization] Enabled")}let G=S.userSessions;if(!M&&G&&o.authentication?.sessions?.enabled){let{lt:j}=await import("drizzle-orm"),N=await _.update(G).set({isActive:!1,revokedAt:new Date,revokedReason:"expired"}).where(gi(Er(G.isActive,!0),j(G.expiresAt,new Date)));d.info("[AUTH] Expired sessions cleanup completed",{expiredCount:N}),setInterval(async()=>{try{await _.update(G).set({isActive:!1,revokedAt:new Date,revokedReason:"expired"}).where(gi(Er(G.isActive,!0),j(G.expiresAt,new Date)));let x=86400000,I=new Date(Date.now()-x);await _.update(G).set({isActive:!1,revokedAt:new Date,revokedReason:"approval_token_expired",approvalStatus:"rejected",approvalToken:null}).where(gi(Er(G.approvalStatus,"pending"),j(G.approvalRequestedAt,I)))}catch(x){d.warn("[AUTH] Session cleanup failed",{error:x})}},3600000)}}}).onRequest(async({request:A,set:M})=>{let z=Date.now();A.headers.set("x-request-start-time",String(z));let X=new URL(A.url),O=X.pathname,B=A.method,L=X.search,G=A.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||A.headers.get("x-real-ip")?.trim()||"unknown",j=A.headers.get("user-agent")||"unknown",N,x={};if(A.method!=="GET"&&A.method!=="HEAD")try{let C=await A.clone().text();x=C?JSON.parse(C):{}}catch{x={}}let I=a?.enabled?{id:F8(),user_id:"unknown",entity_name:O.split("/").filter(Boolean)[0]||"root",entity_id:null,operation_type:B,summary:"",old_values:{},new_values:x,ip_address:G,user_agent:j,timestamp:new Date().toISOString(),path:O,query:L}:null,Q=af(t,O,B);if(V){let v=Q?"public":"private",C;if(O.includes("/auth/login"))C="login";else if(O.includes("/auth/register"))C="register";else if(O.includes("/auth/password-reset"))C="passwordReset";else if(O.includes("/auth/magic-link"))C="magicLink";else if(O.includes("/sessions/approve")||O.includes("/sessions/reject"))C="login";let y=C?"auth":v,p=await V.check({ip:G,endpoint:O,category:y,authType:C}),F=V.getHeaders(p);for(let[nn,cn]of Object.entries(F))M.headers[nn]=cn;if(!p.allowed){if(M.status=429,p.retryAfter)M.headers["Retry-After"]=String(p.retryAfter);if(d.warn(`[RateLimit] Blocked request from ${G} to ${O}`),H)H.recordRateLimitBlock();return new Response(JSON.stringify({error:"Too Many Requests",retryAfter:p.retryAfter}),{status:429,headers:{"Content-Type":"application/json"}})}}if(O==="/health")return;if(i?.enabled&&!Q){if(!i.accessToken?.secret)return M.status=500,d.traceSync({message:"Authentication secrets not defined",level:"error",context:{path:O,method:B},audit:It(I,"Authentication secrets not defined")}),Error("One or more authentication secrets are not defined");if(i.mode==="consumer"){N=hf(A.headers,g);let C=ho(N.access_token||"",w.accessTokenSecret||"");if(!C.valid)return M.status=401,d.traceSync({message:"Invalid or missing access token",level:"warn",context:{path:O,method:B},audit:It(I,"Invalid or missing access token")}),Error("Unauthenticated");let y=C.payload.sub,p=C.payload.roles,F=C.payload.claims;if(A.headers.set("x-access-token",N.access_token||""),A.headers.set("x-user-id",y||""),p&&p.length>0)A.headers.set("x-user-roles",p.join(","));if(F&&F.length>0)A.headers.set("x-user-claims",F.join(","))}else{if(!i.refreshToken?.secret||!i.sessionToken?.secret)return M.status=500,d.traceSync({message:"Authentication secrets not defined",level:"error",context:{path:O,method:B},audit:It(I,"Authentication secrets not defined")}),Error("One or more authentication secrets are not defined");if(N=hf(A.headers,g),!N.session_token)return M.status=401,d.traceSync({message:"No session token",level:"warn",context:{path:O,method:B},audit:It(I,"No session token")}),Error("Unauthenticated");let C=await Zo({sessionId:N.session_token});if(!C)return M.status=401,d.traceSync({message:"Invalid session",level:"warn",context:{path:O,method:B,sessionId:N.session_token},audit:It(I,"Invalid session")}),Error("Unauthenticated");let y=S.userSessions;if(y&&_){let ln=(await _.select().from(y).where(Er(y.id,N.session_token)).limit(1))[0],gr=ln?.revokedAt!==null&&ln?.revokedAt!==void 0&&!(typeof ln?.revokedAt==="object"&&Object.keys(ln.revokedAt).length===0);if(!ln||ln.isActive===!1||gr)return M.status=401,d.traceSync({message:"Session revoked or inactive",level:"warn",context:{path:O,method:B,sessionId:N.session_token,isActive:ln?.isActive,revokedAt:ln?.revokedAt},audit:It(I,"Session revoked")}),Error("Session has been revoked");if(ln.expiresAt&&new Date(ln.expiresAt)<new Date)return M.status=401,d.traceSync({message:"Session expired",level:"warn",context:{path:O,method:B,sessionId:N.session_token,expiresAt:ln.expiresAt},audit:It(I,"Session expired")}),Error("Session has expired")}if(C.lastActiveAt&&i.sessions?.inactivityTimeout){let vn=new Date(C.lastActiveAt).getTime(),ln=wt(i.sessions.inactivityTimeout)*1000;if(Date.now()-vn>ln)return M.status=401,d.traceSync({message:"Session inactive timeout",level:"warn",context:{path:O,method:B,sessionId:N.session_token,lastActiveAt:C.lastActiveAt},audit:It(I,"Session inactive timeout")}),Error("Session expired due to inactivity")}Y0(N.session_token).catch(()=>{});let p=S.userSessions;if(p&&_)_.update(p).set({lastActivityAt:new Date}).where(Er(p.id,N.session_token)).catch(()=>{});let F=ho(N.access_token||"",w.accessTokenSecret||""),nn=N.access_token?F.valid:!1,cn=N.refresh_token?ho(N.refresh_token,w.refreshTokenSecret||"").valid:!1;if(!nn&&cn&&N.refresh_token&&C.rememberMe===!0){let vn=await Vb(C.userId,C.id,()=>Ub({refreshTokenId:N.refresh_token,options:o,sessionData:C}));if(vn.success&&vn.accessToken){N.access_token=vn.accessToken;let ln=i.cookieDomain,gr=ln?process.env[ln]??ln:void 0,ot=gr?`; Domain=${gr}`:"",Gn=`${g.access_token}=${vn.accessToken}; Path=/; HttpOnly; SameSite=Strict; Secure; Max-Age=${wt(i.accessToken.expiresIn??"15m")}${ot}`;M.headers["Set-Cookie"]=Gn}}let hn=F.valid?F.payload.sub:C.userId,dn=F.valid?F.payload.roles:void 0,On=F.valid?F.payload.claims:void 0;if(A.headers.set("x-access-token",N.access_token||""),A.headers.set("x-refresh-token",N.refresh_token||""),A.headers.set("x-session-id",N.session_token||""),A.headers.set("x-user-id",hn||""),dn&&dn.length>0)A.headers.set("x-user-roles",dn.join(","));if(On&&On.length>0)A.headers.set("x-user-claims",On.join(","))}}}).onAfterHandle(({request:A,set:M})=>{if(H){let z=A.headers.get("x-request-start-time"),X=z?parseInt(z,10):Date.now(),O=Date.now()-X,B=new URL(A.url),L=typeof M.status==="number"?M.status:200;H.recordRequest({endpoint:B.pathname,method:A.method,status:L,responseTimeMs:O,isError:L>=400,errorType:L>=500?"server_error":L>=400?"client_error":void 0})}if(D){let z=new URL(A.url),X={};A.headers.forEach((O,B)=>{X[B]=O}),D.recordRequest({path:z.pathname,method:A.method,timestamp:Date.now(),headers:X})}}).onError((A)=>{let{set:M,code:z,error:X}=A,O=typeof z==="number"?z:500,B=X instanceof Error?X.message:"Internal Server Error";return M.status=O,Response.json({isSuccess:!1,message:B,status:O,errors:[X],data:null})}),d.info("Creating routes for entities"),Mf(r,{db:_,schemaTables:S,schemaRelations:h,entities:e,logger:d,databaseUrl:w.databaseUrl,storage:o.storage,authorization:o.authorization,authMode:i?.mode,idpUrl:i?.idpUrl?process.env[i.idpUrl]||i.idpUrl:void 0,emailServiceAvailable:!!