nucleus-core-ts 0.9.746 → 0.9.748

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -392,7 +392,7 @@ Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH
392
392
  WD9f
393
393
  -----END CERTIFICATE-----
394
394
  `;class BaseSettingsService{constructor(){Object.defineProperty(this,"pemCertificates",{enumerable:!0,configurable:!0,writable:!0,value:void 0}),this.pemCertificates=new Map}setRootCertificates(opts){let{identifier,certificates}=opts,newCertificates=[];for(let cert of certificates)if(cert instanceof Uint8Array)newCertificates.push(convertCertBufferToPEM(cert));else newCertificates.push(cert);this.pemCertificates.set(identifier,newCertificates)}getRootCertificates(opts){let{identifier}=opts;return this.pemCertificates.get(identifier)??[]}}var SettingsService;var init_settingsService=__esm(()=>{init_convertCertBufferToPEM();SettingsService=new BaseSettingsService;SettingsService.setRootCertificates({identifier:"android-key",certificates:[Google_Hardware_Attestation_Root_1,Google_Hardware_Attestation_Root_2,Google_Hardware_Attestation_Root_3,Google_Hardware_Attestation_Root_4]});SettingsService.setRootCertificates({identifier:"android-safetynet",certificates:[GlobalSign_Root_CA]});SettingsService.setRootCertificates({identifier:"apple",certificates:[Apple_WebAuthn_Root_CA]});SettingsService.setRootCertificates({identifier:"mds",certificates:[GlobalSign_Root_CA_R3]})});async function verifyMDSBlob(blob){let parsedJWT=parseJWT(blob),header=parsedJWT[0],payload=parsedJWT[1],headerCertsPEM=header.x5c.map(convertCertBufferToPEM);try{let rootCerts=SettingsService.getRootCertificates({identifier:"mds"});await validateCertificatePath(headerCertsPEM,rootCerts)}catch(error){throw Error("BLOB certificate path could not be validated",{cause:error})}let leafCert=headerCertsPEM[0];if(!await verifyJWT2(blob,convertPEMToBytes(leafCert)))throw Error("BLOB signature could not be verified");let statements=[];for(let entry of payload.entries)if(entry.aaguid&&entry.metadataStatement)statements.push(entry.metadataStatement);let[year,month,day]=payload.nextUpdate.split("-"),parsedNextUpdate=new Date(parseInt(year,10),parseInt(month,10)-1,parseInt(day,10));return{statements,parsedNextUpdate,payload}}var init_verifyMDSBlob=__esm(()=>{init_parseJWT();init_verifyJWT();init_validateCertificatePath();init_convertCertBufferToPEM();init_convertPEMToBytes();init_settingsService()});var init_helpers=__esm(()=>{init_cose();init_convertAAGUIDToString();init_convertCertBufferToPEM();init_convertCOSEtoPKCS();init_decodeAttestationObject();init_decodeClientDataJSON();init_decodeCredentialPublicKey();init_generateChallenge();init_generateUserID();init_getCertificateInfo();init_isCertRevoked();init_parseAuthenticatorData();init_toHash();init_validateCertificatePath();init_verifySignature();init_iso();init_verifyMDSBlob()});async function verifyOKP(opts){let{cosePublicKey,signature,data}=opts,WebCrypto=await getWebCrypto(),alg=cosePublicKey.get(COSEKEYS.alg),crv=cosePublicKey.get(COSEKEYS.crv),x=cosePublicKey.get(COSEKEYS.x);if(!alg)throw Error("Public key was missing alg (OKP)");if(!isCOSEAlg(alg))throw Error(`Public key had invalid alg ${alg} (OKP)`);if(!crv)throw Error("Public key was missing crv (OKP)");if(!x)throw Error("Public key was missing x (OKP)");let _crv;if(crv===COSECRV.ED25519)_crv="Ed25519";else throw Error(`Unexpected COSE crv value of ${crv} (OKP)`);let keyData={kty:"OKP",crv:_crv,alg:"EdDSA",x:exports_isoBase64URL.fromBuffer(x),ext:!1},key2=await importKey({keyData,algorithm:{name:_crv,namedCurve:_crv}}),verifyAlgorithm={name:_crv};return WebCrypto.subtle.verify(verifyAlgorithm,key2,signature,data)}var init_verifyOKP=__esm(()=>{init_cose();init_helpers();init_importKey();init_getWebCrypto()});function unwrapEC2Signature(signature,crv){let parsedSignature=AsnParser.parse(signature,ECDSASigValue),rBytes=new Uint8Array(parsedSignature.r),sBytes=new Uint8Array(parsedSignature.s),componentLength=getSignatureComponentLength(crv),rNormalizedBytes=toNormalizedBytes(rBytes,componentLength),sNormalizedBytes=toNormalizedBytes(sBytes,componentLength);return exports_isoUint8Array.concat([rNormalizedBytes,sNormalizedBytes])}function getSignatureComponentLength(crv){switch(crv){case COSECRV.P256:return 32;case COSECRV.P384:return 48;case COSECRV.P521:return 66;default:throw Error(`Unexpected COSE crv value of ${crv} (EC2)`)}}function toNormalizedBytes(bytes,componentLength){let normalizedBytes;if(bytes.length<componentLength)normalizedBytes=new Uint8Array(componentLength),normalizedBytes.set(bytes,componentLength-bytes.length);else if(bytes.length===componentLength)normalizedBytes=bytes;else if(bytes.length===componentLength+1&&bytes[0]===0&&(bytes[1]&128)===128)normalizedBytes=bytes.subarray(1);else throw Error(`Invalid signature component length ${bytes.length}, expected ${componentLength}`);return normalizedBytes}var init_unwrapEC2Signature=__esm(()=>{init_es2015();init_es20155();init_cose();init_iso()});function verify(opts){let{cosePublicKey,signature,data,shaHashOverride}=opts;if(isCOSEPublicKeyEC2(cosePublicKey)){let crv=cosePublicKey.get(COSEKEYS.crv);if(!isCOSECrv(crv))throw Error(`unknown COSE curve ${crv}`);let unwrappedSignature=unwrapEC2Signature(signature,crv);return verifyEC2({cosePublicKey,signature:unwrappedSignature,data,shaHashOverride})}else if(isCOSEPublicKeyRSA(cosePublicKey))return verifyRSA({cosePublicKey,signature,data,shaHashOverride});else if(isCOSEPublicKeyOKP(cosePublicKey))return verifyOKP({cosePublicKey,signature,data});let kty=cosePublicKey.get(COSEKEYS.kty);throw Error(`Signature verification with public key of kty ${kty} is not supported by this method`)}var init_verify=__esm(()=>{init_cose();init_verifyEC2();init_verifyRSA();init_verifyOKP();init_unwrapEC2Signature()});var exports_isoCrypto={};__export(exports_isoCrypto,{verify:()=>verify,getRandomValues:()=>getRandomValues,digest:()=>digest});var init_isoCrypto=__esm(()=>{init_digest();init_getRandomValues();init_verify()});var exports_isoUint8Array={};__export(exports_isoUint8Array,{toUTF8String:()=>toUTF8String2,toHex:()=>toHex,toDataView:()=>toDataView,fromUTF8String:()=>fromUTF8String2,fromHex:()=>fromHex,fromASCIIString:()=>fromASCIIString,concat:()=>concat3,areEqual:()=>areEqual});function areEqual(array1,array2){if(array1.length!=array2.length)return!1;return array1.every((val,i)=>val===array2[i])}function toHex(array){return Array.from(array,(i)=>i.toString(16).padStart(2,"0")).join("")}function fromHex(hex2){if(!hex2)return Uint8Array.from([]);if(!(hex2.length!==0&&hex2.length%2===0&&!/[^a-fA-F0-9]/u.test(hex2)))throw Error("Invalid hex string");let byteStrings=hex2.match(/.{1,2}/g)??[];return Uint8Array.from(byteStrings.map((byte)=>parseInt(byte,16)))}function concat3(arrays){let pointer=0,totalLength=arrays.reduce((prev,curr)=>prev+curr.length,0),toReturn=new Uint8Array(totalLength);return arrays.forEach((arr)=>{toReturn.set(arr,pointer),pointer+=arr.length}),toReturn}function toUTF8String2(array){return new globalThis.TextDecoder("utf-8").decode(array)}function fromUTF8String2(utf8String){return new globalThis.TextEncoder().encode(utf8String)}function fromASCIIString(value){return Uint8Array.from(value.split("").map((x)=>x.charCodeAt(0)))}function toDataView(array){return new DataView(array.buffer,array.byteOffset,array.length)}var init_iso=__esm(()=>{init_isoBase64URL();init_isoCBOR();init_isoCrypto()});async function generateChallenge2(){let challenge=new Uint8Array(32);return await exports_isoCrypto.getRandomValues(challenge),_generateChallengeInternals.stubThis(challenge)}var _generateChallengeInternals;var init_generateChallenge=__esm(()=>{init_iso();_generateChallengeInternals={stubThis:(value)=>value}});async function generateRegistrationOptions(options){let{rpName,rpID,userName,userID,challenge=await generateChallenge2(),userDisplayName="",timeout=60000,attestationType="none",excludeCredentials=[],authenticatorSelection=defaultAuthenticatorSelection,extensions:extensions2,supportedAlgorithmIDs=defaultSupportedAlgorithmIDs,preferredAuthenticatorType}=options,pubKeyCredParams=supportedAlgorithmIDs.map((id)=>({alg:id,type:"public-key"}));if(authenticatorSelection.residentKey===void 0){if(authenticatorSelection.requireResidentKey)authenticatorSelection.residentKey="required"}else authenticatorSelection.requireResidentKey=authenticatorSelection.residentKey==="required";let _challenge=challenge;if(typeof _challenge==="string")_challenge=exports_isoUint8Array.fromUTF8String(_challenge);if(typeof userID==="string")throw Error("String values for `userID` are no longer supported. See https://simplewebauthn.dev/docs/advanced/server/custom-user-ids");let _userID=userID;if(!_userID)_userID=await generateUserID();let hints=[];if(preferredAuthenticatorType){if(preferredAuthenticatorType==="securityKey")hints.push("security-key"),authenticatorSelection.authenticatorAttachment="cross-platform";else if(preferredAuthenticatorType==="localDevice")hints.push("client-device"),authenticatorSelection.authenticatorAttachment="platform";else if(preferredAuthenticatorType==="remoteDevice")hints.push("hybrid"),authenticatorSelection.authenticatorAttachment="cross-platform"}return{challenge:exports_isoBase64URL.fromBuffer(_challenge),rp:{name:rpName,id:rpID},user:{id:exports_isoBase64URL.fromBuffer(_userID),name:userName,displayName:userDisplayName},pubKeyCredParams,timeout,attestation:attestationType,excludeCredentials:excludeCredentials.map((cred)=>{if(!exports_isoBase64URL.isBase64URL(cred.id))throw Error(`excludeCredential id "${cred.id}" is not a valid base64url string`);return{...cred,id:exports_isoBase64URL.trimPadding(cred.id),type:"public-key"}}),authenticatorSelection,extensions:{...extensions2,credProps:!0},hints}}var supportedCOSEAlgorithmIdentifiers,defaultAuthenticatorSelection,defaultSupportedAlgorithmIDs;var init_generateRegistrationOptions=__esm(()=>{init_generateChallenge();init_generateUserID();init_iso();supportedCOSEAlgorithmIdentifiers=[-8,-7,-36,-37,-38,-39,-257,-258,-259,-65535],defaultAuthenticatorSelection={residentKey:"preferred",userVerification:"preferred"},defaultSupportedAlgorithmIDs=[-8,-7,-257]});function parseBackupFlags({be,bs}){let credentialBackedUp=bs,credentialDeviceType="singleDevice";if(be)credentialDeviceType="multiDevice";if(credentialDeviceType==="singleDevice"&&credentialBackedUp)throw new InvalidBackupFlags("Single-device credential indicated that it was backed up, which should be impossible.");return{credentialDeviceType,credentialBackedUp}}var InvalidBackupFlags;var init_parseBackupFlags=__esm(()=>{InvalidBackupFlags=class InvalidBackupFlags extends Error{constructor(message){super(message);this.name="InvalidBackupFlags"}}});async function matchExpectedRPID(rpIDHash,expectedRPIDs){try{return await Promise.any(expectedRPIDs.map((expected)=>{return new Promise((resolve2,reject)=>{toHash(exports_isoUint8Array.fromASCIIString(expected)).then((expectedRPIDHash)=>{if(exports_isoUint8Array.areEqual(rpIDHash,expectedRPIDHash))resolve2(expected);else reject()})})}))}catch(err){if(err.name==="AggregateError")throw new UnexpectedRPIDHash;throw err}}var UnexpectedRPIDHash;var init_matchExpectedRPID=__esm(()=>{init_toHash();init_iso();UnexpectedRPIDHash=class UnexpectedRPIDHash extends Error{constructor(){super("Unexpected RP ID hash");this.name="UnexpectedRPIDHash"}}});async function verifyAttestationFIDOU2F(options){let{attStmt,clientDataHash,rpIdHash,credentialID,credentialPublicKey,aaguid,rootCertificates}=options,reservedByte=Uint8Array.from([0]),publicKey=convertCOSEtoPKCS(credentialPublicKey),signatureBase=exports_isoUint8Array.concat([reservedByte,rpIdHash,clientDataHash,credentialID,publicKey]),sig=attStmt.get("sig"),x5c=attStmt.get("x5c");if(!x5c)throw Error("No attestation certificate provided in attestation statement (FIDOU2F)");if(!sig)throw Error("No attestation signature provided in attestation statement (FIDOU2F)");let aaguidToHex=Number.parseInt(exports_isoUint8Array.toHex(aaguid),16);if(aaguidToHex!==0)throw Error(`AAGUID "${aaguidToHex}" was not expected value`);try{await validateCertificatePath(x5c.map(convertCertBufferToPEM),rootCertificates)}catch(err){throw Error(`${err.message} (FIDOU2F)`)}return verifySignature2({signature:sig,data:signatureBase,x509Certificate:x5c[0],hashAlgorithm:COSEALG.ES256})}var init_verifyAttestationFIDOU2F=__esm(()=>{init_convertCOSEtoPKCS();init_convertCertBufferToPEM();init_validateCertificatePath();init_verifySignature();init_iso();init_cose()});function validateExtFIDOGenCEAAGUID(certExtensions,aaguid){if(!certExtensions)return!0;let extFIDOGenCEAAGUID=certExtensions.find((ext)=>ext.extnID===id_fido_gen_ce_aaguid);if(!extFIDOGenCEAAGUID)return!0;let parsedExtFIDOGenCEAAGUID=AsnParser.parse(extFIDOGenCEAAGUID.extnValue,OctetString2),extValue=new Uint8Array(parsedExtFIDOGenCEAAGUID.buffer);if(!exports_isoUint8Array.areEqual(aaguid,extValue)){let _debugExtHex=exports_isoUint8Array.toHex(extValue),_debugAAGUIDHex=exports_isoUint8Array.toHex(aaguid);throw Error(`Certificate extension id-fido-gen-ce-aaguid (${id_fido_gen_ce_aaguid}) value of "${_debugExtHex}" was present but not equal to attestation statement AAGUID value of "${_debugAAGUIDHex}"`)}return!0}var id_fido_gen_ce_aaguid="1.3.6.1.4.1.45724.1.1.4";var init_validateExtFIDOGenCEAAGUID=__esm(()=>{init_es2015();init_iso()});function getLogger(_name){return(_message,..._rest)=>{}}class BaseMetadataService{constructor(){Object.defineProperty(this,"mdsCache",{enumerable:!0,configurable:!0,writable:!0,value:{}}),Object.defineProperty(this,"statementCache",{enumerable:!0,configurable:!0,writable:!0,value:{}}),Object.defineProperty(this,"state",{enumerable:!0,configurable:!0,writable:!0,value:SERVICE_STATE.DISABLED}),Object.defineProperty(this,"verificationMode",{enumerable:!0,configurable:!0,writable:!0,value:"strict"})}async initialize(opts={}){this.statementCache={};let{mdsServers=[defaultURLMDS],statements,verificationMode}=opts;if(this.setState(SERVICE_STATE.REFRESHING),statements?.length){let statementsAdded=0;statements.forEach((statement)=>{if(statement.aaguid)this.statementCache[statement.aaguid]={entry:{metadataStatement:statement,statusReports:[],timeOfLastStatusChange:"1970-01-01"},url:NonRefreshingMDS.url},statementsAdded+=1}),log3(`Cached ${statementsAdded} local statements`)}if(mdsServers?.length){let currentCacheCount=Object.keys(this.statementCache).length,numServers=mdsServers.length;for(let url of mdsServers)try{let cachedMDS={url,no:0,nextUpdate:new Date(0)},blob=await this.downloadBlob(cachedMDS);await this.verifyBlob(blob,cachedMDS)}catch(err){log3(`Could not download BLOB from ${url}:`,err),numServers-=1}let cacheDiff=Object.keys(this.statementCache).length-currentCacheCount;log3(`Cached ${cacheDiff} statements from ${numServers} metadata server(s)`)}if(verificationMode)this.verificationMode=verificationMode;this.setState(SERVICE_STATE.READY)}async getStatement(aaguid){if(this.state===SERVICE_STATE.DISABLED)return;if(!aaguid)return;if(aaguid instanceof Uint8Array)aaguid=convertAAGUIDToString(aaguid);await this.pauseUntilReady();let cachedStatement=this.statementCache[aaguid];if(!cachedStatement){if(this.verificationMode==="strict")throw Error(`No metadata statement found for aaguid "${aaguid}"`);return}if(cachedStatement.url){let mds=this.mdsCache[cachedStatement.url];if(new Date>mds.nextUpdate)try{this.setState(SERVICE_STATE.REFRESHING);let blob=await this.downloadBlob(mds);await this.verifyBlob(blob,mds)}finally{this.setState(SERVICE_STATE.READY)}}let{entry}=cachedStatement;for(let report of entry.statusReports){let{status}=report;if(status==="USER_VERIFICATION_BYPASS"||status==="ATTESTATION_KEY_COMPROMISE"||status==="USER_KEY_REMOTE_COMPROMISE"||status==="USER_KEY_PHYSICAL_COMPROMISE")throw Error(`Detected compromised aaguid "${aaguid}"`)}return entry.metadataStatement}async downloadBlob(cachedMDS){let{url}=cachedMDS;return await(await fetch2(url)).text()}async verifyBlob(blob,cachedMDS){let{url,no}=cachedMDS,{payload,parsedNextUpdate}=await verifyMDSBlob(blob);if(payload.no<=no)throw Error(`Latest BLOB no. ${payload.no} is not greater than previous no. ${no}`);for(let entry of payload.entries)if(entry.aaguid)this.statementCache[entry.aaguid]={entry,url};if(url)this.mdsCache[url]={...cachedMDS,no:payload.no,nextUpdate:parsedNextUpdate};else if(parsedNextUpdate<new Date)log3(`\u26A0\uFE0F This MDS blob (serial: ${payload.no}) contains stale data as of ${parsedNextUpdate.toISOString()}. Please consider re-initializing MetadataService with a newer MDS blob.`)}pauseUntilReady(){if(this.state===SERVICE_STATE.READY)return new Promise((resolve2)=>{resolve2()});return new Promise((resolve2,reject)=>{let iterations=700,intervalID=globalThis.setInterval(()=>{if(iterations<1)clearInterval(intervalID),reject("State did not become ready in 70 seconds");else if(this.state===SERVICE_STATE.READY)clearInterval(intervalID),resolve2();iterations-=1},100)})}setState(newState){if(this.state=newState,newState===SERVICE_STATE.DISABLED)log3("MetadataService is DISABLED");else if(newState===SERVICE_STATE.REFRESHING)log3("MetadataService is REFRESHING");else if(newState===SERVICE_STATE.READY)log3("MetadataService is READY")}}var NonRefreshingMDS,defaultURLMDS="https://mds.fidoalliance.org/",SERVICE_STATE,log3,MetadataService;var init_metadataService=__esm(()=>{init_convertAAGUIDToString();init_verifyMDSBlob();init_fetch();NonRefreshingMDS={url:"",no:0,nextUpdate:new Date(0)};(function(SERVICE_STATE2){SERVICE_STATE2[SERVICE_STATE2.DISABLED=0]="DISABLED",SERVICE_STATE2[SERVICE_STATE2.REFRESHING=1]="REFRESHING",SERVICE_STATE2[SERVICE_STATE2.READY=2]="READY"})(SERVICE_STATE||(SERVICE_STATE={}));log3=getLogger("MetadataService");MetadataService=new BaseMetadataService});async function verifyAttestationWithMetadata({statement,credentialPublicKey,x5c,attestationStatementAlg}){let{authenticationAlgorithms,authenticatorGetInfo,attestationRootCertificates}=statement,keypairCOSEAlgs=new Set;authenticationAlgorithms.forEach((algSign)=>{let algSignCOSEINFO=algSignToCOSEInfoMap[algSign];if(algSignCOSEINFO)keypairCOSEAlgs.add(algSignCOSEINFO)});let decodedPublicKey=decodeCredentialPublicKey(credentialPublicKey),kty=decodedPublicKey.get(COSEKEYS.kty),alg=decodedPublicKey.get(COSEKEYS.alg);if(!kty)throw Error("Credential public key was missing kty");if(!alg)throw Error("Credential public key was missing alg");if(!kty)throw Error("Credential public key was missing kty");let publicKeyCOSEInfo={kty,alg};if(isCOSEPublicKeyEC2(decodedPublicKey)){let crv=decodedPublicKey.get(COSEKEYS.crv);publicKeyCOSEInfo.crv=crv}let foundMatch=!1;for(let keypairAlg of keypairCOSEAlgs){if(keypairAlg.alg===publicKeyCOSEInfo.alg&&keypairAlg.kty===publicKeyCOSEInfo.kty)if((keypairAlg.kty===COSEKTY.EC2||keypairAlg.kty===COSEKTY.OKP)&&keypairAlg.crv===publicKeyCOSEInfo.crv)foundMatch=!0;else foundMatch=!0;if(foundMatch)break}if(!foundMatch){let debugMDSAlgs=authenticationAlgorithms.map((algSign)=>`'${algSign}' (COSE info: ${stringifyCOSEInfo(algSignToCOSEInfoMap[algSign])})`),strMDSAlgs=JSON.stringify(debugMDSAlgs,null,2).replace(/"/g,""),strPubKeyAlg=stringifyCOSEInfo(publicKeyCOSEInfo);throw Error(`Public key parameters ${strPubKeyAlg} did not match any of the following metadata algorithms:
395
- ${strMDSAlgs}`)}if(attestationStatementAlg!==void 0&&authenticatorGetInfo?.algorithms!==void 0){let getInfoAlgs=authenticatorGetInfo.algorithms.map((_alg)=>_alg.alg);if(getInfoAlgs.indexOf(attestationStatementAlg)<0)throw Error(`Attestation statement alg ${attestationStatementAlg} did not match one of ${getInfoAlgs}`)}let authenticatorCerts=x5c.map(convertCertBufferToPEM),statementRootCerts=attestationRootCertificates.map(convertCertBufferToPEM),authenticatorIsSelfReferencing=!1;if(authenticatorCerts.length===1&&statementRootCerts.indexOf(authenticatorCerts[0])>=0)authenticatorIsSelfReferencing=!0;if(!authenticatorIsSelfReferencing)try{await validateCertificatePath(authenticatorCerts,statementRootCerts)}catch(err){throw Error(`Could not validate certificate path with any metadata root certificates: ${err.message}`)}return!0}function stringifyCOSEInfo(info){let{kty,alg,crv}=info,toReturn="";if(kty!==COSEKTY.RSA)toReturn=`{ kty: ${kty}, alg: ${alg}, crv: ${crv} }`;else toReturn=`{ kty: ${kty}, alg: ${alg} }`;return toReturn}var algSignToCOSEInfoMap;var init_verifyAttestationWithMetadata=__esm(()=>{init_convertCertBufferToPEM();init_validateCertificatePath();init_decodeCredentialPublicKey();init_cose();algSignToCOSEInfoMap={secp256r1_ecdsa_sha256_raw:{kty:2,alg:-7,crv:1},secp256r1_ecdsa_sha256_der:{kty:2,alg:-7,crv:1},rsassa_pss_sha256_raw:{kty:3,alg:-37},rsassa_pss_sha256_der:{kty:3,alg:-37},secp256k1_ecdsa_sha256_raw:{kty:2,alg:-47,crv:8},secp256k1_ecdsa_sha256_der:{kty:2,alg:-47,crv:8},rsassa_pss_sha384_raw:{kty:3,alg:-38},rsassa_pkcsv15_sha256_raw:{kty:3,alg:-257},rsassa_pkcsv15_sha384_raw:{kty:3,alg:-258},rsassa_pkcsv15_sha512_raw:{kty:3,alg:-259},rsassa_pkcsv15_sha1_raw:{kty:3,alg:-65535},secp384r1_ecdsa_sha384_raw:{kty:2,alg:-35,crv:2},secp512r1_ecdsa_sha256_raw:{kty:2,alg:-36,crv:3},ed25519_eddsa_sha512_raw:{kty:1,alg:-8,crv:6}}});async function verifyAttestationPacked(options){let{attStmt,clientDataHash,authData,credentialPublicKey,aaguid,rootCertificates}=options,sig=attStmt.get("sig"),x5c=attStmt.get("x5c"),alg=attStmt.get("alg");if(!sig)throw Error("No attestation signature provided in attestation statement (Packed)");if(!alg)throw Error("Attestation statement did not contain alg (Packed)");if(!isCOSEAlg(alg))throw Error(`Attestation statement contained invalid alg ${alg} (Packed)`);let signatureBase=exports_isoUint8Array.concat([authData,clientDataHash]),verified=!1;if(x5c){let{subject,basicConstraintsCA,version,notBefore,notAfter,parsedCertificate}=getCertificateInfo(x5c[0]),{OU,CN,O,C}=subject;if(OU!=="Authenticator Attestation")throw Error('Certificate OU was not "Authenticator Attestation" (Packed|Full)');if(!CN)throw Error("Certificate CN was empty (Packed|Full)");if(!O)throw Error("Certificate O was empty (Packed|Full)");if(!C||C.length!==2)throw Error("Certificate C was not two-character ISO 3166 code (Packed|Full)");if(basicConstraintsCA)throw Error("Certificate basic constraints CA was not `false` (Packed|Full)");if(version!==2)throw Error("Certificate version was not `3` (ASN.1 value of 2) (Packed|Full)");let now=new Date;if(notBefore>now)throw Error(`Certificate not good before "${notBefore.toString()}" (Packed|Full)`);if(now=new Date,notAfter<now)throw Error(`Certificate not good after "${notAfter.toString()}" (Packed|Full)`);try{await validateExtFIDOGenCEAAGUID(parsedCertificate.tbsCertificate.extensions,aaguid)}catch(err){throw Error(`${err.message} (Packed|Full)`)}let statement=await MetadataService.getStatement(aaguid);if(statement){if(statement.attestationTypes.indexOf("basic_full")<0)throw Error("Metadata does not indicate support for full attestations (Packed|Full)");try{await verifyAttestationWithMetadata({statement,credentialPublicKey,x5c,attestationStatementAlg:alg})}catch(err){throw Error(`${err.message} (Packed|Full)`)}}else try{await validateCertificatePath(x5c.map(convertCertBufferToPEM),rootCertificates)}catch(err){throw Error(`${err.message} (Packed|Full)`)}verified=await verifySignature2({signature:sig,data:signatureBase,x509Certificate:x5c[0]})}else verified=await verifySignature2({signature:sig,data:signatureBase,credentialPublicKey,hashAlgorithm:alg});return verified}var init_verifyAttestationPacked=__esm(()=>{init_cose();init_convertCertBufferToPEM();init_validateCertificatePath();init_getCertificateInfo();init_verifySignature();init_iso();init_validateExtFIDOGenCEAAGUID();init_metadataService();init_verifyAttestationWithMetadata()});async function verifyAttestationAndroidSafetyNet(options){let{attStmt,clientDataHash,authData,aaguid,rootCertificates,verifyTimestampMS=!0,credentialPublicKey,attestationSafetyNetEnforceCTSCheck}=options,alg=attStmt.get("alg"),response=attStmt.get("response");if(!attStmt.get("ver"))throw Error("No ver value in attestation (SafetyNet)");if(!response)throw Error("No response was included in attStmt by authenticator (SafetyNet)");let jwtParts=exports_isoUint8Array.toUTF8String(response).split("."),HEADER=JSON.parse(exports_isoBase64URL.toUTF8String(jwtParts[0])),PAYLOAD=JSON.parse(exports_isoBase64URL.toUTF8String(jwtParts[1])),SIGNATURE=jwtParts[2],{nonce,ctsProfileMatch,timestampMs}=PAYLOAD;if(verifyTimestampMS){let now=Date.now();if(timestampMs>Date.now())throw Error(`Payload timestamp "${timestampMs}" was later than "${now}" (SafetyNet)`);let timestampPlusDelay=timestampMs+60000;if(now=Date.now(),timestampPlusDelay<now)throw Error(`Payload timestamp "${timestampPlusDelay}" has expired (SafetyNet)`)}let nonceBase=exports_isoUint8Array.concat([authData,clientDataHash]),nonceBuffer=await toHash(nonceBase),expectedNonce=exports_isoBase64URL.fromBuffer(nonceBuffer,"base64");if(nonce!==expectedNonce)throw Error("Could not verify payload nonce (SafetyNet)");if(attestationSafetyNetEnforceCTSCheck&&!ctsProfileMatch)throw Error("Could not verify device integrity (SafetyNet)");let leafCertBuffer=exports_isoBase64URL.toBuffer(HEADER.x5c[0],"base64"),leafCertInfo=getCertificateInfo(leafCertBuffer),{subject}=leafCertInfo;if(subject.CN!=="attest.android.com")throw Error('Certificate common name was not "attest.android.com" (SafetyNet)');let statement=await MetadataService.getStatement(aaguid);if(statement)try{await verifyAttestationWithMetadata({statement,credentialPublicKey,x5c:HEADER.x5c,attestationStatementAlg:alg})}catch(err){throw Error(`${err.message} (SafetyNet)`)}else try{await validateCertificatePath(HEADER.x5c.map(convertCertBufferToPEM),rootCertificates)}catch(err){throw Error(`${err.message} (SafetyNet)`)}let signatureBaseBuffer=exports_isoUint8Array.fromUTF8String(`${jwtParts[0]}.${jwtParts[1]}`),signatureBuffer=exports_isoBase64URL.toBuffer(SIGNATURE);return await verifySignature2({signature:signatureBuffer,data:signatureBaseBuffer,x509Certificate:leafCertBuffer})}var init_verifyAttestationAndroidSafetyNet=__esm(()=>{init_toHash();init_verifySignature();init_getCertificateInfo();init_validateCertificatePath();init_convertCertBufferToPEM();init_iso();init_metadataService();init_verifyAttestationWithMetadata()});var TPM_ST,TPM_ALG,TPM_ECC_CURVE,TPM_MANUFACTURERS,TPM_ECC_CURVE_COSE_CRV_MAP;var init_constants2=__esm(()=>{TPM_ST={196:"TPM_ST_RSP_COMMAND",32768:"TPM_ST_NULL",32769:"TPM_ST_NO_SESSIONS",32770:"TPM_ST_SESSIONS",32788:"TPM_ST_ATTEST_NV",32789:"TPM_ST_ATTEST_COMMAND_AUDIT",32790:"TPM_ST_ATTEST_SESSION_AUDIT",32791:"TPM_ST_ATTEST_CERTIFY",32792:"TPM_ST_ATTEST_QUOTE",32793:"TPM_ST_ATTEST_TIME",32794:"TPM_ST_ATTEST_CREATION",32801:"TPM_ST_CREATION",32802:"TPM_ST_VERIFIED",32803:"TPM_ST_AUTH_SECRET",32804:"TPM_ST_HASHCHECK",32805:"TPM_ST_AUTH_SIGNED",32809:"TPM_ST_FU_MANIFEST"},TPM_ALG={0:"TPM_ALG_ERROR",1:"TPM_ALG_RSA",4:"TPM_ALG_SHA",4:"TPM_ALG_SHA1",5:"TPM_ALG_HMAC",6:"TPM_ALG_AES",7:"TPM_ALG_MGF1",8:"TPM_ALG_KEYEDHASH",10:"TPM_ALG_XOR",11:"TPM_ALG_SHA256",12:"TPM_ALG_SHA384",13:"TPM_ALG_SHA512",16:"TPM_ALG_NULL",18:"TPM_ALG_SM3_256",19:"TPM_ALG_SM4",20:"TPM_ALG_RSASSA",21:"TPM_ALG_RSAES",22:"TPM_ALG_RSAPSS",23:"TPM_ALG_OAEP",24:"TPM_ALG_ECDSA",25:"TPM_ALG_ECDH",26:"TPM_ALG_ECDAA",27:"TPM_ALG_SM2",28:"TPM_ALG_ECSCHNORR",29:"TPM_ALG_ECMQV",32:"TPM_ALG_KDF1_SP800_56A",33:"TPM_ALG_KDF2",34:"TPM_ALG_KDF1_SP800_108",35:"TPM_ALG_ECC",37:"TPM_ALG_SYMCIPHER",38:"TPM_ALG_CAMELLIA",64:"TPM_ALG_CTR",65:"TPM_ALG_OFB",66:"TPM_ALG_CBC",67:"TPM_ALG_CFB",68:"TPM_ALG_ECB"},TPM_ECC_CURVE={0:"TPM_ECC_NONE",1:"TPM_ECC_NIST_P192",2:"TPM_ECC_NIST_P224",3:"TPM_ECC_NIST_P256",4:"TPM_ECC_NIST_P384",5:"TPM_ECC_NIST_P521",16:"TPM_ECC_BN_P256",17:"TPM_ECC_BN_P638",32:"TPM_ECC_SM2_P256"},TPM_MANUFACTURERS={"id:414D4400":{name:"AMD",id:"AMD"},"id:414E5400":{name:"Ant Group",id:"ANT"},"id:41544D4C":{name:"Atmel",id:"ATML"},"id:4252434D":{name:"Broadcom",id:"BRCM"},"id:4353434F":{name:"Cisco",id:"CSCO"},"id:464C5953":{name:"Flyslice Technologies",id:"FLYS"},"id:524F4343":{name:"Fuzhou Rockchip",id:"ROCC"},"id:474F4F47":{name:"Google",id:"GOOG"},"id:48504900":{name:"HPI",id:"HPI"},"id:48504500":{name:"HPE",id:"HPE"},"id:48495349":{name:"Huawei",id:"HISI"},"id:49424d00":{name:"IBM",id:"IBM"},"id:49424D00":{name:"IBM",id:"IBM"},"id:49465800":{name:"Infineon",id:"IFX"},"id:494E5443":{name:"Intel",id:"INTC"},"id:4C454E00":{name:"Lenovo",id:"LEN"},"id:4D534654":{name:"Microsoft",id:"MSFT"},"id:4E534D20":{name:"National Semiconductor",id:"NSM"},"id:4E545A00":{name:"Nationz",id:"NTZ"},"id:4E534700":{name:"NSING",id:"NSG"},"id:4E544300":{name:"Nuvoton Technology",id:"NTC"},"id:51434F4D":{name:"Qualcomm",id:"QCOM"},"id:534D534E":{name:"Samsung",id:"SMSN"},"id:53454345":{name:"SecEdge",id:"SECE"},"id:534E5300":{name:"Sinosun",id:"SNS"},"id:534D5343":{name:"SMSC",id:"SMSC"},"id:53544D20":{name:"STMicroelectronics",id:"STM"},"id:54584E00":{name:"Texas Instruments",id:"TXN"},"id:57454300":{name:"Winbond",id:"WEC"},"id:5345414C":{name:"Wisekey",id:"SEAL"},"id:FFFFF1D0":{name:"FIDO Alliance",id:"FIDO"}},TPM_ECC_CURVE_COSE_CRV_MAP={TPM_ECC_NIST_P256:1,TPM_ECC_NIST_P384:2,TPM_ECC_NIST_P521:3,TPM_ECC_BN_P256:1,TPM_ECC_SM2_P256:1}});function parseCertInfo(certInfo){let pointer=0,dataView=exports_isoUint8Array.toDataView(certInfo),magic=dataView.getUint32(pointer);pointer+=4;let typeBuffer=dataView.getUint16(pointer);pointer+=2;let type=TPM_ST[typeBuffer],qualifiedSignerLength=dataView.getUint16(pointer);pointer+=2;let qualifiedSigner=certInfo.slice(pointer,pointer+=qualifiedSignerLength),extraDataLength=dataView.getUint16(pointer);pointer+=2;let extraData=certInfo.slice(pointer,pointer+=extraDataLength),clock=certInfo.slice(pointer,pointer+=8),resetCount=dataView.getUint32(pointer);pointer+=4;let restartCount=dataView.getUint32(pointer);pointer+=4;let safe=!!certInfo.slice(pointer,pointer+=1),clockInfo={clock,resetCount,restartCount,safe},firmwareVersion=certInfo.slice(pointer,pointer+=8),attestedNameLength=dataView.getUint16(pointer);pointer+=2;let attestedName=certInfo.slice(pointer,pointer+=attestedNameLength),attestedNameDataView=exports_isoUint8Array.toDataView(attestedName),qualifiedNameLength=dataView.getUint16(pointer);pointer+=2;let qualifiedName=certInfo.slice(pointer,pointer+=qualifiedNameLength),attested={nameAlg:TPM_ALG[attestedNameDataView.getUint16(0)],nameAlgBuffer:attestedName.slice(0,2),name:attestedName,qualifiedName};return{magic,type,qualifiedSigner,extraData,clockInfo,firmwareVersion,attested}}var init_parseCertInfo=__esm(()=>{init_constants2();init_iso()});function parsePubArea(pubArea){let pointer=0,dataView=exports_isoUint8Array.toDataView(pubArea),type=TPM_ALG[dataView.getUint16(pointer)];pointer+=2;let nameAlg=TPM_ALG[dataView.getUint16(pointer)];pointer+=2;let objectAttributesInt=dataView.getUint32(pointer);pointer+=4;let objectAttributes={fixedTPM:!!(objectAttributesInt&1),stClear:!!(objectAttributesInt&2),fixedParent:!!(objectAttributesInt&8),sensitiveDataOrigin:!!(objectAttributesInt&16),userWithAuth:!!(objectAttributesInt&32),adminWithPolicy:!!(objectAttributesInt&64),noDA:!!(objectAttributesInt&512),encryptedDuplication:!!(objectAttributesInt&1024),restricted:!!(objectAttributesInt&32768),decrypt:!!(objectAttributesInt&65536),signOrEncrypt:!!(objectAttributesInt&131072)},authPolicyLength=dataView.getUint16(pointer);pointer+=2;let authPolicy=pubArea.slice(pointer,pointer+=authPolicyLength),parameters2={},unique=Uint8Array.from([]);if(type==="TPM_ALG_RSA"){let symmetric=TPM_ALG[dataView.getUint16(pointer)];pointer+=2;let scheme=TPM_ALG[dataView.getUint16(pointer)];pointer+=2;let keyBits=dataView.getUint16(pointer);pointer+=2;let exponent=dataView.getUint32(pointer);pointer+=4,parameters2.rsa={symmetric,scheme,keyBits,exponent};let uniqueLength=dataView.getUint16(pointer);pointer+=2,unique=pubArea.slice(pointer,pointer+=uniqueLength)}else if(type==="TPM_ALG_ECC"){let symmetric=TPM_ALG[dataView.getUint16(pointer)];pointer+=2;let scheme=TPM_ALG[dataView.getUint16(pointer)];pointer+=2;let curveID=TPM_ECC_CURVE[dataView.getUint16(pointer)];pointer+=2;let kdf=TPM_ALG[dataView.getUint16(pointer)];pointer+=2,parameters2.ecc={symmetric,scheme,curveID,kdf};let uniqueXLength=dataView.getUint16(pointer);pointer+=2;let uniqueX=pubArea.slice(pointer,pointer+=uniqueXLength),uniqueYLength=dataView.getUint16(pointer);pointer+=2;let uniqueY=pubArea.slice(pointer,pointer+=uniqueYLength);unique=exports_isoUint8Array.concat([uniqueX,uniqueY])}else throw Error(`Unexpected type "${type}" (TPM)`);return{type,nameAlg,objectAttributes,authPolicy,parameters:parameters2,unique}}var init_parsePubArea=__esm(()=>{init_constants2();init_iso()});async function verifyAttestationTPM(options){let{aaguid,attStmt,authData,credentialPublicKey,clientDataHash,rootCertificates}=options,ver=attStmt.get("ver"),sig=attStmt.get("sig"),alg=attStmt.get("alg"),x5c=attStmt.get("x5c"),pubArea=attStmt.get("pubArea"),certInfo=attStmt.get("certInfo");if(ver!=="2.0")throw Error(`Unexpected ver "${ver}", expected "2.0" (TPM)`);if(!sig)throw Error("No attestation signature provided in attestation statement (TPM)");if(!alg)throw Error("Attestation statement did not contain alg (TPM)");if(!isCOSEAlg(alg))throw Error(`Attestation statement contained invalid alg ${alg} (TPM)`);if(!x5c)throw Error("No attestation certificate provided in attestation statement (TPM)");if(!pubArea)throw Error("Attestation statement did not contain pubArea (TPM)");if(!certInfo)throw Error("Attestation statement did not contain certInfo (TPM)");let parsedPubArea=parsePubArea(pubArea),{unique,type:pubType,parameters:parameters2}=parsedPubArea,cosePublicKey=decodeCredentialPublicKey(credentialPublicKey);if(pubType==="TPM_ALG_RSA"){if(!isCOSEPublicKeyRSA(cosePublicKey))throw Error(`Credential public key with kty ${cosePublicKey.get(COSEKEYS.kty)} did not match ${pubType}`);let n=cosePublicKey.get(COSEKEYS.n),e=cosePublicKey.get(COSEKEYS.e);if(!n)throw Error("COSE public key missing n (TPM|RSA)");if(!e)throw Error("COSE public key missing e (TPM|RSA)");if(!exports_isoUint8Array.areEqual(unique,n))throw Error("PubArea unique is not same as credentialPublicKey (TPM|RSA)");if(!parameters2.rsa)throw Error("Parsed pubArea type is RSA, but missing parameters.rsa (TPM|RSA)");let eBuffer=e,pubAreaExponent=parameters2.rsa.exponent||65537,eSum=eBuffer[0]+(eBuffer[1]<<8)+(eBuffer[2]<<16);if(pubAreaExponent!==eSum)throw Error(`Unexpected public key exp ${eSum}, expected ${pubAreaExponent} (TPM|RSA)`)}else if(pubType==="TPM_ALG_ECC"){if(!isCOSEPublicKeyEC2(cosePublicKey))throw Error(`Credential public key with kty ${cosePublicKey.get(COSEKEYS.kty)} did not match ${pubType}`);let crv=cosePublicKey.get(COSEKEYS.crv),x=cosePublicKey.get(COSEKEYS.x),y=cosePublicKey.get(COSEKEYS.y);if(!crv)throw Error("COSE public key missing crv (TPM|ECC)");if(!x)throw Error("COSE public key missing x (TPM|ECC)");if(!y)throw Error("COSE public key missing y (TPM|ECC)");if(!exports_isoUint8Array.areEqual(unique,exports_isoUint8Array.concat([x,y])))throw Error("PubArea unique is not same as public key x and y (TPM|ECC)");if(!parameters2.ecc)throw Error("Parsed pubArea type is ECC, but missing parameters.ecc (TPM|ECC)");let pubAreaCurveID=parameters2.ecc.curveID,pubAreaCurveIDMapToCOSECRV=TPM_ECC_CURVE_COSE_CRV_MAP[pubAreaCurveID];if(pubAreaCurveIDMapToCOSECRV!==crv)throw Error(`Public area key curve ID "${pubAreaCurveID}" mapped to "${pubAreaCurveIDMapToCOSECRV}" which did not match public key crv of "${crv}" (TPM|ECC)`)}else throw Error(`Unsupported pubArea.type "${pubType}"`);let parsedCertInfo=parseCertInfo(certInfo),{magic,type:certType,attested,extraData}=parsedCertInfo;if(magic!==4283712327)throw Error(`Unexpected magic value "${magic}", expected "0xff544347" (TPM)`);if(certType!=="TPM_ST_ATTEST_CERTIFY")throw Error(`Unexpected type "${certType}", expected "TPM_ST_ATTEST_CERTIFY" (TPM)`);let pubAreaHash=await toHash(pubArea,attestedNameAlgToCOSEAlg(attested.nameAlg)),attestedName=exports_isoUint8Array.concat([attested.nameAlgBuffer,pubAreaHash]);if(!exports_isoUint8Array.areEqual(attested.name,attestedName))throw Error("Attested name comparison failed (TPM)");let attToBeSigned=exports_isoUint8Array.concat([authData,clientDataHash]),attToBeSignedHash=await toHash(attToBeSigned,alg);if(!exports_isoUint8Array.areEqual(extraData,attToBeSignedHash))throw Error("CertInfo extra data did not equal hashed attestation (TPM)");if(x5c.length<1)throw Error("No certificates present in x5c array (TPM)");let leafCertInfo=getCertificateInfo(x5c[0]),{basicConstraintsCA,version,subject,notAfter,notBefore}=leafCertInfo;if(basicConstraintsCA)throw Error("Certificate basic constraints CA was not `false` (TPM)");if(version!==2)throw Error("Certificate version was not `3` (ASN.1 value of 2) (TPM)");if(subject.combined.length>0)throw Error("Certificate subject was not empty (TPM)");let now=new Date;if(notBefore>now)throw Error(`Certificate not good before "${notBefore.toString()}" (TPM)`);if(now=new Date,notAfter<now)throw Error(`Certificate not good after "${notAfter.toString()}" (TPM)`);let parsedCert=AsnParser.parse(x5c[0],Certificate);if(!parsedCert.tbsCertificate.extensions)throw Error("Certificate was missing extensions (TPM)");let subjectAltNamePresent,extKeyUsage;if(parsedCert.tbsCertificate.extensions.forEach((ext)=>{if(ext.extnID===id_ce_subjectAltName)subjectAltNamePresent=AsnParser.parse(ext.extnValue,SubjectAlternativeName);else if(ext.extnID===id_ce_extKeyUsage)extKeyUsage=AsnParser.parse(ext.extnValue,ExtendedKeyUsage)}),!subjectAltNamePresent)throw Error("Certificate did not contain subjectAltName extension (TPM)");if(!subjectAltNamePresent[0].directoryName?.[0].length)throw Error("Certificate subjectAltName extension directoryName was empty (TPM)");let{tcgAtTpmManufacturer,tcgAtTpmModel,tcgAtTpmVersion}=getTcgAtTpmValues(subjectAltNamePresent[0].directoryName);if(!tcgAtTpmManufacturer||!tcgAtTpmModel||!tcgAtTpmVersion)throw Error("Certificate contained incomplete subjectAltName data (TPM)");if(!extKeyUsage)throw Error("Certificate did not contain ExtendedKeyUsage extension (TPM)");if(!TPM_MANUFACTURERS[tcgAtTpmManufacturer])throw Error(`Could not match TPM manufacturer "${tcgAtTpmManufacturer}" (TPM)`);if(extKeyUsage[0]!=="2.23.133.8.3")throw Error(`Unexpected extKeyUsage "${extKeyUsage[0]}", expected "2.23.133.8.3" (TPM)`);try{await validateExtFIDOGenCEAAGUID(parsedCert.tbsCertificate.extensions,aaguid)}catch(err){throw Error(`${err.message} (TPM)`)}let statement=await MetadataService.getStatement(aaguid);if(statement)try{await verifyAttestationWithMetadata({statement,credentialPublicKey,x5c,attestationStatementAlg:alg})}catch(err){throw Error(`${err.message} (TPM)`)}else try{await validateCertificatePath(x5c.map(convertCertBufferToPEM),rootCertificates)}catch(err){throw Error(`${err.message} (TPM)`)}return verifySignature2({signature:sig,data:certInfo,x509Certificate:x5c[0],hashAlgorithm:alg})}function getTcgAtTpmValues(root){let tcgAtTpmManufacturer,tcgAtTpmModel,tcgAtTpmVersion;return root.forEach((relName)=>{relName.forEach((attr)=>{if(attr.type==="2.23.133.2.1")tcgAtTpmManufacturer=attr.value.toString();else if(attr.type==="2.23.133.2.2")tcgAtTpmModel=attr.value.toString();else if(attr.type==="2.23.133.2.3")tcgAtTpmVersion=attr.value.toString()})}),{tcgAtTpmManufacturer,tcgAtTpmModel,tcgAtTpmVersion}}function attestedNameAlgToCOSEAlg(alg){if(alg==="TPM_ALG_SHA256")return COSEALG.ES256;else if(alg==="TPM_ALG_SHA384")return COSEALG.ES384;else if(alg==="TPM_ALG_SHA512")return COSEALG.ES512;throw Error(`Unexpected TPM attested name alg ${alg}`)}var init_verifyAttestationTPM=__esm(()=>{init_es2015();init_es20152();init_decodeCredentialPublicKey();init_cose();init_toHash();init_convertCertBufferToPEM();init_validateCertificatePath();init_getCertificateInfo();init_verifySignature();init_iso();init_validateExtFIDOGenCEAAGUID();init_metadataService();init_verifyAttestationWithMetadata();init_constants2();init_parseCertInfo();init_parsePubArea()});class RootOfTrust{verifiedBootKey=new OctetString2;deviceLocked=!1;verifiedBootState=VerifiedBootState.verified;verifiedBootHash;constructor(params={}){Object.assign(this,params)}}class AuthorizationList{purpose;algorithm;keySize;digest;padding;ecCurve;rsaPublicExponent;mgfDigest;rollbackResistance;earlyBootOnly;activeDateTime;originationExpireDateTime;usageExpireDateTime;usageCountLimit;noAuthRequired;userAuthType;authTimeout;allowWhileOnBody;trustedUserPresenceRequired;trustedConfirmationRequired;unlockedDeviceRequired;allApplications;applicationId;creationDateTime;origin;rollbackResistant;rootOfTrust;osVersion;osPatchLevel;attestationApplicationId;attestationIdBrand;attestationIdDevice;attestationIdProduct;attestationIdSerial;attestationIdImei;attestationIdMeid;attestationIdManufacturer;attestationIdModel;vendorPatchLevel;bootPatchLevel;deviceUniqueAttestation;attestationIdSecondImei;moduleHash;constructor(params={}){Object.assign(this,params)}}class KeyDescription{attestationVersion=Version3.KM4;attestationSecurityLevel=SecurityLevel.software;keymasterVersion=0;keymasterSecurityLevel=SecurityLevel.software;attestationChallenge=new OctetString2;uniqueId=new OctetString2;softwareEnforced=new AuthorizationList;teeEnforced=new AuthorizationList;constructor(params={}){Object.assign(this,params)}}class KeyMintKeyDescription{attestationVersion=Version3.keyMint4;attestationSecurityLevel=SecurityLevel.software;keyMintVersion=0;keyMintSecurityLevel=SecurityLevel.software;attestationChallenge=new OctetString2;uniqueId=new OctetString2;softwareEnforced=new AuthorizationList;hardwareEnforced=new AuthorizationList;constructor(params={}){Object.assign(this,params)}toLegacyKeyDescription(){return new KeyDescription({attestationVersion:this.attestationVersion,attestationSecurityLevel:this.attestationSecurityLevel,keymasterVersion:this.keyMintVersion,keymasterSecurityLevel:this.keyMintSecurityLevel,attestationChallenge:this.attestationChallenge,uniqueId:this.uniqueId,softwareEnforced:this.softwareEnforced,teeEnforced:this.hardwareEnforced})}static fromLegacyKeyDescription(keyDesc){return new KeyMintKeyDescription({attestationVersion:keyDesc.attestationVersion,attestationSecurityLevel:keyDesc.attestationSecurityLevel,keyMintVersion:keyDesc.keymasterVersion,keyMintSecurityLevel:keyDesc.keymasterSecurityLevel,attestationChallenge:keyDesc.attestationChallenge,uniqueId:keyDesc.uniqueId,softwareEnforced:keyDesc.softwareEnforced,hardwareEnforced:keyDesc.teeEnforced})}}var IntegerSet_1,id_ce_keyDescription="1.3.6.1.4.1.11129.2.1.17",VerifiedBootState,IntegerSet,SecurityLevel,Version3;var init_key_description=__esm(()=>{init_modules();init_es2015();(function(VerifiedBootState2){VerifiedBootState2[VerifiedBootState2.verified=0]="verified",VerifiedBootState2[VerifiedBootState2.selfSigned=1]="selfSigned",VerifiedBootState2[VerifiedBootState2.unverified=2]="unverified",VerifiedBootState2[VerifiedBootState2.failed=3]="failed"})(VerifiedBootState||(VerifiedBootState={}));__decorate([AsnProp({type:OctetString2})],RootOfTrust.prototype,"verifiedBootKey",void 0);__decorate([AsnProp({type:AsnPropTypes.Boolean})],RootOfTrust.prototype,"deviceLocked",void 0);__decorate([AsnProp({type:AsnPropTypes.Enumerated})],RootOfTrust.prototype,"verifiedBootState",void 0);__decorate([AsnProp({type:OctetString2,optional:!0})],RootOfTrust.prototype,"verifiedBootHash",void 0);IntegerSet=IntegerSet_1=class extends AsnArray{constructor(items){super(items);Object.setPrototypeOf(this,IntegerSet_1.prototype)}};IntegerSet=IntegerSet_1=__decorate([AsnType({type:AsnTypeTypes.Set,itemType:AsnPropTypes.Integer})],IntegerSet);__decorate([AsnProp({context:1,type:IntegerSet,optional:!0})],AuthorizationList.prototype,"purpose",void 0);__decorate([AsnProp({context:2,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"algorithm",void 0);__decorate([AsnProp({context:3,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"keySize",void 0);__decorate([AsnProp({context:5,type:IntegerSet,optional:!0})],AuthorizationList.prototype,"digest",void 0);__decorate([AsnProp({context:6,type:IntegerSet,optional:!0})],AuthorizationList.prototype,"padding",void 0);__decorate([AsnProp({context:10,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"ecCurve",void 0);__decorate([AsnProp({context:200,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"rsaPublicExponent",void 0);__decorate([AsnProp({context:203,type:IntegerSet,optional:!0})],AuthorizationList.prototype,"mgfDigest",void 0);__decorate([AsnProp({context:303,type:AsnPropTypes.Null,optional:!0})],AuthorizationList.prototype,"rollbackResistance",void 0);__decorate([AsnProp({context:305,type:AsnPropTypes.Null,optional:!0})],AuthorizationList.prototype,"earlyBootOnly",void 0);__decorate([AsnProp({context:400,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"activeDateTime",void 0);__decorate([AsnProp({context:401,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"originationExpireDateTime",void 0);__decorate([AsnProp({context:402,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"usageExpireDateTime",void 0);__decorate([AsnProp({context:405,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"usageCountLimit",void 0);__decorate([AsnProp({context:503,type:AsnPropTypes.Null,optional:!0})],AuthorizationList.prototype,"noAuthRequired",void 0);__decorate([AsnProp({context:504,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"userAuthType",void 0);__decorate([AsnProp({context:505,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"authTimeout",void 0);__decorate([AsnProp({context:506,type:AsnPropTypes.Null,optional:!0})],AuthorizationList.prototype,"allowWhileOnBody",void 0);__decorate([AsnProp({context:507,type:AsnPropTypes.Null,optional:!0})],AuthorizationList.prototype,"trustedUserPresenceRequired",void 0);__decorate([AsnProp({context:508,type:AsnPropTypes.Null,optional:!0})],AuthorizationList.prototype,"trustedConfirmationRequired",void 0);__decorate([AsnProp({context:509,type:AsnPropTypes.Null,optional:!0})],AuthorizationList.prototype,"unlockedDeviceRequired",void 0);__decorate([AsnProp({context:600,type:AsnPropTypes.Null,optional:!0})],AuthorizationList.prototype,"allApplications",void 0);__decorate([AsnProp({context:601,type:OctetString2,optional:!0})],AuthorizationList.prototype,"applicationId",void 0);__decorate([AsnProp({context:701,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"creationDateTime",void 0);__decorate([AsnProp({context:702,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"origin",void 0);__decorate([AsnProp({context:703,type:AsnPropTypes.Null,optional:!0})],AuthorizationList.prototype,"rollbackResistant",void 0);__decorate([AsnProp({context:704,type:RootOfTrust,optional:!0})],AuthorizationList.prototype,"rootOfTrust",void 0);__decorate([AsnProp({context:705,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"osVersion",void 0);__decorate([AsnProp({context:706,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"osPatchLevel",void 0);__decorate([AsnProp({context:709,type:OctetString2,optional:!0})],AuthorizationList.prototype,"attestationApplicationId",void 0);__decorate([AsnProp({context:710,type:OctetString2,optional:!0})],AuthorizationList.prototype,"attestationIdBrand",void 0);__decorate([AsnProp({context:711,type:OctetString2,optional:!0})],AuthorizationList.prototype,"attestationIdDevice",void 0);__decorate([AsnProp({context:712,type:OctetString2,optional:!0})],AuthorizationList.prototype,"attestationIdProduct",void 0);__decorate([AsnProp({context:713,type:OctetString2,optional:!0})],AuthorizationList.prototype,"attestationIdSerial",void 0);__decorate([AsnProp({context:714,type:OctetString2,optional:!0})],AuthorizationList.prototype,"attestationIdImei",void 0);__decorate([AsnProp({context:715,type:OctetString2,optional:!0})],AuthorizationList.prototype,"attestationIdMeid",void 0);__decorate([AsnProp({context:716,type:OctetString2,optional:!0})],AuthorizationList.prototype,"attestationIdManufacturer",void 0);__decorate([AsnProp({context:717,type:OctetString2,optional:!0})],AuthorizationList.prototype,"attestationIdModel",void 0);__decorate([AsnProp({context:718,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"vendorPatchLevel",void 0);__decorate([AsnProp({context:719,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"bootPatchLevel",void 0);__decorate([AsnProp({context:720,type:AsnPropTypes.Null,optional:!0})],AuthorizationList.prototype,"deviceUniqueAttestation",void 0);__decorate([AsnProp({context:723,type:OctetString2,optional:!0})],AuthorizationList.prototype,"attestationIdSecondImei",void 0);__decorate([AsnProp({context:724,type:OctetString2,optional:!0})],AuthorizationList.prototype,"moduleHash",void 0);(function(SecurityLevel2){SecurityLevel2[SecurityLevel2.software=0]="software",SecurityLevel2[SecurityLevel2.trustedEnvironment=1]="trustedEnvironment",SecurityLevel2[SecurityLevel2.strongBox=2]="strongBox"})(SecurityLevel||(SecurityLevel={}));(function(Version4){Version4[Version4.KM2=1]="KM2",Version4[Version4.KM3=2]="KM3",Version4[Version4.KM4=3]="KM4",Version4[Version4.KM4_1=4]="KM4_1",Version4[Version4.keyMint1=100]="keyMint1",Version4[Version4.keyMint2=200]="keyMint2",Version4[Version4.keyMint3=300]="keyMint3",Version4[Version4.keyMint4=400]="keyMint4"})(Version3||(Version3={}));__decorate([AsnProp({type:AsnPropTypes.Integer})],KeyDescription.prototype,"attestationVersion",void 0);__decorate([AsnProp({type:AsnPropTypes.Enumerated})],KeyDescription.prototype,"attestationSecurityLevel",void 0);__decorate([AsnProp({type:AsnPropTypes.Integer})],KeyDescription.prototype,"keymasterVersion",void 0);__decorate([AsnProp({type:AsnPropTypes.Enumerated})],KeyDescription.prototype,"keymasterSecurityLevel",void 0);__decorate([AsnProp({type:OctetString2})],KeyDescription.prototype,"attestationChallenge",void 0);__decorate([AsnProp({type:OctetString2})],KeyDescription.prototype,"uniqueId",void 0);__decorate([AsnProp({type:AuthorizationList})],KeyDescription.prototype,"softwareEnforced",void 0);__decorate([AsnProp({type:AuthorizationList})],KeyDescription.prototype,"teeEnforced",void 0);__decorate([AsnProp({type:AsnPropTypes.Integer})],KeyMintKeyDescription.prototype,"attestationVersion",void 0);__decorate([AsnProp({type:AsnPropTypes.Enumerated})],KeyMintKeyDescription.prototype,"attestationSecurityLevel",void 0);__decorate([AsnProp({type:AsnPropTypes.Integer})],KeyMintKeyDescription.prototype,"keyMintVersion",void 0);__decorate([AsnProp({type:AsnPropTypes.Enumerated})],KeyMintKeyDescription.prototype,"keyMintSecurityLevel",void 0);__decorate([AsnProp({type:OctetString2})],KeyMintKeyDescription.prototype,"attestationChallenge",void 0);__decorate([AsnProp({type:OctetString2})],KeyMintKeyDescription.prototype,"uniqueId",void 0);__decorate([AsnProp({type:AuthorizationList})],KeyMintKeyDescription.prototype,"softwareEnforced",void 0);__decorate([AsnProp({type:AuthorizationList})],KeyMintKeyDescription.prototype,"hardwareEnforced",void 0)});class NonStandardKeyDescription{attestationVersion=Version3.KM4;attestationSecurityLevel=SecurityLevel.software;keymasterVersion=0;keymasterSecurityLevel=SecurityLevel.software;attestationChallenge=new OctetString2;uniqueId=new OctetString2;softwareEnforced=new NonStandardAuthorizationList;teeEnforced=new NonStandardAuthorizationList;get keyMintVersion(){return this.keymasterVersion}set keyMintVersion(value){this.keymasterVersion=value}get keyMintSecurityLevel(){return this.keymasterSecurityLevel}set keyMintSecurityLevel(value){this.keymasterSecurityLevel=value}get hardwareEnforced(){return this.teeEnforced}set hardwareEnforced(value){this.teeEnforced=value}constructor(params={}){Object.assign(this,params)}}var NonStandardAuthorizationList_1,NonStandardAuthorization,NonStandardAuthorizationList,NonStandardKeyMintKeyDescription;var init_nonstandard=__esm(()=>{init_modules();init_es2015();init_key_description();NonStandardAuthorization=class extends AuthorizationList{};NonStandardAuthorization=__decorate([AsnType({type:AsnTypeTypes.Choice})],NonStandardAuthorization);NonStandardAuthorizationList=NonStandardAuthorizationList_1=class extends AsnArray{constructor(items){super(items);Object.setPrototypeOf(this,NonStandardAuthorizationList_1.prototype)}findProperty(key2){let prop=this.find((o)=>o[key2]!