nucleus-core-ts 0.9.720 → 0.9.721
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js
CHANGED
|
@@ -14,7 +14,7 @@ See the Apache Version 2.0 License for specific language governing permissions
|
|
|
14
14
|
and limitations under the License.
|
|
15
15
|
***************************************************************************** */var Reflect2;(function(Reflect3){(function(factory){var root=typeof globalThis==="object"?globalThis:typeof global==="object"?global:typeof self==="object"?self:typeof this==="object"?this:sloppyModeThis(),exporter=makeExporter(Reflect3);if(typeof root.Reflect<"u")exporter=makeExporter(root.Reflect,exporter);if(factory(exporter,root),typeof root.Reflect>"u")root.Reflect=Reflect3;function makeExporter(target,previous){return function(key,value){if(Object.defineProperty(target,key,{configurable:!0,writable:!0,value}),previous)previous(key,value)}}function functionThis(){try{return Function("return this;")()}catch(_){}}function indirectEvalThis(){try{return(0,eval)("(function() { return this; })()")}catch(_){}}function sloppyModeThis(){return functionThis()||indirectEvalThis()}})(function(exporter,root){var hasOwn=Object.prototype.hasOwnProperty,supportsSymbol=typeof Symbol==="function",toPrimitiveSymbol=supportsSymbol&&typeof Symbol.toPrimitive<"u"?Symbol.toPrimitive:"@@toPrimitive",iteratorSymbol=supportsSymbol&&typeof Symbol.iterator<"u"?Symbol.iterator:"@@iterator",supportsCreate=typeof Object.create==="function",supportsProto={__proto__:[]}instanceof Array,downLevel=!supportsCreate&&!supportsProto,HashMap={create:supportsCreate?function(){return MakeDictionary(Object.create(null))}:supportsProto?function(){return MakeDictionary({__proto__:null})}:function(){return MakeDictionary({})},has:downLevel?function(map,key){return hasOwn.call(map,key)}:function(map,key){return key in map},get:downLevel?function(map,key){return hasOwn.call(map,key)?map[key]:void 0}:function(map,key){return map[key]}},functionPrototype=Object.getPrototypeOf(Function),_Map=typeof Map==="function"&&typeof Map.prototype.entries==="function"?Map:CreateMapPolyfill(),_Set=typeof Set==="function"&&typeof Set.prototype.entries==="function"?Set:CreateSetPolyfill(),_WeakMap=typeof WeakMap==="function"?WeakMap:CreateWeakMapPolyfill(),registrySymbol=supportsSymbol?Symbol.for("@reflect-metadata:registry"):void 0,metadataRegistry=GetOrCreateMetadataRegistry(),metadataProvider=CreateMetadataProvider(metadataRegistry);function decorate(decorators,target,propertyKey,attributes){if(!IsUndefined(propertyKey)){if(!IsArray(decorators))throw TypeError();if(!IsObject(target))throw TypeError();if(!IsObject(attributes)&&!IsUndefined(attributes)&&!IsNull(attributes))throw TypeError();if(IsNull(attributes))attributes=void 0;return propertyKey=ToPropertyKey(propertyKey),DecorateProperty(decorators,target,propertyKey,attributes)}else{if(!IsArray(decorators))throw TypeError();if(!IsConstructor(target))throw TypeError();return DecorateConstructor(decorators,target)}}exporter("decorate",decorate);function metadata(metadataKey,metadataValue){function decorator(target,propertyKey){if(!IsObject(target))throw TypeError();if(!IsUndefined(propertyKey)&&!IsPropertyKey(propertyKey))throw TypeError();OrdinaryDefineOwnMetadata(metadataKey,metadataValue,target,propertyKey)}return decorator}exporter("metadata",metadata);function defineMetadata(metadataKey,metadataValue,target,propertyKey){if(!IsObject(target))throw TypeError();if(!IsUndefined(propertyKey))propertyKey=ToPropertyKey(propertyKey);return OrdinaryDefineOwnMetadata(metadataKey,metadataValue,target,propertyKey)}exporter("defineMetadata",defineMetadata);function hasMetadata(metadataKey,target,propertyKey){if(!IsObject(target))throw TypeError();if(!IsUndefined(propertyKey))propertyKey=ToPropertyKey(propertyKey);return OrdinaryHasMetadata(metadataKey,target,propertyKey)}exporter("hasMetadata",hasMetadata);function hasOwnMetadata(metadataKey,target,propertyKey){if(!IsObject(target))throw TypeError();if(!IsUndefined(propertyKey))propertyKey=ToPropertyKey(propertyKey);return OrdinaryHasOwnMetadata(metadataKey,target,propertyKey)}exporter("hasOwnMetadata",hasOwnMetadata);function getMetadata(metadataKey,target,propertyKey){if(!IsObject(target))throw TypeError();if(!IsUndefined(propertyKey))propertyKey=ToPropertyKey(propertyKey);return OrdinaryGetMetadata(metadataKey,target,propertyKey)}exporter("getMetadata",getMetadata);function getOwnMetadata(metadataKey,target,propertyKey){if(!IsObject(target))throw TypeError();if(!IsUndefined(propertyKey))propertyKey=ToPropertyKey(propertyKey);return OrdinaryGetOwnMetadata(metadataKey,target,propertyKey)}exporter("getOwnMetadata",getOwnMetadata);function getMetadataKeys(target,propertyKey){if(!IsObject(target))throw TypeError();if(!IsUndefined(propertyKey))propertyKey=ToPropertyKey(propertyKey);return OrdinaryMetadataKeys(target,propertyKey)}exporter("getMetadataKeys",getMetadataKeys);function getOwnMetadataKeys(target,propertyKey){if(!IsObject(target))throw TypeError();if(!IsUndefined(propertyKey))propertyKey=ToPropertyKey(propertyKey);return OrdinaryOwnMetadataKeys(target,propertyKey)}exporter("getOwnMetadataKeys",getOwnMetadataKeys);function deleteMetadata(metadataKey,target,propertyKey){if(!IsObject(target))throw TypeError();if(!IsUndefined(propertyKey))propertyKey=ToPropertyKey(propertyKey);if(!IsObject(target))throw TypeError();if(!IsUndefined(propertyKey))propertyKey=ToPropertyKey(propertyKey);var provider=GetMetadataProvider(target,propertyKey,!1);if(IsUndefined(provider))return!1;return provider.OrdinaryDeleteMetadata(metadataKey,target,propertyKey)}exporter("deleteMetadata",deleteMetadata);function DecorateConstructor(decorators,target){for(var i=decorators.length-1;i>=0;--i){var decorator=decorators[i],decorated=decorator(target);if(!IsUndefined(decorated)&&!IsNull(decorated)){if(!IsConstructor(decorated))throw TypeError();target=decorated}}return target}function DecorateProperty(decorators,target,propertyKey,descriptor){for(var i=decorators.length-1;i>=0;--i){var decorator=decorators[i],decorated=decorator(target,propertyKey,descriptor);if(!IsUndefined(decorated)&&!IsNull(decorated)){if(!IsObject(decorated))throw TypeError();descriptor=decorated}}return descriptor}function OrdinaryHasMetadata(MetadataKey,O,P){var hasOwn2=OrdinaryHasOwnMetadata(MetadataKey,O,P);if(hasOwn2)return!0;var parent=OrdinaryGetPrototypeOf(O);if(!IsNull(parent))return OrdinaryHasMetadata(MetadataKey,parent,P);return!1}function OrdinaryHasOwnMetadata(MetadataKey,O,P){var provider=GetMetadataProvider(O,P,!1);if(IsUndefined(provider))return!1;return ToBoolean(provider.OrdinaryHasOwnMetadata(MetadataKey,O,P))}function OrdinaryGetMetadata(MetadataKey,O,P){var hasOwn2=OrdinaryHasOwnMetadata(MetadataKey,O,P);if(hasOwn2)return OrdinaryGetOwnMetadata(MetadataKey,O,P);var parent=OrdinaryGetPrototypeOf(O);if(!IsNull(parent))return OrdinaryGetMetadata(MetadataKey,parent,P);return}function OrdinaryGetOwnMetadata(MetadataKey,O,P){var provider=GetMetadataProvider(O,P,!1);if(IsUndefined(provider))return;return provider.OrdinaryGetOwnMetadata(MetadataKey,O,P)}function OrdinaryDefineOwnMetadata(MetadataKey,MetadataValue,O,P){var provider=GetMetadataProvider(O,P,!0);provider.OrdinaryDefineOwnMetadata(MetadataKey,MetadataValue,O,P)}function OrdinaryMetadataKeys(O,P){var ownKeys=OrdinaryOwnMetadataKeys(O,P),parent=OrdinaryGetPrototypeOf(O);if(parent===null)return ownKeys;var parentKeys=OrdinaryMetadataKeys(parent,P);if(parentKeys.length<=0)return ownKeys;if(ownKeys.length<=0)return parentKeys;var set=new _Set,keys=[];for(var _i=0,ownKeys_1=ownKeys;_i<ownKeys_1.length;_i++){var key=ownKeys_1[_i],hasKey=set.has(key);if(!hasKey)set.add(key),keys.push(key)}for(var _a=0,parentKeys_1=parentKeys;_a<parentKeys_1.length;_a++){var key=parentKeys_1[_a],hasKey=set.has(key);if(!hasKey)set.add(key),keys.push(key)}return keys}function OrdinaryOwnMetadataKeys(O,P){var provider=GetMetadataProvider(O,P,!1);if(!provider)return[];return provider.OrdinaryOwnMetadataKeys(O,P)}function Type(x){if(x===null)return 1;switch(typeof x){case"undefined":return 0;case"boolean":return 2;case"string":return 3;case"symbol":return 4;case"number":return 5;case"object":return x===null?1:6;default:return 6}}function IsUndefined(x){return x===void 0}function IsNull(x){return x===null}function IsSymbol(x){return typeof x==="symbol"}function IsObject(x){return typeof x==="object"?x!==null:typeof x==="function"}function ToPrimitive(input,PreferredType){switch(Type(input)){case 0:return input;case 1:return input;case 2:return input;case 3:return input;case 4:return input;case 5:return input}var hint=PreferredType===3?"string":PreferredType===5?"number":"default",exoticToPrim=GetMethod(input,toPrimitiveSymbol);if(exoticToPrim!==void 0){var result=exoticToPrim.call(input,hint);if(IsObject(result))throw TypeError();return result}return OrdinaryToPrimitive(input,hint==="default"?"number":hint)}function OrdinaryToPrimitive(O,hint){if(hint==="string"){var toString_1=O.toString;if(IsCallable(toString_1)){var result=toString_1.call(O);if(!IsObject(result))return result}var valueOf=O.valueOf;if(IsCallable(valueOf)){var result=valueOf.call(O);if(!IsObject(result))return result}}else{var valueOf=O.valueOf;if(IsCallable(valueOf)){var result=valueOf.call(O);if(!IsObject(result))return result}var toString_2=O.toString;if(IsCallable(toString_2)){var result=toString_2.call(O);if(!IsObject(result))return result}}throw TypeError()}function ToBoolean(argument){return!!argument}function ToString(argument){return""+argument}function ToPropertyKey(argument){var key=ToPrimitive(argument,3);if(IsSymbol(key))return key;return ToString(key)}function IsArray(argument){return Array.isArray?Array.isArray(argument):argument instanceof Object?argument instanceof Array:Object.prototype.toString.call(argument)==="[object Array]"}function IsCallable(argument){return typeof argument==="function"}function IsConstructor(argument){return typeof argument==="function"}function IsPropertyKey(argument){switch(Type(argument)){case 3:return!0;case 4:return!0;default:return!1}}function SameValueZero(x,y){return x===y||x!==x&&y!==y}function GetMethod(V,P){var func=V[P];if(func===void 0||func===null)return;if(!IsCallable(func))throw TypeError();return func}function GetIterator(obj){var method=GetMethod(obj,iteratorSymbol);if(!IsCallable(method))throw TypeError();var iterator=method.call(obj);if(!IsObject(iterator))throw TypeError();return iterator}function IteratorValue(iterResult){return iterResult.value}function IteratorStep(iterator){var result=iterator.next();return result.done?!1:result}function IteratorClose(iterator){var f=iterator.return;if(f)f.call(iterator)}function OrdinaryGetPrototypeOf(O){var proto=Object.getPrototypeOf(O);if(typeof O!=="function"||O===functionPrototype)return proto;if(proto!==functionPrototype)return proto;var prototype=O.prototype,prototypeProto=prototype&&Object.getPrototypeOf(prototype);if(prototypeProto==null||prototypeProto===Object.prototype)return proto;var constructor=prototypeProto.constructor;if(typeof constructor!=="function")return proto;if(constructor===O)return proto;return constructor}function CreateMetadataRegistry(){var fallback;if(!IsUndefined(registrySymbol)&&typeof root.Reflect<"u"&&!(registrySymbol in root.Reflect)&&typeof root.Reflect.defineMetadata==="function")fallback=CreateFallbackProvider(root.Reflect);var first,second,rest,targetProviderMap=new _WeakMap,registry={registerProvider,getProvider,setProvider};return registry;function registerProvider(provider){if(!Object.isExtensible(registry))throw Error("Cannot add provider to a frozen registry.");switch(!0){case fallback===provider:break;case IsUndefined(first):first=provider;break;case first===provider:break;case IsUndefined(second):second=provider;break;case second===provider:break;default:if(rest===void 0)rest=new _Set;rest.add(provider);break}}function getProviderNoCache(O,P){if(!IsUndefined(first)){if(first.isProviderFor(O,P))return first;if(!IsUndefined(second)){if(second.isProviderFor(O,P))return first;if(!IsUndefined(rest)){var iterator=GetIterator(rest);while(!0){var next=IteratorStep(iterator);if(!next)return;var provider=IteratorValue(next);if(provider.isProviderFor(O,P))return IteratorClose(iterator),provider}}}}if(!IsUndefined(fallback)&&fallback.isProviderFor(O,P))return fallback;return}function getProvider(O,P){var providerMap=targetProviderMap.get(O),provider;if(!IsUndefined(providerMap))provider=providerMap.get(P);if(!IsUndefined(provider))return provider;if(provider=getProviderNoCache(O,P),!IsUndefined(provider)){if(IsUndefined(providerMap))providerMap=new _Map,targetProviderMap.set(O,providerMap);providerMap.set(P,provider)}return provider}function hasProvider(provider){if(IsUndefined(provider))throw TypeError();return first===provider||second===provider||!IsUndefined(rest)&&rest.has(provider)}function setProvider(O,P,provider){if(!hasProvider(provider))throw Error("Metadata provider not registered.");var existingProvider=getProvider(O,P);if(existingProvider!==provider){if(!IsUndefined(existingProvider))return!1;var providerMap=targetProviderMap.get(O);if(IsUndefined(providerMap))providerMap=new _Map,targetProviderMap.set(O,providerMap);providerMap.set(P,provider)}return!0}}function GetOrCreateMetadataRegistry(){var metadataRegistry2;if(!IsUndefined(registrySymbol)&&IsObject(root.Reflect)&&Object.isExtensible(root.Reflect))metadataRegistry2=root.Reflect[registrySymbol];if(IsUndefined(metadataRegistry2))metadataRegistry2=CreateMetadataRegistry();if(!IsUndefined(registrySymbol)&&IsObject(root.Reflect)&&Object.isExtensible(root.Reflect))Object.defineProperty(root.Reflect,registrySymbol,{enumerable:!1,configurable:!1,writable:!1,value:metadataRegistry2});return metadataRegistry2}function CreateMetadataProvider(registry){var metadata2=new _WeakMap,provider={isProviderFor:function(O,P){var targetMetadata=metadata2.get(O);if(IsUndefined(targetMetadata))return!1;return targetMetadata.has(P)},OrdinaryDefineOwnMetadata:OrdinaryDefineOwnMetadata2,OrdinaryHasOwnMetadata:OrdinaryHasOwnMetadata2,OrdinaryGetOwnMetadata:OrdinaryGetOwnMetadata2,OrdinaryOwnMetadataKeys:OrdinaryOwnMetadataKeys2,OrdinaryDeleteMetadata};return metadataRegistry.registerProvider(provider),provider;function GetOrCreateMetadataMap(O,P,Create){var targetMetadata=metadata2.get(O),createdTargetMetadata=!1;if(IsUndefined(targetMetadata)){if(!Create)return;targetMetadata=new _Map,metadata2.set(O,targetMetadata),createdTargetMetadata=!0}var metadataMap=targetMetadata.get(P);if(IsUndefined(metadataMap)){if(!Create)return;if(metadataMap=new _Map,targetMetadata.set(P,metadataMap),!registry.setProvider(O,P,provider)){if(targetMetadata.delete(P),createdTargetMetadata)metadata2.delete(O);throw Error("Wrong provider for target.")}}return metadataMap}function OrdinaryHasOwnMetadata2(MetadataKey,O,P){var metadataMap=GetOrCreateMetadataMap(O,P,!1);if(IsUndefined(metadataMap))return!1;return ToBoolean(metadataMap.has(MetadataKey))}function OrdinaryGetOwnMetadata2(MetadataKey,O,P){var metadataMap=GetOrCreateMetadataMap(O,P,!1);if(IsUndefined(metadataMap))return;return metadataMap.get(MetadataKey)}function OrdinaryDefineOwnMetadata2(MetadataKey,MetadataValue,O,P){var metadataMap=GetOrCreateMetadataMap(O,P,!0);metadataMap.set(MetadataKey,MetadataValue)}function OrdinaryOwnMetadataKeys2(O,P){var keys=[],metadataMap=GetOrCreateMetadataMap(O,P,!1);if(IsUndefined(metadataMap))return keys;var keysObj=metadataMap.keys(),iterator=GetIterator(keysObj),k=0;while(!0){var next=IteratorStep(iterator);if(!next)return keys.length=k,keys;var nextValue=IteratorValue(next);try{keys[k]=nextValue}catch(e){try{IteratorClose(iterator)}finally{throw e}}k++}}function OrdinaryDeleteMetadata(MetadataKey,O,P){var metadataMap=GetOrCreateMetadataMap(O,P,!1);if(IsUndefined(metadataMap))return!1;if(!metadataMap.delete(MetadataKey))return!1;if(metadataMap.size===0){var targetMetadata=metadata2.get(O);if(!IsUndefined(targetMetadata)){if(targetMetadata.delete(P),targetMetadata.size===0)metadata2.delete(targetMetadata)}}return!0}}function CreateFallbackProvider(reflect){var{defineMetadata:defineMetadata2,hasOwnMetadata:hasOwnMetadata2,getOwnMetadata:getOwnMetadata2,getOwnMetadataKeys:getOwnMetadataKeys2,deleteMetadata:deleteMetadata2}=reflect,metadataOwner=new _WeakMap,provider={isProviderFor:function(O,P){var metadataPropertySet=metadataOwner.get(O);if(!IsUndefined(metadataPropertySet)&&metadataPropertySet.has(P))return!0;if(getOwnMetadataKeys2(O,P).length){if(IsUndefined(metadataPropertySet))metadataPropertySet=new _Set,metadataOwner.set(O,metadataPropertySet);return metadataPropertySet.add(P),!0}return!1},OrdinaryDefineOwnMetadata:defineMetadata2,OrdinaryHasOwnMetadata:hasOwnMetadata2,OrdinaryGetOwnMetadata:getOwnMetadata2,OrdinaryOwnMetadataKeys:getOwnMetadataKeys2,OrdinaryDeleteMetadata:deleteMetadata2};return provider}function GetMetadataProvider(O,P,Create){var registeredProvider=metadataRegistry.getProvider(O,P);if(!IsUndefined(registeredProvider))return registeredProvider;if(Create){if(metadataRegistry.setProvider(O,P,metadataProvider))return metadataProvider;throw Error("Illegal state.")}return}function CreateMapPolyfill(){var cacheSentinel={},arraySentinel=[],MapIterator=function(){function MapIterator2(keys,values,selector){this._index=0,this._keys=keys,this._values=values,this._selector=selector}return MapIterator2.prototype["@@iterator"]=function(){return this},MapIterator2.prototype[iteratorSymbol]=function(){return this},MapIterator2.prototype.next=function(){var index=this._index;if(index>=0&&index<this._keys.length){var result=this._selector(this._keys[index],this._values[index]);if(index+1>=this._keys.length)this._index=-1,this._keys=arraySentinel,this._values=arraySentinel;else this._index++;return{value:result,done:!1}}return{value:void 0,done:!0}},MapIterator2.prototype.throw=function(error){if(this._index>=0)this._index=-1,this._keys=arraySentinel,this._values=arraySentinel;throw error},MapIterator2.prototype.return=function(value){if(this._index>=0)this._index=-1,this._keys=arraySentinel,this._values=arraySentinel;return{value,done:!0}},MapIterator2}(),Map2=function(){function Map3(){this._keys=[],this._values=[],this._cacheKey=cacheSentinel,this._cacheIndex=-2}return Object.defineProperty(Map3.prototype,"size",{get:function(){return this._keys.length},enumerable:!0,configurable:!0}),Map3.prototype.has=function(key){return this._find(key,!1)>=0},Map3.prototype.get=function(key){var index=this._find(key,!1);return index>=0?this._values[index]:void 0},Map3.prototype.set=function(key,value){var index=this._find(key,!0);return this._values[index]=value,this},Map3.prototype.delete=function(key){var index=this._find(key,!1);if(index>=0){var size=this._keys.length;for(var i=index+1;i<size;i++)this._keys[i-1]=this._keys[i],this._values[i-1]=this._values[i];if(this._keys.length--,this._values.length--,SameValueZero(key,this._cacheKey))this._cacheKey=cacheSentinel,this._cacheIndex=-2;return!0}return!1},Map3.prototype.clear=function(){this._keys.length=0,this._values.length=0,this._cacheKey=cacheSentinel,this._cacheIndex=-2},Map3.prototype.keys=function(){return new MapIterator(this._keys,this._values,getKey)},Map3.prototype.values=function(){return new MapIterator(this._keys,this._values,getValue)},Map3.prototype.entries=function(){return new MapIterator(this._keys,this._values,getEntry)},Map3.prototype["@@iterator"]=function(){return this.entries()},Map3.prototype[iteratorSymbol]=function(){return this.entries()},Map3.prototype._find=function(key,insert){if(!SameValueZero(this._cacheKey,key)){this._cacheIndex=-1;for(var i=0;i<this._keys.length;i++)if(SameValueZero(this._keys[i],key)){this._cacheIndex=i;break}}if(this._cacheIndex<0&&insert)this._cacheIndex=this._keys.length,this._keys.push(key),this._values.push(void 0);return this._cacheIndex},Map3}();return Map2;function getKey(key,_){return key}function getValue(_,value){return value}function getEntry(key,value){return[key,value]}}function CreateSetPolyfill(){var Set2=function(){function Set3(){this._map=new _Map}return Object.defineProperty(Set3.prototype,"size",{get:function(){return this._map.size},enumerable:!0,configurable:!0}),Set3.prototype.has=function(value){return this._map.has(value)},Set3.prototype.add=function(value){return this._map.set(value,value),this},Set3.prototype.delete=function(value){return this._map.delete(value)},Set3.prototype.clear=function(){this._map.clear()},Set3.prototype.keys=function(){return this._map.keys()},Set3.prototype.values=function(){return this._map.keys()},Set3.prototype.entries=function(){return this._map.entries()},Set3.prototype["@@iterator"]=function(){return this.keys()},Set3.prototype[iteratorSymbol]=function(){return this.keys()},Set3}();return Set2}function CreateWeakMapPolyfill(){var UUID_SIZE=16,keys=HashMap.create(),rootKey=CreateUniqueKey();return function(){function WeakMap2(){this._key=CreateUniqueKey()}return WeakMap2.prototype.has=function(target){var table=GetOrCreateWeakMapTable(target,!1);return table!==void 0?HashMap.has(table,this._key):!1},WeakMap2.prototype.get=function(target){var table=GetOrCreateWeakMapTable(target,!1);return table!==void 0?HashMap.get(table,this._key):void 0},WeakMap2.prototype.set=function(target,value){var table=GetOrCreateWeakMapTable(target,!0);return table[this._key]=value,this},WeakMap2.prototype.delete=function(target){var table=GetOrCreateWeakMapTable(target,!1);return table!==void 0?delete table[this._key]:!1},WeakMap2.prototype.clear=function(){this._key=CreateUniqueKey()},WeakMap2}();function CreateUniqueKey(){var key;do key="@@WeakMap@@"+CreateUUID();while(HashMap.has(keys,key));return keys[key]=!0,key}function GetOrCreateWeakMapTable(target,create){if(!hasOwn.call(target,rootKey)){if(!create)return;Object.defineProperty(target,rootKey,{value:HashMap.create()})}return target[rootKey]}function FillRandomBytes(buffer,size){for(var i=0;i<size;++i)buffer[i]=Math.random()*255|0;return buffer}function GenRandomBytes(size){if(typeof Uint8Array==="function"){var array=new Uint8Array(size);if(typeof crypto<"u")crypto.getRandomValues(array);else if(typeof msCrypto<"u")msCrypto.getRandomValues(array);else FillRandomBytes(array,size);return array}return FillRandomBytes(Array(size),size)}function CreateUUID(){var data=GenRandomBytes(UUID_SIZE);data[6]=data[6]&79|64,data[8]=data[8]&191|128;var result="";for(var offset=0;offset<UUID_SIZE;++offset){var byte=data[offset];if(offset===4||offset===6||offset===8)result+="-";if(byte<16)result+="0";result+=byte.toString(16).toLowerCase()}return result}}function MakeDictionary(obj){return obj.__=void 0,delete obj.__,obj}})})(Reflect2||(Reflect2={}))});function severityRank(severity){return AUDIT_SEVERITY_RANK[severity??"info"]??0}function classifyAudit(operation,summary){let op=(operation||"").toUpperCase();if(summary?.startsWith("API key rejected"))return{severity:"medium",category:"auth"};if(summary&&AUTH_FAILURE_CLASSIFICATION[summary])return AUTH_FAILURE_CLASSIFICATION[summary];if(op==="IMPERSONATE"||op==="HARD_DELETE"||op==="CHANGE_USER_ID"||op==="PROVISION"||op==="RESTORE"||op.startsWith("ADMIN_"))return{severity:"high",category:"admin"};if(op.endsWith("_FAILED"))return{severity:"medium",category:"auth"};if(op.startsWith("PASSWORD"))return{severity:"medium",category:"auth"};if(op==="LOGIN"||op==="LOGOUT"||op==="REGISTER"||op==="OAUTH_LOGIN"||op==="MAGIC_LINK"||op==="INVITE")return{severity:"info",category:"auth"};if(op==="CREATE"||op==="UPDATE"||op==="PATCH"||op==="DELETE"||op==="TOGGLE"||op==="VERIFICATION")return{severity:"info",category:"data_change"};if(op==="GET"||op==="POST"||op==="PUT"||op==="PATCH"||op==="HEAD")return{severity:"low",category:"auth"};return{severity:"info",category:"data_change"}}var AUDIT_SEVERITY_RANK,ROUTINE_AUTH_REASONS,DEFAULT_AUDIT_SUPPRESS_REASONS,AUTH_FAILURE_CLASSIFICATION;var init_auditTaxonomy=__esm(()=>{AUDIT_SEVERITY_RANK={info:0,low:1,medium:2,high:3,critical:4};ROUTINE_AUTH_REASONS=["No session token","Invalid session","Session expired","Session inactive timeout","Authentication secrets not defined"],DEFAULT_AUDIT_SUPPRESS_REASONS=[...ROUTINE_AUTH_REASONS],AUTH_FAILURE_CLASSIFICATION={"No session token":{severity:"low",category:"auth"},"Invalid session":{severity:"low",category:"auth"},"Session expired":{severity:"low",category:"auth"},"Session inactive timeout":{severity:"low",category:"auth"},"Authentication secrets not defined":{severity:"critical",category:"config"},"Session revoked":{severity:"high",category:"security_anomaly"},"Invalid or missing access token":{severity:"medium",category:"auth"},"Access token tenant binding failed":{severity:"high",category:"security_anomaly"},"Invalid API key":{severity:"medium",category:"auth"},"Cohort expired":{severity:"medium",category:"authz"}}});var AUTH_LOGIN="authentication.login",AUTH_REGISTER="authentication.register",AUTH_SESSION="authentication.session",AUTH_PASSWORD_CHANGE="authentication.passwordChange",AUTH_PASSWORD_RESET="authentication.passwordReset",AUTH_PASSWORD_SET="authentication.passwordSet",TENANT_PROVISION="tenant.provision",TENANT_SELF_SIGNUP="tenant.selfSignup",TENANT_SUSPEND="tenant.suspend",matchesScope=(scope,enabledScopes)=>{if(enabledScopes.length===0)return!1;if(enabledScopes.includes("*"))return!0;if(enabledScopes.includes(scope))return!0;let category=scope.split(".")[0];if(category&&enabledScopes.includes(`${category}.*`))return!0;return!1};var init_scopes=()=>{};var LOG_LEVEL_PRIORITY,LOG_LEVEL_COLORS,RESET_COLOR="\x1B[0m",DIM_COLOR="\x1B[2m",BOLD_COLOR="\x1B[1m";var init_types=__esm(()=>{LOG_LEVEL_PRIORITY={debug:0,info:1,warn:2,error:3,fatal:4},LOG_LEVEL_COLORS={debug:"\x1B[36m",info:"\x1B[32m",warn:"\x1B[33m",error:"\x1B[31m",fatal:"\x1B[35m"}});function redactSensitiveData(obj,redactKeys=DEFAULT_REDACT_KEYS,seen=new WeakSet){if(obj===null||obj===void 0)return obj;if(obj instanceof Error){let code=obj.code;return redactSensitiveData({name:obj.name,message:obj.message,stack:obj.stack,...code!==void 0?{code}:{}},redactKeys,seen)}if(typeof obj!=="object")return obj;if(seen.has(obj))return"[Circular]";if(seen.add(obj),Array.isArray(obj))return obj.map((item)=>redactSensitiveData(item,redactKeys,seen));let result={};for(let[key,value]of Object.entries(obj))if(redactKeys.some((redactKey)=>key.toLowerCase().includes(redactKey.toLowerCase())))result[key]="[REDACTED]";else if(value instanceof Error||typeof value==="object"&&value!==null)result[key]=redactSensitiveData(value,redactKeys,seen);else result[key]=value;return result}function getCallerInfo(){let stack=Error().stack;if(!stack)return{file:"unknown",line:0,function:"unknown"};let lines=stack.split(`
|
|
16
16
|
`).slice(1);for(let line of lines){let match=line.match(/at\s+(?:(.+?)\s+)?\(?(.+?):(\d+):(\d+)\)?/);if(!match)continue;let[,fnName,filePath,lineNum]=match,fileName=filePath?filePath.split("/").pop()||filePath:"unknown";if(LOGGER_INTERNAL_FILES.includes(fileName))continue;return{file:fileName,line:parseInt(lineNum||"0",10),function:fnName?.replace(/^Object\./,"")||"anonymous"}}return{file:"unknown",line:0,function:"unknown"}}function formatError(error){if(error instanceof Error)return{name:error.name,message:error.message,stack:error.stack,code:error.code};if(typeof error==="string")return{name:"Error",message:error};return{name:"UnknownError",message:String(error)}}function mergeContext(base,additional){if(!base&&!additional)return;if(!base)return additional;if(!additional)return base;return{...base,...additional}}function formatDuration(ms){if(ms<1)return`${(ms*1000).toFixed(2)}\xB5s`;if(ms<1000)return`${ms.toFixed(2)}ms`;return`${(ms/1000).toFixed(2)}s`}function safeStringify(obj,indent){let seen=new WeakSet;return JSON.stringify(obj,(_,value)=>{if(typeof value==="object"&&value!==null){if(seen.has(value))return"[Circular]";seen.add(value)}if(typeof value==="bigint")return value.toString();if(value instanceof Error)return{name:value.name,message:value.message,stack:value.stack};return value},indent)}var DEFAULT_REDACT_KEYS,LOGGER_INTERNAL_FILES;var init_utils=__esm(()=>{DEFAULT_REDACT_KEYS=["password","secret","token","apiKey","api_key","authorization","cookie","credit_card","creditCard","ssn","privateKey","private_key"];LOGGER_INTERNAL_FILES=["Logger.ts","transports.ts","utils.ts"]});class ConsoleTransport{name="console";colorize;prettyPrint;constructor(options={}){this.colorize=options.colorize??!0,this.prettyPrint=options.prettyPrint??!0}log(entry){if(this.prettyPrint)this.logPretty(entry);else this.logJson(entry)}logJson(entry){let output=safeStringify(entry);this.getConsoleMethod(entry.level)(output)}logPretty(entry){let method=this.getConsoleMethod(entry.level),color=this.colorize?LOG_LEVEL_COLORS[entry.level]:"",reset=this.colorize?RESET_COLOR:"",dim=this.colorize?DIM_COLOR:"",bold=this.colorize?BOLD_COLOR:"",time=new Date(entry.timestamp).toLocaleTimeString("en-US",{hour12:!1,hour:"2-digit",minute:"2-digit",second:"2-digit"}),levelStr=entry.level.toUpperCase().padEnd(5),serviceStr=entry.service?`[${entry.service}]`:"",correlationStr=entry.correlationId?`${dim}(${entry.correlationId.slice(0,8)})${reset}`:"",durationStr=entry.duration!==void 0?`${dim}${formatDuration(entry.duration)}${reset}`:"",line=`${dim}${time}${reset} ${color}${bold}${levelStr}${reset} ${serviceStr}${correlationStr} ${entry.message} ${durationStr}`;if(method(line.trim()),entry.caller)method(` ${dim}at ${entry.caller.function} (${entry.caller.file}:${entry.caller.line})${reset}`);if(entry.context&&Object.keys(entry.context).length>0)method(` ${dim}context:${reset}`,entry.context);if(entry.error){if(method(` ${color}${entry.error.name}: ${entry.error.message}${reset}`),entry.error.stack){let stackLines=entry.error.stack.split(`