(o.email?.gmail?.enabled&&o.email.gmail.json_file_path)});let $=i?.mode==="consumer";if(i?.enabled&&!$&&_){let A=S.users,M=S.userSessions||S.user_sessions||S.sessions;if(!M&&i.sessions?.enabled)d.warn("[AUTH] sessions is enabled but user_sessions table not found in schema. Disabling sessions.");if(A){$f(o);let{createAuthRoutes:z}=(nd(),Ra(j2)),{signJWT:X,verifyJWT:O}=(Ko(),Ra(Ld)),{generateSession:B,deleteSession:L}=(J0(),Ra(wu));z(r,{authConfig:{db:_,logger:d,usersTable:A,sessionsTable:M,userRolesTable:S.userRoles,rolesTable:S.roles,roleClaimsTable:S.roleClaims,claimsTable:S.claims,authentication:{enabled:i.enabled,cookieDomain:o.authentication?.cookieDomain,accessToken:i.accessToken,refreshToken:i.refreshToken,sessionToken:i.sessionToken}},features:{login:i.login,register:i.register,logout:i.logout,refresh:i.refresh,passwordReset:(()=>{let G=!!(o.email?.gmail?.enabled&&o.email.gmail.json_file_path);if(i.passwordReset?.enabled&&!G)return d.warn("[AUTH] passwordReset is enabled but no email provider is configured. Disabling passwordReset."),{...i.passwordReset,enabled:!1};return i.passwordReset})(),passwordChange:i.passwordChange,passwordSet:i.passwordSet,sessions:i.sessions,magicLink:(()=>{let G=!!(o.email?.gmail?.enabled&&o.email.gmail.json_file_path);if(i.magicLink?.enabled&&!G)return d.warn("[AUTH] magicLink is enabled but no email provider is configured. Disabling magicLink."),{...i.magicLink,enabled:!1};return i.magicLink})(),me:i.me||{enabled:!0,route:"/auth/me"},invite:(()=>{let G=!!(o.email?.gmail?.enabled&&o.email.gmail.json_file_path);if(i.invite?.enabled&&!G)return d.warn("[AUTH] invite is enabled but no email provider is configured. Disabling invite."),{...i.invite,enabled:!1};return i.invite})(),captcha:i.captcha,oauth:i.oauth?.enabled&&w.oauthProviders?{...i.oauth,providers:w.oauthProviders}:void 0},sessionsTable:M,oauthAccountsTable:S.oauthAccounts,schemaTables:S,schemaRelations:h,databaseUrl:w.databaseUrl,admin:{impersonate:{enabled:!0},changeUserId:{enabled:!0}},schemaName:u,emailService:R,appName:o.appId,captchaService:(()=>{let G=le();if(!i.captcha?.enabled||!G)return null;return new C0({redis:{get:async(N)=>{let x=await G.read(N);return x.success?x.data:null},set:async(N,x,I)=>{await G.create(N,x,I?.ex)},del:async(N)=>{await G.remove(N)}},logger:d,config:{enabled:!0,type:i.captcha.type||"math",difficulty:i.captcha.difficulty||"medium",expiresIn:i.captcha.expiresIn||"5m",maxAttempts:i.captcha.maxAttempts||3,caseSensitive:i.captcha.caseSensitive??!1}})})(),tokenResponseConfig:{accessToken:{setHeadersEnabled:i.accessToken?.setHeadersEnabled??!0,returnJson:i.accessToken?.returnJson??!0},refreshToken:{setHeadersEnabled:i.refreshToken?.setHeadersEnabled??!0,returnJson:i.refreshToken?.returnJson??!0},sessionToken:{setHeadersEnabled:i.sessionToken?.setHeadersEnabled??!0,returnJson:i.sessionToken?.returnJson??!0}},helpers:{signAccessToken:(G,j,N)=>X({subject:G,expiresInSeconds:wt(i.accessToken?.expiresIn||"15m"),issuer:i.accessToken?.issuer,audience:i.accessToken?.audience,customClaims:{...j&&j.length>0?{roles:j}:{},...N&&N.length>0?{claims:N}:{}}},w.accessTokenSecret||"",i.accessToken?.algorithm||"HS256"),signRefreshToken:(G)=>X({subject:G,expiresInSeconds:wt(i.refreshToken?.expiresIn||"7d"),issuer:i.refreshToken?.issuer,audience:i.refreshToken?.audience},w.refreshTokenSecret||"",i.refreshToken?.algorithm||"HS256"),verifyRefreshToken:(G)=>O(G,w.refreshTokenSecret||""),createSession:async(G)=>{let j=await B({userId:G.userId,deviceInfo:G.deviceInfo});return j.success?j.session.id:""},destroySession:async(G)=>L({sessionId:G}),saveSessionToDb:async(G,j)=>{if(!M||!_)return;let N=i.sessions,x=j.deviceInfo||{},I=x.deviceHint?`${x.browserName||""}-${x.osName||""}-${x.deviceType||""}-${x.deviceHint}`:`${x.browserName||""}-${x.osName||""}-${x.deviceType||""}`,Q=await _.select().from(M).where(gi(Er(M.userId,j.userId),Er(M.isActive,!0))),v=I&&!I.includes("--unknown")&&!I.includes("Bot/Crawler")&&!I.includes("Headless")&&I!=="--"&&I!=="--unknown",C=await _.select().from(M).where(Er(M.userId,j.userId)),y=v?!Q.some((rn)=>rn.deviceFingerprint===I):!1,p=v?C.some((rn)=>{let Hn=rn;return Hn.deviceFingerprint===I&&Hn.approvalStatus==="approved"}):!1,F=Q.some((rn)=>rn.approvalStatus==="approved"),nn=j.loginMethod==="impersonation"||j.loginMethod==="impersonation_stop",cn=j.loginMethod?.startsWith("oauth:"),hn=!nn&&N?.trustNewDevices===!1&&y&&!p&&v&&F;d.info("[AUTH] Device fingerprint analysis",{userId:j.userId,deviceFingerprint:I,hasValidFingerprint:v,isNewDevice:y,wasPreviouslyApproved:p,loginMethod:j.loginMethod,isImpersonationLogin:nn,isOAuthLogin:cn,existingSessionCount:Q.length,hasAnyApprovedSession:F,requiresApproval:hn});let dn=null,On="approved";if(hn){let rn=C.find((yn)=>{let Kn=yn;return Kn.deviceFingerprint===I&&(Kn.approvalStatus==="pending"||Kn.approval_status==="pending")&&Kn.approvalToken});if(rn){let yn=rn,Kn=yn.approvalRequestedAt||yn.approval_requested_at;if(Kn?Date.now()-new Date(Kn).getTime()<86400000:!0)return d.info("[AUTH] Reusing existing pending session for same device",{userId:j.userId,deviceFingerprint:I,existingSessionId:yn.id}),{requiresApproval:!0,sessionId:yn.id}}let{randomBytes:Hn}=await import("crypto");dn=Hn(32).toString("hex"),On="pending",d.info("[AUTH] New device requires approval",{userId:j.userId,deviceFingerprint:I,ipAddress:x.ipAddress})}let vn=Q.filter((rn)=>{let Hn=rn,yn=(Hn.deviceFingerprint||"").toLowerCase(),Kn=Hn.ipAddress||"",Lr=(Hn.userAgent||"").toLowerCase(),Fr=!yn||yn==="--"||yn==="--unknown"||yn.includes("bot/crawler")||yn.includes("headless")||yn.includes("unknown-unknown"),wr=Lr.includes("nucleusserveraction")||Lr.includes("serveraction")||Lr.includes("node-fetch")||Lr.includes("undici");return Fr&&(Kn==="127.0.0.1"||Kn==="::1"||Kn==="localhost"||!Kn)||wr});if(vn.length>0){for(let rn of vn)await _.update(M).set({isActive:!1,revokedAt:new Date,revokedReason:"bot_session_cleanup"}).where(Er(M.id,rn.id));d.info("[AUTH] Cleaned up stale bot/crawler sessions",{userId:j.userId,cleanedCount:vn.length})}if(!N?.allowMultipleDevices&&Q.length>0){if(Q.filter((Hn)=>Hn.deviceFingerprint===I).length===0&&y)for(let Hn of Q)await _.update(M).set({isActive:!1,revokedAt:new Date,revokedReason:"new_device_login"}).where(Er(M.id,Hn.id))}if(N?.maxActiveSessions){let{count:rn}=await import("drizzle-orm"),yn=(await _.select({count:rn()}).from(M).where(gi(Er(M.userId,j.userId),Er(M.isActive,!0))))[0]?.count||0;if(yn>=N.maxActiveSessions){let{asc:Kn}=await import("drizzle-orm"),Lr=await _.select().from(M).where(gi(Er(M.userId,j.userId),Er(M.isActive,!0))).orderBy(Kn(M.createdAt)).limit(yn-N.maxActiveSessions+1);for(let Fr of Lr)await _.update(M).set({isActive:!1,revokedAt:new Date,revokedReason:"max_sessions_exceeded"}).where(Er(M.id,Fr.id))}}let ln=100;if(x.isHeadless)ln-=50;if(x.isBot)ln-=40;if(x.isSuspicious)d.warn("[AUTH] Suspicious login detected",{userId:j.userId,suspiciousPatterns:x.suspiciousPatterns,userAgent:x.userAgent,ipAddress:x.ipAddress});if(y)ln-=25;if(!x.ipAddress||x.ipAddress==="unknown")ln-=20;if(!x.browserName)ln-=15;if(!x.osName)ln-=15;if(!x.deviceType||x.deviceType==="unknown")ln-=10;if(!x.deviceName||x.deviceName==="Unknown Device")ln-=5;let gr=I&&!I.includes("--unknown")&&I!