==void 0);if(prop)return prop[key2];return}};NonStandardAuthorizationList=NonStandardAuthorizationList_1=__decorate([AsnType({type:AsnTypeTypes.Sequence,itemType:NonStandardAuthorization})],NonStandardAuthorizationList);__decorate([AsnProp({type:AsnPropTypes.Integer})],NonStandardKeyDescription.prototype,"attestationVersion",void 0);__decorate([AsnProp({type:AsnPropTypes.Enumerated})],NonStandardKeyDescription.prototype,"attestationSecurityLevel",void 0);__decorate([AsnProp({type:AsnPropTypes.Integer})],NonStandardKeyDescription.prototype,"keymasterVersion",void 0);__decorate([AsnProp({type:AsnPropTypes.Enumerated})],NonStandardKeyDescription.prototype,"keymasterSecurityLevel",void 0);__decorate([AsnProp({type:OctetString2})],NonStandardKeyDescription.prototype,"attestationChallenge",void 0);__decorate([AsnProp({type:OctetString2})],NonStandardKeyDescription.prototype,"uniqueId",void 0);__decorate([AsnProp({type:NonStandardAuthorizationList})],NonStandardKeyDescription.prototype,"softwareEnforced",void 0);__decorate([AsnProp({type:NonStandardAuthorizationList})],NonStandardKeyDescription.prototype,"teeEnforced",void 0);NonStandardKeyMintKeyDescription=class extends NonStandardKeyDescription{constructor(params={}){if("keymasterVersion"in params&&!("keyMintVersion"in params))params.keyMintVersion=params.keymasterVersion;if("keymasterSecurityLevel"in params&&!("keyMintSecurityLevel"in params))params.keyMintSecurityLevel=params.keymasterSecurityLevel;if("teeEnforced"in params&&!("hardwareEnforced"in params))params.hardwareEnforced=params.teeEnforced;super(params)}};NonStandardKeyMintKeyDescription=__decorate([AsnType({type:AsnTypeTypes.Sequence})],NonStandardKeyMintKeyDescription)});class AttestationPackageInfo{packageName;version;constructor(params={}){Object.assign(this,params)}}class AttestationApplicationId{packageInfos;signatureDigests;constructor(params={}){Object.assign(this,params)}}var init_attestation=__esm(()=>{init_modules();init_es2015();__decorate([AsnProp({type:AsnPropTypes.OctetString})],AttestationPackageInfo.prototype,"packageName",void 0);__decorate([AsnProp({type:AsnPropTypes.Integer})],AttestationPackageInfo.prototype,"version",void 0);__decorate([AsnProp({type:AttestationPackageInfo,repeated:"set"})],AttestationApplicationId.prototype,"packageInfos",void 0);__decorate([AsnProp({type:AsnPropTypes.OctetString,repeated:"set"})],AttestationApplicationId.prototype,"signatureDigests",void 0)});var init_es201511=__esm(()=>{init_key_description();init_nonstandard();init_attestation()});async function verifyAttestationAndroidKey(options){let{authData,clientDataHash,attStmt,credentialPublicKey,aaguid,rootCertificates}=options,x5c=attStmt.get("x5c"),sig=attStmt.get("sig"),alg=attStmt.get("alg");if(!x5c)throw Error("No attestation certificate provided in attestation statement (Android Key)");if(!sig)throw Error("No attestation signature provided in attestation statement (Android Key)");if(!alg)throw Error("Attestation statement did not contain alg (Android Key)");if(!isCOSEAlg(alg))throw Error(`Attestation statement contained invalid alg ${alg} (Android Key)`);let parsedCert=AsnParser.parse(x5c[0],Certificate),parsedCertPubKey=new Uint8Array(parsedCert.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey),credPubKeyPKCS=convertCOSEtoPKCS(credentialPublicKey);if(!exports_isoUint8Array.areEqual(credPubKeyPKCS,parsedCertPubKey))throw Error("Credential public key does not equal leaf cert public key (Android Key)");let extKeyStore=parsedCert.tbsCertificate.extensions?.find((ext)=>ext.extnID===id_ce_keyDescription);if(!extKeyStore)throw Error("Certificate did not contain extKeyStore (Android Key)");let parsedExtKeyStore=AsnParser.parse(extKeyStore.extnValue,KeyDescription),{attestationChallenge,teeEnforced,softwareEnforced}=parsedExtKeyStore;if(!exports_isoUint8Array.areEqual(new Uint8Array(attestationChallenge.buffer),clientDataHash))throw Error("Attestation challenge was not equal to client data hash (Android Key)");if(teeEnforced.allApplications!==void 0)throw Error('teeEnforced contained "allApplications [600]" tag (Android Key)');if(softwareEnforced.allApplications!==void 0)throw Error('teeEnforced contained "allApplications [600]" tag (Android Key)');let statement=await MetadataService.getStatement(aaguid);if(statement)try{await verifyAttestationWithMetadata({statement,credentialPublicKey,x5c,attestationStatementAlg:alg})}catch(err){let _err=err;throw Error(`${_err.message} (Android Key)`,{cause:_err})}else{let x5cNoRootPEM=x5c.slice(0,-1).map(convertCertBufferToPEM),x5cRootPEM=x5c.slice(-1).map(convertCertBufferToPEM);try{await validateCertificatePath(x5cNoRootPEM,x5cRootPEM)}catch(err){let _err=err;throw Error(`${_err.message} (Android Key)`,{cause:_err})}if(rootCertificates.length>0&&rootCertificates.indexOf(x5cRootPEM[0])<0)throw Error("x5c root certificate was not a known root certificate (Android Key)")}let signatureBase=exports_isoUint8Array.concat([authData,clientDataHash]);return verifySignature2({signature:sig,data:signatureBase,x509Certificate:x5c[0],hashAlgorithm:alg})}var init_verifyAttestationAndroidKey=__esm(()=>{init_es2015();init_es20152();init_es201511();init_convertCertBufferToPEM();init_validateCertificatePath();init_verifySignature();init_convertCOSEtoPKCS();init_cose();init_iso();init_metadataService();init_verifyAttestationWithMetadata()});async function verifyAttestationApple(options){let{attStmt,authData,clientDataHash,credentialPublicKey,rootCertificates}=options,x5c=attStmt.get("x5c");if(!x5c)throw Error("No attestation certificate provided in attestation statement (Apple)");try{await validateCertificatePath(x5c.map(convertCertBufferToPEM),rootCertificates)}catch(err){throw Error(`${err.message} (Apple)`)}let parsedCredCert=AsnParser.parse(x5c[0],Certificate),{extensions:extensions2,subjectPublicKeyInfo}=parsedCredCert.tbsCertificate;if(!extensions2)throw Error("credCert missing extensions (Apple)");let extCertNonce=extensions2.find((ext)=>ext.extnID==="1.2.840.113635.100.8.2");if(!extCertNonce)throw Error('credCert missing "1.2.840.113635.100.8.2" extension (Apple)');let nonceToHash=exports_isoUint8Array.concat([authData,clientDataHash]),nonce=await toHash(nonceToHash),extNonce=new Uint8Array(extCertNonce.extnValue.buffer).slice(6);if(!exports_isoUint8Array.areEqual(nonce,extNonce))throw Error("credCert nonce was not expected value (Apple)");let credPubKeyPKCS=convertCOSEtoPKCS(credentialPublicKey),credCertSubjectPublicKey=new Uint8Array(subjectPublicKeyInfo.subjectPublicKey);if(!exports_isoUint8Array.areEqual(credPubKeyPKCS,credCertSubjectPublicKey))throw Error("Credential public key does not equal credCert public key (Apple)");return!0}var init_verifyAttestationApple=__esm(()=>{init_es2015();init_es20152();init_validateCertificatePath();init_convertCertBufferToPEM();init_toHash();init_convertCOSEtoPKCS();init_iso()});async function verifyRegistrationResponse(options){let{response,expectedChallenge,expectedOrigin,expectedRPID,expectedType,requireUserPresence=!0,requireUserVerification=!0,supportedAlgorithmIDs=supportedCOSEAlgorithmIdentifiers,attestationSafetyNetEnforceCTSCheck=!0}=options,{id,rawId,type:credentialType,response:attestationResponse}=response;if(!id)throw Error("Missing credential ID");if(id!==rawId)throw Error("Credential ID was not base64url-encoded");if(credentialType!=="public-key")throw Error(`Unexpected credential type ${credentialType}, expected "public-key"`);let clientDataJSON=decodeClientDataJSON(attestationResponse.clientDataJSON),{type,origin,challenge,tokenBinding}=clientDataJSON;if(Array.isArray(expectedType)){if(!expectedType.includes(type)){let joinedExpectedType=expectedType.join(", ");throw Error(`Unexpected registration response type "${type}", expected one of: ${joinedExpectedType}`)}}else if(expectedType){if(type!==expectedType)throw Error(`Unexpected registration response type "${type}", expected "${expectedType}"`)}else if(type!=="webauthn.create")throw Error(`Unexpected registration response type: ${type}`);if(typeof expectedChallenge==="function"){if(!await expectedChallenge(challenge))throw Error(`Custom challenge verifier returned false for registration response challenge "${challenge}"`)}else if(challenge!==expectedChallenge)throw Error(`Unexpected registration response challenge "${challenge}", expected "${expectedChallenge}"`);if(Array.isArray(expectedOrigin)){if(!expectedOrigin.includes(origin))throw Error(`Unexpected registration response origin "${origin}", expected one of: ${expectedOrigin.join(", ")}`)}else if(origin!==expectedOrigin)throw Error(`Unexpected registration response origin "${origin}", expected "${expectedOrigin}"`);if(tokenBinding){if(typeof tokenBinding!=="object")throw Error(`Unexpected value for TokenBinding "${tokenBinding}"`);if(["present","supported","not-supported"].indexOf(tokenBinding.status)<0)throw Error(`Unexpected tokenBinding.status value of "${tokenBinding.status}"`)}let attestationObject=exports_isoBase64URL.toBuffer(attestationResponse.attestationObject),decodedAttestationObject=decodeAttestationObject(attestationObject),fmt=decodedAttestationObject.get("fmt"),authData=decodedAttestationObject.get("authData"),attStmt=decodedAttestationObject.get("attStmt"),parsedAuthData=parseAuthenticatorData(authData),{aaguid,rpIdHash,flags,credentialID,counter,credentialPublicKey,extensionsData}=parsedAuthData,matchedRPID;if(expectedRPID){let expectedRPIDs=[];if(typeof expectedRPID==="string")expectedRPIDs=[expectedRPID];else expectedRPIDs=expectedRPID;matchedRPID=await matchExpectedRPID(rpIdHash,expectedRPIDs)}if(requireUserPresence&&!flags.up)throw Error("User presence was required, but user was not present");if(requireUserVerification&&!flags.uv)throw Error("User verification was required, but user could not be verified");if(!credentialID)throw Error("No credential ID was provided by authenticator");if(!credentialPublicKey)throw Error("No public key was provided by authenticator");if(!aaguid)throw Error("No AAGUID was present during registration");let alg=decodeCredentialPublicKey(credentialPublicKey).get(COSEKEYS.alg);if(typeof alg!=="number")throw Error("Credential public key was missing numeric alg");if(!supportedAlgorithmIDs.includes(alg)){let supported=supportedAlgorithmIDs.join(", ");throw Error(`Unexpected public key alg "${alg}", expected one of "${supported}"`)}let clientDataHash=await toHash(exports_isoBase64URL.toBuffer(attestationResponse.clientDataJSON)),rootCertificates=SettingsService.getRootCertificates({identifier:fmt}),verifierOpts={aaguid,attStmt,authData,clientDataHash,credentialID,credentialPublicKey,rootCertificates,rpIdHash,attestationSafetyNetEnforceCTSCheck},verified=!1;if(fmt==="fido-u2f")verified=await verifyAttestationFIDOU2F(verifierOpts);else if(fmt==="packed")verified=await verifyAttestationPacked(verifierOpts);else if(fmt==="android-safetynet")verified=await verifyAttestationAndroidSafetyNet(verifierOpts);else if(fmt==="android-key")verified=await verifyAttestationAndroidKey(verifierOpts);else if(fmt==="tpm")verified=await verifyAttestationTPM(verifierOpts);else if(fmt==="apple")verified=await verifyAttestationApple(verifierOpts);else if(fmt==="none"){if(attStmt.size>0)throw Error("None attestation had unexpected attestation statement");verified=!0}else throw Error(`Unsupported Attestation Format: ${fmt}`);if(!verified)return{verified:!1};let{credentialDeviceType,credentialBackedUp}=parseBackupFlags(flags);return{verified:!0,registrationInfo:{fmt,aaguid:convertAAGUIDToString(aaguid),credentialType,credential:{id:exports_isoBase64URL.fromBuffer(credentialID),publicKey:credentialPublicKey,counter,transports:response.response.transports},attestationObject,userVerified:flags.uv,credentialDeviceType,credentialBackedUp,origin:clientDataJSON.origin,rpID:matchedRPID,authenticatorExtensionResults:extensionsData}}}var init_verifyRegistrationResponse=__esm(()=>{init_decodeAttestationObject();init_decodeClientDataJSON();init_parseAuthenticatorData();init_toHash();init_decodeCredentialPublicKey();init_cose();init_convertAAGUIDToString();init_parseBackupFlags();init_matchExpectedRPID();init_iso();init_settingsService();init_generateRegistrationOptions();init_verifyAttestationFIDOU2F();init_verifyAttestationPacked();init_verifyAttestationAndroidSafetyNet();init_verifyAttestationTPM();init_verifyAttestationAndroidKey();init_verifyAttestationApple()});async function generateAuthenticationOptions(options){let{allowCredentials,challenge=await generateChallenge2(),timeout=60000,userVerification="preferred",extensions:extensions2,rpID}=options,_challenge=challenge;if(typeof _challenge==="string")_challenge=exports_isoUint8Array.fromUTF8String(_challenge);return{rpId:rpID,challenge:exports_isoBase64URL.fromBuffer(_challenge),allowCredentials:allowCredentials?.map((cred)=>{if(!exports_isoBase64URL.isBase64URL(cred.id))throw Error(`allowCredential id "${cred.id}" is not a valid base64url string`);return{...cred,id:exports_isoBase64URL.trimPadding(cred.id),type:"public-key"}}),timeout,userVerification,extensions:extensions2}}var init_generateAuthenticationOptions=__esm(()=>{init_iso();init_generateChallenge()});async function verifyAuthenticationResponse(options){let{response,expectedChallenge,expectedOrigin,expectedRPID,expectedType,credential,requireUserVerification=!0,advancedFIDOConfig}=options,{id,rawId,type:credentialType,response:assertionResponse}=response;if(!id)throw Error("Missing credential ID");if(id!==rawId)throw Error("Credential ID was not base64url-encoded");if(credentialType!=="public-key")throw Error(`Unexpected credential type ${credentialType}, expected "public-key"`);if(!response)throw Error("Credential missing response");if(typeof assertionResponse?.clientDataJSON!=="string")throw Error("Credential response clientDataJSON was not a string");let clientDataJSON=decodeClientDataJSON(assertionResponse.clientDataJSON),{type,origin,challenge,tokenBinding}=clientDataJSON;if(Array.isArray(expectedType)){if(!expectedType.includes(type)){let joinedExpectedType=expectedType.join(", ");throw Error(`Unexpected authentication response type "${type}", expected one of: ${joinedExpectedType}`)}}else if(expectedType){if(type!==expectedType)throw Error(`Unexpected authentication response type "${type}", expected "${expectedType}"`)}else if(type!=="webauthn.get")throw Error(`Unexpected authentication response type: ${type}`);if(typeof expectedChallenge==="function"){if(!await expectedChallenge(challenge))throw Error(`Custom challenge verifier returned false for registration response challenge "${challenge}"`)}else if(challenge!==expectedChallenge)throw Error(`Unexpected authentication response challenge "${challenge}", expected "${expectedChallenge}"`);if(Array.isArray(expectedOrigin)){if(!expectedOrigin.includes(origin)){let joinedExpectedOrigin=expectedOrigin.join(", ");throw Error(`Unexpected authentication response origin "${origin}", expected one of: ${joinedExpectedOrigin}`)}}else if(origin!==expectedOrigin)throw Error(`Unexpected authentication response origin "${origin}", expected "${expectedOrigin}"`);if(!exports_isoBase64URL.isBase64URL(assertionResponse.authenticatorData))throw Error("Credential response authenticatorData was not a base64url string");if(!exports_isoBase64URL.isBase64URL(assertionResponse.signature))throw Error("Credential response signature was not a base64url string");if(assertionResponse.userHandle&&typeof assertionResponse.userHandle!=="string")throw Error("Credential response userHandle was not a string");if(tokenBinding){if(typeof tokenBinding!=="object")throw Error("ClientDataJSON tokenBinding was not an object");if(["present","supported","notSupported"].indexOf(tokenBinding.status)<0)throw Error(`Unexpected tokenBinding status ${tokenBinding.status}`)}let authDataBuffer=exports_isoBase64URL.toBuffer(assertionResponse.authenticatorData),parsedAuthData=parseAuthenticatorData(authDataBuffer),{rpIdHash,flags,counter,extensionsData}=parsedAuthData,expectedRPIDs=[];if(typeof expectedRPID==="string")expectedRPIDs=[expectedRPID];else expectedRPIDs=expectedRPID;let matchedRPID=await matchExpectedRPID(rpIdHash,expectedRPIDs);if(advancedFIDOConfig!==void 0){let{userVerification:fidoUserVerification}=advancedFIDOConfig;if(fidoUserVerification==="required"){if(!flags.uv)throw Error("User verification required, but user could not be verified")}}else{if(!flags.up)throw Error("User not present during authentication");if(requireUserVerification&&!flags.uv)throw Error("User verification required, but user could not be verified")}let clientDataHash=await toHash(exports_isoBase64URL.toBuffer(assertionResponse.clientDataJSON)),signatureBase=exports_isoUint8Array.concat([authDataBuffer,clientDataHash]),signature=exports_isoBase64URL.toBuffer(assertionResponse.signature);if((counter>0||credential.counter>0)&&counter<=credential.counter)throw Error(`Response counter value ${counter} was lower than expected ${credential.counter}`);let{credentialDeviceType,credentialBackedUp}=parseBackupFlags(flags);return{verified:await verifySignature2({signature,data:signatureBase,credentialPublicKey:credential.publicKey}),authenticationInfo:{newCounter:counter,credentialID:credential.id,userVerified:flags.uv,credentialDeviceType,credentialBackedUp,authenticatorExtensionResults:extensionsData,origin:clientDataJSON.origin,rpID:matchedRPID}}}var init_verifyAuthenticationResponse=__esm(()=>{init_decodeClientDataJSON();init_toHash();init_verifySignature();init_parseAuthenticatorData();init_parseBackupFlags();init_matchExpectedRPID();init_iso()});var init_mdsTypes=()=>{};var init_types11=()=>{};var init_esm2=__esm(()=>{init_generateRegistrationOptions();init_verifyRegistrationResponse();init_generateAuthenticationOptions();init_verifyAuthenticationResponse();init_metadataService();init_settingsService();init_mdsTypes();init_types11()});function base64UrlEncode2(buffer){let binary="";for(let byte of buffer)binary+=String.fromCharCode(byte);return(typeof btoa<"u"?btoa(binary):Buffer.from(binary,"binary").toString("base64")).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}function base64UrlDecode2(value){let padded=value.replace(/-/g,"+").replace(/_/g,"/").padEnd(value.length+(4-value.length%4)%4,"="),binary=typeof atob<"u"?atob(padded):Buffer.from(padded,"base64").toString("binary"),buffer=new ArrayBuffer(binary.length),out=new Uint8Array(buffer);for(let i=0;i<binary.length;i+=1)out[i]=binary.charCodeAt(i);return out}function parseTransports(value){if(!value)return null;if(Array.isArray(value))return value;if(typeof value==="string")try{let parsed=JSON.parse(value);return Array.isArray(parsed)?parsed:null}catch{return null}return null}function parseDeviceType(value){if(value==="singleDevice"||value==="multiDevice")return value;return null}var exports_WebAuthn={};__export(exports_WebAuthn,{WebAuthnService:()=>WebAuthnService});class WebAuthnService{config;challengeTtlMs;constructor(config){this.config=config,this.challengeTtlMs=config.challengeTtlMs??DEFAULT_CHALLENGE_TTL_MS}async createRegistrationOptions(params){let existing=await this.config.storage.listCredentialsByUser(params.userId,params.schemaName),options=await generateRegistrationOptions({rpName:this.config.rp.rpName,rpID:this.config.rp.rpID,userID:new TextEncoder().encode(params.userId),userName:params.userName,userDisplayName:params.userDisplayName??params.userName,attestationType:"none",authenticatorSelection:{residentKey:"preferred",userVerification:this.config.userVerification??"preferred"},excludeCredentials:existing.filter((cred)=>!cred.revokedAt).map((cred)=>({id:cred.credentialId,transports:cred.transports??void 0}))});return await this.config.storage.storeChallenge({challenge:options.challenge,challengeType:"registration",userId:params.userId,expiresAt:new Date(Date.now()+this.challengeTtlMs)},params.schemaName),options}async verifyRegistration(params){let stored=await this.config.storage.consumeChallenge(params.expectedChallenge,"registration",params.schemaName);if(!stored||stored.userId!==params.userId)return null;if(stored.expiresAt.getTime()<Date.now())return null;let verification=await verifyRegistrationResponse({response:params.response,expectedChallenge:params.expectedChallenge,expectedOrigin:this.config.rp.expectedOrigins,expectedRPID:this.config.rp.rpID,requireUserVerification:this.config.userVerification==="required"});if(!verification.verified||!verification.registrationInfo)return null;let info=verification.registrationInfo,publicKey=base64UrlEncode2(info.credential.publicKey),attachment=params.response.authenticatorAttachment==="platform"||params.response.authenticatorAttachment==="cross-platform"?params.response.authenticatorAttachment:null;return this.config.storage.insertCredential({userId:params.userId,credentialId:info.credential.id,publicKey,counter:info.credential.counter,transports:info.credential.transports??null,deviceType:info.credentialDeviceType,backedUp:info.credentialBackedUp,aaguid:info.aaguid??null,authenticatorAttachment:attachment,nickname:params.nickname??null,lastUsedAt:null,revokedAt:null},params.schemaName)}async createAuthenticationOptions(params){let credentials=params.userId?await this.config.storage.listCredentialsByUser(params.userId,params.schemaName):[],options=await generateAuthenticationOptions({rpID:this.config.rp.rpID,userVerification:this.config.userVerification??"preferred",allowCredentials:credentials.filter((cred)=>!cred.revokedAt).map((cred)=>({id:cred.credentialId,transports:cred.transports??void 0}))});return await this.config.storage.storeChallenge({challenge:options.challenge,challengeType:"authentication",userId:params.userId??null,expiresAt:new Date(Date.now()+this.challengeTtlMs)},params.schemaName),options}async verifyAuthentication(params){let stored=await this.config.storage.consumeChallenge(params.expectedChallenge,"authentication",params.schemaName);if(!stored)return{verified:!1,userId:null,credentialId:null};if(stored.expiresAt.getTime()<Date.now())return{verified:!1,userId:null,credentialId:null};let credential=await this.config.storage.findCredentialById(params.response.id,params.schemaName);if(!credential||credential.revokedAt)return{verified:!1,userId:null,credentialId:null};let verification=await verifyAuthenticationResponse({response:params.response,expectedChallenge:params.expectedChallenge,expectedOrigin:this.config.rp.expectedOrigins,expectedRPID:this.config.rp.rpID,credential:{id:credential.credentialId,publicKey:base64UrlDecode2(credential.publicKey),counter:credential.counter,transports:credential.transports??void 0},requireUserVerification:this.config.userVerification==="required"});if(!verification.verified)return{verified:!1,userId:null,credentialId:null};return await this.config.storage.updateCredentialCounter(credential.credentialId,verification.authenticationInfo.newCounter,params.schemaName),{verified:!0,userId:credential.userId,credentialId:credential.credentialId}}listUserCredentials(userId,schemaName){return this.config.storage.listCredentialsByUser(userId,schemaName)}revokeCredential(credentialId,userId,schemaName){return this.config.storage.revokeCredential(credentialId,userId,schemaName)}renameCredential(credentialId,userId,nickname,schemaName){return this.config.storage.renameCredential(credentialId,userId,nickname,schemaName)}}var DEFAULT_CHALLENGE_TTL_MS=300000;var init_WebAuthn=__esm(()=>{init_esm2()});var init_Services=__esm(()=>{init_ApiKey();init_Auth();init_Authorization();init_Backup();init_Captcha();init_Domain();init_Email();init_Gmail();init_Logger2();init_Monitoring();init_Notification();init_OAuth();init_Payment();init_RateLimiter();init_Tenant();init_Verification();init_WebAuthn()});function encodeHeaderList(items){return items.map((v)=>encodeURIComponent(v)).join(",")}function decodeHeaderList(header){if(!header)return[];return header.split(",").map((v)=>v.trim()).filter(Boolean).map((v)=>{try{return decodeURIComponent(v)}catch{return v}})}function encodeClaimScopesHeader(claimScopes){if(!claimScopes||Object.keys(claimScopes).length===0)return"";return encodeURIComponent(JSON.stringify(claimScopes))}function decodeClaimScopesHeader(header){if(!header)return;try{let parsed=JSON.parse(decodeURIComponent(header));if(parsed&&typeof parsed==="object"&&!Array.isArray(parsed))return parsed;return}catch{return}}import{and as and11,eq as eq19}from"drizzle-orm";async function assignDefaultRole(params){let{db,userId,roleName,rolesTable,userRolesTable,logger:logger2}=params;if(!rolesTable||!userRolesTable){logger2.warn("[AUTH] assignDefaultRole called without rolesTable or userRolesTable \u2014 skipping",{userId,roleName});return}try{let rolesCols=rolesTable,userRolesCols=userRolesTable,role=(await db.select().from(rolesTable).where(eq19(rolesCols.name,roleName)).limit(1))[0];if(!role){logger2.warn(`[AUTH] Default role "${roleName}" not found in roles table \u2014 skipping assignment`,{userId});return}let roleId=role.id;if((await db.select().from(userRolesTable).where(and11(eq19(userRolesCols.userId,userId),eq19(userRolesCols.roleId,roleId))).limit(1)).length>0){logger2.debug("[AUTH] User already has default role \u2014 skipping",{userId,roleName});return}await db.insert(userRolesTable).values({userId,roleId}),logger2.info("[AUTH] Default role assigned to new user",{userId,roleName})}catch(err){logger2.warn("[AUTH] Failed to assign default role \u2014 continuing",{userId,roleName,error:err instanceof Error?err.message:String(err)})}}var init_assignDefaultRole=()=>{};import crypto6 from"crypto";var{password:password2}=globalThis.Bun;async function hashPassword(plainPassword){return await password2.hash(plainPassword,{algorithm:"bcrypt",cost:10})}function generateVerificationToken(){return crypto6.randomBytes(32).toString("hex")}function hashVerificationToken(token){return crypto6.createHash("sha256").update(token).digest("hex")}function parseTimeToMs(time2){let match=time2.match(/^(\d+)(s|m|h|d)$/);if(!match||!match[1]||!match[2])return 86400000;let value=Number.parseInt(match[1],10);switch(match[2]){case"s":return value*1000;case"m":return value*60*1000;case"h":return value*60*60*1000;case"d":return value*24*60*60*1000;default:return 86400000}}function validatePasswordStrength(pwd){let errors2=[];if(pwd.length<8)errors2.push("Password must be at least 8 characters");if(!/[A-Z]/.test(pwd))errors2.push("Password must contain uppercase letter");if(!/[a-z]/.test(pwd))errors2.push("Password must contain lowercase letter");if(!/[0-9]/.test(pwd))errors2.push("Password must contain a number");return{valid:errors2.length===0,errors:errors2}}var init_utils6=()=>{};function isEmailExempt(email,exemptDomains){if(!exemptDomains||exemptDomains.length===0)return!1;let domain=email.split("@")[1]?.toLowerCase();if(!domain)return!1;return exemptDomains.some((d)=>domain===d.toLowerCase()||domain.endsWith(`.${d.toLowerCase()}`))}var{password:password3}=globalThis.Bun;async function verifyPassword(plainPassword,hashedPassword){try{return await password3.verify(plainPassword,hashedPassword)}catch{return!1}}function labelFromRawUserAgent(userAgent){let ua=(userAgent??"").trim(),lower=ua.toLowerCase();if(!ua||lower==="unknown"||lower==="unknown browser")return;let meaningful=(ua.match(/[A-Za-z][A-Za-z0-9._-]*\/[0-9][^\s;)]*/g)??[]).find((t2)=>!/^mozilla\//i.test(t2));if(meaningful)return meaningful.split("/")[0];return ua.match(/[A-Za-z][A-Za-z0-9 ._-]{2,}/)?.[0]?.trim()||void 0}function parseUserAgentForLogin(userAgent,ipAddress,deviceHint,clientHints){let ua=userAgent.toLowerCase(),headlessIndicators=["headlesschrome","headless","phantomjs","nightmare","selenium","webdriver","puppeteer","playwright"],botIndicators=["bot","crawler","spider","scraper","curl","wget","python-requests","python-urllib","java/","httpclient","go-http-client","node-fetch","axios","postman","insomnia","httpie"],isHeadless=headlessIndicators.some((indicator)=>ua.includes(indicator)),isBot=botIndicators.some((indicator)=>ua.includes(indicator)),isSuspicious=isHeadless||isBot,suspiciousPatterns=[];if(isHeadless)suspiciousPatterns.push("headless_browser");if(isBot)suspiciousPatterns.push("bot_user_agent");if(!ua||ua.length<10)suspiciousPatterns.push("missing_or_short_ua");if(ua==="mozilla/5.0")suspiciousPatterns.push("generic_ua");if(ua.includes("nucleusserveraction")||ua.includes("serveraction"))suspiciousPatterns.push("server_action");let deviceType="unknown";if(ua.includes("ipad"))deviceType="tablet";else if(ua.includes("iphone"))deviceType="mobile";else if(ua.includes("macintosh")||ua.includes("windows")&&!ua.includes("windows phone")||ua.includes("linux")&&!ua.includes("android"))deviceType="desktop";else if(ua.includes("tablet")||ua.includes("android")&&ua.includes("tablet"))deviceType="tablet";else if(ua.includes("mobile")||ua.includes("android"))deviceType="mobile";let browserName,browserVersion;if(isHeadless)browserName="Headless Browser";else if(isBot)browserName="Bot/Crawler";else if(ua.includes("edg")){browserName="Edge";let match=userAgent.match(/Edg\/(\d+\.\d+)/i);if(match?.[1])browserVersion=match[1]}else if(ua.includes("opr/")||ua.includes("opera")){browserName="Opera";let match=userAgent.match(/OPR\/(\d+\.\d+)/i)||userAgent.match(/Opera\/(\d+\.\d+)/i);if(match?.[1])browserVersion=match[1]}else if(ua.includes("samsungbrowser")){browserName="Samsung Internet";let match=userAgent.match(/SamsungBrowser\/(\d+\.\d+)/i);if(match?.[1])browserVersion=match[1]}else if(ua.includes("crios")){browserName="Chrome";let match=userAgent.match(/CriOS\/(\d+\.\d+)/i);if(match?.[1])browserVersion=match[1]}else if(ua.includes("fxios")){browserName="Firefox";let match=userAgent.match(/FxiOS\/(\d+\.\d+)/i);if(match?.[1])browserVersion=match[1]}else if(ua.includes("chrome")){browserName="Chrome";let match=userAgent.match(/Chrome\/(\d+\.\d+)/i);if(match?.[1])browserVersion=match[1]}else if(ua.includes("firefox")){browserName="Firefox";let match=userAgent.match(/Firefox\/(\d+\.\d+)/i);if(match?.[1])browserVersion=match[1]}else if(ua.includes("safari")){browserName="Safari";let match=userAgent.match(/Version\/(\d+\.\d+)/i);if(match?.[1])browserVersion=match[1]}let osName,osVersion;if(ua.includes("windows nt 10"))osName="Windows",osVersion="10/11";else if(ua.includes("windows nt"))osName="Windows";else if(ua.includes("iphone")||ua.includes("ipad")){osName="iOS";let match=userAgent.match(/OS (\d+[._]\d+)/i);if(match?.[1])osVersion=match[1].replace("_",".")}else if(ua.includes("mac os x")){osName="macOS";let match=userAgent.match(/Mac OS X (\d+[._]\d+)/i);if(match?.[1])osVersion=match[1].replace("_",".")}else if(ua.includes("android")){osName="Android";let match=userAgent.match(/Android (\d+\.?\d*)/i);if(match?.[1])osVersion=match[1]}else if(ua.includes("linux"))osName="Linux";if(!browserName&&clientHints?.uaHeader){let brands=[...clientHints.uaHeader.matchAll(/"([^"]+)";v="([^"]+)"/g)].map((m)=>({brand:m[1]??"",version:m[2]??""})).filter((b)=>b.brand&&!/not.?a.?brand/i.test(b.brand)),preferred=brands.find((b)=>/google chrome|microsoft edge|opera|firefox|safari/i.test(b.brand))??brands.find((b)=>!/chromium/i.test(b.brand))??brands[0];if(preferred)browserName=preferred.brand.replace(/^Google /,"").replace(/^Microsoft /,""),browserVersion=preferred.version}if(!osName&&clientHints?.platformHeader)osName=clientHints.platformHeader.replace(/"/g,"").trim()||osName;if(deviceType==="unknown"&&clientHints?.mobileHeader==="?1")deviceType="mobile";return{deviceName:browserName&&osName?`${browserName} on ${osName}`:browserName?browserName:osName?osName:deviceType!=="unknown"?deviceType.charAt(0).toUpperCase()+deviceType.slice(1):labelFromRawUserAgent(userAgent)??"Unknown Device",deviceType,browserName,browserVersion,osName,osVersion,ipAddress,userAgent,deviceHint,locationCountry:void 0,locationCity:void 0,isHeadless,isBot,isSuspicious,suspiciousPatterns}}var init_utils7=()=>{};function deviceContextFromRequest(request){let rawFwd=request.headers.get("x-forwarded-for")?.split(",")[0]?.trim(),isPrivate=(ip)=>!ip||ip==="127.0.0.1"||ip==="::1"||ip==="localhost"||ip.startsWith("10.")||ip.startsWith("192.168.")||ip.startsWith("172.");return{ipAddress:request.headers.get("cf-connecting-ip")?.trim()||request.headers.get("true-client-ip")?.trim()||(!isPrivate(rawFwd)?rawFwd:void 0)||request.headers.get("x-real-ip")?.trim()||rawFwd||"127.0.0.1",userAgent:request.headers.get("user-agent")||"",clientHints:{uaHeader:request.headers.get("sec-ch-ua")??void 0,platformHeader:request.headers.get("sec-ch-ua-platform")??void 0,mobileHeader:request.headers.get("sec-ch-ua-mobile")??void 0}}}function ensureDeviceInfo(info,clientHints){if(info.browserName&&info.osName&&info.deviceName)return info;let parsed=info.userAgent?parseUserAgentForLogin(info.userAgent,info.ipAddress,info.deviceHint,clientHints):void 0;return{ipAddress:info.ipAddress,userAgent:info.userAgent,deviceHint:info.deviceHint,deviceName:info.deviceName??parsed?.deviceName??"Unknown Device",deviceType:info.deviceType&&info.deviceType!=="unknown"?info.deviceType:parsed?.deviceType??info.deviceType??"unknown",browserName:info.browserName??parsed?.browserName,browserVersion:info.browserVersion??parsed?.browserVersion,osName:info.osName??parsed?.osName,osVersion:info.osVersion??parsed?.osVersion,locationCountry:info.locationCountry,locationCity:info.locationCity}}var init_deviceInfo=__esm(()=>{init_utils7()});function resolveAppOrigin(request,fallbackUrl,allowedOrigins){let fallbackOrigin="";if(fallbackUrl)try{fallbackOrigin=new URL(fallbackUrl).origin}catch{}let trusted=[...fallbackOrigin?[fallbackOrigin]:[],...allowedOrigins??[]],candidates=[],appOrigin=request.headers.get("x-app-origin");if(appOrigin)candidates.push(appOrigin.replace(/\/+$/,""));let origin=request.headers.get("origin");if(origin)candidates.push(origin.replace(/\/+$/,""));let forwardedHost=request.headers.get("x-forwarded-host")?.split(",")[0]?.trim();if(forwardedHost){let proto=request.headers.get("x-forwarded-proto")?.split(",")[0]?.trim()||"https";candidates.push(`${proto}://${forwardedHost}`)}for(let candidate of candidates)if(isOriginTrusted(candidate,trusted))return candidate;return fallbackOrigin}function extractConfiguredPath(configuredUrl,defaultPath){if(!configuredUrl)return defaultPath;try{return new URL(configuredUrl).pathname}catch{return configuredUrl.startsWith("/")?configuredUrl:defaultPath}}function buildEmailActionLink(params){let{request,configuredUrl,path:path2,query,allowedOrigins}=params,origin=resolveAppOrigin(request,configuredUrl,allowedOrigins),normalizedPath=path2.startsWith("/")?path2:`/${path2}`,queryString=new URLSearchParams(query).toString();return`${origin}${normalizedPath}${queryString?`?${queryString}`:""}`}var originHost=(value)=>{try{return new URL(value).host.toLowerCase()}catch{return value.includes("://")?null:value.toLowerCase().replace(/[/?#].*$/,"")||null}},isOriginTrusted=(candidate,trusted)=>{let candHost=originHost(candidate);if(!candHost)return!1;for(let entry of trusted){let tHost=originHost(entry);if(!tHost)continue;if(tHost.startsWith("*.")){let base=tHost.slice(2);if(candHost===base||candHost.endsWith(`.${base}`))return!0}else if(candHost===tHost)return!0}return!1};import{randomUUID as randomUUID5}from"crypto";import path2 from"path";function mergeStorageConfig(config){if(!config)return DEFAULT_STORAGE_CONFIG;return{enabled:config.enabled??DEFAULT_STORAGE_CONFIG.enabled,basePath:config.basePath??DEFAULT_STORAGE_CONFIG.basePath,maxFileSizeBytes:config.maxFileSizeBytes??DEFAULT_STORAGE_CONFIG.maxFileSizeBytes,allowedMimeTypes:config.allowedMimeTypes??DEFAULT_STORAGE_CONFIG.allowedMimeTypes,blockedMimeTypes:config.blockedMimeTypes??DEFAULT_STORAGE_CONFIG.blockedMimeTypes,formData:{filesField:config.formData?.filesField??DEFAULT_STORAGE_CONFIG.formData.filesField,dataField:config.formData?.dataField??DEFAULT_STORAGE_CONFIG.formData.dataField,maxFiles:config.formData?.maxFiles??DEFAULT_STORAGE_CONFIG.formData.maxFiles}}}function parseFormDataBody(body,config){let result={data:{},files:[]};if(!body||typeof body!=="object")return result;let bodyObj=body,dataField=bodyObj[config.formData.dataField];if(dataField){if(typeof dataField==="string")try{result.data=JSON.parse(dataField)}catch{result.data={}}else if(typeof dataField==="object")result.data=dataField}let filesField=bodyObj[config.formData.filesField];if(filesField){if(filesField instanceof File)result.files=[filesField];else if(Array.isArray(filesField))result.files=filesField.filter((f)=>f instanceof File)}return result}function validateFile(file,config){if(file.size>config.maxFileSizeBytes)return{valid:!1,error:`File ${file.name} exceeds maximum size of ${config.maxFileSizeBytes} bytes`};if(config.blockedMimeTypes.length>0&&config.blockedMimeTypes.includes(file.type))return{valid:!1,error:`File type ${file.type} is not allowed`};if(config.allowedMimeTypes.length>0&&!config.allowedMimeTypes.includes(file.type))return{valid:!1,error:`File type ${file.type} is not in allowed list`};return{valid:!0}}async function uploadFile(file,config,subFolder){let id=randomUUID5(),ext=path2.extname(file.name),uniqueName=`${id}${ext}`,folderPath=subFolder?path2.join(config.basePath,subFolder):config.basePath,arrayBuffer=await file.arrayBuffer(),buffer=new Uint8Array(arrayBuffer);return await fileManager.createFile({dir:folderPath,name:uniqueName,data:buffer,options:{type:file.type,createDir:!0}}),{id,name:uniqueName,originalName:file.name,path:folderPath,mimeType:file.type,size:file.size,createdAt:new Date}}async function uploadFiles(files,config,subFolder){let success=[],failed=[];for(let file of files.slice(0,config.formData.maxFiles)){let validation=validateFile(file,config);if(!validation.valid){failed.push({file:file.name,error:validation.error||"Unknown error"});continue}try{let result=await uploadFile(file,config,subFolder);success.push(result)}catch(error){failed.push({file:file.name,error:error instanceof Error?error.message:"Upload failed"})}}return{success,failed}}function isPathWithinBase(base,target2){let resolvedBase=path2.resolve(base),resolvedTarget=path2.resolve(target2);return resolvedTarget===resolvedBase||resolvedTarget.startsWith(resolvedBase+path2.sep)}async function deleteFile(filePath,fileName,storageBase){try{let fullPath=path2.join(filePath,fileName);if(storageBase&&!isPathWithinBase(storageBase,fullPath))return!1;return await fileManager.deleteFile(fullPath)}catch{return!1}}var DEFAULT_STORAGE_CONFIG;var init_helpers2=__esm(()=>{init_File();DEFAULT_STORAGE_CONFIG={enabled:!1,basePath:"./uploads",maxFileSizeBytes:104857600,allowedMimeTypes:[],blockedMimeTypes:["application/x-executable","application/x-msdos-program","text/html","application/xhtml+xml","image/svg+xml","application/xml","text/xml","application/javascript","text/javascript","application/x-httpd-php"],formData:{filesField:"files",dataField:"data",maxFiles:10}}});import path3 from"path";import Elysia4,{t as t3}from"elysia";function mergeCdnConfig(config){if(!config)return DEFAULT_CDN_CONFIG;return{enabled:config.enabled??DEFAULT_CDN_CONFIG.enabled,basePath:config.basePath??DEFAULT_CDN_CONFIG.basePath,cacheMaxAge:config.cacheMaxAge??DEFAULT_CDN_CONFIG.cacheMaxAge,enableRangeRequests:config.enableRangeRequests??DEFAULT_CDN_CONFIG.enableRangeRequests,enableEtag:config.enableEtag??DEFAULT_CDN_CONFIG.enableEtag,corsOrigins:config.corsOrigins??DEFAULT_CDN_CONFIG.corsOrigins}}function getMimeTypeDisposition(mimeType){let normalized=mimeType.split(";")[0]?.trim().toLowerCase()??"";if(NEVER_INLINE.has(normalized))return"attachment";let inlineTypes=["image/","video/","audio/","text/","application/pdf"];for(let type of inlineTypes)if(normalized.startsWith(type)||normalized===type)return"inline";return"attachment"}function sanitizeFilename(filename){return filename.replace(/[^A-Za-z0-9._-]+/g,"_").replace(/_{2,}/g,"_").slice(0,200)}function isTraversalId(id){return id.includes("/")||id.includes("\\")||id.includes("..")||id.includes("\x00")}function resolveTenantSchema(request){return request.headers.get("x-tenant-schema")||void 0}function createCdnRoutes(config){let{cdn,storagePath,logger:logger2,getFileRecord}=config,plugin=new Elysia4({prefix:cdn.basePath});if(!cdn.enabled)return plugin;return plugin.get("/:id",async({params,request,set})=>{let{id}=params;if(isTraversalId(id))return set.status=400,{success:!1,message:"Invalid file id"};let schemaName=resolveTenantSchema(request),filePath,fileName,mimeType;if(getFileRecord){let fileRecord=await getFileRecord(id,schemaName);if(!fileRecord)return set.status=404,{success:!1,message:"File not found"};filePath=path3.join(fileRecord.path,fileRecord.name),fileName=fileRecord.name,mimeType=fileRecord.mimeType||fileRecord.mime_type||"application/octet-stream"}else filePath=path3.join(storagePath,id),fileName=id,mimeType="application/octet-stream";if(!isPathWithinBase(storagePath,filePath))return set.status=404,{success:!1,message:"File not found"};if(!await fileManager.exists(filePath))return set.status=404,{success:!1,message:"Physical file not found"};let fileInfo=await fileManager.getFileInfo(filePath),lastModified=new Date(fileInfo.modifiedAt||Date.now()).toUTCString(),etag=cdn.enableEtag?