|
|
17
|
-
`).slice(1,4);for(let stackLine of stackLines)method(` ${dim}${stackLine.trim()}${reset}`)}}}getConsoleMethod(level){switch(level){case"debug":return console.debug.bind(console);case"info":return console.info.bind(console);case"warn":return console.warn.bind(console);case"error":case"fatal":return console.error.bind(console);default:return console.log.bind(console)}}}class DatabaseAuditTransport{name="database";db;table;enabled;dedupEnabled;dedupWindowMs;dedupSlots=new Map;lastSweep=0;constructor(options){this.db=options.db,this.table=options.table,this.enabled=options.enabled??!0,this.dedupEnabled=options.dedup?.enabled??!1,this.dedupWindowMs=Math.max(1,options.dedup?.windowSeconds??60)*1000}setDb(db){this.db=db}setTable(table){this.table=table}setEnabled(enabled){this.enabled=enabled}setDedup(dedup){if(this.dedupEnabled=dedup.enabled??this.dedupEnabled,dedup.windowSeconds!=null)this.dedupWindowMs=Math.max(1,dedup.windowSeconds)*1000}isDedupable(entry){return this.dedupEnabled&&(entry.category==="auth"||entry.category==="authz"||entry.category==="security_anomaly")}sweep(now){if(now-this.lastSweep<this.dedupWindowMs)return;this.lastSweep=now;for(let[key,slot]of this.dedupSlots)if(slot.expiresAt<=now)this.dedupSlots.delete(key)}async write(entry){if(!this.enabled||!this.db||!this.table)return;try{let now=Date.now();if(this.isDedupable(entry)){this.sweep(now);let key=`${entry.ipAddress}|${entry.operation}|${entry.summary}|${entry.userId??""}`,slot=this.dedupSlots.get(key);if(slot&&slot.expiresAt>now){slot.count+=1,await this.bumpOccurrence(slot.rowId,slot.count,now);return}this.dedupSlots.set(key,{rowId:entry.id,count:1,expiresAt:now+this.dedupWindowMs})}await this.db.insert(this.table).values({id:entry.id,entityId:entry.entityId,entityName:entry.entityName,operationType:entry.operation,userId:entry.userId,ipAddress:entry.ipAddress,userAgent:entry.userAgent,summary:entry.summary,severity:entry.severity,category:entry.category,occurrenceCount:1,oldValues:entry.oldValues,newValues:entry.newValues,path:entry.path,query:entry.query})}catch(error){console.error("Audit log write failed:",error)}}async bumpOccurrence(rowId,count,nowMs){try{let{eq}=await import("drizzle-orm"),idCol=this.table.id;await this.db.update(this.table).set({occurrenceCount:count,lastOccurrenceAt:new Date(nowMs)}).where(eq(idCol,rowId))}catch(error){console.error("Audit dedup update failed:",error)}}}class ConsoleAuditTransport{name="console-audit";enabled;constructor(options={}){this.enabled=options.enabled??!0}write(entry){if(!this.enabled)return;let reset=RESET_COLOR,dim=DIM_COLOR,color={info:"\x1B[35m",low:"\x1B[90m",medium:"\x1B[33m",high:"\x1B[31m",critical:"\x1B[1m\x1B[31m"}[entry.severity]??"\x1B[35m",sev=entry.severity.toUpperCase(),actor=entry.userId||"anonymous",cat=entry.category;console.log(`${dim}${entry.timestamp}${reset} ${color}AUDIT\xB7${sev}${reset} ${dim}(${cat})${reset} [${entry.operation}] ${entry.entityName}${entry.entityId?`:${entry.entityId}`:""} ${dim}by ${actor}${reset}${entry.summary?` ${dim}\u2014${reset} ${entry.summary}`:""}`)}}var init_transports=__esm(()=>{init_types();init_utils()});import{randomUUID}from"crypto";class Logger{config;transports;auditTransports;context;correlationId;static instance=null;constructor(config={},context={},correlationId){this.config={...DEFAULT_CONFIG,...config},this.config.redactKeys=[...new Set([...DEFAULT_REDACT_KEYS,...config.redactKeys||[]])],this.context=context,this.correlationId=correlationId,this.transports=[new ConsoleTransport({colorize:this.config.colorize,prettyPrint:this.config.prettyPrint})],this.auditTransports=[new ConsoleAuditTransport({enabled:this.config.prettyPrint})]}static getInstance(config){if(!Logger.instance)Logger.instance=new Logger(config);return Logger.instance}static resetInstance(){Logger.instance=null}configure(config){return this.config={...this.config,...config},this.config.redactKeys=[...new Set([...DEFAULT_REDACT_KEYS,...config.redactKeys||this.config.redactKeys||[]])],this.transports=[new ConsoleTransport({colorize:this.config.colorize,prettyPrint:this.config.prettyPrint}),...this.transports.filter((t)=>t.name!=="console")],this}child(context,correlationId){let childLogger=new Logger(this.config,mergeContext(this.context,context)||{},correlationId||this.correlationId);return childLogger.transports=this.transports,childLogger.auditTransports=this.auditTransports,childLogger}withCorrelationId(correlationId){return this.child({},correlationId)}addTransport(transport){this.transports.push(transport)}addAuditTransport(transport){this.auditTransports.push(transport)}setLevel(level){this.config.level=level}setAuditEnabled(enabled){this.config.auditEnabled=enabled}isAuditEnabled(){return this.config.auditEnabled}setAuditSuppressReasons(reasons){this.config.auditSuppressReasons=reasons}setAuditMinSeverity(severity){this.config.auditMinSeverity=severity}shouldLog(level){return LOG_LEVEL_PRIORITY[level]>=LOG_LEVEL_PRIORITY[this.config.level]}shouldLogScope(scope){if(!scope)return!0;return matchesScope(scope,this.config.enabledScopes)}setEnabledScopes(scopes){this.config.enabledScopes=scopes}getEnabledScopes(){return this.config.enabledScopes}scoped(scope){return new ScopedLogger(this,scope)}createEntry(level,message,context,error,startTime,scope){let entry={timestamp:new Date().toISOString(),level,message,scope,service:this.config.service,correlationId:this.correlationId},mergedContext=mergeContext(this.context,context);if(mergedContext&&Object.keys(mergedContext).length>0)entry.context=redactSensitiveData(mergedContext,this.config.redactKeys);if(this.config.includeCallerInfo)entry.caller=getCallerInfo();if(error)entry.error=formatError(error);if(startTime!==void 0)entry.duration=performance.now()-startTime;return entry}log(level,message,context,error,startTime,scope){if(!this.shouldLog(level))return;if(!this.shouldLogScope(scope))return;let entry=this.createEntry(level,message,context,error,startTime,scope);for(let transport of this.transports)try{transport.log(entry)}catch(err){console.error(`Logger transport "${transport.name}" failed:`,err)}}debug(message,context){this.log("debug",message,context)}info(message,context){this.log("info",message,context)}warn(message,context){this.log("warn",message,context)}error(message,error,context){this.log("error",message,context,error)}fatal(message,error,context){this.log("fatal",message,context,error)}time(label){let start=performance.now();return()=>{this.log("debug",`${label} completed`,void 0,void 0,start)}}async timeAsync(label,fn,context){let start=performance.now();try{let result=await fn();return this.log("debug",`${label} completed`,context,void 0,start),result}catch(error){throw this.log("error",`${label} failed`,context,error,start),error}}request(options){let level=options.statusCode>=500?"error":options.statusCode>=400?"warn":"info";this.log(level,`${options.method} ${options.path} ${options.statusCode}`,{method:options.method,path:options.path,statusCode:options.statusCode,durationMs:options.duration,correlationId:options.correlationId,userId:options.userId,ip:options.ip,userAgent:options.userAgent})}db(options){let level=options.error?"error":"debug";this.log(level,`DB ${options.operation} on ${options.table}`,{operation:options.operation,table:options.table,durationMs:options.duration,rowCount:options.rowCount},options.error)}async flush(){for(let transport of this.transports)if(transport.flush)await transport.flush()}async audit(options){let summary=options.summary||`${options.operation} on ${options.entityName}`;if(this.config.auditSuppressReasons?.includes(summary))return;let derived=classifyAudit(options.operation,summary),severity=options.severity??derived.severity,category=options.category??derived.category;if(severityRank(severity)<severityRank(this.config.auditMinSeverity))return;let entry={id:randomUUID(),timestamp:new Date().toISOString(),entityName:options.entityName,entityId:options.entityId??null,operation:options.operation,userId:options.userId??null,summary,severity,category,oldValues:redactSensitiveData(options.oldValues||{}),newValues:redactSensitiveData(options.newValues||{}),ipAddress:options.ipAddress||"unknown",userAgent:options.userAgent||"unknown",path:options.path||"",query:options.query||"",correlationId:this.correlationId};for(let transport of this.auditTransports)try{await transport.write(entry)}catch(err){console.error(`Audit transport "${transport.name}" failed:`,err)}}auditOnly(options){this.audit(options)}async trace(options){let shouldLog=options.log!==!1,shouldAudit=options.writeAudit===!0||options.writeAudit!==!1&&this.config.auditEnabled&&options.audit;if(shouldLog)this.log(options.level||"info",options.message,options.context,options.error);if(shouldAudit&&options.audit)await this.audit(options.audit)}traceSync(options){let shouldLog=options.log!==!1,shouldAudit=options.writeAudit===!0||options.writeAudit!==!1&&this.config.auditEnabled&&options.audit;if(shouldLog)this.log(options.level||"info",options.message,options.context,options.error);if(shouldAudit&&options.audit)this.audit(options.audit)}}class ScopedLogger{parent;scope;constructor(parent,scope){this.parent=parent,this.scope=scope}debug(message,context){this.parent.log("debug",message,context,void 0,void 0,this.scope)}info(message,context){this.parent.log("info",message,context,void 0,void 0,this.scope)}warn(message,context){this.parent.log("warn",message,context,void 0,void 0,this.scope)}error(message,error,context){this.parent.log("error",message,context,error,void 0,this.scope)}}var DEFAULT_CONFIG,logger;var init_Logger=__esm(()=>{init_auditTaxonomy();init_scopes();init_transports();init_types();init_utils();DEFAULT_CONFIG={level:"info",service:"nucleus",environment:"development",redactKeys:[],colorize:!0,prettyPrint:!0,includeCallerInfo:!0,asyncBufferSize:100,flushIntervalMs:1000,auditEnabled:!1,auditSuppressReasons:DEFAULT_AUDIT_SUPPRESS_REASONS,auditMinSeverity:"info",enabledScopes:["*"]};logger=Logger.getInstance()});var require_fast_decode_uri_component=__commonJS((exports,module)=>{var UTF8_ACCEPT=12,UTF8_REJECT=0,UTF8_DATA=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,4,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,6,7,7,7,7,7,7,7,7,7,7,7,7,8,7,7,10,9,9,9,11,4,4,4,4,4,4,4,4,4,4,4,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,24,36,48,60,72,84,96,0,12,12,12,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,24,24,24,0,0,0,0,0,0,0,0,0,24,24,0,0,0,0,0,0,0,0,0,0,48,48,48,0,0,0,0,0,0,0,0,0,0,48,48,0,0,0,0,0,0,0,0,0,48,0,0,0,0,0,0,0,0,0,0,127,63,63,63,0,31,15,15,15,7,7,7];function decodeURIComponent2(uri){var percentPosition=uri.indexOf("%");if(percentPosition===-1)return uri;var length=uri.length,decoded="",last=0,codepoint=0,startOfOctets=percentPosition,state=UTF8_ACCEPT;while(percentPosition>-1&&percentPosition<length){var high=hexCodeToInt(uri[percentPosition+1],4),low=hexCodeToInt(uri[percentPosition+2],0),byte=high|low,type=UTF8_DATA[byte];if(state=UTF8_DATA[256+state+type],codepoint=codepoint<<6|byte&UTF8_DATA[364+type],state===UTF8_ACCEPT)decoded+=uri.slice(last,startOfOctets),decoded+=codepoint<=65535?String.fromCharCode(codepoint):String.fromCharCode(55232+(codepoint>>10),56320+(codepoint&1023)),codepoint=0,last=percentPosition+3,percentPosition=startOfOctets=uri.indexOf("%",last);else if(state===UTF8_REJECT)return null;else{if(percentPosition+=3,percentPosition<length&&uri.charCodeAt(percentPosition)===37)continue;return null}}return decoded+uri.slice(last)}var HEX={"0":0,"1":1,"2":2,"3":3,"4":4,"5":5,"6":6,"7":7,"8":8,"9":9,a:10,A:10,b:11,B:11,c:12,C:12,d:13,D:13,e:14,E:14,f:15,F:15};function hexCodeToInt(c,shift){var i=HEX[c];return i===void 0?255:i<<shift}module.exports=decodeURIComponent2});import{createHash,randomBytes}from"crypto";var API_KEY_BYTE_LENGTH=32,HASH_ALGORITHM="sha256",generateApiKey=(prefix="nk_live")=>{let randomPart=randomBytes(API_KEY_BYTE_LENGTH).toString("hex"),rawKey=`${prefix}_${randomPart}`,keyHash=hashApiKey(rawKey),keyPreview=`${prefix}_...${randomPart.slice(-4)}`;return{rawKey,keyHash,keyPreview}},hashApiKey=(rawKey)=>{return createHash(HASH_ALGORITHM).update(rawKey).digest("hex")},validateApiKeyFormat=(rawKey)=>{return/^nk_(live|test)_[a-f0-9]{64}$/.test(rawKey)},extractApiKeyFromHeader=(headers)=>{let apiKeyHeader=headers.get("x-api-key");if(apiKeyHeader&&validateApiKeyFormat(apiKeyHeader))return apiKeyHeader;let authHeader=headers.get("authorization");if(authHeader){let bearerMatch=authHeader.match(/^Bearer\s+(nk_(?:live|test)_[a-f0-9]{64})$/);if(bearerMatch?.[1])return bearerMatch[1]}return null},validateApiKeyRecord=(record)=>{if(!record.isActive)return{valid:!1,reason:"API key is inactive"};if(record.revokedAt)return{valid:!1,reason:"API key has been revoked"};if(record.expiresAt&&new Date(record.expiresAt)<new Date)return{valid:!1,reason:"API key has expired"};return{valid:!0,record}},intersectPermissions=(userPermissions,keyPermissions)=>{let userSet=new Set(userPermissions);return keyPermissions.filter((p)=>userSet.has(p))};var init_ApiKey=()=>{};var normalize=(value)=>{return value?.trim().toLowerCase()||"unknown"},extractHeaderValue=(headers,key)=>{return headers[key.toLowerCase()]??headers[key]};import crypto2 from"crypto";var generateDeviceFingerprint=(input)=>{let payload=JSON.stringify({userAgent:normalize(input.userAgent),extra:input.extra??{}});return{hash:crypto2.createHash("sha256").update(payload).digest("base64url"),components:input}};var init_Generate=()=>{};var validateDeviceFingerprint=({savedFingerprint,requestIp,headers})=>{let userAgent=extractHeaderValue(headers,"user-agent"),forwardedFor=extractHeaderValue(headers,"x-forwarded-for")??requestIp??void 0,currentFingerprint=generateDeviceFingerprint({userAgent,ipAddress:forwardedFor}),componentMismatch=[{field:"userAgent",saved:savedFingerprint.components.userAgent,received:userAgent},{field:"ipAddress",saved:savedFingerprint.components.ipAddress,received:forwardedFor}].find(({saved,received})=>saved??(received??"")!=="");if(componentMismatch)return{isValid:!1,reason:`${componentMismatch.field} mismatch`,currentFingerprint};return{isValid:!0,currentFingerprint}};var init_Validate=__esm(()=>{init_Generate()});var init_Fingerprint=__esm(()=>{init_Generate();init_Validate()});import crypto3 from"crypto";var base64UrlEncode=(data)=>{return(Buffer.isBuffer(data)?data.toString("base64"):Buffer.from(data).toString("base64")).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")},base64UrlDecode=(data)=>{let padding="=".repeat((4-data.length%4)%4),base64=data.replace(/-/g,"+").replace(/_/g,"/")+padding;return Buffer.from(base64,"base64").toString("utf-8")},createSignature=(data,secret,algorithm)=>{let hmacAlgorithm=algorithm.replace("HS","sha"),hmac=crypto3.createHmac(hmacAlgorithm,secret);return hmac.update(data),base64UrlEncode(hmac.digest())},verifySignature=(data,signature,secret,algorithm)=>{let expectedSignature=createSignature(data,secret,algorithm),sigBuf=Buffer.from(signature),expBuf=Buffer.from(expectedSignature);if(sigBuf.length!==expBuf.length)return!1;return crypto3.timingSafeEqual(sigBuf,expBuf)},encodeHeader=(header)=>{return base64UrlEncode(JSON.stringify(header))},encodePayload=(payload)=>{return base64UrlEncode(JSON.stringify(payload))},decodeHeader=(encoded)=>{try{return JSON.parse(base64UrlDecode(encoded))}catch{return null}},decodePayload=(encoded)=>{try{return JSON.parse(base64UrlDecode(encoded))}catch{return null}};var init_utils2=()=>{};var decodeJWT=(token)=>{let parts=token.split(".");if(parts.length!==3)return null;let[encodedHeader,encodedPayload,signature]=parts;if(!encodedHeader||!encodedPayload||!signature)return null;let header=decodeHeader(encodedHeader),payload=decodePayload(encodedPayload);if(!header||!payload)return null;return{header,payload,signature}};var init_Decode=__esm(()=>{init_utils2()});var signJWT=(options,secret,algorithm="HS256")=>{let header={alg:algorithm,typ:"JWT"},now=Math.floor(Date.now()/1000),payload={sub:options.subject,iat:now,exp:now+options.expiresInSeconds,iss:options.issuer,aud:options.audience,jti:options.jwtId,sessionId:options.sessionId,...options.customClaims},encodedHeader=encodeHeader(header),encodedPayload=encodePayload(payload),dataToSign=`${encodedHeader}.${encodedPayload}`,signature=createSignature(dataToSign,secret,algorithm);return`${dataToSign}.${signature}`};var init_Sign=__esm(()=>{init_utils2()});var audienceMatches=(aud,expected)=>{if(typeof aud==="string")return aud===expected;if(Array.isArray(aud))return aud.includes(expected);return!1},verifyJWT=(token,secret,expected)=>{let parts=token.split(".");if(parts.length!==3)return{valid:!1,error:"Invalid token format: expected 3 parts"};let[encodedHeader,encodedPayload,signature]=parts;if(!encodedHeader||!encodedPayload||!signature)return{valid:!1,error:"Invalid token format: missing parts"};let header=decodeHeader(encodedHeader);if(!header)return{valid:!1,error:"Invalid header: failed to decode"};if(header.typ!=="JWT")return{valid:!1,error:"Invalid header: typ must be JWT"};if(!["HS256","HS384","HS512"].includes(header.alg))return{valid:!1,error:`Unsupported algorithm: ${header.alg}`};let dataToVerify=`${encodedHeader}.${encodedPayload}`;if(!verifySignature(dataToVerify,signature,secret,header.alg))return{valid:!1,error:"Invalid signature"};let payload=decodePayload(encodedPayload);if(!payload)return{valid:!1,error:"Invalid payload: failed to decode"};let now=Math.floor(Date.now()/1000);if(payload.exp&&payload.exp<now)return{valid:!1,error:"Token expired"};if(payload.iat&&payload.iat>now+60)return{valid:!1,error:"Token issued in the future"};if(expected?.issuer&&payload.iss!==expected.issuer)return{valid:!1,error:"Invalid issuer"};if(expected?.audience&&!audienceMatches(payload.aud,expected.audience))return{valid:!1,error:"Invalid audience"};return{valid:!0,payload}};var init_Verify=__esm(()=>{init_utils2()});var exports_JWT={};__export(exports_JWT,{verifyJWT:()=>verifyJWT,signJWT:()=>signJWT,decodeJWT:()=>decodeJWT});var init_JWT=__esm(()=>{init_Decode();init_Sign();init_Verify()});var init_Generate2=()=>{};var init_Password=__esm(()=>{init_Generate2()});var init_Logger2=__esm(()=>{init_auditTaxonomy();init_Logger();init_transports();init_utils();init_scopes()});var DEFAULT_DAPR_HOST="127.0.0.1",DEFAULT_DAPR_PORT="3500",DEFAULT_MAX_BODY_SIZE_MB=4,DEFAULT_STATE_STORE="statestore-redis",DEFAULT_PUBSUB_NAME="pubsub-rabbitmq",DEFAULT_SECRET_STORE="secretstore",DEFAULT_CONFIG_STORE="configstore-redis",ENV_DAPR_HOST="DAPR_HOST",ENV_DAPR_HTTP_PORT="DAPR_HTTP_PORT",ENV_DAPR_HTTP_ENDPOINT="DAPR_HTTP_ENDPOINT",ENV_DAPR_GRPC_ENDPOINT="DAPR_GRPC_ENDPOINT",ENV_DAPR_API_TOKEN="DAPR_API_TOKEN",DEFAULT_OPERATION_TIMEOUT_MS=30000,DEFAULT_CONNECTION_TIMEOUT_MS=1e4,DEFAULT_HEALTH_CHECK_TIMEOUT_MS=5000,CONNECTION_STATUS,HEALTH_STATUS,ERROR_CODES;var init_constants=__esm(()=>{CONNECTION_STATUS={CONNECTED:"connected",DISCONNECTED:"disconnected",CONNECTING:"connecting",ERROR:"error"},HEALTH_STATUS={HEALTHY:"healthy",UNHEALTHY:"unhealthy"},ERROR_CODES={CONNECTION_ERROR:"DAPR_CONNECTION_ERROR",TIMEOUT_ERROR:"DAPR_TIMEOUT_ERROR",STATE_ERROR:"DAPR_STATE_ERROR",PUBSUB_ERROR:"DAPR_PUBSUB_ERROR",BINDING_ERROR:"DAPR_BINDING_ERROR",SECRET_ERROR:"DAPR_SECRET_ERROR",CONFIG_ERROR:"DAPR_CONFIG_ERROR",INVOKE_ERROR:"DAPR_INVOKE_ERROR",CRYPTO_ERROR:"DAPR_CRYPTO_ERROR",LOCK_ERROR:"DAPR_LOCK_ERROR",WORKFLOW_ERROR:"DAPR_WORKFLOW_ERROR",VALIDATION_ERROR:"DAPR_VALIDATION_ERROR"}});var DaprManagerError,createConnectionError=(message,details)=>new DaprManagerError(ERROR_CODES.CONNECTION_ERROR,message,details),createTimeoutError=(message,details)=>new DaprManagerError(ERROR_CODES.TIMEOUT_ERROR,message,details),createStateError=(message,details)=>new DaprManagerError(ERROR_CODES.STATE_ERROR,message,details),createPubSubError=(message,details)=>new DaprManagerError(ERROR_CODES.PUBSUB_ERROR,message,details),createBindingError=(message,details)=>new DaprManagerError(ERROR_CODES.BINDING_ERROR,message,details),createSecretError=(message,details)=>new DaprManagerError(ERROR_CODES.SECRET_ERROR,message,details),createConfigError=(message,details)=>new DaprManagerError(ERROR_CODES.CONFIG_ERROR,message,details),createInvokeError=(message,details)=>new DaprManagerError(ERROR_CODES.INVOKE_ERROR,message,details),createCryptoError=(message,details)=>new DaprManagerError(ERROR_CODES.CRYPTO_ERROR,message,details),createLockError=(message,details)=>new DaprManagerError(ERROR_CODES.LOCK_ERROR,message,details),createWorkflowError=(message,details)=>new DaprManagerError(ERROR_CODES.WORKFLOW_ERROR,message,details),safeExecute=async(operation,errorCreator)=>{try{return await operation()}catch(error){let errorMessage=error instanceof Error?error.message:String(error);throw errorCreator(errorMessage,error)}};var init_error_handling=__esm(()=>{init_constants();DaprManagerError=class DaprManagerError extends Error{code;details;constructor(code,message,details){super(message);this.name="DaprManagerError",this.code=code,this.details=details}toJSON(){return{code:this.code,message:this.message,details:this.details}}}});var LOG_LEVEL_PRIORITY2,createDefaultLogger=(minLevel="info")=>{let minPriority=LOG_LEVEL_PRIORITY2[minLevel],scoped=logger.scoped("dapr.client"),logWithLevel=(level)=>(message,...meta)=>{if(LOG_LEVEL_PRIORITY2[level]<minPriority)return;let context=meta.length>0?{meta}:void 0;if(level==="error")scoped.error(message,void 0,context);else scoped[level](message,context)};return{debug:logWithLevel("debug"),info:logWithLevel("info"),warn:logWithLevel("warn"),error:logWithLevel("error")}},withTimeout=async(fn,timeoutMs,errorMessage="Operation timed out")=>{return Promise.race([fn(),new Promise((_,reject)=>{setTimeout(()=>{reject(createTimeoutError(errorMessage))},timeoutMs)})])},validateRequired=(params,requiredKeys,entityName)=>{let missingKeys=requiredKeys.filter((key)=>params[key]===void 0);if(missingKeys.length>0)throw Error(`Missing required ${entityName} parameters: ${missingKeys.join(", ")}`)};var init_utils3=__esm(()=>{init_Logger2();init_constants();init_error_handling();LOG_LEVEL_PRIORITY2={debug:0,info:1,warn:2,error:3}});class DaprBindingClient{client;logger;constructor(clientProvider,logger2){this.client=clientProvider,this.logger=logger2}async invoke(name,operation,data,options={}){return validateRequired({name,operation},["name","operation"],"binding invoke"),safeExecute(async()=>{this.logger.debug("Invoking binding",{name,operation});let response=await(await this.client()).binding.send(name,operation,data,options.metadata);return this.logger.debug("Binding invoked successfully",{name,operation}),response},(message,details)=>createBindingError(`Failed to invoke binding ${name}: ${message}`,details))}}var init_binding_client=__esm(()=>{init_error_handling();init_utils3()});class DaprConfigClient{client;logger;constructor(clientProvider,logger2){this.client=clientProvider,this.logger=logger2}async get(keys,storeName=DEFAULT_CONFIG_STORE){if(validateRequired({keys,storeName},["keys","storeName"],"config get"),keys.length===0)return{};return safeExecute(async()=>{this.logger.debug("Getting configuration",{keys,storeName});let response=await(await this.client()).configuration.get(storeName,keys);return this.logger.debug("Configuration retrieved",{keys,storeName,itemCount:Object.keys(response.items||{}).length}),response.items||{}},(message,details)=>createConfigError(`Failed to get configuration: ${message}`,details))}async subscribeWithKeys(keys,callback,storeName=DEFAULT_CONFIG_STORE){if(validateRequired({keys,callback,storeName},["keys","callback","storeName"],"config subscribeWithKeys"),keys.length===0)throw createConfigError("At least one key must be provided for subscription");return safeExecute(async()=>{this.logger.debug("Subscribing to configuration updates",{keys,storeName});let stream=await(await this.client()).configuration.subscribeWithKeys(storeName,keys,async(data)=>{try{this.logger.debug("Received configuration update",{storeName,updatedKeys:Object.keys(data.items||{})}),await callback(data)}catch(error){this.logger.error("Error in configuration subscription callback",error)}});return this.logger.debug("Configuration subscription established",{keys,storeName}),{stop:()=>{this.logger.debug("Stopping configuration subscription",{keys,storeName}),stream.stop()}}},(message,details)=>createConfigError(`Failed to subscribe to configuration updates: ${message}`,details))}async getValue(key,storeName=DEFAULT_CONFIG_STORE){return(await this.get([key],storeName))[key]?.value}async getValues(keys,storeName=DEFAULT_CONFIG_STORE){let items=await this.get(keys,storeName),values={};for(let key in items)if(items[key]?.value!==void 0)values[key]=items[key].value;return values}}var init_config_client=__esm(()=>{init_constants();init_error_handling();init_utils3()});class DaprCryptoClient{client;logger;constructor(clientProvider,logger2){this.client=clientProvider,this.logger=logger2}async encrypt(data,options){return validateRequired({data,componentName:options.componentName},["data","componentName"],"crypto encrypt"),safeExecute(async()=>{this.logger.debug("Encrypting data",{componentName:options.componentName,keyName:options.keyName,keyWrapAlgorithm:options.keyWrapAlgorithm});let client=await this.client(),inputData=typeof data==="string"?Buffer.from(data):data,cryptoOptions={componentName:options.componentName};if(options.keyName)cryptoOptions.keyName=options.keyName;if(options.keyWrapAlgorithm)cryptoOptions.keyWrapAlgorithm=options.keyWrapAlgorithm;let encryptedData=await client.crypto.encrypt(inputData,cryptoOptions);return this.logger.debug("Data encrypted successfully",{componentName:options.componentName,inputSize:inputData.length,outputSize:encryptedData.length}),encryptedData},(message,details)=>createCryptoError(`Failed to encrypt data: ${message}`,details))}async decrypt(data,options){return validateRequired({data,componentName:options.componentName},["data","componentName"],"crypto decrypt"),safeExecute(async()=>{this.logger.debug("Decrypting data",{componentName:options.componentName});let client=await this.client(),inputData=typeof data==="string"?Buffer.from(data):data,cryptoOptions={componentName:options.componentName};if(options.keyName)cryptoOptions.keyName=options.keyName;if(options.keyWrapAlgorithm)cryptoOptions.keyWrapAlgorithm=options.keyWrapAlgorithm;let decryptedData=await client.crypto.decrypt(inputData,cryptoOptions);return this.logger.debug("Data decrypted successfully",{componentName:options.componentName,inputSize:inputData.length,outputSize:decryptedData.length}),decryptedData},(message,details)=>createCryptoError(`Failed to decrypt data: ${message}`,details))}async encryptString(plaintext,options){return(await this.encrypt(plaintext,options)).toString("base64")}async decryptString(ciphertext,options){let encryptedBuffer=Buffer.from(ciphertext,"base64");return(await this.decrypt(encryptedBuffer,options)).toString("utf-8")}}var init_crypto_client=__esm(()=>{init_error_handling();init_utils3()});import{HttpMethod}from"@dapr/dapr";class DaprInvokeClient{client;logger;constructor(clientProvider,logger2){this.client=clientProvider,this.logger=logger2}async invoke(appId,methodName,httpMethod=HttpMethod.POST,data,options={}){validateRequired({appId,methodName,httpMethod},["appId","methodName","httpMethod"],"invoke service");let timeoutMs=options.timeout||DEFAULT_OPERATION_TIMEOUT_MS;return safeExecute(async()=>{this.logger.debug("Invoking service",{appId,methodName,httpMethod,hasData:data!