=="--",ot=x.ipAddress&&x.ipAddress!=="unknown";if(gr){if(Q.filter((Hn)=>Hn.deviceFingerprint===I).length>0)ln+=20}if(ot){if(Q.filter((Hn)=>Hn.ipAddress===x.ipAddress).length>0)ln+=15}ln=Math.max(0,Math.min(100,ln));let Gn=50;if(await _.insert(M).values({id:G,userId:j.userId,tokenHash:G,deviceFingerprint:I,deviceName:x.deviceName,deviceType:x.deviceType,browserName:x.browserName,browserVersion:x.browserVersion,osName:x.osName,osVersion:x.osVersion,ipAddress:x.ipAddress,locationCountry:x.locationCountry,locationCity:x.locationCity,loginMethod:j.loginMethod||"password",rememberMe:j.rememberMe??!1,trustScore:ln,lastActivityAt:new Date,createdAt:new Date,expiresAt:new Date(Date.now()+wt(i.sessionToken?.expiresIn||"30d")*1000),isActive:On==="approved",approvalStatus:On,approvalToken:dn,approvalRequestedAt:hn?new Date:null}),!nn&&R&&(N?.notifyOnNewDevice&&y||ln<Gn||hn)){let rn=S.users;if(rn){let yn=(await _.select().from(rn).where(Er(rn.id,j.userId)).limit(1))[0];if(yn?.email){let Kn=ln<Gn,Lr=i.sessions?.route||"/auth/sessions",Fr=i.sessions?.approvalRedirectUrl||"",dr=!Fr||Fr.endsWith("/devices")?`${j.requestOrigin||"http://localhost:9000"}${Lr}`:Fr,Sa=dn?`${dr}/approve-page?token=${dn}`:"",K2=dn?`${dr}/reject-page?token=${dn}`:"",Ls,Qs,wi=o.appId||"Nucleus",v2=new Date().toLocaleString("en-US",{dateStyle:"medium",timeStyle:"short"}),Z2=`${x.browserName||"Unknown"} ${x.browserVersion||""} on ${x.osName||"Unknown"} ${x.osVersion||""}`,rd=(mi)=>`
+</html>`;var Nf=Symbol.for("TypeBox.Kind"),B3=(n)=>n.split("/").map((r)=>{if(r.startsWith(":")){if(r=r.slice(1,r.length),r.endsWith("?"))r=r.slice(0,-1);r=`{${r}}`}return r}).join("/"),Gf=(n,r,t)=>{if(r===void 0)return[];if(typeof r==="string")if(r in t)r=t[r];else throw Error(`Can't find model ${r}`);return Object.entries(r?.properties??[]).map(([o,c])=>{let{type:i=void 0,description:a,examples:e,...s}=c;return{description:a,examples:e,schema:{type:i,...s},in:n,name:o,required:r.required?.includes(o)??!1}})},ji=(n,r)=>{if(typeof r==="object"&&["void","undefined","null"].includes(r.type))return;let t={};for(let o of n)t[o]={schema:typeof r==="string"?{$ref:`#/components/schemas/${r}`}:("$ref"in r)&&(Nf in r)&&r[Nf]==="Ref"?{...r,$ref:`#/components/schemas/${r.$ref}`}:z3({...r},{from:Of.Ref(""),to:({$ref:c,...i})=>{if(!c.startsWith("#/components/schemas/"))return Of.Ref(`#/components/schemas/${c}`,i);return Of.Ref(c,i)}})};return t},Rg=(n)=>n.charAt(0).toUpperCase()+n.slice(1),U3=(n,r)=>{let t=n.toLowerCase();if(r==="/")return t+"Index";for(let o of r.split("/"))if(o.charCodeAt(0)===123)t+="By"+Rg(o.slice(1,-1));else t+=Rg(o);return t},qc=(n)=>{if(!n)return;if(typeof n==="string")return n;if(Array.isArray(n))return[...n];return{...n}},Dg=({schema:n,path:r,method:t,hook:o,models:c})=>{if(o=qc(o),o.parse&&!Array.isArray(o.parse))o.parse=[o.parse];let i=o.parse?.map((g)=>{switch(typeof g){case"string":return g;case"object":if(g&&typeof g?.fn!=="string")return;switch(g?.fn){case"json":case"application/json":return"application/json";case"text":case"text/plain":return"text/plain";case"urlencoded":case"application/x-www-form-urlencoded":return"application/x-www-form-urlencoded";case"arrayBuffer":case"application/octet-stream":return"application/octet-stream";case"formdata":case"multipart/form-data":return"multipart/form-data"}}}).filter((g)=>g!==void 0);if(!i||i.length===0)i=["application/json","multipart/form-data","text/plain"];r=B3(r);let a=typeof i==="string"?[i]:i??["application/json"],e=qc(o?.body),s=qc(o?.params),f=qc(o?.headers),d=qc(o?.query),l=qc(o?.response);if(typeof l==="object")if(Nf in l){let{type:g,properties:u,required:m,additionalProperties:_,patternProperties:S,$ref:h,...E}=l;l={"200":{...E,description:E.description,content:ji(a,g==="object"||g==="array"?{type:g,properties:u,patternProperties:S,items:l.items,required:m}:l)}}}else Object.entries(l).forEach(([g,u])=>{if(typeof u==="string"){if(!c[u])return;let{type:m,properties:_,required:S,additionalProperties:h,patternProperties:E,...V}=c[u];l[g]={...V,description:V.description,content:ji(a,u)}}else{let{type:m,properties:_,required:S,additionalProperties:h,patternProperties:E,...V}=u;l[g]={...V,description:V.description,content:ji(a,m==="object"||m==="array"?{type:m,properties:_,patternProperties:E,items:u.items,required:S}:u)}}});else if(typeof l==="string"){if(!(l in c))return;let{type:g,properties:u,required:m,$ref:_,additionalProperties:S,patternProperties:h,...E}=c[l];l={"200":{...E,content:ji(a,l)}}}let w=[...Gf("header",f,c),...Gf("path",s,c),...Gf("query",d,c)];n[r]={...n[r]?n[r]:{},[t.toLowerCase()]:{...f||s||d||e?{parameters:w}:{},...l?{responses:l}:{},operationId:o?.detail?.operationId??U3(t,r),...o?.detail,...e?{requestBody:{required:!0,content:ji(a,typeof e==="string"?{$ref:`#/components/schemas/${e}`}:e)}}:null}}},W3=(n,{excludeStaticFile:r=!0,exclude:t=[]})=>{let o={};for(let[c,i]of Object.entries(n))if(!t.some((a)=>{if(typeof a==="string")return c===a;return a.test(c)})&&!c.includes("*")&&(r?!c.includes("."):!0))Object.keys(i).forEach((a)=>{let e=i[a];if(c.includes("{")){if(!e.parameters)e.parameters=[];e.parameters=[...c.split("/").filter((s)=>s.startsWith("{")&&!e.parameters.find((f)=>f.in==="path"&&f.name===s.slice(1,s.length-1))).map((s)=>({schema:{type:"string"},in:"path",name:s.slice(1,s.length-1),required:!0})),...e.parameters]}if(!e.responses)e.responses={200:{}}}),o[c]=i;return o},Mg=({provider:n="scalar",scalarVersion:r="latest",scalarCDN:t="",scalarConfig:o={},documentation:c={},version:i="5.9.0",excludeStaticFile:a=!0,path:e="/swagger",specPath:s=`${e}/json`,exclude:f=[],swaggerOptions:d={},theme:l=`https://unpkg.com/swagger-ui-dist@${i}/swagger-ui.css`,autoDarkMode:w=!0,excludeMethods:g=["OPTIONS"],excludeTags:u=[]}={})=>{let m={},_=0;if(!i)i=`https://unpkg.com/swagger-ui-dist@${i}/swagger-ui.css`;let S={title:"Elysia Documentation",description:"Development documentation",version:"0.0.0",...c.info},h=s.startsWith("/")?s.slice(1):s,E=new D3({name:"@elysiajs/swagger"}),V=new Response(n==="swagger-ui"?M3(S,i,l,JSON.stringify({url:h,dom_id:"#swagger-ui",...d},(Y,H)=>typeof H==="function"?void 0:H),w):H3(S,r,{spec:{url:h,...o.spec},...o,_integration:"elysiajs"},t),{headers:{"content-type":"text/html; charset=utf8"}});return E.get(e,V,{detail:{hide:!0}}).get(s,function(){let H=E.getGlobalRoutes();if(H.length!