`"${fileInfo.size}-${fileInfo.modifiedAt?.getTime()||Date.now()}"`:void 0,cacheHeaders={"Cache-Control":`public, max-age=${cdn.cacheMaxAge}`,"Last-Modified":lastModified};if(etag)cacheHeaders.ETag=etag;if(cdn.corsOrigins.length>0)cacheHeaders["Access-Control-Allow-Origin"]=cdn.corsOrigins[0]==="*"?"*":cdn.corsOrigins.join(", "),cacheHeaders["Access-Control-Allow-Methods"]="GET, HEAD, OPTIONS";let dispositionType=getMimeTypeDisposition(mimeType),asciiFallbackName=sanitizeFilename(fileName),encodedUtf8Name=encodeURIComponent(fileName),contentDisposition=`${dispositionType}; filename="${asciiFallbackName}"; filename*=UTF-8''${encodedUtf8Name}`,ifNoneMatch=request.headers.get("if-none-match");if(etag&&ifNoneMatch===etag)return new Response(null,{status:304,headers:cacheHeaders});let bunFile=Bun.file(filePath),range=request.headers.get("range");if(cdn.enableRangeRequests&&range){let rangeMatch=range.match(/bytes=(\d*)-(\d*)/);if(!rangeMatch)return set.status=416,new Response("Range not satisfiable",{status:416,headers:{"Content-Range":`bytes */${fileInfo.size}`,"Content-Type":mimeType,"X-Content-Type-Options":"nosniff",...cacheHeaders}});let startStr=rangeMatch[1]||"0",endStr=rangeMatch[2]||"",start=parseInt(startStr,10),end=endStr?parseInt(endStr,10):fileInfo.size-1;if(start>=fileInfo.size||end>=fileInfo.size||start>end)return new Response("Range not satisfiable",{status:416,headers:{"Content-Range":`bytes */${fileInfo.size}`,"Content-Type":mimeType,"X-Content-Type-Options":"nosniff",...cacheHeaders}});let chunkSize=end-start+1,chunkBlob=bunFile.slice(start,end+1);return new Response(chunkBlob,{status:206,headers:{"Content-Range":`bytes ${start}-${end}/${fileInfo.size}`,"Accept-Ranges":"bytes","Content-Length":chunkSize.toString(),"Content-Type":mimeType,"Content-Disposition":contentDisposition,"X-Content-Type-Options":"nosniff",...cacheHeaders}})}return new Response(bunFile,{status:200,headers:{"Content-Length":fileInfo.size.toString(),"Content-Type":mimeType,"Accept-Ranges":cdn.enableRangeRequests?"bytes":"none","Content-Disposition":contentDisposition,"X-Content-Type-Options":"nosniff",...cacheHeaders}})},{params:t3.Object({id:t3.String()}),detail:{tags:["CDN"],summary:"Get file by ID",description:"Serve file with streaming, range requests, and caching support"}}),plugin.head("/:id",async({params,request,set})=>{let{id}=params;if(isTraversalId(id))return set.status=400,new Response(null,{status:400});let schemaName=resolveTenantSchema(request),filePath,mimeType;if(getFileRecord){let fileRecord=await getFileRecord(id,schemaName);if(!fileRecord)return set.status=404,new Response(null,{status:404});filePath=path3.join(fileRecord.path,fileRecord.name),mimeType=fileRecord.mime_type||"application/octet-stream"}else filePath=path3.join(storagePath,id),mimeType="application/octet-stream";if(!isPathWithinBase(storagePath,filePath))return set.status=404,new Response(null,{status:404});if(!await fileManager.exists(filePath))return set.status=404,new Response(null,{status:404});let fileInfo=await fileManager.getFileInfo(filePath),lastModified=new Date(fileInfo.modifiedAt||Date.now()).toUTCString(),etag=cdn.enableEtag?`"${fileInfo.size}-${fileInfo.modifiedAt?.getTime()||Date.now()}"`:void 0,headers={"Content-Length":fileInfo.size.toString(),"Content-Type":mimeType,"Accept-Ranges":cdn.enableRangeRequests?"bytes":"none","Cache-Control":`public, max-age=${cdn.cacheMaxAge}`,"Last-Modified":lastModified};if(etag)headers.ETag=etag;if(cdn.corsOrigins.length>0)headers["Access-Control-Allow-Origin"]=cdn.corsOrigins[0]==="*"?"*":cdn.corsOrigins.join(", "),headers["Access-Control-Allow-Methods"]="GET, HEAD, OPTIONS";return new Response(null,{status:200,headers})},{params:t3.Object({id:t3.String()}),detail:{tags:["CDN"],summary:"Get file metadata",description:"Get file headers without body for preflight checks"}}),logger2.info(`[CDN] Routes enabled at ${cdn.basePath}`),plugin}var DEFAULT_CDN_CONFIG,NEVER_INLINE;var init_cdn=__esm(()=>{init_File();init_helpers2();DEFAULT_CDN_CONFIG={enabled:!0,basePath:"/cdn",cacheMaxAge:86400,enableRangeRequests:!0,enableEtag:!0,corsOrigins:["*"]};NEVER_INLINE=new Set(["text/html","application/xhtml+xml","image/svg+xml","application/xml","text/xml","application/javascript","text/javascript","application/ecmascript","text/ecmascript","application/x-httpd-php"])});function buildFileRecordPayload(upload,userId){return{id:upload.id,name:upload.name,originalName:upload.originalName,path:upload.path,mimeType:upload.mimeType,size:upload.size,extension:upload.originalName.split(".").pop()||"",uploadedBy:userId??null}}async function persistUploadedFiles(args){let{db,filesTable,files,storageConfig,subFolder,userId}=args,uploaded=await uploadFiles(files,storageConfig,subFolder),records=[];for(let upload of uploaded.success){let payload=buildFileRecordPayload(upload,userId);payload.createdBy=userId??null,await db.insert(filesTable).values(payload),records.push({id:upload.id,name:upload.name,originalName:upload.originalName,path:upload.path,mimeType:upload.mimeType,size:upload.size,extension:payload.extension})}return{records,failed:uploaded.failed}}var init_file_record=__esm(()=>{init_helpers2()});var exports_storage={};__export(exports_storage,{validateFile:()=>validateFile,uploadFiles:()=>uploadFiles,uploadFile:()=>uploadFile,persistUploadedFiles:()=>persistUploadedFiles,parseFormDataBody:()=>parseFormDataBody,mergeStorageConfig:()=>mergeStorageConfig,mergeCdnConfig:()=>mergeCdnConfig,deleteFile:()=>deleteFile,createCdnRoutes:()=>createCdnRoutes,buildFileRecordPayload:()=>buildFileRecordPayload});var init_storage2=__esm(()=>{init_cdn();init_file_record();init_helpers2()});var exports_helpers={};__export(exports_helpers,{scanEnvVars:()=>scanEnvVars,readOverridesFromRedis:()=>readOverridesFromRedis,persistSectionToRedis:()=>persistSectionToRedis,persistConfigToDisk:()=>persistConfigToDisk,maskUrlCredentials:()=>maskUrlCredentials,maskSensitiveFields:()=>maskSensitiveFields,loadOverridesFromRedis:()=>loadOverridesFromRedis,isRestartRequired:()=>isRestartRequired,hasSection:()=>hasSection,extractSection:()=>extractSection,deepMerge:()=>deepMerge,clearOverridesFromRedis:()=>clearOverridesFromRedis,buildSectionsMeta:()=>buildSectionsMeta,applySectionUpdate:()=>applySectionUpdate});var SENSITIVE_KEY_PATTERNS,FORBIDDEN_SECTION_KEYS,isSensitiveKey=(key2)=>SENSITIVE_KEY_PATTERNS.some((pattern)=>pattern.test(key2)),URL_CREDENTIALS,maskUrlCredentials=(value)=>value.replace(URL_CREDENTIALS,"$1***$2"),RESTART_REQUIRED_KEYS,asRecord=(config)=>config,maskSensitiveFields=(obj)=>{let result={};for(let[key2,value]of Object.entries(obj)){if(isSensitiveKey(key2)&&typeof value==="string"){result[key2]="***";continue}if(Array.isArray(value)){result[key2]=value.map((item)=>typeof item==="object"&&item!==null?maskSensitiveFields(item):item);continue}if(typeof value==="object"&&value!==null){result[key2]=maskSensitiveFields(value);continue}result[key2]=typeof value==="string"?maskUrlCredentials(value):value}return result},buildSectionsMeta=(config)=>{let record=asRecord(config);return Object.keys(record).filter((key2)=>record[key2]!==void 0).map((key2)=>{let value=record[key2],type=Array.isArray(value)?"array":typeof value==="object"&&value!==null?"object":"primitive";return{key:key2,type,restartRequired:RESTART_REQUIRED_KEYS.has(key2)}})},extractSection=(config,section)=>asRecord(config)[section],hasSection=(config,section)=>Object.hasOwn(asRecord(config),section),applySectionUpdate=(config,section,value)=>{if(FORBIDDEN_SECTION_KEYS.has(section))return;asRecord(config)[section]=value},isRestartRequired=(section)=>RESTART_REQUIRED_KEYS.has(section),ENV_VAR_PATTERN,scanEnvVars=(obj,parentPath="")=>{let entries=[];for(let[key2,value]of Object.entries(obj)){let currentPath=parentPath?`${parentPath}.${key2}`:key2;if(typeof value==="string"&&ENV_VAR_PATTERN.test(value)){let envValue=process.env[value];entries.push({configPath:currentPath,envName:value,resolved:envValue!==void 0,value:envValue!==void 0?isSensitiveKey(key2)?"***":maskUrlCredentials(envValue):null});continue}if(Array.isArray(value)){for(let i=0;i<value.length;i++){let item=value[i];if(typeof item==="object"&&item!==null)entries.push(...scanEnvVars(item,`${currentPath}[${i}]`))}continue}if(typeof value==="object"&&value!==null)entries.push(...scanEnvVars(value,currentPath))}return entries},buildRedisKey=(appId)=>`nucleus:config:overrides:${appId}`,persistConfigToDisk=async(configFilePath,config)=>{let fs4=__require("fs"),record=asRecord(config),persistable={};for(let[k,v]of Object.entries(record))if(k!=="configManagement")persistable[k]=v;let content=JSON.stringify(persistable,null,2);fs4.writeFileSync(configFilePath,content,"utf-8")},persistSectionToRedis=async(redis,appId,section,value)=>{let redisKey=buildRedisKey(appId),existing=await redis.read(redisKey),overrides=existing.success&&existing.data?existing.data:{};overrides[section]=value,await redis.create(redisKey,JSON.stringify(overrides))},readOverridesFromRedis=async(redis,appId)=>{let redisKey=buildRedisKey(appId),result=await redis.read(redisKey);if(!result.success||!result.data)return null;return result.data},clearOverridesFromRedis=async(redis,appId)=>{let redisKey=buildRedisKey(appId);await redis.create(redisKey,JSON.stringify({}))},loadOverridesFromRedis=async(redis,appId,config)=>{let redisKey=buildRedisKey(appId),result=await redis.read(redisKey);if(!result.success||!result.data)return[];let overrides=result.data,appliedSections=[],record=asRecord(config);for(let[section,value]of Object.entries(overrides)){if(FORBIDDEN_SECTION_KEYS.has(section))continue;let current=record[section];if(typeof value==="object"&&value!==null&&!Array.isArray(value)&&typeof current==="object"&&current!==null&&!Array.isArray(current))record[section]=deepMerge(current,value);else record[section]=value;appliedSections.push(section)}return appliedSections},deepMerge=(target2,source)=>{let result={...target2};for(let[key2,sourceValue]of Object.entries(source)){if(FORBIDDEN_SECTION_KEYS.has(key2))continue;let targetValue=target2[key2];if(typeof sourceValue==="object"&&sourceValue!==null&&!Array.isArray(sourceValue)&&typeof targetValue==="object"&&targetValue!==null&&!Array.isArray(targetValue))result[key2]=deepMerge(targetValue,sourceValue);else result[key2]=sourceValue}return result};var init_helpers3=__esm(()=>{SENSITIVE_KEY_PATTERNS=[/secret/i,/password/i,/token/i,/^apiKey$/i,/^secretKey$/i,/^webhookSecret$/i,/connection_string/i,/connectionString/i,/^clientSecret$/i,/json_file_path/i,/key$/i,/salt/i,/passphrase/i,/credential/i],FORBIDDEN_SECTION_KEYS=new Set(["__proto__","constructor","prototype"]),URL_CREDENTIALS=/^([a-z][a-z0-9+.-]*:\/\/[^/\s:@]*:)[^/\s@]+(@)/i,RESTART_REQUIRED_KEYS=new Set(["appId","mode","database","redis","authentication","authorization","email","payment","entities"]),ENV_VAR_PATTERN=/^[A-Z][A-Z0-9_]{2,}$/});function hasGodminRole(request){return decodeHeaderList(request.headers.get("x-user-roles")).some((r)=>isGodminRole(r))}async function userHasGodminRoleInDb(db,schemaTables,userId,logger2){if(!userId||!db)return!1;let userRolesTable=schemaTables[AUTHORIZATION_TABLE_KEYS.userRoles],rolesTable=schemaTables[AUTHORIZATION_TABLE_KEYS.roles];if(!userRolesTable||!rolesTable)return!1;try{let{eq:eq27}=await import("drizzle-orm"),ur=userRolesTable,r=rolesTable;return(await db.select({roleName:r.name}).from(userRolesTable).innerJoin(rolesTable,eq27(ur.roleId,r.id)).where(eq27(ur.userId,userId))).some((row)=>isGodminRole(String(row.roleName??"")))}catch(err){return logger2.warn("[AdminGuard] Failed to check godmin role from DB",{error:err instanceof Error?err.message:String(err)}),!1}}async function isGodminRequest(request,deps){if(decodeHeaderList(request.headers.get("x-user-roles")).some((r)=>isGodminRole(r)))return!0;let userId=request.headers.get("x-user-id"),{db,schemaTables,logger:logger2}=deps;if(userId&&db&&schemaTables.users)try{let{eq:eq27}=await import("drizzle-orm"),usersTable=schemaTables.users;if((await db.select().from(usersTable).where(eq27(usersTable.id,userId)).limit(1))[0]?.isGod===!0)return!0}catch(err){logger2.warn("[AdminGuard] Failed to check isGod from DB",{error:err instanceof Error?err.message:String(err)})}return!1}function createGodminGuard(deps,label="this operation"){return async({request,set})=>{if(!request.headers.get("x-user-id"))return set.status=401,Response.json({isSuccess:!1,success:!1,message:"Authentication required",data:null});if(!await isGodminRequest(request,deps))return set.status=403,Response.json({isSuccess:!1,success:!1,message:`Forbidden: ${label} requires godmin privileges`,data:null});return}}var init_adminGuard=__esm(()=>{init_Authorization();init_types3()});var exports_ack_manager={};__export(exports_ack_manager,{storePendingMessage:()=>storePendingMessage,removePendingMessage:()=>removePendingMessage,recordSent:()=>recordSent,recordFailed:()=>recordFailed,recordAcked:()=>recordAcked,initAckCleanup:()=>initAckCleanup,incrementRetryCount:()=>incrementRetryCount,getPendingMessagesForUser:()=>getPendingMessagesForUser,getPendingMessageCount:()=>getPendingMessageCount,getDeliveryStats:()=>getDeliveryStats,generateMessageId:()=>generateMessageId,destroyAckCleanup:()=>destroyAckCleanup,acknowledgeMessage:()=>acknowledgeMessage});function cleanupRecentAcks(){let now=Date.now();for(let[key2,timestamp]of recentAcks)if(now-timestamp>1e4)recentAcks.delete(key2)}function initAckCleanup(){if(cleanupInterval)return;cleanupInterval=setInterval(cleanupRecentAcks,30000),cleanupInterval.unref?.()}function destroyAckCleanup(){if(cleanupInterval)clearInterval(cleanupInterval),cleanupInterval=null}function generateMessageId(){return`msg_${Date.now()}_${Math.random().toString(36).substring(2,11)}`}async function storePendingMessage(redis,message,ttlSeconds){if(!message.userId)return;let key2=`pubsub:pending:user:${message.userId}:${message.messageId}`,setKey=`pubsub:user:pending-set:${message.userId}`;await redis.create(key2,message,ttlSeconds);let existingResult=await redis.read(setKey),existingSet=existingResult.success&&existingResult.data?existingResult.data:[];if(!existingSet.includes(message.messageId))existingSet.push(message.messageId),await redis.create(setKey,existingSet,ttlSeconds)}async function acknowledgeMessage(redis,userId,messageId,ttlSeconds){let dedupKey=`${userId}:${messageId}`;if(recentAcks.has(dedupKey))return!1;let pendingKey=`pubsub:pending:user:${userId}:${messageId}`,setKey=`pubsub:user:pending-set:${userId}`,ackKey=`pubsub:ack:${userId}:${messageId}`,pendingResult=await redis.read(pendingKey);if(!pendingResult.success||!pendingResult.data)return recentAcks.set(dedupKey,Date.now()),!1;recentAcks.set(dedupKey,Date.now());let pending=pendingResult.data,ack={messageId,clientId:pending.clientId,ackedAt:Date.now()};await redis.create(ackKey,ack,60),await redis.remove(pendingKey);let setResult=await redis.read(setKey),updatedSet=(setResult.success&&setResult.data?setResult.data:[]).filter((id)=>id!==messageId);if(updatedSet.length>0)await redis.create(setKey,updatedSet,ttlSeconds);else await redis.remove(setKey);let latencyMs=Date.now()-pending.sentAt;return recordAcked(latencyMs),!0}async function getPendingMessagesForUser(redis,userId){if(!userId)return[];let setKey=`pubsub:user:pending-set:${userId}`,setResult=await redis.read(setKey),messageIds=setResult.success&&setResult.data?setResult.data:[],messages=[];for(let messageId of messageIds){let key2=`pubsub:pending:user:${userId}:${messageId}`,msgResult=await redis.read(key2);if(msgResult.success&&msgResult.data)messages.push(msgResult.data)}return messages.sort((a,b)=>a.sentAt-b.sentAt),messages}async function getPendingMessageCount(redis,userId){if(!userId)return 0;let setKey=`pubsub:user:pending-set:${userId}`,setResult=await redis.read(setKey);return(setResult.success&&setResult.data?setResult.data:[]).length}async function incrementRetryCount(redis,userId,messageId,ttlSeconds,maxRetries){let key2=`pubsub:pending:user:${userId}:${messageId}`,msgResult=await redis.read(key2);if(!msgResult.success||!msgResult.data)return!1;let message={...msgResult.data,retryCount:msgResult.data.retryCount+1};if(message.retryCount>=maxRetries)return await removePendingMessage(redis,userId,messageId),recordFailed(),!1;return await redis.create(key2,message,ttlSeconds),!0}async function removePendingMessage(redis,userId,messageId){let key2=`pubsub:pending:user:${userId}:${messageId}`,setKey=`pubsub:user:pending-set:${userId}`;await redis.remove(key2);let setResult=await redis.read(setKey),updatedSet=(setResult.success&&setResult.data?setResult.data:[]).filter((id)=>id!==messageId);if(updatedSet.length>0)await redis.create(setKey,updatedSet,300);else await redis.remove(setKey)}function recordSent(){stats.totalSent++}function recordAcked(latencyMs){stats.totalAcked++,stats.averageLatencyMs=(stats.averageLatencyMs*(stats.totalAcked-1)+latencyMs)/stats.totalAcked}function recordFailed(){stats.totalFailed++}function getDeliveryStats(){return{...stats}}var recentAcks,cleanupInterval=null,stats;var init_ack_manager=__esm(()=>{recentAcks=new Map;stats={totalSent:0,totalAcked:0,totalFailed:0,averageLatencyMs:0}});var resolveAuthTablesForRequest=(request,authConfig)=>{let defaults={usersTable:authConfig.usersTable,sessionsTable:authConfig.sessionsTable??null,userRolesTable:authConfig.userRolesTable??void 0,rolesTable:authConfig.rolesTable??void 0,roleClaimsTable:authConfig.roleClaimsTable??void 0,claimsTable:authConfig.claimsTable??void 0,oauthAccountsTable:authConfig.oauthAccountsTable??void 0,apiKeysTable:authConfig.apiKeysTable??void 0,schemaTables:authConfig.schemaTables||{}},registry=authConfig.getTenantRegistry?authConfig.getTenantRegistry():authConfig.tenantRegistry;if(!registry)return defaults;let schemaName=request.headers.get("x-tenant-schema");if(!schemaName)return defaults;let ctx=registry.getSchemaContext(schemaName);if(!ctx)return defaults;let tables=ctx.schemaTables;return{usersTable:tables.users??defaults.usersTable,sessionsTable:tables.userSessions??tables.user_sessions??tables.sessions??defaults.sessionsTable,userRolesTable:tables.userRoles??defaults.userRolesTable,rolesTable:tables.roles??defaults.rolesTable,roleClaimsTable:tables.roleClaims??defaults.roleClaimsTable,claimsTable:tables.claims??defaults.claimsTable,oauthAccountsTable:tables.oauthAccounts??defaults.oauthAccountsTable,apiKeysTable:tables.apiKeys??defaults.apiKeysTable,schemaTables:tables}};import{eq as eq32,sql as sql7}from"drizzle-orm";import{Elysia as Elysia21,t as t18}from"elysia";function createChangeUserIdRoute(config,schemaName="public"){let{db,logger:logger2}=config,routes=new Elysia21;return routes.post("/auth/admin/change-user-id",async(ctx)=>{let{usersTable}=resolveAuthTablesForRequest(ctx.request,config);if(!db||!usersTable)return{success:!1,message:"Database not configured"};let requestingUserId=ctx.request.headers.get("x-user-id");if(!requestingUserId)return ctx.set.status=401,{success:!1,message:"Unauthorized"};let requestingUser=(await db.select().from(usersTable).where(eq32(usersTable.id,requestingUserId)).limit(1))[0];if(!requestingUser||!requestingUser.isGod)return ctx.set.status=403,{success:!1,message:"Forbidden: godmin privileges required"};let{currentId,newId}=ctx.body;if(!currentId||!newId)return ctx.set.status=400,{success:!1,message:"currentId and newId are required"};if(currentId===newId)return ctx.set.status=400,{success:!1,message:"New ID must be different from current ID"};let uuidRegex2=/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;if(!uuidRegex2.test(newId))return ctx.set.status=400,{success:!1,message:"newId must be a valid UUID"};if(!uuidRegex2.test(currentId))return ctx.set.status=400,{success:!1,message:"currentId must be a valid UUID"};let targetUser=(await db.select().from(usersTable).where(eq32(usersTable.id,currentId)).limit(1))[0];if(!targetUser)return ctx.set.status=404,{success:!1,message:"User not found"};if((await db.select().from(usersTable).where(eq32(usersTable.id,newId)).limit(1)).length>0)return ctx.set.status=409,{success:!1,message:"A user with this ID already exists"};try{let fkResult=await db.execute(sql7`
395
+ ${strMDSAlgs}`)}if(attestationStatementAlg!==void 0&&authenticatorGetInfo?.algorithms!==void 0){let getInfoAlgs=authenticatorGetInfo.algorithms.map((_alg)=>_alg.alg);if(getInfoAlgs.indexOf(attestationStatementAlg)<0)throw Error(`Attestation statement alg ${attestationStatementAlg} did not match one of ${getInfoAlgs}`)}let authenticatorCerts=x5c.map(convertCertBufferToPEM),statementRootCerts=attestationRootCertificates.map(convertCertBufferToPEM),authenticatorIsSelfReferencing=!1;if(authenticatorCerts.length===1&&statementRootCerts.indexOf(authenticatorCerts[0])>=0)authenticatorIsSelfReferencing=!0;if(!authenticatorIsSelfReferencing)try{await validateCertificatePath(authenticatorCerts,statementRootCerts)}catch(err){throw Error(`Could not validate certificate path with any metadata root certificates: ${err.message}`)}return!0}function stringifyCOSEInfo(info){let{kty,alg,crv}=info,toReturn="";if(kty!==COSEKTY.RSA)toReturn=`{ kty: ${kty}, alg: ${alg}, crv: ${crv} }`;else toReturn=`{ kty: ${kty}, alg: ${alg} }`;return toReturn}var algSignToCOSEInfoMap;var init_verifyAttestationWithMetadata=__esm(()=>{init_convertCertBufferToPEM();init_validateCertificatePath();init_decodeCredentialPublicKey();init_cose();algSignToCOSEInfoMap={secp256r1_ecdsa_sha256_raw:{kty:2,alg:-7,crv:1},secp256r1_ecdsa_sha256_der:{kty:2,alg:-7,crv:1},rsassa_pss_sha256_raw:{kty:3,alg:-37},rsassa_pss_sha256_der:{kty:3,alg:-37},secp256k1_ecdsa_sha256_raw:{kty:2,alg:-47,crv:8},secp256k1_ecdsa_sha256_der:{kty:2,alg:-47,crv:8},rsassa_pss_sha384_raw:{kty:3,alg:-38},rsassa_pkcsv15_sha256_raw:{kty:3,alg:-257},rsassa_pkcsv15_sha384_raw:{kty:3,alg:-258},rsassa_pkcsv15_sha512_raw:{kty:3,alg:-259},rsassa_pkcsv15_sha1_raw:{kty:3,alg:-65535},secp384r1_ecdsa_sha384_raw:{kty:2,alg:-35,crv:2},secp512r1_ecdsa_sha256_raw:{kty:2,alg:-36,crv:3},ed25519_eddsa_sha512_raw:{kty:1,alg:-8,crv:6}}});async function verifyAttestationPacked(options){let{attStmt,clientDataHash,authData,credentialPublicKey,aaguid,rootCertificates}=options,sig=attStmt.get("sig"),x5c=attStmt.get("x5c"),alg=attStmt.get("alg");if(!sig)throw Error("No attestation signature provided in attestation statement (Packed)");if(!alg)throw Error("Attestation statement did not contain alg (Packed)");if(!isCOSEAlg(alg))throw Error(`Attestation statement contained invalid alg ${alg} (Packed)`);let signatureBase=exports_isoUint8Array.concat([authData,clientDataHash]),verified=!1;if(x5c){let{subject,basicConstraintsCA,version,notBefore,notAfter,parsedCertificate}=getCertificateInfo(x5c[0]),{OU,CN,O,C}=subject;if(OU!=="Authenticator Attestation")throw Error('Certificate OU was not "Authenticator Attestation" (Packed|Full)');if(!CN)throw Error("Certificate CN was empty (Packed|Full)");if(!O)throw Error("Certificate O was empty (Packed|Full)");if(!C||C.length!==2)throw Error("Certificate C was not two-character ISO 3166 code (Packed|Full)");if(basicConstraintsCA)throw Error("Certificate basic constraints CA was not `false` (Packed|Full)");if(version!==2)throw Error("Certificate version was not `3` (ASN.1 value of 2) (Packed|Full)");let now=new Date;if(notBefore>now)throw Error(`Certificate not good before "${notBefore.toString()}" (Packed|Full)`);if(now=new Date,notAfter<now)throw Error(`Certificate not good after "${notAfter.toString()}" (Packed|Full)`);try{await validateExtFIDOGenCEAAGUID(parsedCertificate.tbsCertificate.extensions,aaguid)}catch(err){throw Error(`${err.message} (Packed|Full)`)}let statement=await MetadataService.getStatement(aaguid);if(statement){if(statement.attestationTypes.indexOf("basic_full")<0)throw Error("Metadata does not indicate support for full attestations (Packed|Full)");try{await verifyAttestationWithMetadata({statement,credentialPublicKey,x5c,attestationStatementAlg:alg})}catch(err){throw Error(`${err.message} (Packed|Full)`)}}else try{await validateCertificatePath(x5c.map(convertCertBufferToPEM),rootCertificates)}catch(err){throw Error(`${err.message} (Packed|Full)`)}verified=await verifySignature2({signature:sig,data:signatureBase,x509Certificate:x5c[0]})}else verified=await verifySignature2({signature:sig,data:signatureBase,credentialPublicKey,hashAlgorithm:alg});return verified}var init_verifyAttestationPacked=__esm(()=>{init_cose();init_convertCertBufferToPEM();init_validateCertificatePath();init_getCertificateInfo();init_verifySignature();init_iso();init_validateExtFIDOGenCEAAGUID();init_metadataService();init_verifyAttestationWithMetadata()});async function verifyAttestationAndroidSafetyNet(options){let{attStmt,clientDataHash,authData,aaguid,rootCertificates,verifyTimestampMS=!0,credentialPublicKey,attestationSafetyNetEnforceCTSCheck}=options,alg=attStmt.get("alg"),response=attStmt.get("response");if(!attStmt.get("ver"))throw Error("No ver value in attestation (SafetyNet)");if(!response)throw Error("No response was included in attStmt by authenticator (SafetyNet)");let jwtParts=exports_isoUint8Array.toUTF8String(response).split("."),HEADER=JSON.parse(exports_isoBase64URL.toUTF8String(jwtParts[0])),PAYLOAD=JSON.parse(exports_isoBase64URL.toUTF8String(jwtParts[1])),SIGNATURE=jwtParts[2],{nonce,ctsProfileMatch,timestampMs}=PAYLOAD;if(verifyTimestampMS){let now=Date.now();if(timestampMs>Date.now())throw Error(`Payload timestamp "${timestampMs}" was later than "${now}" (SafetyNet)`);let timestampPlusDelay=timestampMs+60000;if(now=Date.now(),timestampPlusDelay<now)throw Error(`Payload timestamp "${timestampPlusDelay}" has expired (SafetyNet)`)}let nonceBase=exports_isoUint8Array.concat([authData,clientDataHash]),nonceBuffer=await toHash(nonceBase),expectedNonce=exports_isoBase64URL.fromBuffer(nonceBuffer,"base64");if(nonce!==expectedNonce)throw Error("Could not verify payload nonce (SafetyNet)");if(attestationSafetyNetEnforceCTSCheck&&!ctsProfileMatch)throw Error("Could not verify device integrity (SafetyNet)");let leafCertBuffer=exports_isoBase64URL.toBuffer(HEADER.x5c[0],"base64"),leafCertInfo=getCertificateInfo(leafCertBuffer),{subject}=leafCertInfo;if(subject.CN!=="attest.android.com")throw Error('Certificate common name was not "attest.android.com" (SafetyNet)');let statement=await MetadataService.getStatement(aaguid);if(statement)try{await verifyAttestationWithMetadata({statement,credentialPublicKey,x5c:HEADER.x5c,attestationStatementAlg:alg})}catch(err){throw Error(`${err.message} (SafetyNet)`)}else try{await validateCertificatePath(HEADER.x5c.map(convertCertBufferToPEM),rootCertificates)}catch(err){throw Error(`${err.message} (SafetyNet)`)}let signatureBaseBuffer=exports_isoUint8Array.fromUTF8String(`${jwtParts[0]}.${jwtParts[1]}`),signatureBuffer=exports_isoBase64URL.toBuffer(SIGNATURE);return await verifySignature2({signature:signatureBuffer,data:signatureBaseBuffer,x509Certificate:leafCertBuffer})}var init_verifyAttestationAndroidSafetyNet=__esm(()=>{init_toHash();init_verifySignature();init_getCertificateInfo();init_validateCertificatePath();init_convertCertBufferToPEM();init_iso();init_metadataService();init_verifyAttestationWithMetadata()});var TPM_ST,TPM_ALG,TPM_ECC_CURVE,TPM_MANUFACTURERS,TPM_ECC_CURVE_COSE_CRV_MAP;var init_constants2=__esm(()=>{TPM_ST={196:"TPM_ST_RSP_COMMAND",32768:"TPM_ST_NULL",32769:"TPM_ST_NO_SESSIONS",32770:"TPM_ST_SESSIONS",32788:"TPM_ST_ATTEST_NV",32789:"TPM_ST_ATTEST_COMMAND_AUDIT",32790:"TPM_ST_ATTEST_SESSION_AUDIT",32791:"TPM_ST_ATTEST_CERTIFY",32792:"TPM_ST_ATTEST_QUOTE",32793:"TPM_ST_ATTEST_TIME",32794:"TPM_ST_ATTEST_CREATION",32801:"TPM_ST_CREATION",32802:"TPM_ST_VERIFIED",32803:"TPM_ST_AUTH_SECRET",32804:"TPM_ST_HASHCHECK",32805:"TPM_ST_AUTH_SIGNED",32809:"TPM_ST_FU_MANIFEST"},TPM_ALG={0:"TPM_ALG_ERROR",1:"TPM_ALG_RSA",4:"TPM_ALG_SHA",4:"TPM_ALG_SHA1",5:"TPM_ALG_HMAC",6:"TPM_ALG_AES",7:"TPM_ALG_MGF1",8:"TPM_ALG_KEYEDHASH",10:"TPM_ALG_XOR",11:"TPM_ALG_SHA256",12:"TPM_ALG_SHA384",13:"TPM_ALG_SHA512",16:"TPM_ALG_NULL",18:"TPM_ALG_SM3_256",19:"TPM_ALG_SM4",20:"TPM_ALG_RSASSA",21:"TPM_ALG_RSAES",22:"TPM_ALG_RSAPSS",23:"TPM_ALG_OAEP",24:"TPM_ALG_ECDSA",25:"TPM_ALG_ECDH",26:"TPM_ALG_ECDAA",27:"TPM_ALG_SM2",28:"TPM_ALG_ECSCHNORR",29:"TPM_ALG_ECMQV",32:"TPM_ALG_KDF1_SP800_56A",33:"TPM_ALG_KDF2",34:"TPM_ALG_KDF1_SP800_108",35:"TPM_ALG_ECC",37:"TPM_ALG_SYMCIPHER",38:"TPM_ALG_CAMELLIA",64:"TPM_ALG_CTR",65:"TPM_ALG_OFB",66:"TPM_ALG_CBC",67:"TPM_ALG_CFB",68:"TPM_ALG_ECB"},TPM_ECC_CURVE={0:"TPM_ECC_NONE",1:"TPM_ECC_NIST_P192",2:"TPM_ECC_NIST_P224",3:"TPM_ECC_NIST_P256",4:"TPM_ECC_NIST_P384",5:"TPM_ECC_NIST_P521",16:"TPM_ECC_BN_P256",17:"TPM_ECC_BN_P638",32:"TPM_ECC_SM2_P256"},TPM_MANUFACTURERS={"id:414D4400":{name:"AMD",id:"AMD"},"id:414E5400":{name:"Ant Group",id:"ANT"},"id:41544D4C":{name:"Atmel",id:"ATML"},"id:4252434D":{name:"Broadcom",id:"BRCM"},"id:4353434F":{name:"Cisco",id:"CSCO"},"id:464C5953":{name:"Flyslice Technologies",id:"FLYS"},"id:524F4343":{name:"Fuzhou Rockchip",id:"ROCC"},"id:474F4F47":{name:"Google",id:"GOOG"},"id:48504900":{name:"HPI",id:"HPI"},"id:48504500":{name:"HPE",id:"HPE"},"id:48495349":{name:"Huawei",id:"HISI"},"id:49424d00":{name:"IBM",id:"IBM"},"id:49424D00":{name:"IBM",id:"IBM"},"id:49465800":{name:"Infineon",id:"IFX"},"id:494E5443":{name:"Intel",id:"INTC"},"id:4C454E00":{name:"Lenovo",id:"LEN"},"id:4D534654":{name:"Microsoft",id:"MSFT"},"id:4E534D20":{name:"National Semiconductor",id:"NSM"},"id:4E545A00":{name:"Nationz",id:"NTZ"},"id:4E534700":{name:"NSING",id:"NSG"},"id:4E544300":{name:"Nuvoton Technology",id:"NTC"},"id:51434F4D":{name:"Qualcomm",id:"QCOM"},"id:534D534E":{name:"Samsung",id:"SMSN"},"id:53454345":{name:"SecEdge",id:"SECE"},"id:534E5300":{name:"Sinosun",id:"SNS"},"id:534D5343":{name:"SMSC",id:"SMSC"},"id:53544D20":{name:"STMicroelectronics",id:"STM"},"id:54584E00":{name:"Texas Instruments",id:"TXN"},"id:57454300":{name:"Winbond",id:"WEC"},"id:5345414C":{name:"Wisekey",id:"SEAL"},"id:FFFFF1D0":{name:"FIDO Alliance",id:"FIDO"}},TPM_ECC_CURVE_COSE_CRV_MAP={TPM_ECC_NIST_P256:1,TPM_ECC_NIST_P384:2,TPM_ECC_NIST_P521:3,TPM_ECC_BN_P256:1,TPM_ECC_SM2_P256:1}});function parseCertInfo(certInfo){let pointer=0,dataView=exports_isoUint8Array.toDataView(certInfo),magic=dataView.getUint32(pointer);pointer+=4;let typeBuffer=dataView.getUint16(pointer);pointer+=2;let type=TPM_ST[typeBuffer],qualifiedSignerLength=dataView.getUint16(pointer);pointer+=2;let qualifiedSigner=certInfo.slice(pointer,pointer+=qualifiedSignerLength),extraDataLength=dataView.getUint16(pointer);pointer+=2;let extraData=certInfo.slice(pointer,pointer+=extraDataLength),clock=certInfo.slice(pointer,pointer+=8),resetCount=dataView.getUint32(pointer);pointer+=4;let restartCount=dataView.getUint32(pointer);pointer+=4;let safe=!!certInfo.slice(pointer,pointer+=1),clockInfo={clock,resetCount,restartCount,safe},firmwareVersion=certInfo.slice(pointer,pointer+=8),attestedNameLength=dataView.getUint16(pointer);pointer+=2;let attestedName=certInfo.slice(pointer,pointer+=attestedNameLength),attestedNameDataView=exports_isoUint8Array.toDataView(attestedName),qualifiedNameLength=dataView.getUint16(pointer);pointer+=2;let qualifiedName=certInfo.slice(pointer,pointer+=qualifiedNameLength),attested={nameAlg:TPM_ALG[attestedNameDataView.getUint16(0)],nameAlgBuffer:attestedName.slice(0,2),name:attestedName,qualifiedName};return{magic,type,qualifiedSigner,extraData,clockInfo,firmwareVersion,attested}}var init_parseCertInfo=__esm(()=>{init_constants2();init_iso()});function parsePubArea(pubArea){let pointer=0,dataView=exports_isoUint8Array.toDataView(pubArea),type=TPM_ALG[dataView.getUint16(pointer)];pointer+=2;let nameAlg=TPM_ALG[dataView.getUint16(pointer)];pointer+=2;let objectAttributesInt=dataView.getUint32(pointer);pointer+=4;let objectAttributes={fixedTPM:!!(objectAttributesInt&1),stClear:!!(objectAttributesInt&2),fixedParent:!!(objectAttributesInt&8),sensitiveDataOrigin:!!(objectAttributesInt&16),userWithAuth:!!(objectAttributesInt&32),adminWithPolicy:!!(objectAttributesInt&64),noDA:!!(objectAttributesInt&512),encryptedDuplication:!!(objectAttributesInt&1024),restricted:!!(objectAttributesInt&32768),decrypt:!!(objectAttributesInt&65536),signOrEncrypt:!!(objectAttributesInt&131072)},authPolicyLength=dataView.getUint16(pointer);pointer+=2;let authPolicy=pubArea.slice(pointer,pointer+=authPolicyLength),parameters2={},unique=Uint8Array.from([]);if(type==="TPM_ALG_RSA"){let symmetric=TPM_ALG[dataView.getUint16(pointer)];pointer+=2;let scheme=TPM_ALG[dataView.getUint16(pointer)];pointer+=2;let keyBits=dataView.getUint16(pointer);pointer+=2;let exponent=dataView.getUint32(pointer);pointer+=4,parameters2.rsa={symmetric,scheme,keyBits,exponent};let uniqueLength=dataView.getUint16(pointer);pointer+=2,unique=pubArea.slice(pointer,pointer+=uniqueLength)}else if(type==="TPM_ALG_ECC"){let symmetric=TPM_ALG[dataView.getUint16(pointer)];pointer+=2;let scheme=TPM_ALG[dataView.getUint16(pointer)];pointer+=2;let curveID=TPM_ECC_CURVE[dataView.getUint16(pointer)];pointer+=2;let kdf=TPM_ALG[dataView.getUint16(pointer)];pointer+=2,parameters2.ecc={symmetric,scheme,curveID,kdf};let uniqueXLength=dataView.getUint16(pointer);pointer+=2;let uniqueX=pubArea.slice(pointer,pointer+=uniqueXLength),uniqueYLength=dataView.getUint16(pointer);pointer+=2;let uniqueY=pubArea.slice(pointer,pointer+=uniqueYLength);unique=exports_isoUint8Array.concat([uniqueX,uniqueY])}else throw Error(`Unexpected type "${type}" (TPM)`);return{type,nameAlg,objectAttributes,authPolicy,parameters:parameters2,unique}}var init_parsePubArea=__esm(()=>{init_constants2();init_iso()});async function verifyAttestationTPM(options){let{aaguid,attStmt,authData,credentialPublicKey,clientDataHash,rootCertificates}=options,ver=attStmt.get("ver"),sig=attStmt.get("sig"),alg=attStmt.get("alg"),x5c=attStmt.get("x5c"),pubArea=attStmt.get("pubArea"),certInfo=attStmt.get("certInfo");if(ver!=="2.0")throw Error(`Unexpected ver "${ver}", expected "2.0" (TPM)`);if(!sig)throw Error("No attestation signature provided in attestation statement (TPM)");if(!alg)throw Error("Attestation statement did not contain alg (TPM)");if(!isCOSEAlg(alg))throw Error(`Attestation statement contained invalid alg ${alg} (TPM)`);if(!x5c)throw Error("No attestation certificate provided in attestation statement (TPM)");if(!pubArea)throw Error("Attestation statement did not contain pubArea (TPM)");if(!certInfo)throw Error("Attestation statement did not contain certInfo (TPM)");let parsedPubArea=parsePubArea(pubArea),{unique,type:pubType,parameters:parameters2}=parsedPubArea,cosePublicKey=decodeCredentialPublicKey(credentialPublicKey);if(pubType==="TPM_ALG_RSA"){if(!isCOSEPublicKeyRSA(cosePublicKey))throw Error(`Credential public key with kty ${cosePublicKey.get(COSEKEYS.kty)} did not match ${pubType}`);let n=cosePublicKey.get(COSEKEYS.n),e=cosePublicKey.get(COSEKEYS.e);if(!n)throw Error("COSE public key missing n (TPM|RSA)");if(!e)throw Error("COSE public key missing e (TPM|RSA)");if(!exports_isoUint8Array.areEqual(unique,n))throw Error("PubArea unique is not same as credentialPublicKey (TPM|RSA)");if(!parameters2.rsa)throw Error("Parsed pubArea type is RSA, but missing parameters.rsa (TPM|RSA)");let eBuffer=e,pubAreaExponent=parameters2.rsa.exponent||65537,eSum=eBuffer[0]+(eBuffer[1]<<8)+(eBuffer[2]<<16);if(pubAreaExponent!==eSum)throw Error(`Unexpected public key exp ${eSum}, expected ${pubAreaExponent} (TPM|RSA)`)}else if(pubType==="TPM_ALG_ECC"){if(!isCOSEPublicKeyEC2(cosePublicKey))throw Error(`Credential public key with kty ${cosePublicKey.get(COSEKEYS.kty)} did not match ${pubType}`);let crv=cosePublicKey.get(COSEKEYS.crv),x=cosePublicKey.get(COSEKEYS.x),y=cosePublicKey.get(COSEKEYS.y);if(!crv)throw Error("COSE public key missing crv (TPM|ECC)");if(!x)throw Error("COSE public key missing x (TPM|ECC)");if(!y)throw Error("COSE public key missing y (TPM|ECC)");if(!exports_isoUint8Array.areEqual(unique,exports_isoUint8Array.concat([x,y])))throw Error("PubArea unique is not same as public key x and y (TPM|ECC)");if(!parameters2.ecc)throw Error("Parsed pubArea type is ECC, but missing parameters.ecc (TPM|ECC)");let pubAreaCurveID=parameters2.ecc.curveID,pubAreaCurveIDMapToCOSECRV=TPM_ECC_CURVE_COSE_CRV_MAP[pubAreaCurveID];if(pubAreaCurveIDMapToCOSECRV!==crv)throw Error(`Public area key curve ID "${pubAreaCurveID}" mapped to "${pubAreaCurveIDMapToCOSECRV}" which did not match public key crv of "${crv}" (TPM|ECC)`)}else throw Error(`Unsupported pubArea.type "${pubType}"`);let parsedCertInfo=parseCertInfo(certInfo),{magic,type:certType,attested,extraData}=parsedCertInfo;if(magic!==4283712327)throw Error(`Unexpected magic value "${magic}", expected "0xff544347" (TPM)`);if(certType!=="TPM_ST_ATTEST_CERTIFY")throw Error(`Unexpected type "${certType}", expected "TPM_ST_ATTEST_CERTIFY" (TPM)`);let pubAreaHash=await toHash(pubArea,attestedNameAlgToCOSEAlg(attested.nameAlg)),attestedName=exports_isoUint8Array.concat([attested.nameAlgBuffer,pubAreaHash]);if(!exports_isoUint8Array.areEqual(attested.name,attestedName))throw Error("Attested name comparison failed (TPM)");let attToBeSigned=exports_isoUint8Array.concat([authData,clientDataHash]),attToBeSignedHash=await toHash(attToBeSigned,alg);if(!exports_isoUint8Array.areEqual(extraData,attToBeSignedHash))throw Error("CertInfo extra data did not equal hashed attestation (TPM)");if(x5c.length<1)throw Error("No certificates present in x5c array (TPM)");let leafCertInfo=getCertificateInfo(x5c[0]),{basicConstraintsCA,version,subject,notAfter,notBefore}=leafCertInfo;if(basicConstraintsCA)throw Error("Certificate basic constraints CA was not `false` (TPM)");if(version!==2)throw Error("Certificate version was not `3` (ASN.1 value of 2) (TPM)");if(subject.combined.length>0)throw Error("Certificate subject was not empty (TPM)");let now=new Date;if(notBefore>now)throw Error(`Certificate not good before "${notBefore.toString()}" (TPM)`);if(now=new Date,notAfter<now)throw Error(`Certificate not good after "${notAfter.toString()}" (TPM)`);let parsedCert=AsnParser.parse(x5c[0],Certificate);if(!parsedCert.tbsCertificate.extensions)throw Error("Certificate was missing extensions (TPM)");let subjectAltNamePresent,extKeyUsage;if(parsedCert.tbsCertificate.extensions.forEach((ext)=>{if(ext.extnID===id_ce_subjectAltName)subjectAltNamePresent=AsnParser.parse(ext.extnValue,SubjectAlternativeName);else if(ext.extnID===id_ce_extKeyUsage)extKeyUsage=AsnParser.parse(ext.extnValue,ExtendedKeyUsage)}),!subjectAltNamePresent)throw Error("Certificate did not contain subjectAltName extension (TPM)");if(!subjectAltNamePresent[0].directoryName?.[0].length)throw Error("Certificate subjectAltName extension directoryName was empty (TPM)");let{tcgAtTpmManufacturer,tcgAtTpmModel,tcgAtTpmVersion}=getTcgAtTpmValues(subjectAltNamePresent[0].directoryName);if(!tcgAtTpmManufacturer||!tcgAtTpmModel||!tcgAtTpmVersion)throw Error("Certificate contained incomplete subjectAltName data (TPM)");if(!extKeyUsage)throw Error("Certificate did not contain ExtendedKeyUsage extension (TPM)");if(!TPM_MANUFACTURERS[tcgAtTpmManufacturer])throw Error(`Could not match TPM manufacturer "${tcgAtTpmManufacturer}" (TPM)`);if(extKeyUsage[0]!=="2.23.133.8.3")throw Error(`Unexpected extKeyUsage "${extKeyUsage[0]}", expected "2.23.133.8.3" (TPM)`);try{await validateExtFIDOGenCEAAGUID(parsedCert.tbsCertificate.extensions,aaguid)}catch(err){throw Error(`${err.message} (TPM)`)}let statement=await MetadataService.getStatement(aaguid);if(statement)try{await verifyAttestationWithMetadata({statement,credentialPublicKey,x5c,attestationStatementAlg:alg})}catch(err){throw Error(`${err.message} (TPM)`)}else try{await validateCertificatePath(x5c.map(convertCertBufferToPEM),rootCertificates)}catch(err){throw Error(`${err.message} (TPM)`)}return verifySignature2({signature:sig,data:certInfo,x509Certificate:x5c[0],hashAlgorithm:alg})}function getTcgAtTpmValues(root){let tcgAtTpmManufacturer,tcgAtTpmModel,tcgAtTpmVersion;return root.forEach((relName)=>{relName.forEach((attr)=>{if(attr.type==="2.23.133.2.1")tcgAtTpmManufacturer=attr.value.toString();else if(attr.type==="2.23.133.2.2")tcgAtTpmModel=attr.value.toString();else if(attr.type==="2.23.133.2.3")tcgAtTpmVersion=attr.value.toString()})}),{tcgAtTpmManufacturer,tcgAtTpmModel,tcgAtTpmVersion}}function attestedNameAlgToCOSEAlg(alg){if(alg==="TPM_ALG_SHA256")return COSEALG.ES256;else if(alg==="TPM_ALG_SHA384")return COSEALG.ES384;else if(alg==="TPM_ALG_SHA512")return COSEALG.ES512;throw Error(`Unexpected TPM attested name alg ${alg}`)}var init_verifyAttestationTPM=__esm(()=>{init_es2015();init_es20152();init_decodeCredentialPublicKey();init_cose();init_toHash();init_convertCertBufferToPEM();init_validateCertificatePath();init_getCertificateInfo();init_verifySignature();init_iso();init_validateExtFIDOGenCEAAGUID();init_metadataService();init_verifyAttestationWithMetadata();init_constants2();init_parseCertInfo();init_parsePubArea()});class RootOfTrust{verifiedBootKey=new OctetString2;deviceLocked=!1;verifiedBootState=VerifiedBootState.verified;verifiedBootHash;constructor(params={}){Object.assign(this,params)}}class AuthorizationList{purpose;algorithm;keySize;digest;padding;ecCurve;rsaPublicExponent;mgfDigest;rollbackResistance;earlyBootOnly;activeDateTime;originationExpireDateTime;usageExpireDateTime;usageCountLimit;noAuthRequired;userAuthType;authTimeout;allowWhileOnBody;trustedUserPresenceRequired;trustedConfirmationRequired;unlockedDeviceRequired;allApplications;applicationId;creationDateTime;origin;rollbackResistant;rootOfTrust;osVersion;osPatchLevel;attestationApplicationId;attestationIdBrand;attestationIdDevice;attestationIdProduct;attestationIdSerial;attestationIdImei;attestationIdMeid;attestationIdManufacturer;attestationIdModel;vendorPatchLevel;bootPatchLevel;deviceUniqueAttestation;attestationIdSecondImei;moduleHash;constructor(params={}){Object.assign(this,params)}}class KeyDescription{attestationVersion=Version3.KM4;attestationSecurityLevel=SecurityLevel.software;keymasterVersion=0;keymasterSecurityLevel=SecurityLevel.software;attestationChallenge=new OctetString2;uniqueId=new OctetString2;softwareEnforced=new AuthorizationList;teeEnforced=new AuthorizationList;constructor(params={}){Object.assign(this,params)}}class KeyMintKeyDescription{attestationVersion=Version3.keyMint4;attestationSecurityLevel=SecurityLevel.software;keyMintVersion=0;keyMintSecurityLevel=SecurityLevel.software;attestationChallenge=new OctetString2;uniqueId=new OctetString2;softwareEnforced=new AuthorizationList;hardwareEnforced=new AuthorizationList;constructor(params={}){Object.assign(this,params)}toLegacyKeyDescription(){return new KeyDescription({attestationVersion:this.attestationVersion,attestationSecurityLevel:this.attestationSecurityLevel,keymasterVersion:this.keyMintVersion,keymasterSecurityLevel:this.keyMintSecurityLevel,attestationChallenge:this.attestationChallenge,uniqueId:this.uniqueId,softwareEnforced:this.softwareEnforced,teeEnforced:this.hardwareEnforced})}static fromLegacyKeyDescription(keyDesc){return new KeyMintKeyDescription({attestationVersion:keyDesc.attestationVersion,attestationSecurityLevel:keyDesc.attestationSecurityLevel,keyMintVersion:keyDesc.keymasterVersion,keyMintSecurityLevel:keyDesc.keymasterSecurityLevel,attestationChallenge:keyDesc.attestationChallenge,uniqueId:keyDesc.uniqueId,softwareEnforced:keyDesc.softwareEnforced,hardwareEnforced:keyDesc.teeEnforced})}}var IntegerSet_1,id_ce_keyDescription="1.3.6.1.4.1.11129.2.1.17",VerifiedBootState,IntegerSet,SecurityLevel,Version3;var init_key_description=__esm(()=>{init_modules();init_es2015();(function(VerifiedBootState2){VerifiedBootState2[VerifiedBootState2.verified=0]="verified",VerifiedBootState2[VerifiedBootState2.selfSigned=1]="selfSigned",VerifiedBootState2[VerifiedBootState2.unverified=2]="unverified",VerifiedBootState2[VerifiedBootState2.failed=3]="failed"})(VerifiedBootState||(VerifiedBootState={}));__decorate([AsnProp({type:OctetString2})],RootOfTrust.prototype,"verifiedBootKey",void 0);__decorate([AsnProp({type:AsnPropTypes.Boolean})],RootOfTrust.prototype,"deviceLocked",void 0);__decorate([AsnProp({type:AsnPropTypes.Enumerated})],RootOfTrust.prototype,"verifiedBootState",void 0);__decorate([AsnProp({type:OctetString2,optional:!0})],RootOfTrust.prototype,"verifiedBootHash",void 0);IntegerSet=IntegerSet_1=class extends AsnArray{constructor(items){super(items);Object.setPrototypeOf(this,IntegerSet_1.prototype)}};IntegerSet=IntegerSet_1=__decorate([AsnType({type:AsnTypeTypes.Set,itemType:AsnPropTypes.Integer})],IntegerSet);__decorate([AsnProp({context:1,type:IntegerSet,optional:!0})],AuthorizationList.prototype,"purpose",void 0);__decorate([AsnProp({context:2,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"algorithm",void 0);__decorate([AsnProp({context:3,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"keySize",void 0);__decorate([AsnProp({context:5,type:IntegerSet,optional:!0})],AuthorizationList.prototype,"digest",void 0);__decorate([AsnProp({context:6,type:IntegerSet,optional:!0})],AuthorizationList.prototype,"padding",void 0);__decorate([AsnProp({context:10,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"ecCurve",void 0);__decorate([AsnProp({context:200,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"rsaPublicExponent",void 0);__decorate([AsnProp({context:203,type:IntegerSet,optional:!0})],AuthorizationList.prototype,"mgfDigest",void 0);__decorate([AsnProp({context:303,type:AsnPropTypes.Null,optional:!0})],AuthorizationList.prototype,"rollbackResistance",void 0);__decorate([AsnProp({context:305,type:AsnPropTypes.Null,optional:!0})],AuthorizationList.prototype,"earlyBootOnly",void 0);__decorate([AsnProp({context:400,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"activeDateTime",void 0);__decorate([AsnProp({context:401,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"originationExpireDateTime",void 0);__decorate([AsnProp({context:402,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"usageExpireDateTime",void 0);__decorate([AsnProp({context:405,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"usageCountLimit",void 0);__decorate([AsnProp({context:503,type:AsnPropTypes.Null,optional:!0})],AuthorizationList.prototype,"noAuthRequired",void 