==void 0});let fullMethodName=methodName;if(options.queryParams&&Object.keys(options.queryParams).length>0){let queryString=Object.entries(options.queryParams).map(([key,value])=>`${encodeURIComponent(key)}=${encodeURIComponent(value)}`).join("&");fullMethodName=`${methodName}?${queryString}`}let client=await this.client(),response=await withTimeout(()=>client.invoker.invoke(appId,fullMethodName,httpMethod,data,options.headers),timeoutMs,`Service invocation timed out after ${timeoutMs}ms`);if(this.logger.debug("Service invoked successfully",{appId,methodName,httpMethod,status:response?.status}),!response)return;if("data"in response)return response.data;return response},(message,details)=>createInvokeError(`Failed to invoke service ${appId}.${methodName}: ${message}`,details))}async get(appId,methodName,options={}){return this.invoke(appId,methodName,HttpMethod.GET,void 0,options)}async post(appId,methodName,data,options={}){return this.invoke(appId,methodName,HttpMethod.POST,data,options)}async put(appId,methodName,data,options={}){return this.invoke(appId,methodName,HttpMethod.PUT,data,options)}async delete(appId,methodName,options={}){return this.invoke(appId,methodName,HttpMethod.DELETE,void 0,options)}}var init_invoke_client=__esm(()=>{init_constants();init_error_handling();init_utils3()});class DaprLockClient{client;logger;constructor(clientProvider,logger2){this.client=clientProvider,this.logger=logger2}async lock(storeName,resourceId,lockOwner,options){return validateRequired({storeName,resourceId,lockOwner,expiryInSeconds:options.expiryInSeconds},["storeName","resourceId","lockOwner","expiryInSeconds"],"lock"),safeExecute(async()=>{this.logger.debug("Acquiring lock",{storeName,resourceId,lockOwner});let response=await(await this.client()).lock.lock(storeName,resourceId,lockOwner,options.expiryInSeconds);return this.logger.debug("Lock acquisition result",{storeName,resourceId,lockOwner,success:response.success}),{success:response.success}},(message,details)=>createLockError(`Failed to acquire lock for resource ${resourceId}: ${message}`,details))}async unlock(storeName,resourceId,lockOwner){return validateRequired({storeName,resourceId,lockOwner},["storeName","resourceId","lockOwner"],"unlock"),safeExecute(async()=>{this.logger.debug("Releasing lock",{storeName,resourceId,lockOwner});let response=await(await this.client()).lock.unlock(storeName,resourceId,lockOwner);return this.logger.debug("Lock release result",{storeName,resourceId,lockOwner,status:this.getLockStatusName(response.status)}),{status:response.status}},(message,details)=>createLockError(`Failed to release lock for resource ${resourceId}: ${message}`,details))}getLockStatusName(status){switch(status){case 0:return"Success";case 1:return"LockDoesNotExist";case 2:return"LockBelongsToOthers";default:return"InternalError"}}}var init_lock_client=__esm(()=>{init_error_handling();init_utils3()});class DaprPubSubClient{client;logger;constructor(clientProvider,logger2){this.client=clientProvider,this.logger=logger2}async publish(topic,data,options={},pubsubName=DEFAULT_PUBSUB_NAME){return validateRequired({topic,data,pubsubName},["topic","data","pubsubName"],"pubsub publish"),safeExecute(async()=>{this.logger.debug("Publishing message to topic",{topic,pubsubName}),await(await this.client()).pubsub.publish(pubsubName,topic,data,{metadata:options.metadata,contentType:options.contentType}),this.logger.debug("Message published successfully",{topic,pubsubName})},(message,details)=>createPubSubError(`Failed to publish message to topic ${topic}: ${message}`,details))}async publishBulk(topic,messages,pubsubName=DEFAULT_PUBSUB_NAME){if(validateRequired({topic,messages,pubsubName},["topic","messages","pubsubName"],"pubsub publishBulk"),messages.length===0)return{failedEntries:[]};return safeExecute(async()=>{this.logger.debug("Publishing bulk messages to topic",{topic,pubsubName,messageCount:messages.length});let client=await this.client(),daprMessages=messages.map((msg)=>{if(typeof msg==="object"&&"event"in msg)return{entryID:msg.entryId,event:msg.event,contentType:msg.contentType,metadata:msg.metadata};return{event:msg}}),response=await client.pubsub.publishBulk(pubsubName,topic,daprMessages),failedCount=response.failedMessages?.length||0;if(failedCount>0)this.logger.warn("Some messages failed to publish",{topic,pubsubName,failedCount,totalCount:messages.length});else this.logger.debug("All bulk messages published successfully",{topic,pubsubName,messageCount:messages.length});return{failedEntries:(response.failedMessages||[]).map((failed)=>({entryId:failed.message.entryID||"",error:failed.error?.message||"Unknown error"}))}},(message,details)=>createPubSubError(`Failed to publish bulk messages to topic ${topic}: ${message}`,details))}createBulkPublishMessage(event,entryId,contentType,metadata){return{entryId,event,contentType,metadata}}}var init_pubsub_client=__esm(()=>{init_constants();init_error_handling();init_utils3()});class DaprSecretClient{client;logger;constructor(clientProvider,logger2){this.client=clientProvider,this.logger=logger2}async get(key,options={},storeName=DEFAULT_SECRET_STORE){return validateRequired({key,storeName},["key","storeName"],"secret get"),safeExecute(async()=>{this.logger.debug("Getting secret",{key,storeName});let client=await this.client(),metadataStr=options.metadata?JSON.stringify(options.metadata):void 0,result=await client.secret.get(storeName,key,metadataStr);return this.logger.debug("Secret retrieved",{key,storeName}),result},(message,details)=>createSecretError(`Failed to get secret ${key}: ${message}`,details))}async getBulk(_options={},storeName=DEFAULT_SECRET_STORE){return validateRequired({storeName},["storeName"],"secret getBulk"),safeExecute(async()=>{this.logger.debug("Getting all secrets",{storeName});let result=await(await this.client()).secret.getBulk(storeName);return this.logger.debug("All secrets retrieved",{storeName,secretCount:Object.keys(result).length}),result},(message,details)=>createSecretError(`Failed to get all secrets: ${message}`,details))}}var init_secret_client=__esm(()=>{init_constants();init_error_handling();init_utils3()});class DaprStateClient{client;logger;constructor(clientProvider,logger2){this.client=clientProvider,this.logger=logger2}async save(stateItems,options={},storeName=DEFAULT_STATE_STORE){if(validateRequired({stateItems,storeName},["stateItems","storeName"],"state save"),stateItems.length===0)return;return safeExecute(async()=>{this.logger.debug("Saving state items",{count:stateItems.length,storeName}),await(await this.client()).state.save(storeName,stateItems,options),this.logger.debug("State items saved successfully",{count:stateItems.length,storeName})},(message,details)=>createStateError(`Failed to save state items: ${message}`,details))}async get(key,storeName=DEFAULT_STATE_STORE){return validateRequired({key,storeName},["key","storeName"],"state get"),safeExecute(async()=>{this.logger.debug("Getting state item",{key,storeName});let result=await(await this.client()).state.get(storeName,key);if(this.logger.debug("State item retrieved",{key,storeName,found:result!==void 0}),result===void 0||result===null)return;if(typeof result==="string")try{return JSON.parse(result)}catch{return result}if(typeof result==="object")return result;return result},(message,details)=>createStateError(`Failed to get state item ${key}: ${message}`,details))}async getBulk(keys,storeName=DEFAULT_STATE_STORE){if(validateRequired({keys,storeName},["keys","storeName"],"state getBulk"),keys.length===0)return{};return safeExecute(async()=>{this.logger.debug("Getting bulk state items",{count:keys.length,storeName});let results=await(await this.client()).state.getBulk(storeName,keys),resultMap={};return results.forEach((item)=>{if(item.data!==void 0)resultMap[item.key]=item.data}),this.logger.debug("Bulk state items retrieved",{count:keys.length,found:Object.keys(resultMap).length,storeName}),resultMap},(message,details)=>createStateError(`Failed to get bulk state items: ${message}`,details))}async delete(key,etag,metadata,storeName=DEFAULT_STATE_STORE){return validateRequired({key,storeName},["key","storeName"],"state delete"),safeExecute(async()=>{this.logger.debug("Deleting state item",{key,storeName});let client=await this.client(),options={};if(etag)options.etag=etag;if(metadata)options.metadata=metadata;await client.state.delete(storeName,key,options),this.logger.debug("State item deleted",{key,storeName})},(message,details)=>createStateError(`Failed to delete state item ${key}: ${message}`,details))}async transaction(operations,storeName=DEFAULT_STATE_STORE){if(validateRequired({operations,storeName},["operations","storeName"],"state transaction"),operations.length===0)return;return safeExecute(async()=>{this.logger.debug("Executing state transaction",{operationCount:operations.length,storeName});let client=await this.client(),daprOperations=operations.map((op)=>({operation:op.operation,request:{key:op.request.key,value:op.request.value,etag:op.request.etag?{value:op.request.etag}:void 0,metadata:op.request.metadata}}));await client.state.transaction(storeName,daprOperations),this.logger.debug("State transaction executed successfully",{operationCount:operations.length,storeName})},(message,details)=>createStateError(`Failed to execute state transaction: ${message}`,details))}async query(query,storeName=DEFAULT_STATE_STORE){return validateRequired({query,storeName},["query","storeName"],"state query"),safeExecute(async()=>{this.logger.debug("Querying state store",{storeName});let result=await(await this.client()).state.query(storeName,query);return this.logger.debug("State query executed",{storeName,resultCount:result.results?.length||0}),(result.results||[]).map((item)=>item.data)},(message,details)=>createStateError(`Failed to query state store: ${message}`,details))}async saveItem(key,value,options={},storeName=DEFAULT_STATE_STORE){let stateItem={key,value};return this.save([stateItem],options,storeName)}async upsert(key,value,options={},storeName=DEFAULT_STATE_STORE){return this.saveItem(key,value,options,storeName)}}var init_state_client=__esm(()=>{init_constants();init_error_handling();init_utils3()});class DaprWorkflowClient{client;logger;constructor(clientProvider,logger2){this.client=clientProvider,this.logger=logger2}async start(workflowName,input,options={}){return validateRequired({workflowName},["workflowName"],"workflow start"),safeExecute(async()=>{this.logger.debug("Starting workflow",{workflowName,instanceId:options.instanceId||"auto-generated",workflowComponent:options.workflowComponent});let instanceId=await(await this.client()).workflow.start(workflowName,input,options.instanceId);return this.logger.debug("Workflow started",{workflowName,instanceId}),instanceId},(message,details)=>createWorkflowError(`Failed to start workflow ${workflowName}: ${message}`,details))}async get(instanceId){return validateRequired({instanceId},["instanceId"],"workflow get"),safeExecute(async()=>{this.logger.debug("Getting workflow instance",{instanceId});let instance=await(await this.client()).workflow.get(instanceId);return this.logger.debug("Workflow instance retrieved",{instanceId,workflowName:instance.workflowName,runtimeStatus:instance.runtimeStatus}),{instanceId:instance.instanceID,workflowName:instance.workflowName,createdAt:new Date(instance.createdAt),lastUpdatedAt:new Date(instance.lastUpdatedAt),runtimeStatus:instance.runtimeStatus,properties:instance.properties||{}}},(message,details)=>createWorkflowError(`Failed to get workflow instance ${instanceId}: ${message}`,details))}async terminate(instanceId){return validateRequired({instanceId},["instanceId"],"workflow terminate"),safeExecute(async()=>{this.logger.debug("Terminating workflow instance",{instanceId}),await(await this.client()).workflow.terminate(instanceId),this.logger.debug("Workflow instance terminated",{instanceId})},(message,details)=>createWorkflowError(`Failed to terminate workflow instance ${instanceId}: ${message}`,details))}async pause(instanceId){return validateRequired({instanceId},["instanceId"],"workflow pause"),safeExecute(async()=>{this.logger.debug("Pausing workflow instance",{instanceId}),await(await this.client()).workflow.pause(instanceId),this.logger.debug("Workflow instance paused",{instanceId})},(message,details)=>createWorkflowError(`Failed to pause workflow instance ${instanceId}: ${message}`,details))}async resume(instanceId){return validateRequired({instanceId},["instanceId"],"workflow resume"),safeExecute(async()=>{this.logger.debug("Resuming workflow instance",{instanceId}),await(await this.client()).workflow.resume(instanceId),this.logger.debug("Workflow instance resumed",{instanceId})},(message,details)=>createWorkflowError(`Failed to resume workflow instance ${instanceId}: ${message}`,details))}async purge(instanceId){return validateRequired({instanceId},["instanceId"],"workflow purge"),safeExecute(async()=>{this.logger.debug("Purging workflow instance",{instanceId}),await(await this.client()).workflow.purge(instanceId),this.logger.debug("Workflow instance purged",{instanceId})},(message,details)=>createWorkflowError(`Failed to purge workflow instance ${instanceId}: ${message}`,details))}async raiseEvent(instanceId,eventName,eventData){return validateRequired({instanceId,eventName},["instanceId","eventName"],"workflow raiseEvent"),safeExecute(async()=>{this.logger.debug("Raising event for workflow instance",{instanceId,eventName}),await(await this.client()).workflow.raise(instanceId,eventName,eventData),this.logger.debug("Event raised for workflow instance",{instanceId,eventName})},(message,details)=>createWorkflowError(`Failed to raise event ${eventName} for workflow instance ${instanceId}: ${message}`,details))}}var init_workflow_client=__esm(()=>{init_error_handling();init_utils3()});import{CommunicationProtocolEnum,DaprClient,HttpMethod as HttpMethod2,LogLevel}from"@dapr/dapr";class DaprConnectionManager{client=null;daprHost;daprPort;communicationProtocol;maxBodySizeMb;daprApiToken;logger;connectionStatus=CONNECTION_STATUS.DISCONNECTED;connectionPromise=null;constructor(options={}){this.daprHost=options.daprHost||process.env[ENV_DAPR_HOST]||DEFAULT_DAPR_HOST,this.daprPort=options.daprPort||process.env[ENV_DAPR_HTTP_PORT]||DEFAULT_DAPR_PORT,this.communicationProtocol=options.communicationProtocol||CommunicationProtocolEnum.HTTP,this.maxBodySizeMb=options.maxBodySizeMb||DEFAULT_MAX_BODY_SIZE_MB,this.daprApiToken=options.daprApiToken||process.env[ENV_DAPR_API_TOKEN],this.logger=options.logger||createDefaultLogger(),this.logger.info("DaprConnectionManager initialized",{daprHost:this.daprHost,daprPort:this.daprPort,communicationProtocol:this.communicationProtocol})}async getClient(){if(!this.client||this.connectionStatus!==CONNECTION_STATUS.CONNECTED)await this.connect();if(!this.client)throw createConnectionError("Not connected to Dapr sidecar");return this.client}async connect(){if(this.connectionPromise)return this.connectionPromise;if(this.client&&this.connectionStatus===CONNECTION_STATUS.CONNECTED)return Promise.resolve();this.connectionStatus=CONNECTION_STATUS.CONNECTING,this.connectionPromise=this.establishConnection();try{await this.connectionPromise,this.connectionStatus=CONNECTION_STATUS.CONNECTED}catch(error){throw this.connectionStatus=CONNECTION_STATUS.ERROR,error}finally{this.connectionPromise=null}}async establishConnection(){try{this.logger.info("Connecting to Dapr sidecar",{daprHost:this.daprHost,daprPort:this.daprPort,protocol:this.communicationProtocol});let useEndpointFromEnv=process.env[ENV_DAPR_HTTP_ENDPOINT]&&this.communicationProtocol===CommunicationProtocolEnum.HTTP||process.env[ENV_DAPR_GRPC_ENDPOINT]&&this.communicationProtocol===CommunicationProtocolEnum.GRPC,clientOptions={communicationProtocol:this.communicationProtocol,maxBodySizeMb:this.maxBodySizeMb,logger:{level:LogLevel.Warn}};if(!useEndpointFromEnv)clientOptions.daprHost=this.daprHost,clientOptions.daprPort=this.daprPort;if(this.daprApiToken)clientOptions.daprApiToken=this.daprApiToken;await withTimeout(async()=>{this.client=new DaprClient(clientOptions)},DEFAULT_CONNECTION_TIMEOUT_MS,"Connection to Dapr sidecar timed out"),await this.healthCheck(),this.logger.info("Successfully connected to Dapr sidecar")}catch(error){throw this.logger.error("Failed to connect to Dapr sidecar",error),this.client=null,createConnectionError(`Failed to connect to Dapr sidecar at ${this.daprHost}:${this.daprPort}`,error)}}async disconnect(){if(!this.client)return;try{this.logger.info("Disconnecting from Dapr sidecar"),this.client=null,this.connectionStatus=CONNECTION_STATUS.DISCONNECTED,this.logger.info("Disconnected from Dapr sidecar")}catch(error){throw this.logger.error("Error during disconnect",error),createConnectionError("Failed to disconnect from Dapr sidecar",error)}}isConnected(){return this.client!==null&&this.connectionStatus===CONNECTION_STATUS.CONNECTED}getConnectionStatus(){return this.connectionStatus}async healthCheck(){if(!this.client)throw createConnectionError("Not connected to Dapr sidecar");try{return await withTimeout(async()=>{if(!this.client)throw createConnectionError("Not connected to Dapr sidecar");let response=await this.client.invoker.invoke("healthz","healthz",HttpMethod2.GET);return{status:response.status===204?HEALTH_STATUS.HEALTHY:HEALTH_STATUS.UNHEALTHY,version:response.headers?.["dapr-version"]||"unknown"}},DEFAULT_HEALTH_CHECK_TIMEOUT_MS,"Health check timed out")}catch(error){return this.logger.error("Health check failed",error),{status:HEALTH_STATUS.UNHEALTHY,version:"unknown"}}}getClientConfig(){return{daprHost:this.daprHost,daprPort:this.daprPort,communicationProtocol:this.communicationProtocol,maxBodySizeMb:this.maxBodySizeMb,hasApiToken:!!this.daprApiToken,connectionStatus:this.connectionStatus}}}var init_connection_manager=__esm(()=>{init_constants();init_error_handling();init_utils3()});var init_types2=()=>{};class DaprManager{connectionManager;logger;_state;_pubsub;_binding;_secret;_config;_invoke;_lock;_crypto;_workflow;constructor(options={}){this.logger=options.logger||createDefaultLogger(),this.connectionManager=new DaprConnectionManager(options);let clientProvider=async()=>{return this.connectionManager.getClient()};this._state=new DaprStateClient(clientProvider,this.logger),this._pubsub=new DaprPubSubClient(clientProvider,this.logger),this._binding=new DaprBindingClient(clientProvider,this.logger),this._secret=new DaprSecretClient(clientProvider,this.logger),this._config=new DaprConfigClient(clientProvider,this.logger),this._invoke=new DaprInvokeClient(clientProvider,this.logger),this._lock=new DaprLockClient(clientProvider,this.logger),this._crypto=new DaprCryptoClient(clientProvider,this.logger),this._workflow=new DaprWorkflowClient(clientProvider,this.logger)}async connect(){await this.connectionManager.connect()}async disconnect(){await this.connectionManager.disconnect()}isConnected(){return this.connectionManager.isConnected()}getConnectionStatus(){return this.connectionManager.getConnectionStatus()}async healthCheck(){return this.connectionManager.healthCheck()}getClientConfig(){return this.connectionManager.getClientConfig()}get state(){return this._state}get pubsub(){return this._pubsub}get binding(){return this._binding}get secret(){return this._secret}get config(){return this._config}get invoke(){return this._invoke}get lock(){return this._lock}get crypto(){return this._crypto}get workflow(){return this._workflow}}var daprManager;var init_Dapr=__esm(()=>{init_binding_client();init_config_client();init_crypto_client();init_invoke_client();init_lock_client();init_pubsub_client();init_secret_client();init_state_client();init_workflow_client();init_connection_manager();init_utils3();init_binding_client();init_config_client();init_crypto_client();init_invoke_client();init_lock_client();init_pubsub_client();init_secret_client();init_state_client();init_workflow_client();init_constants();init_error_handling();init_types2();daprManager=new DaprManager});import Redis from"ioredis";class DirectRedisStore{client;constructor(client){this.client=client}async create(key,value,ttlSeconds){try{return{success:!0,data:ttlSeconds?await this.client.set(key,JSON.stringify(value),"EX",ttlSeconds):await this.client.set(key,JSON.stringify(value))}}catch(error){return{success:!1,error:error.message}}}async read(key){try{let raw=await this.client.get(key);return{success:!0,data:raw?JSON.parse(raw):null}}catch(error){return{success:!1,error:error.message}}}async update(key,value,preserveTtl=!0){try{return{success:!0,data:preserveTtl?await this.client.set(key,JSON.stringify(value),"KEEPTTL"):await this.client.set(key,JSON.stringify(value))}}catch(error){return{success:!1,error:error.message}}}async remove(key){try{return{success:!0,data:await this.client.del(key)}}catch(error){return{success:!1,error:error.message}}}async exists(key){try{return{success:!0,data:await this.client.exists(key)===1}}catch(error){return{success:!1,error:error.message}}}getClient(){return this.client}}class DaprRedisStore{storeName;dapr;constructor(storeName){this.storeName=storeName;this.dapr=new DaprManager}async create(key,value,ttlSeconds){try{let metadata=ttlSeconds?{ttlInSeconds:String(ttlSeconds)}:void 0;return await this.dapr.state.save([{key,value,metadata}],void 0,this.storeName),{success:!0,data:"OK"}}catch(error){return{success:!1,error:error.message}}}async read(key){try{return{success:!0,data:await this.dapr.state.get(key,this.storeName)??null}}catch(error){return{success:!1,error:error.message}}}async update(key,value,_preserveTtl=!0){try{return await this.dapr.state.save([{key,value}],void 0,this.storeName),{success:!0,data:"OK"}}catch(error){return{success:!1,error:error.message}}}async remove(key){try{return await this.dapr.state.delete(key,void 0,void 0,this.storeName),{success:!0,data:1}}catch(error){return{success:!1,error:error.message}}}async exists(key){try{let data=await this.dapr.state.get(key,this.storeName);return{success:!0,data:data!==void 0&&data!==null}}catch(error){return{success:!1,error:error.message}}}}class RedisManager{static instance=null;store;directClient=null;useDapr;constructor(config){if(RedisManager.instance){this.store=RedisManager.instance.store,this.directClient=RedisManager.instance.directClient,this.useDapr=RedisManager.instance.useDapr;return}if(!config)throw Error("Redis config must be provided for first initialization.");if(assertRedisConfig(config),this.useDapr=config.withDapr??!1,config.withDapr)this.store=new DaprRedisStore(config.stateStoreName??"statestore");else{let client=config.url?new Redis(config.url):new Redis({host:config.host,port:config.port,...config.password?{password:config.password}:{},...config.username?{username:config.username}:{},...config.tls?{tls:{}}:{}});this.directClient=client,this.store=new DirectRedisStore(client)}RedisManager.instance=this}async create(key,value,ttlSeconds){return this.store.create(key,value,ttlSeconds)}async read(key){return this.store.read(key)}async update(key,value,preserveTtl=!0){return this.store.update(key,value,preserveTtl)}async remove(key){return this.store.remove(key)}async exists(key){return this.store.exists(key)}async readCounters(keys){return(await Promise.all(keys.map((k)=>this.read(k)))).map((r)=>{let v=r.success?r.data:null,n=typeof v==="number"?v:Number.parseFloat(String(v??""));return Number.isFinite(n)?n:0})}async incrementCounter(key,delta,ttlSeconds){if(!this.useDapr&&this.directClient){let v=await this.directClient.incrbyfloat(key,delta);if(ttlSeconds&&ttlSeconds>0)try{await this.directClient.expire(key,ttlSeconds)}catch{}return Number(v)}let cur=await this.read(key),raw=cur.success?cur.data:null,base=typeof raw==="number"?raw:Number.parseFloat(String(raw??"")),next=(Number.isFinite(base)?base:0)+delta;return await this.create(key,next,ttlSeconds),next}getDirectClient(){return this.directClient}async reauthenticate(username,password){if(this.directClient)await this.directClient.auth(username,password)}async keys(pattern){if(this.useDapr||!this.directClient)return logger.scoped("database.redis").warn("keys() not supported in Dapr mode",{pattern}),[];try{return await this.directClient.keys(pattern)}catch(error){return logger.scoped("database.redis").error("keys() failed",error,{pattern}),[]}}async acquireLock(lockKey,ttlSeconds=10){if(this.useDapr||!this.directClient){let existsResult=await this.exists(lockKey);if(!existsResult.success)return{success:!1,error:existsResult.error};if(existsResult.data)return{success:!0,data:!1};if((await this.create(lockKey,"1",ttlSeconds)).success)return{success:!0,data:!0};return{success:!1,error:"Failed to acquire lock"}}try{return{success:!0,data:await this.directClient.set(lockKey,"1","EX",ttlSeconds,"NX")==="OK"}}catch(error){return{success:!1,error:error.message}}}async releaseLock(lockKey){return this.remove(lockKey)}async waitForLock(lockKey,timeoutMs=5000,pollIntervalMs=50){let startTime=Date.now();while(Date.now()-startTime<timeoutMs){let existsResult=await this.exists(lockKey);if(!existsResult.success)return{success:!1,error:existsResult.error};if(!existsResult.data)return{success:!0,data:!0};await new Promise((resolve)=>setTimeout(resolve,pollIntervalMs))}return{success:!0,data:!1}}async getOrWait(key,timeoutMs=5000,pollIntervalMs=50){let startTime=Date.now();while(Date.now()-startTime<timeoutMs){let readResult=await this.read(key);if(!readResult.success)return{success:!1,error:readResult.error};if(readResult.data!==null)return{success:!0,data:readResult.data};await new Promise((resolve)=>setTimeout(resolve,pollIntervalMs))}return{success:!0,data:null}}}var assertRedisConfig=(config)=>{if(!config)throw Error("Redis config must be provided.");if(config.withDapr){if(!config.stateStoreName)throw Error("Dapr mode requires stateStoreName.");return}let hasUrl=Boolean(config.url),hasHostPort=Boolean(config.host)&&typeof config.port==="number";if(!hasUrl&&!hasHostPort)throw Error("Redis config requires either url or host and port.")