==_){let D=["GET","PUT","POST","DELETE","OPTIONS","HEAD","PATCH","TRACE"];_=H.length,H.forEach((R)=>{if(R.hooks?.detail?.hide===!0)return;if(g.includes(R.method))return;if(D.includes(R.method)===!1&&R.method!=="ALL")return;if(R.method==="ALL")D.forEach(($)=>{Dg({schema:m,hook:R.hooks,method:$,path:R.path,models:E.getGlobalDefinitions?.().type,contentType:R.hooks.type})});else Dg({schema:m,hook:R.hooks,method:R.method,path:R.path,models:E.getGlobalDefinitions?.().type,contentType:R.hooks.type})})}return{openapi:"3.0.3",...{...c,tags:c.tags?.filter((D)=>!u?.includes(D?.name)),info:{title:"Elysia Documentation",description:"Development documentation",version:"0.0.0",...c.info}},paths:{...W3(m,{excludeStaticFile:a,exclude:Array.isArray(f)?f:[f]}),...c.paths},components:{...c.components,schemas:{...E.getGlobalDefinitions?.().type,...c.components?.schemas}}}},{detail:{hide:!0}}),E};function xf(n){if(n?.enabled===!1)return null;let r={path:n?.path??"/swagger",provider:n?.provider??"scalar",excludeStaticFile:n?.excludeStaticFile??!0,exclude:n?.exclude??[],documentation:{info:{title:n?.documentation?.info?.title??"Nucleus API",description:n?.documentation?.info?.description??"Auto-generated API documentation",version:n?.documentation?.info?.version??"1.0.0",contact:n?.documentation?.info?.contact,license:n?.documentation?.info?.license},tags:n?.documentation?.tags??[],servers:n?.documentation?.servers},scalarConfig:n?.scalarConfig};return Mg(r)}_e();nd();be();var p8=(n)=>{let r=new Map;for(let t of n){let o=r.get(t.table_name),c=t.columns??o?.columns;r.set(t.table_name,{...o||{},...t,columns:c})}return Array.from(r.values())},I8=(n)=>({table_name:n.table_name,excluded_methods:n.excluded_methods?[...n.excluded_methods]:void 0,columns:n.columns?n.columns.map((r)=>({name:r.name,type:r.type})):void 0}),y8=(n)=>{let r=[];for(let[t,o]of Object.entries(n)){if(!o||typeof o!=="object")continue;let c=o,i=c._;if(i?.name){r.push({table_name:i.name});continue}let a=Object.getOwnPropertySymbols(c);for(let e of a){let s=c[e];if(s&&typeof s==="object"){let f=s;if(f.name&&typeof f.name==="string"){r.push({table_name:f.name});break}}}}return r};async function T8(n){let r=new Z8;if(r.get("/health",()=>({status:"ok",timestamp:Date.now()})),n.staticAssets!==!1){let A=Bn("path"),M=Bn("fs"),z;if(typeof n.staticAssets==="string")z=n.staticAssets;else{let L=A.join(process.cwd(),"public"),O="";for(let B of["nucleus-core-ts","nucleus-core"])try{let W=Bn.resolve(`${B}/package.json`),G=A.join(A.dirname(W),"public");if(M.existsSync(G)){O=G;break}}catch{}if(O)z=O;else if(M.existsSync(L))z=L;else z=L}try{r.use(await Rd({prefix:"/nucleus-core",assets:z}))}catch{}}let t=[],o,c=process.cwd();if(typeof n.options==="string"){let A=Bn("fs"),M=Bn("path"),z=M.isAbsolute(n.options)?n.options:M.resolve(process.cwd(),n.options);c=M.dirname(z);let L=A.readFileSync(z,"utf-8");o=JSON.parse(L)}else o=n.options;if(o.email?.gmail?.json_file_path){let A=Bn("path"),M=o.email.gmail.json_file_path;if(!A.isAbsolute(M))o.email.gmail.json_file_path=A.resolve(c,M)}let{authentication:i,audit:a,entities:e,database:s}=o,f=o.mode==="development",d=new jr({service:o.appId||"nucleus",prettyPrint:f,colorize:f,auditEnabled:a?.enabled??!1}),l=Yb(o);if(!l.valid){for(let A of l.errors)d.error(`[CONFIG] ${A.message}`,{field:A.field,envName:A.envName});throw Error("Nucleus configuration error: Missing required environment variables. Check logs for details.")}let{resolved:w}=l,g={access_token:i?.accessToken?.name||"access_token",refresh_token:i?.refreshToken?.name||"refresh_token",session_token:i?.sessionToken?.name||"session_token"},u=s?.schemas?.[0]||"main",m=v8(u);if(w.databaseUrl)await Jb(w.databaseUrl,d);let _=w.databaseUrl?K8(w.databaseUrl):null,S={},h={};if(n.schema){let M=Bn("path").resolve(process.cwd(),n.schema),z=Bn(M);S=z.createAllTablesForSchema?z.createAllTablesForSchema(m):{}}if(n.relations){let M=Bn("path").resolve(process.cwd(),n.relations);h=Bn(M)}let E=xf(n.swagger);if(E)r.use(E);let V=n.systemTables||[];t=cf(o,V,"",u),d.info(`[AUTH] Built ${t.length} public routes`);let Y=null,H=null,D=null,R=null;if(o.email?.gmail?.enabled&&o.email.gmail.json_file_path)d.info("[GmailService] Initializing...",{jsonFilePath:o.email.gmail.json_file_path,fromEmail:o.email.gmail.from_email}),R=new F0({enabled:!0,jsonFilePath:o.email.gmail.json_file_path,fromEmail:o.email.gmail.from_email||"",fromName:o.email.gmail.from_name},d),d.info("[GmailService] isAvailable:",{available:R.isAvailable()});if(o.liveMonitoring?.enabled){let A=o.liveMonitoring.basePath||"/monitoring",M=o.liveMonitoring.streamInterval||150;r.use(xb({getService:()=>D,logger:d,basePath:A,streamInterval:M}))}r.onStart(async()=>{$f(o);let A=le();if(A&&o.rateLimit?.enabled!==!1)Y=new T0({redis:A,logger:d,config:o.rateLimit||{}}),d.info(`[RateLimit] Enabled with strategy: ${o.rateLimit?.strategy||"sliding-window"}`);if(A&&o.monitoring?.enabled){if(H=new v0({redis:A,logger:d,gmail:R||void 0,config:o.monitoring,appId:o.appId}),H.start(),d.info("[Monitoring] Service started"),o.monitoring.endpoints?.enabled){let L={enabled:!0,basePath:o.monitoring.endpoints.basePath||"/monitoring",stream:{enabled:o.monitoring.endpoints.stream?.enabled!==!1,path:o.monitoring.endpoints.stream?.path||"/stream",interval:o.monitoring.endpoints.stream?.interval||"5s"},snapshot:{enabled:o.monitoring.endpoints.snapshot?.enabled!==!1,path:o.monitoring.endpoints.snapshot?.path||"/snapshot"},history:{enabled:o.monitoring.endpoints.history?.enabled!==!1,path:o.monitoring.endpoints.history?.path||"/history",maxMinutes:o.monitoring.endpoints.history?.maxMinutes||60},alerts:{enabled:o.monitoring.endpoints.alerts?.enabled!==!1,path:o.monitoring.endpoints.alerts?.path||"/alerts"}};r.use(Hf({monitoringService:H,logger:d,endpoints:L}))}}if(o.liveMonitoring?.enabled)D=new Ta(o.liveMonitoring),D.start(),d.info("[LiveMonitoring] Service started");let M=i?.mode==="consumer",z=M&&e?new Set(e.map((L)=>L.table_name.replace(/_([a-z])/g,(O,B)=>B.toUpperCase()))):null;if(z){let L=o,O=L.verification?.enabled===!0,B=L.notification?.enabled===!0,W=L.audit?.enabled===!0;for(let G of Ui)if(G.feature_set.some((x)=>{if(x==="authentication"||x==="authorization")return!1;if(x==="verification")return O;if(x==="notification")return B;if(x==="audit")return W;return!1})){let x=G.table_name.replace(/_([a-z])/g,(I,Q)=>Q.toUpperCase());z.add(x)}}if(_&&n.schema){let B=await import(Bn("path").resolve(process.cwd(),n.schema)),W=S.auditLogs||B.auditLogs;if(a?.enabled&&W)d.addAuditTransport(new Ma({db:_,table:W,enabled:!0}));try{d.info(`Syncing schema to database (target: ${u})...