0);__decorate([AsnProp({context:504,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"userAuthType",void 0);__decorate([AsnProp({context:505,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"authTimeout",void 0);__decorate([AsnProp({context:506,type:AsnPropTypes.Null,optional:!0})],AuthorizationList.prototype,"allowWhileOnBody",void 0);__decorate([AsnProp({context:507,type:AsnPropTypes.Null,optional:!0})],AuthorizationList.prototype,"trustedUserPresenceRequired",void 0);__decorate([AsnProp({context:508,type:AsnPropTypes.Null,optional:!0})],AuthorizationList.prototype,"trustedConfirmationRequired",void 0);__decorate([AsnProp({context:509,type:AsnPropTypes.Null,optional:!0})],AuthorizationList.prototype,"unlockedDeviceRequired",void 0);__decorate([AsnProp({context:600,type:AsnPropTypes.Null,optional:!0})],AuthorizationList.prototype,"allApplications",void 0);__decorate([AsnProp({context:601,type:OctetString2,optional:!0})],AuthorizationList.prototype,"applicationId",void 0);__decorate([AsnProp({context:701,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"creationDateTime",void 0);__decorate([AsnProp({context:702,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"origin",void 0);__decorate([AsnProp({context:703,type:AsnPropTypes.Null,optional:!0})],AuthorizationList.prototype,"rollbackResistant",void 0);__decorate([AsnProp({context:704,type:RootOfTrust,optional:!0})],AuthorizationList.prototype,"rootOfTrust",void 0);__decorate([AsnProp({context:705,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"osVersion",void 0);__decorate([AsnProp({context:706,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"osPatchLevel",void 0);__decorate([AsnProp({context:709,type:OctetString2,optional:!0})],AuthorizationList.prototype,"attestationApplicationId",void 0);__decorate([AsnProp({context:710,type:OctetString2,optional:!0})],AuthorizationList.prototype,"attestationIdBrand",void 0);__decorate([AsnProp({context:711,type:OctetString2,optional:!0})],AuthorizationList.prototype,"attestationIdDevice",void 0);__decorate([AsnProp({context:712,type:OctetString2,optional:!0})],AuthorizationList.prototype,"attestationIdProduct",void 0);__decorate([AsnProp({context:713,type:OctetString2,optional:!0})],AuthorizationList.prototype,"attestationIdSerial",void 0);__decorate([AsnProp({context:714,type:OctetString2,optional:!0})],AuthorizationList.prototype,"attestationIdImei",void 0);__decorate([AsnProp({context:715,type:OctetString2,optional:!0})],AuthorizationList.prototype,"attestationIdMeid",void 0);__decorate([AsnProp({context:716,type:OctetString2,optional:!0})],AuthorizationList.prototype,"attestationIdManufacturer",void 0);__decorate([AsnProp({context:717,type:OctetString2,optional:!0})],AuthorizationList.prototype,"attestationIdModel",void 0);__decorate([AsnProp({context:718,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"vendorPatchLevel",void 0);__decorate([AsnProp({context:719,type:AsnPropTypes.Integer,optional:!0})],AuthorizationList.prototype,"bootPatchLevel",void 0);__decorate([AsnProp({context:720,type:AsnPropTypes.Null,optional:!0})],AuthorizationList.prototype,"deviceUniqueAttestation",void 0);__decorate([AsnProp({context:723,type:OctetString2,optional:!0})],AuthorizationList.prototype,"attestationIdSecondImei",void 0);__decorate([AsnProp({context:724,type:OctetString2,optional:!0})],AuthorizationList.prototype,"moduleHash",void 0);(function(SecurityLevel2){SecurityLevel2[SecurityLevel2.software=0]="software",SecurityLevel2[SecurityLevel2.trustedEnvironment=1]="trustedEnvironment",SecurityLevel2[SecurityLevel2.strongBox=2]="strongBox"})(SecurityLevel||(SecurityLevel={}));(function(Version4){Version4[Version4.KM2=1]="KM2",Version4[Version4.KM3=2]="KM3",Version4[Version4.KM4=3]="KM4",Version4[Version4.KM4_1=4]="KM4_1",Version4[Version4.keyMint1=100]="keyMint1",Version4[Version4.keyMint2=200]="keyMint2",Version4[Version4.keyMint3=300]="keyMint3",Version4[Version4.keyMint4=400]="keyMint4"})(Version3||(Version3={}));__decorate([AsnProp({type:AsnPropTypes.Integer})],KeyDescription.prototype,"attestationVersion",void 0);__decorate([AsnProp({type:AsnPropTypes.Enumerated})],KeyDescription.prototype,"attestationSecurityLevel",void 0);__decorate([AsnProp({type:AsnPropTypes.Integer})],KeyDescription.prototype,"keymasterVersion",void 0);__decorate([AsnProp({type:AsnPropTypes.Enumerated})],KeyDescription.prototype,"keymasterSecurityLevel",void 0);__decorate([AsnProp({type:OctetString2})],KeyDescription.prototype,"attestationChallenge",void 0);__decorate([AsnProp({type:OctetString2})],KeyDescription.prototype,"uniqueId",void 0);__decorate([AsnProp({type:AuthorizationList})],KeyDescription.prototype,"softwareEnforced",void 0);__decorate([AsnProp({type:AuthorizationList})],KeyDescription.prototype,"teeEnforced",void 0);__decorate([AsnProp({type:AsnPropTypes.Integer})],KeyMintKeyDescription.prototype,"attestationVersion",void 0);__decorate([AsnProp({type:AsnPropTypes.Enumerated})],KeyMintKeyDescription.prototype,"attestationSecurityLevel",void 0);__decorate([AsnProp({type:AsnPropTypes.Integer})],KeyMintKeyDescription.prototype,"keyMintVersion",void 0);__decorate([AsnProp({type:AsnPropTypes.Enumerated})],KeyMintKeyDescription.prototype,"keyMintSecurityLevel",void 0);__decorate([AsnProp({type:OctetString2})],KeyMintKeyDescription.prototype,"attestationChallenge",void 0);__decorate([AsnProp({type:OctetString2})],KeyMintKeyDescription.prototype,"uniqueId",void 0);__decorate([AsnProp({type:AuthorizationList})],KeyMintKeyDescription.prototype,"softwareEnforced",void 0);__decorate([AsnProp({type:AuthorizationList})],KeyMintKeyDescription.prototype,"hardwareEnforced",void 0)});class NonStandardKeyDescription{attestationVersion=Version3.KM4;attestationSecurityLevel=SecurityLevel.software;keymasterVersion=0;keymasterSecurityLevel=SecurityLevel.software;attestationChallenge=new OctetString2;uniqueId=new OctetString2;softwareEnforced=new NonStandardAuthorizationList;teeEnforced=new NonStandardAuthorizationList;get keyMintVersion(){return this.keymasterVersion}set keyMintVersion(value){this.keymasterVersion=value}get keyMintSecurityLevel(){return this.keymasterSecurityLevel}set keyMintSecurityLevel(value){this.keymasterSecurityLevel=value}get hardwareEnforced(){return this.teeEnforced}set hardwareEnforced(value){this.teeEnforced=value}constructor(params={}){Object.assign(this,params)}}var NonStandardAuthorizationList_1,NonStandardAuthorization,NonStandardAuthorizationList,NonStandardKeyMintKeyDescription;var init_nonstandard=__esm(()=>{init_modules();init_es2015();init_key_description();NonStandardAuthorization=class extends AuthorizationList{};NonStandardAuthorization=__decorate([AsnType({type:AsnTypeTypes.Choice})],NonStandardAuthorization);NonStandardAuthorizationList=NonStandardAuthorizationList_1=class extends AsnArray{constructor(items){super(items);Object.setPrototypeOf(this,NonStandardAuthorizationList_1.prototype)}findProperty(key2){let prop=this.find((o)=>o[key2]!==void 0);if(prop)return prop[key2];return}};NonStandardAuthorizationList=NonStandardAuthorizationList_1=__decorate([AsnType({type:AsnTypeTypes.Sequence,itemType:NonStandardAuthorization})],NonStandardAuthorizationList);__decorate([AsnProp({type:AsnPropTypes.Integer})],NonStandardKeyDescription.prototype,"attestationVersion",void 0);__decorate([AsnProp({type:AsnPropTypes.Enumerated})],NonStandardKeyDescription.prototype,"attestationSecurityLevel",void 0);__decorate([AsnProp({type:AsnPropTypes.Integer})],NonStandardKeyDescription.prototype,"keymasterVersion",void 0);__decorate([AsnProp({type:AsnPropTypes.Enumerated})],NonStandardKeyDescription.prototype,"keymasterSecurityLevel",void 0);__decorate([AsnProp({type:OctetString2})],NonStandardKeyDescription.prototype,"attestationChallenge",void 0);__decorate([AsnProp({type:OctetString2})],NonStandardKeyDescription.prototype,"uniqueId",void 0);__decorate([AsnProp({type:NonStandardAuthorizationList})],NonStandardKeyDescription.prototype,"softwareEnforced",void 0);__decorate([AsnProp({type:NonStandardAuthorizationList})],NonStandardKeyDescription.prototype,"teeEnforced",void 0);NonStandardKeyMintKeyDescription=class extends NonStandardKeyDescription{constructor(params={}){if("keymasterVersion"in params&&!("keyMintVersion"in params))params.keyMintVersion=params.keymasterVersion;if("keymasterSecurityLevel"in params&&!("keyMintSecurityLevel"in params))params.keyMintSecurityLevel=params.keymasterSecurityLevel;if("teeEnforced"in params&&!("hardwareEnforced"in params))params.hardwareEnforced=params.teeEnforced;super(params)}};NonStandardKeyMintKeyDescription=__decorate([AsnType({type:AsnTypeTypes.Sequence})],NonStandardKeyMintKeyDescription)});class AttestationPackageInfo{packageName;version;constructor(params={}){Object.assign(this,params)}}class AttestationApplicationId{packageInfos;signatureDigests;constructor(params={}){Object.assign(this,params)}}var init_attestation=__esm(()=>{init_modules();init_es2015();__decorate([AsnProp({type:AsnPropTypes.OctetString})],AttestationPackageInfo.prototype,"packageName",void 0);__decorate([AsnProp({type:AsnPropTypes.Integer})],AttestationPackageInfo.prototype,"version",void 0);__decorate([AsnProp({type:AttestationPackageInfo,repeated:"set"})],AttestationApplicationId.prototype,"packageInfos",void 0);__decorate([AsnProp({type:AsnPropTypes.OctetString,repeated:"set"})],AttestationApplicationId.prototype,"signatureDigests",void 0)});var init_es201511=__esm(()=>{init_key_description();init_nonstandard();init_attestation()});async function verifyAttestationAndroidKey(options){let{authData,clientDataHash,attStmt,credentialPublicKey,aaguid,rootCertificates}=options,x5c=attStmt.get("x5c"),sig=attStmt.get("sig"),alg=attStmt.get("alg");if(!x5c)throw Error("No attestation certificate provided in attestation statement (Android Key)");if(!sig)throw Error("No attestation signature provided in attestation statement (Android Key)");if(!alg)throw Error("Attestation statement did not contain alg (Android Key)");if(!isCOSEAlg(alg))throw Error(`Attestation statement contained invalid alg ${alg} (Android Key)`);let parsedCert=AsnParser.parse(x5c[0],Certificate),parsedCertPubKey=new Uint8Array(parsedCert.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey),credPubKeyPKCS=convertCOSEtoPKCS(credentialPublicKey);if(!exports_isoUint8Array.areEqual(credPubKeyPKCS,parsedCertPubKey))throw Error("Credential public key does not equal leaf cert public key (Android Key)");let extKeyStore=parsedCert.tbsCertificate.extensions?.find((ext)=>ext.extnID===id_ce_keyDescription);if(!extKeyStore)throw Error("Certificate did not contain extKeyStore (Android Key)");let parsedExtKeyStore=AsnParser.parse(extKeyStore.extnValue,KeyDescription),{attestationChallenge,teeEnforced,softwareEnforced}=parsedExtKeyStore;if(!exports_isoUint8Array.areEqual(new Uint8Array(attestationChallenge.buffer),clientDataHash))throw Error("Attestation challenge was not equal to client data hash (Android Key)");if(teeEnforced.allApplications!==void 0)throw Error('teeEnforced contained "allApplications [600]" tag (Android Key)');if(softwareEnforced.allApplications!==void 0)throw Error('teeEnforced contained "allApplications [600]" tag (Android Key)');let statement=await MetadataService.getStatement(aaguid);if(statement)try{await verifyAttestationWithMetadata({statement,credentialPublicKey,x5c,attestationStatementAlg:alg})}catch(err){let _err=err;throw Error(`${_err.message} (Android Key)`,{cause:_err})}else{let x5cNoRootPEM=x5c.slice(0,-1).map(convertCertBufferToPEM),x5cRootPEM=x5c.slice(-1).map(convertCertBufferToPEM);try{await validateCertificatePath(x5cNoRootPEM,x5cRootPEM)}catch(err){let _err=err;throw Error(`${_err.message} (Android Key)`,{cause:_err})}if(rootCertificates.length>0&&rootCertificates.indexOf(x5cRootPEM[0])<0)throw Error("x5c root certificate was not a known root certificate (Android Key)")}let signatureBase=exports_isoUint8Array.concat([authData,clientDataHash]);return verifySignature2({signature:sig,data:signatureBase,x509Certificate:x5c[0],hashAlgorithm:alg})}var init_verifyAttestationAndroidKey=__esm(()=>{init_es2015();init_es20152();init_es201511();init_convertCertBufferToPEM();init_validateCertificatePath();init_verifySignature();init_convertCOSEtoPKCS();init_cose();init_iso();init_metadataService();init_verifyAttestationWithMetadata()});async function verifyAttestationApple(options){let{attStmt,authData,clientDataHash,credentialPublicKey,rootCertificates}=options,x5c=attStmt.get("x5c");if(!x5c)throw Error("No attestation certificate provided in attestation statement (Apple)");try{await validateCertificatePath(x5c.map(convertCertBufferToPEM),rootCertificates)}catch(err){throw Error(`${err.message} (Apple)`)}let parsedCredCert=AsnParser.parse(x5c[0],Certificate),{extensions:extensions2,subjectPublicKeyInfo}=parsedCredCert.tbsCertificate;if(!extensions2)throw Error("credCert missing extensions (Apple)");let extCertNonce=extensions2.find((ext)=>ext.extnID==="1.2.840.113635.100.8.2");if(!extCertNonce)throw Error('credCert missing "1.2.840.113635.100.8.2" extension (Apple)');let nonceToHash=exports_isoUint8Array.concat([authData,clientDataHash]),nonce=await toHash(nonceToHash),extNonce=new Uint8Array(extCertNonce.extnValue.buffer).slice(6);if(!exports_isoUint8Array.areEqual(nonce,extNonce))throw Error("credCert nonce was not expected value (Apple)");let credPubKeyPKCS=convertCOSEtoPKCS(credentialPublicKey),credCertSubjectPublicKey=new Uint8Array(subjectPublicKeyInfo.subjectPublicKey);if(!exports_isoUint8Array.areEqual(credPubKeyPKCS,credCertSubjectPublicKey))throw Error("Credential public key does not equal credCert public key (Apple)");return!0}var init_verifyAttestationApple=__esm(()=>{init_es2015();init_es20152();init_validateCertificatePath();init_convertCertBufferToPEM();init_toHash();init_convertCOSEtoPKCS();init_iso()});async function verifyRegistrationResponse(options){let{response,expectedChallenge,expectedOrigin,expectedRPID,expectedType,requireUserPresence=!0,requireUserVerification=!0,supportedAlgorithmIDs=supportedCOSEAlgorithmIdentifiers,attestationSafetyNetEnforceCTSCheck=!0}=options,{id,rawId,type:credentialType,response:attestationResponse}=response;if(!id)throw Error("Missing credential ID");if(id!==rawId)throw Error("Credential ID was not base64url-encoded");if(credentialType!=="public-key")throw Error(`Unexpected credential type ${credentialType}, expected "public-key"`);let clientDataJSON=decodeClientDataJSON(attestationResponse.clientDataJSON),{type,origin,challenge,tokenBinding}=clientDataJSON;if(Array.isArray(expectedType)){if(!expectedType.includes(type)){let joinedExpectedType=expectedType.join(", ");throw Error(`Unexpected registration response type "${type}", expected one of: ${joinedExpectedType}`)}}else if(expectedType){if(type!==expectedType)throw Error(`Unexpected registration response type "${type}", expected "${expectedType}"`)}else if(type!=="webauthn.create")throw Error(`Unexpected registration response type: ${type}`);if(typeof expectedChallenge==="function"){if(!await expectedChallenge(challenge))throw Error(`Custom challenge verifier returned false for registration response challenge "${challenge}"`)}else if(challenge!==expectedChallenge)throw Error(`Unexpected registration response challenge "${challenge}", expected "${expectedChallenge}"`);if(Array.isArray(expectedOrigin)){if(!expectedOrigin.includes(origin))throw Error(`Unexpected registration response origin "${origin}", expected one of: ${expectedOrigin.join(", ")}`)}else if(origin!==expectedOrigin)throw Error(`Unexpected registration response origin "${origin}", expected "${expectedOrigin}"`);if(tokenBinding){if(typeof tokenBinding!=="object")throw Error(`Unexpected value for TokenBinding "${tokenBinding}"`);if(["present","supported","not-supported"].indexOf(tokenBinding.status)<0)throw Error(`Unexpected tokenBinding.status value of "${tokenBinding.status}"`)}let attestationObject=exports_isoBase64URL.toBuffer(attestationResponse.attestationObject),decodedAttestationObject=decodeAttestationObject(attestationObject),fmt=decodedAttestationObject.get("fmt"),authData=decodedAttestationObject.get("authData"),attStmt=decodedAttestationObject.get("attStmt"),parsedAuthData=parseAuthenticatorData(authData),{aaguid,rpIdHash,flags,credentialID,counter,credentialPublicKey,extensionsData}=parsedAuthData,matchedRPID;if(expectedRPID){let expectedRPIDs=[];if(typeof expectedRPID==="string")expectedRPIDs=[expectedRPID];else expectedRPIDs=expectedRPID;matchedRPID=await matchExpectedRPID(rpIdHash,expectedRPIDs)}if(requireUserPresence&&!flags.up)throw Error("User presence was required, but user was not present");if(requireUserVerification&&!flags.uv)throw Error("User verification was required, but user could not be verified");if(!credentialID)throw Error("No credential ID was provided by authenticator");if(!credentialPublicKey)throw Error("No public key was provided by authenticator");if(!aaguid)throw Error("No AAGUID was present during registration");let alg=decodeCredentialPublicKey(credentialPublicKey).get(COSEKEYS.alg);if(typeof alg!=="number")throw Error("Credential public key was missing numeric alg");if(!supportedAlgorithmIDs.includes(alg)){let supported=supportedAlgorithmIDs.join(", ");throw Error(`Unexpected public key alg "${alg}", expected one of "${supported}"`)}let clientDataHash=await toHash(exports_isoBase64URL.toBuffer(attestationResponse.clientDataJSON)),rootCertificates=SettingsService.getRootCertificates({identifier:fmt}),verifierOpts={aaguid,attStmt,authData,clientDataHash,credentialID,credentialPublicKey,rootCertificates,rpIdHash,attestationSafetyNetEnforceCTSCheck},verified=!1;if(fmt==="fido-u2f")verified=await verifyAttestationFIDOU2F(verifierOpts);else if(fmt==="packed")verified=await verifyAttestationPacked(verifierOpts);else if(fmt==="android-safetynet")verified=await verifyAttestationAndroidSafetyNet(verifierOpts);else if(fmt==="android-key")verified=await verifyAttestationAndroidKey(verifierOpts);else if(fmt==="tpm")verified=await verifyAttestationTPM(verifierOpts);else if(fmt==="apple")verified=await verifyAttestationApple(verifierOpts);else if(fmt==="none"){if(attStmt.size>0)throw Error("None attestation had unexpected attestation statement");verified=!0}else throw Error(`Unsupported Attestation Format: ${fmt}`);if(!verified)return{verified:!1};let{credentialDeviceType,credentialBackedUp}=parseBackupFlags(flags);return{verified:!0,registrationInfo:{fmt,aaguid:convertAAGUIDToString(aaguid),credentialType,credential:{id:exports_isoBase64URL.fromBuffer(credentialID),publicKey:credentialPublicKey,counter,transports:response.response.transports},attestationObject,userVerified:flags.uv,credentialDeviceType,credentialBackedUp,origin:clientDataJSON.origin,rpID:matchedRPID,authenticatorExtensionResults:extensionsData}}}var init_verifyRegistrationResponse=__esm(()=>{init_decodeAttestationObject();init_decodeClientDataJSON();init_parseAuthenticatorData();init_toHash();init_decodeCredentialPublicKey();init_cose();init_convertAAGUIDToString();init_parseBackupFlags();init_matchExpectedRPID();init_iso();init_settingsService();init_generateRegistrationOptions();init_verifyAttestationFIDOU2F();init_verifyAttestationPacked();init_verifyAttestationAndroidSafetyNet();init_verifyAttestationTPM();init_verifyAttestationAndroidKey();init_verifyAttestationApple()});async function generateAuthenticationOptions(options){let{allowCredentials,challenge=await generateChallenge2(),timeout=60000,userVerification="preferred",extensions:extensions2,rpID}=options,_challenge=challenge;if(typeof _challenge==="string")_challenge=exports_isoUint8Array.fromUTF8String(_challenge);return{rpId:rpID,challenge:exports_isoBase64URL.fromBuffer(_challenge),allowCredentials:allowCredentials?.map((cred)=>{if(!exports_isoBase64URL.isBase64URL(cred.id))throw Error(`allowCredential id "${cred.id}" is not a valid base64url string`);return{...cred,id:exports_isoBase64URL.trimPadding(cred.id),type:"public-key"}}),timeout,userVerification,extensions:extensions2}}var init_generateAuthenticationOptions=__esm(()=>{init_iso();init_generateChallenge()});async function verifyAuthenticationResponse(options){let{response,expectedChallenge,expectedOrigin,expectedRPID,expectedType,credential,requireUserVerification=!0,advancedFIDOConfig}=options,{id,rawId,type:credentialType,response:assertionResponse}=response;if(!id)throw Error("Missing credential ID");if(id!==rawId)throw Error("Credential ID was not base64url-encoded");if(credentialType!=="public-key")throw Error(`Unexpected credential type ${credentialType}, expected "public-key"`);if(!response)throw Error("Credential missing response");if(typeof assertionResponse?.clientDataJSON!=="string")throw Error("Credential response clientDataJSON was not a string");let clientDataJSON=decodeClientDataJSON(assertionResponse.clientDataJSON),{type,origin,challenge,tokenBinding}=clientDataJSON;if(Array.isArray(expectedType)){if(!expectedType.includes(type)){let joinedExpectedType=expectedType.join(", ");throw Error(`Unexpected authentication response type "${type}", expected one of: ${joinedExpectedType}`)}}else if(expectedType){if(type!==expectedType)throw Error(`Unexpected authentication response type "${type}", expected "${expectedType}"`)}else if(type!=="webauthn.get")throw Error(`Unexpected authentication response type: ${type}`);if(typeof expectedChallenge==="function"){if(!await expectedChallenge(challenge))throw Error(`Custom challenge verifier returned false for registration response challenge "${challenge}"`)}else if(challenge!==expectedChallenge)throw Error(`Unexpected authentication response challenge "${challenge}", expected "${expectedChallenge}"`);if(Array.isArray(expectedOrigin)){if(!expectedOrigin.includes(origin)){let joinedExpectedOrigin=expectedOrigin.join(", ");throw Error(`Unexpected authentication response origin "${origin}", expected one of: ${joinedExpectedOrigin}`)}}else if(origin!==expectedOrigin)throw Error(`Unexpected authentication response origin "${origin}", expected "${expectedOrigin}"`);if(!exports_isoBase64URL.isBase64URL(assertionResponse.authenticatorData))throw Error("Credential response authenticatorData was not a base64url string");if(!exports_isoBase64URL.isBase64URL(assertionResponse.signature))throw Error("Credential response signature was not a base64url string");if(assertionResponse.userHandle&&typeof assertionResponse.userHandle!=="string")throw Error("Credential response userHandle was not a string");if(tokenBinding){if(typeof tokenBinding!=="object")throw Error("ClientDataJSON tokenBinding was not an object");if(["present","supported","notSupported"].indexOf(tokenBinding.status)<0)throw Error(`Unexpected tokenBinding status ${tokenBinding.status}`)}let authDataBuffer=exports_isoBase64URL.toBuffer(assertionResponse.authenticatorData),parsedAuthData=parseAuthenticatorData(authDataBuffer),{rpIdHash,flags,counter,extensionsData}=parsedAuthData,expectedRPIDs=[];if(typeof expectedRPID==="string")expectedRPIDs=[expectedRPID];else expectedRPIDs=expectedRPID;let matchedRPID=await matchExpectedRPID(rpIdHash,expectedRPIDs);if(advancedFIDOConfig!==void 0){let{userVerification:fidoUserVerification}=advancedFIDOConfig;if(fidoUserVerification==="required"){if(!flags.uv)throw Error("User verification required, but user could not be verified")}}else{if(!flags.up)throw Error("User not present during authentication");if(requireUserVerification&&!flags.uv)throw Error("User verification required, but user could not be verified")}let clientDataHash=await toHash(exports_isoBase64URL.toBuffer(assertionResponse.clientDataJSON)),signatureBase=exports_isoUint8Array.concat([authDataBuffer,clientDataHash]),signature=exports_isoBase64URL.toBuffer(assertionResponse.signature);if((counter>0||credential.counter>0)&&counter<=credential.counter)throw Error(`Response counter value ${counter} was lower than expected ${credential.counter}`);let{credentialDeviceType,credentialBackedUp}=parseBackupFlags(flags);return{verified:await verifySignature2({signature,data:signatureBase,credentialPublicKey:credential.publicKey}),authenticationInfo:{newCounter:counter,credentialID:credential.id,userVerified:flags.uv,credentialDeviceType,credentialBackedUp,authenticatorExtensionResults:extensionsData,origin:clientDataJSON.origin,rpID:matchedRPID}}}var init_verifyAuthenticationResponse=__esm(()=>{init_decodeClientDataJSON();init_toHash();init_verifySignature();init_parseAuthenticatorData();init_parseBackupFlags();init_matchExpectedRPID();init_iso()});var init_mdsTypes=()=>{};var init_types11=()=>{};var init_esm2=__esm(()=>{init_generateRegistrationOptions();init_verifyRegistrationResponse();init_generateAuthenticationOptions();init_verifyAuthenticationResponse();init_metadataService();init_settingsService();init_mdsTypes();init_types11()});function base64UrlEncode2(buffer){let binary="";for(let byte of buffer)binary+=String.fromCharCode(byte);return(typeof btoa<"u"?btoa(binary):Buffer.from(binary,"binary").toString("base64")).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}function base64UrlDecode2(value){let padded=value.replace(/-/g,"+").replace(/_/g,"/").padEnd(value.length+(4-value.length%4)%4,"="),binary=typeof atob<"u"?atob(padded):Buffer.from(padded,"base64").toString("binary"),buffer=new ArrayBuffer(binary.length),out=new Uint8Array(buffer);for(let i=0;i<binary.length;i+=1)out[i]=binary.charCodeAt(i);return out}function parseTransports(value){if(!value)return null;if(Array.isArray(value))return value;if(typeof value==="string")try{let parsed=JSON.parse(value);return Array.isArray(parsed)?parsed:null}catch{return null}return null}function parseDeviceType(value){if(value==="singleDevice"||value==="multiDevice")return value;return null}var exports_WebAuthn={};__export(exports_WebAuthn,{WebAuthnService:()=>WebAuthnService});class WebAuthnService{config;challengeTtlMs;constructor(config){this.config=config,this.challengeTtlMs=config.challengeTtlMs??DEFAULT_CHALLENGE_TTL_MS}async createRegistrationOptions(params){let existing=await this.config.storage.listCredentialsByUser(params.userId,params.schemaName),options=await generateRegistrationOptions({rpName:this.config.rp.rpName,rpID:this.config.rp.rpID,userID:new TextEncoder().encode(params.userId),userName:params.userName,userDisplayName:params.userDisplayName??params.userName,attestationType:"none",authenticatorSelection:{residentKey:"preferred",userVerification:this.config.userVerification??"preferred"},excludeCredentials:existing.filter((cred)=>!cred.revokedAt).map((cred)=>({id:cred.credentialId,transports:cred.transports??void 0}))});return await this.config.storage.storeChallenge({challenge:options.challenge,challengeType:"registration",userId:params.userId,expiresAt:new Date(Date.now()+this.challengeTtlMs)},params.schemaName),options}async verifyRegistration(params){let stored=await this.config.storage.consumeChallenge(params.expectedChallenge,"registration",params.schemaName);if(!stored||stored.userId!==params.userId)return null;if(stored.expiresAt.getTime()<Date.now())return null;let verification=await verifyRegistrationResponse({response:params.response,expectedChallenge:params.expectedChallenge,expectedOrigin:this.config.rp.expectedOrigins,expectedRPID:this.config.rp.rpID,requireUserVerification:this.config.userVerification==="required"});if(!verification.verified||!verification.registrationInfo)return null;let info=verification.registrationInfo,publicKey=base64UrlEncode2(info.credential.publicKey),attachment=params.response.authenticatorAttachment==="platform"||params.response.authenticatorAttachment==="cross-platform"?params.response.authenticatorAttachment:null;return this.config.storage.insertCredential({userId:params.userId,credentialId:info.credential.id,publicKey,counter:info.credential.counter,transports:info.credential.transports??null,deviceType:info.credentialDeviceType,backedUp:info.credentialBackedUp,aaguid:info.aaguid??null,authenticatorAttachment:attachment,nickname:params.nickname??null,lastUsedAt:null,revokedAt:null},params.schemaName)}async createAuthenticationOptions(params){let credentials=params.userId?await this.config.storage.listCredentialsByUser(params.userId,params.schemaName):[],options=await generateAuthenticationOptions({rpID:this.config.rp.rpID,userVerification:this.config.userVerification??"preferred",allowCredentials:credentials.filter((cred)=>!cred.revokedAt).map((cred)=>({id:cred.credentialId,transports:cred.transports??void 0}))});return await this.config.storage.storeChallenge({challenge:options.challenge,challengeType:"authentication",userId:params.userId??null,expiresAt:new Date(Date.now()+this.challengeTtlMs)},params.schemaName),options}async verifyAuthentication(params){let stored=await this.config.storage.consumeChallenge(params.expectedChallenge,"authentication",params.schemaName);if(!stored)return{verified:!1,userId:null,credentialId:null};if(stored.expiresAt.getTime()<Date.now())return{verified:!1,userId:null,credentialId:null};let credential=await this.config.storage.findCredentialById(params.response.id,params.schemaName);if(!credential||credential.revokedAt)return{verified:!1,userId:null,credentialId:null};let verification=await verifyAuthenticationResponse({response:params.response,expectedChallenge:params.expectedChallenge,expectedOrigin:this.config.rp.expectedOrigins,expectedRPID:this.config.rp.rpID,credential:{id:credential.credentialId,publicKey:base64UrlDecode2(credential.publicKey),counter:credential.counter,transports:credential.transports??void 0},requireUserVerification:this.config.userVerification==="required"});if(!verification.verified)return{verified:!1,userId:null,credentialId:null};return await this.config.storage.updateCredentialCounter(credential.credentialId,verification.authenticationInfo.newCounter,params.schemaName),{verified:!0,userId:credential.userId,credentialId:credential.credentialId}}listUserCredentials(userId,schemaName){return this.config.storage.listCredentialsByUser(userId,schemaName)}revokeCredential(credentialId,userId,schemaName){return this.config.storage.revokeCredential(credentialId,userId,schemaName)}renameCredential(credentialId,userId,nickname,schemaName){return this.config.storage.renameCredential(credentialId,userId,nickname,schemaName)}}var DEFAULT_CHALLENGE_TTL_MS=300000;var init_WebAuthn=__esm(()=>{init_esm2()});var init_Services=__esm(()=>{init_ApiKey();init_Auth();init_Authorization();init_Backup();init_Captcha();init_Domain();init_Email();init_Gmail();init_Logger2();init_Monitoring();init_Notification();init_OAuth();init_Payment();init_RateLimiter();init_Tenant();init_Verification();init_WebAuthn()});function encodeHeaderList(items){return items.map((v)=>encodeURIComponent(v)).join(",")}function decodeHeaderList(header){if(!header)return[];return header.split(",").map((v)=>v.trim()).filter(Boolean).map((v)=>{try{return decodeURIComponent(v)}catch{return v}})}function encodeClaimScopesHeader(claimScopes){if(!claimScopes||Object.keys(claimScopes).length===0)return"";return encodeURIComponent(JSON.stringify(claimScopes))}function decodeClaimScopesHeader(header){if(!header)return;try{let parsed=JSON.parse(decodeURIComponent(header));if(parsed&&typeof parsed==="object"&&!Array.isArray(parsed))return parsed;return}catch{return}}import{and as and11,eq as eq19}from"drizzle-orm";async function assignDefaultRole(params){let{db,userId,roleName,rolesTable,userRolesTable,logger:logger2}=params;if(!rolesTable||!userRolesTable){logger2.warn("[AUTH] assignDefaultRole called without rolesTable or userRolesTable \u2014 skipping",{userId,roleName});return}try{let rolesCols=rolesTable,userRolesCols=userRolesTable,role=(await db.select().from(rolesTable).where(eq19(rolesCols.name,roleName)).limit(1))[0];if(!role){logger2.warn(`[AUTH] Default role "${roleName}" not found in roles table \u2014 skipping assignment`,{userId});return}let roleId=role.id;if((await db.select().from(userRolesTable).where(and11(eq19(userRolesCols.userId,userId),eq19(userRolesCols.roleId,roleId))).limit(1)).length>0){logger2.debug("[AUTH] User already has default role \u2014 skipping",{userId,roleName});return}await db.insert(userRolesTable).values({userId,roleId}),logger2.info("[AUTH] Default role assigned to new user",{userId,roleName})}catch(err){logger2.warn("[AUTH] Failed to assign default role \u2014 continuing",{userId,roleName,error:err instanceof Error?err.message:String(err)})}}var init_assignDefaultRole=()=>{};import crypto6 from"crypto";var{password:password2}=globalThis.Bun;async function hashPassword(plainPassword){return await password2.hash(plainPassword,{algorithm:"bcrypt",cost:10})}function generateVerificationToken(){return crypto6.randomBytes(32).toString("hex")}function hashVerificationToken(token){return crypto6.createHash("sha256").update(token).digest("hex")}function parseTimeToMs(time2){let match=time2.match(/^(\d+)(s|m|h|d)$/);if(!match||!match[1]||!match[2])return 86400000;let value=Number.parseInt(match[1],10);switch(match[2]){case"s":return value*1000;case"m":return value*60*1000;case"h":return value*60*60*1000;case"d":return value*24*60*60*1000;default:return 86400000}}function validatePasswordStrength(pwd){let errors2=[];if(pwd.length<8)errors2.push("Password must be at least 8 characters");if(!/[A-Z]/.test(pwd))errors2.push("Password must contain uppercase letter");if(!/[a-z]/.test(pwd))errors2.push("Password must contain lowercase letter");if(!/[0-9]/.test(pwd))errors2.push("Password must contain a number");return{valid:errors2.length===0,errors:errors2}}var init_utils6=()=>{};function isEmailExempt(email,exemptDomains){if(!exemptDomains||exemptDomains.length===0)return!1;let domain=email.split("@")[1]?.toLowerCase();if(!domain)return!1;return exemptDomains.some((d)=>domain===d.toLowerCase()||domain.endsWith(`.${d.toLowerCase()}`))}var{password:password3}=globalThis.Bun;async function verifyPassword(plainPassword,hashedPassword){try{return await password3.verify(plainPassword,hashedPassword)}catch{return!1}}function labelFromRawUserAgent(userAgent){let ua=(userAgent??"").trim(),lower=ua.toLowerCase();if(!ua||lower==="unknown"||lower==="unknown browser")return;let meaningful=(ua.match(/[A-Za-z][A-Za-z0-9._-]*\/[0-9][^\s;)]*/g)??[]).find((t2)=>!/^mozilla\//i.test(t2));if(meaningful)return meaningful.split("/")[0];return ua.match(/[A-Za-z][A-Za-z0-9 ._-]{2,}/)?.[0]?.trim()||void 0}function parseUserAgentForLogin(userAgent,ipAddress,deviceHint,clientHints){let ua=userAgent.toLowerCase(),headlessIndicators=["headlesschrome","headless","phantomjs","nightmare","selenium","webdriver","puppeteer","playwright"],botIndicators=["bot","crawler","spider","scraper","curl","wget","python-requests","python-urllib","java/","httpclient","go-http-client","node-fetch","axios","postman","insomnia","httpie"],isHeadless=headlessIndicators.some((indicator)=>ua.includes(indicator)),isBot=botIndicators.some((indicator)=>ua.includes(indicator)),isSuspicious=isHeadless||isBot,suspiciousPatterns=[];if(isHeadless)suspiciousPatterns.push("headless_browser");if(isBot)suspiciousPatterns.push("bot_user_agent");if(!ua||ua.length<10)suspiciousPatterns.push("missing_or_short_ua");if(ua==="mozilla/5.0")suspiciousPatterns.push("generic_ua");if(ua.includes("nucleusserveraction")||ua.includes("serveraction"))suspiciousPatterns.push("server_action");let deviceType="unknown";if(ua.includes("ipad"))deviceType="tablet";else if(ua.includes("iphone"))deviceType="mobile";else if(ua.includes("macintosh")||ua.includes("windows")&&!ua.includes("windows phone")||ua.includes("linux")&&!ua.includes("android"))deviceType="desktop";else if(ua.includes("tablet")||ua.includes("android")&&ua.includes("tablet"))deviceType="tablet";else if(ua.includes("mobile")||ua.includes("android"))deviceType="mobile";let browserName,browserVersion;if(isHeadless)browserName="Headless Browser";else if(isBot)browserName="Bot/Crawler";else if(ua.includes("edg")){browserName="Edge";let match=userAgent.match(/Edg\/(\d+\.\d+)/i);if(match?.[1])browserVersion=match[1]}else if(ua.includes("opr/")||ua.includes("opera")){browserName="Opera";let match=userAgent.match(/OPR\/(\d+\.\d+)/i)||userAgent.match(/Opera\/(\d+\.\d+)/i);if(match?.[1])browserVersion=match[1]}else if(ua.includes("samsungbrowser")){browserName="Samsung Internet";let match=userAgent.match(/SamsungBrowser\/(\d+\.\d+)/i);if(match?.[1])browserVersion=match[1]}else if(ua.includes("crios")){browserName="Chrome";let match=userAgent.match(/CriOS\/(\d+\.\d+)/i);if(match?.[1])browserVersion=match[1]}else if(ua.includes("fxios")){browserName="Firefox";let match=userAgent.match(/FxiOS\/(\d+\.\d+)/i);if(match?.[1])browserVersion=match[1]}else if(ua.includes("chrome")){browserName="Chrome";let match=userAgent.match(/Chrome\/(\d+\.\d+)/i);if(match?.[1])browserVersion=match[1]}else if(ua.includes("firefox")){browserName="Firefox";let match=userAgent.match(/Firefox\/(\d+\.\d+)/i);if(match?.[1])browserVersion=match[1]}else if(ua.includes("safari")){browserName="Safari";let match=userAgent.match(/Version\/(\d+\.\d+)/i);if(match?.[1])browserVersion=match[1]}let osName,osVersion;if(ua.includes("windows nt 10"))osName="Windows",osVersion="10/11";else if(ua.includes("windows nt"))osName="Windows";else if(ua.includes("iphone")||ua.includes("ipad")){osName="iOS";let match=userAgent.match(/OS (\d+[._]\d+)/i);if(match?.[1])osVersion=match[1].replace("_",".")}else if(ua.includes("mac os x")){osName="macOS";let match=userAgent.match(/Mac OS X (\d+[._]\d+)/i);if(match?.[1])osVersion=match[1].replace("_",".")}else if(ua.includes("android")){osName="Android";let match=userAgent.match(/Android (\d+\.?\d*)/i);if(match?.[1])osVersion=match[1]}else if(ua.includes("linux"))osName="Linux";if(!browserName&&clientHints?.uaHeader){let brands=[...clientHints.uaHeader.matchAll(/"([^"]+)";v="([^"]+)"/g)].map((m)=>({brand:m[1]??"",version:m[2]??""})).filter((b)=>b.brand&&!/not.?a.?brand/i.test(b.brand)),preferred=brands.find((b)=>/google chrome|microsoft edge|opera|firefox|safari/i.test(b.brand))??brands.find((b)=>!/chromium/i.test(b.brand))??brands[0];if(preferred)browserName=preferred.brand.replace(/^Google /,"").replace(/^Microsoft /,""),browserVersion=preferred.version}if(!osName&&clientHints?.platformHeader)osName=clientHints.platformHeader.replace(/"/g,"").trim()||osName;if(deviceType==="unknown"&&clientHints?.mobileHeader==="?1")deviceType="mobile";return{deviceName:browserName&&osName?`${browserName} on ${osName}`:browserName?browserName:osName?osName:deviceType!=="unknown"?deviceType.charAt(0).toUpperCase()+deviceType.slice(1):labelFromRawUserAgent(userAgent)??"Unknown Device",deviceType,browserName,browserVersion,osName,osVersion,ipAddress,userAgent,deviceHint,locationCountry:void 0,locationCity:void 0,isHeadless,isBot,isSuspicious,suspiciousPatterns}}var init_utils7=()=>{};function deviceContextFromRequest(request){let rawFwd=request.headers.get("x-forwarded-for")?.split(",")[0]?.trim(),isPrivate=(ip)=>!ip||ip==="127.0.0.1"||ip==="::1"||ip==="localhost"||ip.startsWith("10.")||ip.startsWith("192.168.")||ip.startsWith("172.");return{ipAddress:request.headers.get("cf-connecting-ip")?.trim()||request.headers.get("true-client-ip")?.trim()||(!isPrivate(rawFwd)?rawFwd:void 0)||request.headers.get("x-real-ip")?.trim()||rawFwd||"127.0.0.1",userAgent:request.headers.get("user-agent")||"",clientHints:{uaHeader:request.headers.get("sec-ch-ua")??void 0,platformHeader:request.headers.get("sec-ch-ua-platform")??void 0,mobileHeader:request.headers.get("sec-ch-ua-mobile")??void 0}}}function ensureDeviceInfo(info,clientHints){if(info.browserName&&info.osName&&info.deviceName)return info;let parsed=info.userAgent?parseUserAgentForLogin(info.userAgent,info.ipAddress,info.deviceHint,clientHints):void 0;return{ipAddress:info.ipAddress,userAgent:info.userAgent,deviceHint:info.deviceHint,deviceName:info.deviceName??parsed?.deviceName??"Unknown Device",deviceType:info.deviceType&&info.deviceType!=="unknown"?info.deviceType:parsed?.deviceType??info.deviceType??"unknown",browserName:info.browserName??parsed?.browserName,browserVersion:info.browserVersion??parsed?.browserVersion,osName:info.osName??parsed?.osName,osVersion:info.osVersion??parsed?.osVersion,locationCountry:info.locationCountry,locationCity:info.locationCity}}var init_deviceInfo=__esm(()=>{init_utils7()});function resolveAppOrigin(request,fallbackUrl,allowedOrigins){let fallbackOrigin="";if(fallbackUrl)try{fallbackOrigin=new URL(fallbackUrl).origin}catch{}let trusted=[...fallbackOrigin?[fallbackOrigin]:[],...allowedOrigins??[]],candidates=[],appOrigin=request.headers.get("x-app-origin");if(appOrigin)candidates.push(appOrigin.replace(/\/+$/,""));let origin=request.headers.get("origin");if(origin)candidates.push(origin.replace(/\/+$/,""));let forwardedHost=request.headers.get("x-forwarded-host")?.split(",")[0]?.trim();if(forwardedHost){let proto=request.headers.get("x-forwarded-proto")?.split(",")[0]?.trim()||"https";candidates.push(`${proto}://${forwardedHost}`)}for(let candidate of candidates)if(isOriginTrusted(candidate,trusted))return candidate;return fallbackOrigin}function extractConfiguredPath(configuredUrl,defaultPath){if(!configuredUrl)return defaultPath;try{return new URL(configuredUrl).pathname}catch{return configuredUrl.startsWith("/")?configuredUrl:defaultPath}}function buildEmailActionLink(params){let{request,configuredUrl,path:path2,query,allowedOrigins}=params,origin=resolveAppOrigin(request,configuredUrl,allowedOrigins),normalizedPath=path2.startsWith("/")?path2:`/${path2}`,queryString=new URLSearchParams(query).toString();return`${origin}${normalizedPath}${queryString?`?${queryString}`:""}`}var originHost=(value)=>{try{return new URL(value).host.toLowerCase()}catch{return value.includes("://")?null:value.toLowerCase().replace(/[/?#].*$/,"")||null}},isOriginTrusted=(candidate,trusted)=>{let candHost=originHost(candidate);if(!candHost)return!1;for(let entry of trusted){let tHost=originHost(entry);if(!tHost)continue;if(tHost.startsWith("*.")){let base=tHost.slice(2);if(candHost===base||candHost.endsWith(`.${base}`))return!0}else if(candHost===tHost)return!0}return!1};import{randomUUID as randomUUID5}from"crypto";import path2 from"path";function mergeStorageConfig(config){if(!config)return DEFAULT_STORAGE_CONFIG;return{enabled:config.enabled??DEFAULT_STORAGE_CONFIG.enabled,basePath:config.basePath??DEFAULT_STORAGE_CONFIG.basePath,maxFileSizeBytes:config.maxFileSizeBytes??DEFAULT_STORAGE_CONFIG.maxFileSizeBytes,allowedMimeTypes:config.allowedMimeTypes??DEFAULT_STORAGE_CONFIG.allowedMimeTypes,blockedMimeTypes:config.blockedMimeTypes??DEFAULT_STORAGE_CONFIG.blockedMimeTypes,formData:{filesField:config.formData?.filesField??DEFAULT_STORAGE_CONFIG.formData.filesField,dataField:config.formData?.dataField??DEFAULT_STORAGE_CONFIG.formData.dataField,maxFiles:config.formData?.maxFiles??DEFAULT_STORAGE_CONFIG.formData.maxFiles}}}function parseFormDataBody(body,config){let result={data:{},files:[]};if(!body||typeof body!=="object")return result;let bodyObj=body,dataField=bodyObj[config.formData.dataField];if(dataField){if(typeof dataField==="string")try{result.data=JSON.parse(dataField)}catch{result.data={}}else if(typeof dataField==="object")result.data=dataField}let filesField=bodyObj[config.formData.filesField];if(filesField){if(filesField instanceof File)result.files=[filesField];else if(Array.isArray(filesField))result.files=filesField.filter((f)=>f instanceof File)}return result}function validateFile(file,config){if(file.size>config.maxFileSizeBytes)return{valid:!1,error:`File ${file.name} exceeds maximum size of ${config.maxFileSizeBytes} bytes`};if(config.blockedMimeTypes.length>0&&config.blockedMimeTypes.includes(file.type))return{valid:!1,error:`File type ${file.type} is not allowed`};if(config.allowedMimeTypes.length>0&&!config.allowedMimeTypes.includes(file.type))return{valid:!1,error:`File type ${file.type} is not in allowed list`};return{valid:!0}}async function uploadFile(file,config,subFolder){let id=randomUUID5(),ext=path2.extname(file.name),uniqueName=`${id}${ext}`,folderPath=subFolder?path2.join(config.basePath,subFolder):config.basePath,arrayBuffer=await file.arrayBuffer(),buffer=new Uint8Array(arrayBuffer);return await fileManager.createFile({dir:folderPath,name:uniqueName,data:buffer,options:{type:file.type,createDir:!0}}),{id,name:uniqueName,originalName:file.name,path:folderPath,mimeType:file.type,size:file.size,createdAt:new Date}}async function uploadFiles(files,config,subFolder){let success=[],failed=[];for(let file of files.slice(0,config.formData.maxFiles)){let validation=validateFile(file,config);if(!validation.valid){failed.push({file:file.name,error:validation.error||"Unknown error"});continue}try{let result=await uploadFile(file,config,subFolder);success.push(result)}catch(error){failed.push({file:file.name,error:error instanceof Error?error.message:"Upload failed"})}}return{success,failed}}function isPathWithinBase(base,target2){let resolvedBase=path2.resolve(base),resolvedTarget=path2.resolve(target2);return resolvedTarget===resolvedBase||resolvedTarget.startsWith(resolvedBase+path2.sep)}async function deleteFile(filePath,fileName,storageBase){try{let fullPath=path2.join(filePath,fileName);if(storageBase&&!isPathWithinBase(storageBase,fullPath))return!1;return await fileManager.deleteFile(fullPath)}catch{return!1}}var DEFAULT_STORAGE_CONFIG;var init_helpers2=__esm(()=>{init_File();DEFAULT_STORAGE_CONFIG={enabled:!1,basePath:"./uploads",maxFileSizeBytes:104857600,allowedMimeTypes:[],blockedMimeTypes:["application/x-executable","application/x-msdos-program","text/html","application/xhtml+xml","image/svg+xml","application/xml","text/xml","application/javascript","text/javascript","application/x-httpd-php"],formData:{filesField:"files",dataField:"data",maxFiles:10}}});import path3 from"path";import Elysia4,{t as t3}from"elysia";function mergeCdnConfig(config){if(!config)return DEFAULT_CDN_CONFIG;return{enabled:config.enabled??DEFAULT_CDN_CONFIG.enabled,basePath:config.basePath??DEFAULT_CDN_CONFIG.basePath,cacheMaxAge:config.cacheMaxAge??DEFAULT_CDN_CONFIG.cacheMaxAge,enableRangeRequests:config.enableRangeRequests??DEFAULT_CDN_CONFIG.enableRangeRequests,enableEtag:config.enableEtag??DEFAULT_CDN_CONFIG.enableEtag,corsOrigins:config.corsOrigins??DEFAULT_CDN_CONFIG.corsOrigins}}function getMimeTypeDisposition(mimeType){let normalized=mimeType.split(";")[0]?.trim().toLowerCase()??"";if(NEVER_INLINE.has(normalized))return"attachment";let inlineTypes=["image/","video/","audio/","text/","application/pdf"];for(let type of inlineTypes)if(normalized.startsWith(type)||normalized===type)return"inline";return"attachment"}function sanitizeFilename(filename){return filename.replace(/[^A-Za-z0-9._-]+/g,"_").replace(/_{2,}/g,"_").slice(0,200)}function isTraversalId(id){return id.includes("/")||id.includes("\\")||id.includes("..")