};var init_Redis=__esm(()=>{init_Logger2();init_Dapr()});var init_Delete=__esm(()=>{init_Redis()});var init_Generate3=__esm(()=>{init_Redis();init_JWT()});var init_Read=__esm(()=>{init_Redis();init_JWT();init_Delete()});var init_Validate2=__esm(()=>{init_Read()});var init_RefreshToken=__esm(()=>{init_Delete();init_Generate3();init_Read();init_Validate2()});var DEFAULT_EXPIRY_SECONDS=86400,buildSessionKey=(sessionId)=>`session:${sessionId}`,serializeSession=(record)=>JSON.stringify(record),deserializeSession=(data)=>{if(!data)return null;if(typeof data==="object")return data;try{return JSON.parse(data)}catch{return null}};var deleteSession=async(options)=>{let manager=new RedisManager,key=buildSessionKey(options.sessionId),removeResult=await manager.remove(key);return removeResult.success&&removeResult.data>0};var init_Delete2=__esm(()=>{init_Redis()});import crypto4 from"crypto";var generateSession=async(options)=>{let manager=new RedisManager,sessionId=options.sessionId??crypto4.randomUUID(),now=Date.now(),expiresIn=(options.expiresInSeconds??DEFAULT_EXPIRY_SECONDS)*1000,nowIso=new Date(now).toISOString(),record={id:sessionId,userId:options.userId,createdAt:nowIso,expiresAt:new Date(now+expiresIn).toISOString(),lastActiveAt:nowIso,clientMeta:options.clientMeta,fingerprintHash:options.fingerprintHash,deviceInfo:options.deviceInfo,refreshTokenHash:options.refreshTokenHash,loginMethod:options.loginMethod,rememberMe:options.rememberMe},ttlSeconds=options.expiresInSeconds??DEFAULT_EXPIRY_SECONDS,writeResult=await manager.create(buildSessionKey(sessionId),serializeSession(record),ttlSeconds);if(!writeResult.success)return{success:!1,error:writeResult.error};return{success:!0,session:record}};var init_Generate4=__esm(()=>{init_Redis()});var init_Issue=__esm(()=>{init_JWT();init_Generate3();init_Delete2();init_Generate4()});var init_Session=__esm(()=>{init_Issue()});var readSession=async(options)=>{let manager=new RedisManager,key=buildSessionKey(options.sessionId),readResult=await manager.read(key);if(!readResult.success||!readResult.data)return null;let record=deserializeSession(readResult.data);if(!record)return null;if(new Date(record.expiresAt).getTime()<=Date.now())return await deleteSession({sessionId:options.sessionId}),null;return record};var init_Read2=__esm(()=>{init_Redis();init_Delete2()});var updateSession=async(options)=>{let existing=await readSession({sessionId:options.sessionId});if(!existing)return{success:!1,error:"Session not found"};let updated={...existing,...options.updates,lastActiveAt:options.updates.lastActiveAt??new Date().toISOString()},manager=new RedisManager,remainingMs=new Date(updated.expiresAt).getTime()-Date.now(),remainingTtlSeconds=Math.max(60,Math.ceil(remainingMs/1000)),writeResult=await manager.create(buildSessionKey(options.sessionId),serializeSession(updated),remainingTtlSeconds);if(!writeResult.success)return{success:!1,error:writeResult.error};return{success:!0,session:updated}},updateLastActiveAt=async(sessionId)=>{return updateSession({sessionId,updates:{lastActiveAt:new Date().toISOString()}})};var init_Update=__esm(()=>{init_Redis();init_Read2()});var validateSession=async(options)=>{let jwtResult=verifyJWT(options.jwtToken,options.jwtSecret);if(!jwtResult.valid)return{isValid:!1,reason:jwtResult.error};let session=await readSession({sessionId:options.sessionId});if(!session)return{isValid:!1,reason:"Session not found"};let fingerprintValid;if(options.savedFingerprint&&options.headers&&options.requestIp){let sanitizedHeaders={};for(let[key,value]of Object.entries(options.headers))if(value!==void 0)sanitizedHeaders[key]=value;let fingerprintResult=validateDeviceFingerprint({savedFingerprint:options.savedFingerprint,headers:sanitizedHeaders,requestIp:options.requestIp});if(fingerprintValid=fingerprintResult.isValid,!fingerprintResult.isValid)return{isValid:!1,reason:fingerprintResult.reason??"Fingerprint mismatch"}}return{isValid:!0,context:{userId:session.userId,sessionId:session.id,fingerprintValid}}};var init_Validate3=__esm(()=>{init_Validate();init_JWT();init_Read2()});var exports_SessionStore={};__export(exports_SessionStore,{validateSession:()=>validateSession,updateSession:()=>updateSession,updateLastActiveAt:()=>updateLastActiveAt,readSession:()=>readSession,generateSession:()=>generateSession,deleteSession:()=>deleteSession});var init_SessionStore=__esm(()=>{init_Delete2();init_Generate4();init_Read2();init_Update();init_Validate3()});var init_Auth=__esm(()=>{init_Fingerprint();init_JWT();init_Password();init_RefreshToken();init_Session();init_SessionStore()});import{eq}from"drizzle-orm";function buildClaimAction(method,entity,field,relation,relationField,isBulk){let parts=[method.toLowerCase()];if(isBulk)parts.push("bulk");if(parts.push(entity),relation){if(parts.push("with"),parts.push(relation),relationField)parts.push(relationField)}else if(field)parts.push(field);return parts.join(".")}function buildClaimPath(entity,isBulk,hasId){if(isBulk)return`/${entity}/bulk`;if(hasId)return`/${entity}/:id`;return`/${entity}`}function generateEntityClaims(entity,config,schemaRelations){let claims=[],tableName=entity.table_name,excludedMethods=entity.excluded_methods||[];for(let method of HTTP_METHODS){if(excludedMethods.includes(method))continue;let needsId=method==="PUT"||method==="PATCH"||method==="DELETE";if(claims.push({action:buildClaimAction(method,tableName),description:`${method} access to ${tableName}`,path:buildClaimPath(tableName,!1,needsId&&method!=="DELETE"),method}),method==="GET"&&entity.columns){for(let column of entity.columns){if(config.skipColumns.includes(column.name))continue;claims.push({action:buildClaimAction(method,tableName,column.name),description:`${method} access to ${tableName}.${column.name}`,path:buildClaimPath(tableName),method})}let relationKey=`${tableName.replace(/_([a-z])/g,(_,l)=>l.toUpperCase())}Relations`;if(schemaRelations[relationKey]){let relationConfig=schemaRelations[relationKey];if(relationConfig?.config?.referencedTable?._?.name){let relationName=relationConfig.config.referencedTable._.name;claims.push({action:buildClaimAction(method,tableName,void 0,relationName),description:`${method} access to ${tableName} with ${relationName}`,path:buildClaimPath(tableName),method})}}}if(method==="POST"||method==="PUT"||method==="PATCH"){if(entity.columns)for(let column of entity.columns){if(config.skipColumns.includes(column.name))continue;claims.push({action:buildClaimAction(method,tableName,column.name),description:`${method} access to ${tableName}.${column.name}`,path:buildClaimPath(tableName,!1,method!=="POST"),method})}}}if(entity.bulk_endpoints_enabled===!0)for(let method of BULK_METHODS){if(excludedMethods.includes(method))continue;claims.push({action:buildClaimAction(method,tableName,void 0,void 0,void 0,!0),description:`Bulk ${method} access to ${tableName}`,path:buildClaimPath(tableName,!0),method})}return claims}async function seedClaims(db,schemaTables,schemaRelations,entities,config,logger2){let claimsTable=schemaTables.claims;if(!claimsTable)return logger2.warn("[Authorization] Claims table not found in schema"),{total:0,created:0,existing:0,claims:[]};let allClaims=[];for(let entity of entities){if(config.skipTables.includes(entity.table_name))continue;let entityClaims=generateEntityClaims(entity,config,schemaRelations);allClaims.push(...entityClaims)}let uniqueClaims=allClaims.filter((claim,index,self2)=>index===self2.findIndex((c)=>c.action===claim.action)),created=0,existing=0,claimActions=[];for(let claim of uniqueClaims)try{if((await db.select().from(claimsTable).where(eq(claimsTable.action,claim.action)).limit(1)).length===0)await db.insert(claimsTable).values(claim),created++,claimActions.push(claim.action),logger2.debug(`[Authorization] Created claim: ${claim.action}`);else existing++}catch(error){logger2.error(`[Authorization] Failed to create claim: ${claim.action}`,error)}return logger2.info(`[Authorization] Claims seeded: ${created} created, ${existing} existing, ${uniqueClaims.length} total`),{total:uniqueClaims.length,created,existing,claims:claimActions}}var HTTP_METHODS,BULK_METHODS;var init_ClaimSeeder=__esm(()=>{HTTP_METHODS=["GET","POST","PUT","PATCH","DELETE"],BULK_METHODS=["POST","PUT","DELETE"]});var exports_ClaimsCache={};__export(exports_ClaimsCache,{ClaimsCache:()=>ClaimsCache});import{eq as eq2}from"drizzle-orm";class ClaimsCache{prefix;redis;db;schemaTables;logger;constructor(config){this.prefix=config.prefix||DEFAULT_PREFIX,this.redis=config.redis,this.db=config.db,this.schemaTables=config.schemaTables,this.logger=config.logger}key(suffix){return`${this.prefix}:${suffix}`}async buildCache(){let rolesTable=this.schemaTables.roles,roleClaimsTable=this.schemaTables.roleClaims,claimsTable=this.schemaTables.claims;if(!rolesTable||!roleClaimsTable||!claimsTable)return this.logger.warn("[ClaimsCache] Required tables not found, skipping cache build"),{version:0,roleCount:0,totalMappings:0};let allRoles=await this.db.select().from(rolesTable),roleNames=[],totalMappings=0;for(let role of allRoles){let r=role,roleId=r.id,roleName=r.name;roleNames.push(roleName);let roleClaimRows=await this.db.select().from(roleClaimsTable).innerJoin(claimsTable,eq2(roleClaimsTable.claimId,claimsTable.id)).where(eq2(roleClaimsTable.roleId,roleId)),claimActions=[];for(let row of roleClaimRows){let action=row.claims?.action;if(action)claimActions.push(action)}await this.redis.set(this.key(`role:${roleName}`),JSON.stringify(claimActions)),totalMappings+=claimActions.length}await this.redis.set(this.key("roles"),JSON.stringify(roleNames));let versionStr=await this.redis.get(this.key("version")),newVersion=(parseInt(versionStr||"0",10)||0)+1;return await this.redis.set(this.key("version"),String(newVersion)),this.logger.info("[ClaimsCache] Cache built",{version:newVersion,roleCount:roleNames.length,totalMappings}),{version:newVersion,roleCount:roleNames.length,totalMappings}}async getVersion(){let v=await this.redis.get(this.key("version"));return parseInt(v||"0",10)||0}async resolveClaimsForRoles(roleNames){let allClaims=new Set;for(let roleName of roleNames){let cached=await this.redis.get(this.key(`role:${roleName}`));if(cached){let claims=JSON.parse(cached);for(let c of claims)allClaims.add(c)}}return Array.from(allClaims)}async invalidate(){return(await this.buildCache()).version}getPrefix(){return this.prefix}}var DEFAULT_PREFIX="nucleus:claims";var init_ClaimsCache=()=>{};var DEFAULT_AUTHORIZATION_CONFIG,AUTHORIZATION_TABLE_KEYS,GODMIN_ROLE_NAME="godmin";var init_types3=__esm(()=>{DEFAULT_AUTHORIZATION_CONFIG={enabled:!1,autoSeedClaims:!0,skipTables:["audit_logs"],skipColumns:["id","created_at","updated_at","is_active","password","version"],excludedPaths:[],publicPaths:["/auth/login","/auth/register"]},AUTHORIZATION_TABLE_KEYS={users:"users",roles:"roles",claims:"claims",userRoles:"userRoles",roleClaims:"roleClaims"}});var{password}=globalThis.Bun;import{and,eq as eq3}from"drizzle-orm";async function setupGodmin(db,schemaTables,config,logger2){if(!config.godminEmail||!config.godminPassword)return logger2.warn("[Authorization] Godmin email or password not configured, skipping godmin setup"),{success:!1};let{roles:rolesTable,users:usersTable,userRoles:userRolesTable}=schemaTables;if(!rolesTable||!usersTable||!userRolesTable)return logger2.error("[Authorization] Required tables not found for godmin setup"),{success:!1};try{let roleId,existingRole=await db.select().from(rolesTable).where(eq3(rolesTable.name,GODMIN_ROLE_NAME)).limit(1);if(existingRole.length===0){let[newRole]=await db.insert(rolesTable).values({name:GODMIN_ROLE_NAME,description:"God mode administrator - bypasses all authorization checks"}).returning();roleId=newRole.id,logger2.info(`[Authorization] Created godmin role: ${roleId}`)}else roleId=existingRole[0].id,logger2.debug(`[Authorization] Godmin role already exists: ${roleId}`);let userId,existingUser=await db.select().from(usersTable).where(eq3(usersTable.email,config.godminEmail)).limit(1);if(existingUser.length===0){let hashedPassword=await password.hash(config.godminPassword,{algorithm:"bcrypt",cost:10}),[newUser]=await db.insert(usersTable).values({email:config.godminEmail,password:hashedPassword,verifiedAt:new Date,isActive:!0,isGod:!0}).returning();userId=newUser.id,logger2.info(`[Authorization] Created godmin user: ${userId}`)}else{if(userId=existingUser[0].id,!existingUser[0].isGod)await db.update(usersTable).set({isGod:!0}).where(eq3(usersTable.id,userId)),logger2.info(`[Authorization] Marked existing godmin user as isGod=true: ${userId}`);logger2.debug(`[Authorization] Godmin user already exists: ${userId}`)}if(!((await db.select().from(userRolesTable).where(and(eq3(userRolesTable.userId,userId),eq3(userRolesTable.roleId,roleId))).limit(1)).length>0))await db.insert(userRolesTable).values({userId,roleId}),logger2.info(`[Authorization] Assigned godmin role to user: ${userId}`);return{success:!0,userId,roleId}}catch(error){return logger2.error("[Authorization] Failed to setup godmin",error),{success:!1}}}function isGodminRole(roleName){return roleName===GODMIN_ROLE_NAME}var init_GodminSetup=__esm(()=>{init_types3()});import{eq as eq4,inArray,sql}from"drizzle-orm";function isSelfReference(value){return value.startsWith(SELF_PREFIX)}function parseSelfReference(value){return{field:value.slice(SELF_PREFIX.length)}}function parseScopeWithSelf(scope){if(!scope)return{};let params=new URLSearchParams(scope),result={};for(let[key,value]of params.entries())if(isSelfReference(value))result[key]=parseSelfReference(value);else result[key]=value;return result}function resolveScopeWithSelf(parsedScope,userData,logger2){let resolved={},unresolved=[];for(let[key,value]of Object.entries(parsedScope))if(typeof value==="object"&&"field"in value){if(!userData){logger2.warn(`[Authorization] Cannot resolve self:${value.field} - userData not provided`),unresolved.push(key);continue}let lookup=lookupUserDataField(userData,value.field);if(!lookup.found){logger2.warn(`[Authorization] Cannot resolve self:${value.field} - field not found in userData`),unresolved.push(key);continue}resolved[key]=lookup.value,logger2.debug(`[Authorization] Resolved self:${value.field} -> ${String(lookup.value)}`)}else resolved[key]=value;return{resolved,unresolved}}function buildClaimPattern(method,entity,field,relation){let parts=[method.toLowerCase(),entity];if(relation)parts.push("with",relation);else if(field)parts.push(field);return parts.join(".")}function claimMatches(userClaim,requiredPattern,requireSpecificity=!1){if(userClaim===requiredPattern)return!0;let userParts=userClaim.split("."),requiredParts=requiredPattern.split(".");if(userParts.length>requiredParts.length)return!1;if(requireSpecificity&&userParts.length<2&&requiredParts.length>=2)return!1;for(let i=0;i<userParts.length;i++)if(userParts[i]!==requiredParts[i])return!1;return!0}async function checkAuthorization(params){let{userId,method,entity,requestedFields,requestedRelations,db,schemaTables,logger:logger2,getUserData}=params,reqSpec=params.requireClaimSpecificity??!1,userData=params.userData,ensureUserData=async()=>{if(userData!==void 0)return;if(getUserData)try{userData=await getUserData()}catch(err){logger2.warn("[Authorization] getUserData callback failed",{userId,error:err instanceof Error?err.message:String(err)})}},rolesTable=schemaTables[AUTHORIZATION_TABLE_KEYS.roles],userRolesTable=schemaTables[AUTHORIZATION_TABLE_KEYS.userRoles],roleClaimsTable=schemaTables[AUTHORIZATION_TABLE_KEYS.roleClaims],claimsTable=schemaTables[AUTHORIZATION_TABLE_KEYS.claims];if(!rolesTable||!userRolesTable||!roleClaimsTable||!claimsTable)return logger2.error("[Authorization] Required tables not found"),{authorized:!1,reason:"Authorization tables not configured"};try{let userRolesCols=userRolesTable,rolesCols=rolesTable,userRoles=await db.select({roleId:userRolesCols.roleId,roleName:rolesCols.name}).from(userRolesTable).innerJoin(rolesTable,eq4(userRolesCols.roleId,rolesCols.id)).where(eq4(userRolesCols.userId,userId));if(userRoles.length===0)return{authorized:!1,reason:"User has no roles assigned"};if(userRoles.some((ur)=>isGodminRole(ur.roleName)))return logger2.debug(`[Authorization] User ${userId} has godmin role, bypassing checks`),{authorized:!0};let roleIds=userRoles.map((ur)=>ur.roleId),roleClaimsCols=roleClaimsTable,claimsCols=claimsTable,roleClaims=await db.select({claimAction:claimsCols.action,scope:roleClaimsCols.scope}).from(roleClaimsTable).innerJoin(claimsTable,eq4(roleClaimsCols.claimId,claimsCols.id)).where(inArray(roleClaimsCols.roleId,roleIds));if(roleClaims.length===0)return{authorized:!1,reason:"User roles have no claims assigned"};let entityClaimPattern=buildClaimPattern(method,entity);if(!roleClaims.some((rc)=>claimMatches(rc.claimAction,entityClaimPattern,reqSpec)))return{authorized:!1,reason:`No access to ${method} ${entity}`};let allowedFields=[],allowedRelations=[],scopeFilters={},hasFullEntityClaim=!1,unresolvedSelf=[];if(roleClaims.some((rc)=>{let{claimAction:action,scope}=rc;return(action===entityClaimPattern||claimMatches(action,entityClaimPattern,reqSpec))&&!!scope&&scope.includes("self:")}))await ensureUserData();for(let rc of roleClaims)if(rc.claimAction===entityClaimPattern){hasFullEntityClaim=!0;let parsedScope=parseScopeWithSelf(rc.scope),{resolved,unresolved}=resolveScopeWithSelf(parsedScope,userData,logger2);Object.assign(scopeFilters,resolved),unresolvedSelf.push(...unresolved)}if(unresolvedSelf.length>0)return logger2.warn("[Authorization] Denying request: unresolvable self: scope (failing closed)",{userId,method,entity,unresolved:unresolvedSelf}),{authorized:!1,reason:"Ownership scope could not be resolved"};if(hasFullEntityClaim)return{authorized:!0,scopeFilters:Object.keys(scopeFilters).length>0?scopeFilters:void 0};if(requestedFields)for(let field of requestedFields){let fieldPattern=buildClaimPattern(method,entity,field);if(roleClaims.some((rc)=>claimMatches(rc.claimAction,fieldPattern,reqSpec)))allowedFields.push(field)}if(requestedRelations)for(let relation of requestedRelations){let relationPattern=buildClaimPattern(method,entity,void 0,relation);if(roleClaims.some((rc)=>claimMatches(rc.claimAction,relationPattern,reqSpec)))allowedRelations.push(relation)}for(let rc of roleClaims){let claimAction=rc.claimAction;if(!claimMatches(claimAction,entityClaimPattern,reqSpec))continue;let parsedScope=parseScopeWithSelf(rc.scope),{resolved,unresolved}=resolveScopeWithSelf(parsedScope,userData,logger2);Object.assign(scopeFilters,resolved),unresolvedSelf.push(...unresolved)}if(unresolvedSelf.length>0)return logger2.warn("[Authorization] Denying request: unresolvable self: scope (failing closed)",{userId,method,entity,unresolved:unresolvedSelf}),{authorized:!1,reason:"Ownership scope could not be resolved"};if(!(allowedFields.length>0||allowedRelations.length>0)&&(requestedFields?.length||requestedRelations?.length))return{authorized:!1,reason:"No access to requested fields or relations"};return{authorized:!0,allowedFields:allowedFields.length>0?allowedFields:void 0,allowedRelations:allowedRelations.length>0?allowedRelations:void 0,scopeFilters:Object.keys(scopeFilters).length>0?scopeFilters:void 0}}catch(error){return logger2.error("[Authorization] Check failed",error),{authorized:!1,reason:"Authorization check failed"}}}function checkAuthorizationFromJWT(params){let{userClaims,userRoles,method,entity,requestedFields,requestedRelations,logger:logger2}=params,reqSpec=params.requireClaimSpecificity??!1;if(userClaims.length===0&&userRoles.length===0)return{authorized:!1,reason:"No roles or claims in token"};if(userRoles.some((r)=>isGodminRole(r)))return logger2.debug("[Authorization:JWT] User has godmin role, bypassing checks"),{authorized:!0};let entityClaimPattern=buildClaimPattern(method,entity);if(userClaims.some((c)=>claimMatches(c,entityClaimPattern,reqSpec)))return{authorized:!0};let allowedFields=[],allowedRelations=[];if(requestedFields)for(let field of requestedFields){let fieldPattern=buildClaimPattern(method,entity,field);if(userClaims.some((c)=>claimMatches(c,fieldPattern,reqSpec)))allowedFields.push(field)}if(requestedRelations)for(let relation of requestedRelations){let relationPattern=buildClaimPattern(method,entity,void 0,relation);if(userClaims.some((c)=>claimMatches(c,relationPattern,reqSpec)))allowedRelations.push(relation)}if(!(allowedFields.length>0||allowedRelations.length>0))return{authorized:!1,reason:`No access to ${method} ${entity}`};return{authorized:!0,allowedFields:allowedFields.length>0?allowedFields:void 0,allowedRelations:allowedRelations.length>0?allowedRelations:void 0}}async function checkAuthorizationViaIDP(params){let{idpUrl,accessToken,method,entity,requestedFields,requestedRelations,logger:logger2}=params;try{let response=await fetch(`${idpUrl}/auth/check`,{method:"POST",headers:{"Content-Type":"application/json",Cookie:`access_token=${accessToken}`},body:JSON.stringify({entity,method,fields:requestedFields,relations:requestedRelations})});if(!response.ok)return logger2.warn(`[Authorization:IDP] IDP /auth/check returned ${response.status}`),{authorized:!1,reason:`IDP authorization check failed (${response.status})`};let payload=await response.json();return unwrapIdpCheckResponse(payload)}catch(error){let msg=error instanceof Error?error.message:String(error);return logger2.error(`[Authorization:IDP] Failed to reach IDP: ${msg}`),{authorized:!1,reason:"IDP authorization service unavailable"}}}function filterResponseFields(data,allowedFields){if(!allowedFields||allowedFields.length===0)return data;let fieldsToInclude=[...new Set([...["id"],...allowedFields])],filterSingle=(item)=>{let filtered={};for(let field of fieldsToInclude)if(field in item)filtered[field]=item[field];return filtered};if(Array.isArray(data))return data.map(filterSingle);return filterSingle(data)}function filterResponseRelations(data,allowedRelations){if(!allowedRelations)return data;let filterSingle=(item)=>{let filtered={...item};for(let key of Object.keys(filtered))if(typeof filtered[key]==="object"&&filtered[key]!==null&&!allowedRelations.includes(key))delete filtered[key];return filtered};if(Array.isArray(data))return data.map(filterSingle);return filterSingle(data)}function buildScopeConditions(scopeFilters,resolveColumn){let conditions=[],unresolvedFields=[];if(!scopeFilters)return{conditions,unresolvedFields};for(let[field,value]of Object.entries(scopeFilters)){let col=resolveColumn(field);if(col)conditions.push(eq4(col,value));else unresolvedFields.push(field),conditions.push(sql`1 = 0`)}return{conditions,unresolvedFields}}var SELF_PREFIX="self:",toCamelCase2=(value)=>value.replace(/_([a-z])/g,(_,c)=>c.toUpperCase()),toSnakeCase=(value)=>value.replace(/([A-Z])/g,(_,c)=>`_${c.toLowerCase()}`),lookupUserDataField=(userData,fieldName)=>{if(fieldName in userData)return{found:!0,value:userData[fieldName]};let camel=toCamelCase2(fieldName);if(camel!==fieldName&&camel in userData)return{found:!0,value:userData[camel]};let snake=toSnakeCase(fieldName);if(snake!==fieldName&&snake in userData)return{found:!0,value:userData[snake]};return{found:!1}},unwrapIdpCheckResponse=(payload)=>{if(!payload||typeof payload!=="object")return{authorized:!1,reason:"IDP returned malformed response"};let envelope=payload;if(envelope.data&&typeof envelope.data==="object"){let data=envelope.data;if(typeof data.authorized==="boolean")return data}let flat=payload;if(typeof flat.authorized==="boolean")return flat;return{authorized:!1,reason:"IDP returned unrecognised response shape"}};var init_Middleware=__esm(()=>{init_GodminSetup();init_types3()});var exports_SeedRunner={};__export(exports_SeedRunner,{runSeed:()=>runSeed,expandClaimPatterns:()=>expandClaimPatterns});import{and as and2,eq as eq5}from"drizzle-orm";function expandClaimPatterns(patterns,allActions){let out=new Set;for(let pattern of patterns)if(pattern.endsWith(".*")){let prefix=pattern.slice(0,-2);for(let action of allActions)if(action===prefix||action.startsWith(`${prefix}.`))out.add(action)}else out.add(pattern);return[...out]}async function runSeed(db,schemaTables,seedConfig,logger2){let{roles:rolesTable,claims:claimsTable,roleClaims:roleClaimsTable}=schemaTables,result={rolesCreated:0,rolesExisting:0,claimsCreated:0,claimsExisting:0,assignmentsCreated:0,assignmentsExisting:0,assignmentsUpdated:0};if(seedConfig.roles?.length&&rolesTable)for(let roleDef of seedConfig.roles)try{if((await db.select().from(rolesTable).where(eq5(rolesTable.name,roleDef.name)).limit(1)).length===0)await db.insert(rolesTable).values({name:roleDef.name,description:roleDef.description||""}),result.rolesCreated++,logger2.info(`[Seed] Created role: ${roleDef.name}`);else result.rolesExisting++}catch(error){logger2.error(`[Seed] Failed to seed role: ${roleDef.name}`,error)}if(seedConfig.claims?.length&&claimsTable)for(let claimDef of seedConfig.claims)try{let existing=await db.select().from(claimsTable).where(eq5(claimsTable.action,claimDef.action)).limit(1);if(existing.length===0)await db.insert(claimsTable).values({action:claimDef.action,path:claimDef.path,method:claimDef.method,description:claimDef.description||`${claimDef.method} ${claimDef.path}`,...claimDef.policy!==void 0?{policy:claimDef.policy}:{}}),result.claimsCreated++,logger2.info(`[Seed] Created claim: ${claimDef.action}`);else if(claimDef.policy!==void 0){let existingRow=existing[0],currentPolicy=JSON.stringify(existingRow.policy??null),desiredPolicy=JSON.stringify(claimDef.policy??null);if(currentPolicy!==desiredPolicy)await db.update(claimsTable).set({policy:claimDef.policy}).where(eq5(claimsTable.action,claimDef.action)),result.claimsExisting++,logger2.warn(`[Seed] Reconciled policy for claim: ${claimDef.action}`);else result.claimsExisting++}else result.claimsExisting++}catch(error){logger2.error(`[Seed] Failed to seed claim: ${claimDef.action}`,error)}if(seedConfig.roleClaimAssignments?.length&&rolesTable&&claimsTable&&roleClaimsTable){let allClaimActions=(await db.select().from(claimsTable)).map((c)=>String(c.action??""));for(let assignment of seedConfig.roleClaimAssignments){let role=(await db.select().from(rolesTable).where(eq5(rolesTable.name,assignment.role)).limit(1))[0];if(!role){logger2.warn(`[Seed] Role not found for assignment: ${assignment.role}`);continue}let roleId=role.id,resolvedActions=expandClaimPatterns(assignment.claims,allClaimActions);for(let pattern of assignment.claims)if(pattern.endsWith(".*")&&!resolvedActions.some((a)=>a.startsWith(pattern.slice(0,-1))))logger2.warn(`[Seed] No claim matched prefix pattern: ${pattern}`);for(let claimAction of resolvedActions)try{let claim=(await db.select().from(claimsTable).where(eq5(claimsTable.action,claimAction)).limit(1))[0];if(!claim){logger2.warn(`[Seed] Claim not found for assignment: ${claimAction}`);continue}let claimId=claim.id,existingAssignment=await db.select().from(roleClaimsTable).where(and2(eq5(roleClaimsTable.roleId,roleId),eq5(roleClaimsTable.claimId,claimId))).limit(1);if(existingAssignment.length===0)await db.insert(roleClaimsTable).values({roleId,claimId,scope:assignment.scope||null}),result.assignmentsCreated++;else{let existingRow=existingAssignment[0],desiredScope=assignment.scope||null,currentScope=existingRow.scope??null;if(currentScope!==desiredScope)await db.update(roleClaimsTable).set({scope:desiredScope}).where(and2(eq5(roleClaimsTable.roleId,roleId),eq5(roleClaimsTable.claimId,claimId))),result.assignmentsUpdated++,logger2.warn(`[Seed] Reconciled scope for ${assignment.role} -> ${claimAction}: ${JSON.stringify(currentScope)} => ${JSON.stringify(desiredScope)}`);else result.assignmentsExisting++}}catch(error){logger2.error(`[Seed] Failed to assign claim ${claimAction} to role ${assignment.role}`,error)}if(result.assignmentsCreated>0)logger2.info(`[Seed] Role "${assignment.role}": assigned ${result.assignmentsCreated} claims`)}}return result}var init_SeedRunner=()=>{};var init_Authorization=__esm(()=>{init_ClaimSeeder();init_ClaimsCache();init_GodminSetup();init_Middleware();init_SeedRunner();init_types3()});import{createCipheriv,createDecipheriv,randomBytes as randomBytes2,scryptSync}from"crypto";var MAGIC,IV_LEN=12,TAG_LEN=16,deriveKey=(secret)=>scryptSync(secret,"nucleus-backup-v1",32),encryptBackup=(plaintext,secret)=>{if(!secret)throw Error("backup encryption key is empty");let key=deriveKey(secret),iv=randomBytes2(IV_LEN),cipher=createCipheriv("aes-256-gcm",key,iv),ciphertext=Buffer.concat([cipher.update(plaintext,"utf-8"),cipher.final()]),tag=cipher.getAuthTag();return Buffer.concat([MAGIC,iv,tag,ciphertext])},isEncryptedBackup=(buf)=>buf.length>=MAGIC.length+IV_LEN+TAG_LEN&&buf.subarray(0,MAGIC.length).equals(MAGIC),decryptBackup=(blob,secret)=>{if(!secret)throw Error("backup encryption key is empty");if(!isEncryptedBackup(blob))throw Error("not an encrypted backup");let key=deriveKey(secret),iv=blob.subarray(MAGIC.length,MAGIC.length+IV_LEN),tag=blob.subarray(MAGIC.length+IV_LEN,MAGIC.length+IV_LEN+TAG_LEN),ciphertext=blob.subarray(MAGIC.length+IV_LEN+TAG_LEN),decipher=createDecipheriv("aes-256-gcm",key,iv);return decipher.setAuthTag(tag),Buffer.concat([decipher.update(ciphertext),decipher.final()]).toString("utf-8")};var init_encryption=__esm(()=>{MAGIC=Buffer.from("NXB1")});import{mkdir,readFile,stat,unlink,writeFile}from"fs/promises";import{join}from"path";import{eq as eq6,sql as sql2}from"drizzle-orm";class BackupService{db;logger;config;schemaTables;schemaName;backupLogsTable;cronTimer=null;schedulerActive=!1;constructor(serviceConfig){this.db=serviceConfig.db,this.logger=serviceConfig.logger,this.config=serviceConfig.config,this.schemaTables=serviceConfig.schemaTables,this.schemaName=serviceConfig.schemaName,this.backupLogsTable=serviceConfig.backupLogsTable}async createBackup(trigger="manual",performedBy,targetSchemaName,targetSchemaTables){let resolvedSchema=targetSchemaName||this.schemaName,resolvedTables=targetSchemaTables||this.schemaTables,now=new Date,backupId=crypto.randomUUID(),timestamp=now.toISOString().replace(/[:.]