`);let{sql:j}=await import("drizzle-orm");await _.execute(j.raw(`CREATE SCHEMA IF NOT EXISTS "${u}"`));try{let N=Object.fromEntries(Object.entries(S).filter(([Q,v])=>{if(v===void 0||v===null)return!1;if(z&&!z.has(Q))return!1;if(typeof v==="object"&&v!==null)return Object.getOwnPropertySymbols(v).length>0||v._!==void 0;return!1})),x=Object.keys(N);if(d.info("[Schema] Tables to sync:",{tables:x,count:x.length,mode:M?"consumer":"full"}),!M){let Q=N.users;if(Q){let v=Object.getOwnPropertyNames(Q).filter((C)=>!C.startsWith("_"));d.info("[Schema] Users table columns:",{columns:v})}}await(await j8({schema:m,...N},_,[u])).apply(),d.info("[Schema] pushSchema completed successfully")}catch(N){let x=N instanceof Error?N.message:String(N);d.warn(`[Schema] pushSchema warning: ${x}`)}console.log("Schema sync completed")}catch(j){let N=j instanceof Error?j.message:String(j);console.error("Schema sync failed:",N)}if(console.log("Database connection established"),o.authorization?.enabled&&!M){let j={...Hu,...o.authorization};if(j.autoSeedClaims){let N=y8(S),x=Ui.map((C)=>I8(C)),I=o.entities||[],Q=o.authorization?.externalEntities||[],v=p8([...N,...I,...x,...n.systemTables||[],...Q]);d.info("[Authorization] Seeding claims...",{schemaEntities:N.length,systemEntities:x.length,configEntities:I.length,externalEntities:Q.length,totalEntities:v.length}),await hu(_,S,h,v,j,d)}if(j.godminEmail&&j.godminPassword)d.info("[Authorization] Setting up godmin..."),await Au(_,S,j,d);d.info("[Authorization] Enabled")}let G=S.userSessions;if(!M&&G&&o.authentication?.sessions?.enabled){let{lt:j}=await import("drizzle-orm"),N=await _.update(G).set({isActive:!1,revokedAt:new Date,revokedReason:"expired"}).where(gi(Er(G.isActive,!0),j(G.expiresAt,new Date)));d.info("[AUTH] Expired sessions cleanup completed",{expiredCount:N}),setInterval(async()=>{try{await _.update(G).set({isActive:!1,revokedAt:new Date,revokedReason:"expired"}).where(gi(Er(G.isActive,!0),j(G.expiresAt,new Date)));let x=86400000,I=new Date(Date.now()-x);await _.update(G).set({isActive:!1,revokedAt:new Date,revokedReason:"approval_token_expired",approvalStatus:"rejected",approvalToken:null}).where(gi(Er(G.approvalStatus,"pending"),j(G.approvalRequestedAt,I)))}catch(x){d.warn("[AUTH] Session cleanup failed",{error:x})}},3600000)}}}).onRequest(async({request:A,set:M})=>{let z=Date.now();A.headers.set("x-request-start-time",String(z));let L=new URL(A.url),O=L.pathname,B=A.method,W=L.search,G=A.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||A.headers.get("x-real-ip")?.trim()||"unknown",j=A.headers.get("user-agent")||"unknown",N,x={};if(A.method!=="GET"&&A.method!=="HEAD")try{let C=await A.clone().text();x=C?JSON.parse(C):{}}catch{x={}}let I=a?.enabled?{id:F8(),user_id:"unknown",entity_name:O.split("/").filter(Boolean)[0]||"root",entity_id:null,operation_type:B,summary:"",old_values:{},new_values:x,ip_address:G,user_agent:j,timestamp:new Date().toISOString(),path:O,query:W}:null,Q=af(t,O,B);if(Y){let v=Q?"public":"private",C;if(O.includes("/auth/login"))C="login";else if(O.includes("/auth/register"))C="register";else if(O.includes("/auth/password-reset"))C="passwordReset";else if(O.includes("/auth/magic-link"))C="magicLink";else if(O.includes("/sessions/approve")||O.includes("/sessions/reject"))C="login";let y=C?"auth":v,p=await Y.check({ip:G,endpoint:O,category:y,authType:C}),F=Y.getHeaders(p);for(let[nn,cn]of Object.entries(F))M.headers[nn]=cn;if(!p.allowed){if(M.status=429,p.retryAfter)M.headers["Retry-After"]=String(p.retryAfter);if(d.warn(`[RateLimit] Blocked request from ${G} to ${O}`),H)H.recordRateLimitBlock();return new Response(JSON.stringify({error:"Too Many Requests",retryAfter:p.retryAfter}),{status:429,headers:{"Content-Type":"application/json"}})}}if(O==="/health")return;if(i?.enabled&&!Q){if(!i.accessToken?.secret)return M.status=500,d.traceSync({message:"Authentication secrets not defined",level:"error",context:{path:O,method:B},audit:It(I,"Authentication secrets not defined")}),Error("One or more authentication secrets are not defined");if(i.mode==="consumer"){N=hf(A.headers,g);let C=ho(N.access_token||"",w.accessTokenSecret||"");if(!C.valid)return M.status=401,d.traceSync({message:"Invalid or missing access token",level:"warn",context:{path:O,method:B},audit:It(I,"Invalid or missing access token")}),Error("Unauthenticated");let y=C.payload.sub,p=C.payload.roles,F=C.payload.claims;if(A.headers.set("x-access-token",N.access_token||""),A.headers.set("x-user-id",y||""),p&&p.length>0)A.headers.set("x-user-roles",p.join(","));if(F&&F.length>0)A.headers.set("x-user-claims",F.join(","))}else{if(!i.refreshToken?.secret||!i.sessionToken?.secret)return M.status=500,d.traceSync({message:"Authentication secrets not defined",level:"error",context:{path:O,method:B},audit:It(I,"Authentication secrets not defined")}),Error("One or more authentication secrets are not defined");if(N=hf(A.headers,g),!N.session_token)return M.status=401,d.traceSync({message:"No session token",level:"warn",context:{path:O,method:B},audit:It(I,"No session token")}),Error("Unauthenticated");let C=await Zo({sessionId:N.session_token});if(!C)return M.status=401,d.traceSync({message:"Invalid session",level:"warn",context:{path:O,method:B,sessionId:N.session_token},audit:It(I,"Invalid session")}),Error("Unauthenticated");let y=S.userSessions;if(y&&_){let ln=(await _.select().from(y).where(Er(y.id,N.session_token)).limit(1))[0],gr=ln?.revokedAt!==null&&ln?.revokedAt!==void 0&&!(typeof ln?.revokedAt==="object"&&Object.keys(ln.revokedAt).length===0);if(!ln||ln.isActive===!1||gr)return M.status=401,d.traceSync({message:"Session revoked or inactive",level:"warn",context:{path:O,method:B,sessionId:N.session_token,isActive:ln?.isActive,revokedAt:ln?.revokedAt},audit:It(I,"Session revoked")}),Error("Session has been revoked");if(ln.expiresAt&&new Date(ln.expiresAt)<new Date)return M.status=401,d.traceSync({message:"Session expired",level:"warn",context:{path:O,method:B,sessionId:N.session_token,expiresAt:ln.expiresAt},audit:It(I,"Session expired")}),Error("Session has expired")}if(C.lastActiveAt&&i.sessions?.inactivityTimeout){let vn=new Date(C.lastActiveAt).getTime(),ln=wt(i.sessions.inactivityTimeout)*1000;if(Date.now()-vn>ln)return M.status=401,d.traceSync({message:"Session inactive timeout",level:"warn",context:{path:O,method:B,sessionId:N.session_token,lastActiveAt:C.lastActiveAt},audit:It(I,"Session inactive timeout")}),Error("Session expired due to inactivity")}Y0(N.session_token).catch(()=>{});let p=S.userSessions;if(p&&_)_.update(p).set({lastActivityAt:new Date}).where(Er(p.id,N.session_token)).catch(()=>{});let F=ho(N.access_token||"",w.accessTokenSecret||""),nn=N.access_token?F.valid:!1,cn=N.refresh_token?ho(N.refresh_token,w.refreshTokenSecret||"").valid:!1;if(!nn&&cn&&N.refresh_token&&C.rememberMe===!0){let vn=await Vb(C.userId,C.id,()=>Ub({refreshTokenId:N.refresh_token,options:o,sessionData:C}));if(vn.success&&vn.accessToken){N.access_token=vn.accessToken;let ln=i.cookieDomain,gr=ln?process.env[ln]??ln:void 0,ot=gr?