||id.includes("\x00")}function resolveTenantSchema(request){return request.headers.get("x-tenant-schema")||void 0}function createCdnRoutes(config){let{cdn,storagePath,logger:logger2,getFileRecord}=config,plugin=new Elysia4({prefix:cdn.basePath});if(!cdn.enabled)return plugin;return plugin.get("/:id",async({params,request,set})=>{let{id}=params;if(isTraversalId(id))return set.status=400,{success:!1,message:"Invalid file id"};let schemaName=resolveTenantSchema(request),filePath,fileName,mimeType;if(getFileRecord){let fileRecord=await getFileRecord(id,schemaName);if(!fileRecord)return set.status=404,{success:!1,message:"File not found"};filePath=path3.join(fileRecord.path,fileRecord.name),fileName=fileRecord.name,mimeType=fileRecord.mimeType||fileRecord.mime_type||"application/octet-stream"}else filePath=path3.join(storagePath,id),fileName=id,mimeType="application/octet-stream";if(!isPathWithinBase(storagePath,filePath))return set.status=404,{success:!1,message:"File not found"};if(!await fileManager.exists(filePath))return set.status=404,{success:!1,message:"Physical file not found"};let fileInfo=await fileManager.getFileInfo(filePath),lastModified=new Date(fileInfo.modifiedAt||Date.now()).toUTCString(),etag=cdn.enableEtag?`"${fileInfo.size}-${fileInfo.modifiedAt?.getTime()||Date.now()}"`:void 0,cacheHeaders={"Cache-Control":`public, max-age=${cdn.cacheMaxAge}`,"Last-Modified":lastModified};if(etag)cacheHeaders.ETag=etag;if(cdn.corsOrigins.length>0)cacheHeaders["Access-Control-Allow-Origin"]=cdn.corsOrigins[0]==="*"?"*":cdn.corsOrigins.join(", "),cacheHeaders["Access-Control-Allow-Methods"]="GET, HEAD, OPTIONS";let dispositionType=getMimeTypeDisposition(mimeType),asciiFallbackName=sanitizeFilename(fileName),encodedUtf8Name=encodeURIComponent(fileName),contentDisposition=`${dispositionType}; filename="${asciiFallbackName}"; filename*=UTF-8''${encodedUtf8Name}`,ifNoneMatch=request.headers.get("if-none-match");if(etag&&ifNoneMatch===etag)return new Response(null,{status:304,headers:cacheHeaders});let bunFile=Bun.file(filePath),range=request.headers.get("range");if(cdn.enableRangeRequests&&range){let rangeMatch=range.match(/bytes=(\d*)-(\d*)/);if(!rangeMatch)return set.status=416,new Response("Range not satisfiable",{status:416,headers:{"Content-Range":`bytes */${fileInfo.size}`,"Content-Type":mimeType,"X-Content-Type-Options":"nosniff",...cacheHeaders}});let startStr=rangeMatch[1]||"0",endStr=rangeMatch[2]||"",start=parseInt(startStr,10),end=endStr?parseInt(endStr,10):fileInfo.size-1;if(start>=fileInfo.size||end>=fileInfo.size||start>end)return new Response("Range not satisfiable",{status:416,headers:{"Content-Range":`bytes */${fileInfo.size}`,"Content-Type":mimeType,"X-Content-Type-Options":"nosniff",...cacheHeaders}});let chunkSize=end-start+1,chunkBlob=bunFile.slice(start,end+1);return new Response(chunkBlob,{status:206,headers:{"Content-Range":`bytes ${start}-${end}/${fileInfo.size}`,"Accept-Ranges":"bytes","Content-Length":chunkSize.toString(),"Content-Type":mimeType,"Content-Disposition":contentDisposition,"X-Content-Type-Options":"nosniff",...cacheHeaders}})}return new Response(bunFile,{status:200,headers:{"Content-Length":fileInfo.size.toString(),"Content-Type":mimeType,"Accept-Ranges":cdn.enableRangeRequests?"bytes":"none","Content-Disposition":contentDisposition,"X-Content-Type-Options":"nosniff",...cacheHeaders}})},{params:t3.Object({id:t3.String()}),detail:{tags:["CDN"],summary:"Get file by ID",description:"Serve file with streaming, range requests, and caching support"}}),plugin.head("/:id",async({params,request,set})=>{let{id}=params;if(isTraversalId(id))return set.status=400,new Response(null,{status:400});let schemaName=resolveTenantSchema(request),filePath,mimeType;if(getFileRecord){let fileRecord=await getFileRecord(id,schemaName);if(!fileRecord)return set.status=404,new Response(null,{status:404});filePath=path3.join(fileRecord.path,fileRecord.name),mimeType=fileRecord.mime_type||"application/octet-stream"}else filePath=path3.join(storagePath,id),mimeType="application/octet-stream";if(!isPathWithinBase(storagePath,filePath))return set.status=404,new Response(null,{status:404});if(!await fileManager.exists(filePath))return set.status=404,new Response(null,{status:404});let fileInfo=await fileManager.getFileInfo(filePath),lastModified=new Date(fileInfo.modifiedAt||Date.now()).toUTCString(),etag=cdn.enableEtag?`"${fileInfo.size}-${fileInfo.modifiedAt?.getTime()||Date.now()}"`:void 0,headers={"Content-Length":fileInfo.size.toString(),"Content-Type":mimeType,"Accept-Ranges":cdn.enableRangeRequests?"bytes":"none","Cache-Control":`public, max-age=${cdn.cacheMaxAge}`,"Last-Modified":lastModified};if(etag)headers.ETag=etag;if(cdn.corsOrigins.length>0)headers["Access-Control-Allow-Origin"]=cdn.corsOrigins[0]==="*"?"*":cdn.corsOrigins.join(", "),headers["Access-Control-Allow-Methods"]="GET, HEAD, OPTIONS";return new Response(null,{status:200,headers})},{params:t3.Object({id:t3.String()}),detail:{tags:["CDN"],summary:"Get file metadata",description:"Get file headers without body for preflight checks"}}),logger2.info(`[CDN] Routes enabled at ${cdn.basePath}`),plugin}var DEFAULT_CDN_CONFIG,NEVER_INLINE;var init_cdn=__esm(()=>{init_File();init_helpers2();DEFAULT_CDN_CONFIG={enabled:!0,basePath:"/cdn",cacheMaxAge:86400,enableRangeRequests:!0,enableEtag:!0,corsOrigins:["*"]};NEVER_INLINE=new Set(["text/html","application/xhtml+xml","image/svg+xml","application/xml","text/xml","application/javascript","text/javascript","application/ecmascript","text/ecmascript","application/x-httpd-php"])});function buildFileRecordPayload(upload,userId){return{id:upload.id,name:upload.name,originalName:upload.originalName,path:upload.path,mimeType:upload.mimeType,size:upload.size,extension:upload.originalName.split(".").pop()||"",uploadedBy:userId??null}}async function persistUploadedFiles(args){let{db,filesTable,files,storageConfig,subFolder,userId}=args,uploaded=await uploadFiles(files,storageConfig,subFolder),records=[];for(let upload of uploaded.success){let payload=buildFileRecordPayload(upload,userId);payload.createdBy=userId??null,await db.insert(filesTable).values(payload),records.push({id:upload.id,name:upload.name,originalName:upload.originalName,path:upload.path,mimeType:upload.mimeType,size:upload.size,extension:payload.extension})}return{records,failed:uploaded.failed}}var init_file_record=__esm(()=>{init_helpers2()});var exports_storage={};__export(exports_storage,{validateFile:()=>validateFile,uploadFiles:()=>uploadFiles,uploadFile:()=>uploadFile,persistUploadedFiles:()=>persistUploadedFiles,parseFormDataBody:()=>parseFormDataBody,mergeStorageConfig:()=>mergeStorageConfig,mergeCdnConfig:()=>mergeCdnConfig,deleteFile:()=>deleteFile,createCdnRoutes:()=>createCdnRoutes,buildFileRecordPayload:()=>buildFileRecordPayload});var init_storage2=__esm(()=>{init_cdn();init_file_record();init_helpers2()});var exports_helpers={};__export(exports_helpers,{scanEnvVars:()=>scanEnvVars,readOverridesFromRedis:()=>readOverridesFromRedis,persistSectionToRedis:()=>persistSectionToRedis,persistConfigToDisk:()=>persistConfigToDisk,maskUrlCredentials:()=>maskUrlCredentials,maskSensitiveFields:()=>maskSensitiveFields,loadOverridesFromRedis:()=>loadOverridesFromRedis,isRestartRequired:()=>isRestartRequired,hasSection:()=>hasSection,extractSection:()=>extractSection,deepMerge:()=>deepMerge,clearOverridesFromRedis:()=>clearOverridesFromRedis,buildSectionsMeta:()=>buildSectionsMeta,applySectionUpdate:()=>applySectionUpdate});var SENSITIVE_KEY_PATTERNS,FORBIDDEN_SECTION_KEYS,isSensitiveKey=(key2)=>SENSITIVE_KEY_PATTERNS.some((pattern)=>pattern.test(key2)),URL_CREDENTIALS,maskUrlCredentials=(value)=>value.replace(URL_CREDENTIALS,"$1***$2"),RESTART_REQUIRED_KEYS,asRecord=(config)=>config,maskSensitiveFields=(obj)=>{let result={};for(let[key2,value]of Object.entries(obj)){if(isSensitiveKey(key2)&&typeof value==="string"){result[key2]="***";continue}if(Array.isArray(value)){result[key2]=value.map((item)=>typeof item==="object"&&item!==null?maskSensitiveFields(item):item);continue}if(typeof value==="object"&&value!==null){result[key2]=maskSensitiveFields(value);continue}result[key2]=typeof value==="string"?maskUrlCredentials(value):value}return result},buildSectionsMeta=(config)=>{let record=asRecord(config);return Object.keys(record).filter((key2)=>record[key2]!==void 0).map((key2)=>{let value=record[key2],type=Array.isArray(value)?"array":typeof value==="object"&&value!==null?"object":"primitive";return{key:key2,type,restartRequired:RESTART_REQUIRED_KEYS.has(key2)}})},extractSection=(config,section)=>asRecord(config)[section],hasSection=(config,section)=>Object.hasOwn(asRecord(config),section),applySectionUpdate=(config,section,value)=>{if(FORBIDDEN_SECTION_KEYS.has(section))return;asRecord(config)[section]=value},isRestartRequired=(section)=>RESTART_REQUIRED_KEYS.has(section),ENV_VAR_PATTERN,scanEnvVars=(obj,parentPath="")=>{let entries=[];for(let[key2,value]of Object.entries(obj)){let currentPath=parentPath?`${parentPath}.${key2}`:key2;if(typeof value==="string"&&ENV_VAR_PATTERN.test(value)){let envValue=process.env[value];entries.push({configPath:currentPath,envName:value,resolved:envValue!==void 0,value:envValue!==void 0?isSensitiveKey(key2)?"***":maskUrlCredentials(envValue):null});continue}if(Array.isArray(value)){for(let i=0;i<value.length;i++){let item=value[i];if(typeof item==="object"&&item!==null)entries.push(...scanEnvVars(item,`${currentPath}[${i}]`))}continue}if(typeof value==="object"&&value!==null)entries.push(...scanEnvVars(value,currentPath))}return entries},buildRedisKey=(appId)=>`nucleus:config:overrides:${appId}`,persistConfigToDisk=async(configFilePath,config)=>{let fs4=__require("fs"),record=asRecord(config),persistable={};for(let[k,v]of Object.entries(record))if(k!=="configManagement")persistable[k]=v;let content=JSON.stringify(persistable,null,2);fs4.writeFileSync(configFilePath,content,"utf-8")},persistSectionToRedis=async(redis,appId,section,value)=>{let redisKey=buildRedisKey(appId),existing=await redis.read(redisKey),overrides=existing.success&&existing.data?existing.data:{};overrides[section]=value,await redis.create(redisKey,JSON.stringify(overrides))},readOverridesFromRedis=async(redis,appId)=>{let redisKey=buildRedisKey(appId),result=await redis.read(redisKey);if(!result.success||!result.data)return null;return result.data},clearOverridesFromRedis=async(redis,appId)=>{let redisKey=buildRedisKey(appId);await redis.create(redisKey,JSON.stringify({}))},loadOverridesFromRedis=async(redis,appId,config)=>{let redisKey=buildRedisKey(appId),result=await redis.read(redisKey);if(!result.success||!result.data)return[];let overrides=result.data,appliedSections=[],record=asRecord(config);for(let[section,value]of Object.entries(overrides)){if(FORBIDDEN_SECTION_KEYS.has(section))continue;let current=record[section];if(typeof value==="object"&&value!==null&&!Array.isArray(value)&&typeof current==="object"&&current!==null&&!Array.isArray(current))record[section]=deepMerge(current,value);else record[section]=value;appliedSections.push(section)}return appliedSections},deepMerge=(target2,source)=>{let result={...target2};for(let[key2,sourceValue]of Object.entries(source)){if(FORBIDDEN_SECTION_KEYS.has(key2))continue;let targetValue=target2[key2];if(typeof sourceValue==="object"&&sourceValue!==null&&!Array.isArray(sourceValue)&&typeof targetValue==="object"&&targetValue!==null&&!Array.isArray(targetValue))result[key2]=deepMerge(targetValue,sourceValue);else result[key2]=sourceValue}return result};var init_helpers3=__esm(()=>{SENSITIVE_KEY_PATTERNS=[/secret/i,/password/i,/token/i,/^apiKey$/i,/^secretKey$/i,/^webhookSecret$/i,/connection_string/i,/connectionString/i,/^clientSecret$/i,/json_file_path/i,/key$/i,/salt/i,/passphrase/i,/credential/i],FORBIDDEN_SECTION_KEYS=new Set(["__proto__","constructor","prototype"]),URL_CREDENTIALS=/^([a-z][a-z0-9+.-]*:\/\/[^/\s:@]*:)[^/\s@]+(@)/i,RESTART_REQUIRED_KEYS=new Set(["appId","mode","database","redis","authentication","authorization","email","payment","entities"]),ENV_VAR_PATTERN=/^[A-Z][A-Z0-9_]{2,}$/});function hasGodminRole(request){return decodeHeaderList(request.headers.get("x-user-roles")).some((r)=>isGodminRole(r))}async function userHasGodminRoleInDb(db,schemaTables,userId,logger2){if(!userId||!db)return!1;let userRolesTable=schemaTables[AUTHORIZATION_TABLE_KEYS.userRoles],rolesTable=schemaTables[AUTHORIZATION_TABLE_KEYS.roles];if(!userRolesTable||!rolesTable)return!1;try{let{eq:eq27}=await import("drizzle-orm"),ur=userRolesTable,r=rolesTable;return(await db.select({roleName:r.name}).from(userRolesTable).innerJoin(rolesTable,eq27(ur.roleId,r.id)).where(eq27(ur.userId,userId))).some((row)=>isGodminRole(String(row.roleName??"")))}catch(err){return logger2.warn("[AdminGuard] Failed to check godmin role from DB",{error:err instanceof Error?err.message:String(err)}),!1}}async function isGodminRequest(request,deps){if(decodeHeaderList(request.headers.get("x-user-roles")).some((r)=>isGodminRole(r)))return!0;let userId=request.headers.get("x-user-id"),{db,schemaTables,logger:logger2}=deps;if(userId&&db&&schemaTables.users)try{let{eq:eq27}=await import("drizzle-orm"),usersTable=schemaTables.users;if((await db.select().from(usersTable).where(eq27(usersTable.id,userId)).limit(1))[0]?.isGod===!0)return!0}catch(err){logger2.warn("[AdminGuard] Failed to check isGod from DB",{error:err instanceof Error?err.message:String(err)})}return!1}function createGodminGuard(deps,label="this operation"){return async({request,set})=>{if(!request.headers.get("x-user-id"))return set.status=401,Response.json({isSuccess:!1,success:!1,message:"Authentication required",data:null});if(!await isGodminRequest(request,deps))return set.status=403,Response.json({isSuccess:!1,success:!1,message:`Forbidden: ${label} requires godmin privileges`,data:null});return}}var init_adminGuard=__esm(()=>{init_Authorization();init_types3()});var exports_ack_manager={};__export(exports_ack_manager,{storePendingMessage:()=>storePendingMessage,removePendingMessage:()=>removePendingMessage,recordSent:()=>recordSent,recordFailed:()=>recordFailed,recordAcked:()=>recordAcked,initAckCleanup:()=>initAckCleanup,incrementRetryCount:()=>incrementRetryCount,getPendingMessagesForUser:()=>getPendingMessagesForUser,getPendingMessageCount:()=>getPendingMessageCount,getDeliveryStats:()=>getDeliveryStats,generateMessageId:()=>generateMessageId,destroyAckCleanup:()=>destroyAckCleanup,acknowledgeMessage:()=>acknowledgeMessage});function cleanupRecentAcks(){let now=Date.now();for(let[key2,timestamp]of recentAcks)if(now-timestamp>1e4)recentAcks.delete(key2)}function initAckCleanup(){if(cleanupInterval)return;cleanupInterval=setInterval(cleanupRecentAcks,30000),cleanupInterval.unref?.()}function destroyAckCleanup(){if(cleanupInterval)clearInterval(cleanupInterval),cleanupInterval=null}function generateMessageId(){return`msg_${Date.now()}_${Math.random().toString(36).substring(2,11)}`}async function storePendingMessage(redis,message,ttlSeconds){if(!message.userId)return;let key2=`pubsub:pending:user:${message.userId}:${message.messageId}`,setKey=`pubsub:user:pending-set:${message.userId}`;await redis.create(key2,message,ttlSeconds);let existingResult=await redis.read(setKey),existingSet=existingResult.success&&existingResult.data?existingResult.data:[];if(!existingSet.includes(message.messageId))existingSet.push(message.messageId),await redis.create(setKey,existingSet,ttlSeconds)}async function acknowledgeMessage(redis,userId,messageId,ttlSeconds){let dedupKey=`${userId}:${messageId}`;if(recentAcks.has(dedupKey))return!1;let pendingKey=`pubsub:pending:user:${userId}:${messageId}`,setKey=`pubsub:user:pending-set:${userId}`,ackKey=`pubsub:ack:${userId}:${messageId}`,pendingResult=await redis.read(pendingKey);if(!pendingResult.success||!pendingResult.data)return recentAcks.set(dedupKey,Date.now()),!1;recentAcks.set(dedupKey,Date.now());let pending=pendingResult.data,ack={messageId,clientId:pending.clientId,ackedAt:Date.now()};await redis.create(ackKey,ack,60),await redis.remove(pendingKey);let setResult=await redis.read(setKey),updatedSet=(setResult.success&&setResult.data?setResult.data:[]).filter((id)=>id!==messageId);if(updatedSet.length>0)await redis.create(setKey,updatedSet,ttlSeconds);else await redis.remove(setKey);let latencyMs=Date.now()-pending.sentAt;return recordAcked(latencyMs),!0}async function getPendingMessagesForUser(redis,userId){if(!userId)return[];let setKey=`pubsub:user:pending-set:${userId}`,setResult=await redis.read(setKey),messageIds=setResult.success&&setResult.data?setResult.data:[],messages=[];for(let messageId of messageIds){let key2=`pubsub:pending:user:${userId}:${messageId}`,msgResult=await redis.read(key2);if(msgResult.success&&msgResult.data)messages.push(msgResult.data)}return messages.sort((a,b)=>a.sentAt-b.sentAt),messages}async function getPendingMessageCount(redis,userId){if(!userId)return 0;let setKey=`pubsub:user:pending-set:${userId}`,setResult=await redis.read(setKey);return(setResult.success&&setResult.data?setResult.data:[]).length}async function incrementRetryCount(redis,userId,messageId,ttlSeconds,maxRetries){let key2=`pubsub:pending:user:${userId}:${messageId}`,msgResult=await redis.read(key2);if(!msgResult.success||!msgResult.data)return!1;let message={...msgResult.data,retryCount:msgResult.data.retryCount+1};if(message.retryCount>=maxRetries)return await removePendingMessage(redis,userId,messageId),recordFailed(),!1;return await redis.create(key2,message,ttlSeconds),!0}async function removePendingMessage(redis,userId,messageId){let key2=`pubsub:pending:user:${userId}:${messageId}`,setKey=`pubsub:user:pending-set:${userId}`;await redis.remove(key2);let setResult=await redis.read(setKey),updatedSet=(setResult.success&&setResult.data?setResult.data:[]).filter((id)=>id!==messageId);if(updatedSet.length>0)await redis.create(setKey,updatedSet,300);else await redis.remove(setKey)}function recordSent(){stats.totalSent++}function recordAcked(latencyMs){stats.totalAcked++,stats.averageLatencyMs=(stats.averageLatencyMs*(stats.totalAcked-1)+latencyMs)/stats.totalAcked}function recordFailed(){stats.totalFailed++}function getDeliveryStats(){return{...stats}}var recentAcks,cleanupInterval=null,stats;var init_ack_manager=__esm(()=>{recentAcks=new Map;stats={totalSent:0,totalAcked:0,totalFailed:0,averageLatencyMs:0}});var resolveAuthTablesForRequest=(request,authConfig)=>{let defaults={usersTable:authConfig.usersTable,sessionsTable:authConfig.sessionsTable??null,userRolesTable:authConfig.userRolesTable??void 0,rolesTable:authConfig.rolesTable??void 0,roleClaimsTable:authConfig.roleClaimsTable??void 0,claimsTable:authConfig.claimsTable??void 0,oauthAccountsTable:authConfig.oauthAccountsTable??void 0,apiKeysTable:authConfig.apiKeysTable??void 0,schemaTables:authConfig.schemaTables||{}},registry=authConfig.getTenantRegistry?authConfig.getTenantRegistry():authConfig.tenantRegistry;if(!registry)return defaults;let schemaName=request.headers.get("x-tenant-schema");if(!schemaName)return defaults;let ctx=registry.getSchemaContext(schemaName);if(!ctx)return defaults;let tables=ctx.schemaTables;return{usersTable:tables.users??defaults.usersTable,sessionsTable:tables.userSessions??tables.user_sessions??tables.sessions??defaults.sessionsTable,userRolesTable:tables.userRoles??defaults.userRolesTable,rolesTable:tables.roles??defaults.rolesTable,roleClaimsTable:tables.roleClaims??defaults.roleClaimsTable,claimsTable:tables.claims??defaults.claimsTable,oauthAccountsTable:tables.oauthAccounts??defaults.oauthAccountsTable,apiKeysTable:tables.apiKeys??defaults.apiKeysTable,schemaTables:tables}};function resolveMutationSchema(staticSchema,tenantHeader,registry){let schema=staticSchema;if(registry&&tenantHeader){let tctx=registry.getSchemaContext(tenantHeader);if(!tctx)return{ok:!1,reason:"unknown"};schema=tctx.schemaName}if(!SQL_IDENT.test(schema))return{ok:!1,reason:"invalid"};return{ok:!0,schema}}var SQL_IDENT;var init_resolveMutationSchema=__esm(()=>{SQL_IDENT=/^[a-zA-Z_][a-zA-Z0-9_]*$/});import{eq as eq32,sql as sql7}from"drizzle-orm";import{Elysia as Elysia21,t as t18}from"elysia";function createChangeUserIdRoute(config,schemaName="public"){let{db,logger:logger2}=config,routes=new Elysia21;return routes.post("/auth/admin/change-user-id",async(ctx)=>{let{usersTable}=resolveAuthTablesForRequest(ctx.request,config);if(!db||!usersTable)return{success:!1,message:"Database not configured"};let registry=config.getTenantRegistry?config.getTenantRegistry():config.tenantRegistry,schemaResult=resolveMutationSchema(schemaName,ctx.request.headers.get("x-tenant-schema"),registry);if(!schemaResult.ok)return ctx.set.status=400,{success:!1,message:schemaResult.reason==="unknown"?"Unknown tenant schema":"Invalid tenant schema"};let effectiveSchema=schemaResult.schema,requestingUserId=ctx.request.headers.get("x-user-id");if(!requestingUserId)return ctx.set.status=401,{success:!1,message:"Unauthorized"};let requestingUser=(await db.select().from(usersTable).where(eq32(usersTable.id,requestingUserId)).limit(1))[0];if(!requestingUser||!requestingUser.isGod)return ctx.set.status=403,{success:!1,message:"Forbidden: godmin privileges required"};let{currentId,newId}=ctx.body;if(!currentId||!newId)return ctx.set.status=400,{success:!1,message:"currentId and newId are required"};if(currentId===newId)return ctx.set.status=400,{success:!1,message:"New ID must be different from current ID"};let uuidRegex2=/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;if(!uuidRegex2.test(newId))return ctx.set.status=400,{success:!1,message:"newId must be a valid UUID"};if(!uuidRegex2.test(currentId))return ctx.set.status=400,{success:!1,message:"currentId must be a valid UUID"};let targetUser=(await db.select().from(usersTable).where(eq32(usersTable.id,currentId)).limit(1))[0];if(!targetUser)return ctx.set.status=404,{success:!1,message:"User not found"};if((await db.select().from(usersTable).where(eq32(usersTable.id,newId)).limit(1)).length>0)return ctx.set.status=409,{success:!1,message:"A user with this ID already exists"};try{let fkResult=await db.execute(sql7`
396
396
  SELECT
397
397
  tc.constraint_name,
398
398
  tc.table_name,
@@ -410,18 +410,18 @@ ${strMDSAlgs}`)}if(attestationStatementAlg!==void 0&&authenticatorGetInfo?.algor
410
410
  WHERE tc.constraint_type = 'FOREIGN KEY'
411
411
  AND ccu.table_name = 'users'
412
412
  AND ccu.column_name = 'id'
413
- AND tc.table_schema = ${schemaName}
413
+ AND tc.table_schema = ${effectiveSchema}
414
414
  `),fkConstraints=(Array.isArray(fkResult)?fkResult:fkResult.rows||[]).map((r2)=>{let row=r2;return{constraint_name:String(row.constraint_name||""),table_name:String(row.table_name||""),column_name:String(row.column_name||""),delete_rule:String(row.delete_rule||"NO ACTION")}}),userIdResult=await db.execute(sql7`
415
415
  SELECT table_name, column_name
416
416
  FROM information_schema.columns
417
417
  WHERE column_name = 'user_id'
418
- AND table_schema = ${schemaName}
418
+ AND table_schema = ${effectiveSchema}
419
419
  AND table_name != 'users'
420
420
  `),userIdColumns=(Array.isArray(userIdResult)?userIdResult:userIdResult.rows||[]).map((r2)=>{let row=r2;return{table_name:String(row.table_name||""),column_name:String(row.column_name||"")}}),auditColResult=await db.execute(sql7`
421
421
  SELECT table_name, column_name
422
422
  FROM information_schema.columns
423
423
  WHERE column_name IN ('created_by', 'updated_by')
424
- AND table_schema = ${schemaName}
424
+ AND table_schema = ${effectiveSchema}
425
425
  AND data_type = 'uuid'
426
426
  `),auditColumns=(Array.isArray(auditColResult)?auditColResult:auditColResult.rows||[]).map((r2)=>{let row=r2;return{table_name:String(row.table_name||""),column_name:String(row.column_name||"")}}),polyResult=await db.execute(sql7`
427
427
  SELECT c1.table_name
@@ -431,9 +431,9 @@ ${strMDSAlgs}`)}if(attestationStatementAlg!==void 0&&authenticatorGetInfo?.algor
431
431
  AND c1.table_schema = c2.table_schema
432
432
  WHERE c1.column_name = 'owner_id'
433
433
  AND c2.column_name = 'owner_type'
434
- AND c1.table_schema = ${schemaName}
434
+ AND c1.table_schema = ${effectiveSchema}
435
435
  AND c1.data_type = 'uuid'
436
- `),polyTables=(Array.isArray(polyResult)?polyResult:polyResult.rows||[]).map((r2)=>String(r2.table_name||""));logger2.info("[AUTH] Change User ID - discovered schema references",{fkConstraints:fkConstraints.map((f)=>`${f.table_name}.${f.column_name} (${f.constraint_name})`),userIdColumns:userIdColumns.map((u)=>`${u.table_name}.${u.column_name}`),auditColumns:auditColumns.map((a12)=>`${a12.table_name}.${a12.column_name}`),polyTables});let allUpdates=new Map,addUpdate=(tableName,columnName)=>{if(!allUpdates.has(tableName))allUpdates.set(tableName,new Set);allUpdates.get(tableName)?.add(columnName)};for(let fk of fkConstraints)addUpdate(fk.table_name,fk.column_name);for(let col11 of userIdColumns)addUpdate(col11.table_name,col11.column_name);for(let col11 of auditColumns)addUpdate(col11.table_name,col11.column_name);logger2.info("[AUTH] Change User ID - all column updates to execute",{updates:Array.from(allUpdates.entries()).map(([t19,cols])=>`${t19}: [${Array.from(cols).join(", ")}]`)}),await db.transaction(async(tx)=>{for(let fk of fkConstraints)await tx.execute(sql7.raw(`ALTER TABLE "${schemaName}"."${fk.table_name}" DROP CONSTRAINT "${fk.constraint_name}"`));await tx.execute(sql7.raw(`UPDATE "${schemaName}"."users" SET "id" = '${newId}' WHERE "id" = '${currentId}'`));for(let[tableName,columns]of allUpdates.entries())for(let columnName of columns)await tx.execute(sql7.raw(`UPDATE "${schemaName}"."${tableName}" SET "${columnName}" = '${newId}' WHERE "${columnName}" = '${currentId}'`));for(let tableName of polyTables)await tx.execute(sql7.raw(`UPDATE "${schemaName}"."${tableName}" SET "owner_id" = '${newId}' WHERE "owner_id" = '${currentId}' AND "owner_type" IN ('user', 'users', 'User')`));for(let fk of fkConstraints){let onDelete=fk.delete_rule==="CASCADE"?"ON DELETE CASCADE":fk.delete_rule==="SET NULL"?"ON DELETE SET NULL":"";await tx.execute(sql7.raw(`ALTER TABLE "${schemaName}"."${fk.table_name}" ADD CONSTRAINT "${fk.constraint_name}" FOREIGN KEY ("${fk.column_name}") REFERENCES "${schemaName}"."users" ("id") ${onDelete}`))}});let allAffectedTables=[...new Set([...fkConstraints.map((f)=>f.table_name),...userIdColumns.map((u)=>u.table_name),...auditColumns.map((a12)=>a12.table_name),...polyTables])];return logger2.info("[AUTH] User ID changed successfully",{godminId:requestingUserId,currentId,newId,email:targetUser.email,affectedTables:allAffectedTables,fkConstraintsDroppedAndReadded:fkConstraints.length}),await logger2.audit({entityName:"users",entityId:newId,operation:"CHANGE_USER_ID",userId:requestingUserId,summary:`Godmin changed user ID: ${currentId} \u2192 ${newId} (${targetUser.email})`,oldValues:{id:currentId},newValues:{id:newId},ipAddress:ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||"unknown",userAgent:ctx.request.headers.get("user-agent")||"unknown",path:new URL(ctx.request.url).pathname,query:""}),{success:!0,data:{oldId:currentId,newId,email:targetUser.email,affectedTables:allAffectedTables}}}catch(error){return logger2.error("[AUTH] Failed to change user ID",{error:error instanceof Error?error.message:String(error),stack:error instanceof Error?error.stack:void 0,currentId,newId}),ctx.set.status=500,{success:!1,message:error instanceof Error?error.message:"Failed to change user ID"}}},{body:t18.Object({currentId:t18.String(),newId:t18.String()}),detail:{tags:["Authentication"],summary:"Change User ID",description:"Godmin: change a user's UUID while preserving all FK relations, audit columns, and polymorphic references"}}),routes}var init_changeUserId=()=>{};function decideCreateUserAuthz(params){let{callerIsGod,callerRoleNames,allowRoles,requestedRoleNames,godminRoleName}=params,callerIsGodmin=callerIsGod||callerRoleNames.includes(godminRoleName);if(!(callerIsGodmin||callerRoleNames.some((n2)=>allowRoles.includes(n2))))return{allowed:!1,status:403,reason:"not_privileged"};if(requestedRoleNames.includes(godminRoleName)&&!callerIsGodmin)return{allowed:!1,status:403,reason:"godmin_assignment_forbidden"};if(!callerIsGodmin){let heldByCaller=new Set(callerRoleNames);if(!requestedRoleNames.every((r2)=>heldByCaller.has(r2)))return{allowed:!1,status:403,reason:"role_above_caller"}}return{allowed:!0,callerIsGodmin}}import{eq as eq33,inArray as inArray9}from"drizzle-orm";import{Elysia as Elysia22,t as t19}from"elysia";function createCreateUserRoute(config,createUserConfig){let{db,logger:logger2}=config,routes=new Elysia22;if(createUserConfig?.enabled===!1)return routes;let route=createUserConfig?.route||"/auth/admin/create-user",allowRoles=createUserConfig?.allowRoles??[];return routes.post(route,async(ctx)=>{let resolved=resolveAuthTablesForRequest(ctx.request,config),{usersTable,rolesTable:resolvedRolesTable,userRolesTable:resolvedUserRolesTable,schemaTables}=resolved,profilesTable=schemaTables?.profiles,rolesTable=resolvedRolesTable??config.rolesTable??null,userRolesTable=resolvedUserRolesTable??config.userRolesTable??null;if(!db||!usersTable)return ctx.set.status=500,{success:!1,message:"Database not configured"};let requestingUserId=ctx.request.headers.get("x-user-id");if(!requestingUserId)return ctx.set.status=401,{success:!1,message:"Unauthorized"};let requestingUser=(await db.select().from(usersTable).where(eq33(usersTable.id,requestingUserId)).limit(1))[0];if(!requestingUser)return ctx.set.status=401,{success:!1,message:"Unauthorized"};let callerIsGod=Boolean(requestingUser.isGod),callerRoleNames=[];if(!callerIsGod&&rolesTable&&userRolesTable){let rolesCols=rolesTable,userRolesCols=userRolesTable;callerRoleNames=(await db.select({name:rolesCols.name}).from(userRolesTable).innerJoin(rolesTable,eq33(rolesCols.id,userRolesCols.roleId)).where(eq33(userRolesCols.userId,requestingUserId))).map((r2)=>r2.name)}let requestedRoleIds=ctx.body.roleIds??[],foundRoles=[];if(requestedRoleIds.length>0&&rolesTable){let rolesCols=rolesTable;foundRoles=(await db.select({id:rolesCols.id,name:rolesCols.name}).from(rolesTable).where(inArray9(rolesCols.id,requestedRoleIds))).map((r2)=>({id:r2.id,name:r2.name}))}let decision=decideCreateUserAuthz({callerIsGod,callerRoleNames,allowRoles,requestedRoleNames:foundRoles.map((r2)=>r2.name),godminRoleName:GODMIN_ROLE_NAME});if(!decision.allowed)return logger2.warn("[AUTH] create-user denied",{callerId:requestingUserId,reason:decision.reason}),ctx.set.status=decision.status,{success:!1,message:decision.reason==="godmin_assignment_forbidden"?"Forbidden: assigning the godmin role requires godmin privileges":"Forbidden"};let{email:rawEmail,password:password4,profile}=ctx.body,email=rawEmail.toLowerCase().trim(),passwordValidation=validatePasswordStrength(password4);if(!passwordValidation.valid)return ctx.set.status=400,{success:!1,message:"Password too weak",errors:passwordValidation.errors};if((await db.select().from(usersTable).where(eq33(usersTable.email,email)).limit(1)).length>0)return logger2.warn("[AUTH] create-user failed \u2014 email already exists",{email}),ctx.set.status=409,{success:!1,message:"Email already registered"};let now=new Date,hashedPassword=await hashPassword(password4),insertValues={email,password:hashedPassword,emailVerified:!0,verifiedAt:now,isLocked:!1,createdAt:now,updatedAt:now},newUser=(await db.insert(usersTable).values(insertValues).returning())[0];if(!newUser)return logger2.error("[AUTH] create-user insert returned nothing",{email}),ctx.set.status=500,{success:!1,message:"Failed to create user"};let newUserId=newUser.id;if(requestedRoleIds.length>0&&rolesTable&&userRolesTable)try{let validRoleIds=foundRoles.map((r2)=>r2.id);if(validRoleIds.length>0)await db.insert(userRolesTable).values(validRoleIds.map((roleId)=>({userId:newUserId,roleId})));let skipped=requestedRoleIds.filter((id)=>!validRoleIds.includes(id));if(skipped.length>0)logger2.warn("[AUTH] create-user: some roleIds were not found",{userId:newUserId,skipped});if(foundRoles.some((r2)=>r2.name===GODMIN_ROLE_NAME))await db.update(usersTable).set({isGod:!0}).where(eq33(usersTable.id,newUserId))}catch(err){logger2.warn("[AUTH] create-user: failed to assign roles \u2014 continuing",{userId:newUserId,error:err instanceof Error?err.message:String(err)})}else if(config.authentication?.defaultRole)await assignDefaultRole({db,userId:newUserId,roleName:config.authentication.defaultRole,rolesTable,userRolesTable,logger:logger2});if(profile&&profilesTable)try{await db.insert(profilesTable).values({userId:newUserId,firstName:profile.firstName??null,lastName:profile.lastName??null,phoneNumber:profile.phoneNumber??null,createdAt:now,updatedAt:now})}catch(err){logger2.warn("[AUTH] create-user: failed to create profile \u2014 continuing",{userId:newUserId,error:err instanceof Error?err.message:String(err)})}let reqUrl=new URL(ctx.request.url),auditIp=ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||ctx.request.headers.get("x-real-ip")?.trim()||"unknown",auditUa=ctx.request.headers.get("user-agent")||"unknown";return logger2.audit({entityName:"users",entityId:newUserId,operation:"ADMIN_CREATE_USER",userId:requestingUserId,summary:`Admin ${requestingUserId} created user ${email}`,ipAddress:auditIp,userAgent:auditUa,path:reqUrl.pathname,query:reqUrl.search}),logger2.info("[AUTH] Admin created user",{newUserId,email,createdBy:requestingUserId}),{success:!0,message:"User created successfully",data:{id:newUserId,email}}},{body:CreateUserBodySchema,detail:{tags:["Authentication","Admin"],summary:"Admin Create User",description:"Create a fully active user with a password, roles, and optional profile. Admin-only. No email is sent."}}),routes}var CreateUserBodySchema;var init_createUser=__esm(()=>{init_Authorization();init_assignDefaultRole();init_utils6();CreateUserBodySchema=t19.Object({email:t19.String({format:"email"}),password:t19.String({minLength:8}),roleIds:t19.Optional(t19.Array(t19.String())),profile:t19.Optional(t19.Object({firstName:t19.Optional(t19.String()),lastName:t19.Optional(t19.String()),phoneNumber:t19.Optional(t19.String())}))})});import{eq as eq34}from"drizzle-orm";import{Elysia as Elysia23,t as t20}from"elysia";function createHardDeleteUserRoute(config){let{db,logger:logger2}=config,routes=new Elysia23({name:"nucleus-auth-admin-hard-delete"});return routes.delete("/auth/admin/hard-delete/:userId",async(ctx)=>{let resolved=resolveAuthTablesForRequest(ctx.request,config),{usersTable,userRolesTable,sessionsTable,oauthAccountsTable,apiKeysTable,schemaTables}=resolved;if(!db||!usersTable)return ctx.set.status=500,{success:!1,message:"Database not configured"};let requestingUserId=ctx.request.headers.get("x-user-id");if(!requestingUserId)return ctx.set.status=401,{success:!1,message:"Unauthorized"};if(!(await db.select().from(usersTable).where(eq34(usersTable.id,requestingUserId)).limit(1))[0]?.isGod)return ctx.set.status=403,{success:!1,message:"Forbidden \u2014 only godmin can hard-delete users"};let{userId:targetUserId}=ctx.params;if(targetUserId===requestingUserId)return ctx.set.status=400,{success:!1,message:"Cannot hard-delete yourself"};let targetUser=(await db.select().from(usersTable).where(eq34(usersTable.id,targetUserId)).limit(1))[0];if(!targetUser)return ctx.set.status=404,{success:!1,message:"User not found"};if(targetUser.isGod)return ctx.set.status=403,{success:!1,message:"Cannot hard-delete a godmin user"};let deletedRelations=[],col11=(table,name2)=>table[name2],tryDelete=async(table,columnName,label)=>{if(!table)return;try{await db.delete(table).where(eq34(col11(table,columnName),targetUserId)),deletedRelations.push(label)}catch(err){logger2.warn(`[AUTH] hard-delete: failed to clean ${label}`,{userId:targetUserId,error:err instanceof Error?err.message:String(err)})}};await tryDelete(userRolesTable,"userId","user_roles"),await tryDelete(sessionsTable,"userId","sessions"),await tryDelete(oauthAccountsTable,"userId","oauth_accounts"),await tryDelete(apiKeysTable,"userId","api_keys");let profilesTable=schemaTables?.profiles,addressesTable=schemaTables?.addresses,phonesTable=schemaTables?.phones,filesTable=schemaTables?.files;await tryDelete(profilesTable,"userId","profiles"),await tryDelete(addressesTable,"ownerId","addresses"),await tryDelete(phonesTable,"ownerId","phones"),await tryDelete(filesTable,"uploadedBy","files"),await db.delete(usersTable).where(eq34(usersTable.id,targetUserId));let reqUrl=new URL(ctx.request.url);return logger2.audit({entityName:"users",entityId:targetUserId,operation:"ADMIN_HARD_DELETE_USER",userId:requestingUserId,summary:`Godmin ${requestingUserId} hard-deleted user ${targetUser.email} (${targetUserId}). Cleaned: ${deletedRelations.join(", ")}`,ipAddress:ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||ctx.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:ctx.request.headers.get("user-agent")||"unknown",path:reqUrl.pathname,query:reqUrl.search}),logger2.info("[AUTH] Hard-deleted user",{targetUserId,email:targetUser.email,deletedBy:requestingUserId,cleanedRelations:deletedRelations}),{success:!0,message:"User permanently deleted",data:{userId:targetUserId,email:targetUser.email,cleanedRelations:deletedRelations}}},{params:HardDeleteUserParamsSchema,detail:{tags:["Authentication","Admin"],summary:"Hard Delete User",description:"Permanently delete a user and all related data (roles, sessions, profile, files, etc.). Godmin-only. Irreversible."}}),routes}var HardDeleteUserParamsSchema;var init_hardDeleteUser=__esm(()=>{HardDeleteUserParamsSchema=t20.Object({userId:t20.String()})});var exports_fetchUserRolesAndClaims={};__export(exports_fetchUserRolesAndClaims,{fetchUserRolesAndClaims:()=>fetchUserRolesAndClaims});import{eq as eq35,inArray as inArray10}from"drizzle-orm";var noopLogger,fetchUserRolesAndClaims=async(db,userId,resolved,logger2=noopLogger)=>{let{userRolesTable,rolesTable,roleClaimsTable,claimsTable,usersTable}=resolved,result={roles:[],claims:[],claimScopes:{}};if(!userRolesTable||!rolesTable)return result;let roleIds=(await db.select().from(userRolesTable).where(eq35(userRolesTable.userId,userId))).map((r2)=>r2.roleId);if(roleIds.length===0)return result;let roleRows=await db.select().from(rolesTable).where(inArray10(rolesTable.id,roleIds));if(result.roles=roleRows.map((r2)=>r2.name),roleClaimsTable&&claimsTable){let rows=(await db.select({action:claimsTable.action,scope:roleClaimsTable.scope}).from(roleClaimsTable).innerJoin(claimsTable,eq35(roleClaimsTable.claimId,claimsTable.id)).where(inArray10(roleClaimsTable.roleId,roleIds))).filter((r2)=>typeof r2.action==="string"&&r2.action.length>0).map((r2)=>({action:r2.action,scope:r2.scope??null})),userData;if(rows.some((r2)=>!!r2.scope)&&usersTable)try{userData=(await db.select().from(usersTable).where(eq35(usersTable.id,userId)))[0]}catch(err){logger2.warn("[Authorization] Failed to load user row for scope resolution",{userId,error:err instanceof Error?err.message:String(err)})}let{claimScopes,dropped}=resolveClaimScopes(rows,userData,logger2),droppedSet=new Set(dropped);result.claims=Array.from(new Set(rows.map((r2)=>r2.action))).filter((a12)=>!droppedSet.has(a12)),result.claimScopes=claimScopes}return result};var init_fetchUserRolesAndClaims=__esm(()=>{init_Middleware();noopLogger={debug:()=>{},info:()=>{},warn:()=>{},error:()=>{}}});import{eq as eq36}from"drizzle-orm";import{Elysia as Elysia24,t as t21}from"elysia";function createImpersonateRoute(config,signAccessToken,signRefreshToken,verifyRefreshToken,createSession,saveSessionToDb,cookieConfig){let{db,logger:logger2}=config,routes=new Elysia24,cookies={accessTokenName:cookieConfig?.accessTokenName||"access_token",refreshTokenName:cookieConfig?.refreshTokenName||"refresh_token",sessionTokenName:cookieConfig?.sessionTokenName||"session_token",accessTokenMaxAge:cookieConfig?.accessTokenMaxAge||900,refreshTokenMaxAge:cookieConfig?.refreshTokenMaxAge||604800,sessionTokenMaxAge:cookieConfig?.sessionTokenMaxAge||900,secure:cookieConfig?.secure??!0,sameSite:cookieConfig?.sameSite||"lax",path:cookieConfig?.path||"/",domain:cookieConfig?.domain};return routes.post("/auth/admin/impersonate",async(ctx)=>{let{usersTable}=resolveAuthTablesForRequest(ctx.request,config);if(!db||!usersTable)return{success:!1,message:"Database not configured"};let requestingUserId=ctx.request.headers.get("x-user-id");if(!requestingUserId)return ctx.set.status=401,{success:!1,message:"Unauthorized"};let{targetUserId}=ctx.body,requestingUser=(await db.select().from(usersTable).where(eq36(usersTable.id,requestingUserId)).limit(1))[0];if(!requestingUser||!requestingUser.isGod)return ctx.set.status=403,{success:!1,message:"Forbidden: godmin privileges required"};{let lockedUntilRaw=requestingUser.lockedUntil,lockedUntil=lockedUntilRaw?new Date(lockedUntilRaw):null;if(requestingUser.isActive===!1)return ctx.set.status=403,{success:!1,message:"Account is not active"};if(requestingUser.isLocked===!0&&(!lockedUntil||lockedUntil>new Date))return ctx.set.status=403,{success:!1,message:"Account is locked"}}if(requestingUserId===targetUserId)return ctx.set.status=400,{success:!1,message:"Cannot impersonate yourself"};let targetUser=(await db.select().from(usersTable).where(eq36(usersTable.id,targetUserId)).limit(1))[0];if(!targetUser)return ctx.set.status=404,{success:!1,message:"Target user not found"};let impRoles=[],impClaims=[],impClaimScopes={};if(config.db)try{let resolved=resolveAuthTablesForRequest(ctx.request,config),rc=await fetchUserRolesAndClaims(config.db,targetUserId,resolved);impRoles=rc.roles,impClaims=rc.claims,impClaimScopes=rc.claimScopes}catch{}let accessToken=signAccessToken(targetUserId,impRoles.length>0?impRoles:void 0,impClaims.length>0?impClaims:void 0,ctx.request.headers.get("x-tenant-schema")??void 0,impClaimScopes),refreshToken=signRefreshToken(targetUserId),reqIp=ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||"unknown",sessionParams={userId:targetUserId,deviceInfo:{deviceName:"Impersonation Session",browserName:"Admin",osName:"Admin",ipAddress:reqIp},loginMethod:"impersonation"},sessionId=await createSession(sessionParams);if(saveSessionToDb){let impSchemaName=ctx.request.headers.get("x-tenant-schema")||void 0;await saveSessionToDb(sessionId,sessionParams,impSchemaName)}logger2.info("[AUTH] Impersonation started",{godminId:requestingUserId,targetUserId,targetEmail:targetUser.email}),await logger2.audit({entityName:"users",entityId:targetUserId,operation:"IMPERSONATE_START",userId:requestingUserId,summary:`Godmin ${requestingUser.email} started impersonating ${targetUser.email}`,ipAddress:ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||"unknown",userAgent:ctx.request.headers.get("user-agent")||"unknown",path:new URL(ctx.request.url).pathname,query:""});let securePart=cookies.secure?"; Secure":"",domainPart=cookies.domain?`; Domain=${cookies.domain}`:"",cookieOptions=`; Path=${cookies.path}; HttpOnly; SameSite=${cookies.sameSite}${securePart}${domainPart}`,cookiesToSet=[`${cookies.accessTokenName}=${accessToken}${cookieOptions}; Max-Age=${cookies.accessTokenMaxAge}`,`${cookies.refreshTokenName}=${refreshToken}${cookieOptions}; Max-Age=${cookies.refreshTokenMaxAge}`,`${cookies.sessionTokenName}=${sessionId}${cookieOptions}; Max-Age=${cookies.sessionTokenMaxAge}`,`nucleus_impersonating_as=${targetUserId}${cookieOptions}; Max-Age=${cookies.sessionTokenMaxAge}`,`nucleus_godmin_id=${requestingUserId}${cookieOptions}; Max-Age=${cookies.sessionTokenMaxAge}`,`nucleus_impersonating_email=${encodeURIComponent(String(targetUser.email))}${cookieOptions}; Max-Age=${cookies.sessionTokenMaxAge}`,`nucleus_imp_sig=${signRefreshToken(requestingUserId)}${cookieOptions}; Max-Age=${cookies.refreshTokenMaxAge}`],jsonBody=JSON.stringify({success:!0,data:{targetUser:{id:targetUser.id,email:targetUser.email},godminId:requestingUserId,sessionId}}),headers=new Headers;headers.set("Content-Type","application/json");for(let cookie of cookiesToSet)headers.append("Set-Cookie",cookie);return new Response(jsonBody,{status:200,headers})},{body:t21.Object({targetUserId:t21.String()}),detail:{tags:["Authentication"],summary:"Impersonate User",description:"Godmin: start a session as another user"}}),routes.post("/auth/admin/impersonate/stop",async(ctx)=>{let{usersTable}=resolveAuthTablesForRequest(ctx.request,config);if(!db||!usersTable)return{success:!1,message:"Database not configured"};let cookieHeader=ctx.request.headers.get("cookie")||"",impSig=Object.fromEntries(cookieHeader.split(";").map((c)=>{let[k,...v]=c.trim().split("=");return[k?.trim(),v.join("=")]})).nucleus_imp_sig,verified=impSig?verifyRefreshToken(impSig):{valid:!1};if(!verified.valid||!verified.payload?.sub)return ctx.set.status=401,{success:!1,message:"No valid impersonation session"};let godminId=verified.payload.sub,godminUser=(await db.select().from(usersTable).where(eq36(usersTable.id,godminId)).limit(1))[0];if(!godminUser)return ctx.set.status=404,{success:!1,message:"Godmin user not found"};{let lockedUntilRaw=godminUser.lockedUntil,lockedUntil=lockedUntilRaw?new Date(lockedUntilRaw):null;if(godminUser.isActive===!1)return ctx.set.status=401,{success:!1,message:"Account is not active"};if(godminUser.isLocked===!0&&(!lockedUntil||lockedUntil>new Date))return ctx.set.status=401,{success:!1,message:"Account is locked"}}let godminRoles=[],godminClaims=[],godminClaimScopes={};if(config.db)try{let resolvedStop=resolveAuthTablesForRequest(ctx.request,config),rcStop=await fetchUserRolesAndClaims(config.db,godminId,resolvedStop);godminRoles=rcStop.roles,godminClaims=rcStop.claims,godminClaimScopes=rcStop.claimScopes}catch{}let accessToken=signAccessToken(godminId,godminRoles.length>0?godminRoles:void 0,godminClaims.length>0?godminClaims:void 0,ctx.request.headers.get("x-tenant-schema")??void 0,godminClaimScopes),refreshToken=signRefreshToken(godminId),stopReqIp=ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||"unknown",sessionParams={userId:godminId,deviceInfo:{deviceName:"Restored Admin Session",browserName:"Admin",osName:"Admin",ipAddress:stopReqIp},loginMethod:"impersonation_stop"},sessionId=await createSession(sessionParams);if(saveSessionToDb){let stopSchemaName=ctx.request.headers.get("x-tenant-schema")||void 0;await saveSessionToDb(sessionId,sessionParams,stopSchemaName)}logger2.info("[AUTH] Impersonation stopped",{godminId}),await logger2.audit({entityName:"users",entityId:godminId,operation:"IMPERSONATE_STOP",userId:godminId,summary:`Godmin ${godminUser.email} stopped impersonation`,ipAddress:ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||"unknown",userAgent:ctx.request.headers.get("user-agent")||"unknown",path:new URL(ctx.request.url).pathname,query:""});let securePart=cookies.secure?"; Secure":"",domainPart=cookies.domain?