/g,"-"),backupName=`${resolvedSchema}_${timestamp}`,fileName=`${backupName}.json`,filePath=join(this.config.storagePath,fileName),logRecord={id:backupId,backupName,fileName,schemaName:resolvedSchema,format:this.config.format,status:"running",trigger,sizeBytes:null,tableCount:null,rowCount:null,includedTables:[],excludedTables:this.config.excludeTables,errorMessage:null,startedAt:now.toISOString(),completedAt:null,performedBy:performedBy||null,cronExpression:trigger==="scheduled"?this.config.schedule.cron:null,retentionDays:this.config.schedule.retentionDays};await this.insertLogRecord(logRecord);try{await mkdir(this.config.storagePath,{recursive:!0});let tableNames=this.getBackupTableNames(resolvedTables),backupData=[],totalRows=0;for(let tableName of tableNames){let table=resolvedTables[tableName];if(!table)continue;try{let rows=await this.db.select().from(table),columns=Object.keys(table).filter((k)=>!k.startsWith("_")&&typeof table[k]!=="function");backupData.push({tableName,columns,rows}),totalRows+=rows.length}catch(err){let msg=err instanceof Error?err.message:String(err);this.logger.warn(`[Backup] Failed to export table ${tableName}: ${msg}`)}}let backupFile={manifest:{version:"1.0",createdAt:now.toISOString(),schemaName:resolvedSchema,format:this.config.format,tables:backupData.map((t)=>({tableName:t.tableName,rowCount:t.rows.length,columns:t.columns})),totalRows},data:backupData},jsonContent=JSON.stringify(backupFile,null,2);if(this.config.encryptionKey)await writeFile(filePath,encryptBackup(jsonContent,this.config.encryptionKey));else await writeFile(filePath,jsonContent,"utf-8");let fileStats=await stat(filePath);return logRecord.status="completed",logRecord.completedAt=new Date().toISOString(),logRecord.tableCount=backupData.length,logRecord.rowCount=totalRows,logRecord.sizeBytes=fileStats.size,logRecord.includedTables=tableNames,await this.updateLogRecord(logRecord),this.logger.info("[Backup] Backup completed",{backupId,schemaName:resolvedSchema,tables:backupData.length,rows:totalRows,sizeBytes:fileStats.size}),await this.enforceMaxBackups(),logRecord}catch(err){let msg=err instanceof Error?err.message:String(err);return logRecord.status="failed",logRecord.errorMessage=msg,logRecord.completedAt=new Date().toISOString(),await this.updateLogRecord(logRecord),this.logger.error("[Backup] Backup failed",err,{backupId,schemaName:resolvedSchema}),logRecord}}async restoreFromBackup(backupId,performedBy,targetSchemaName,targetSchemaTables){if(!this.config.allowRestore)return{success:!1,message:"Restore is disabled in configuration"};let resolvedTables=targetSchemaTables||this.schemaTables,logRecord=await this.getLogRecord(backupId);if(!logRecord)return{success:!1,message:"Backup not found"};if(logRecord.status!=="completed")return{success:!1,message:`Cannot restore from backup with status: ${logRecord.status}`};let filePath=join(this.config.storagePath,logRecord.fileName);try{let raw=await readFile(filePath),content;if(isEncryptedBackup(raw)){if(!this.config.encryptionKey)return{success:!1,message:"Backup is encrypted but no encryption key is configured"};content=decryptBackup(raw,this.config.encryptionKey)}else content=raw.toString("utf-8");let backupFile=JSON.parse(content);await this.createBackup("pre_restore",performedBy,targetSchemaName,targetSchemaTables);let tablesRestored=0,rowsRestored=0;return await this.db.transaction(async(tx)=>{await tx.execute(sql2`SET CONSTRAINTS ALL DEFERRED`);for(let tableData of backupFile.data){let table=resolvedTables[tableData.tableName];if(!table){this.logger.warn(`[Backup] Skipping restore for ${tableData.tableName}: table not found in schema`);continue}if(tableData.rows.length===0)continue;await tx.delete(table);let chunkSize=500;for(let i=0;i<tableData.rows.length;i+=chunkSize){let chunk=tableData.rows.slice(i,i+chunkSize);await tx.insert(table).values(chunk)}tablesRestored++,rowsRestored+=tableData.rows.length}}),logRecord.status="restored",await this.updateLogRecord(logRecord),this.logger.info("[Backup] Restore completed",{backupId,tablesRestored,rowsRestored}),{success:!0,message:`Restored ${tablesRestored} tables with ${rowsRestored} rows`,tablesRestored,rowsRestored}}catch(err){let msg=err instanceof Error?err.message:String(err);return this.logger.error("[Backup] Restore failed",err,{backupId}),{success:!1,message:`Restore failed: ${msg}`}}}async listBackups(){if(!this.backupLogsTable)return[];return await this.db.select().from(this.backupLogsTable).orderBy(sql2`created_at DESC`).limit(100)}async getBackupFilePath(backupId){let record=await this.getLogRecord(backupId);if(!record)return null;return join(this.config.storagePath,record.fileName)}async deleteBackup(backupId){let record=await this.getLogRecord(backupId);if(!record)return!1;let filePath=join(this.config.storagePath,record.fileName);try{await unlink(filePath)}catch{}if(this.backupLogsTable)await this.db.delete(this.backupLogsTable).where(eq6(col(this.backupLogsTable,"id"),backupId));return!0}startScheduler(){if(!this.config.schedule.enabled||!this.config.schedule.cron)return;this.logger.info("[Backup] Scheduler started",{cron:this.config.schedule.cron,retentionDays:this.config.schedule.retentionDays}),this.schedulerActive=!0,this.scheduleNextRun()}scheduleNextRun(){if(!this.schedulerActive)return;let delayMs=this.getNextDelayMs(this.config.schedule.cron);this.logger.debug?.("[Backup] Next scheduled backup",{inMs:delayMs}),this.cronTimer=setTimeout(async()=>{try{this.logger.info("[Backup] Scheduled backup starting..."),await this.createBackup("scheduled"),await this.cleanupExpiredBackups()}catch(err){let msg=err instanceof Error?err.message:String(err);this.logger.error("[Backup] Scheduled backup failed",{error:msg})}finally{this.scheduleNextRun()}},delayMs)}stopScheduler(){if(this.schedulerActive=!1,this.cronTimer)clearTimeout(this.cronTimer),this.cronTimer=null,this.logger.info("[Backup] Scheduler stopped")}getBackupTableNames(tables){return Object.keys(tables).filter((name)=>{if(this.config.excludeTables.includes(name))return!1;let val=tables[name];if(!val||typeof val!=="object")return!1;return Object.getOwnPropertySymbols(val).length>0})}async insertLogRecord(record){if(!this.backupLogsTable)return;try{await this.db.insert(this.backupLogsTable).values({id:record.id,backupName:record.backupName,fileName:record.fileName,schemaName:record.schemaName,format:record.format,status:record.status,trigger:record.trigger,sizeBytes:record.sizeBytes,tableCount:record.tableCount,rowCount:record.rowCount,includedTables:JSON.stringify(record.includedTables),excludedTables:JSON.stringify(record.excludedTables),errorMessage:record.errorMessage,startedAt:record.startedAt?new Date(record.startedAt):null,completedAt:record.completedAt?new Date(record.completedAt):null,performedBy:record.performedBy,cronExpression:record.cronExpression,retentionDays:record.retentionDays,createdAt:new Date,updatedAt:new Date})}catch(err){let msg=err instanceof Error?err.message:String(err);this.logger.warn(`[Backup] Failed to insert backup log: ${msg}`)}}async updateLogRecord(record){if(!this.backupLogsTable)return;try{await this.db.update(this.backupLogsTable).set({status:record.status,sizeBytes:record.sizeBytes,tableCount:record.tableCount,rowCount:record.rowCount,includedTables:JSON.stringify(record.includedTables),errorMessage:record.errorMessage,completedAt:record.completedAt?new Date(record.completedAt):null,updatedAt:new Date}).where(eq6(col(this.backupLogsTable,"id"),record.id))}catch(err){let msg=err instanceof Error?err.message:String(err);this.logger.warn(`[Backup] Failed to update backup log: ${msg}`)}}async getLogRecord(backupId){if(!this.backupLogsTable)return null;return(await this.db.select().from(this.backupLogsTable).where(eq6(col(this.backupLogsTable,"id"),backupId)).limit(1))[0]||null}async enforceMaxBackups(){if(!this.backupLogsTable)return;let allBackups=await this.db.select().from(this.backupLogsTable).where(eq6(col(this.backupLogsTable,"status"),"completed")).orderBy(sql2`created_at DESC`);if(allBackups.length>this.config.maxBackups){let toDelete=allBackups.slice(this.config.maxBackups);for(let backup of toDelete){let b=backup;await this.deleteBackup(b.id)}this.logger.info("[Backup] Old backups cleaned up",{deleted:toDelete.length})}}async cleanupExpiredBackups(){if(!this.backupLogsTable||!this.config.schedule.retentionDays)return;let cutoff=new Date;cutoff.setDate(cutoff.getDate()-this.config.schedule.retentionDays);let{lt}=await import("drizzle-orm"),expired=await this.db.select().from(this.backupLogsTable).where(lt(col(this.backupLogsTable,"createdAt"),cutoff));for(let backup of expired){let b=backup;await this.deleteBackup(b.id)}if(expired.length>0)this.logger.info("[Backup] Expired backups cleaned up",{deleted:expired.length,retentionDays:this.config.schedule.retentionDays})}getNextDelayMs(cron){let parts=cron.trim().split(/\s+/);if(parts.length!==5)return 86400000;let[min,hour]=parts;if(hour?.startsWith("*/")){let h2=Number.parseInt(hour.slice(2),10);return Number.isFinite(h2)&&h2>0?h2*60*60*1000:86400000}if(min?.startsWith("*/")){let m2=Number.parseInt(min.slice(2),10);return Number.isFinite(m2)&&m2>0?m2*60*1000:3600000}let m=Number.parseInt(min??"",10),h=Number.parseInt(hour??"",10);if(Number.isFinite(m)&&m>=0&&m<60&&Number.isFinite(h)&&h>=0&&h<24){let now=new Date,next=new Date(now);if(next.setHours(h,m,0,0),next.getTime()<=now.getTime())next.setDate(next.getDate()+1);return next.getTime()-now.getTime()}return 86400000}}var col=(table,name)=>table[name];var init_BackupService=__esm(()=>{init_encryption()});var init_Backup=__esm(()=>{init_BackupService()});function parseTimeToSeconds(time){let match=time.match(/^(\d+)(s|m|h|d)$/);if(!match||!match[1]||!match[2])return 300;let value=Number.parseInt(match[1],10);switch(match[2]){case"s":return value;case"m":return value*60;case"h":return value*3600;case"d":return value*86400;default:return 300}}function generateSecureId(){let bytes=new Uint8Array(24);return crypto.getRandomValues(bytes),Array.from(bytes).map((b)=>b.toString(16).padStart(2,"0")).join("")}function hashAnswer(answer){let hasher=new Bun.CryptoHasher("sha256");return hasher.update(answer),hasher.digest("hex")}function timingSafeEqual(a,b){if(a.length!==b.length){let dummy=new Uint8Array(32);return crypto.getRandomValues(dummy),!1}let encoder=new TextEncoder,bufA=encoder.encode(a),bufB=encoder.encode(b),result=0;for(let i=0;i<bufA.length;i++)result|=(bufA[i]??0)^(bufB[i]??0);return result===0}function getSecureRandomInt(min,max){let range=max-min+1,bytesNeeded=Math.ceil(Math.log2(range)/8)||1,maxValue=256**bytesNeeded,limit=maxValue-maxValue%range,randomValue,bytes=new Uint8Array(bytesNeeded);do crypto.getRandomValues(bytes),randomValue=bytes.reduce((acc,byte,i)=>acc+byte*256**i,0);while(randomValue>=limit);return min+randomValue%range}function generateMathChallenge(difficulty){let config=DIFFICULTY_CONFIG[difficulty],{min,max}=config.mathRange,operations=["+","-","\xD7"],operation=operations[getSecureRandomInt(0,operations.length-1)],num1=getSecureRandomInt(min,max),num2=getSecureRandomInt(min,max),answer;switch(operation){case"+":answer=num1+num2;break;case"-":if(num1<num2)[num1,num2]=[num2,num1];answer=num1-num2;break;case"\xD7":num1=getSecureRandomInt(1,12),num2=getSecureRandomInt(1,12),answer=num1*num2;break;default:answer=num1+num2}return{question:`${num1} ${operation} ${num2} = ?`,answer:answer.toString()}}function generateTextChallenge(difficulty){let config=DIFFICULTY_CONFIG[difficulty],text="";for(let i=0;i<config.textLength;i++)text+="ABCDEFGHJKLMNPQRSTUVWXYZ23456789".charAt(getSecureRandomInt(0,31));return{question:text,answer:text}}function generateImageChallenge(difficulty){let textChallenge=generateTextChallenge(difficulty),width=200,height=60,svgContent=generateCaptchaSVG(textChallenge.answer,200,60),imageData=`data:image/svg+xml;base64,${Buffer.from(svgContent).toString("base64")}`;return{question:"Enter the text shown in the image",answer:textChallenge.answer,imageData}}function getSecureFloat(){let bytes=new Uint32Array(1);return crypto.getRandomValues(bytes),(bytes[0]??0)/4294967295}function generateCaptchaSVG(text,width,height){let bgR=240+getSecureFloat()*15,bgG=240+getSecureFloat()*15,bgB=240+getSecureFloat()*15,bgColor=`rgb(${bgR}, ${bgG}, ${bgB})`,noiseLines="";for(let i=0;i<12;i++){let x1=getSecureFloat()*width,y1=getSecureFloat()*height,x2=getSecureFloat()*width,y2=getSecureFloat()*height,r=getSecureFloat()*100+100,g=getSecureFloat()*100+100,b=getSecureFloat()*100+100,strokeWidth=1+getSecureFloat()*2;noiseLines+=`<line x1="${x1}" y1="${y1}" x2="${x2}" y2="${y2}" stroke="rgb(${r},${g},${b})" stroke-width="${strokeWidth}"/>`}let noiseCurves="";for(let i=0;i<4;i++){let startX2=getSecureFloat()*width,startY=getSecureFloat()*height,cp1X=getSecureFloat()*width,cp1Y=getSecureFloat()*height,cp2X=getSecureFloat()*width,cp2Y=getSecureFloat()*height,endX=getSecureFloat()*width,endY=getSecureFloat()*height,r=getSecureFloat()*80+80,g=getSecureFloat()*80+80,b=getSecureFloat()*80+80;noiseCurves+=`<path d="M${startX2},${startY} C${cp1X},${cp1Y} ${cp2X},${cp2Y} ${endX},${endY}" stroke="rgb(${r},${g},${b})" stroke-width="2" fill="none"/>`}let noiseDots="";for(let i=0;i<80;i++){let x=getSecureFloat()*width,y=getSecureFloat()*height,r=getSecureFloat()*150+50,g=getSecureFloat()*150+50,b=getSecureFloat()*150+50,radius=getSecureFloat()*3+1;noiseDots+=`<circle cx="${x}" cy="${y}" r="${radius}" fill="rgb(${r},${g},${b})"/>`}let textElements="",charWidth=width/(text.length+2),startX=charWidth;for(let i=0;i<text.length;i++){let x=startX+i*charWidth+(getSecureFloat()-0.5)*15,y=height/2+8+(getSecureFloat()-0.5)*12,rotation=(getSecureFloat()-0.5)*40,fontSize=22+getSecureFloat()*10,r=getSecureFloat()*80,g=getSecureFloat()*80,b=getSecureFloat()*80,skewX=(getSecureFloat()-0.5)*15,scaleY=0.9+getSecureFloat()*0.3;textElements+=`<text x="${x}" y="${y}" font-family="Arial, Helvetica, sans-serif" font-size="${fontSize}" font-weight="bold" fill="rgb(${r},${g},${b})" transform="rotate(${rotation}, ${x}, ${y}) skewX(${skewX}) scale(1, ${scaleY})" style="font-style: ${getSecureFloat()>0.5?"italic":"normal"}">${text[i]}</text>`}let overlayLines="";for(let i=0;i<3;i++){let y=10+getSecureFloat()*(height-20),r=getSecureFloat()*60+60,g=getSecureFloat()*60+60,b=getSecureFloat()*60+60;overlayLines+=`<line x1="0" y1="${y}" x2="${width}" y2="${y+(getSecureFloat()-0.5)*20}" stroke="rgb(${r},${g},${b})" stroke-width="1.5"/>`}return`<svg xmlns="http://www.w3.org/2000/svg" width="${width}" height="${height}" viewBox="0 0 ${width} ${height}">
|
|
17
|
+
`).slice(1,4);for(let stackLine of stackLines)method(` ${dim}${stackLine.trim()}${reset}`)}}}getConsoleMethod(level){switch(level){case"debug":return console.debug.bind(console);case"info":return console.info.bind(console);case"warn":return console.warn.bind(console);case"error":case"fatal":return console.error.bind(console);default:return console.log.bind(console)}}}class DatabaseAuditTransport{name="database";db;table;enabled;dedupEnabled;dedupWindowMs;dedupSlots=new Map;lastSweep=0;constructor(options){this.db=options.db,this.table=options.table,this.enabled=options.enabled??!0,this.dedupEnabled=options.dedup?.enabled??!1,this.dedupWindowMs=Math.max(1,options.dedup?.windowSeconds??60)*1000}setDb(db){this.db=db}setTable(table){this.table=table}setEnabled(enabled){this.enabled=enabled}setDedup(dedup){if(this.dedupEnabled=dedup.enabled??this.dedupEnabled,dedup.windowSeconds!=null)this.dedupWindowMs=Math.max(1,dedup.windowSeconds)*1000}isDedupable(entry){return this.dedupEnabled&&(entry.category==="auth"||entry.category==="authz"||entry.category==="security_anomaly")}sweep(now){if(now-this.lastSweep<this.dedupWindowMs)return;this.lastSweep=now;for(let[key,slot]of this.dedupSlots)if(slot.expiresAt<=now)this.dedupSlots.delete(key)}async write(entry){if(!this.enabled||!this.db||!this.table)return;try{let now=Date.now();if(this.isDedupable(entry)){this.sweep(now);let key=`${entry.ipAddress}|${entry.operation}|${entry.summary}|${entry.userId??""}`,slot=this.dedupSlots.get(key);if(slot&&slot.expiresAt>now){slot.count+=1,await this.bumpOccurrence(slot.rowId,slot.count,now);return}this.dedupSlots.set(key,{rowId:entry.id,count:1,expiresAt:now+this.dedupWindowMs})}await this.db.insert(this.table).values({id:entry.id,entityId:entry.entityId,entityName:entry.entityName,operationType:entry.operation,userId:entry.userId,ipAddress:entry.ipAddress,userAgent:entry.userAgent,summary:entry.summary,severity:entry.severity,category:entry.category,occurrenceCount:1,oldValues:entry.oldValues,newValues:entry.newValues,path:entry.path,query:entry.query})}catch(error){console.error("Audit log write failed:",error)}}async bumpOccurrence(rowId,count,nowMs){try{let{eq}=await import("drizzle-orm"),idCol=this.table.id;await this.db.update(this.table).set({occurrenceCount:count,lastOccurrenceAt:new Date(nowMs)}).where(eq(idCol,rowId))}catch(error){console.error("Audit dedup update failed:",error)}}}class ConsoleAuditTransport{name="console-audit";enabled;constructor(options={}){this.enabled=options.enabled??!0}write(entry){if(!this.enabled)return;let reset=RESET_COLOR,dim=DIM_COLOR,color={info:"\x1B[35m",low:"\x1B[90m",medium:"\x1B[33m",high:"\x1B[31m",critical:"\x1B[1m\x1B[31m"}[entry.severity]??"\x1B[35m",sev=entry.severity.toUpperCase(),actor=entry.userId||"anonymous",cat=entry.category;console.log(`${dim}${entry.timestamp}${reset} ${color}AUDIT\xB7${sev}${reset} ${dim}(${cat})${reset} [${entry.operation}] ${entry.entityName}${entry.entityId?`:${entry.entityId}`:""} ${dim}by ${actor}${reset}${entry.summary?` ${dim}\u2014${reset} ${entry.summary}`:""}`)}}var init_transports=__esm(()=>{init_types();init_utils()});import{randomUUID}from"crypto";class Logger{config;transports;auditTransports;context;correlationId;static instance=null;constructor(config={},context={},correlationId){this.config={...DEFAULT_CONFIG,...config},this.config.redactKeys=[...new Set([...DEFAULT_REDACT_KEYS,...config.redactKeys||[]])],this.context=context,this.correlationId=correlationId,this.transports=[new ConsoleTransport({colorize:this.config.colorize,prettyPrint:this.config.prettyPrint})],this.auditTransports=[new ConsoleAuditTransport({enabled:this.config.prettyPrint})]}static getInstance(config){if(!Logger.instance)Logger.instance=new Logger(config);return Logger.instance}static resetInstance(){Logger.instance=null}configure(config){return this.config={...this.config,...config},this.config.redactKeys=[...new Set([...DEFAULT_REDACT_KEYS,...config.redactKeys||this.config.redactKeys||[]])],this.transports=[new ConsoleTransport({colorize:this.config.colorize,prettyPrint:this.config.prettyPrint}),...this.transports.filter((t)=>t.name!=="console")],this}child(context,correlationId){let childLogger=new Logger(this.config,mergeContext(this.context,context)||{},correlationId||this.correlationId);return childLogger.transports=this.transports,childLogger.auditTransports=this.auditTransports,childLogger}withCorrelationId(correlationId){return this.child({},correlationId)}addTransport(transport){this.transports.push(transport)}addAuditTransport(transport){this.auditTransports.push(transport)}setLevel(level){this.config.level=level}setAuditEnabled(enabled){this.config.auditEnabled=enabled}isAuditEnabled(){return this.config.auditEnabled}setAuditSuppressReasons(reasons){this.config.auditSuppressReasons=reasons}setAuditMinSeverity(severity){this.config.auditMinSeverity=severity}shouldLog(level){return LOG_LEVEL_PRIORITY[level]>=LOG_LEVEL_PRIORITY[this.config.level]}shouldLogScope(scope){if(!scope)return!0;return matchesScope(scope,this.config.enabledScopes)}setEnabledScopes(scopes){this.config.enabledScopes=scopes}getEnabledScopes(){return this.config.enabledScopes}scoped(scope){return new ScopedLogger(this,scope)}createEntry(level,message,context,error,startTime,scope){let entry={timestamp:new Date().toISOString(),level,message,scope,service:this.config.service,correlationId:this.correlationId},mergedContext=mergeContext(this.context,context);if(mergedContext&&Object.keys(mergedContext).length>0)entry.context=redactSensitiveData(mergedContext,this.config.redactKeys);if(this.config.includeCallerInfo)entry.caller=getCallerInfo();if(error)entry.error=formatError(error);if(startTime!==void 0)entry.duration=performance.now()-startTime;return entry}log(level,message,context,error,startTime,scope){if(!this.shouldLog(level))return;if(!this.shouldLogScope(scope))return;let entry=this.createEntry(level,message,context,error,startTime,scope);for(let transport of this.transports)try{transport.log(entry)}catch(err){console.error(`Logger transport "${transport.name}" failed:`,err)}}debug(message,context){this.log("debug",message,context)}info(message,context){this.log("info",message,context)}warn(message,context){this.log("warn",message,context)}error(message,error,context){this.log("error",message,context,error)}fatal(message,error,context){this.log("fatal",message,context,error)}time(label){let start=performance.now();return()=>{this.log("debug",`${label} completed`,void 0,void 0,start)}}async timeAsync(label,fn,context){let start=performance.now();try{let result=await fn();return this.log("debug",`${label} completed`,context,void 0,start),result}catch(error){throw this.log("error",`${label} failed`,context,error,start),error}}request(options){let level=options.statusCode>=500?"error":options.statusCode>=400?"warn":"info";this.log(level,`${options.method} ${options.path} ${options.statusCode}`,{method:options.method,path:options.path,statusCode:options.statusCode,durationMs:options.duration,correlationId:options.correlationId,userId:options.userId,ip:options.ip,userAgent:options.userAgent})}db(options){let level=options.error?"error":"debug";this.log(level,`DB ${options.operation} on ${options.table}`,{operation:options.operation,table:options.table,durationMs:options.duration,rowCount:options.rowCount},options.error)}async flush(){for(let transport of this.transports)if(transport.flush)await transport.flush()}async audit(options){let summary=options.summary||`${options.operation} on ${options.entityName}`;if(this.config.auditSuppressReasons?.includes(summary))return;let derived=classifyAudit(options.operation,summary),severity=options.severity??derived.severity,category=options.category??derived.category;if(severityRank(severity)<severityRank(this.config.auditMinSeverity))return;let entry={id:randomUUID(),timestamp:new Date().toISOString(),entityName:options.entityName,entityId:options.entityId??null,operation:options.operation,userId:options.userId??null,summary,severity,category,oldValues:redactSensitiveData(options.oldValues||{}),newValues:redactSensitiveData(options.newValues||{}),ipAddress:options.ipAddress||"unknown",userAgent:options.userAgent||"unknown",path:options.path||"",query:options.query||"",correlationId:this.correlationId};for(let transport of this.auditTransports)try{await transport.write(entry)}catch(err){console.error(`Audit transport "${transport.name}" failed:`,err)}}auditOnly(options){this.audit(options)}async trace(options){let shouldLog=options.log!==!1,shouldAudit=options.writeAudit===!0||options.writeAudit!==!1&&this.config.auditEnabled&&options.audit;if(shouldLog)this.log(options.level||"info",options.message,options.context,options.error);if(shouldAudit&&options.audit)await this.audit(options.audit)}traceSync(options){let shouldLog=options.log!==!1,shouldAudit=options.writeAudit===!0||options.writeAudit!==!1&&this.config.auditEnabled&&options.audit;if(shouldLog)this.log(options.level||"info",options.message,options.context,options.error);if(shouldAudit&&options.audit)this.audit(options.audit)}}class ScopedLogger{parent;scope;constructor(parent,scope){this.parent=parent,this.scope=scope}debug(message,context){this.parent.log("debug",message,context,void 0,void 0,this.scope)}info(message,context){this.parent.log("info",message,context,void 0,void 0,this.scope)}warn(message,context){this.parent.log("warn",message,context,void 0,void 0,this.scope)}error(message,error,context){this.parent.log("error",message,context,error,void 0,this.scope)}}var DEFAULT_CONFIG,logger;var init_Logger=__esm(()=>{init_auditTaxonomy();init_scopes();init_transports();init_types();init_utils();DEFAULT_CONFIG={level:"info",service:"nucleus",environment:"development",redactKeys:[],colorize:!0,prettyPrint:!0,includeCallerInfo:!0,asyncBufferSize:100,flushIntervalMs:1000,auditEnabled:!1,auditSuppressReasons:DEFAULT_AUDIT_SUPPRESS_REASONS,auditMinSeverity:"info",enabledScopes:["*"]};logger=Logger.getInstance()});var require_fast_decode_uri_component=__commonJS((exports,module)=>{var UTF8_ACCEPT=12,UTF8_REJECT=0,UTF8_DATA=[0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,4,4,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,6,7,7,7,7,7,7,7,7,7,7,7,7,8,7,7,10,9,9,9,11,4,4,4,4,4,4,4,4,4,4,4,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,24,36,48,60,72,84,96,0,12,12,12,0,0,0,0,0,0,0,0,0,0,0,24,0,0,0,0,0,0,0,0,0,24,24,24,0,0,0,0,0,0,0,0,0,24,24,0,0,0,0,0,0,0,0,0,0,48,48,48,0,0,0,0,0,0,0,0,0,0,48,48,0,0,0,0,0,0,0,0,0,48,0,0,0,0,0,0,0,0,0,0,127,63,63,63,0,31,15,15,15,7,7,7];function decodeURIComponent2(uri){var percentPosition=uri.indexOf("%");if(percentPosition===-1)return uri;var length=uri.length,decoded="",last=0,codepoint=0,startOfOctets=percentPosition,state=UTF8_ACCEPT;while(percentPosition>-1&&percentPosition<length){var high=hexCodeToInt(uri[percentPosition+1],4),low=hexCodeToInt(uri[percentPosition+2],0),byte=high|low,type=UTF8_DATA[byte];if(state=UTF8_DATA[256+state+type],codepoint=codepoint<<6|byte&UTF8_DATA[364+type],state===UTF8_ACCEPT)decoded+=uri.slice(last,startOfOctets),decoded+=codepoint<=65535?String.fromCharCode(codepoint):String.fromCharCode(55232+(codepoint>>10),56320+(codepoint&1023)),codepoint=0,last=percentPosition+3,percentPosition=startOfOctets=uri.indexOf("%",last);else if(state===UTF8_REJECT)return null;else{if(percentPosition+=3,percentPosition<length&&uri.charCodeAt(percentPosition)===37)continue;return null}}return decoded+uri.slice(last)}var HEX={"0":0,"1":1,"2":2,"3":3,"4":4,"5":5,"6":6,"7":7,"8":8,"9":9,a:10,A:10,b:11,B:11,c:12,C:12,d:13,D:13,e:14,E:14,f:15,F:15};function hexCodeToInt(c,shift){var i=HEX[c];return i===void 0?255:i<<shift}module.exports=decodeURIComponent2});import{createHash,randomBytes}from"crypto";var API_KEY_BYTE_LENGTH=32,HASH_ALGORITHM="sha256",generateApiKey=(prefix="nk_live")=>{let randomPart=randomBytes(API_KEY_BYTE_LENGTH).toString("hex"),rawKey=`${prefix}_${randomPart}`,keyHash=hashApiKey(rawKey),keyPreview=`${prefix}_...${randomPart.slice(-4)}`;return{rawKey,keyHash,keyPreview}},hashApiKey=(rawKey)=>{return createHash(HASH_ALGORITHM).update(rawKey).digest("hex")},validateApiKeyFormat=(rawKey)=>{return/^nk_(live|test)_[a-f0-9]{64}$/.test(rawKey)},extractApiKeyFromHeader=(headers)=>{let apiKeyHeader=headers.get("x-api-key");if(apiKeyHeader&&validateApiKeyFormat(apiKeyHeader))return apiKeyHeader;let authHeader=headers.get("authorization");if(authHeader){let bearerMatch=authHeader.match(/^Bearer\s+(nk_(?:live|test)_[a-f0-9]{64})$/);if(bearerMatch?.[1])return bearerMatch[1]}return null},validateApiKeyRecord=(record)=>{if(!record.isActive)return{valid:!1,reason:"API key is inactive"};if(record.revokedAt)return{valid:!1,reason:"API key has been revoked"};if(record.expiresAt&&new Date(record.expiresAt)<new Date)return{valid:!1,reason:"API key has expired"};return{valid:!0,record}},intersectPermissions=(userPermissions,keyPermissions)=>{let userSet=new Set(userPermissions);return keyPermissions.filter((p)=>userSet.has(p))};var init_ApiKey=()=>{};var normalize=(value)=>{return value?.trim().toLowerCase()||"unknown"},extractHeaderValue=(headers,key)=>{return headers[key.toLowerCase()]??headers[key]};import crypto2 from"crypto";var generateDeviceFingerprint=(input)=>{let payload=JSON.stringify({userAgent:normalize(input.userAgent),extra:input.extra??