`; Domain=${gr}`:"",Gn=`${g.access_token}=${vn.accessToken}; Path=/; HttpOnly; SameSite=Strict; Secure; Max-Age=${wt(i.accessToken.expiresIn??"15m")}${ot}`;M.headers["Set-Cookie"]=Gn}}let hn=F.valid?F.payload.sub:C.userId,dn=F.valid?F.payload.roles:void 0,On=F.valid?F.payload.claims:void 0;if(A.headers.set("x-access-token",N.access_token||""),A.headers.set("x-refresh-token",N.refresh_token||""),A.headers.set("x-session-id",N.session_token||""),A.headers.set("x-user-id",hn||""),dn&&dn.length>0)A.headers.set("x-user-roles",dn.join(","));if(On&&On.length>0)A.headers.set("x-user-claims",On.join(","))}}}).onAfterHandle(({request:A,set:M})=>{if(H){let z=A.headers.get("x-request-start-time"),L=z?parseInt(z,10):Date.now(),O=Date.now()-L,B=new URL(A.url),W=typeof M.status==="number"?M.status:200;H.recordRequest({endpoint:B.pathname,method:A.method,status:W,responseTimeMs:O,isError:W>=400,errorType:W>=500?"server_error":W>=400?"client_error":void 0})}if(D){let z=new URL(A.url),L={};A.headers.forEach((O,B)=>{L[B]=O}),D.recordRequest({path:z.pathname,method:A.method,timestamp:Date.now(),headers:L})}}).onError((A)=>{let{set:M,code:z,error:L}=A,O=typeof z==="number"?z:500,B="Internal Server Error";if(L instanceof Error){let W=L.cause,G=W?.code;if(G==="23505")B=`Duplicate value: ${W?.detail||"A record with this value already exists"}`;else if(G==="23503")B=`Invalid reference: ${W?.detail||"Referenced record does not exist"}`;else if(G==="23502")B=`Missing required field: ${W?.column||W?.detail||"A required field is empty"}`;else if(G==="22P02")B=`Invalid input: ${W?.routine==="string_to_uuid"?"Invalid ID format":W?.detail||"Invalid data format"}`;else if(G)B=`Database error (${G}): ${W?.detail||W?.message||L.message}`;else B=L.message}return M.status=O,Response.json({isSuccess:!1,message:B,status:O,errors:[{message:B}],data:null})}),d.info("Creating routes for entities"),Mf(r,{db:_,schemaTables:S,schemaRelations:h,entities:e,logger:d,databaseUrl:w.databaseUrl,storage:o.storage,authorization:o.authorization,authMode:i?.mode,idpUrl:i?.idpUrl?process.env[i.idpUrl]||i.idpUrl:void 0,emailServiceAvailable:!!(o.email?.gmail?.enabled&&o.email.gmail.json_file_path)});let $=i?.mode==="consumer";if(i?.enabled&&!$&&_){let A=S.users,M=S.userSessions||S.user_sessions||S.sessions;if(!M&&i.sessions?.enabled)d.warn("[AUTH] sessions is enabled but user_sessions table not found in schema. Disabling sessions.");if(A){$f(o);let{createAuthRoutes:z}=(nd(),Ra(j2)),{signJWT:L,verifyJWT:O}=(Ko(),Ra(Ld)),{generateSession:B,deleteSession:W}=(J0(),Ra(wu));z(r,{authConfig:{db:_,logger:d,usersTable:A,sessionsTable:M,userRolesTable:S.userRoles,rolesTable:S.roles,roleClaimsTable:S.roleClaims,claimsTable:S.claims,authentication:{enabled:i.enabled,cookieDomain:o.authentication?.cookieDomain,accessToken:i.accessToken,refreshToken:i.refreshToken,sessionToken:i.sessionToken}},features:{login:i.login,register:i.register,logout:i.logout,refresh:i.refresh,passwordReset:(()=>{let G=!!(o.email?.gmail?.enabled&&o.email.gmail.json_file_path);if(i.passwordReset?.enabled&&!G)return d.warn("[AUTH] passwordReset is enabled but no email provider is configured. Disabling passwordReset."),{...i.passwordReset,enabled:!1};return i.passwordReset})(),passwordChange:i.passwordChange,passwordSet:i.passwordSet,sessions:i.sessions,magicLink:(()=>{let G=!!(o.email?.gmail?.enabled&&o.email.gmail.json_file_path);if(i.magicLink?.enabled&&!G)return d.warn("[AUTH] magicLink is enabled but no email provider is configured. Disabling magicLink."),{...i.magicLink,enabled:!1};return i.magicLink})(),me:i.me||{enabled:!0,route:"/auth/me"},invite:(()=>{let G=!!(o.email?.gmail?.enabled&&o.email.gmail.json_file_path);if(i.invite?.enabled&&!G)return d.warn("[AUTH] invite is enabled but no email provider is configured. Disabling invite."),{...i.invite,enabled:!1};return i.invite})(),captcha:i.captcha,oauth:i.oauth?.enabled&&w.oauthProviders?{...i.oauth,providers:w.oauthProviders}:void 0},sessionsTable:M,oauthAccountsTable:S.oauthAccounts,schemaTables:S,schemaRelations:h,databaseUrl:w.databaseUrl,admin:{impersonate:{enabled:!0},changeUserId:{enabled:!0}},schemaName:u,emailService:R,appName:o.appId,captchaService:(()=>{let G=le();if(!i.captcha?.enabled||!G)return null;return new C0({redis:{get:async(N)=>{let x=await G.read(N);return x.success?x.data:null},set:async(N,x,I)=>{await G.create(N,x,I?.ex)},del:async(N)=>{await G.remove(N)}},logger:d,config:{enabled:!0,type:i.captcha.type||"math",difficulty:i.captcha.difficulty||"medium",expiresIn:i.captcha.expiresIn||"5m",maxAttempts:i.captcha.maxAttempts||3,caseSensitive:i.captcha.caseSensitive??!1}})})(),tokenResponseConfig:{accessToken:{setHeadersEnabled:i.accessToken?.setHeadersEnabled??!0,returnJson:i.accessToken?.returnJson??!0},refreshToken:{setHeadersEnabled:i.refreshToken?.setHeadersEnabled??!0,returnJson:i.refreshToken?.returnJson??!0},sessionToken:{setHeadersEnabled:i.sessionToken?.setHeadersEnabled??!0,returnJson:i.sessionToken?.returnJson??!0}},helpers:{signAccessToken:(G,j,N)=>L({subject:G,expiresInSeconds:wt(i.accessToken?.expiresIn||"15m"),issuer:i.accessToken?.issuer,audience:i.accessToken?.audience,customClaims:{...j&&j.length>0?{roles:j}:{},...N&&N.length>0?{claims:N}:{}}},w.accessTokenSecret||"",i.accessToken?.algorithm||"HS256"),signRefreshToken:(G)=>L({subject:G,expiresInSeconds:wt(i.refreshToken?.expiresIn||"7d"),issuer:i.refreshToken?.issuer,audience:i.refreshToken?.audience},w.refreshTokenSecret||"",i.refreshToken?.algorithm||"HS256"),verifyRefreshToken:(G)=>O(G,w.refreshTokenSecret||""),createSession:async(G)=>{let j=await B({userId:G.userId,deviceInfo:G.deviceInfo});return j.success?j.session.id:""},destroySession:async(G)=>W({sessionId:G}),saveSessionToDb:async(G,j)=>{if(!M||!_)return;let N=i.sessions,x=j.deviceInfo||{},I=x.deviceHint?`${x.browserName||""}-${x.osName||""}-${x.deviceType||""}-${x.deviceHint}`:`${x.browserName||""}-${x.osName||""}-${x.deviceType||""}`,Q=await _.select().from(M).where(gi(Er(M.userId,j.userId),Er(M.isActive,!0))),v=I&&!I.includes("--unknown")&&!I.includes("Bot/Crawler")&&!I.includes("Headless")&&I!=="--"&&I!