`; Domain=${cookies.domain}`:"",cookieOptions=`; Path=${cookies.path}; HttpOnly; SameSite=${cookies.sameSite}${securePart}${domainPart}`,expiredOptions=`; Path=${cookies.path}; HttpOnly; SameSite=${cookies.sameSite}${securePart}${domainPart}; Max-Age=0`,cookiesToSet=[`${cookies.accessTokenName}=${accessToken}${cookieOptions}; Max-Age=${cookies.accessTokenMaxAge}`,`${cookies.refreshTokenName}=${refreshToken}${cookieOptions}; Max-Age=${cookies.refreshTokenMaxAge}`,`${cookies.sessionTokenName}=${sessionId}${cookieOptions}; Max-Age=${cookies.sessionTokenMaxAge}`,`nucleus_impersonating_as=deleted${expiredOptions}`,`nucleus_godmin_id=deleted${expiredOptions}`,`nucleus_impersonating_email=deleted${expiredOptions}`,`nucleus_imp_sig=deleted${expiredOptions}`],jsonBody=JSON.stringify({success:!0,data:{godminUser:{id:godminUser.id,email:godminUser.email},sessionId}}),headers=new Headers;headers.set("Content-Type","application/json");for(let cookie of cookiesToSet)headers.append("Set-Cookie",cookie);return new Response(jsonBody,{status:200,headers})},{detail:{tags:["Authentication"],summary:"Stop Impersonation",description:"Godmin: restore own session after impersonation"}}),routes}var init_impersonate=__esm(()=>{init_fetchUserRolesAndClaims()});import{and as and13,count as count2,eq as eq37,sql as sql8}from"drizzle-orm";function createApiKeyRoutes(app,config,apiKeysConfig){let basePath=apiKeysConfig.route||"/auth/api-keys",apiKeysTable=config.apiKeysTable,{db,logger:logger2}=config;if(!apiKeysTable||!db){logger2.warn("[API_KEYS] api_keys table or database not available. Skipping API key routes.");return}let getResolvedConfig=(request)=>{let resolved=resolveAuthTablesForRequest(request,config),reqApiKeysTable=resolved.apiKeysTable??apiKeysTable;return{config:{...config,usersTable:resolved.usersTable??config.usersTable,userRolesTable:resolved.userRolesTable,rolesTable:resolved.rolesTable,roleClaimsTable:resolved.roleClaimsTable,claimsTable:resolved.claimsTable,apiKeysTable:reqApiKeysTable,schemaTables:resolved.schemaTables},apiKeysTable:reqApiKeysTable}},keyPrefix=apiKeysConfig.keyPrefix||"nk_live",maxKeysPerUser=apiKeysConfig.maxKeysPerUser||10,preventManagement=apiKeysConfig.preventApiKeyManagement??!1;app.post(basePath,async({request,set,body:rawBody})=>{let resolved=getResolvedConfig(request),reqApiKeysTable=resolved.apiKeysTable,reqConfig=resolved.config;if(preventManagement)return set.status=403,{isSuccess:!1,message:"API key management is disabled via configuration",data:null};if(request.headers.get("x-auth-type")==="api_key")return set.status=403,{isSuccess:!1,message:"API keys cannot be created using another API key",data:null};let userId=request.headers.get("x-user-id");if(!userId)return set.status=401,{isSuccess:!1,message:"Unauthenticated",data:null};let body;try{body=rawBody??{}}catch{return set.status=400,{isSuccess:!1,message:"Invalid request body",data:null}}if(!body.name||typeof body.name!=="string"||body.name.trim().length===0)return set.status=400,{isSuccess:!1,message:"Name is required",data:null};if(body.ownerType==="application"){if(!(apiKeysConfig.allowApplicationKeys??!0))return set.status=403,{isSuccess:!1,message:"Application API keys are not allowed",data:null};if(!body.applicationName||body.applicationName.trim().length===0)return set.status=400,{isSuccess:!1,message:"Application name is required for application keys",data:null}}if(((await db.select({count:count2()}).from(reqApiKeysTable).where(and13(eq37(col11(reqApiKeysTable,"userId"),userId),eq37(col11(reqApiKeysTable,"isActive"),!0))))[0]?.count||0)>=maxKeysPerUser)return set.status=400,{isSuccess:!1,message:`Maximum API key limit reached (${maxKeysPerUser})`,data:null};let userRoles=await getUserRoleNames(reqConfig,userId),userClaims=await getUserClaimActions(reqConfig,userId),isGodmin3=userRoles.some((r2)=>isGodminRole(r2)),requestedRoles=body.allowedRoles||[],requestedClaims=body.allowedClaims||[],requestedScopes=body.allowedScopes||[],stripGodmin=(roles)=>roles.filter((r2)=>!isGodminRole(r2)),finalRoles,finalClaims;if(isGodmin3)finalRoles=requestedRoles.length>0?stripGodmin(requestedRoles):[],finalClaims=requestedClaims.length>0?requestedClaims:userClaims;else{let validRoles=intersectPermissions(userRoles,requestedRoles),validClaims=intersectPermissions(userClaims,requestedClaims);if(requestedRoles.length>0&&validRoles.length!==requestedRoles.length){let disallowed=requestedRoles.filter((r2)=>!userRoles.includes(r2));return set.status=403,{isSuccess:!1,message:`Cannot assign roles you do not have: ${disallowed.join(", ")}`,data:null}}if(requestedClaims.length>0&&validClaims.length!==requestedClaims.length){let disallowed=requestedClaims.filter((c)=>!userClaims.includes(c));return set.status=403,{isSuccess:!1,message:`Cannot assign claims you do not have: ${disallowed.join(", ")}`,data:null}}if(requestedScopes.length>0){let userScopes=await getUserScopes(reqConfig,userId);if(intersectPermissions(userScopes,requestedScopes).length!==requestedScopes.length){let disallowed=requestedScopes.filter((s)=>!userScopes.includes(s));return set.status=403,{isSuccess:!1,message:`Cannot assign scopes you do not have: ${disallowed.join(", ")}`,data:null}}}finalRoles=stripGodmin(requestedRoles.length>0?validRoles:userRoles),finalClaims=requestedClaims.length>0?validClaims:userClaims}let expiresAt=null,expiresInStr=body.expiresIn||apiKeysConfig.defaultExpiresIn;if(expiresInStr){let seconds=parseTimeToSeconds2(expiresInStr);expiresAt=new Date(Date.now()+seconds*1000)}let generated=generateApiKey(keyPrefix);try{if(await db.insert(reqApiKeysTable).values({userId,name:body.name.trim(),description:body.description?.trim()||null,keyHash:generated.keyHash,keyPreview:generated.keyPreview,ownerType:body.ownerType||"personal",applicationName:body.applicationName?.trim()||null,expiresAt,isActive:!0,usageCount:0,createdAt:new Date,updatedAt:new Date}),finalRoles.length>0||finalClaims.length>0||requestedScopes.length>0){let jsonbUpdate={};if(finalRoles.length>0)jsonbUpdate.allowedRoles=JSON.stringify(finalRoles);if(finalClaims.length>0)jsonbUpdate.allowedClaims=JSON.stringify(finalClaims);if(requestedScopes.length>0)jsonbUpdate.allowedScopes=JSON.stringify(requestedScopes);await db.update(reqApiKeysTable).set(jsonbUpdate).where(eq37(col11(reqApiKeysTable,"keyHash"),generated.keyHash))}return logger2.info("[API_KEYS] API key created",{userId,ownerType:body.ownerType||"personal",applicationName:body.applicationName,rolesCount:finalRoles.length,claimsCount:finalClaims.length,expiresAt:expiresAt?.toISOString()||"never"}),{isSuccess:!0,message:"API key created successfully. Save this key \u2014 it will not be shown again.",data:{key:generated.rawKey,keyPreview:generated.keyPreview,name:body.name.trim(),ownerType:body.ownerType||"personal",applicationName:body.applicationName||null,allowedRoles:finalRoles,allowedClaims:finalClaims,allowedScopes:requestedScopes,expiresAt:expiresAt?.toISOString()||null}}}catch(err){let errDetail;try{errDetail=JSON.stringify(err,Object.getOwnPropertyNames(err))}catch{errDetail=err instanceof Error?err.message:String(err)}return logger2.error("[API_KEYS] Failed to create API key",{error:errDetail,userId}),set.status=500,{isSuccess:!1,message:"Failed to create API key",data:null}}}),app.get(basePath,async({request,set})=>{let{apiKeysTable:reqApiKeysTable}=getResolvedConfig(request),userId=request.headers.get("x-user-id");if(!userId)return set.status=401,{isSuccess:!1,message:"Unauthenticated",data:null};let items=(await db.select().from(reqApiKeysTable).where(eq37(col11(reqApiKeysTable,"userId"),userId)).orderBy(sql8`created_at DESC`)).map((row)=>sanitizeKeyForResponse(row));return{isSuccess:!0,data:{items,totalCount:items.length}}}),app.get(`${basePath}/:id`,async({params,request,set})=>{let{apiKeysTable:reqApiKeysTable}=getResolvedConfig(request),userId=request.headers.get("x-user-id");if(!userId)return set.status=401,{isSuccess:!1,message:"Unauthenticated",data:null};let keyId=params.id,record=(await db.select().from(reqApiKeysTable).where(and13(eq37(col11(reqApiKeysTable,"id"),keyId),eq37(col11(reqApiKeysTable,"userId"),userId))).limit(1))[0];if(!record)return set.status=404,{isSuccess:!1,message:"API key not found",data:null};return{isSuccess:!0,data:sanitizeKeyForResponse(record)}}),app.patch(`${basePath}/:id`,async({params,request,set,body:rawBody})=>{let resolved=getResolvedConfig(request),reqApiKeysTable=resolved.apiKeysTable,reqConfig=resolved.config;if(preventManagement)return set.status=403,{isSuccess:!1,message:"API key management is disabled via configuration",data:null};if(request.headers.get("x-auth-type")==="api_key")return set.status=403,{isSuccess:!1,message:"API keys cannot be modified using another API key",data:null};let userId=request.headers.get("x-user-id");if(!userId)return set.status=401,{isSuccess:!1,message:"Unauthenticated",data:null};let keyId=params.id,body;try{body=rawBody??{}}catch{return set.status=400,{isSuccess:!1,message:"Invalid request body",data:null}}let existing=(await db.select().from(reqApiKeysTable).where(and13(eq37(col11(reqApiKeysTable,"id"),keyId),eq37(col11(reqApiKeysTable,"userId"),userId))).limit(1))[0];if(!existing)return set.status=404,{isSuccess:!1,message:"API key not found",data:null};if(existing.revokedAt)return set.status=400,{isSuccess:!1,message:"Cannot modify a revoked API key",data:null};let userRoles=await getUserRoleNames(reqConfig,userId),userClaims=await getUserClaimActions(reqConfig,userId),updatePayload={updatedAt:new Date};if(body.name!==void 0){if(typeof body.name!=="string"||body.name.trim().length===0)return set.status=400,{isSuccess:!1,message:"Name cannot be empty",data:null};updatePayload.name=body.name.trim()}if(body.description!==void 0)updatePayload.description=body.description?.trim()||null;if(body.allowedRoles!==void 0){if(intersectPermissions(userRoles,body.allowedRoles).length!==body.allowedRoles.length){let disallowed=body.allowedRoles.filter((r2)=>!userRoles.includes(r2));return set.status=403,{isSuccess:!1,message:`Cannot assign roles you do not have: ${disallowed.join(", ")}`,data:null}}updatePayload.allowedRoles=body.allowedRoles.filter((r2)=>!isGodminRole(r2))}if(body.allowedClaims!==void 0){if(intersectPermissions(userClaims,body.allowedClaims).length!==body.allowedClaims.length){let disallowed=body.allowedClaims.filter((c)=>!userClaims.includes(c));return set.status=403,{isSuccess:!1,message:`Cannot assign claims you do not have: ${disallowed.join(", ")}`,data:null}}updatePayload.allowedClaims=body.allowedClaims}if(body.allowedScopes!==void 0){if(body.allowedScopes.length>0){let userScopes=await getUserScopes(reqConfig,userId);if(intersectPermissions(userScopes,body.allowedScopes).length!==body.allowedScopes.length){let disallowed=body.allowedScopes.filter((s)=>!userScopes.includes(s));return set.status=403,{isSuccess:!1,message:`Cannot assign scopes you do not have: ${disallowed.join(", ")}`,data:null}}}updatePayload.allowedScopes=body.allowedScopes}try{await db.update(reqApiKeysTable).set(updatePayload).where(eq37(col11(reqApiKeysTable,"id"),keyId)),logger2.info("[API_KEYS] API key updated",{keyId,userId});let updated=await db.select().from(reqApiKeysTable).where(eq37(col11(reqApiKeysTable,"id"),keyId)).limit(1);return{isSuccess:!0,message:"API key updated successfully",data:sanitizeKeyForResponse(updated[0])}}catch(err){return logger2.error("[API_KEYS] Failed to update API key",{error:err,keyId,userId}),set.status=500,{isSuccess:!1,message:"Failed to update API key",data:null}}}),app.delete(`${basePath}/:id`,async({params,request,set,body:rawBody})=>{let{apiKeysTable:reqApiKeysTable}=getResolvedConfig(request);if(request.headers.get("x-auth-type")==="api_key")return set.status=403,{isSuccess:!1,message:"API keys cannot be revoked using another API key",data:null};let userId=request.headers.get("x-user-id");if(!userId)return set.status=401,{isSuccess:!1,message:"Unauthenticated",data:null};let keyId=params.id,body={};try{if(rawBody)body=rawBody}catch{}let record=(await db.select().from(reqApiKeysTable).where(and13(eq37(col11(reqApiKeysTable,"id"),keyId),eq37(col11(reqApiKeysTable,"userId"),userId))).limit(1))[0];if(!record)return set.status=404,{isSuccess:!1,message:"API key not found",data:null};if(record.revokedAt)return set.status=400,{isSuccess:!1,message:"API key is already revoked",data:null};try{return await db.update(reqApiKeysTable).set({isActive:!1,revokedAt:new Date,revokedReason:body.reason||"user_revoked",updatedAt:new Date}).where(eq37(col11(reqApiKeysTable,"id"),keyId)),logger2.info("[API_KEYS] API key revoked",{keyId,userId,reason:body.reason||"user_revoked"}),{isSuccess:!0,message:"API key revoked successfully",data:null}}catch(err){return logger2.error("[API_KEYS] Failed to revoke API key",{error:err,keyId,userId}),set.status=500,{isSuccess:!1,message:"Failed to revoke API key",data:null}}}),logger2.info(`[API_KEYS] Routes registered at ${basePath}`)}var col11=(table,name2)=>table[name2],getUserRoleNames=async(config,userId)=>{if(!config.db||!config.userRolesTable||!config.rolesTable)return[];return(await config.db.select({name:col11(config.rolesTable,"name")}).from(config.userRolesTable).innerJoin(config.rolesTable,eq37(col11(config.rolesTable,"id"),col11(config.userRolesTable,"roleId"))).where(eq37(col11(config.userRolesTable,"userId"),userId))).map((r2)=>r2.name).filter((n2)=>n2!==void 0)},getUserClaimActions=async(config,userId)=>{if(!config.db||!config.userRolesTable||!config.roleClaimsTable||!config.claimsTable)return[];let rows=await config.db.select({action:col11(config.claimsTable,"action")}).from(config.userRolesTable).innerJoin(config.roleClaimsTable,eq37(col11(config.roleClaimsTable,"roleId"),col11(config.userRolesTable,"roleId"))).innerJoin(config.claimsTable,eq37(col11(config.claimsTable,"id"),col11(config.roleClaimsTable,"claimId"))).where(eq37(col11(config.userRolesTable,"userId"),userId)),uniqueActions=new Set(rows.map((r2)=>r2.action));return Array.from(uniqueActions).filter((a12)=>a12!==void 0)},getUserScopes=async(config,userId)=>{if(!config.db||!config.userRolesTable||!config.roleClaimsTable)return[];let rows=await config.db.select({scope:col11(config.roleClaimsTable,"scope")}).from(config.userRolesTable).innerJoin(config.roleClaimsTable,eq37(col11(config.roleClaimsTable,"roleId"),col11(config.userRolesTable,"roleId"))).where(eq37(col11(config.userRolesTable,"userId"),userId)),uniqueScopes=new Set(rows.map((r2)=>r2.scope).filter((s)=>s!==null&&s!==void 0&&s.length>0));return Array.from(uniqueScopes)},sanitizeKeyForResponse=(record)=>{let{keyHash:_keyHash,...safe}=record;return safe};var init_apiKeys=__esm(()=>{init_ApiKey();init_GodminSetup();init_utils5()});import{Elysia as Elysia25,t as t22}from"elysia";function createCaptchaRoutes(config){let{captchaService,logger:logger2,basePath="/auth/captcha"}=config,captchaRoutes=new Elysia25;if(!captchaService.isEnabled())return captchaRoutes;return captchaRoutes.get(`${basePath}/generate`,async(ctx)=>{let{type,difficulty}=ctx.query,ipAddress=ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||ctx.request.headers.get("x-real-ip")?.trim()||ctx.request.headers.get("cf-connecting-ip")?.trim()||"unknown",result=await captchaService.generate(type,difficulty,ipAddress);if(result.rateLimited)return ctx.set.status=429,{success:!1,message:result.message??"Too many requests. Please try again later."};return logger2.info("[CAPTCHA] Challenge generated via endpoint",{challengeId:result.challengeId,type:result.type,ipAddress}),{success:!0,data:{challengeId:result.challengeId,type:result.type,question:result.question,expiresAt:result.expiresAt,...result.imageData?{imageData:result.imageData}:{},...result.puzzleData?{puzzleData:{pieces:result.puzzleData.pieces}}:{}}}},{query:GenerateCaptchaQuerySchema,detail:{tags:["Captcha"],summary:"Generate Captcha",description:"Generate a new captcha challenge"}}),captchaRoutes.post(`${basePath}/validate`,async(ctx)=>{let{challengeId,answer}=ctx.body,result=await captchaService.validate(challengeId,answer);if(!result.valid)ctx.set.status=400;return result},{body:ValidateCaptchaBodySchema,detail:{tags:["Captcha"],summary:"Validate Captcha",description:"Validate a captcha answer"}}),captchaRoutes}var GenerateCaptchaQuerySchema,ValidateCaptchaBodySchema;var init_captcha=__esm(()=>{GenerateCaptchaQuerySchema=t22.Object({type:t22.Optional(t22.Union([t22.Literal("math"),t22.Literal("image"),t22.Literal("puzzle"),t22.Literal("text")])),difficulty:t22.Optional(t22.Union([t22.Literal("easy"),t22.Literal("medium"),t22.Literal("hard")]))}),ValidateCaptchaBodySchema=t22.Object({challengeId:t22.String(),answer:t22.String()})});import{eq as eq38}from"drizzle-orm";function createCheckRoute(config,checkConfig){let{db,logger:logger2}=config,route=checkConfig.route||"/auth/check";return(app)=>app.post(route,async(ctx)=>{let{body,request,set}=ctx,userId=request.headers.get("x-user-id");if(!userId)return set.status=401,{isSuccess:!1,message:"Unauthenticated",data:null};if(!db)return set.status=503,{isSuccess:!1,message:"Authorization service unavailable",data:null};let{schemaTables}=resolveAuthTablesForRequest(request,config);if(!schemaTables)return set.status=503,{isSuccess:!1,message:"Authorization tables not available",data:null};let{entity,method,fields,relations}=body;if(!entity||!method)return set.status=400,{isSuccess:!1,message:"entity and method are required",data:null};let result=await checkAuthorization({userId,method,entity,requestedFields:fields,requestedRelations:relations,db,schemaTables,logger:logger2,getUserData:async()=>{let usersTbl=schemaTables[AUTHORIZATION_TABLE_KEYS.users];if(!usersTbl||!db)return;let idCol=usersTbl.id;if(!idCol)return;return(await db.select().from(usersTbl).where(eq38(idCol,userId)).limit(1))[0]}});return{isSuccess:!0,message:result.authorized?"Authorized":"Forbidden",data:{authorized:result.authorized,reason:result.reason,allowedFields:result.allowedFields,allowedRelations:result.allowedRelations,scopeFilters:result.scopeFilters}}},{detail:{tags:["Auth"],summary:"Check authorization for a given entity and method",description:"Allows consumer/resource servers to perform full claim checks (including scope) against the IDP's authorization system."}})}var init_check=__esm(()=>{init_Authorization()});import{sql as sql9}from"drizzle-orm";import{Elysia as Elysia26,t as t23}from"elysia";function createEmailVerificationRoutes(config){let{authConfig,registerConfig,emailService,appName}=config,{db,logger:logger2}=authConfig,emailVerificationRoutes=new Elysia26;if(!registerConfig.enabled||!registerConfig.emailVerification?.enabled)return emailVerificationRoutes;let verifyRoute="/verify-email",resendRoute="/resend-verification";return emailVerificationRoutes.get(verifyRoute,async(ctx)=>{let{usersTable}=resolveAuthTablesForRequest(ctx.request,authConfig);if(!db||!usersTable)return{success:!1,message:"Database not configured"};let token=ctx.query.token;if(!token)return{success:!1,message:"Verification token is required"};let users=await db.select().from(usersTable).where(sql9`email_verification_token = ${hashVerificationToken(token)}`).limit(1);if(users.length===0)return logger2.warn("[AUTH] Email verification failed - invalid token"),{success:!1,message:"Invalid or expired verification token"};let user=users[0],tokenExpiresAt=user.emailVerificationTokenExpiresAt;if(tokenExpiresAt&&new Date>new Date(tokenExpiresAt))return logger2.warn("[AUTH] Email verification failed - token expired",{userId:user.id,email:user.email}),{success:!1,message:"Verification token has expired. Please request a new one."};if(await db.update(usersTable).set({verifiedAt:new Date,emailVerificationToken:null,emailVerificationTokenExpiresAt:null}).where(sql9`id = ${user.id}`),logger2.info("[AUTH] Email verified successfully",{userId:user.id,email:user.email}),registerConfig.emailVerification?.templates?.welcome?.enabled&&emailService?.isAvailable())emailService.sendWelcomeEmail(user.email,user.email.split("@")[0]||"User",appName||"Nucleus").catch((err)=>{logger2.error("[AUTH] Failed to send welcome email after verification",{email:user.email,error:err})});return{success:!0,message:"Email verified successfully. You can now log in.",data:{redirectUrl:registerConfig.emailVerification?.redirectUrl||"/login",verified:!0}}},{query:t23.Object({token:t23.String()}),detail:{tags:["Authentication"],summary:"Verify Email",description:"Verify user email address using the verification token"}}),emailVerificationRoutes.post(resendRoute,async(ctx)=>{let{usersTable}=resolveAuthTablesForRequest(ctx.request,authConfig);if(!db||!usersTable)return{success:!1,message:"Database not configured"};if(!emailService?.isAvailable())return{success:!1,message:"Email service not available"};let{email}=ctx.body,antiEnum=authConfig.authentication?.preventUserEnumeration===!0,uniformResend={success:!0,message:"If your email is registered and not yet verified, a verification email has been sent."},users=await db.select().from(usersTable).where(sql9`email = ${email}`).limit(1);if(users.length===0)return antiEnum?uniformResend:{success:!0,message:"If your email is registered, you will receive a verification email."};let user=users[0];if(user.verifiedAt)return antiEnum?uniformResend:{success:!1,message:"Email is already verified"};let maxAttempts=registerConfig.emailVerification?.maxResendAttempts||3,currentAttempts=user.emailVerificationAttempts||0;if(currentAttempts>=maxAttempts){if(logger2.warn("[AUTH] Resend verification failed - max attempts reached",{email,attempts:currentAttempts}),antiEnum)return uniformResend;return{success:!1,message:"Maximum resend attempts reached. Please contact support.",data:{maxAttemptsReached:!0,attemptsUsed:currentAttempts,maxAttempts}}}let resendCooldown=registerConfig.emailVerification?.resendCooldown||"60s",cooldownMs=parseTimeToMs(resendCooldown),lastSentAt=user.emailVerificationSentAt;if(lastSentAt){let timeSinceLastSent=Date.now()-new Date(lastSentAt).getTime();if(timeSinceLastSent<cooldownMs){let waitSeconds=Math.ceil((cooldownMs-timeSinceLastSent)/1000);if(antiEnum)return uniformResend;return{success:!1,message:`Please wait ${waitSeconds} seconds before requesting another verification email.`,data:{cooldownRemaining:waitSeconds,canResendAt:new Date(Date.now()+waitSeconds*1000).toISOString()}}}}let verificationToken=generateVerificationToken(),tokenExpiresIn=registerConfig.emailVerification?.tokenExpiresIn||"24h",tokenExpiresAt=new Date(Date.now()+parseTimeToMs(tokenExpiresIn));await db.update(usersTable).set({emailVerificationToken:hashVerificationToken(verificationToken),emailVerificationTokenExpiresAt:tokenExpiresAt,emailVerificationSentAt:new Date,emailVerificationAttempts:currentAttempts+1}).where(sql9`id = ${user.id}`);let verificationLink=buildEmailActionLink({request:ctx.request,configuredUrl:registerConfig.emailVerification?.redirectUrl,path:"/verify-email",query:{token:verificationToken},allowedOrigins:authConfig.authentication?.trustedAppOrigins}),result=await emailService.sendVerificationEmail(email,email.split("@")[0]||"User",verificationLink,appName||"Nucleus");if(result.success){logger2.info("[AUTH] Verification email resent",{email});let cooldownSeconds=Math.ceil(cooldownMs/1000);if(antiEnum)return uniformResend;return{success:!0,message:"Verification email sent. Please check your inbox.",data:{cooldownSeconds,canResendAt:new Date(Date.now()+cooldownMs).toISOString(),attemptsRemaining:maxAttempts-(currentAttempts+1)}}}if(logger2.error("[AUTH] Failed to resend verification email",{email,error:result.error}),antiEnum)return uniformResend;return{success:!1,message:"Failed to send verification email. Please try again later."}},{body:t23.Object({email:t23.String({format:"email"})}),detail:{tags:["Authentication"],summary:"Resend Verification Email",description:"Resend the email verification link to the user"}}),emailVerificationRoutes}var init_emailVerification=__esm(()=>{init_utils6()});import crypto7 from"crypto";function generateMagicToken(){return crypto7.randomBytes(32).toString("hex")}function hashToken(token,purpose){let input=purpose?`${purpose}:${token}`:token;return crypto7.createHash("sha256").update(input).digest("hex")}function parseTimeToMs3(time2){let match=time2.match(/^(\d+)(s|m|h|d)$/);if(!match?.[1]||!match[2])return 900000;let value=parseInt(match[1],10);switch(match[2]){case"s":return value*1000;case"m":return value*60*1000;case"h":return value*60*60*1000;case"d":return value*24*60*60*1000;default:return 900000}}var TOKEN_PURPOSE;var init_utils8=__esm(()=>{TOKEN_PURPOSE={magicLink:"magic-link",invite:"invite"}});import{eq as eq39}from"drizzle-orm";import{Elysia as Elysia27,t as t24}from"elysia";function createInviteRoute(config,inviteConfig,emailService,storeMagicToken,appName,getMagicToken){let{db,logger:logger2}=config,route=inviteConfig.route||"/auth/invite",expiresIn=inviteConfig.tokenExpiresIn||"7d",redirectUrl=inviteConfig.redirectUrl||"",inviteRoutes=new Elysia27;if(!inviteConfig.enabled)return inviteRoutes;if(inviteRoutes.post(route,async(ctx)=>{let resolved=resolveAuthTablesForRequest(ctx.request,config),{usersTable}=resolved;if(!db||!usersTable)return{success:!1,message:"Database not configured"};if(!emailService?.isAvailable())return logger2.error("[AUTH] Invite requested but email service not available"),{success:!1,message:"Email service not available"};let{email:rawEmail}=ctx.body,email=rawEmail.toLowerCase(),antiEnum=config.authentication?.preventUserEnumeration===!0,uniformInvite={success:!0,message:"If the email address is eligible, an invitation has been sent."},existingUsers=await db.select().from(usersTable).where(eq39(usersTable.email,email)).limit(1),userId;if(existingUsers.length>0){let existingUser=existingUsers[0];if(existingUser.verifiedAt||existingUser.password){if(logger2.warn("[AUTH] Invite failed - user already verified",{email}),antiEnum)return uniformInvite;return{success:!1,message:"User with this email is already verified"}}userId=existingUser.id,logger2.info("[AUTH] Resending invitation to existing unverified user",{userId,email})}else{let insertValues={email,password:null,emailVerified:!1,isLocked:!1,createdAt:new Date,updatedAt:new Date},newUser=(await db.insert(usersTable).values(insertValues).returning())[0];if(!newUser)return logger2.error("[AUTH] Failed to create invited user",{email}),{success:!1,message:"Failed to create user"};if(userId=newUser.id,logger2.info("[AUTH] Invited user created",{userId,email}),config.authentication?.defaultRole)await assignDefaultRole({db,userId,roleName:config.authentication.defaultRole,rolesTable:resolved.rolesTable??config.rolesTable??null,userRolesTable:resolved.userRolesTable??config.userRolesTable??null,logger:logger2})}let token=generateMagicToken(),tokenHash=hashToken(token,TOKEN_PURPOSE.invite),expiresAt=new Date(Date.now()+parseTimeToMs3(expiresIn)),reqSchemaName=ctx.request.headers.get("x-tenant-schema")||void 0;await storeMagicToken({userId,email,tokenHash,expiresAt},reqSchemaName);let inviteLink=redirectUrl?buildEmailActionLink({request:ctx.request,configuredUrl:redirectUrl,path:extractConfiguredPath(redirectUrl,"/set-password"),query:{token,invite:"true"},allowedOrigins:config.authentication?.trustedAppOrigins}):`/set-password?token=${token}&invite=true`,sendResult=await emailService.sendInvitationEmail(email,inviteLink,appName||"Nucleus");if(!sendResult.success){if(logger2.error("[AUTH] Failed to send invitation email",{email,error:sendResult.error}),antiEnum)return uniformInvite;return{success:!0,message:"User created but failed to send invitation email",data:{id:userId,email}}}if(logger2.info("[AUTH] Invitation email sent",{email,userId}),antiEnum)return uniformInvite;return{success:!0,message:"Invitation sent successfully",data:{id:userId,email}}},{body:InviteBodySchema,detail:{tags:["Authentication"],summary:"Invite User",description:"Invite a new user by sending them an email with a magic link to set their password"}}),getMagicToken)inviteRoutes.post(`${route}/verify`,async(ctx)=>{let{token}=ctx.body;if(!token)return{success:!1,message:"Token is required"};let tokenHash=hashToken(token,TOKEN_PURPOSE.invite),invSchemaName=ctx.request.headers.get("x-tenant-schema")||void 0,storedToken=await getMagicToken(tokenHash,invSchemaName);if(!storedToken)return logger2.warn("[AUTH] Invalid invite verify token"),{success:!1,message:"Invalid or expired token"};if(new Date>storedToken.expiresAt)return logger2.warn("[AUTH] Expired invite verify token",{email:storedToken.email}),{success:!1,message:"Invalid or expired token"};return logger2.info("[AUTH] Invite token verified (not consumed)",{email:storedToken.email,userId:storedToken.userId}),{success:!0,data:{userId:storedToken.userId,email:storedToken.email}}},{body:t24.Object({token:t24.String()}),detail:{tags:["Authentication"],summary:"Verify Invite Token",description:"Validate an invite token without consuming it. Returns user info if valid."}});return inviteRoutes}var InviteBodySchema;var init_invite=__esm(()=>{init_assignDefaultRole();init_utils8();InviteBodySchema=t24.Object({email:t24.String({format:"email"})})});var exports_DeviceTrust={};__export(exports_DeviceTrust,{selectUsableDeviceRow:()=>selectUsableDeviceRow,readDeviceTokenFromCookieHeader:()=>readDeviceTokenFromCookieHeader,mintDeviceToken:()=>mintDeviceToken,isDeviceRowUsable:()=>isDeviceRowUsable,isApprovalMethod:()=>isApprovalMethod,hashDeviceToken:()=>hashDeviceToken,deviceCookieName:()=>deviceCookieName,decideDeviceApproval:()=>decideDeviceApproval,buildDeviceTokenCookie:()=>buildDeviceTokenCookie,buildClearedDeviceTokenCookie:()=>buildClearedDeviceTokenCookie,DEVICE_TOKEN_BYTES:()=>DEVICE_TOKEN_BYTES});import{createHash as createHash2,randomBytes as randomBytes4}from"crypto";function hashDeviceToken(raw){return createHash2("sha256").update(raw).digest("hex")}function mintDeviceToken(){let raw=randomBytes4(DEVICE_TOKEN_BYTES).toString("hex");return{raw,hash:hashDeviceToken(raw)}}function isDeviceRowUsable(row,now){if(!row||row.status!=="trusted")return!1;if((row.revoked_at??row.revokedAt)!=null)return!1;let expRaw=row.expires_at??row.expiresAt;if(expRaw==null)return!1;let exp=expRaw instanceof Date?expRaw:new Date(expRaw);if(Number.isNaN(exp.getTime())||exp<=now)return!1;return!0}function selectUsableDeviceRow(rows,expectedUserId,now){if(!expectedUserId)return null;for(let row of rows??[]){if((row.user_id??row.userId)!==expectedUserId)continue;if(isDeviceRowUsable(row,now))return row}return null}function buildDeviceTokenCookie(raw,opts){let prefix=opts.cookiePrefix??"",name2=`${prefix}${opts.cookieName??"device_token"}`,sameSite=opts.sameSite??"Lax",secure=prefix==="__Secure-"||prefix==="__Host-"||opts.secure!==!1,allowDomain=prefix!=="__Host-",parts=[`${name2}=${raw}`,"Path=/","HttpOnly",`SameSite=${sameSite}`];if(secure)parts.push("Secure");if(allowDomain&&opts.domain)parts.push(`Domain=${opts.domain}`);return parts.push(`Max-Age=${Math.max(0,Math.floor(opts.maxAgeSeconds))}`),parts.join("; ")}function buildClearedDeviceTokenCookie(opts){return buildDeviceTokenCookie("",{...opts,maxAgeSeconds:0})}function decideDeviceApproval(params){let NO_APPROVAL={requiresApproval:!1,deny:!1,mintToken:!1,trustImmediately:!1},TRUST_NOW={requiresApproval:!1,deny:!1,mintToken:!0,trustImmediately:!0};if(params.knownDevice)return NO_APPROVAL;if(params.isImpersonation||!isApprovalMethod(params.loginMethod,params.approvalMethods))return NO_APPROVAL;if(!params.hasValidFingerprint&&params.onUnidentifiable==="deny")return{requiresApproval:!1,deny:!0,mintToken:!1,trustImmediately:!1};if(params.trustNewDevices!==!1||params.isEmailExempt||params.isFirstEverDevice)return TRUST_NOW;return{requiresApproval:!0,deny:!1,mintToken:!0,trustImmediately:!1}}function deviceCookieName(cfg){return`${cfg?.cookiePrefix??""}${cfg?.cookieName??"device_token"}`}function readDeviceTokenFromCookieHeader(cookieHeader,cfg){if(!cookieHeader)return;let name2=deviceCookieName(cfg);for(let part of cookieHeader.split(";")){let eq40=part.indexOf("=");if(eq40<0)continue;if(part.slice(0,eq40).trim()===name2)return part.slice(eq40+1).trim()}return}function isApprovalMethod(method,approvalMethods){if(!method)return!1;for(let m2 of approvalMethods){if(m2===method)return!0;if(m2.endsWith(":*")&&method.startsWith(m2.slice(0,-1)))return!0}return!1}var DEVICE_TOKEN_BYTES=32;var init_DeviceTrust=()=>{};import{t as t25}from"elysia";var LoginBodySchema,LoginResponseSchema;var init_types12=__esm(()=>{LoginBodySchema=t25.Object({email:t25.String({format:"email"}),password:t25.String({minLength:1}),rememberMe:t25.Optional(t25.Boolean()),captchaId:t25.Optional(t25.String()),captchaAnswer:t25.Optional(t25.String()),deviceHint:t25.Optional(t25.String())}),LoginResponseSchema=t25.Object({success:t25.Boolean(),message:t25.Optional(t25.String()),data:t25.Optional(t25.Object({user:t25.Object({id:t25.String(),email:t25.String()}),accessToken:t25.String(),refreshToken:t25.String()}))})});import{eq as eq40}from"drizzle-orm";import{Elysia as Elysia28}from"elysia";function createLoginRoute(config,loginConfig,signAccessToken,signRefreshToken,createSession,saveSessionToDb,cookieConfig,tokenResponseConfig,captchaService){let{db,logger:logger2}=config,log4=logger2.scoped(AUTH_LOGIN),route=loginConfig.route||"/auth/login",cookies={accessTokenName:cookieConfig?.accessTokenName||"access_token",refreshTokenName:cookieConfig?.refreshTokenName||"refresh_token",sessionTokenName:cookieConfig?.sessionTokenName||"session_token",accessTokenMaxAge:cookieConfig?.accessTokenMaxAge||900,refreshTokenMaxAge:cookieConfig?.refreshTokenMaxAge||604800,sessionTokenMaxAge:cookieConfig?.sessionTokenMaxAge||900,secure:cookieConfig?.secure??!0,httpOnly:cookieConfig?.httpOnly??!0,sameSite:cookieConfig?.sameSite||"strict",path:cookieConfig?.path||"/",domain:cookieConfig?.domain},loginRoutes=new Elysia28;if(!loginConfig.enabled)return loginRoutes;return loginRoutes.post(route,async(ctx)=>{let resolved=resolveAuthTablesForRequest(ctx.request,config),usersTable=resolved.usersTable;if(!db||!usersTable)return{success:!1,message:"Database not configured"};let{email:rawEmail,password:password4,rememberMe,captchaId,captchaAnswer,deviceHint}=ctx.body,email=rawEmail.toLowerCase(),user=(await db.select().from(usersTable).where(eq40(usersTable.email,email)).limit(1))[0],captchaEnabledForLogin=loginConfig.captcha?.enabled!==!1,captchaThreshold=loginConfig.captcha?.requireAfterFailures,currentFailedAttempts=user?.failedLoginAttempts||0,captchaRequired=Boolean(captchaService?.isEnabled())&&captchaEnabledForLogin&&(captchaThreshold===void 0||currentFailedAttempts>=captchaThreshold);if(captchaRequired&&captchaService){if(!captchaId||!captchaAnswer)return ctx.set.status=400,{success:!1,message:"Captcha is required",requiresCaptcha:!0};let captchaResult=await captchaService.validate(captchaId,captchaAnswer);if(!captchaResult.valid)return ctx.set.status=400,{success:!1,message:captchaResult.message||"Invalid captcha",attemptsRemaining:captchaResult.attemptsRemaining,requiresCaptcha:!0}}let reqUrl=new URL(ctx.request.url),auditIp=ctx.request.headers.get("x-client-ip")?.trim()||"unknown",auditUa=ctx.request.headers.get("user-agent")||"unknown";if(!user)return await verifyPassword(password4,await getTimingEqualizerHash()).catch(()=>!1),log4.warn("Login failed - user not found",{email}),await logger2.audit({entityName:"users",operation:"LOGIN_FAILED",summary:`Login failed: user not found (${email})`,ipAddress:auditIp,userAgent:auditUa,path:reqUrl.pathname,query:reqUrl.search}),{success:!1,message:"Invalid email or password",requiresCaptcha:captchaRequired};if(user.isActive===!1)return log4.warn("Login failed - account inactive",{email,userId:user.id}),{success:!1,message:"Account is not active"};if(user.isLocked){let lockedUntil=user.lockedUntil;if(lockedUntil&&new Date(lockedUntil)<new Date)await db.update(usersTable).set({isLocked:!1,lockedUntil:null,failedLoginAttempts:0}).where(eq40(usersTable.id,user.id)),log4.info("Account lock expired, auto-unlocked",{userId:user.id,email});else return log4.warn("Login failed - account locked",{email,userId:user.id}),await logger2.audit({entityName:"users",entityId:user.id,operation:"LOGIN_FAILED",userId:user.id,summary:`Login failed: account locked (${email})`,ipAddress:auditIp,userAgent:auditUa,path:reqUrl.pathname,query:reqUrl.search}),{success:!1,message:"Account is locked"}}let userCohortId=user.cohortId;if(userCohortId&&db){let cohortsTable=resolved.schemaTables?.userCohorts??resolved.schemaTables?.user_cohorts;if(cohortsTable){let cohortExpiresAt=(await db.select().from(cohortsTable).where(eq40(cohortsTable.id,userCohortId)).limit(1))[0]?.expiresAt;if(cohortExpiresAt&&new Date(cohortExpiresAt)<new Date)return log4.warn("Login failed - cohort expired",{email,userId:user.id,cohortId:userCohortId,expiresAt:cohortExpiresAt}),await logger2.audit({entityName:"users",entityId:user.id,operation:"LOGIN_FAILED",userId:user.id,summary:`Login failed: cohort expired (${email})`,ipAddress:auditIp,userAgent:auditUa,path:reqUrl.pathname,query:reqUrl.search}),{success:!1,message:"Your access has expired. Please contact your administrator."}}}if(!await verifyPassword(password4,user.password)){let failedAttempts=(user.failedLoginAttempts||0)+1;return await db.update(usersTable).set({failedLoginAttempts:failedAttempts,isLocked:failedAttempts>=5,lockedUntil:failedAttempts>=5?new Date(Date.now()+1800000):null}).where(eq40(usersTable.id,user.id)),log4.warn("Login failed - invalid password",{email,failedAttempts}),await logger2.audit({entityName:"users",entityId:user.id,operation:"LOGIN_FAILED",userId:user.id,summary:`Login failed: invalid password (${email}, attempt ${failedAttempts})`,ipAddress:auditIp,userAgent:auditUa,path:reqUrl.pathname,query:reqUrl.search}),{success:!1,message:"Invalid email or password",requiresCaptcha:Boolean(captchaService?.isEnabled())&&captchaEnabledForLogin&&(captchaThreshold===void 0||failedAttempts>=captchaThreshold)}}await db.update(usersTable).set({failedLoginAttempts:0,lastLoginAt:new Date,loginCount:(user.loginCount||0)+1}).where(eq40(usersTable.id,user.id));let ipAddress=ctx.request.headers.get("x-client-ip")?.trim()||"127.0.0.1",isPrivateOrLoopback=(ip)=>!ip||ip==="127.0.0.1"||ip==="::1"||ip==="localhost"||ip.startsWith("10.")||ip.startsWith("192.168.")||ip.startsWith("172."),userAgent=ctx.request.headers.get("user-agent")||"Unknown Browser";log4.info("Parsed device info",{ipAddress,userAgent});let deviceInfo=parseUserAgentForLogin(userAgent,ipAddress,deviceHint,deviceContextFromRequest(ctx.request).clientHints);if(!isPrivateOrLoopback(ipAddress)){let abortCtrl=new AbortController,geoTimeout=setTimeout(()=>abortCtrl.abort(),2000);fetch(`https://ip-api.com/json/${ipAddress}?fields=country,city`,{signal:abortCtrl.signal}).then(async(res)=>{if(clearTimeout(geoTimeout),!res.ok)return;let geo=await res.json();if(geo.country)deviceInfo.locationCountry=geo.country;if(geo.city)deviceInfo.locationCity=geo.city}).catch(()=>{clearTimeout(geoTimeout)})}let userRoles=[],userClaims=[],userClaimScopes={};if(db)try{let{fetchUserRolesAndClaims:fetchUserRolesAndClaims2}=await Promise.resolve().then(() => (init_fetchUserRolesAndClaims(),exports_fetchUserRolesAndClaims)),rc=await fetchUserRolesAndClaims2(db,user.id,resolved);userRoles=rc.roles,userClaims=rc.claims,userClaimScopes=rc.claimScopes}catch(roleError){log4.error("Failed to fetch user roles/claims for JWT",{userId:user.id,error:roleError instanceof Error?roleError.message:String(roleError),stack:roleError instanceof Error?roleError.stack:void 0})}let accessToken=signAccessToken(user.id,userRoles.length>0?userRoles:void 0,userClaims.length>0?userClaims:void 0,ctx.request.headers.get("x-tenant-schema")??void 0,userClaimScopes),refreshToken=signRefreshToken(user.id),requestOrigin=ctx.request.headers.get("origin")||ctx.request.headers.get("referer")?.replace(/\/[^/]*$/,"")||void 0,sessionParams={userId:user.id,deviceInfo,loginMethod:"password",rememberMe,requestOrigin},sessionId=await createSession(sessionParams),requiresApproval=!1,pendingSessionId=sessionId,deviceTokenCookie;if(saveSessionToDb){let reqSchemaName=ctx.request.headers.get("x-tenant-schema")||void 0,dtCfg=config.authentication?.deviceTrust;if(dtCfg?.enabled)sessionParams.deviceToken=readDeviceTokenFromCookieHeader(ctx.request.headers.get("cookie"),dtCfg);let saveResult=await saveSessionToDb(sessionId,sessionParams,reqSchemaName);if(saveResult?.denied)return log4.warn("Login blocked by device-trust (unidentifiable device)",{userId:user.id}),ctx.set.status=403,{success:!1,message:"This device could not be recognized. Please contact support."};if(deviceTokenCookie=saveResult?.deviceTokenCookie,saveResult?.requiresApproval){if(requiresApproval=!0,saveResult.sessionId)pendingSessionId=saveResult.sessionId}}if(requiresApproval){ctx.set.status=202;let approvalHeaders={"Content-Type":"application/json"};if(deviceTokenCookie)approvalHeaders["Set-Cookie"]=deviceTokenCookie;return new Response(JSON.stringify({success:!1,requiresApproval:!0,sessionId:pendingSessionId,message:"Login requires approval. Please check your email to approve this device."}),{status:202,headers:approvalHeaders})}log4.info("Login successful",{userId:user.id,email,rememberMe}),await logger2.audit({entityName:"users",entityId:user.id,operation:"LOGIN",userId:user.id,summary:`${email} logged in successfully`,ipAddress,userAgent,path:reqUrl.pathname,query:reqUrl.search});let tokenConfig={accessToken:{setHeadersEnabled:tokenResponseConfig?.accessToken?.setHeadersEnabled??!0,returnJson:tokenResponseConfig?.accessToken?.returnJson??!0},refreshToken:{setHeadersEnabled:tokenResponseConfig?.refreshToken?.setHeadersEnabled??!0,returnJson:tokenResponseConfig?.refreshToken?.returnJson??!0},sessionToken:{setHeadersEnabled:tokenResponseConfig?.sessionToken?.setHeadersEnabled??!0,returnJson:tokenResponseConfig?.sessionToken?.returnJson??!0}},securePart=cookies.secure?"; Secure":"",domainPart=cookies.domain?`; Domain=${cookies.domain}`:"",cookieOptions=`; Path=${cookies.path}; HttpOnly; SameSite=${cookies.sameSite}${securePart}${domainPart}`,cookiesToSet=[];if(tokenConfig.accessToken.setHeadersEnabled)cookiesToSet.push(`${cookies.accessTokenName}=${accessToken}${cookieOptions}; Max-Age=${cookies.accessTokenMaxAge}`);if(tokenConfig.refreshToken.setHeadersEnabled)cookiesToSet.push(`${cookies.refreshTokenName}=${refreshToken}${cookieOptions}; Max-Age=${cookies.refreshTokenMaxAge}`);if(tokenConfig.sessionToken.setHeadersEnabled)cookiesToSet.push(`${cookies.sessionTokenName}=${sessionId}${cookieOptions}; Max-Age=${cookies.sessionTokenMaxAge}`);if(deviceTokenCookie)cookiesToSet.push(deviceTokenCookie);ctx.set.headers["x-session-id"]=sessionId;let responseData={user:{id:user.id,email:user.email}};if(tokenConfig.accessToken.returnJson)responseData.accessToken=accessToken;if(tokenConfig.refreshToken.returnJson)responseData.refreshToken=refreshToken;if(tokenConfig.sessionToken.returnJson)responseData.sessionId=sessionId;let jsonBody=JSON.stringify({success:!0,data:responseData}),headers=new Headers;headers.set("Content-Type","application/json"),headers.set("x-session-id",sessionId);for(let cookie of cookiesToSet)headers.append("Set-Cookie",cookie);return new Response(jsonBody,{status:200,headers})},{body:LoginBodySchema,detail:{tags:["Authentication"],summary:"Login",description:"Authenticate user with email and password"}}),loginRoutes}var dummyHashPromise=null,getTimingEqualizerHash=()=>{if(!dummyHashPromise)dummyHashPromise=hashPassword("nucleus-login-timing-equalizer");return dummyHashPromise};var init_login=__esm(()=>{init_DeviceTrust();init_scopes();init_utils6();init_types12();init_deviceInfo();init_utils7();init_types12()});function clearAuthCookies(cookieConfig){let path4=cookieConfig?.path||"/",sameSite=cookieConfig?.sameSite||"Strict",securePart=cookieConfig?.secure!==!1?"; Secure":"",domainPart=cookieConfig?.domain?`; Domain=${cookieConfig.domain}`:"",accessName=cookieConfig?.accessTokenName||"access_token",refreshName=cookieConfig?.refreshTokenName||"refresh_token",sessionName=cookieConfig?.sessionTokenName||"session_token",clearOpts=`; Path=${path4}; HttpOnly; SameSite=${sameSite}${securePart}${domainPart}; Max-Age=0`;return[`${accessName}=${clearOpts}`,`${refreshName}=${clearOpts}`,`${sessionName}=${clearOpts}`]}import{t as t26}from"elysia";var LogoutResponseSchema;var init_types13=__esm(()=>{LogoutResponseSchema=t26.Object({success:t26.Boolean(),message:t26.Optional(t26.String())})});import{Elysia as Elysia29}from"elysia";function createLogoutRoute(config,logoutConfig,destroySession,revokeSessionInDb,cookieConfig){let{logger:logger2}=config,route=logoutConfig.route||"/auth/logout",logoutRoutes=new Elysia29;if(!logoutConfig.enabled)return logoutRoutes;return logoutRoutes.post(route,async(ctx)=>{let sessionId=ctx.request.headers.get("x-session-id"),userId=ctx.request.headers.get("x-user-id");if(sessionId){if(await destroySession(sessionId),revokeSessionInDb){let reqSchemaName=ctx.request.headers.get("x-tenant-schema")||void 0;await revokeSessionInDb(sessionId,"user_logout",reqSchemaName)}}let clearCookies=clearAuthCookies(cookieConfig),responseHeaders=new Headers;responseHeaders.set("Content-Type","application/json");for(let cookie of clearCookies)responseHeaders.append("Set-Cookie",cookie);logger2.info("[AUTH] Logout successful",{userId,sessionId});let reqUrl=new URL(ctx.request.url);logger2.audit({entityName:"users",entityId:userId||void 0,operation:"LOGOUT",userId:userId||void 0,summary:`User logged out${sessionId?` (session: ${sessionId.substring(0,8)}...)`:""}`,ipAddress:ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||ctx.