{}});return{hash:crypto2.createHash("sha256").update(payload).digest("base64url"),components:input}};var init_Generate=()=>{};var validateDeviceFingerprint=({savedFingerprint,requestIp,headers})=>{let userAgent=extractHeaderValue(headers,"user-agent"),forwardedFor=extractHeaderValue(headers,"x-forwarded-for")??requestIp??void 0,currentFingerprint=generateDeviceFingerprint({userAgent,ipAddress:forwardedFor}),componentMismatch=[{field:"userAgent",saved:savedFingerprint.components.userAgent,received:userAgent},{field:"ipAddress",saved:savedFingerprint.components.ipAddress,received:forwardedFor}].find(({saved,received})=>saved??(received??"")!=="");if(componentMismatch)return{isValid:!1,reason:`${componentMismatch.field} mismatch`,currentFingerprint};return{isValid:!0,currentFingerprint}};var init_Validate=__esm(()=>{init_Generate()});var init_Fingerprint=__esm(()=>{init_Generate();init_Validate()});import crypto3 from"crypto";var base64UrlEncode=(data)=>{return(Buffer.isBuffer(data)?data.toString("base64"):Buffer.from(data).toString("base64")).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")},base64UrlDecode=(data)=>{let padding="=".repeat((4-data.length%4)%4),base64=data.replace(/-/g,"+").replace(/_/g,"/")+padding;return Buffer.from(base64,"base64").toString("utf-8")},createSignature=(data,secret,algorithm)=>{let hmacAlgorithm=algorithm.replace("HS","sha"),hmac=crypto3.createHmac(hmacAlgorithm,secret);return hmac.update(data),base64UrlEncode(hmac.digest())},verifySignature=(data,signature,secret,algorithm)=>{let expectedSignature=createSignature(data,secret,algorithm),sigBuf=Buffer.from(signature),expBuf=Buffer.from(expectedSignature);if(sigBuf.length!==expBuf.length)return!1;return crypto3.timingSafeEqual(sigBuf,expBuf)},encodeHeader=(header)=>{return base64UrlEncode(JSON.stringify(header))},encodePayload=(payload)=>{return base64UrlEncode(JSON.stringify(payload))},decodeHeader=(encoded)=>{try{return JSON.parse(base64UrlDecode(encoded))}catch{return null}},decodePayload=(encoded)=>{try{return JSON.parse(base64UrlDecode(encoded))}catch{return null}};var init_utils2=()=>{};var decodeJWT=(token)=>{let parts=token.split(".");if(parts.length!==3)return null;let[encodedHeader,encodedPayload,signature]=parts;if(!encodedHeader||!encodedPayload||!signature)return null;let header=decodeHeader(encodedHeader),payload=decodePayload(encodedPayload);if(!header||!payload)return null;return{header,payload,signature}};var init_Decode=__esm(()=>{init_utils2()});var signJWT=(options,secret,algorithm="HS256")=>{let header={alg:algorithm,typ:"JWT"},now=Math.floor(Date.now()/1000),payload={sub:options.subject,iat:now,exp:now+options.expiresInSeconds,iss:options.issuer,aud:options.audience,jti:options.jwtId,sessionId:options.sessionId,...options.customClaims},encodedHeader=encodeHeader(header),encodedPayload=encodePayload(payload),dataToSign=`${encodedHeader}.${encodedPayload}`,signature=createSignature(dataToSign,secret,algorithm);return`${dataToSign}.${signature}`};var init_Sign=__esm(()=>{init_utils2()});var audienceMatches=(aud,expected)=>{if(typeof aud==="string")return aud===expected;if(Array.isArray(aud))return aud.includes(expected);return!1},verifyJWT=(token,secret,expected)=>{let parts=token.split(".");if(parts.length!==3)return{valid:!1,error:"Invalid token format: expected 3 parts"};let[encodedHeader,encodedPayload,signature]=parts;if(!encodedHeader||!encodedPayload||!signature)return{valid:!1,error:"Invalid token format: missing parts"};let header=decodeHeader(encodedHeader);if(!header)return{valid:!1,error:"Invalid header: failed to decode"};if(header.typ!=="JWT")return{valid:!1,error:"Invalid header: typ must be JWT"};if(!["HS256","HS384","HS512"].includes(header.alg))return{valid:!1,error:`Unsupported algorithm: ${header.alg}`};let dataToVerify=`${encodedHeader}.${encodedPayload}`;if(!verifySignature(dataToVerify,signature,secret,header.alg))return{valid:!1,error:"Invalid signature"};let payload=decodePayload(encodedPayload);if(!payload)return{valid:!1,error:"Invalid payload: failed to decode"};let now=Math.floor(Date.now()/1000);if(payload.exp&&payload.exp<now)return{valid:!1,error:"Token expired"};if(payload.iat&&payload.iat>now+60)return{valid:!1,error:"Token issued in the future"};if(expected?.issuer&&payload.iss!==expected.issuer)return{valid:!1,error:"Invalid issuer"};if(expected?.audience&&!audienceMatches(payload.aud,expected.audience))return{valid:!1,error:"Invalid audience"};return{valid:!0,payload}};var init_Verify=__esm(()=>{init_utils2()});var exports_JWT={};__export(exports_JWT,{verifyJWT:()=>verifyJWT,signJWT:()=>signJWT,decodeJWT:()=>decodeJWT});var init_JWT=__esm(()=>{init_Decode();init_Sign();init_Verify()});var init_Generate2=()=>{};var init_Password=__esm(()=>{init_Generate2()});var init_Logger2=__esm(()=>{init_auditTaxonomy();init_Logger();init_transports();init_utils();init_scopes()});var DEFAULT_DAPR_HOST="127.0.0.1",DEFAULT_DAPR_PORT="3500",DEFAULT_MAX_BODY_SIZE_MB=4,DEFAULT_STATE_STORE="statestore-redis",DEFAULT_PUBSUB_NAME="pubsub-rabbitmq",DEFAULT_SECRET_STORE="secretstore",DEFAULT_CONFIG_STORE="configstore-redis",ENV_DAPR_HOST="DAPR_HOST",ENV_DAPR_HTTP_PORT="DAPR_HTTP_PORT",ENV_DAPR_HTTP_ENDPOINT="DAPR_HTTP_ENDPOINT",ENV_DAPR_GRPC_ENDPOINT="DAPR_GRPC_ENDPOINT",ENV_DAPR_API_TOKEN="DAPR_API_TOKEN",DEFAULT_OPERATION_TIMEOUT_MS=30000,DEFAULT_CONNECTION_TIMEOUT_MS=1e4,DEFAULT_HEALTH_CHECK_TIMEOUT_MS=5000,CONNECTION_STATUS,HEALTH_STATUS,ERROR_CODES;var init_constants=__esm(()=>{CONNECTION_STATUS={CONNECTED:"connected",DISCONNECTED:"disconnected",CONNECTING:"connecting",ERROR:"error"},HEALTH_STATUS={HEALTHY:"healthy",UNHEALTHY:"unhealthy"},ERROR_CODES={CONNECTION_ERROR:"DAPR_CONNECTION_ERROR",TIMEOUT_ERROR:"DAPR_TIMEOUT_ERROR",STATE_ERROR:"DAPR_STATE_ERROR",PUBSUB_ERROR:"DAPR_PUBSUB_ERROR",BINDING_ERROR:"DAPR_BINDING_ERROR",SECRET_ERROR:"DAPR_SECRET_ERROR",CONFIG_ERROR:"DAPR_CONFIG_ERROR",INVOKE_ERROR:"DAPR_INVOKE_ERROR",CRYPTO_ERROR:"DAPR_CRYPTO_ERROR",LOCK_ERROR:"DAPR_LOCK_ERROR",WORKFLOW_ERROR:"DAPR_WORKFLOW_ERROR",VALIDATION_ERROR:"DAPR_VALIDATION_ERROR"}});var DaprManagerError,createConnectionError=(message,details)=>new DaprManagerError(ERROR_CODES.CONNECTION_ERROR,message,details),createTimeoutError=(message,details)=>new DaprManagerError(ERROR_CODES.TIMEOUT_ERROR,message,details),createStateError=(message,details)=>new DaprManagerError(ERROR_CODES.STATE_ERROR,message,details),createPubSubError=(message,details)=>new DaprManagerError(ERROR_CODES.PUBSUB_ERROR,message,details),createBindingError=(message,details)=>new DaprManagerError(ERROR_CODES.BINDING_ERROR,message,details),createSecretError=(message,details)=>new DaprManagerError(ERROR_CODES.SECRET_ERROR,message,details),createConfigError=(message,details)=>new DaprManagerError(ERROR_CODES.CONFIG_ERROR,message,details),createInvokeError=(message,details)=>new DaprManagerError(ERROR_CODES.INVOKE_ERROR,message,details),createCryptoError=(message,details)=>new DaprManagerError(ERROR_CODES.CRYPTO_ERROR,message,details),createLockError=(message,details)=>new DaprManagerError(ERROR_CODES.LOCK_ERROR,message,details),createWorkflowError=(message,details)=>new DaprManagerError(ERROR_CODES.WORKFLOW_ERROR,message,details),safeExecute=async(operation,errorCreator)=>{try{return await operation()}catch(error){let errorMessage=error instanceof Error?error.message:String(error);throw errorCreator(errorMessage,error)}};var init_error_handling=__esm(()=>{init_constants();DaprManagerError=class DaprManagerError extends Error{code;details;constructor(code,message,details){super(message);this.name="DaprManagerError",this.code=code,this.details=details}toJSON(){return{code:this.code,message:this.message,details:this.details}}}});var LOG_LEVEL_PRIORITY2,createDefaultLogger=(minLevel="info")=>{let minPriority=LOG_LEVEL_PRIORITY2[minLevel],scoped=logger.scoped("dapr.client"),logWithLevel=(level)=>(message,...meta)=>{if(LOG_LEVEL_PRIORITY2[level]<minPriority)return;let context=meta.length>0?{meta}:void 0;if(level==="error")scoped.error(message,void 0,context);else scoped[level](message,context)};return{debug:logWithLevel("debug"),info:logWithLevel("info"),warn:logWithLevel("warn"),error:logWithLevel("error")}},withTimeout=async(fn,timeoutMs,errorMessage="Operation timed out")=>{return Promise.race([fn(),new Promise((_,reject)=>{setTimeout(()=>{reject(createTimeoutError(errorMessage))},timeoutMs)})])},validateRequired=(params,requiredKeys,entityName)=>{let missingKeys=requiredKeys.filter((key)=>params[key]===void 0);if(missingKeys.length>0)throw Error(`Missing required ${entityName} parameters: ${missingKeys.join(", ")}`)};var init_utils3=__esm(()=>{init_Logger2();init_constants();init_error_handling();LOG_LEVEL_PRIORITY2={debug:0,info:1,warn:2,error:3}});class DaprBindingClient{client;logger;constructor(clientProvider,logger2){this.client=clientProvider,this.logger=logger2}async invoke(name,operation,data,options={}){return validateRequired({name,operation},["name","operation"],"binding invoke"),safeExecute(async()=>{this.logger.debug("Invoking binding",{name,operation});let response=await(await this.client()).binding.send(name,operation,data,options.metadata);return this.logger.debug("Binding invoked successfully",{name,operation}),response},(message,details)=>createBindingError(`Failed to invoke binding ${name}: ${message}`,details))}}var init_binding_client=__esm(()=>{init_error_handling();init_utils3()});class DaprConfigClient{client;logger;constructor(clientProvider,logger2){this.client=clientProvider,this.logger=logger2}async get(keys,storeName=DEFAULT_CONFIG_STORE){if(validateRequired({keys,storeName},["keys","storeName"],"config get"),keys.length===0)return{};return safeExecute(async()=>{this.logger.debug("Getting configuration",{keys,storeName});let response=await(await this.client()).configuration.get(storeName,keys);return this.logger.debug("Configuration retrieved",{keys,storeName,itemCount:Object.keys(response.items||{}).length}),response.items||{}},(message,details)=>createConfigError(`Failed to get configuration: ${message}`,details))}async subscribeWithKeys(keys,callback,storeName=DEFAULT_CONFIG_STORE){if(validateRequired({keys,callback,storeName},["keys","callback","storeName"],"config subscribeWithKeys"),keys.length===0)throw createConfigError("At least one key must be provided for subscription");return safeExecute(async()=>{this.logger.debug("Subscribing to configuration updates",{keys,storeName});let stream=await(await this.client()).configuration.subscribeWithKeys(storeName,keys,async(data)=>{try{this.logger.debug("Received configuration update",{storeName,updatedKeys:Object.keys(data.items||{})}),await callback(data)}catch(error){this.logger.error("Error in configuration subscription callback",error)}});return this.logger.debug("Configuration subscription established",{keys,storeName}),{stop:()=>{this.logger.debug("Stopping configuration subscription",{keys,storeName}),stream.stop()}}},(message,details)=>createConfigError(`Failed to subscribe to configuration updates: ${message}`,details))}async getValue(key,storeName=DEFAULT_CONFIG_STORE){return(await this.get([key],storeName))[key]?.value}async getValues(keys,storeName=DEFAULT_CONFIG_STORE){let items=await this.get(keys,storeName),values={};for(let key in items)if(items[key]?.value!==void 0)values[key]=items[key].value;return values}}var init_config_client=__esm(()=>{init_constants();init_error_handling();init_utils3()});class DaprCryptoClient{client;logger;constructor(clientProvider,logger2){this.client=clientProvider,this.logger=logger2}async encrypt(data,options){return validateRequired({data,componentName:options.componentName},["data","componentName"],"crypto encrypt"),safeExecute(async()=>{this.logger.debug("Encrypting data",{componentName:options.componentName,keyName:options.keyName,keyWrapAlgorithm:options.keyWrapAlgorithm});let client=await this.client(),inputData=typeof data==="string"?Buffer.from(data):data,cryptoOptions={componentName:options.componentName};if(options.keyName)cryptoOptions.keyName=options.keyName;if(options.keyWrapAlgorithm)cryptoOptions.keyWrapAlgorithm=options.keyWrapAlgorithm;let encryptedData=await client.crypto.encrypt(inputData,cryptoOptions);return this.logger.debug("Data encrypted successfully",{componentName:options.componentName,inputSize:inputData.length,outputSize:encryptedData.length}),encryptedData},(message,details)=>createCryptoError(`Failed to encrypt data: ${message}`,details))}async decrypt(data,options){return validateRequired({data,componentName:options.componentName},["data","componentName"],"crypto decrypt"),safeExecute(async()=>{this.logger.debug("Decrypting data",{componentName:options.componentName});let client=await this.client(),inputData=typeof data==="string"?Buffer.from(data):data,cryptoOptions={componentName:options.componentName};if(options.keyName)cryptoOptions.keyName=options.keyName;if(options.keyWrapAlgorithm)cryptoOptions.keyWrapAlgorithm=options.keyWrapAlgorithm;let decryptedData=await client.crypto.decrypt(inputData,cryptoOptions);return this.logger.debug("Data decrypted successfully",{componentName:options.componentName,inputSize:inputData.length,outputSize:decryptedData.length}),decryptedData},(message,details)=>createCryptoError(`Failed to decrypt data: ${message}`,details))}async encryptString(plaintext,options){return(await this.encrypt(plaintext,options)).toString("base64")}async decryptString(ciphertext,options){let encryptedBuffer=Buffer.from(ciphertext,"base64");return(await this.decrypt(encryptedBuffer,options)).toString("utf-8")}}var init_crypto_client=__esm(()=>{init_error_handling();init_utils3()});import{HttpMethod}from"@dapr/dapr";class DaprInvokeClient{client;logger;constructor(clientProvider,logger2){this.client=clientProvider,this.logger=logger2}async invoke(appId,methodName,httpMethod=HttpMethod.POST,data,options={}){validateRequired({appId,methodName,httpMethod},["appId","methodName","httpMethod"],"invoke service");let timeoutMs=options.timeout||DEFAULT_OPERATION_TIMEOUT_MS;return safeExecute(async()=>{this.logger.debug("Invoking service",{appId,methodName,httpMethod,hasData:data!==void 0});let fullMethodName=methodName;if(options.queryParams&&Object.keys(options.queryParams).length>0){let queryString=Object.entries(options.queryParams).map(([key,value])=>`${encodeURIComponent(key)}=${encodeURIComponent(value)}`).join("&");fullMethodName=`${methodName}?${queryString}`}let client=await this.client(),response=await withTimeout(()=>client.invoker.invoke(appId,fullMethodName,httpMethod,data,options.headers),timeoutMs,`Service invocation timed out after ${timeoutMs}ms`);if(this.logger.debug("Service invoked successfully",{appId,methodName,httpMethod,status:response?.status}),!response)return;if("data"in response)return response.data;return response},(message,details)=>createInvokeError(`Failed to invoke service ${appId}.${methodName}: ${message}`,details))}async get(appId,methodName,options={}){return this.invoke(appId,methodName,HttpMethod.GET,void 0,options)}async post(appId,methodName,data,options={}){return this.invoke(appId,methodName,HttpMethod.POST,data,options)}async put(appId,methodName,data,options={}){return this.invoke(appId,methodName,HttpMethod.PUT,data,options)}async delete(appId,methodName,options={}){return this.invoke(appId,methodName,HttpMethod.DELETE,void 0,options)}}var init_invoke_client=__esm(()=>{init_constants();init_error_handling();init_utils3()});class DaprLockClient{client;logger;constructor(clientProvider,logger2){this.client=clientProvider,this.logger=logger2}async lock(storeName,resourceId,lockOwner,options){return validateRequired({storeName,resourceId,lockOwner,expiryInSeconds:options.expiryInSeconds},["storeName","resourceId","lockOwner","expiryInSeconds"],"lock"),safeExecute(async()=>{this.logger.debug("Acquiring lock",{storeName,resourceId,lockOwner});let response=await(await this.client()).lock.lock(storeName,resourceId,lockOwner,options.expiryInSeconds);return this.logger.debug("Lock acquisition result",{storeName,resourceId,lockOwner,success:response.success}),{success:response.success}},(message,details)=>createLockError(`Failed to acquire lock for resource ${resourceId}: ${message}`,details))}async unlock(storeName,resourceId,lockOwner){return validateRequired({storeName,resourceId,lockOwner},["storeName","resourceId","lockOwner"],"unlock"),safeExecute(async()=>{this.logger.debug("Releasing lock",{storeName,resourceId,lockOwner});let response=await(await this.client()).lock.unlock(storeName,resourceId,lockOwner);return this.logger.debug("Lock release result",{storeName,resourceId,lockOwner,status:this.getLockStatusName(response.status)}),{status:response.status}},(message,details)=>createLockError(`Failed to release lock for resource ${resourceId}: ${message}`,details))}getLockStatusName(status){switch(status){case 0:return"Success";case 1:return"LockDoesNotExist";case 2:return"LockBelongsToOthers";default:return"InternalError"}}}var init_lock_client=__esm(()=>{init_error_handling();init_utils3()});class DaprPubSubClient{client;logger;constructor(clientProvider,logger2){this.client=clientProvider,this.logger=logger2}async publish(topic,data,options={},pubsubName=DEFAULT_PUBSUB_NAME){return validateRequired({topic,data,pubsubName},["topic","data","pubsubName"],"pubsub publish"),safeExecute(async()=>{this.logger.debug("Publishing message to topic",{topic,pubsubName}),await(await this.client()).pubsub.publish(pubsubName,topic,data,{metadata:options.metadata,contentType:options.contentType}),this.logger.debug("Message published successfully",{topic,pubsubName})},(message,details)=>createPubSubError(`Failed to publish message to topic ${topic}: ${message}`,details))}async publishBulk(topic,messages,pubsubName=DEFAULT_PUBSUB_NAME){if(validateRequired({topic,messages,pubsubName},["topic","messages","pubsubName"],"pubsub publishBulk"),messages.length===0)return{failedEntries:[]};return safeExecute(async()=>{this.logger.debug("Publishing bulk messages to topic",{topic,pubsubName,messageCount:messages.length});let client=await this.client(),daprMessages=messages.map((msg)=>{if(typeof msg==="object"&&"event"in msg)return{entryID:msg.entryId,event:msg.event,contentType:msg.contentType,metadata:msg.metadata};return{event:msg}}),response=await client.pubsub.publishBulk(pubsubName,topic,daprMessages),failedCount=response.failedMessages?.length||0;if(failedCount>0)this.logger.warn("Some messages failed to publish",{topic,pubsubName,failedCount,totalCount:messages.length});else this.logger.debug("All bulk messages published successfully",{topic,pubsubName,messageCount:messages.length});return{failedEntries:(response.failedMessages||[]).map((failed)=>({entryId:failed.message.entryID||"",error:failed.error?.message||"Unknown error"}))}},(message,details)=>createPubSubError(`Failed to publish bulk messages to topic ${topic}: ${message}`,details))}createBulkPublishMessage(event,entryId,contentType,metadata){return{entryId,event,contentType,metadata}}}var init_pubsub_client=__esm(()=>{init_constants();init_error_handling();init_utils3()});class DaprSecretClient{client;logger;constructor(clientProvider,logger2){this.client=clientProvider,this.logger=logger2}async get(key,options={},storeName=DEFAULT_SECRET_STORE){return validateRequired({key,storeName},["key","storeName"],"secret get"),safeExecute(async()=>{this.logger.debug("Getting secret",{key,storeName});let client=await this.client(),metadataStr=options.metadata?JSON.stringify(options.metadata):void 0,result=await client.secret.get(storeName,key,metadataStr);return this.logger.debug("Secret retrieved",{key,storeName}),result},(message,details)=>createSecretError(`Failed to get secret ${key}: ${message}`,details))}async getBulk(_options={},storeName=DEFAULT_SECRET_STORE){return validateRequired({storeName},["storeName"],"secret getBulk"),safeExecute(async()=>{this.logger.debug("Getting all secrets",{storeName});let result=await(await this.client()).secret.getBulk(storeName);return this.logger.debug("All secrets retrieved",{storeName,secretCount:Object.keys(result).length}),result},(message,details)=>createSecretError(`Failed to get all secrets: ${message}`,details))}}var init_secret_client=__esm(()=>{init_constants();init_error_handling();init_utils3()});class DaprStateClient{client;logger;constructor(clientProvider,logger2){this.client=clientProvider,this.logger=logger2}async save(stateItems,options={},storeName=DEFAULT_STATE_STORE){if(validateRequired({stateItems,storeName},["stateItems","storeName"],"state save"),stateItems.length===0)return;return safeExecute(async()=>{this.logger.debug("Saving state items",{count:stateItems.length,storeName}),await(await this.client()).state.save(storeName,stateItems,options),this.logger.debug("State items saved successfully",{count:stateItems.length,storeName})},(message,details)=>createStateError(`Failed to save state items: ${message}`,details))}async get(key,storeName=DEFAULT_STATE_STORE){return validateRequired({key,storeName},["key","storeName"],"state get"),safeExecute(async()=>{this.logger.debug("Getting state item",{key,storeName});let result=await(await this.client()).state.get(storeName,key);if(this.logger.debug("State item retrieved",{key,storeName,found:result!==void 0}),result===void 0||result===null)return;if(typeof result==="string")try{return JSON.parse(result)}catch{return result}if(typeof result==="object")return result;return result},(message,details)=>createStateError(`Failed to get state item ${key}: ${message}`,details))}async getBulk(keys,storeName=DEFAULT_STATE_STORE){if(validateRequired({keys,storeName},["keys","storeName"],"state getBulk"),keys.length===0)return{};return safeExecute(async()=>{this.logger.debug("Getting bulk state items",{count:keys.length,storeName});let results=await(await this.client()).state.getBulk(storeName,keys),resultMap={};return results.forEach((item)=>{if(item.data!==void 0)resultMap[item.key]=item.data}),this.logger.debug("Bulk state items retrieved",{count:keys.length,found:Object.keys(resultMap).length,storeName}),resultMap},(message,details)=>createStateError(`Failed to get bulk state items: ${message}`,details))}async delete(key,etag,metadata,storeName=DEFAULT_STATE_STORE){return validateRequired({key,storeName},["key","storeName"],"state delete"),safeExecute(async()=>{this.logger.debug("Deleting state item",{key,storeName});let client=await this.client(),options={};if(etag)options.etag=etag;if(metadata)options.metadata=metadata;await client.state.delete(storeName,key,options),this.logger.debug("State item deleted",{key,storeName})},(message,details)=>createStateError(`Failed to delete state item ${key}: ${message}`,details))}async transaction(operations,storeName=DEFAULT_STATE_STORE){if(validateRequired({operations,storeName},["operations","storeName"],"state transaction"),operations.length===0)return;return safeExecute(async()=>{this.logger.debug("Executing state transaction",{operationCount:operations.length,storeName});let client=await this.client(),daprOperations=operations.map((op)=>({operation:op.operation,request:{key:op.request.key,value:op.request.value,etag:op.request.etag?{value:op.request.etag}:void 0,metadata:op.request.metadata}}));await client.state.transaction(storeName,daprOperations),this.logger.debug("State transaction executed successfully",{operationCount:operations.length,storeName})},(message,details)=>createStateError(`Failed to execute state transaction: ${message}`,details))}async query(query,storeName=DEFAULT_STATE_STORE){return validateRequired({query,storeName},["query","storeName"],"state query"),safeExecute(async()=>{this.logger.debug("Querying state store",{storeName});let result=await(await this.client()).state.query(storeName,query);return this.logger.debug("State query executed",{storeName,resultCount:result.results?.length||0}),(result.results||[]).map((item)=>item.data)},(message,details)=>createStateError(`Failed to query state store: ${message}`,details))}async saveItem(key,value,options={},storeName=DEFAULT_STATE_STORE){let stateItem={key,value};return this.save([stateItem],options,storeName)}async upsert(key,value,options={},storeName=DEFAULT_STATE_STORE){return this.saveItem(key,value,options,storeName)}}var init_state_client=__esm(()=>{init_constants();init_error_handling();init_utils3()});class DaprWorkflowClient{client;logger;constructor(clientProvider,logger2){this.client=clientProvider,this.logger=logger2}async start(workflowName,input,options={}){return validateRequired({workflowName},["workflowName"],"workflow start"),safeExecute(async()=>{this.logger.debug("Starting workflow",{workflowName,instanceId:options.instanceId||"auto-generated",workflowComponent:options.workflowComponent});let instanceId=await(await this.client()).workflow.start(workflowName,input,options.instanceId);return this.logger.debug("Workflow started",{workflowName,instanceId}),instanceId},(message,details)=>createWorkflowError(`Failed to start workflow ${workflowName}: ${message}`,details))}async get(instanceId){return validateRequired({instanceId},["instanceId"],"workflow get"),safeExecute(async()=>{this.logger.debug("Getting workflow instance",{instanceId});let instance=await(await this.client()).workflow.get(instanceId);return this.logger.debug("Workflow instance retrieved",{instanceId,workflowName:instance.workflowName,runtimeStatus:instance.runtimeStatus}),{instanceId:instance.instanceID,workflowName:instance.workflowName,createdAt:new Date(instance.createdAt),lastUpdatedAt:new Date(instance.lastUpdatedAt),runtimeStatus:instance.runtimeStatus,properties:instance.properties||{}}},(message,details)=>createWorkflowError(`Failed to get workflow instance ${instanceId}: ${message}`,details))}async terminate(instanceId){return validateRequired({instanceId},["instanceId"],"workflow terminate"),safeExecute(async()=>{this.logger.debug("Terminating workflow instance",{instanceId}),await(await this.client()).workflow.terminate(instanceId),this.logger.debug("Workflow instance terminated",{instanceId})},(message,details)=>createWorkflowError(`Failed to terminate workflow instance ${instanceId}: ${message}`,details))}async pause(instanceId){return validateRequired({instanceId},["instanceId"],"workflow pause"),safeExecute(async()=>{this.logger.debug("Pausing workflow instance",{instanceId}),await(await this.client()).workflow.pause(instanceId),this.logger.debug("Workflow instance paused",{instanceId})},(message,details)=>createWorkflowError(`Failed to pause workflow instance ${instanceId}: ${message}`,details))}async resume(instanceId){return validateRequired({instanceId},["instanceId"],"workflow resume"),safeExecute(async()=>{this.logger.debug("Resuming workflow instance",{instanceId}),await(await this.client()).workflow.resume(instanceId),this.logger.debug("Workflow instance resumed",{instanceId})},(message,details)=>createWorkflowError(`Failed to resume workflow instance ${instanceId}: ${message}`,details))}async purge(instanceId){return validateRequired({instanceId},["instanceId"],"workflow purge"),safeExecute(async()=>{this.logger.debug("Purging workflow instance",{instanceId}),await(await this.client()).workflow.purge(instanceId),this.logger.debug("Workflow instance purged",{instanceId})},(message,details)=>createWorkflowError(`Failed to purge workflow instance ${instanceId}: ${message}`,details))}async raiseEvent(instanceId,eventName,eventData){return validateRequired({instanceId,eventName},["instanceId","eventName"],"workflow raiseEvent"),safeExecute(async()=>{this.logger.debug("Raising event for workflow instance",{instanceId,eventName}),await(await this.client()).workflow.raise(instanceId,eventName,eventData),this.logger.debug("Event raised for workflow instance",{instanceId,eventName})},(message,details)=>createWorkflowError(`Failed to raise event ${eventName} for workflow instance ${instanceId}: ${message}`,details))}}var init_workflow_client=__esm(()=>{init_error_handling();init_utils3()});import{CommunicationProtocolEnum,DaprClient,HttpMethod as HttpMethod2,LogLevel}from"@dapr/dapr";class DaprConnectionManager{client=null;daprHost;daprPort;communicationProtocol;maxBodySizeMb;daprApiToken;logger;connectionStatus=CONNECTION_STATUS.DISCONNECTED;connectionPromise=null;constructor(options={}){this.daprHost=options.daprHost||process.env[ENV_DAPR_HOST]||DEFAULT_DAPR_HOST,this.daprPort=options.daprPort||process.env[ENV_DAPR_HTTP_PORT]||DEFAULT_DAPR_PORT,this.communicationProtocol=options.communicationProtocol||CommunicationProtocolEnum.HTTP,this.maxBodySizeMb=options.maxBodySizeMb||DEFAULT_MAX_BODY_SIZE_MB,this.daprApiToken=options.daprApiToken||process.env[ENV_DAPR_API_TOKEN],this.logger=options.logger||createDefaultLogger(),this.logger.info("DaprConnectionManager initialized",{daprHost:this.daprHost,daprPort:this.daprPort,communicationProtocol:this.communicationProtocol})}async getClient(){if(!this.client||this.connectionStatus!