=="--unknown",C=await _.select().from(M).where(Er(M.userId,j.userId)),y=v?!Q.some((rn)=>rn.deviceFingerprint===I):!1,p=v?C.some((rn)=>{let Hn=rn;return Hn.deviceFingerprint===I&&Hn.approvalStatus==="approved"}):!1,F=Q.some((rn)=>rn.approvalStatus==="approved"),nn=j.loginMethod==="impersonation"||j.loginMethod==="impersonation_stop",cn=j.loginMethod?.startsWith("oauth:"),hn=!nn&&N?.trustNewDevices===!1&&y&&!p&&v&&F;d.info("[AUTH] Device fingerprint analysis",{userId:j.userId,deviceFingerprint:I,hasValidFingerprint:v,isNewDevice:y,wasPreviouslyApproved:p,loginMethod:j.loginMethod,isImpersonationLogin:nn,isOAuthLogin:cn,existingSessionCount:Q.length,hasAnyApprovedSession:F,requiresApproval:hn});let dn=null,On="approved";if(hn){let rn=C.find((yn)=>{let Kn=yn;return Kn.deviceFingerprint===I&&(Kn.approvalStatus==="pending"||Kn.approval_status==="pending")&&Kn.approvalToken});if(rn){let yn=rn,Kn=yn.approvalRequestedAt||yn.approval_requested_at;if(Kn?Date.now()-new Date(Kn).getTime()<86400000:!0)return d.info("[AUTH] Reusing existing pending session for same device",{userId:j.userId,deviceFingerprint:I,existingSessionId:yn.id}),{requiresApproval:!0,sessionId:yn.id}}let{randomBytes:Hn}=await import("crypto");dn=Hn(32).toString("hex"),On="pending",d.info("[AUTH] New device requires approval",{userId:j.userId,deviceFingerprint:I,ipAddress:x.ipAddress})}let vn=Q.filter((rn)=>{let Hn=rn,yn=(Hn.deviceFingerprint||"").toLowerCase(),Kn=Hn.ipAddress||"",Lr=(Hn.userAgent||"").toLowerCase(),Fr=!yn||yn==="--"||yn==="--unknown"||yn.includes("bot/crawler")||yn.includes("headless")||yn.includes("unknown-unknown"),wr=Lr.includes("nucleusserveraction")||Lr.includes("serveraction")||Lr.includes("node-fetch")||Lr.includes("undici");return Fr&&(Kn==="127.0.0.1"||Kn==="::1"||Kn==="localhost"||!Kn)||wr});if(vn.length>0){for(let rn of vn)await _.update(M).set({isActive:!1,revokedAt:new Date,revokedReason:"bot_session_cleanup"}).where(Er(M.id,rn.id));d.info("[AUTH] Cleaned up stale bot/crawler sessions",{userId:j.userId,cleanedCount:vn.length})}if(!N?.allowMultipleDevices&&Q.length>0){if(Q.filter((Hn)=>Hn.deviceFingerprint===I).length===0&&y)for(let Hn of Q)await _.update(M).set({isActive:!1,revokedAt:new Date,revokedReason:"new_device_login"}).where(Er(M.id,Hn.id))}if(N?.maxActiveSessions){let{count:rn}=await import("drizzle-orm"),yn=(await _.select({count:rn()}).from(M).where(gi(Er(M.userId,j.userId),Er(M.isActive,!0))))[0]?.count||0;if(yn>=N.maxActiveSessions){let{asc:Kn}=await import("drizzle-orm"),Lr=await _.select().from(M).where(gi(Er(M.userId,j.userId),Er(M.isActive,!0))).orderBy(Kn(M.createdAt)).limit(yn-N.maxActiveSessions+1);for(let Fr of Lr)await _.update(M).set({isActive:!1,revokedAt:new Date,revokedReason:"max_sessions_exceeded"}).where(Er(M.id,Fr.id))}}let ln=100;if(x.isHeadless)ln-=50;if(x.isBot)ln-=40;if(x.isSuspicious)d.warn("[AUTH] Suspicious login detected",{userId:j.userId,suspiciousPatterns:x.suspiciousPatterns,userAgent:x.userAgent,ipAddress:x.ipAddress});if(y)ln-=25;if(!x.ipAddress||x.ipAddress==="unknown")ln-=20;if(!x.browserName)ln-=15;if(!x.osName)ln-=15;if(!x.deviceType||x.deviceType==="unknown")ln-=10;if(!x.deviceName||x.deviceName==="Unknown Device")ln-=5;let gr=I&&!I.includes("--unknown")&&I!=="--",ot=x.ipAddress&&x.ipAddress!=="unknown";if(gr){if(Q.filter((Hn)=>Hn.deviceFingerprint===I).length>0)ln+=20}if(ot){if(Q.filter((Hn)=>Hn.ipAddress===x.ipAddress).length>0)ln+=15}ln=Math.max(0,Math.min(100,ln));let Gn=50;if(await _.insert(M).values({id:G,userId:j.userId,tokenHash:G,deviceFingerprint:I,deviceName:x.deviceName,deviceType:x.deviceType,browserName:x.browserName,browserVersion:x.browserVersion,osName:x.osName,osVersion:x.osVersion,ipAddress:x.ipAddress,locationCountry:x.locationCountry,locationCity:x.locationCity,loginMethod:j.loginMethod||"password",rememberMe:j.rememberMe??!1,trustScore:ln,lastActivityAt:new Date,createdAt:new Date,expiresAt:new Date(Date.now()+wt(i.sessionToken?.expiresIn||"30d")*1000),isActive:On==="approved",approvalStatus:On,approvalToken:dn,approvalRequestedAt:hn?new Date:null}),!nn&&R&&(N?.notifyOnNewDevice&&y||ln<Gn||hn)){let rn=S.users;if(rn){let yn=(await _.select().from(rn).where(Er(rn.id,j.userId)).limit(1))[0];if(yn?.email){let Kn=ln<Gn,Lr=i.sessions?.route||"/auth/sessions",Fr=i.sessions?.approvalRedirectUrl||"",dr=!Fr||Fr.endsWith("/devices")?`${j.requestOrigin||"http://localhost:9000"}${Lr}`:Fr,Sa=dn?`${dr}/approve-page?token=${dn}`:"",K2=dn?`${dr}/reject-page?token=${dn}`:"",Ls,Qs,wi=o.appId||"Nucleus",v2=new Date().toLocaleString("en-US",{dateStyle:"medium",timeStyle:"short"}),Z2=`${x.browserName||"Unknown"} ${x.browserVersion||""} on ${x.osName||"Unknown"} ${x.osVersion||""}`,rd=(mi)=>`
 <!DOCTYPE html>
 <html><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1.0"></head>
 <body style="margin:0;padding:0;background-color:#f4f4f5;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;">
@@ -1658,4 +1658,4 @@ ${mi}
   ${mi}
   ${td}
   <p style="margin:16px 0 0;color:#6b7280;font-size:13px;">If this wasn't you, please secure your account immediately.</p>
-`)}R?.sendEmail({to:yn.email,subject:Ls,html:Qs}).catch((mi)=>{d.warn("[AUTH] Failed to send login notification email",{error:mi,userId:j.userId,trustScore:ln,requiresApproval:hn})})}}}return d.info("[AUTH] Session saved to DB",{sessionId:G,userId:j.userId,isNewDevice:y,requiresApproval:hn,deviceFingerprint:I,ipAddress:x.ipAddress}),{requiresApproval:hn,sessionId:G}},storeResetToken:async(G,j,N)=>{let x=S.passwordResetTokens;if(!x||!_)return;await _.insert(x).values({userId:G,tokenHash:j,expiresAt:N})},getResetToken:async(G)=>{let{eq:j}=Bn("drizzle-orm"),N=S.passwordResetTokens;if(!N||!_)return null;let I=(await _.select().from(N).where(j(N.tokenHash,G)).limit(1))[0];if(!I||I.usedAt)return null;return{userId:I.userId,expiresAt:I.expiresAt}},deleteResetToken:async(G)=>{let{eq:j}=Bn("drizzle-orm"),N=S.passwordResetTokens;if(!N||!_)return;await _.delete(N).where(j(N.tokenHash,G))},revokeSessionInDb:async(G,j)=>{if(!M||!_)return;await _.update(M).set({isActive:!1,revokedAt:new Date,revokedReason:j}).where(Er(M.id,G)),d.info("[AUTH] Session revoked in DB",{sessionId:G,reason:j})},sendResetEmail:async(G,j)=>{if(!R?.isAvailable()){d.warn("[AUTH] Cannot send reset email - gmail service not available");return}let N=`${i.passwordReset?.redirectUrl||"http://localhost:3000/reset-password"}?token=${j}`;await R.sendEmail({to:G,subject:"Password Reset Request",html:`<p>Click the link to reset your password:</p><a href="${N}">${N}</a>`})},storeMagicToken:async(G)=>{let j=S.magicLinkTokens;if(!j||!_)return;await _.insert(j).values({userId:G.userId,email:G.email,tokenHash:G.tokenHash,expiresAt:G.expiresAt})},getMagicToken:async(G)=>{let{eq:j}=Bn("drizzle-orm"),N=S.magicLinkTokens;if(!N||!