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:ctx.request.headers.get("user-agent")||"unknown",path:reqUrl.pathname,query:reqUrl.search});let jsonBody=JSON.stringify({success:!0,message:"Logged out successfully"});return new Response(jsonBody,{status:200,headers:responseHeaders})},{detail:{tags:["Authentication"],summary:"Logout",description:"Logout and invalidate session"}}),logoutRoutes}var init_logout=__esm(()=>{init_types13()});var exports_value={};__export(exports_value,{IsUndefined:()=>IsUndefined,IsUint8Array:()=>IsUint8Array,IsSymbol:()=>IsSymbol,IsString:()=>IsString,IsRegExp:()=>IsRegExp,IsObject:()=>IsObject,IsNumber:()=>IsNumber,IsNull:()=>IsNull,IsIterator:()=>IsIterator,IsFunction:()=>IsFunction,IsDate:()=>IsDate,IsBoolean:()=>IsBoolean,IsBigInt:()=>IsBigInt,IsAsyncIterator:()=>IsAsyncIterator,IsArray:()=>IsArray,HasPropertyKey:()=>HasPropertyKey});function HasPropertyKey(value,key2){return key2 in value}function IsAsyncIterator(value){return IsObject(value)&&!IsArray(value)&&!IsUint8Array(value)&&Symbol.asyncIterator in value}function IsArray(value){return Array.isArray(value)}function IsBigInt(value){return typeof value==="bigint"}function IsBoolean(value){return typeof value==="boolean"}function IsDate(value){return value instanceof globalThis.Date}function IsFunction(value){return typeof value==="function"}function IsIterator(value){return IsObject(value)&&!IsArray(value)&&!IsUint8Array(value)&&Symbol.iterator in value}function IsNull(value){return value===null}function IsNumber(value){return typeof value==="number"}function IsObject(value){return typeof value==="object"&&value!==null}function IsRegExp(value){return value instanceof globalThis.RegExp}function IsString(value){return typeof value==="string"}function IsSymbol(value){return typeof value==="symbol"}function IsUint8Array(value){return value instanceof globalThis.Uint8Array}function IsUndefined(value){return value===void 0}function ArrayType(value){return value.map((value2)=>Visit(value2))}function DateType(value){return new Date(value.getTime())}function Uint8ArrayType(value){return new Uint8Array(value)}function RegExpType(value){return new RegExp(value.source,value.flags)}function ObjectType(value){let result={};for(let key2 of Object.getOwnPropertyNames(value))result[key2]=Visit(value[key2]);for(let key2 of Object.getOwnPropertySymbols(value))result[key2]=Visit(value[key2]);return result}function Visit(value){return IsArray(value)?ArrayType(value):IsDate(value)?DateType(value):IsUint8Array(value)?Uint8ArrayType(value):IsRegExp(value)?RegExpType(value):IsObject(value)?ObjectType(value):value}function Clone(value){return Visit(value)}var init_value=()=>{};function CloneType(schema,options){return options===void 0?Clone(schema):Clone({...options,...schema})}var init_type=__esm(()=>{init_value()});var init_clone=__esm(()=>{init_type();init_value()});function IsObject2(value2){return value2!==null&&typeof value2==="object"}function IsArray2(value2){return globalThis.Array.isArray(value2)&&!globalThis.ArrayBuffer.isView(value2)}function IsUndefined2(value2){return value2===void 0}function IsNumber2(value2){return typeof value2==="number"}var init_guard=()=>{};var TypeSystemPolicy;var init_policy=__esm(()=>{init_guard();(function(TypeSystemPolicy2){TypeSystemPolicy2.InstanceMode="default",TypeSystemPolicy2.ExactOptionalPropertyTypes=!1,TypeSystemPolicy2.AllowArrayObject=!1,TypeSystemPolicy2.AllowNaN=!1,TypeSystemPolicy2.AllowNullVoid=!1;function IsExactOptionalProperty(value2,key2){return TypeSystemPolicy2.ExactOptionalPropertyTypes?key2 in value2:value2[key2]!==void 0}TypeSystemPolicy2.IsExactOptionalProperty=IsExactOptionalProperty;function IsObjectLike(value2){let isObject=IsObject2(value2);return TypeSystemPolicy2.AllowArrayObject?isObject:isObject&&!IsArray2(value2)}TypeSystemPolicy2.IsObjectLike=IsObjectLike;function IsRecordLike(value2){return IsObjectLike(value2)&&!(value2 instanceof Date)&&!(value2 instanceof Uint8Array)}TypeSystemPolicy2.IsRecordLike=IsRecordLike;function IsNumberLike(value2){return TypeSystemPolicy2.AllowNaN?IsNumber2(value2):Number.isFinite(value2)}TypeSystemPolicy2.IsNumberLike=IsNumberLike;function IsVoidLike(value2){let isUndefined=IsUndefined2(value2);return TypeSystemPolicy2.AllowNullVoid?isUndefined||value2===null:isUndefined}TypeSystemPolicy2.IsVoidLike=IsVoidLike})(TypeSystemPolicy||(TypeSystemPolicy={}))});function ImmutableArray(value2){return globalThis.Object.freeze(value2).map((value3)=>Immutable(value3))}function ImmutableDate(value2){return value2}function ImmutableUint8Array(value2){return value2}function ImmutableRegExp(value2){return value2}function ImmutableObject(value2){let result={};for(let key2 of Object.getOwnPropertyNames(value2))result[key2]=Immutable(value2[key2]);for(let key2 of Object.getOwnPropertySymbols(value2))result[key2]=Immutable(value2[key2]);return globalThis.Object.freeze(result)}function Immutable(value2){return IsArray(value2)?ImmutableArray(value2):IsDate(value2)?ImmutableDate(value2):IsUint8Array(value2)?ImmutableUint8Array(value2):IsRegExp(value2)?ImmutableRegExp(value2):IsObject(value2)?ImmutableObject(value2):value2}var init_immutable=()=>{};function CreateType(schema,options){let result=options!==void 0?{...options,...schema}:schema;switch(TypeSystemPolicy.InstanceMode){case"freeze":return Immutable(result);case"clone":return Clone(result);default:return result}}var init_type2=__esm(()=>{init_policy();init_immutable();init_value()});var init_create=__esm(()=>{init_type2()});var TypeBoxError;var init_error=__esm(()=>{TypeBoxError=class TypeBoxError extends Error{constructor(message){super(message)}}});var init_error2=__esm(()=>{init_error()});var TransformKind,ReadonlyKind,OptionalKind,Hint,Kind2;var init_symbols=__esm(()=>{TransformKind=Symbol.for("TypeBox.Transform"),ReadonlyKind=Symbol.for("TypeBox.Readonly"),OptionalKind=Symbol.for("TypeBox.Optional"),Hint=Symbol.for("TypeBox.Hint"),Kind2=Symbol.for("TypeBox.Kind")});var init_symbols2=__esm(()=>{init_symbols()});function IsReadonly(value2){return IsObject(value2)&&value2[ReadonlyKind]==="Readonly"}function IsOptional(value2){return IsObject(value2)&&value2[OptionalKind]==="Optional"}function IsAny(value2){return IsKindOf(value2,"Any")}function IsArgument(value2){return IsKindOf(value2,"Argument")}function IsArray3(value2){return IsKindOf(value2,"Array")}function IsAsyncIterator2(value2){return IsKindOf(value2,"AsyncIterator")}function IsBigInt2(value2){return IsKindOf(value2,"BigInt")}function IsBoolean2(value2){return IsKindOf(value2,"Boolean")}function IsComputed(value2){return IsKindOf(value2,"Computed")}function IsConstructor(value2){return IsKindOf(value2,"Constructor")}function IsDate2(value2){return IsKindOf(value2,"Date")}function IsFunction2(value2){return IsKindOf(value2,"Function")}function IsInteger(value2){return IsKindOf(value2,"Integer")}function IsIntersect(value2){return IsKindOf(value2,"Intersect")}function IsIterator2(value2){return IsKindOf(value2,"Iterator")}function IsKindOf(value2,kind){return IsObject(value2)&&Kind2 in value2&&value2[Kind2]===kind}function IsLiteralValue(value2){return IsBoolean(value2)||IsNumber(value2)||IsString(value2)}function IsLiteral(value2){return IsKindOf(value2,"Literal")}function IsMappedKey(value2){return IsKindOf(value2,"MappedKey")}function IsMappedResult(value2){return IsKindOf(value2,"MappedResult")}function IsNever(value2){return IsKindOf(value2,"Never")}function IsNot(value2){return IsKindOf(value2,"Not")}function IsNull2(value2){return IsKindOf(value2,"Null")}function IsNumber3(value2){return IsKindOf(value2,"Number")}function IsObject3(value2){return IsKindOf(value2,"Object")}function IsPromise(value2){return IsKindOf(value2,"Promise")}function IsRecord(value2){return IsKindOf(value2,"Record")}function IsRef(value2){return IsKindOf(value2,"Ref")}function IsRegExp2(value2){return IsKindOf(value2,"RegExp")}function IsString2(value2){return IsKindOf(value2,"String")}function IsSymbol2(value2){return IsKindOf(value2,"Symbol")}function IsTemplateLiteral(value2){return IsKindOf(value2,"TemplateLiteral")}function IsThis(value2){return IsKindOf(value2,"This")}function IsTransform(value2){return IsObject(value2)&&TransformKind in value2}function IsTuple(value2){return IsKindOf(value2,"Tuple")}function IsUndefined3(value2){return IsKindOf(value2,"Undefined")}function IsUnion(value2){return IsKindOf(value2,"Union")}function IsUint8Array2(value2){return IsKindOf(value2,"Uint8Array")}function IsUnknown(value2){return IsKindOf(value2,"Unknown")}function IsUnsafe(value2){return IsKindOf(value2,"Unsafe")}function IsVoid(value2){return IsKindOf(value2,"Void")}function IsKind(value2){return IsObject(value2)&&Kind2 in value2&&IsString(value2[Kind2])}function IsSchema(value2){return IsAny(value2)||IsArgument(value2)||IsArray3(value2)||IsBoolean2(value2)||IsBigInt2(value2)||IsAsyncIterator2(value2)||IsComputed(value2)||IsConstructor(value2)||IsDate2(value2)||IsFunction2(value2)||IsInteger(value2)||IsIntersect(value2)||IsIterator2(value2)||IsLiteral(value2)||IsMappedKey(value2)||IsMappedResult(value2)||IsNever(value2)||IsNot(value2)||IsNull2(value2)||IsNumber3(value2)||IsObject3(value2)||IsPromise(value2)||IsRecord(value2)||IsRef(value2)||IsRegExp2(value2)||IsString2(value2)||IsSymbol2(value2)||IsTemplateLiteral(value2)||IsThis(value2)||IsTuple(value2)||IsUndefined3(value2)||IsUnion(value2)||IsUint8Array2(value2)||IsUnknown(value2)||IsUnsafe(value2)||IsVoid(value2)||IsKind(value2)}var init_kind=__esm(()=>{init_symbols2()});var exports_type={};__export(exports_type,{TypeGuardUnknownTypeError:()=>TypeGuardUnknownTypeError,IsVoid:()=>IsVoid2,IsUnsafe:()=>IsUnsafe2,IsUnknown:()=>IsUnknown2,IsUnionLiteral:()=>IsUnionLiteral,IsUnion:()=>IsUnion2,IsUndefined:()=>IsUndefined4,IsUint8Array:()=>IsUint8Array3,IsTuple:()=>IsTuple2,IsTransform:()=>IsTransform2,IsThis:()=>IsThis2,IsTemplateLiteral:()=>IsTemplateLiteral2,IsSymbol:()=>IsSymbol3,IsString:()=>IsString3,IsSchema:()=>IsSchema2,IsRegExp:()=>IsRegExp3,IsRef:()=>IsRef2,IsRecursive:()=>IsRecursive,IsRecord:()=>IsRecord2,IsReadonly:()=>IsReadonly2,IsProperties:()=>IsProperties,IsPromise:()=>IsPromise2,IsOptional:()=>IsOptional2,IsObject:()=>IsObject4,IsNumber:()=>IsNumber4,IsNull:()=>IsNull3,IsNot:()=>IsNot2,IsNever:()=>IsNever2,IsMappedResult:()=>IsMappedResult2,IsMappedKey:()=>IsMappedKey2,IsLiteralValue:()=>IsLiteralValue2,IsLiteralString:()=>IsLiteralString,IsLiteralNumber:()=>IsLiteralNumber,IsLiteralBoolean:()=>IsLiteralBoolean,IsLiteral:()=>IsLiteral2,IsKindOf:()=>IsKindOf2,IsKind:()=>IsKind2,IsIterator:()=>IsIterator3,IsIntersect:()=>IsIntersect2,IsInteger:()=>IsInteger2,IsImport:()=>IsImport,IsFunction:()=>IsFunction3,IsDate:()=>IsDate3,IsConstructor:()=>IsConstructor2,IsComputed:()=>IsComputed2,IsBoolean:()=>IsBoolean3,IsBigInt:()=>IsBigInt3,IsAsyncIterator:()=>IsAsyncIterator3,IsArray:()=>IsArray4,IsArgument:()=>IsArgument2,IsAny:()=>IsAny2});function IsPattern(value2){try{return new RegExp(value2),!0}catch{return!1}}function IsControlCharacterFree(value2){if(!IsString(value2))return!1;for(let i=0;i<value2.length;i++){let code=value2.charCodeAt(i);if(code>=7&&code<=13||code===27||code===127)return!1}return!0}function IsAdditionalProperties(value2){return IsOptionalBoolean(value2)||IsSchema2(value2)}function IsOptionalBigInt(value2){return IsUndefined(value2)||IsBigInt(value2)}function IsOptionalNumber(value2){return IsUndefined(value2)||IsNumber(value2)}function IsOptionalBoolean(value2){return IsUndefined(value2)||IsBoolean(value2)}function IsOptionalString(value2){return IsUndefined(value2)||IsString(value2)}function IsOptionalPattern(value2){return IsUndefined(value2)||IsString(value2)&&IsControlCharacterFree(value2)&&IsPattern(value2)}function IsOptionalFormat(value2){return IsUndefined(value2)||IsString(value2)&&IsControlCharacterFree(value2)}function IsOptionalSchema(value2){return IsUndefined(value2)||IsSchema2(value2)}function IsReadonly2(value2){return IsObject(value2)&&value2[ReadonlyKind]==="Readonly"}function IsOptional2(value2){return IsObject(value2)&&value2[OptionalKind]==="Optional"}function IsAny2(value2){return IsKindOf2(value2,"Any")&&IsOptionalString(value2.$id)}function IsArgument2(value2){return IsKindOf2(value2,"Argument")&&IsNumber(value2.index)}function IsArray4(value2){return IsKindOf2(value2,"Array")&&value2.type==="array"&&IsOptionalString(value2.$id)&&IsSchema2(value2.items)&&IsOptionalNumber(value2.minItems)&&IsOptionalNumber(value2.maxItems)&&IsOptionalBoolean(value2.uniqueItems)&&IsOptionalSchema(value2.contains)&&IsOptionalNumber(value2.minContains)&&IsOptionalNumber(value2.maxContains)}function IsAsyncIterator3(value2){return IsKindOf2(value2,"AsyncIterator")&&value2.type==="AsyncIterator"&&IsOptionalString(value2.$id)&&IsSchema2(value2.items)}function IsBigInt3(value2){return IsKindOf2(value2,"BigInt")&&value2.type==="bigint"&&IsOptionalString(value2.$id)&&IsOptionalBigInt(value2.exclusiveMaximum)&&IsOptionalBigInt(value2.exclusiveMinimum)&&IsOptionalBigInt(value2.maximum)&&IsOptionalBigInt(value2.minimum)&&IsOptionalBigInt(value2.multipleOf)}function IsBoolean3(value2){return IsKindOf2(value2,"Boolean")&&value2.type==="boolean"&&IsOptionalString(value2.$id)}function IsComputed2(value2){return IsKindOf2(value2,"Computed")&&IsString(value2.target)&&IsArray(value2.parameters)&&value2.parameters.every((schema)=>IsSchema2(schema))}function IsConstructor2(value2){return IsKindOf2(value2,"Constructor")&&value2.type==="Constructor"&&IsOptionalString(value2.$id)&&IsArray(value2.parameters)&&value2.parameters.every((schema)=>IsSchema2(schema))&&IsSchema2(value2.returns)}function IsDate3(value2){return IsKindOf2(value2,"Date")&&value2.type==="Date"&&IsOptionalString(value2.$id)&&IsOptionalNumber(value2.exclusiveMaximumTimestamp)&&IsOptionalNumber(value2.exclusiveMinimumTimestamp)&&IsOptionalNumber(value2.maximumTimestamp)&&IsOptionalNumber(value2.minimumTimestamp)&&IsOptionalNumber(value2.multipleOfTimestamp)}function IsFunction3(value2){return IsKindOf2(value2,"Function")&&value2.type==="Function"&&IsOptionalString(value2.$id)&&IsArray(value2.parameters)&&value2.parameters.every((schema)=>IsSchema2(schema))&&IsSchema2(value2.returns)}function IsImport(value2){return IsKindOf2(value2,"Import")&&HasPropertyKey(value2,"$defs")&&IsObject(value2.$defs)&&IsProperties(value2.$defs)&&HasPropertyKey(value2,"$ref")&&IsString(value2.$ref)&&value2.$ref in value2.$defs}function IsInteger2(value2){return IsKindOf2(value2,"Integer")&&value2.type==="integer"&&IsOptionalString(value2.$id)&&IsOptionalNumber(value2.exclusiveMaximum)&&IsOptionalNumber(value2.exclusiveMinimum)&&IsOptionalNumber(value2.maximum)&&IsOptionalNumber(value2.minimum)&&IsOptionalNumber(value2.multipleOf)}function IsProperties(value2){return IsObject(value2)&&Object.entries(value2).every(([key2,schema])=>IsControlCharacterFree(key2)&&IsSchema2(schema))}function IsIntersect2(value2){return IsKindOf2(value2,"Intersect")&&(IsString(value2.type)&&value2.type!=="object"?!1:!0)&&IsArray(value2.allOf)&&value2.allOf.every((schema)=>IsSchema2(schema)&&!IsTransform2(schema))&&IsOptionalString(value2.type)&&(IsOptionalBoolean(value2.unevaluatedProperties)||IsOptionalSchema(value2.unevaluatedProperties))&&IsOptionalString(value2.$id)}function IsIterator3(value2){return IsKindOf2(value2,"Iterator")&&value2.type==="Iterator"&&IsOptionalString(value2.$id)&&IsSchema2(value2.items)}function IsKindOf2(value2,kind){return IsObject(value2)&&Kind2 in value2&&value2[Kind2]===kind}function IsLiteralString(value2){return IsLiteral2(value2)&&IsString(value2.const)}function IsLiteralNumber(value2){return IsLiteral2(value2)&&IsNumber(value2.const)}function IsLiteralBoolean(value2){return IsLiteral2(value2)&&IsBoolean(value2.const)}function IsLiteral2(value2){return IsKindOf2(value2,"Literal")&&IsOptionalString(value2.$id)&&IsLiteralValue2(value2.const)}function IsLiteralValue2(value2){return IsBoolean(value2)||IsNumber(value2)||IsString(value2)}function IsMappedKey2(value2){return IsKindOf2(value2,"MappedKey")&&IsArray(value2.keys)&&value2.keys.every((key2)=>IsNumber(key2)||IsString(key2))}function IsMappedResult2(value2){return IsKindOf2(value2,"MappedResult")&&IsProperties(value2.properties)}function IsNever2(value2){return IsKindOf2(value2,"Never")&&IsObject(value2.not)&&Object.getOwnPropertyNames(value2.not).length===0}function IsNot2(value2){return IsKindOf2(value2,"Not")&&IsSchema2(value2.not)}function IsNull3(value2){return IsKindOf2(value2,"Null")&&value2.type==="null"&&IsOptionalString(value2.$id)}function IsNumber4(value2){return IsKindOf2(value2,"Number")&&value2.type==="number"&&IsOptionalString(value2.$id)&&IsOptionalNumber(value2.exclusiveMaximum)&&IsOptionalNumber(value2.exclusiveMinimum)&&IsOptionalNumber(value2.maximum)&&IsOptionalNumber(value2.minimum)&&IsOptionalNumber(value2.multipleOf)}function IsObject4(value2){return IsKindOf2(value2,"Object")&&value2.type==="object"&&IsOptionalString(value2.$id)&&IsProperties(value2.properties)&&IsAdditionalProperties(value2.additionalProperties)&&IsOptionalNumber(value2.minProperties)&&IsOptionalNumber(value2.maxProperties)}function IsPromise2(value2){return IsKindOf2(value2,"Promise")&&value2.type==="Promise"&&IsOptionalString(value2.$id)&&IsSchema2(value2.item)}function IsRecord2(value2){return IsKindOf2(value2,"Record")&&value2.type==="object"&&IsOptionalString(value2.$id)&&IsAdditionalProperties(value2.additionalProperties)&&IsObject(value2.patternProperties)&&((schema)=>{let keys=Object.getOwnPropertyNames(schema.patternProperties);return keys.length===1&&IsPattern(keys[0])&&IsObject(schema.patternProperties)&&IsSchema2(schema.patternProperties[keys[0]])})(value2)}function IsRecursive(value2){return IsObject(value2)&&Hint in value2&&value2[Hint]==="Recursive"}function IsRef2(value2){return IsKindOf2(value2,"Ref")&&IsOptionalString(value2.$id)&&IsString(value2.$ref)}function IsRegExp3(value2){return IsKindOf2(value2,"RegExp")&&IsOptionalString(value2.$id)&&IsString(value2.source)&&IsString(value2.flags)&&IsOptionalNumber(value2.maxLength)&&IsOptionalNumber(value2.minLength)}function IsString3(value2){return IsKindOf2(value2,"String")&&value2.type==="string"&&IsOptionalString(value2.$id)&&IsOptionalNumber(value2.minLength)&&IsOptionalNumber(value2.maxLength)&&IsOptionalPattern(value2.pattern)&&IsOptionalFormat(value2.format)}function IsSymbol3(value2){return IsKindOf2(value2,"Symbol")&&value2.type==="symbol"&&IsOptionalString(value2.$id)}function IsTemplateLiteral2(value2){return IsKindOf2(value2,"TemplateLiteral")&&value2.type==="string"&&IsString(value2.pattern)&&value2.pattern[0]==="^"&&value2.pattern[value2.pattern.length-1]==="$"}function IsThis2(value2){return IsKindOf2(value2,"This")&&IsOptionalString(value2.$id)&&IsString(value2.$ref)}function IsTransform2(value2){return IsObject(value2)&&TransformKind in value2}function IsTuple2(value2){return IsKindOf2(value2,"Tuple")&&value2.type==="array"&&IsOptionalString(value2.$id)&&IsNumber(value2.minItems)&&IsNumber(value2.maxItems)&&value2.minItems===value2.maxItems&&(IsUndefined(value2.items)&&IsUndefined(value2.additionalItems)&&value2.minItems===0||IsArray(value2.items)&&value2.items.every((schema)=>IsSchema2(schema)))}function IsUndefined4(value2){return IsKindOf2(value2,"Undefined")&&value2.type==="undefined"&&IsOptionalString(value2.$id)}function IsUnionLiteral(value2){return IsUnion2(value2)&&value2.anyOf.every((schema)=>IsLiteralString(schema)||IsLiteralNumber(schema))}function IsUnion2(value2){return IsKindOf2(value2,"Union")&&IsOptionalString(value2.$id)&&IsObject(value2)&&IsArray(value2.anyOf)&&value2.anyOf.every((schema)=>IsSchema2(schema))}function IsUint8Array3(value2){return IsKindOf2(value2,"Uint8Array")&&value2.type==="Uint8Array"&&IsOptionalString(value2.$id)&&IsOptionalNumber(value2.minByteLength)&&IsOptionalNumber(value2.maxByteLength)}function IsUnknown2(value2){return IsKindOf2(value2,"Unknown")&&IsOptionalString(value2.$id)}function IsUnsafe2(value2){return IsKindOf2(value2,"Unsafe")}function IsVoid2(value2){return IsKindOf2(value2,"Void")&&value2.type==="void"&&IsOptionalString(value2.$id)}function IsKind2(value2){return IsObject(value2)&&Kind2 in value2&&IsString(value2[Kind2])&&!KnownTypes.includes(value2[Kind2])}function IsSchema2(value2){return IsObject(value2)&&(IsAny2(value2)||IsArgument2(value2)||IsArray4(value2)||IsBoolean3(value2)||IsBigInt3(value2)||IsAsyncIterator3(value2)||IsComputed2(value2)||IsConstructor2(value2)||IsDate3(value2)||IsFunction3(value2)||IsInteger2(value2)||IsIntersect2(value2)||IsIterator3(value2)||IsLiteral2(value2)||IsMappedKey2(value2)||IsMappedResult2(value2)||IsNever2(value2)||IsNot2(value2)||IsNull3(value2)||IsNumber4(value2)||IsObject4(value2)||IsPromise2(value2)||IsRecord2(value2)||IsRef2(value2)||IsRegExp3(value2)||IsString3(value2)||IsSymbol3(value2)||IsTemplateLiteral2(value2)||IsThis2(value2)||IsTuple2(value2)||IsUndefined4(value2)||IsUnion2(value2)||IsUint8Array3(value2)||IsUnknown2(value2)||IsUnsafe2(value2)||IsVoid2(value2)||IsKind2(value2))}var TypeGuardUnknownTypeError,KnownTypes;var init_type3=__esm(()=>{init_symbols2();init_error2();TypeGuardUnknownTypeError=class TypeGuardUnknownTypeError extends TypeBoxError{};KnownTypes=["Argument","Any","Array","AsyncIterator","BigInt","Boolean","Computed","Constructor","Date","Enum","Function","Integer","Intersect","Iterator","Literal","MappedKey","MappedResult","Not","Null","Number","Object","Promise","Record","Ref","RegExp","String","Symbol","TemplateLiteral","This","Tuple","Undefined","Union","Uint8Array","Unknown","Void"]});var init_guard2=__esm(()=>{init_kind();init_type3()});var init_helpers4=()=>{};var PatternBoolean="(true|false)",PatternNumber="(0|[1-9][0-9]*)",PatternString="(.*)",PatternNumberExact="^(0|[1-9][0-9]*)$",PatternStringExact="^(.*)$",PatternNeverExact="^(?!.*)$";var init_patterns=()=>{};var init_format=()=>{};var init_type4=()=>{};var init_registry3=__esm(()=>{init_format();init_type4()});function SetIncludes(T,S){return T.includes(S)}function SetDistinct(T){return[...new Set(T)]}function SetIntersect(T,S){return T.filter((L)=>S.includes(L))}function SetIntersectManyResolve(T,Init){return T.reduce((Acc,L)=>{return SetIntersect(Acc,L)},Init)}function SetIntersectMany(T){return T.length===1?T[0]:T.length>1?SetIntersectManyResolve(T.slice(1),T[0]):[]}function SetUnionMany(T){let Acc=[];for(let L of T)Acc.push(...L);return Acc}var init_sets=()=>{};function Any2(options){return CreateType({[Kind2]:"Any"},options)}var init_any=__esm(()=>{init_create();init_symbols2()});var init_any2=__esm(()=>{init_any()});function Array2(items,options){return CreateType({[Kind2]:"Array",type:"array",items},options)}var init_array=__esm(()=>{init_type2();init_symbols2()});var init_array2=__esm(()=>{init_array()});function Argument(index){return CreateType({[Kind2]:"Argument",index})}var init_argument=__esm(()=>{init_type2();init_symbols2()});var init_argument2=__esm(()=>{init_argument()});function AsyncIterator2(items,options){return CreateType({[Kind2]:"AsyncIterator",type:"AsyncIterator",items},options)}var init_async_iterator=__esm(()=>{init_symbols2();init_type2()});var init_async_iterator2=__esm(()=>{init_async_iterator()});function Computed(target2,parameters2,options){return CreateType({[Kind2]:"Computed",target:target2,parameters:parameters2},options)}var init_computed=__esm(()=>{init_create();init_symbols()});var init_computed2=__esm(()=>{init_computed()});function DiscardKey(value2,key2){let{[key2]:_,...rest}=value2;return rest}function Discard(value2,keys){return keys.reduce((acc,key2)=>DiscardKey(acc,key2),value2)}var init_discard=()=>{};function Never(options){return CreateType({[Kind2]:"Never",not:{}},options)}var init_never=__esm(()=>{init_type2();init_symbols2()});var init_never2=__esm(()=>{init_never()});var init_mapped_key=()=>{};function MappedResult(properties){return CreateType({[Kind2]:"MappedResult",properties})}var init_mapped_result=__esm(()=>{init_type2();init_symbols2()});function Constructor(parameters2,returns,options){return CreateType({[Kind2]:"Constructor",type:"Constructor",parameters:parameters2,returns},options)}var init_constructor=__esm(()=>{init_type2();init_symbols2()});var init_constructor2=__esm(()=>{init_constructor()});function Function2(parameters2,returns,options){return CreateType({[Kind2]:"Function",type:"Function",parameters:parameters2,returns},options)}var init_function=__esm(()=>{init_type2();init_symbols2()});var init_function2=__esm(()=>{init_function()});function UnionCreate(T,options){return CreateType({[Kind2]:"Union",anyOf:T},options)}var init_union_create=__esm(()=>{init_type2();init_symbols2()});function IsUnionOptional(types18){return types18.some((type3)=>IsOptional(type3))}function RemoveOptionalFromRest(types18){return types18.map((left)=>IsOptional(left)?RemoveOptionalFromType(left):left)}function RemoveOptionalFromType(T){return Discard(T,[OptionalKind])}function ResolveUnion(types18,options){return IsUnionOptional(types18)?Optional(UnionCreate(RemoveOptionalFromRest(types18),options)):UnionCreate(RemoveOptionalFromRest(types18),options)}function UnionEvaluated(T,options){return T.length===1?CreateType(T[0],options):T.length===0?Never(options):ResolveUnion(T,options)}var init_union_evaluated=__esm(()=>{init_type2();init_symbols2();init_discard();init_never2();init_optional2();init_union_create();init_kind()});var init_union_type=()=>{};function Union(types18,options){return types18.length===0?Never(options):types18.length===1?CreateType(types18[0],options):UnionCreate(types18,options)}var init_union=__esm(()=>{init_never2();init_type2();init_union_create()});var init_union2=__esm(()=>{init_union_evaluated();init_union_type();init_union()});function Unescape(pattern){return pattern.replace(/\\\$/g,"$").replace(/\\\*/g,"*").replace(/\\\^/g,"^").replace(/\\\|/g,"|").replace(/\\\(/g,"(").replace(/\\\)/g,")")}function IsNonEscaped(pattern,index,char){return pattern[index]===char&&pattern.charCodeAt(index-1)!==92}function IsOpenParen(pattern,index){return IsNonEscaped(pattern,index,"(")}function IsCloseParen(pattern,index){return IsNonEscaped(pattern,index,")")}function IsSeparator(pattern,index){return IsNonEscaped(pattern,index,"|")}function IsGroup(pattern){if(!(IsOpenParen(pattern,0)&&IsCloseParen(pattern,pattern.length-1)))return!1;let count3=0;for(let index=0;index<pattern.length;index++){if(IsOpenParen(pattern,index))count3+=1;if(IsCloseParen(pattern,index))count3-=1;if(count3===0&&index!==pattern.length-1)return!1}return!0}function InGroup(pattern){return pattern.slice(1,pattern.length-1)}function IsPrecedenceOr(pattern){let count3=0;for(let index=0;index<pattern.length;index++){if(IsOpenParen(pattern,index))count3+=1;if(IsCloseParen(pattern,index))count3-=1;if(IsSeparator(pattern,index)&&count3===0)return!0}return!1}function IsPrecedenceAnd(pattern){for(let index=0;index<pattern.length;index++)if(IsOpenParen(pattern,index))return!0;return!1}function Or(pattern){let[count3,start]=[0,0],expressions=[];for(let index=0;index<pattern.length;index++){if(IsOpenParen(pattern,index))count3+=1;if(IsCloseParen(pattern,index))count3-=1;if(IsSeparator(pattern,index)&&count3===0){let range2=pattern.slice(start,index);if(range2.length>0)expressions.push(TemplateLiteralParse(range2));start=index+1}}let range=pattern.slice(start);if(range.length>0)expressions.push(TemplateLiteralParse(range));if(expressions.length===0)return{type:"const",const:""};if(expressions.length===1)return expressions[0];return{type:"or",expr:expressions}}function And(pattern){function Group(value2,index){if(!IsOpenParen(value2,index))throw new TemplateLiteralParserError("TemplateLiteralParser: Index must point to open parens");let count3=0;for(let scan=index;scan<value2.length;scan++){if(IsOpenParen(value2,scan))count3+=1;if(IsCloseParen(value2,scan))count3-=1;if(count3===0)return[index,scan]}throw new TemplateLiteralParserError("TemplateLiteralParser: Unclosed group parens in expression")}function Range(pattern2,index){for(let scan=index;scan<pattern2.length;scan++)if(IsOpenParen(pattern2,scan))return[index,scan];return[index,pattern2.length]}let expressions=[];for(let index=0;index<pattern.length;index++)if(IsOpenParen(pattern,index)){let[start,end]=Group(pattern,index),range=pattern.slice(start,end+1);expressions.push(TemplateLiteralParse(range)),index=end}else{let[start,end]=Range(pattern,index),range=pattern.slice(start,end);if(range.length>0)expressions.push(TemplateLiteralParse(range));index=end-1}return expressions.length===0?{type:"const",const:""}:expressions.length===1?expressions[0]:{type:"and",expr:expressions}}function TemplateLiteralParse(pattern){return IsGroup(pattern)?TemplateLiteralParse(InGroup(pattern)):IsPrecedenceOr(pattern)?Or(pattern):IsPrecedenceAnd(pattern)?And(pattern):{type:"const",const:Unescape(pattern)}}function TemplateLiteralParseExact(pattern){return TemplateLiteralParse(pattern.slice(1,pattern.length-1))}var TemplateLiteralParserError;var init_parse=__esm(()=>{init_error2();TemplateLiteralParserError=class TemplateLiteralParserError extends TypeBoxError{}});function IsNumberExpression(expression){return expression.type==="or"&&expression.expr.length===2&&expression.expr[0].type==="const"&&expression.expr[0].const==="0"&&expression.expr[1].type==="const"&&expression.expr[1].const==="[1-9][0-9]*"}function IsBooleanExpression(expression){return expression.type==="or"&&expression.expr.length===2&&expression.expr[0].type==="const"&&expression.expr[0].const==="true"&&expression.expr[1].type==="const"&&expression.expr[1].const==="false"}function IsStringExpression(expression){return expression.type==="const"&&expression.const===".*"}function IsTemplateLiteralExpressionFinite(expression){return IsNumberExpression(expression)||IsStringExpression(expression)?!1:IsBooleanExpression(expression)?!0:expression.type==="and"?expression.expr.every((expr)=>IsTemplateLiteralExpressionFinite(expr)):expression.type==="or"?expression.expr.every((expr)=>IsTemplateLiteralExpressionFinite(expr)):expression.type==="const"?!0:(()=>{throw new TemplateLiteralFiniteError("Unknown expression type")})()}function IsTemplateLiteralFinite(schema){let expression=TemplateLiteralParseExact(schema.pattern);return IsTemplateLiteralExpressionFinite(expression)}var TemplateLiteralFiniteError;var init_finite=__esm(()=>{init_parse();init_error2();TemplateLiteralFiniteError=class TemplateLiteralFiniteError extends TypeBoxError{}});function*GenerateReduce(buffer){if(buffer.length===1)return yield*buffer[0];for(let left of buffer[0])for(let right of GenerateReduce(buffer.slice(1)))yield`${left}${right}`}function*GenerateAnd(expression){return yield*GenerateReduce(expression.expr.map((expr)=>[...TemplateLiteralExpressionGenerate(expr)]))}function*GenerateOr(expression){for(let expr of expression.expr)yield*TemplateLiteralExpressionGenerate(expr)}function*GenerateConst(expression){return yield expression.const}function*TemplateLiteralExpressionGenerate(expression){return expression.type==="and"?yield*GenerateAnd(expression):expression.type==="or"?yield*GenerateOr(expression):expression.type==="const"?yield*GenerateConst(expression):(()=>{throw new TemplateLiteralGenerateError("Unknown expression")})()}function TemplateLiteralGenerate(schema){let expression=TemplateLiteralParseExact(schema.pattern);return IsTemplateLiteralExpressionFinite(expression)?[...TemplateLiteralExpressionGenerate(expression)]:[]}var TemplateLiteralGenerateError;var init_generate=__esm(()=>{init_finite();init_parse();init_error2();TemplateLiteralGenerateError=class TemplateLiteralGenerateError extends TypeBoxError{}});function Literal(value2,options){return CreateType({[Kind2]:"Literal",const:value2,type:typeof value2},options)}var init_literal=__esm(()=>{init_type2();init_symbols2()});var init_literal2=__esm(()=>{init_literal()});function Boolean3(options){return CreateType({[Kind2]:"Boolean",type:"boolean"},options)}var init_boolean=__esm(()=>{init_symbols2();init_create()});var init_boolean2=__esm(()=>{init_boolean()});function BigInt2(options){return CreateType({[Kind2]:"BigInt",type:"bigint"},options)}var init_bigint=__esm(()=>{init_symbols2();init_create()});var init_bigint2=__esm(()=>{init_bigint()});function Number2(options){return CreateType({[Kind2]:"Number",type:"number"},options)}var init_number=__esm(()=>{init_type2();init_symbols2()});var init_number2=__esm(()=>{init_number()});function String2(options){return CreateType({[Kind2]:"String",type:"string"},options)}var init_string=__esm(()=>{init_type2();init_symbols2()});var init_string2=__esm(()=>{init_string()});function*FromUnion(syntax){let trim=syntax.trim().replace(/"|'/g,"");return trim==="boolean"?yield Boolean3():trim==="number"?yield Number2():trim==="bigint"?yield BigInt2():trim==="string"?yield String2():yield(()=>{let literals=trim.split("|").map((literal2)=>Literal(literal2.trim()));return literals.length===0?Never():literals.length===1?literals[0]:UnionEvaluated(literals)})()}function*FromTerminal(syntax){if(syntax[1]!=="{"){let L=Literal("$"),R=FromSyntax(syntax.slice(1));return yield*[L,...R]}for(let i=2;i<syntax.length;i++)if(syntax[i]==="}"){let L=FromUnion(syntax.slice(2,i)),R=FromSyntax(syntax.slice(i+1));return yield*[...L,...R]}yield Literal(syntax)}function*FromSyntax(syntax){for(let i=0;i<syntax.length;i++)if(syntax[i]==="$"){let L=Literal(syntax.slice(0,i)),R=FromTerminal(syntax.slice(i));return yield*[L,...R]}yield Literal(syntax)}function TemplateLiteralSyntax(syntax){return[...FromSyntax(syntax)]}var init_syntax=__esm(()=>{init_literal2();init_boolean2();init_bigint2();init_number2();init_string2();init_union2();init_never2()});function Escape(value2){return value2.replace(/[.*+?^${}()|[\]\\]/g,"\\$&")}function Visit2(schema,acc){return IsTemplateLiteral(schema)?schema.pattern.slice(1,schema.pattern.length-1):IsUnion(schema)?`(${schema.anyOf.map((schema2)=>Visit2(schema2,acc)).join("|")})`:IsNumber3(schema)?`${acc}${PatternNumber}`:IsInteger(schema)?`${acc}${PatternNumber}`:IsBigInt2(schema)?`${acc}${PatternNumber}`:IsString2(schema)?`${acc}${PatternString}`:IsLiteral(schema)?`${acc}${Escape(schema.const.toString())}`:IsBoolean2(schema)?`${acc}${PatternBoolean}`:(()=>{throw new TemplateLiteralPatternError(`Unexpected Kind '${schema[Kind2]}'`)})()}function TemplateLiteralPattern(kinds){return`^${kinds.map((schema)=>Visit2(schema,"")).join("")}$`}var TemplateLiteralPatternError;var init_pattern=__esm(()=>{init_patterns();init_symbols2();init_error2();init_kind();TemplateLiteralPatternError=class TemplateLiteralPatternError extends TypeBoxError{}});function TemplateLiteralToUnion(schema){let L=TemplateLiteralGenerate(schema).map((S)=>Literal(S));return UnionEvaluated(L)}var init_union3=__esm(()=>{init_union2();init_literal2();init_generate()});function TemplateLiteral(unresolved,options){let pattern=IsString(unresolved)?TemplateLiteralPattern(TemplateLiteralSyntax(unresolved)):TemplateLiteralPattern(unresolved);return CreateType({[Kind2]:"TemplateLiteral",type:"string",pattern},options)}var init_template_literal=__esm(()=>{init_type2();init_syntax();init_pattern();init_symbols2()});var init_template_literal2=__esm(()=>{init_finite();init_generate();init_syntax();init_parse();init_pattern();init_union3();init_template_literal()});function FromTemplateLiteral(templateLiteral){return TemplateLiteralGenerate(templateLiteral).map((key2)=>key2.toString())}function FromUnion2(types18){let result=[];for(let type3 of types18)result.push(...IndexPropertyKeys(type3));return result}function FromLiteral(literalValue){return[literalValue.toString()]}function IndexPropertyKeys(type3){return[...new Set(IsTemplateLiteral(type3)?FromTemplateLiteral(type3):IsUnion(type3)?FromUnion2(type3.anyOf):IsLiteral(type3)?FromLiteral(type3.const):IsNumber3(type3)?["[number]"]:IsInteger(type3)?["[number]"]:[])]}var init_indexed_property_keys=__esm(()=>{init_template_literal2();init_kind()});function FromProperties(type3,properties,options){let result={};for(let K2 of Object.getOwnPropertyNames(properties))result[K2]=Index(type3,IndexPropertyKeys(properties[K2]),options);return result}function FromMappedResult(type3,mappedResult,options){return FromProperties(type3,mappedResult.properties,options)}function IndexFromMappedResult(type3,mappedResult,options){let properties=FromMappedResult(type3,mappedResult,options);return MappedResult(properties)}var init_indexed_from_mapped_result=__esm(()=>{init_mapped2();init_indexed_property_keys();init_indexed2()});function FromRest(types18,key2){return types18.map((type3)=>IndexFromPropertyKey(type3,key2))}function FromIntersectRest(types18){return types18.filter((type3)=>!IsNever(type3))}function FromIntersect(types18,key2){return IntersectEvaluated(FromIntersectRest(FromRest(types18,key2)))}function FromUnionRest(types18){return types18.some((L)=>IsNever(L))?[]:types18}function FromUnion3(types18,key2){return UnionEvaluated(FromUnionRest(FromRest(types18,key2)))}function FromTuple(types18,key2){return key2 in types18?types18[key2]:key2==="[number]"?UnionEvaluated(types18):Never()}function FromArray(type3,key2){return key2==="[number]"?type3:Never()}function FromProperty(properties,propertyKey){return propertyKey in properties?properties[propertyKey]:Never()}function IndexFromPropertyKey(type3,propertyKey){return IsIntersect(type3)?FromIntersect(type3.allOf,propertyKey):IsUnion(type3)?FromUnion3(type3.anyOf,propertyKey):IsTuple(type3)?FromTuple(type3.items??[],propertyKey):IsArray3(type3)?FromArray(type3.items,propertyKey):IsObject3(type3)?FromProperty(type3.properties,propertyKey):Never()}function IndexFromPropertyKeys(type3,propertyKeys){return propertyKeys.map((propertyKey)=>IndexFromPropertyKey(type3,propertyKey))}function FromSchema(type3,propertyKeys){return UnionEvaluated(IndexFromPropertyKeys(type3,propertyKeys))}function Index(type3,key2,options){if(IsRef(type3)||IsRef(key2)){if(!IsSchema(type3)||!IsSchema(key2))throw new TypeBoxError("Index types using Ref parameters require both Type and Key to be of TSchema");return Computed("Index",[type3,key2])}if(IsMappedResult(key2))return IndexFromMappedResult(type3,key2,options);if(IsMappedKey(key2))return IndexFromMappedKey(type3,key2,options);return CreateType(IsSchema(key2)?FromSchema(type3,IndexPropertyKeys(key2)):FromSchema(type3,key2),options)}var init_indexed=__esm(()=>{init_type2();init_error2();init_computed2();init_never2();init_intersect2();init_union2();init_indexed_property_keys();init_indexed_from_mapped_key();init_indexed_from_mapped_result();init_kind()});function MappedIndexPropertyKey(type3,key2,options){return{[key2]:Index(type3,[key2],Clone(options))}}function MappedIndexPropertyKeys(type3,propertyKeys,options){return propertyKeys.reduce((result,left)=>{return{...result,...MappedIndexPropertyKey(type3,left,options)}},{})}function MappedIndexProperties(type3,mappedKey,options){return MappedIndexPropertyKeys(type3,mappedKey.keys,options)}function IndexFromMappedKey(type3,mappedKey,options){let properties=MappedIndexProperties(type3,mappedKey,options);return MappedResult(properties)}var init_indexed_from_mapped_key=__esm(()=>{init_indexed();init_mapped2();init_value()});var init_indexed2=__esm(()=>{init_indexed_from_mapped_key();init_indexed_from_mapped_result();init_indexed_property_keys();init_indexed()});function Iterator2(items,options){return CreateType({[Kind2]:"Iterator",type:"Iterator",items},options)}var init_iterator=__esm(()=>{init_type2();init_symbols2()});var init_iterator2=__esm(()=>{init_iterator()});function RequiredArray(properties){return globalThis.Object.keys(properties).filter((key2)=>!IsOptional(properties[key2]))}function _Object(properties,options){let required=RequiredArray(properties),schema=required.length>0?{[Kind2]:"Object",type:"object",required,properties}:{[Kind2]:"Object",type:"object",properties};return CreateType(schema,options)}var Object2;var init_object=__esm(()=>{init_type2();init_symbols2();init_kind();Object2=_Object});var init_object2=__esm(()=>{init_object()});function Promise2(item,options){return CreateType({[Kind2]:"Promise",type:"Promise",item},options)}var init_promise=__esm(()=>{init_type2();init_symbols2()});var init_promise2=__esm(()=>{init_promise()});function RemoveReadonly(schema){return CreateType(Discard(schema,[ReadonlyKind]))}function AddReadonly(schema){return CreateType({...schema,[ReadonlyKind]:"Readonly"})}function ReadonlyWithFlag(schema,F){return F===!1?RemoveReadonly(schema):AddReadonly(schema)}function Readonly(schema,enable){let F=enable??!0;return IsMappedResult(schema)?ReadonlyFromMappedResult(schema,F):ReadonlyWithFlag(schema,F)}var init_readonly=__esm(()=>{init_type2();init_symbols2();init_discard();init_readonly_from_mapped_result();init_kind()});function FromProperties2(K2,F){let Acc={};for(let K22 of globalThis.Object.getOwnPropertyNames(K2))Acc[K22]=Readonly(K2[K22],F);return Acc}function FromMappedResult2(R,F){return FromProperties2(R.properties,F)}function ReadonlyFromMappedResult(R,F){let P=FromMappedResult2(R,F);return MappedResult(P)}var init_readonly_from_mapped_result=__esm(()=>{init_mapped2();init_readonly()});var init_readonly2=__esm(()=>{init_readonly_from_mapped_result();init_readonly()});function Tuple(types18,options){return CreateType(types18.length>0?{[Kind2]:"Tuple",type:"array",items:types18,additionalItems:!1,minItems:types18.length,maxItems:types18.length}:{[Kind2]:"Tuple",type:"array",minItems:types18.length,maxItems:types18.length},options)}var init_tuple=__esm(()=>{init_type2();init_symbols2()});var init_tuple2=__esm(()=>{init_tuple()});function FromMappedResult3(K2,P){return K2 in P?FromSchemaType(K2,P[K2]):MappedResult(P)}function MappedKeyToKnownMappedResultProperties(K2){return{[K2]:Literal(K2)}}function MappedKeyToUnknownMappedResultProperties(P){let Acc={};for(let L of P)Acc[L]=Literal(L);return Acc}function MappedKeyToMappedResultProperties(K2,P){return SetIncludes(P,K2)?MappedKeyToKnownMappedResultProperties(K2):MappedKeyToUnknownMappedResultProperties(P)}function FromMappedKey(K2,P){let R=MappedKeyToMappedResultProperties(K2,P);return FromMappedResult3(K2,R)}function FromRest2(K2,T){return T.map((L)=>FromSchemaType(K2,L))}function FromProperties3(K2,T){let Acc={};for(let K22 of globalThis.Object.getOwnPropertyNames(T))Acc[K22]=FromSchemaType(K2,T[K22]);return Acc}function FromSchemaType(K2,T){let options={...T};return IsOptional(T)?Optional(FromSchemaType(K2,Discard(T,[OptionalKind]))):IsReadonly(T)?Readonly(FromSchemaType(K2,Discard(T,[ReadonlyKind]))):IsMappedResult(T)?FromMappedResult3(K2,T.properties):IsMappedKey(T)?FromMappedKey(K2,T.keys):IsConstructor(T)?Constructor(FromRest2(K2,T.parameters),FromSchemaType(K2,T.returns),options):IsFunction2(T)?Function2(FromRest2(K2,T.parameters),FromSchemaType(K2,T.returns),options):IsAsyncIterator2(T)?AsyncIterator2(FromSchemaType(K2,T.items),options):IsIterator2(T)?Iterator2(FromSchemaType(K2,T.items),options):IsIntersect(T)?Intersect(FromRest2(K2,T.allOf),options):IsUnion(T)?Union(FromRest2(K2,T.anyOf),options):IsTuple(T)?Tuple(FromRest2(K2,T.items??[]),options):IsObject3(T)?Object2(FromProperties3(K2,T.properties),options):IsArray3(T)?Array2(FromSchemaType(K2,T.items),options):IsPromise(T)?Promise2(FromSchemaType(K2,T.item),options):T}function MappedFunctionReturnType(K2,T){let Acc={};for(let L of K2)Acc[L]=FromSchemaType(L,T);return Acc}function Mapped(key2,map,options){let K2=IsSchema(key2)?IndexPropertyKeys(key2):key2,RT=map({[Kind2]:"MappedKey",keys:K2}),R=MappedFunctionReturnType(K2,RT);return Object2(R,options)}var init_mapped=__esm(()=>{init_symbols2();init_discard();init_array2();init_async_iterator2();init_constructor2();init_function2();init_indexed2();init_intersect2();init_iterator2();init_literal2();init_object2();init_optional2();init_promise2();init_readonly2();init_tuple2();init_union2();init_sets();init_mapped_result();init_kind()});var init_mapped2=__esm(()=>{init_mapped_key();init_mapped_result();init_mapped()});function RemoveOptional(schema){return CreateType(Discard(schema,[OptionalKind]))}function AddOptional(schema){return CreateType({...schema,[OptionalKind]:"Optional"})}function OptionalWithFlag(schema,F){return F===!1?RemoveOptional(schema):AddOptional(schema)}function Optional(schema,enable){let F=enable??!0;return IsMappedResult(schema)?OptionalFromMappedResult(schema,F):OptionalWithFlag(schema,F)}var init_optional=__esm(()=>{init_type2();init_symbols2();init_discard();init_optional_from_mapped_result();init_kind()});function FromProperties4(P,F){let Acc={};for(let K2 of globalThis.Object.getOwnPropertyNames(P))Acc[K2]=Optional(P[K2],F);return Acc}function FromMappedResult4(R,F){return FromProperties4(R.properties,F)}function OptionalFromMappedResult(R,F){let P=FromMappedResult4(R,F);return MappedResult(P)}var init_optional_from_mapped_result=__esm(()=>{init_mapped2();init_optional()});var init_optional2=__esm(()=>{init_optional_from_mapped_result();init_optional()});function IntersectCreate(T,options={}){let allObjects=T.every((schema)=>IsObject3(schema)),clonedUnevaluatedProperties=IsSchema(options.unevaluatedProperties)?{unevaluatedProperties:options.unevaluatedProperties}:{};return CreateType(options.unevaluatedProperties===!1||IsSchema(options.unevaluatedProperties)||allObjects?{...clonedUnevaluatedProperties,[Kind2]:"Intersect",type:"object",allOf:T}:{...clonedUnevaluatedProperties,[Kind2]:"Intersect",allOf:T},options)}var init_intersect_create=__esm(()=>{init_type2();init_symbols2();init_kind()});function IsIntersectOptional(types18){return types18.every((left)=>IsOptional(left))}function RemoveOptionalFromType2(type3){return Discard(type3,[OptionalKind])}function RemoveOptionalFromRest2(types18){return types18.map((left)=>IsOptional(left)?RemoveOptionalFromType2(left):left)}function ResolveIntersect(types18,options){return IsIntersectOptional(types18)?Optional(IntersectCreate(RemoveOptionalFromRest2(types18),options)):IntersectCreate(RemoveOptionalFromRest2(types18),options)}function IntersectEvaluated(types18,options={}){if(types18.length===1)return CreateType(types18[0],options);if(types18.length===0)return Never(options);if(types18.some((schema)=>IsTransform(schema)))throw Error("Cannot intersect transform types");return ResolveIntersect(types18,options)}var init_intersect_evaluated=__esm(()=>{init_symbols2();init_type2();init_discard();init_never2();init_optional2();init_intersect_create();init_kind()});var init_intersect_type=()=>{};function Intersect(types18,options){if(types18.length===1)return CreateType(types18[0],options);if(types18.length===0)return Never(options);if(types18.some((schema)=>IsTransform(schema)))throw Error("Cannot intersect transform types");return IntersectCreate(types18,options)}var init_intersect=__esm(()=>{init_type2();init_never2();init_intersect_create();init_kind()});var init_intersect2=__esm(()=>{init_intersect_evaluated();init_intersect_type();init_intersect()});function Ref(...args){let[$ref,options]=typeof args[0]==="string"?