==CONNECTION_STATUS.CONNECTED)await this.connect();if(!this.client)throw createConnectionError("Not connected to Dapr sidecar");return this.client}async connect(){if(this.connectionPromise)return this.connectionPromise;if(this.client&&this.connectionStatus===CONNECTION_STATUS.CONNECTED)return Promise.resolve();this.connectionStatus=CONNECTION_STATUS.CONNECTING,this.connectionPromise=this.establishConnection();try{await this.connectionPromise,this.connectionStatus=CONNECTION_STATUS.CONNECTED}catch(error){throw this.connectionStatus=CONNECTION_STATUS.ERROR,error}finally{this.connectionPromise=null}}async establishConnection(){try{this.logger.info("Connecting to Dapr sidecar",{daprHost:this.daprHost,daprPort:this.daprPort,protocol:this.communicationProtocol});let useEndpointFromEnv=process.env[ENV_DAPR_HTTP_ENDPOINT]&&this.communicationProtocol===CommunicationProtocolEnum.HTTP||process.env[ENV_DAPR_GRPC_ENDPOINT]&&this.communicationProtocol===CommunicationProtocolEnum.GRPC,clientOptions={communicationProtocol:this.communicationProtocol,maxBodySizeMb:this.maxBodySizeMb,logger:{level:LogLevel.Warn}};if(!useEndpointFromEnv)clientOptions.daprHost=this.daprHost,clientOptions.daprPort=this.daprPort;if(this.daprApiToken)clientOptions.daprApiToken=this.daprApiToken;await withTimeout(async()=>{this.client=new DaprClient(clientOptions)},DEFAULT_CONNECTION_TIMEOUT_MS,"Connection to Dapr sidecar timed out"),await this.healthCheck(),this.logger.info("Successfully connected to Dapr sidecar")}catch(error){throw this.logger.error("Failed to connect to Dapr sidecar",error),this.client=null,createConnectionError(`Failed to connect to Dapr sidecar at ${this.daprHost}:${this.daprPort}`,error)}}async disconnect(){if(!this.client)return;try{this.logger.info("Disconnecting from Dapr sidecar"),this.client=null,this.connectionStatus=CONNECTION_STATUS.DISCONNECTED,this.logger.info("Disconnected from Dapr sidecar")}catch(error){throw this.logger.error("Error during disconnect",error),createConnectionError("Failed to disconnect from Dapr sidecar",error)}}isConnected(){return this.client!==null&&this.connectionStatus===CONNECTION_STATUS.CONNECTED}getConnectionStatus(){return this.connectionStatus}async healthCheck(){if(!this.client)throw createConnectionError("Not connected to Dapr sidecar");try{return await withTimeout(async()=>{if(!this.client)throw createConnectionError("Not connected to Dapr sidecar");let response=await this.client.invoker.invoke("healthz","healthz",HttpMethod2.GET);return{status:response.status===204?HEALTH_STATUS.HEALTHY:HEALTH_STATUS.UNHEALTHY,version:response.headers?.["dapr-version"]||"unknown"}},DEFAULT_HEALTH_CHECK_TIMEOUT_MS,"Health check timed out")}catch(error){return this.logger.error("Health check failed",error),{status:HEALTH_STATUS.UNHEALTHY,version:"unknown"}}}getClientConfig(){return{daprHost:this.daprHost,daprPort:this.daprPort,communicationProtocol:this.communicationProtocol,maxBodySizeMb:this.maxBodySizeMb,hasApiToken:!!this.daprApiToken,connectionStatus:this.connectionStatus}}}var init_connection_manager=__esm(()=>{init_constants();init_error_handling();init_utils3()});var init_types2=()=>{};class DaprManager{connectionManager;logger;_state;_pubsub;_binding;_secret;_config;_invoke;_lock;_crypto;_workflow;constructor(options={}){this.logger=options.logger||createDefaultLogger(),this.connectionManager=new DaprConnectionManager(options);let clientProvider=async()=>{return this.connectionManager.getClient()};this._state=new DaprStateClient(clientProvider,this.logger),this._pubsub=new DaprPubSubClient(clientProvider,this.logger),this._binding=new DaprBindingClient(clientProvider,this.logger),this._secret=new DaprSecretClient(clientProvider,this.logger),this._config=new DaprConfigClient(clientProvider,this.logger),this._invoke=new DaprInvokeClient(clientProvider,this.logger),this._lock=new DaprLockClient(clientProvider,this.logger),this._crypto=new DaprCryptoClient(clientProvider,this.logger),this._workflow=new DaprWorkflowClient(clientProvider,this.logger)}async connect(){await this.connectionManager.connect()}async disconnect(){await this.connectionManager.disconnect()}isConnected(){return this.connectionManager.isConnected()}getConnectionStatus(){return this.connectionManager.getConnectionStatus()}async healthCheck(){return this.connectionManager.healthCheck()}getClientConfig(){return this.connectionManager.getClientConfig()}get state(){return this._state}get pubsub(){return this._pubsub}get binding(){return this._binding}get secret(){return this._secret}get config(){return this._config}get invoke(){return this._invoke}get lock(){return this._lock}get crypto(){return this._crypto}get workflow(){return this._workflow}}var daprManager;var init_Dapr=__esm(()=>{init_binding_client();init_config_client();init_crypto_client();init_invoke_client();init_lock_client();init_pubsub_client();init_secret_client();init_state_client();init_workflow_client();init_connection_manager();init_utils3();init_binding_client();init_config_client();init_crypto_client();init_invoke_client();init_lock_client();init_pubsub_client();init_secret_client();init_state_client();init_workflow_client();init_constants();init_error_handling();init_types2();daprManager=new DaprManager});import Redis from"ioredis";class DirectRedisStore{client;constructor(client){this.client=client}async create(key,value,ttlSeconds){try{return{success:!0,data:ttlSeconds?await this.client.set(key,JSON.stringify(value),"EX",ttlSeconds):await this.client.set(key,JSON.stringify(value))}}catch(error){return{success:!1,error:error.message}}}async read(key){try{let raw=await this.client.get(key);return{success:!0,data:raw?JSON.parse(raw):null}}catch(error){return{success:!1,error:error.message}}}async update(key,value,preserveTtl=!0){try{return{success:!0,data:preserveTtl?await this.client.set(key,JSON.stringify(value),"KEEPTTL"):await this.client.set(key,JSON.stringify(value))}}catch(error){return{success:!1,error:error.message}}}async remove(key){try{return{success:!0,data:await this.client.del(key)}}catch(error){return{success:!1,error:error.message}}}async exists(key){try{return{success:!0,data:await this.client.exists(key)===1}}catch(error){return{success:!1,error:error.message}}}getClient(){return this.client}}class DaprRedisStore{storeName;dapr;constructor(storeName){this.storeName=storeName;this.dapr=new DaprManager}async create(key,value,ttlSeconds){try{let metadata=ttlSeconds?{ttlInSeconds:String(ttlSeconds)}:void 0;return await this.dapr.state.save([{key,value,metadata}],void 0,this.storeName),{success:!0,data:"OK"}}catch(error){return{success:!1,error:error.message}}}async read(key){try{return{success:!0,data:await this.dapr.state.get(key,this.storeName)??null}}catch(error){return{success:!1,error:error.message}}}async update(key,value,_preserveTtl=!0){try{return await this.dapr.state.save([{key,value}],void 0,this.storeName),{success:!0,data:"OK"}}catch(error){return{success:!1,error:error.message}}}async remove(key){try{return await this.dapr.state.delete(key,void 0,void 0,this.storeName),{success:!0,data:1}}catch(error){return{success:!1,error:error.message}}}async exists(key){try{let data=await this.dapr.state.get(key,this.storeName);return{success:!0,data:data!==void 0&&data!==null}}catch(error){return{success:!1,error:error.message}}}}class RedisManager{static instance=null;store;directClient=null;useDapr;constructor(config){if(RedisManager.instance){this.store=RedisManager.instance.store,this.directClient=RedisManager.instance.directClient,this.useDapr=RedisManager.instance.useDapr;return}if(!config)throw Error("Redis config must be provided for first initialization.");if(assertRedisConfig(config),this.useDapr=config.withDapr??!1,config.withDapr)this.store=new DaprRedisStore(config.stateStoreName??"statestore");else{let client=config.url?new Redis(config.url):new Redis({host:config.host,port:config.port,...config.password?{password:config.password}:{},...config.username?{username:config.username}:{},...config.tls?{tls:{}}:{}});this.directClient=client,this.store=new DirectRedisStore(client)}RedisManager.instance=this}async create(key,value,ttlSeconds){return this.store.create(key,value,ttlSeconds)}async read(key){return this.store.read(key)}async update(key,value,preserveTtl=!0){return this.store.update(key,value,preserveTtl)}async remove(key){return this.store.remove(key)}async exists(key){return this.store.exists(key)}async readCounters(keys){return(await Promise.all(keys.map((k)=>this.read(k)))).map((r)=>{let v=r.success?r.data:null,n=typeof v==="number"?v:Number.parseFloat(String(v??""));return Number.isFinite(n)?n:0})}async incrementCounter(key,delta,ttlSeconds){if(!this.useDapr&&this.directClient){let v=await this.directClient.incrbyfloat(key,delta);if(ttlSeconds&&ttlSeconds>0)try{await this.directClient.expire(key,ttlSeconds)}catch{}return Number(v)}let cur=await this.read(key),raw=cur.success?cur.data:null,base=typeof raw==="number"?raw:Number.parseFloat(String(raw??"")),next=(Number.isFinite(base)?base:0)+delta;return await this.create(key,next,ttlSeconds),next}getDirectClient(){return this.directClient}async reauthenticate(username,password){if(this.directClient)await this.directClient.auth(username,password)}async keys(pattern){if(this.useDapr||!this.directClient)return logger.scoped("database.redis").warn("keys() not supported in Dapr mode",{pattern}),[];try{return await this.directClient.keys(pattern)}catch(error){return logger.scoped("database.redis").error("keys() failed",error,{pattern}),[]}}async acquireLock(lockKey,ttlSeconds=10){if(this.useDapr||!this.directClient){let existsResult=await this.exists(lockKey);if(!existsResult.success)return{success:!1,error:existsResult.error};if(existsResult.data)return{success:!0,data:!1};if((await this.create(lockKey,"1",ttlSeconds)).success)return{success:!0,data:!0};return{success:!1,error:"Failed to acquire lock"}}try{return{success:!0,data:await this.directClient.set(lockKey,"1","EX",ttlSeconds,"NX")==="OK"}}catch(error){return{success:!1,error:error.message}}}async releaseLock(lockKey){return this.remove(lockKey)}async waitForLock(lockKey,timeoutMs=5000,pollIntervalMs=50){let startTime=Date.now();while(Date.now()-startTime<timeoutMs){let existsResult=await this.exists(lockKey);if(!existsResult.success)return{success:!1,error:existsResult.error};if(!existsResult.data)return{success:!0,data:!0};await new Promise((resolve)=>setTimeout(resolve,pollIntervalMs))}return{success:!0,data:!1}}async getOrWait(key,timeoutMs=5000,pollIntervalMs=50){let startTime=Date.now();while(Date.now()-startTime<timeoutMs){let readResult=await this.read(key);if(!readResult.success)return{success:!1,error:readResult.error};if(readResult.data!==null)return{success:!0,data:readResult.data};await new Promise((resolve)=>setTimeout(resolve,pollIntervalMs))}return{success:!0,data:null}}}var assertRedisConfig=(config)=>{if(!config)throw Error("Redis config must be provided.");if(config.withDapr){if(!config.stateStoreName)throw Error("Dapr mode requires stateStoreName.");return}let hasUrl=Boolean(config.url),hasHostPort=Boolean(config.host)&&typeof config.port==="number";if(!hasUrl&&!hasHostPort)throw Error("Redis config requires either url or host and port.")};var init_Redis=__esm(()=>{init_Logger2();init_Dapr()});var init_Delete=__esm(()=>{init_Redis()});var init_Generate3=__esm(()=>{init_Redis();init_JWT()});var init_Read=__esm(()=>{init_Redis();init_JWT();init_Delete()});var init_Validate2=__esm(()=>{init_Read()});var init_RefreshToken=__esm(()=>{init_Delete();init_Generate3();init_Read();init_Validate2()});var DEFAULT_EXPIRY_SECONDS=86400,buildSessionKey=(sessionId)=>`session:${sessionId}`,serializeSession=(record)=>JSON.stringify(record),deserializeSession=(data)=>{if(!data)return null;if(typeof data==="object")return data;try{return JSON.parse(data)}catch{return null}};var deleteSession=async(options)=>{let manager=new RedisManager,key=buildSessionKey(options.sessionId),removeResult=await manager.remove(key);return removeResult.success&&removeResult.data>0};var init_Delete2=__esm(()=>{init_Redis()});import crypto4 from"crypto";var generateSession=async(options)=>{let manager=new RedisManager,sessionId=options.sessionId??crypto4.randomUUID(),now=Date.now(),expiresIn=(options.expiresInSeconds??DEFAULT_EXPIRY_SECONDS)*1000,nowIso=new Date(now).toISOString(),record={id:sessionId,userId:options.userId,createdAt:nowIso,expiresAt:new Date(now+expiresIn).toISOString(),lastActiveAt:nowIso,clientMeta:options.clientMeta,fingerprintHash:options.fingerprintHash,deviceInfo:options.deviceInfo,refreshTokenHash:options.refreshTokenHash,loginMethod:options.loginMethod,rememberMe:options.rememberMe},ttlSeconds=options.expiresInSeconds??DEFAULT_EXPIRY_SECONDS,writeResult=await manager.create(buildSessionKey(sessionId),serializeSession(record),ttlSeconds);if(!writeResult.success)return{success:!1,error:writeResult.error};return{success:!0,session:record}};var init_Generate4=__esm(()=>{init_Redis()});var init_Issue=__esm(()=>{init_JWT();init_Generate3();init_Delete2();init_Generate4()});var init_Session=__esm(()=>{init_Issue()});var readSession=async(options)=>{let manager=new RedisManager,key=buildSessionKey(options.sessionId),readResult=await manager.read(key);if(!readResult.success||!readResult.data)return null;let record=deserializeSession(readResult.data);if(!record)return null;if(new Date(record.expiresAt).getTime()<=Date.now())return await deleteSession({sessionId:options.sessionId}),null;return record};var init_Read2=__esm(()=>{init_Redis();init_Delete2()});var updateSession=async(options)=>{let existing=await readSession({sessionId:options.sessionId});if(!existing)return{success:!1,error:"Session not found"};let updated={...existing,...options.updates,lastActiveAt:options.updates.lastActiveAt??new Date().toISOString()},manager=new RedisManager,remainingMs=new Date(updated.expiresAt).getTime()-Date.now(),remainingTtlSeconds=Math.max(60,Math.ceil(remainingMs/1000)),writeResult=await manager.create(buildSessionKey(options.sessionId),serializeSession(updated),remainingTtlSeconds);if(!writeResult.success)return{success:!1,error:writeResult.error};return{success:!0,session:updated}},updateLastActiveAt=async(sessionId)=>{return updateSession({sessionId,updates:{lastActiveAt:new Date().toISOString()}})};var init_Update=__esm(()=>{init_Redis();init_Read2()});var validateSession=async(options)=>{let jwtResult=verifyJWT(options.jwtToken,options.jwtSecret);if(!jwtResult.valid)return{isValid:!1,reason:jwtResult.error};let session=await readSession({sessionId:options.sessionId});if(!session)return{isValid:!1,reason:"Session not found"};let fingerprintValid;if(options.savedFingerprint&&options.headers&&options.requestIp){let sanitizedHeaders={};for(let[key,value]of Object.entries(options.headers))if(value!==void 0)sanitizedHeaders[key]=value;let fingerprintResult=validateDeviceFingerprint({savedFingerprint:options.savedFingerprint,headers:sanitizedHeaders,requestIp:options.requestIp});if(fingerprintValid=fingerprintResult.isValid,!fingerprintResult.isValid)return{isValid:!1,reason:fingerprintResult.reason??"Fingerprint mismatch"}}return{isValid:!0,context:{userId:session.userId,sessionId:session.id,fingerprintValid}}};var init_Validate3=__esm(()=>{init_Validate();init_JWT();init_Read2()});var exports_SessionStore={};__export(exports_SessionStore,{validateSession:()=>validateSession,updateSession:()=>updateSession,updateLastActiveAt:()=>updateLastActiveAt,readSession:()=>readSession,generateSession:()=>generateSession,deleteSession:()=>deleteSession});var init_SessionStore=__esm(()=>{init_Delete2();init_Generate4();init_Read2();init_Update();init_Validate3()});var init_Auth=__esm(()=>{init_Fingerprint();init_JWT();init_Password();init_RefreshToken();init_Session();init_SessionStore()});import{eq}from"drizzle-orm";function buildClaimAction(method,entity,field,relation,relationField,isBulk){let parts=[method.toLowerCase()];if(isBulk)parts.push("bulk");if(parts.push(entity),relation){if(parts.push("with"),parts.push(relation),relationField)parts.push(relationField)}else if(field)parts.push(field);return parts.join(".")}function buildClaimPath(entity,isBulk,hasId){if(isBulk)return`/${entity}/bulk`;if(hasId)return`/${entity}/:id`;return`/${entity}`}function generateEntityClaims(entity,config,schemaRelations){let claims=[],tableName=entity.table_name,excludedMethods=entity.excluded_methods||[];for(let method of HTTP_METHODS){if(excludedMethods.includes(method))continue;let needsId=method==="PUT"||method==="PATCH"||method==="DELETE";if(claims.push({action:buildClaimAction(method,tableName),description:`${method} access to ${tableName}`,path:buildClaimPath(tableName,!1,needsId&&method!=="DELETE"),method}),method==="GET"&&entity.columns){for(let column of entity.columns){if(config.skipColumns.includes(column.name))continue;claims.push({action:buildClaimAction(method,tableName,column.name),description:`${method} access to ${tableName}.${column.name}`,path:buildClaimPath(tableName),method})}let relationKey=`${tableName.replace(/_([a-z])/g,(_,l)=>l.toUpperCase())}Relations`;if(schemaRelations[relationKey]){let relationConfig=schemaRelations[relationKey];if(relationConfig?.config?.referencedTable?._?.name){let relationName=relationConfig.config.referencedTable._.name;claims.push({action:buildClaimAction(method,tableName,void 0,relationName),description:`${method} access to ${tableName} with ${relationName}`,path:buildClaimPath(tableName),method})}}}if(method==="POST"||method==="PUT"||method==="PATCH"){if(entity.columns)for(let column of entity.columns){if(config.skipColumns.includes(column.name))continue;claims.push({action:buildClaimAction(method,tableName,column.name),description:`${method} access to ${tableName}.${column.name}`,path:buildClaimPath(tableName,!1,method!=="POST"),method})}}}if(entity.bulk_endpoints_enabled===!0)for(let method of BULK_METHODS){if(excludedMethods.includes(method))continue;claims.push({action:buildClaimAction(method,tableName,void 0,void 0,void 0,!0),description:`Bulk ${method} access to ${tableName}`,path:buildClaimPath(tableName,!0),method})}return claims}async function seedClaims(db,schemaTables,schemaRelations,entities,config,logger2){let claimsTable=schemaTables.claims;if(!claimsTable)return logger2.warn("[Authorization] Claims table not found in schema"),{total:0,created:0,existing:0,claims:[]};let allClaims=[];for(let entity of entities){if(config.skipTables.includes(entity.table_name))continue;let entityClaims=generateEntityClaims(entity,config,schemaRelations);allClaims.push(...entityClaims)}let uniqueClaims=allClaims.filter((claim,index,self2)=>index===self2.findIndex((c)=>c.action===claim.action)),created=0,existing=0,claimActions=[];for(let claim of uniqueClaims)try{if((await db.select().from(claimsTable).where(eq(claimsTable.action,claim.action)).limit(1)).length===0)await db.insert(claimsTable).values(claim),created++,claimActions.push(claim.action),logger2.debug(`[Authorization] Created claim: ${claim.action}`);else existing++}catch(error){logger2.error(`[Authorization] Failed to create claim: ${claim.action}`,error)}return logger2.info(`[Authorization] Claims seeded: ${created} created, ${existing} existing, ${uniqueClaims.length} total`),{total:uniqueClaims.length,created,existing,claims:claimActions}}var HTTP_METHODS,BULK_METHODS;var init_ClaimSeeder=__esm(()=>{HTTP_METHODS=["GET","POST","PUT","PATCH","DELETE"],BULK_METHODS=["POST","PUT","DELETE"]});var exports_ClaimsCache={};__export(exports_ClaimsCache,{ClaimsCache:()=>ClaimsCache});import{eq as eq2}from"drizzle-orm";class ClaimsCache{prefix;redis;db;schemaTables;logger;constructor(config){this.prefix=config.prefix||DEFAULT_PREFIX,this.redis=config.redis,this.db=config.db,this.schemaTables=config.schemaTables,this.logger=config.logger}key(suffix){return`${this.prefix}:${suffix}`}async buildCache(){let rolesTable=this.schemaTables.roles,roleClaimsTable=this.schemaTables.roleClaims,claimsTable=this.schemaTables.claims;if(!rolesTable||!roleClaimsTable||!claimsTable)return this.logger.warn("[ClaimsCache] Required tables not found, skipping cache build"),{version:0,roleCount:0,totalMappings:0};let allRoles=await this.db.select().from(rolesTable),roleNames=[],totalMappings=0;for(let role of allRoles){let r=role,roleId=r.id,roleName=r.name;roleNames.push(roleName);let roleClaimRows=await this.db.select().from(roleClaimsTable).innerJoin(claimsTable,eq2(roleClaimsTable.claimId,claimsTable.id)).where(eq2(roleClaimsTable.roleId,roleId)),claimActions=[];for(let row of roleClaimRows){let action=row.claims?.action;if(action)claimActions.push(action)}await this.redis.set(this.key(`role:${roleName}`),JSON.stringify(claimActions)),totalMappings+=claimActions.length}await this.redis.set(this.key("roles"),JSON.stringify(roleNames));let versionStr=await this.redis.get(this.key("version")),newVersion=(parseInt(versionStr||"0",10)||0)+1;return await this.redis.set(this.key("version"),String(newVersion)),this.logger.info("[ClaimsCache] Cache built",{version:newVersion,roleCount:roleNames.length,totalMappings}),{version:newVersion,roleCount:roleNames.length,totalMappings}}async getVersion(){let v=await this.redis.get(this.key("version"));return parseInt(v||"0",10)||0}async resolveClaimsForRoles(roleNames){let allClaims=new Set;for(let roleName of roleNames){let cached=await this.redis.get(this.key(`role:${roleName}`));if(cached){let claims=JSON.parse(cached);for(let c of claims)allClaims.add(c)}}return Array.from(allClaims)}async invalidate(){return(await this.buildCache()).version}getPrefix(){return this.prefix}}var DEFAULT_PREFIX="nucleus:claims";var init_ClaimsCache=()=>{};var DEFAULT_AUTHORIZATION_CONFIG,AUTHORIZATION_TABLE_KEYS,GODMIN_ROLE_NAME="godmin";var init_types3=__esm(()=>{DEFAULT_AUTHORIZATION_CONFIG={enabled:!1,autoSeedClaims:!0,skipTables:["audit_logs"],skipColumns:["id","created_at","updated_at","is_active","password","version"],excludedPaths:[],publicPaths:["/auth/login","/auth/register"]},AUTHORIZATION_TABLE_KEYS={users:"users",roles:"roles",claims:"claims",userRoles:"userRoles",roleClaims:"roleClaims"}});var{password}=globalThis.Bun;import{and,eq as eq3}from"drizzle-orm";async function setupGodmin(db,schemaTables,config,logger2){if(!config.godminEmail||!config.godminPassword)return logger2.warn("[Authorization] Godmin email or password not configured, skipping godmin setup"),{success:!1};let{roles:rolesTable,users:usersTable,userRoles:userRolesTable}=schemaTables;if(!rolesTable||!usersTable||!userRolesTable)return logger2.error("[Authorization] Required tables not found for godmin setup"),{success:!1};try{let roleId,existingRole=await db.select().from(rolesTable).where(eq3(rolesTable.name,GODMIN_ROLE_NAME)).limit(1);if(existingRole.length===0){let[newRole]=await db.insert(rolesTable).values({name:GODMIN_ROLE_NAME,description:"God mode administrator - bypasses all authorization checks"}).returning();roleId=newRole.id,logger2.info(`[Authorization] Created godmin role: ${roleId}`)}else roleId=existingRole[0].id,logger2.debug(`[Authorization] Godmin role already exists: ${roleId}`);let userId,existingUser=await db.select().from(usersTable).where(eq3(usersTable.email,config.godminEmail)).limit(1);if(existingUser.length===0){let hashedPassword=await password.hash(config.godminPassword,{algorithm:"bcrypt",cost:10}),[newUser]=await db.insert(usersTable).values({email:config.godminEmail,password:hashedPassword,verifiedAt:new Date,isActive:!0,isGod:!0}).returning();userId=newUser.id,logger2.info(`[Authorization] Created godmin user: ${userId}`)}else{if(userId=existingUser[0].id,!existingUser[0].isGod)await db.update(usersTable).set({isGod:!0}).where(eq3(usersTable.id,userId)),logger2.info(`[Authorization] Marked existing godmin user as isGod=true: ${userId}`);logger2.debug(`[Authorization] Godmin user already exists: ${userId}`)}if(!((await db.select().from(userRolesTable).where(and(eq3(userRolesTable.userId,userId),eq3(userRolesTable.roleId,roleId))).limit(1)).length>0))await db.insert(userRolesTable).values({userId,roleId}),logger2.info(`[Authorization] Assigned godmin role to user: ${userId}`);return{success:!0,userId,roleId}}catch(error){return logger2.error("[Authorization] Failed to setup godmin",error),{success:!1}}}function isGodminRole(roleName){return roleName===GODMIN_ROLE_NAME}var init_GodminSetup=__esm(()=>{init_types3()});import{eq as eq4,inArray,sql}from"drizzle-orm";function isSelfReference(value){return value.startsWith(SELF_PREFIX)}function parseSelfReference(value){return{field:value.slice(SELF_PREFIX.length)}}function parseScopeWithSelf(scope){if(!scope)return{};let params=new URLSearchParams(scope),result={};for(let[key,value]of params.entries())if(isSelfReference(value))result[key]=parseSelfReference(value);else result[key]=value;return result}function resolveScopeWithSelf(parsedScope,userData,logger2){let resolved={},unresolved=[];for(let[key,value]of Object.entries(parsedScope))if(typeof value==="object"&&"field"in value){if(!userData){logger2.warn(`[Authorization] Cannot resolve self:${value.field} - userData not provided`),unresolved.push(key);continue}let lookup=lookupUserDataField(userData,value.field);if(!lookup.found){logger2.warn(`[Authorization] Cannot resolve self:${value.field} - field not found in userData`),unresolved.push(key);continue}resolved[key]=lookup.value,logger2.debug(`[Authorization] Resolved self:${value.field} -> ${String(lookup.value)}`)}else resolved[key]=value;return{resolved,unresolved}}function buildClaimPattern(method,entity,field,relation){let parts=[method.toLowerCase(),entity];if(relation)parts.push("with",relation);else if(field)parts.push(field);return parts.join(".")}function claimMatches(userClaim,requiredPattern,requireSpecificity=!1){if(userClaim===requiredPattern)return!0;let userParts=userClaim.split("."),requiredParts=requiredPattern.split(".");if(userParts.length>requiredParts.length)return!1;if(requireSpecificity&&userParts.length<2&&requiredParts.length>=2)return!1;for(let i=0;i<userParts.length;i++)if(userParts[i]!==requiredParts[i])return!1;return!0}async function checkAuthorization(params){let{userId,method,entity,requestedFields,requestedRelations,db,schemaTables,logger:logger2,getUserData}=params,reqSpec=params.requireClaimSpecificity??!1,userData=params.userData,ensureUserData=async()=>{if(userData!==void 0)return;if(getUserData)try{userData=await getUserData()}catch(err){logger2.warn("[Authorization] getUserData callback failed",{userId,error:err instanceof Error?err.message:String(err)})}},rolesTable=schemaTables[AUTHORIZATION_TABLE_KEYS.roles],userRolesTable=schemaTables[AUTHORIZATION_TABLE_KEYS.userRoles],roleClaimsTable=schemaTables[AUTHORIZATION_TABLE_KEYS.roleClaims],claimsTable=schemaTables[AUTHORIZATION_TABLE_KEYS.claims];if(!rolesTable||!userRolesTable||!roleClaimsTable||!claimsTable)return logger2.error("[Authorization] Required tables not found"),{authorized:!1,reason:"Authorization tables not configured"};try{let userRolesCols=userRolesTable,rolesCols=rolesTable,userRoles=await db.select({roleId:userRolesCols.roleId,roleName:rolesCols.name}).from(userRolesTable).innerJoin(rolesTable,eq4(userRolesCols.roleId,rolesCols.id)).where(eq4(userRolesCols.userId,userId));if(userRoles.length===0)return{authorized:!1,reason:"User has no roles assigned"};if(userRoles.some((ur)=>isGodminRole(ur.roleName)))return logger2.debug(`[Authorization] User ${userId} has godmin role, bypassing checks`),{authorized:!0};let roleIds=userRoles.map((ur)=>ur.roleId),roleClaimsCols=roleClaimsTable,claimsCols=claimsTable,roleClaims=await db.select({claimAction:claimsCols.action,scope:roleClaimsCols.scope}).from(roleClaimsTable).innerJoin(claimsTable,eq4(roleClaimsCols.claimId,claimsCols.id)).where(inArray(roleClaimsCols.roleId,roleIds));if(roleClaims.length===0)return{authorized:!1,reason:"User roles have no claims assigned"};let entityClaimPattern=buildClaimPattern(method,entity),hasEntityAccess=roleClaims.some((rc)=>claimMatches(rc.claimAction,entityClaimPattern,reqSpec)),allowedFields=[],allowedRelations=[],scopeFilters={},unresolvedSelf=[],fieldPatterns=(requestedFields??