_)return null;let I=(await _.select().from(N).where(j(N.tokenHash,G)).limit(1))[0];if(!I||I.usedAt)return null;return{userId:I.userId,email:I.email,tokenHash:I.tokenHash,expiresAt:I.expiresAt}},deleteMagicToken:async(G)=>{let{eq:j}=Bn("drizzle-orm"),N=S.magicLinkTokens;if(!N||!_)return;await _.delete(N).where(j(N.tokenHash,G))}}}),d.info("[AUTH] Routes registered")}}if(o.storage?.enabled&&o.storage?.cdn?.enabled){let{createCdnRoutes:A,mergeCdnConfig:M,mergeStorageConfig:z}=(be(),Ra(Ob)),X=M(o.storage.cdn),O=z(o.storage),B=S.files;r.use(A({cdn:X,storagePath:O.basePath,logger:d,getFileRecord:B&&_?async(L)=>{let G=B,j=await _.select().from(G).where(Er(G.id,L)).limit(1);if(j.length===0)return null;let N=j[0];return{id:N.id,name:N.name,path:N.path,mime_type:N.mimeType||N.mime_type}}:void 0})),d.info(`[Storage] CDN routes enabled at ${X.basePath}`)}if(o.verification?.enabled&&_){let{routes:A}=Zb({db:_,schemaTables:S,config:o.verification,notificationConfig:o.notification,logger:d,gmailService:R||void 0});r.use(A)}if(o.pubsub?.enabled){let A=le();if(A){let M=o.pubsub,{plugin:z}=Vf({redis:A,logger:d,basePath:M.basePath||"/subs",wsPath:M.wsPath||"/api/events/subscribe",pubsubName:M.pubsubName||"pubsub-redis",maxClientsPerUser:M.maxClientsPerUser??10,wsIdleTimeout:M.wsIdleTimeout??120,ack:{enabled:M.ack?.enabled??!0,ttlSeconds:M.ack?.ttlSeconds??300,maxRetries:M.ack?.maxRetries??3,retryIntervalMs:M.ack?.retryIntervalMs??5000},presence:{enabled:M.presence?.enabled??!0,debounceMs:M.presence?.debounceMs??5000},cleanupIntervalMs:M.cleanupIntervalMs??60000,getLiveMonitoringService:()=>D});r.use(z),d.info("[PubSub] Enabled",{basePath:M.basePath||"/subs",wsPath:M.wsPath||"/api/events/subscribe"})}else d.warn("[PubSub] pubsub is enabled but Redis is not configured. Disabling PubSub.")}return r.onStart(()=>{let A=Number(process.env.PORT)||3000,M=o.appId||"nucleus",z=o.mode||"production";console.log(""),console.log(`  \x1B[32m\uD83D\uDE80 ${M}\x1B[0m \x1B[90mv${Date.now()}\x1B[0m`),console.log(`  \x1B[36m\u279C\x1B[0m  Local:   \x1B[36mhttp://localhost:${A}\x1B[0m`),console.log(`  \x1B[36m\u279C\x1B[0m  Mode:    \x1B[33m${z}\x1B[0m`),console.log("")}),r}export{ys as usePubSubStore,H5 as usePubSub,g5 as serverFetch,ud as generateVerificationEndpoints,ld as generateSystemTableEndpoints,_d as generateMonitoringEndpoints,sd as generateEndpointsFromConfig,fd as generateAuthEndpoints,s5 as generateAllEndpoints,dd as generateAdminEndpoints,E5 as createServerFactory,o5 as createApiHook,Ai as ServerFetch,T8 as NucleusElysiaPlugin,Gs as AUTH_ENDPOINT_CONFIGS};
+`)}R?.sendEmail({to:yn.email,subject:Ls,html:Qs}).catch((mi)=>{d.warn("[AUTH] Failed to send login notification email",{error:mi,userId:j.userId,trustScore:ln,requiresApproval:hn})})}}}return d.info("[AUTH] Session saved to DB",{sessionId:G,userId:j.userId,isNewDevice:y,requiresApproval:hn,deviceFingerprint:I,ipAddress:x.ipAddress}),{requiresApproval:hn,sessionId:G}},storeResetToken:async(G,j,N)=>{let x=S.passwordResetTokens;if(!x||!_)return;await _.insert(x).values({userId:G,tokenHash:j,expiresAt:N})},getResetToken:async(G)=>{let{eq:j}=Bn("drizzle-orm"),N=S.passwordResetTokens;if(!N||!_)return null;let I=(await _.select().from(N).where(j(N.tokenHash,G)).limit(1))[0];if(!I||I.usedAt)return null;return{userId:I.userId,expiresAt:I.expiresAt}},deleteResetToken:async(G)=>{let{eq:j}=Bn("drizzle-orm"),N=S.passwordResetTokens;if(!N||!_)return;await _.delete(N).where(j(N.tokenHash,G))},revokeSessionInDb:async(G,j)=>{if(!M||!_)return;await _.update(M).set({isActive:!1,revokedAt:new Date,revokedReason:j}).where(Er(M.id,G)),d.info("[AUTH] Session revoked in DB",{sessionId:G,reason:j})},sendResetEmail:async(G,j)=>{if(!R?.isAvailable()){d.warn("[AUTH] Cannot send reset email - gmail service not available");return}let N=`${i.passwordReset?.redirectUrl||"http://localhost:3000/reset-password"}?token=${j}`;await R.sendEmail({to:G,subject:"Password Reset Request",html:`<p>Click the link to reset your password:</p><a href="${N}">${N}</a>`})},storeMagicToken:async(G)=>{let j=S.magicLinkTokens;if(!j||!_)return;await _.insert(j).values({userId:G.userId,email:G.email,tokenHash:G.tokenHash,expiresAt:G.expiresAt})},getMagicToken:async(G)=>{let{eq:j}=Bn("drizzle-orm"),N=S.magicLinkTokens;if(!N||!_)return null;let I=(await _.select().from(N).where(j(N.tokenHash,G)).limit(1))[0];if(!I||I.usedAt)return null;return{userId:I.userId,email:I.email,tokenHash:I.tokenHash,expiresAt:I.expiresAt}},deleteMagicToken:async(G)=>{let{eq:j}=Bn("drizzle-orm"),N=S.magicLinkTokens;if(!N||!_)return;await _.delete(N).where(j(N.tokenHash,G))}}}),d.info("[AUTH] Routes registered")}}if(o.storage?.enabled&&o.storage?.cdn?.enabled){let{createCdnRoutes:A,mergeCdnConfig:M,mergeStorageConfig:z}=(be(),Ra(Ob)),L=M(o.storage.cdn),O=z(o.storage),B=S.files;r.use(A({cdn:L,storagePath:O.basePath,logger:d,getFileRecord:B&&_?async(W)=>{let G=B,j=await _.select().from(G).where(Er(G.id,W)).limit(1);if(j.length===0)return null;let N=j[0];return{id:N.id,name:N.name,path:N.path,mime_type:N.mimeType||N.mime_type}}:void 0})),d.info(`[Storage] CDN routes enabled at ${L.basePath}`)}if(o.verification?.enabled&&_){let{routes:A}=Zb({db:_,schemaTables:S,config:o.verification,notificationConfig:o.notification,logger:d,gmailService:R||void 0});r.use(A)}if(o.pubsub?.enabled){let A=le();if(A){let M=o.pubsub,{plugin:z}=Vf({redis:A,logger:d,basePath:M.basePath||"/subs",wsPath:M.wsPath||"/api/events/subscribe",pubsubName:M.pubsubName||"pubsub-redis",maxClientsPerUser:M.maxClientsPerUser??10,wsIdleTimeout:M.wsIdleTimeout??120,ack:{enabled:M.ack?.enabled??!0,ttlSeconds:M.ack?.ttlSeconds??300,maxRetries:M.ack?.maxRetries??3,retryIntervalMs:M.ack?.retryIntervalMs??5000},presence:{enabled:M.presence?.enabled??!0,debounceMs:M.presence?.debounceMs??5000},cleanupIntervalMs:M.cleanupIntervalMs??60000,getLiveMonitoringService:()=>D});r.use(z),d.info("[PubSub] Enabled",{basePath:M.basePath||"/subs",wsPath:M.wsPath||"/api/events/subscribe"})}else d.warn("[PubSub] pubsub is enabled but Redis is not configured. Disabling PubSub.")}return r.onStart(()=>{let A=Number(process.env.PORT)||3000,M=o.appId||"nucleus",z=o.mode||"production";console.log(""),console.log(`  \x1B[32m\uD83D\uDE80 ${M}\x1B[0m \x1B[90mv${Date.now()}\x1B[0m`),console.log(`  \x1B[36m\u279C\x1B[0m  Local:   \x1B[36mhttp://localhost:${A}\x1B[0m`),console.log(`  \x1B[36m\u279C\x1B[0m  Mode:    \x1B[33m${z}\x1B[0m`),console.log("")}),r}export{ys as usePubSubStore,H5 as usePubSub,g5 as serverFetch,ud as generateVerificationEndpoints,ld as generateSystemTableEndpoints,_d as generateMonitoringEndpoints,sd as generateEndpointsFromConfig,fd as generateAuthEndpoints,s5 as generateAllEndpoints,dd as generateAdminEndpoints,E5 as createServerFactory,o5 as createApiHook,Ai as ServerFetch,T8 as NucleusElysiaPlugin,Gs as AUTH_ENDPOINT_CONFIGS};