[]).map((field)=>({field,pattern:buildClaimPattern(method,entity,field)})),relationPatterns=(requestedRelations??[]).map((relation)=>({relation,pattern:buildClaimPattern(method,entity,void 0,relation)})),claimCouldGrant=(action)=>claimMatches(action,entityClaimPattern,reqSpec)||fieldPatterns.some((f)=>claimMatches(action,f.pattern,reqSpec))||relationPatterns.some((r)=>claimMatches(action,r.pattern,reqSpec));if(roleClaims.some((rc)=>{let scope=rc.scope;return!!scope&&scope.includes("self:")&&claimCouldGrant(rc.claimAction)}))await ensureUserData();let applyClaimScope=(rc)=>{let parsedScope=parseScopeWithSelf(rc.scope),{resolved,unresolved}=resolveScopeWithSelf(parsedScope,userData,logger2);Object.assign(scopeFilters,resolved),unresolvedSelf.push(...unresolved)},denyOnUnresolvedSelf=()=>{if(unresolvedSelf.length===0)return null;return logger2.warn("[Authorization] Denying request: unresolvable self: scope (failing closed)",{userId,method,entity,unresolved:unresolvedSelf}),{authorized:!1,reason:"Ownership scope could not be resolved"}};if(hasEntityAccess){for(let rc of roleClaims)if(claimMatches(rc.claimAction,entityClaimPattern,reqSpec))applyClaimScope(rc);let denied2=denyOnUnresolvedSelf();if(denied2)return denied2;return{authorized:!0,scopeFilters:Object.keys(scopeFilters).length>0?scopeFilters:void 0}}for(let{field,pattern}of fieldPatterns){let granting=roleClaims.filter((rc)=>claimMatches(rc.claimAction,pattern,reqSpec));if(granting.length>0){allowedFields.push(field);for(let rc of granting)applyClaimScope(rc)}}for(let{relation,pattern}of relationPatterns){let granting=roleClaims.filter((rc)=>claimMatches(rc.claimAction,pattern,reqSpec));if(granting.length>0){allowedRelations.push(relation);for(let rc of granting)applyClaimScope(rc)}}let denied=denyOnUnresolvedSelf();if(denied)return denied;if(!(allowedFields.length>0||allowedRelations.length>0))return{authorized:!1,reason:`No access to ${method} ${entity}`};return{authorized:!0,allowedFields:allowedFields.length>0?allowedFields:["id"],allowedRelations,scopeFilters:Object.keys(scopeFilters).length>0?scopeFilters:void 0}}catch(error){return logger2.error("[Authorization] Check failed",error),{authorized:!1,reason:"Authorization check failed"}}}function checkAuthorizationFromJWT(params){let{userClaims,userRoles,method,entity,requestedFields,requestedRelations,logger:logger2}=params,reqSpec=params.requireClaimSpecificity??!1;if(userClaims.length===0&&userRoles.length===0)return{authorized:!1,reason:"No roles or claims in token"};if(userRoles.some((r)=>isGodminRole(r)))return logger2.debug("[Authorization:JWT] User has godmin role, bypassing checks"),{authorized:!0};let entityClaimPattern=buildClaimPattern(method,entity);if(userClaims.some((c)=>claimMatches(c,entityClaimPattern,reqSpec)))return{authorized:!0};let allowedFields=[],allowedRelations=[];if(requestedFields)for(let field of requestedFields){let fieldPattern=buildClaimPattern(method,entity,field);if(userClaims.some((c)=>claimMatches(c,fieldPattern,reqSpec)))allowedFields.push(field)}if(requestedRelations)for(let relation of requestedRelations){let relationPattern=buildClaimPattern(method,entity,void 0,relation);if(userClaims.some((c)=>claimMatches(c,relationPattern,reqSpec)))allowedRelations.push(relation)}if(!(allowedFields.length>0||allowedRelations.length>0))return{authorized:!1,reason:`No access to ${method} ${entity}`};return{authorized:!0,allowedFields:allowedFields.length>0?allowedFields:["id"],allowedRelations}}async function checkAuthorizationViaIDP(params){let{idpUrl,accessToken,method,entity,requestedFields,requestedRelations,logger:logger2}=params;try{let response=await fetch(`${idpUrl}/auth/check`,{method:"POST",headers:{"Content-Type":"application/json",Cookie:`access_token=${accessToken}`},body:JSON.stringify({entity,method,fields:requestedFields,relations:requestedRelations})});if(!response.ok)return logger2.warn(`[Authorization:IDP] IDP /auth/check returned ${response.status}`),{authorized:!1,reason:`IDP authorization check failed (${response.status})`};let payload=await response.json();return unwrapIdpCheckResponse(payload)}catch(error){let msg=error instanceof Error?error.message:String(error);return logger2.error(`[Authorization:IDP] Failed to reach IDP: ${msg}`),{authorized:!1,reason:"IDP authorization service unavailable"}}}function filterResponseFields(data,allowedFields){if(!allowedFields||allowedFields.length===0)return data;let fieldsToInclude=[...new Set([...["id"],...allowedFields])],filterSingle=(item)=>{let filtered={};for(let field of fieldsToInclude)if(field in item)filtered[field]=item[field];return filtered};if(Array.isArray(data))return data.map(filterSingle);return filterSingle(data)}function filterResponseRelations(data,allowedRelations){if(!allowedRelations)return data;let filterSingle=(item)=>{let filtered={...item};for(let key of Object.keys(filtered))if(typeof filtered[key]==="object"&&filtered[key]!==null&&!allowedRelations.includes(key))delete filtered[key];return filtered};if(Array.isArray(data))return data.map(filterSingle);return filterSingle(data)}function buildScopeConditions(scopeFilters,resolveColumn){let conditions=[],unresolvedFields=[];if(!scopeFilters)return{conditions,unresolvedFields};for(let[field,value]of Object.entries(scopeFilters)){let col=resolveColumn(field);if(col)conditions.push(eq4(col,value));else unresolvedFields.push(field),conditions.push(sql`1 = 0`)}return{conditions,unresolvedFields}}var SELF_PREFIX="self:",toCamelCase2=(value)=>value.replace(/_([a-z])/g,(_,c)=>c.toUpperCase()),toSnakeCase=(value)=>value.replace(/([A-Z])/g,(_,c)=>`_${c.toLowerCase()}`),lookupUserDataField=(userData,fieldName)=>{if(fieldName in userData)return{found:!0,value:userData[fieldName]};let camel=toCamelCase2(fieldName);if(camel!==fieldName&&camel in userData)return{found:!0,value:userData[camel]};let snake=toSnakeCase(fieldName);if(snake!==fieldName&&snake in userData)return{found:!0,value:userData[snake]};return{found:!1}},unwrapIdpCheckResponse=(payload)=>{if(!payload||typeof payload!=="object")return{authorized:!1,reason:"IDP returned malformed response"};let envelope=payload;if(envelope.data&&typeof envelope.data==="object"){let data=envelope.data;if(typeof data.authorized==="boolean")return data}let flat=payload;if(typeof flat.authorized==="boolean")return flat;return{authorized:!1,reason:"IDP returned unrecognised response shape"}};var init_Middleware=__esm(()=>{init_GodminSetup();init_types3()});var exports_SeedRunner={};__export(exports_SeedRunner,{runSeed:()=>runSeed,expandClaimPatterns:()=>expandClaimPatterns});import{and as and2,eq as eq5}from"drizzle-orm";function expandClaimPatterns(patterns,allActions){let out=new Set;for(let pattern of patterns)if(pattern.endsWith(".*")){let prefix=pattern.slice(0,-2);for(let action of allActions)if(action===prefix||action.startsWith(`${prefix}.`))out.add(action)}else out.add(pattern);return[...out]}async function runSeed(db,schemaTables,seedConfig,logger2){let{roles:rolesTable,claims:claimsTable,roleClaims:roleClaimsTable}=schemaTables,result={rolesCreated:0,rolesExisting:0,claimsCreated:0,claimsExisting:0,assignmentsCreated:0,assignmentsExisting:0,assignmentsUpdated:0};if(seedConfig.roles?.length&&rolesTable)for(let roleDef of seedConfig.roles)try{if((await db.select().from(rolesTable).where(eq5(rolesTable.name,roleDef.name)).limit(1)).length===0)await db.insert(rolesTable).values({name:roleDef.name,description:roleDef.description||""}),result.rolesCreated++,logger2.info(`[Seed] Created role: ${roleDef.name}`);else result.rolesExisting++}catch(error){logger2.error(`[Seed] Failed to seed role: ${roleDef.name}`,error)}if(seedConfig.claims?.length&&claimsTable)for(let claimDef of seedConfig.claims)try{let existing=await db.select().from(claimsTable).where(eq5(claimsTable.action,claimDef.action)).limit(1);if(existing.length===0)await db.insert(claimsTable).values({action:claimDef.action,path:claimDef.path,method:claimDef.method,description:claimDef.description||`${claimDef.method} ${claimDef.path}`,...claimDef.policy!==void 0?{policy:claimDef.policy}:{}}),result.claimsCreated++,logger2.info(`[Seed] Created claim: ${claimDef.action}`);else if(claimDef.policy!==void 0){let existingRow=existing[0],currentPolicy=JSON.stringify(existingRow.policy??null),desiredPolicy=JSON.stringify(claimDef.policy??null);if(currentPolicy!==desiredPolicy)await db.update(claimsTable).set({policy:claimDef.policy}).where(eq5(claimsTable.action,claimDef.action)),result.claimsExisting++,logger2.warn(`[Seed] Reconciled policy for claim: ${claimDef.action}`);else result.claimsExisting++}else result.claimsExisting++}catch(error){logger2.error(`[Seed] Failed to seed claim: ${claimDef.action}`,error)}if(seedConfig.roleClaimAssignments?.length&&rolesTable&&claimsTable&&roleClaimsTable){let allClaimActions=(await db.select().from(claimsTable)).map((c)=>String(c.action??""));for(let assignment of seedConfig.roleClaimAssignments){let role=(await db.select().from(rolesTable).where(eq5(rolesTable.name,assignment.role)).limit(1))[0];if(!role){logger2.warn(`[Seed] Role not found for assignment: ${assignment.role}`);continue}let roleId=role.id,resolvedActions=expandClaimPatterns(assignment.claims,allClaimActions);for(let pattern of assignment.claims)if(pattern.endsWith(".*")&&!resolvedActions.some((a)=>a.startsWith(pattern.slice(0,-1))))logger2.warn(`[Seed] No claim matched prefix pattern: ${pattern}`);for(let claimAction of resolvedActions)try{let claim=(await db.select().from(claimsTable).where(eq5(claimsTable.action,claimAction)).limit(1))[0];if(!claim){logger2.warn(`[Seed] Claim not found for assignment: ${claimAction}`);continue}let claimId=claim.id,existingAssignment=await db.select().from(roleClaimsTable).where(and2(eq5(roleClaimsTable.roleId,roleId),eq5(roleClaimsTable.claimId,claimId))).limit(1);if(existingAssignment.length===0)await db.insert(roleClaimsTable).values({roleId,claimId,scope:assignment.scope||null}),result.assignmentsCreated++;else{let existingRow=existingAssignment[0],desiredScope=assignment.scope||null,currentScope=existingRow.scope??null;if(currentScope!==desiredScope)await db.update(roleClaimsTable).set({scope:desiredScope}).where(and2(eq5(roleClaimsTable.roleId,roleId),eq5(roleClaimsTable.claimId,claimId))),result.assignmentsUpdated++,logger2.warn(`[Seed] Reconciled scope for ${assignment.role} -> ${claimAction}: ${JSON.stringify(currentScope)} => ${JSON.stringify(desiredScope)}`);else result.assignmentsExisting++}}catch(error){logger2.error(`[Seed] Failed to assign claim ${claimAction} to role ${assignment.role}`,error)}if(result.assignmentsCreated>0)logger2.info(`[Seed] Role "${assignment.role}": assigned ${result.assignmentsCreated} claims`)}}return result}var init_SeedRunner=()=>{};var init_Authorization=__esm(()=>{init_ClaimSeeder();init_ClaimsCache();init_GodminSetup();init_Middleware();init_SeedRunner();init_types3()});import{createCipheriv,createDecipheriv,randomBytes as randomBytes2,scryptSync}from"crypto";var MAGIC,IV_LEN=12,TAG_LEN=16,deriveKey=(secret)=>scryptSync(secret,"nucleus-backup-v1",32),encryptBackup=(plaintext,secret)=>{if(!secret)throw Error("backup encryption key is empty");let key=deriveKey(secret),iv=randomBytes2(IV_LEN),cipher=createCipheriv("aes-256-gcm",key,iv),ciphertext=Buffer.concat([cipher.update(plaintext,"utf-8"),cipher.final()]),tag=cipher.getAuthTag();return Buffer.concat([MAGIC,iv,tag,ciphertext])},isEncryptedBackup=(buf)=>buf.length>=MAGIC.length+IV_LEN+TAG_LEN&&buf.subarray(0,MAGIC.length).equals(MAGIC),decryptBackup=(blob,secret)=>{if(!secret)throw Error("backup encryption key is empty");if(!isEncryptedBackup(blob))throw Error("not an encrypted backup");let key=deriveKey(secret),iv=blob.subarray(MAGIC.length,MAGIC.length+IV_LEN),tag=blob.subarray(MAGIC.length+IV_LEN,MAGIC.length+IV_LEN+TAG_LEN),ciphertext=blob.subarray(MAGIC.length+IV_LEN+TAG_LEN),decipher=createDecipheriv("aes-256-gcm",key,iv);return decipher.setAuthTag(tag),Buffer.concat([decipher.update(ciphertext),decipher.final()]).toString("utf-8")};var init_encryption=__esm(()=>{MAGIC=Buffer.from("NXB1")});import{mkdir,readFile,stat,unlink,writeFile}from"fs/promises";import{join}from"path";import{eq as eq6,sql as sql2}from"drizzle-orm";class BackupService{db;logger;config;schemaTables;schemaName;backupLogsTable;cronTimer=null;schedulerActive=!1;constructor(serviceConfig){this.db=serviceConfig.db,this.logger=serviceConfig.logger,this.config=serviceConfig.config,this.schemaTables=serviceConfig.schemaTables,this.schemaName=serviceConfig.schemaName,this.backupLogsTable=serviceConfig.backupLogsTable}async createBackup(trigger="manual",performedBy,targetSchemaName,targetSchemaTables){let resolvedSchema=targetSchemaName||this.schemaName,resolvedTables=targetSchemaTables||this.schemaTables,now=new Date,backupId=crypto.randomUUID(),timestamp=now.toISOString().replace(/[:.]/g,"-"),backupName=`${resolvedSchema}_${timestamp}`,fileName=`${backupName}.json`,filePath=join(this.config.storagePath,fileName),logRecord={id:backupId,backupName,fileName,schemaName:resolvedSchema,format:this.config.format,status:"running",trigger,sizeBytes:null,tableCount:null,rowCount:null,includedTables:[],excludedTables:this.config.excludeTables,errorMessage:null,startedAt:now.toISOString(),completedAt:null,performedBy:performedBy||null,cronExpression:trigger==="scheduled"?this.config.schedule.cron:null,retentionDays:this.config.schedule.retentionDays};await this.insertLogRecord(logRecord);try{await mkdir(this.config.storagePath,{recursive:!0});let tableNames=this.getBackupTableNames(resolvedTables),backupData=[],totalRows=0;for(let tableName of tableNames){let table=resolvedTables[tableName];if(!table)continue;try{let rows=await this.db.select().from(table),columns=Object.keys(table).filter((k)=>!k.startsWith("_")&&typeof table[k]!=="function");backupData.push({tableName,columns,rows}),totalRows+=rows.length}catch(err){let msg=err instanceof Error?err.message:String(err);this.logger.warn(`[Backup] Failed to export table ${tableName}: ${msg}`)}}let backupFile={manifest:{version:"1.0",createdAt:now.toISOString(),schemaName:resolvedSchema,format:this.config.format,tables:backupData.map((t)=>({tableName:t.tableName,rowCount:t.rows.length,columns:t.columns})),totalRows},data:backupData},jsonContent=JSON.stringify(backupFile,null,2);if(this.config.encryptionKey)await writeFile(filePath,encryptBackup(jsonContent,this.config.encryptionKey));else await writeFile(filePath,jsonContent,"utf-8");let fileStats=await stat(filePath);return logRecord.status="completed",logRecord.completedAt=new Date().toISOString(),logRecord.tableCount=backupData.length,logRecord.rowCount=totalRows,logRecord.sizeBytes=fileStats.size,logRecord.includedTables=tableNames,await this.updateLogRecord(logRecord),this.logger.info("[Backup] Backup completed",{backupId,schemaName:resolvedSchema,tables:backupData.length,rows:totalRows,sizeBytes:fileStats.size}),await this.enforceMaxBackups(),logRecord}catch(err){let msg=err instanceof Error?err.message:String(err);return logRecord.status="failed",logRecord.errorMessage=msg,logRecord.completedAt=new Date().toISOString(),await this.updateLogRecord(logRecord),this.logger.error("[Backup] Backup failed",err,{backupId,schemaName:resolvedSchema}),logRecord}}async restoreFromBackup(backupId,performedBy,targetSchemaName,targetSchemaTables){if(!this.config.allowRestore)return{success:!1,message:"Restore is disabled in configuration"};let resolvedTables=targetSchemaTables||this.schemaTables,logRecord=await this.getLogRecord(backupId);if(!logRecord)return{success:!1,message:"Backup not found"};if(logRecord.status!=="completed")return{success:!1,message:`Cannot restore from backup with status: ${logRecord.status}`};let filePath=join(this.config.storagePath,logRecord.fileName);try{let raw=await readFile(filePath),content;if(isEncryptedBackup(raw)){if(!this.config.encryptionKey)return{success:!1,message:"Backup is encrypted but no encryption key is configured"};content=decryptBackup(raw,this.config.encryptionKey)}else content=raw.toString("utf-8");let backupFile=JSON.parse(content);await this.createBackup("pre_restore",performedBy,targetSchemaName,targetSchemaTables);let tablesRestored=0,rowsRestored=0;return await this.db.transaction(async(tx)=>{await tx.execute(sql2`SET CONSTRAINTS ALL DEFERRED`);for(let tableData of backupFile.data){let table=resolvedTables[tableData.tableName];if(!table){this.logger.warn(`[Backup] Skipping restore for ${tableData.tableName}: table not found in schema`);continue}if(tableData.rows.length===0)continue;await tx.delete(table);let chunkSize=500;for(let i=0;i<tableData.rows.length;i+=chunkSize){let chunk=tableData.rows.slice(i,i+chunkSize);await tx.insert(table).values(chunk)}tablesRestored++,rowsRestored+=tableData.rows.length}}),logRecord.status="restored",await this.updateLogRecord(logRecord),this.logger.info("[Backup] Restore completed",{backupId,tablesRestored,rowsRestored}),{success:!0,message:`Restored ${tablesRestored} tables with ${rowsRestored} rows`,tablesRestored,rowsRestored}}catch(err){let msg=err instanceof Error?err.message:String(err);return this.logger.error("[Backup] Restore failed",err,{backupId}),{success:!1,message:`Restore failed: ${msg}`}}}async listBackups(){if(!this.backupLogsTable)return[];return await this.db.select().from(this.backupLogsTable).orderBy(sql2`created_at DESC`).limit(100)}async getBackupFilePath(backupId){let record=await this.getLogRecord(backupId);if(!record)return null;return join(this.config.storagePath,record.fileName)}async deleteBackup(backupId){let record=await this.getLogRecord(backupId);if(!record)return!1;let filePath=join(this.config.storagePath,record.fileName);try{await unlink(filePath)}catch{}if(this.backupLogsTable)await this.db.delete(this.backupLogsTable).where(eq6(col(this.backupLogsTable,"id"),backupId));return!0}startScheduler(){if(!this.config.schedule.enabled||!this.config.schedule.cron)return;this.logger.info("[Backup] Scheduler started",{cron:this.config.schedule.cron,retentionDays:this.config.schedule.retentionDays}),this.schedulerActive=!0,this.scheduleNextRun()}scheduleNextRun(){if(!this.schedulerActive)return;let delayMs=this.getNextDelayMs(this.config.schedule.cron);this.logger.debug?.("[Backup] Next scheduled backup",{inMs:delayMs}),this.cronTimer=setTimeout(async()=>{try{this.logger.info("[Backup] Scheduled backup starting..."),await this.createBackup("scheduled"),await this.cleanupExpiredBackups()}catch(err){let msg=err instanceof Error?err.message:String(err);this.logger.error("[Backup] Scheduled backup failed",{error:msg})}finally{this.scheduleNextRun()}},delayMs)}stopScheduler(){if(this.schedulerActive=!1,this.cronTimer)clearTimeout(this.cronTimer),this.cronTimer=null,this.logger.info("[Backup] Scheduler stopped")}getBackupTableNames(tables){return Object.keys(tables).filter((name)=>{if(this.config.excludeTables.includes(name))return!1;let val=tables[name];if(!val||typeof val!=="object")return!1;return Object.getOwnPropertySymbols(val).length>0})}async insertLogRecord(record){if(!this.backupLogsTable)return;try{await this.db.insert(this.backupLogsTable).values({id:record.id,backupName:record.backupName,fileName:record.fileName,schemaName:record.schemaName,format:record.format,status:record.status,trigger:record.trigger,sizeBytes:record.sizeBytes,tableCount:record.tableCount,rowCount:record.rowCount,includedTables:JSON.stringify(record.includedTables),excludedTables:JSON.stringify(record.excludedTables),errorMessage:record.errorMessage,startedAt:record.startedAt?new Date(record.startedAt):null,completedAt:record.completedAt?new Date(record.completedAt):null,performedBy:record.performedBy,cronExpression:record.cronExpression,retentionDays:record.retentionDays,createdAt:new Date,updatedAt:new Date})}catch(err){let msg=err instanceof Error?err.message:String(err);this.logger.warn(`[Backup] Failed to insert backup log: ${msg}`)}}async updateLogRecord(record){if(!this.backupLogsTable)return;try{await this.db.update(this.backupLogsTable).set({status:record.status,sizeBytes:record.sizeBytes,tableCount:record.tableCount,rowCount:record.rowCount,includedTables:JSON.stringify(record.includedTables),errorMessage:record.errorMessage,completedAt:record.completedAt?new Date(record.completedAt):null,updatedAt:new Date}).where(eq6(col(this.backupLogsTable,"id"),record.id))}catch(err){let msg=err instanceof Error?err.message:String(err);this.logger.warn(`[Backup] Failed to update backup log: ${msg}`)}}async getLogRecord(backupId){if(!this.backupLogsTable)return null;return(await this.db.select().from(this.backupLogsTable).where(eq6(col(this.backupLogsTable,"id"),backupId)).limit(1))[0]||null}async enforceMaxBackups(){if(!this.backupLogsTable)return;let allBackups=await this.db.select().from(this.backupLogsTable).where(eq6(col(this.backupLogsTable,"status"),"completed")).orderBy(sql2`created_at DESC`);if(allBackups.length>this.config.maxBackups){let toDelete=allBackups.slice(this.config.maxBackups);for(let backup of toDelete){let b=backup;await this.deleteBackup(b.id)}this.logger.info("[Backup] Old backups cleaned up",{deleted:toDelete.length})}}async cleanupExpiredBackups(){if(!this.backupLogsTable||!this.config.schedule.retentionDays)return;let cutoff=new Date;cutoff.setDate(cutoff.getDate()-this.config.schedule.retentionDays);let{lt}=await import("drizzle-orm"),expired=await this.db.select().from(this.backupLogsTable).where(lt(col(this.backupLogsTable,"createdAt"),cutoff));for(let backup of expired){let b=backup;await this.deleteBackup(b.id)}if(expired.length>0)this.logger.info("[Backup] Expired backups cleaned up",{deleted:expired.length,retentionDays:this.config.schedule.retentionDays})}getNextDelayMs(cron){let parts=cron.trim().split(/\s+/);if(parts.length!==5)return 86400000;let[min,hour]=parts;if(hour?.startsWith("*/")){let h2=Number.parseInt(hour.slice(2),10);return Number.isFinite(h2)&&h2>0?h2*60*60*1000:86400000}if(min?.startsWith("*/")){let m2=Number.parseInt(min.slice(2),10);return Number.isFinite(m2)&&m2>0?m2*60*1000:3600000}let m=Number.parseInt(min??"",10),h=Number.parseInt(hour??"",10);if(Number.isFinite(m)&&m>=0&&m<60&&Number.isFinite(h)&&h>=0&&h<24){let now=new Date,next=new Date(now);if(next.setHours(h,m,0,0),next.getTime()<=now.getTime())next.setDate(next.getDate()+1);return next.getTime()-now.getTime()}return 86400000}}var col=(table,name)=>table[name];var init_BackupService=__esm(()=>{init_encryption()});var init_Backup=__esm(()=>{init_BackupService()});function parseTimeToSeconds(time){let match=time.match(/^(\d+)(s|m|h|d)$/);if(!match||!match[1]||!match[2])return 300;let value=Number.parseInt(match[1],10);switch(match[2]){case"s":return value;case"m":return value*60;case"h":return value*3600;case"d":return value*86400;default:return 300}}function generateSecureId(){let bytes=new Uint8Array(24);return crypto.getRandomValues(bytes),Array.from(bytes).map((b)=>b.toString(16).padStart(2,"0")).join("")}function hashAnswer(answer){let hasher=new Bun.CryptoHasher("sha256");return hasher.update(answer),hasher.digest("hex")}function timingSafeEqual(a,b){if(a.length!==b.length){let dummy=new Uint8Array(32);return crypto.getRandomValues(dummy),!1}let encoder=new TextEncoder,bufA=encoder.encode(a),bufB=encoder.encode(b),result=0;for(let i=0;i<bufA.length;i++)result|=(bufA[i]??0)^(bufB[i]??0);return result===0}function getSecureRandomInt(min,max){let range=max-min+1,bytesNeeded=Math.ceil(Math.log2(range)/8)||1,maxValue=256**bytesNeeded,limit=maxValue-maxValue%range,randomValue,bytes=new Uint8Array(bytesNeeded);do crypto.getRandomValues(bytes),randomValue=bytes.reduce((acc,byte,i)=>acc+byte*256**i,0);while(randomValue>=limit);return min+randomValue%range}function generateMathChallenge(difficulty){let config=DIFFICULTY_CONFIG[difficulty],{min,max}=config.mathRange,operations=["+","-","\xD7"],operation=operations[getSecureRandomInt(0,operations.length-1)],num1=getSecureRandomInt(min,max),num2=getSecureRandomInt(min,max),answer;switch(operation){case"+":answer=num1+num2;break;case"-":if(num1<num2)[num1,num2]=[num2,num1];answer=num1-num2;break;case"\xD7":num1=getSecureRandomInt(1,12),num2=getSecureRandomInt(1,12),answer=num1*num2;break;default:answer=num1+num2}return{question:`${num1} ${operation} ${num2} = ?`,answer:answer.toString()}}function generateTextChallenge(difficulty){let config=DIFFICULTY_CONFIG[difficulty],text="";for(let i=0;i<config.textLength;i++)text+="ABCDEFGHJKLMNPQRSTUVWXYZ23456789".charAt(getSecureRandomInt(0,31));return{question:text,answer:text}}function generateImageChallenge(difficulty){let textChallenge=generateTextChallenge(difficulty),width=200,height=60,svgContent=generateCaptchaSVG(textChallenge.answer,200,60),imageData=`data:image/svg+xml;base64,${Buffer.from(svgContent).toString("base64")}`;return{question:"Enter the text shown in the image",answer:textChallenge.answer,imageData}}function getSecureFloat(){let bytes=new Uint32Array(1);return crypto.getRandomValues(bytes),(bytes[0]??0)/4294967295}function generateCaptchaSVG(text,width,height){let bgR=240+getSecureFloat()*15,bgG=240+getSecureFloat()*15,bgB=240+getSecureFloat()*15,bgColor=`rgb(${bgR}, ${bgG}, ${bgB})`,noiseLines="";for(let i=0;i<12;i++){let x1=getSecureFloat()*width,y1=getSecureFloat()*height,x2=getSecureFloat()*width,y2=getSecureFloat()*height,r=getSecureFloat()*100+100,g=getSecureFloat()*100+100,b=getSecureFloat()*100+100,strokeWidth=1+getSecureFloat()*2;noiseLines+=`<line x1="${x1}" y1="${y1}" x2="${x2}" y2="${y2}" stroke="rgb(${r},${g},${b})" stroke-width="${strokeWidth}"/>`}let noiseCurves="";for(let i=0;i<4;i++){let startX2=getSecureFloat()*width,startY=getSecureFloat()*height,cp1X=getSecureFloat()*width,cp1Y=getSecureFloat()*height,cp2X=getSecureFloat()*width,cp2Y=getSecureFloat()*height,endX=getSecureFloat()*width,endY=getSecureFloat()*height,r=getSecureFloat()*80+80,g=getSecureFloat()*80+80,b=getSecureFloat()*80+80;noiseCurves+=`<path d="M${startX2},${startY} C${cp1X},${cp1Y} ${cp2X},${cp2Y} ${endX},${endY}" stroke="rgb(${r},${g},${b})" stroke-width="2" fill="none"/>`}let noiseDots="";for(let i=0;i<80;i++){let x=getSecureFloat()*width,y=getSecureFloat()*height,r=getSecureFloat()*150+50,g=getSecureFloat()*150+50,b=getSecureFloat()*150+50,radius=getSecureFloat()*3+1;noiseDots+=`<circle cx="${x}" cy="${y}" r="${radius}" fill="rgb(${r},${g},${b})"/>`}let textElements="",charWidth=width/(text.length+2),startX=charWidth;for(let i=0;i<text.length;i++){let x=startX+i*charWidth+(getSecureFloat()-0.5)*15,y=height/2+8+(getSecureFloat()-0.5)*12,rotation=(getSecureFloat()-0.5)*40,fontSize=22+getSecureFloat()*10,r=getSecureFloat()*80,g=getSecureFloat()*80,b=getSecureFloat()*80,skewX=(getSecureFloat()-0.5)*15,scaleY=0.9+getSecureFloat()*0.3;textElements+=`<text x="${x}" y="${y}" font-family="Arial, Helvetica, sans-serif" font-size="${fontSize}" font-weight="bold" fill="rgb(${r},${g},${b})" transform="rotate(${rotation}, ${x}, ${y}) skewX(${skewX}) scale(1, ${scaleY})" style="font-style: ${getSecureFloat()>0.5?"italic":"normal"}">${text[i]}</text>`}let overlayLines="";for(let i=0;i<3;i++){let y=10+getSecureFloat()*(height-20),r=getSecureFloat()*60+60,g=getSecureFloat()*60+60,b=getSecureFloat()*60+60;overlayLines+=`<line x1="0" y1="${y}" x2="${width}" y2="${y+(getSecureFloat()-0.5)*20}" stroke="rgb(${r},${g},${b})" stroke-width="1.5"/>`}return`<svg xmlns="http://www.w3.org/2000/svg" width="${width}" height="${height}" viewBox="0 0 ${width} ${height}">
|
|
18
18
|
<defs>
|
|
19
19
|
<filter id="noise" x="0%" y="0%" width="100%" height="100%">
|
|
20
20
|
<feTurbulence type="fractalNoise" baseFrequency="0.04" numOctaves="2" result="noise"/>
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "nucleus-core-ts",
|
|
3
|
-
"version": "0.9.
|
|
3
|
+
"version": "0.9.721",
|
|
4
4
|
"description": "Production-ready, enterprise-grade TypeScript framework for building multi-tenant APIs",
|
|
5
5
|
"author": "Hidayet Can Özcan <hidayetcan@gmail.com>",
|
|
6
6
|
"license": "SEE LICENSE IN LICENSE",
|