[args[0],args[1]]:[args[0].$id,args[1]];if(typeof $ref!=="string")throw new TypeBoxError("Ref: $ref must be a string");return CreateType({[Kind2]:"Ref",$ref},options)}var init_ref=__esm(()=>{init_error2();init_type2();init_symbols2()});var init_ref2=__esm(()=>{init_ref()});function FromComputed(target2,parameters2){return Computed("Awaited",[Computed(target2,parameters2)])}function FromRef($ref){return Computed("Awaited",[Ref($ref)])}function FromIntersect2(types18){return Intersect(FromRest3(types18))}function FromUnion4(types18){return Union(FromRest3(types18))}function FromPromise(type3){return Awaited(type3)}function FromRest3(types18){return types18.map((type3)=>Awaited(type3))}function Awaited(type3,options){return CreateType(IsComputed(type3)?FromComputed(type3.target,type3.parameters):IsIntersect(type3)?FromIntersect2(type3.allOf):IsUnion(type3)?FromUnion4(type3.anyOf):IsPromise(type3)?FromPromise(type3.item):IsRef(type3)?FromRef(type3.$ref):type3,options)}var init_awaited=__esm(()=>{init_type2();init_computed2();init_intersect2();init_union2();init_ref2();init_kind()});var init_awaited2=__esm(()=>{init_awaited()});function FromRest4(types18){let result=[];for(let L of types18)result.push(KeyOfPropertyKeys(L));return result}function FromIntersect3(types18){let propertyKeysArray=FromRest4(types18);return SetUnionMany(propertyKeysArray)}function FromUnion5(types18){let propertyKeysArray=FromRest4(types18);return SetIntersectMany(propertyKeysArray)}function FromTuple2(types18){return types18.map((_,indexer)=>indexer.toString())}function FromArray2(_){return["[number]"]}function FromProperties5(T){return globalThis.Object.getOwnPropertyNames(T)}function FromPatternProperties(patternProperties){if(!includePatternProperties)return[];return globalThis.Object.getOwnPropertyNames(patternProperties).map((key2)=>{return key2[0]==="^"&&key2[key2.length-1]==="$"?key2.slice(1,key2.length-1):key2})}function KeyOfPropertyKeys(type3){return IsIntersect(type3)?FromIntersect3(type3.allOf):IsUnion(type3)?FromUnion5(type3.anyOf):IsTuple(type3)?FromTuple2(type3.items??[]):IsArray3(type3)?FromArray2(type3.items):IsObject3(type3)?FromProperties5(type3.properties):IsRecord(type3)?FromPatternProperties(type3.patternProperties):[]}var includePatternProperties=!1;var init_keyof_property_keys=__esm(()=>{init_sets();init_kind()});function FromComputed2(target2,parameters2){return Computed("KeyOf",[Computed(target2,parameters2)])}function FromRef2($ref){return Computed("KeyOf",[Ref($ref)])}function KeyOfFromType(type3,options){let propertyKeys=KeyOfPropertyKeys(type3),propertyKeyTypes=KeyOfPropertyKeysToRest(propertyKeys),result=UnionEvaluated(propertyKeyTypes);return CreateType(result,options)}function KeyOfPropertyKeysToRest(propertyKeys){return propertyKeys.map((L)=>L==="[number]"?Number2():Literal(L))}function KeyOf(type3,options){return IsComputed(type3)?FromComputed2(type3.target,type3.parameters):IsRef(type3)?FromRef2(type3.$ref):IsMappedResult(type3)?KeyOfFromMappedResult(type3,options):KeyOfFromType(type3,options)}var init_keyof=__esm(()=>{init_type2();init_literal2();init_number2();init_computed2();init_ref2();init_keyof_property_keys();init_union2();init_keyof_from_mapped_result();init_kind()});function FromProperties6(properties,options){let result={};for(let K2 of globalThis.Object.getOwnPropertyNames(properties))result[K2]=KeyOf(properties[K2],Clone(options));return result}function FromMappedResult5(mappedResult,options){return FromProperties6(mappedResult.properties,options)}function KeyOfFromMappedResult(mappedResult,options){let properties=FromMappedResult5(mappedResult,options);return MappedResult(properties)}var init_keyof_from_mapped_result=__esm(()=>{init_mapped2();init_keyof();init_value()});var init_keyof_property_entries=()=>{};var init_keyof2=__esm(()=>{init_keyof_from_mapped_result();init_keyof_property_entries();init_keyof_property_keys();init_keyof()});function CompositeKeys(T){let Acc=[];for(let L of T)Acc.push(...KeyOfPropertyKeys(L));return SetDistinct(Acc)}function FilterNever(T){return T.filter((L)=>!IsNever(L))}function CompositeProperty(T,K2){let Acc=[];for(let L of T)Acc.push(...IndexFromPropertyKeys(L,[K2]));return FilterNever(Acc)}function CompositeProperties(T,K2){let Acc={};for(let L of K2)Acc[L]=IntersectEvaluated(CompositeProperty(T,L));return Acc}function Composite(T,options){let K2=CompositeKeys(T),P=CompositeProperties(T,K2);return Object2(P,options)}var init_composite=__esm(()=>{init_intersect2();init_indexed2();init_keyof2();init_object2();init_sets();init_kind()});var init_composite2=__esm(()=>{init_composite()});function Date2(options){return CreateType({[Kind2]:"Date",type:"Date"},options)}var init_date=__esm(()=>{init_symbols2();init_type2()});var init_date2=__esm(()=>{init_date()});function Null2(options){return CreateType({[Kind2]:"Null",type:"null"},options)}var init_null=__esm(()=>{init_type2();init_symbols2()});var init_null2=__esm(()=>{init_null()});function Symbol2(options){return CreateType({[Kind2]:"Symbol",type:"symbol"},options)}var init_symbol=__esm(()=>{init_type2();init_symbols2()});var init_symbol2=__esm(()=>{init_symbol()});function Undefined(options){return CreateType({[Kind2]:"Undefined",type:"undefined"},options)}var init_undefined=__esm(()=>{init_type2();init_symbols2()});var init_undefined2=__esm(()=>{init_undefined()});function Uint8Array2(options){return CreateType({[Kind2]:"Uint8Array",type:"Uint8Array"},options)}var init_uint8array=__esm(()=>{init_type2();init_symbols2()});var init_uint8array2=__esm(()=>{init_uint8array()});function Unknown(options){return CreateType({[Kind2]:"Unknown"},options)}var init_unknown=__esm(()=>{init_type2();init_symbols2()});var init_unknown2=__esm(()=>{init_unknown()});function FromArray3(T){return T.map((L)=>FromValue(L,!1))}function FromProperties7(value2){let Acc={};for(let K2 of globalThis.Object.getOwnPropertyNames(value2))Acc[K2]=Readonly(FromValue(value2[K2],!1));return Acc}function ConditionalReadonly(T,root){return root===!0?T:Readonly(T)}function FromValue(value2,root){return IsAsyncIterator(value2)?ConditionalReadonly(Any2(),root):IsIterator(value2)?ConditionalReadonly(Any2(),root):IsArray(value2)?Readonly(Tuple(FromArray3(value2))):IsUint8Array(value2)?Uint8Array2():IsDate(value2)?Date2():IsObject(value2)?ConditionalReadonly(Object2(FromProperties7(value2)),root):IsFunction(value2)?ConditionalReadonly(Function2([],Unknown()),root):IsUndefined(value2)?Undefined():IsNull(value2)?Null2():IsSymbol(value2)?Symbol2():IsBigInt(value2)?BigInt2():IsNumber(value2)?Literal(value2):IsBoolean(value2)?Literal(value2):IsString(value2)?Literal(value2):Object2({})}function Const(T,options){return CreateType(FromValue(T,!0),options)}var init_const=__esm(()=>{init_any2();init_bigint2();init_date2();init_function2();init_literal2();init_null2();init_object2();init_symbol2();init_tuple2();init_readonly2();init_undefined2();init_uint8array2();init_unknown2();init_create()});var init_const2=__esm(()=>{init_const()});function ConstructorParameters(schema,options){return IsConstructor(schema)?Tuple(schema.parameters,options):Never(options)}var init_constructor_parameters=__esm(()=>{init_tuple2();init_never2();init_kind()});var init_constructor_parameters2=__esm(()=>{init_constructor_parameters()});function Enum(item,options){if(IsUndefined(item))throw Error("Enum undefined or empty");let values1=globalThis.Object.getOwnPropertyNames(item).filter((key2)=>isNaN(key2)).map((key2)=>item[key2]),anyOf=[...new Set(values1)].map((value2)=>Literal(value2));return Union(anyOf,{...options,[Hint]:"Enum"})}var init_enum=__esm(()=>{init_literal2();init_symbols2();init_union2()});var init_enum2=__esm(()=>{init_enum()});function IntoBooleanResult(result){return result===ExtendsResult.False?result:ExtendsResult.True}function Throw(message){throw new ExtendsResolverError(message)}function IsStructuralRight(right){return exports_type.IsNever(right)||exports_type.IsIntersect(right)||exports_type.IsUnion(right)||exports_type.IsUnknown(right)||exports_type.IsAny(right)}function StructuralRight(left,right){return exports_type.IsNever(right)?FromNeverRight(left,right):exports_type.IsIntersect(right)?FromIntersectRight(left,right):exports_type.IsUnion(right)?FromUnionRight(left,right):exports_type.IsUnknown(right)?FromUnknownRight(left,right):exports_type.IsAny(right)?FromAnyRight(left,right):Throw("StructuralRight")}function FromAnyRight(left,right){return ExtendsResult.True}function FromAny(left,right){return exports_type.IsIntersect(right)?FromIntersectRight(left,right):exports_type.IsUnion(right)&&right.anyOf.some((schema)=>exports_type.IsAny(schema)||exports_type.IsUnknown(schema))?ExtendsResult.True:exports_type.IsUnion(right)?ExtendsResult.Union:exports_type.IsUnknown(right)?ExtendsResult.True:exports_type.IsAny(right)?ExtendsResult.True:ExtendsResult.Union}function FromArrayRight(left,right){return exports_type.IsUnknown(left)?ExtendsResult.False:exports_type.IsAny(left)?ExtendsResult.Union:exports_type.IsNever(left)?ExtendsResult.True:ExtendsResult.False}function FromArray4(left,right){return exports_type.IsObject(right)&&IsObjectArrayLike(right)?ExtendsResult.True:IsStructuralRight(right)?StructuralRight(left,right):!exports_type.IsArray(right)?ExtendsResult.False:IntoBooleanResult(Visit3(left.items,right.items))}function FromAsyncIterator(left,right){return IsStructuralRight(right)?StructuralRight(left,right):!exports_type.IsAsyncIterator(right)?ExtendsResult.False:IntoBooleanResult(Visit3(left.items,right.items))}function FromBigInt(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):exports_type.IsBigInt(right)?ExtendsResult.True:ExtendsResult.False}function FromBooleanRight(left,right){return exports_type.IsLiteralBoolean(left)?ExtendsResult.True:exports_type.IsBoolean(left)?ExtendsResult.True:ExtendsResult.False}function FromBoolean(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):exports_type.IsBoolean(right)?ExtendsResult.True:ExtendsResult.False}function FromConstructor(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):!exports_type.IsConstructor(right)?ExtendsResult.False:left.parameters.length>right.parameters.length?ExtendsResult.False:!left.parameters.every((schema,index)=>IntoBooleanResult(Visit3(right.parameters[index],schema))===ExtendsResult.True)?ExtendsResult.False:IntoBooleanResult(Visit3(left.returns,right.returns))}function FromDate(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):exports_type.IsDate(right)?ExtendsResult.True:ExtendsResult.False}function FromFunction(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):!exports_type.IsFunction(right)?ExtendsResult.False:left.parameters.length>right.parameters.length?ExtendsResult.False:!left.parameters.every((schema,index)=>IntoBooleanResult(Visit3(right.parameters[index],schema))===ExtendsResult.True)?ExtendsResult.False:IntoBooleanResult(Visit3(left.returns,right.returns))}function FromIntegerRight(left,right){return exports_type.IsLiteral(left)&&exports_value.IsNumber(left.const)?ExtendsResult.True:exports_type.IsNumber(left)||exports_type.IsInteger(left)?ExtendsResult.True:ExtendsResult.False}function FromInteger(left,right){return exports_type.IsInteger(right)||exports_type.IsNumber(right)?ExtendsResult.True:IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):ExtendsResult.False}function FromIntersectRight(left,right){return right.allOf.every((schema)=>Visit3(left,schema)===ExtendsResult.True)?ExtendsResult.True:ExtendsResult.False}function FromIntersect4(left,right){return left.allOf.some((schema)=>Visit3(schema,right)===ExtendsResult.True)?ExtendsResult.True:ExtendsResult.False}function FromIterator(left,right){return IsStructuralRight(right)?StructuralRight(left,right):!exports_type.IsIterator(right)?ExtendsResult.False:IntoBooleanResult(Visit3(left.items,right.items))}function FromLiteral2(left,right){return exports_type.IsLiteral(right)&&right.const===left.const?ExtendsResult.True:IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):exports_type.IsString(right)?FromStringRight(left,right):exports_type.IsNumber(right)?FromNumberRight(left,right):exports_type.IsInteger(right)?FromIntegerRight(left,right):exports_type.IsBoolean(right)?FromBooleanRight(left,right):ExtendsResult.False}function FromNeverRight(left,right){return ExtendsResult.False}function FromNever(left,right){return ExtendsResult.True}function UnwrapTNot(schema){let[current,depth]=[schema,0];while(!0){if(!exports_type.IsNot(current))break;current=current.not,depth+=1}return depth%2===0?current:Unknown()}function FromNot(left,right){return exports_type.IsNot(left)?Visit3(UnwrapTNot(left),right):exports_type.IsNot(right)?Visit3(left,UnwrapTNot(right)):Throw("Invalid fallthrough for Not")}function FromNull(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):exports_type.IsNull(right)?ExtendsResult.True:ExtendsResult.False}function FromNumberRight(left,right){return exports_type.IsLiteralNumber(left)?ExtendsResult.True:exports_type.IsNumber(left)||exports_type.IsInteger(left)?ExtendsResult.True:ExtendsResult.False}function FromNumber(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):exports_type.IsInteger(right)||exports_type.IsNumber(right)?ExtendsResult.True:ExtendsResult.False}function IsObjectPropertyCount(schema,count3){return Object.getOwnPropertyNames(schema.properties).length===count3}function IsObjectStringLike(schema){return IsObjectArrayLike(schema)}function IsObjectSymbolLike(schema){return IsObjectPropertyCount(schema,0)||IsObjectPropertyCount(schema,1)&&"description"in schema.properties&&exports_type.IsUnion(schema.properties.description)&&schema.properties.description.anyOf.length===2&&(exports_type.IsString(schema.properties.description.anyOf[0])&&exports_type.IsUndefined(schema.properties.description.anyOf[1])||exports_type.IsString(schema.properties.description.anyOf[1])&&exports_type.IsUndefined(schema.properties.description.anyOf[0]))}function IsObjectNumberLike(schema){return IsObjectPropertyCount(schema,0)}function IsObjectBooleanLike(schema){return IsObjectPropertyCount(schema,0)}function IsObjectBigIntLike(schema){return IsObjectPropertyCount(schema,0)}function IsObjectDateLike(schema){return IsObjectPropertyCount(schema,0)}function IsObjectUint8ArrayLike(schema){return IsObjectArrayLike(schema)}function IsObjectFunctionLike(schema){let length=Number2();return IsObjectPropertyCount(schema,0)||IsObjectPropertyCount(schema,1)&&"length"in schema.properties&&IntoBooleanResult(Visit3(schema.properties.length,length))===ExtendsResult.True}function IsObjectConstructorLike(schema){return IsObjectPropertyCount(schema,0)}function IsObjectArrayLike(schema){let length=Number2();return IsObjectPropertyCount(schema,0)||IsObjectPropertyCount(schema,1)&&"length"in schema.properties&&IntoBooleanResult(Visit3(schema.properties.length,length))===ExtendsResult.True}function IsObjectPromiseLike(schema){let then=Function2([Any2()],Any2());return IsObjectPropertyCount(schema,0)||IsObjectPropertyCount(schema,1)&&"then"in schema.properties&&IntoBooleanResult(Visit3(schema.properties.then,then))===ExtendsResult.True}function Property(left,right){return Visit3(left,right)===ExtendsResult.False?ExtendsResult.False:exports_type.IsOptional(left)&&!exports_type.IsOptional(right)?ExtendsResult.False:ExtendsResult.True}function FromObjectRight(left,right){return exports_type.IsUnknown(left)?ExtendsResult.False:exports_type.IsAny(left)?ExtendsResult.Union:exports_type.IsNever(left)||exports_type.IsLiteralString(left)&&IsObjectStringLike(right)||exports_type.IsLiteralNumber(left)&&IsObjectNumberLike(right)||exports_type.IsLiteralBoolean(left)&&IsObjectBooleanLike(right)||exports_type.IsSymbol(left)&&IsObjectSymbolLike(right)||exports_type.IsBigInt(left)&&IsObjectBigIntLike(right)||exports_type.IsString(left)&&IsObjectStringLike(right)||exports_type.IsSymbol(left)&&IsObjectSymbolLike(right)||exports_type.IsNumber(left)&&IsObjectNumberLike(right)||exports_type.IsInteger(left)&&IsObjectNumberLike(right)||exports_type.IsBoolean(left)&&IsObjectBooleanLike(right)||exports_type.IsUint8Array(left)&&IsObjectUint8ArrayLike(right)||exports_type.IsDate(left)&&IsObjectDateLike(right)||exports_type.IsConstructor(left)&&IsObjectConstructorLike(right)||exports_type.IsFunction(left)&&IsObjectFunctionLike(right)?ExtendsResult.True:exports_type.IsRecord(left)&&exports_type.IsString(RecordKey(left))?(()=>{return right[Hint]==="Record"?ExtendsResult.True:ExtendsResult.False})():exports_type.IsRecord(left)&&exports_type.IsNumber(RecordKey(left))?(()=>{return IsObjectPropertyCount(right,0)?ExtendsResult.True:ExtendsResult.False})():ExtendsResult.False}function FromObject(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):!exports_type.IsObject(right)?ExtendsResult.False:(()=>{for(let key2 of Object.getOwnPropertyNames(right.properties)){if(!(key2 in left.properties)&&!exports_type.IsOptional(right.properties[key2]))return ExtendsResult.False;if(exports_type.IsOptional(right.properties[key2]))return ExtendsResult.True;if(Property(left.properties[key2],right.properties[key2])===ExtendsResult.False)return ExtendsResult.False}return ExtendsResult.True})()}function FromPromise2(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)&&IsObjectPromiseLike(right)?ExtendsResult.True:!exports_type.IsPromise(right)?ExtendsResult.False:IntoBooleanResult(Visit3(left.item,right.item))}function RecordKey(schema){return PatternNumberExact in schema.patternProperties?Number2():(PatternStringExact in schema.patternProperties)?String2():Throw("Unknown record key pattern")}function RecordValue(schema){return PatternNumberExact in schema.patternProperties?schema.patternProperties[PatternNumberExact]:(PatternStringExact in schema.patternProperties)?schema.patternProperties[PatternStringExact]:Throw("Unable to get record value schema")}function FromRecordRight(left,right){let[Key,Value]=[RecordKey(right),RecordValue(right)];return exports_type.IsLiteralString(left)&&exports_type.IsNumber(Key)&&IntoBooleanResult(Visit3(left,Value))===ExtendsResult.True?ExtendsResult.True:exports_type.IsUint8Array(left)&&exports_type.IsNumber(Key)?Visit3(left,Value):exports_type.IsString(left)&&exports_type.IsNumber(Key)?Visit3(left,Value):exports_type.IsArray(left)&&exports_type.IsNumber(Key)?Visit3(left,Value):exports_type.IsObject(left)?(()=>{for(let key2 of Object.getOwnPropertyNames(left.properties))if(Property(Value,left.properties[key2])===ExtendsResult.False)return ExtendsResult.False;return ExtendsResult.True})():ExtendsResult.False}function FromRecord(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):!exports_type.IsRecord(right)?ExtendsResult.False:Visit3(RecordValue(left),RecordValue(right))}function FromRegExp(left,right){let L=exports_type.IsRegExp(left)?String2():left,R=exports_type.IsRegExp(right)?String2():right;return Visit3(L,R)}function FromStringRight(left,right){return exports_type.IsLiteral(left)&&exports_value.IsString(left.const)?ExtendsResult.True:exports_type.IsString(left)?ExtendsResult.True:ExtendsResult.False}function FromString(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):exports_type.IsString(right)?ExtendsResult.True:ExtendsResult.False}function FromSymbol(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):exports_type.IsSymbol(right)?ExtendsResult.True:ExtendsResult.False}function FromTemplateLiteral2(left,right){return exports_type.IsTemplateLiteral(left)?Visit3(TemplateLiteralToUnion(left),right):exports_type.IsTemplateLiteral(right)?Visit3(left,TemplateLiteralToUnion(right)):Throw("Invalid fallthrough for TemplateLiteral")}function IsArrayOfTuple(left,right){return exports_type.IsArray(right)&&left.items!==void 0&&left.items.every((schema)=>Visit3(schema,right.items)===ExtendsResult.True)}function FromTupleRight(left,right){return exports_type.IsNever(left)?ExtendsResult.True:exports_type.IsUnknown(left)?ExtendsResult.False:exports_type.IsAny(left)?ExtendsResult.Union:ExtendsResult.False}function FromTuple3(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)&&IsObjectArrayLike(right)?ExtendsResult.True:exports_type.IsArray(right)&&IsArrayOfTuple(left,right)?ExtendsResult.True:!exports_type.IsTuple(right)?ExtendsResult.False:exports_value.IsUndefined(left.items)&&!exports_value.IsUndefined(right.items)||!exports_value.IsUndefined(left.items)&&exports_value.IsUndefined(right.items)?ExtendsResult.False:exports_value.IsUndefined(left.items)&&!exports_value.IsUndefined(right.items)?ExtendsResult.True:left.items.every((schema,index)=>Visit3(schema,right.items[index])===ExtendsResult.True)?ExtendsResult.True:ExtendsResult.False}function FromUint8Array(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):exports_type.IsUint8Array(right)?ExtendsResult.True:ExtendsResult.False}function FromUndefined(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):exports_type.IsVoid(right)?FromVoidRight(left,right):exports_type.IsUndefined(right)?ExtendsResult.True:ExtendsResult.False}function FromUnionRight(left,right){return right.anyOf.some((schema)=>Visit3(left,schema)===ExtendsResult.True)?ExtendsResult.True:ExtendsResult.False}function FromUnion6(left,right){return left.anyOf.every((schema)=>Visit3(schema,right)===ExtendsResult.True)?ExtendsResult.True:ExtendsResult.False}function FromUnknownRight(left,right){return ExtendsResult.True}function FromUnknown(left,right){return exports_type.IsNever(right)?FromNeverRight(left,right):exports_type.IsIntersect(right)?FromIntersectRight(left,right):exports_type.IsUnion(right)?FromUnionRight(left,right):exports_type.IsAny(right)?FromAnyRight(left,right):exports_type.IsString(right)?FromStringRight(left,right):exports_type.IsNumber(right)?FromNumberRight(left,right):exports_type.IsInteger(right)?FromIntegerRight(left,right):exports_type.IsBoolean(right)?FromBooleanRight(left,right):exports_type.IsArray(right)?FromArrayRight(left,right):exports_type.IsTuple(right)?FromTupleRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsUnknown(right)?ExtendsResult.True:ExtendsResult.False}function FromVoidRight(left,right){return exports_type.IsUndefined(left)?ExtendsResult.True:exports_type.IsUndefined(left)?ExtendsResult.True:ExtendsResult.False}function FromVoid(left,right){return exports_type.IsIntersect(right)?FromIntersectRight(left,right):exports_type.IsUnion(right)?FromUnionRight(left,right):exports_type.IsUnknown(right)?FromUnknownRight(left,right):exports_type.IsAny(right)?FromAnyRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsVoid(right)?ExtendsResult.True:ExtendsResult.False}function Visit3(left,right){return exports_type.IsTemplateLiteral(left)||exports_type.IsTemplateLiteral(right)?FromTemplateLiteral2(left,right):exports_type.IsRegExp(left)||exports_type.IsRegExp(right)?FromRegExp(left,right):exports_type.IsNot(left)||exports_type.IsNot(right)?FromNot(left,right):exports_type.IsAny(left)?FromAny(left,right):exports_type.IsArray(left)?FromArray4(left,right):exports_type.IsBigInt(left)?FromBigInt(left,right):exports_type.IsBoolean(left)?FromBoolean(left,right):exports_type.IsAsyncIterator(left)?FromAsyncIterator(left,right):exports_type.IsConstructor(left)?FromConstructor(left,right):exports_type.IsDate(left)?FromDate(left,right):exports_type.IsFunction(left)?FromFunction(left,right):exports_type.IsInteger(left)?FromInteger(left,right):exports_type.IsIntersect(left)?FromIntersect4(left,right):exports_type.IsIterator(left)?FromIterator(left,right):exports_type.IsLiteral(left)?FromLiteral2(left,right):exports_type.IsNever(left)?FromNever(left,right):exports_type.IsNull(left)?FromNull(left,right):exports_type.IsNumber(left)?FromNumber(left,right):exports_type.IsObject(left)?FromObject(left,right):exports_type.IsRecord(left)?FromRecord(left,right):exports_type.IsString(left)?FromString(left,right):exports_type.IsSymbol(left)?FromSymbol(left,right):exports_type.IsTuple(left)?FromTuple3(left,right):exports_type.IsPromise(left)?FromPromise2(left,right):exports_type.IsUint8Array(left)?FromUint8Array(left,right):exports_type.IsUndefined(left)?FromUndefined(left,right):exports_type.IsUnion(left)?FromUnion6(left,right):exports_type.IsUnknown(left)?FromUnknown(left,right):exports_type.IsVoid(left)?FromVoid(left,right):Throw(`Unknown left type operand '${left[Kind2]}'`)}function ExtendsCheck(left,right){return Visit3(left,right)}var ExtendsResolverError,ExtendsResult;var init_extends_check=__esm(()=>{init_any2();init_function2();init_number2();init_string2();init_unknown2();init_template_literal2();init_patterns();init_symbols2();init_error2();init_guard2();ExtendsResolverError=class ExtendsResolverError extends TypeBoxError{};(function(ExtendsResult2){ExtendsResult2[ExtendsResult2.Union=0]="Union",ExtendsResult2[ExtendsResult2.True=1]="True",ExtendsResult2[ExtendsResult2.False=2]="False"})(ExtendsResult||(ExtendsResult={}))});function FromProperties8(P,Right,True,False,options){let Acc={};for(let K2 of globalThis.Object.getOwnPropertyNames(P))Acc[K2]=Extends(P[K2],Right,True,False,Clone(options));return Acc}function FromMappedResult6(Left,Right,True,False,options){return FromProperties8(Left.properties,Right,True,False,options)}function ExtendsFromMappedResult(Left,Right,True,False,options){let P=FromMappedResult6(Left,Right,True,False,options);return MappedResult(P)}var init_extends_from_mapped_result=__esm(()=>{init_mapped2();init_extends();init_value()});function ExtendsResolve(left,right,trueType,falseType){let R=ExtendsCheck(left,right);return R===ExtendsResult.Union?Union([trueType,falseType]):R===ExtendsResult.True?trueType:falseType}function Extends(L,R,T,F,options){return IsMappedResult(L)?ExtendsFromMappedResult(L,R,T,F,options):IsMappedKey(L)?CreateType(ExtendsFromMappedKey(L,R,T,F,options)):CreateType(ExtendsResolve(L,R,T,F),options)}var init_extends=__esm(()=>{init_type2();init_union2();init_extends_check();init_extends_from_mapped_key();init_extends_from_mapped_result();init_kind()});function FromPropertyKey(K2,U,L,R,options){return{[K2]:Extends(Literal(K2),U,L,R,Clone(options))}}function FromPropertyKeys(K2,U,L,R,options){return K2.reduce((Acc,LK)=>{return{...Acc,...FromPropertyKey(LK,U,L,R,options)}},{})}function FromMappedKey2(K2,U,L,R,options){return FromPropertyKeys(K2.keys,U,L,R,options)}function ExtendsFromMappedKey(T,U,L,R,options){let P=FromMappedKey2(T,U,L,R,options);return MappedResult(P)}var init_extends_from_mapped_key=__esm(()=>{init_mapped2();init_literal2();init_extends();init_value()});var init_extends_undefined=()=>{};var init_extends2=__esm(()=>{init_extends_check();init_extends_from_mapped_key();init_extends_from_mapped_result();init_extends_undefined();init_extends()});function ExcludeFromTemplateLiteral(L,R){return Exclude(TemplateLiteralToUnion(L),R)}var init_exclude_from_template_literal=__esm(()=>{init_exclude();init_template_literal2()});function ExcludeRest(L,R){let excluded=L.filter((inner)=>ExtendsCheck(inner,R)===ExtendsResult.False);return excluded.length===1?excluded[0]:Union(excluded)}function Exclude(L,R,options={}){if(IsTemplateLiteral(L))return CreateType(ExcludeFromTemplateLiteral(L,R),options);if(IsMappedResult(L))return CreateType(ExcludeFromMappedResult(L,R),options);return CreateType(IsUnion(L)?ExcludeRest(L.anyOf,R):ExtendsCheck(L,R)!==ExtendsResult.False?Never():L,options)}var init_exclude=__esm(()=>{init_type2();init_union2();init_never2();init_extends2();init_exclude_from_mapped_result();init_exclude_from_template_literal();init_kind()});function FromProperties9(P,U){let Acc={};for(let K2 of globalThis.Object.getOwnPropertyNames(P))Acc[K2]=Exclude(P[K2],U);return Acc}function FromMappedResult7(R,T){return FromProperties9(R.properties,T)}function ExcludeFromMappedResult(R,T){let P=FromMappedResult7(R,T);return MappedResult(P)}var init_exclude_from_mapped_result=__esm(()=>{init_mapped2();init_exclude()});var init_exclude2=__esm(()=>{init_exclude_from_mapped_result();init_exclude_from_template_literal();init_exclude()});function ExtractFromTemplateLiteral(L,R){return Extract(TemplateLiteralToUnion(L),R)}var init_extract_from_template_literal=__esm(()=>{init_extract();init_template_literal2()});function ExtractRest(L,R){let extracted=L.filter((inner)=>ExtendsCheck(inner,R)!==ExtendsResult.False);return extracted.length===1?extracted[0]:Union(extracted)}function Extract(L,R,options){if(IsTemplateLiteral(L))return CreateType(ExtractFromTemplateLiteral(L,R),options);if(IsMappedResult(L))return CreateType(ExtractFromMappedResult(L,R),options);return CreateType(IsUnion(L)?ExtractRest(L.anyOf,R):ExtendsCheck(L,R)!==ExtendsResult.False?L:Never(),options)}var init_extract=__esm(()=>{init_type2();init_union2();init_never2();init_extends2();init_extract_from_mapped_result();init_extract_from_template_literal();init_kind()});function FromProperties10(P,T){let Acc={};for(let K2 of globalThis.Object.getOwnPropertyNames(P))Acc[K2]=Extract(P[K2],T);return Acc}function FromMappedResult8(R,T){return FromProperties10(R.properties,T)}function ExtractFromMappedResult(R,T){let P=FromMappedResult8(R,T);return MappedResult(P)}var init_extract_from_mapped_result=__esm(()=>{init_mapped2();init_extract()});var init_extract2=__esm(()=>{init_extract_from_mapped_result();init_extract_from_template_literal();init_extract()});function InstanceType(schema,options){return IsConstructor(schema)?CreateType(schema.returns,options):Never(options)}var init_instance_type=__esm(()=>{init_type2();init_never2();init_kind()});var init_instance_type2=__esm(()=>{init_instance_type()});function ReadonlyOptional(schema){return Readonly(Optional(schema))}var init_readonly_optional=__esm(()=>{init_readonly2();init_optional2()});var init_readonly_optional2=__esm(()=>{init_readonly_optional()});function RecordCreateFromPattern(pattern2,T,options){return CreateType({[Kind2]:"Record",type:"object",patternProperties:{[pattern2]:T}},options)}function RecordCreateFromKeys(K2,T,options){let result={};for(let K22 of K2)result[K22]=T;return Object2(result,{...options,[Hint]:"Record"})}function FromTemplateLiteralKey(K2,T,options){return IsTemplateLiteralFinite(K2)?RecordCreateFromKeys(IndexPropertyKeys(K2),T,options):RecordCreateFromPattern(K2.pattern,T,options)}function FromUnionKey(key2,type3,options){return RecordCreateFromKeys(IndexPropertyKeys(Union(key2)),type3,options)}function FromLiteralKey(key2,type3,options){return RecordCreateFromKeys([key2.toString()],type3,options)}function FromRegExpKey(key2,type3,options){return RecordCreateFromPattern(key2.source,type3,options)}function FromStringKey(key2,type3,options){let pattern2=IsUndefined(key2.pattern)?PatternStringExact:key2.pattern;return RecordCreateFromPattern(pattern2,type3,options)}function FromAnyKey(_,type3,options){return RecordCreateFromPattern(PatternStringExact,type3,options)}function FromNeverKey(_key,type3,options){return RecordCreateFromPattern(PatternNeverExact,type3,options)}function FromBooleanKey(_key,type3,options){return Object2({true:type3,false:type3},options)}function FromIntegerKey(_key,type3,options){return RecordCreateFromPattern(PatternNumberExact,type3,options)}function FromNumberKey(_,type3,options){return RecordCreateFromPattern(PatternNumberExact,type3,options)}function Record(key2,type3,options={}){return IsUnion(key2)?FromUnionKey(key2.anyOf,type3,options):IsTemplateLiteral(key2)?FromTemplateLiteralKey(key2,type3,options):IsLiteral(key2)?FromLiteralKey(key2.const,type3,options):IsBoolean2(key2)?FromBooleanKey(key2,type3,options):IsInteger(key2)?FromIntegerKey(key2,type3,options):IsNumber3(key2)?FromNumberKey(key2,type3,options):IsRegExp2(key2)?FromRegExpKey(key2,type3,options):IsString2(key2)?FromStringKey(key2,type3,options):IsAny(key2)?FromAnyKey(key2,type3,options):IsNever(key2)?FromNeverKey(key2,type3,options):Never(options)}function RecordPattern(record){return globalThis.Object.getOwnPropertyNames(record.patternProperties)[0]}function RecordKey2(type3){let pattern2=RecordPattern(type3);return pattern2===PatternStringExact?String2():pattern2===PatternNumberExact?Number2():String2({pattern:pattern2})}function RecordValue2(type3){return type3.patternProperties[RecordPattern(type3)]}var init_record=__esm(()=>{init_type2();init_symbols2();init_never2();init_number2();init_object2();init_string2();init_union2();init_template_literal2();init_patterns();init_indexed2();init_kind()});var init_record2=__esm(()=>{init_record()});function FromConstructor2(args,type3){return type3.parameters=FromTypes(args,type3.parameters),type3.returns=FromType(args,type3.returns),type3}function FromFunction2(args,type3){return type3.parameters=FromTypes(args,type3.parameters),type3.returns=FromType(args,type3.returns),type3}function FromIntersect5(args,type3){return type3.allOf=FromTypes(args,type3.allOf),type3}function FromUnion7(args,type3){return type3.anyOf=FromTypes(args,type3.anyOf),type3}function FromTuple4(args,type3){if(IsUndefined(type3.items))return type3;return type3.items=FromTypes(args,type3.items),type3}function FromArray5(args,type3){return type3.items=FromType(args,type3.items),type3}function FromAsyncIterator2(args,type3){return type3.items=FromType(args,type3.items),type3}function FromIterator2(args,type3){return type3.items=FromType(args,type3.items),type3}function FromPromise3(args,type3){return type3.item=FromType(args,type3.item),type3}function FromObject2(args,type3){let mappedProperties=FromProperties11(args,type3.properties);return{...type3,...Object2(mappedProperties)}}function FromRecord2(args,type3){let mappedKey=FromType(args,RecordKey2(type3)),mappedValue=FromType(args,RecordValue2(type3)),result=Record(mappedKey,mappedValue);return{...type3,...result}}function FromArgument(args,argument2){return argument2.index in args?args[argument2.index]:Unknown()}function FromProperty2(args,type3){let isReadonly=IsReadonly(type3),isOptional=IsOptional(type3),mapped2=FromType(args,type3);return isReadonly&&isOptional?ReadonlyOptional(mapped2):isReadonly&&!isOptional?Readonly(mapped2):!isReadonly&&isOptional?Optional(mapped2):mapped2}function FromProperties11(args,properties){return globalThis.Object.getOwnPropertyNames(properties).reduce((result,key2)=>{return{...result,[key2]:FromProperty2(args,properties[key2])}},{})}function FromTypes(args,types18){return types18.map((type3)=>FromType(args,type3))}function FromType(args,type3){return IsConstructor(type3)?FromConstructor2(args,type3):IsFunction2(type3)?FromFunction2(args,type3):IsIntersect(type3)?FromIntersect5(args,type3):IsUnion(type3)?FromUnion7(args,type3):IsTuple(type3)?FromTuple4(args,type3):IsArray3(type3)?FromArray5(args,type3):IsAsyncIterator2(type3)?FromAsyncIterator2(args,type3):IsIterator2(type3)?FromIterator2(args,type3):IsPromise(type3)?FromPromise3(args,type3):IsObject3(type3)?FromObject2(args,type3):IsRecord(type3)?FromRecord2(args,type3):IsArgument(type3)?FromArgument(args,type3):type3}function Instantiate(type3,args){return FromType(args,CloneType(type3))}var init_instantiate=__esm(()=>{init_type();init_unknown2();init_readonly_optional2();init_readonly2();init_optional2();init_object2();init_record2();init_kind()});var init_instantiate2=__esm(()=>{init_instantiate()});function Integer2(options){return CreateType({[Kind2]:"Integer",type:"integer"},options)}var init_integer=__esm(()=>{init_type2();init_symbols2()});var init_integer2=__esm(()=>{init_integer()});function MappedIntrinsicPropertyKey(K2,M,options){return{[K2]:Intrinsic(Literal(K2),M,Clone(options))}}function MappedIntrinsicPropertyKeys(K2,M,options){return K2.reduce((Acc,L)=>{return{...Acc,...MappedIntrinsicPropertyKey(L,M,options)}},{})}function MappedIntrinsicProperties(T,M,options){return MappedIntrinsicPropertyKeys(T.keys,M,options)}function IntrinsicFromMappedKey(T,M,options){let P=MappedIntrinsicProperties(T,M,options);return MappedResult(P)}var init_intrinsic_from_mapped_key=__esm(()=>{init_mapped2();init_intrinsic();init_literal2();init_value()});function ApplyUncapitalize(value2){let[first,rest]=[value2.slice(0,1),value2.slice(1)];return[first.toLowerCase(),rest].join("")}function ApplyCapitalize(value2){let[first,rest]=[value2.slice(0,1),value2.slice(1)];return[first.toUpperCase(),rest].join("")}function ApplyUppercase(value2){return value2.toUpperCase()}function ApplyLowercase(value2){return value2.toLowerCase()}function FromTemplateLiteral3(schema,mode,options){let expression=TemplateLiteralParseExact(schema.pattern);if(!IsTemplateLiteralExpressionFinite(expression))return{...schema,pattern:FromLiteralValue(schema.pattern,mode)};let literals=[...TemplateLiteralExpressionGenerate(expression)].map((value2)=>Literal(value2)),mapped2=FromRest5(literals,mode),union3=Union(mapped2);return TemplateLiteral([union3],options)}function FromLiteralValue(value2,mode){return typeof value2==="string"?mode==="Uncapitalize"?ApplyUncapitalize(value2):mode==="Capitalize"?ApplyCapitalize(value2):mode==="Uppercase"?ApplyUppercase(value2):mode==="Lowercase"?ApplyLowercase(value2):value2:value2.toString()}function FromRest5(T,M){return T.map((L)=>Intrinsic(L,M))}function Intrinsic(schema,mode,options={}){return IsMappedKey(schema)?IntrinsicFromMappedKey(schema,mode,options):IsTemplateLiteral(schema)?FromTemplateLiteral3(schema,mode,options):IsUnion(schema)?Union(FromRest5(schema.anyOf,mode),options):IsLiteral(schema)?Literal(FromLiteralValue(schema.const,mode),options):CreateType(schema,options)}var init_intrinsic=__esm(()=>{init_type2();init_template_literal2();init_intrinsic_from_mapped_key();init_literal2();init_union2();init_kind()});function Capitalize(T,options={}){return Intrinsic(T,"Capitalize",options)}var init_capitalize=__esm(()=>{init_intrinsic()});function Lowercase(T,options={}){return Intrinsic(T,"Lowercase",options)}var init_lowercase=__esm(()=>{init_intrinsic()});function Uncapitalize(T,options={}){return Intrinsic(T,"Uncapitalize",options)}var init_uncapitalize=__esm(()=>{init_intrinsic()});function Uppercase(T,options={}){return Intrinsic(T,"Uppercase",options)}var init_uppercase=__esm(()=>{init_intrinsic()});var init_intrinsic2=__esm(()=>{init_capitalize();init_intrinsic_from_mapped_key();init_intrinsic();init_lowercase();init_uncapitalize();init_uppercase()});function FromProperties12(properties,propertyKeys,options){let result={};for(let K2 of globalThis.Object.getOwnPropertyNames(properties))result[K2]=Omit(properties[K2],propertyKeys,Clone(options));return result}function FromMappedResult9(mappedResult,propertyKeys,options){return FromProperties12(mappedResult.properties,propertyKeys,options)}function OmitFromMappedResult(mappedResult,propertyKeys,options){let properties=FromMappedResult9(mappedResult,propertyKeys,options);return MappedResult(properties)}var init_omit_from_mapped_result=__esm(()=>{init_mapped2();init_omit();init_value()});function FromIntersect6(types18,propertyKeys){return types18.map((type3)=>OmitResolve(type3,propertyKeys))}function FromUnion8(types18,propertyKeys){return types18.map((type3)=>OmitResolve(type3,propertyKeys))}function FromProperty3(properties,key2){let{[key2]:_,...R}=properties;return R}function FromProperties13(properties,propertyKeys){return propertyKeys.reduce((T,K2)=>FromProperty3(T,K2),properties)}function FromObject3(type3,propertyKeys,properties){let options=Discard(type3,[TransformKind,"$id","required","properties"]),mappedProperties=FromProperties13(properties,propertyKeys);return Object2(mappedProperties,options)}function UnionFromPropertyKeys(propertyKeys){let result=propertyKeys.reduce((result2,key2)=>IsLiteralValue(key2)?[...result2,Literal(key2)]:result2,[]);return Union(result)}function OmitResolve(type3,propertyKeys){return IsIntersect(type3)?Intersect(FromIntersect6(type3.allOf,propertyKeys)):IsUnion(type3)?Union(FromUnion8(type3.anyOf,propertyKeys)):IsObject3(type3)?FromObject3(type3,propertyKeys,type3.properties):Object2({})}function Omit(type3,key2,options){let typeKey=IsArray(key2)?UnionFromPropertyKeys(key2):key2,propertyKeys=IsSchema(key2)?IndexPropertyKeys(key2):key2,isTypeRef=IsRef(type3),isKeyRef=IsRef(key2);return IsMappedResult(type3)?OmitFromMappedResult(type3,propertyKeys,options):IsMappedKey(key2)?OmitFromMappedKey(type3,key2,options):isTypeRef&&isKeyRef?Computed("Omit",[type3,typeKey],options):!isTypeRef&&isKeyRef?Computed("Omit",[type3,typeKey],options):isTypeRef&&!isKeyRef?Computed("Omit",[type3,typeKey],options):CreateType({...OmitResolve(type3,propertyKeys),...options})}var init_omit=__esm(()=>{init_type2();init_symbols();init_computed2();init_literal2();init_indexed2();init_intersect2();init_union2();init_object2();init_omit_from_mapped_key();init_omit_from_mapped_result();init_kind()});function FromPropertyKey2(type3,key2,options){return{[key2]:Omit(type3,[key2],Clone(options))}}function FromPropertyKeys2(type3,propertyKeys,options){return propertyKeys.reduce((Acc,LK)=>{return{...Acc,...FromPropertyKey2(type3,LK,options)}},{})}function FromMappedKey3(type3,mappedKey,options){return FromPropertyKeys2(type3,mappedKey.keys,options)}function OmitFromMappedKey(type3,mappedKey,options){let properties=FromMappedKey3(type3,mappedKey,options);return MappedResult(properties)}var init_omit_from_mapped_key=__esm(()=>{init_mapped2();init_omit();init_value()});var init_omit2=__esm(()=>{init_omit_from_mapped_key();init_omit_from_mapped_result();init_omit()});function FromProperties14(properties,propertyKeys,options){let result={};for(let K2 of globalThis.Object.getOwnPropertyNames(properties))result[K2]=Pick(properties[K2],propertyKeys,Clone(options));return result}function FromMappedResult10(mappedResult,propertyKeys,options){return FromProperties14(mappedResult.properties,propertyKeys,options)}function PickFromMappedResult(mappedResult,propertyKeys,options){let properties=FromMappedResult10(mappedResult,propertyKeys,options);return MappedResult(properties)}var init_pick_from_mapped_result=__esm(()=>{init_mapped2();init_pick();init_value()});function FromIntersect7(types18,propertyKeys){return types18.map((type3)=>PickResolve(type3,propertyKeys))}function FromUnion9(types18,propertyKeys){return types18.map((type3)=>PickResolve(type3,propertyKeys))}function FromProperties15(properties,propertyKeys){let result={};for(let K2 of propertyKeys)if(K2 in properties)result[K2]=properties[K2];return result}function FromObject4(Type,keys,properties){let options=Discard(Type,[TransformKind,"$id","required","properties"]),mappedProperties=FromProperties15(properties,keys);return Object2(mappedProperties,options)}function UnionFromPropertyKeys2(propertyKeys){let result=propertyKeys.reduce((result2,key2)=>IsLiteralValue(key2)?[...result2,Literal(key2)]:result2,[]);return Union(result)}function PickResolve(type3,propertyKeys){return IsIntersect(type3)?Intersect(FromIntersect7(type3.allOf,propertyKeys)):IsUnion(type3)?Union(FromUnion9(type3.anyOf,propertyKeys)):IsObject3(type3)?FromObject4(type3,propertyKeys,type3.properties):Object2({})}function Pick(type3,key2,options){let typeKey=IsArray(key2)?UnionFromPropertyKeys2(key2):key2,propertyKeys=IsSchema(key2)?IndexPropertyKeys(key2):key2,isTypeRef=IsRef(type3),isKeyRef=IsRef(key2);return IsMappedResult(type3)?PickFromMappedResult(type3,propertyKeys,options):IsMappedKey(key2)?PickFromMappedKey(type3,key2,options):isTypeRef&&isKeyRef?Computed("Pick",[type3,typeKey],options):!isTypeRef&&isKeyRef?Computed("Pick",[type3,typeKey],options):isTypeRef&&!isKeyRef?Computed("Pick",[type3,typeKey],options):CreateType({...PickResolve(type3,propertyKeys),...options})}var init_pick=__esm(()=>{init_type2();init_computed2();init_intersect2();init_literal2();init_object2();init_union2();init_indexed2();init_symbols();init_kind();init_pick_from_mapped_key();init_pick_from_mapped_result()});function FromPropertyKey3(type3,key2,options){return{[key2]:Pick(type3,[key2],Clone(options))}}function FromPropertyKeys3(type3,propertyKeys,options){return propertyKeys.reduce((result,leftKey)=>{return{...result,...FromPropertyKey3(type3,leftKey,options)}},{})}function FromMappedKey4(type3,mappedKey,options){return FromPropertyKeys3(type3,mappedKey.keys,options)}function PickFromMappedKey(type3,mappedKey,options){let properties=FromMappedKey4(type3,mappedKey,options);return MappedResult(properties)}var init_pick_from_mapped_key=__esm(()=>{init_mapped2();init_pick();init_value()});var init_pick2=__esm(()=>{init_pick_from_mapped_key();init_pick_from_mapped_result();init_pick()});function FromComputed3(target2,parameters2){return Computed("Partial",[Computed(target2,parameters2)])}function FromRef3($ref){return Computed("Partial",[Ref($ref)])}function FromProperties16(properties){let partialProperties={};for(let K2 of globalThis.Object.getOwnPropertyNames(properties))partialProperties[K2]=Optional(properties[K2]);return partialProperties}function FromObject5(type3,properties){let options=Discard(type3,[TransformKind,"$id","required","properties"]),mappedProperties=FromProperties16(properties);return Object2(mappedProperties,options)}function FromRest6(types18){return types18.map((type3)=>PartialResolve(type3))}function PartialResolve(type3){return IsComputed(type3)?FromComputed3(type3.target,type3.parameters):IsRef(type3)?FromRef3(type3.$ref):IsIntersect(type3)?Intersect(FromRest6(type3.allOf)):IsUnion(type3)?Union(FromRest6(type3.anyOf)):IsObject3(type3)?FromObject5(type3,type3.properties):IsBigInt2(type3)?type3:IsBoolean2(type3)?type3:IsInteger(type3)?type3:IsLiteral(type3)?type3:IsNull2(type3)?type3:IsNumber3(type3)?type3:IsString2(type3)?type3:IsSymbol2(type3)?type3:IsUndefined3(type3)?type3:Object2({})}function Partial(type3,options){if(IsMappedResult(type3))return PartialFromMappedResult(type3,options);else return CreateType({...PartialResolve(type3),...options})}var init_partial=__esm(()=>{init_type2();init_computed2();init_optional2();init_object2();init_intersect2();init_union2();init_ref2();init_discard();init_symbols2();init_partial_from_mapped_result();init_kind()});function FromProperties17(K2,options){let Acc={};for(let K22 of globalThis.Object.getOwnPropertyNames(K2))Acc[K22]=Partial(K2[K22],Clone(options));return Acc}function FromMappedResult11(R,options){return FromProperties17(R.properties,options)}function PartialFromMappedResult(R,options){let P=FromMappedResult11(R,options);return MappedResult(P)}var init_partial_from_mapped_result=__esm(()=>{init_mapped2();init_partial();init_value()});var init_partial2=__esm(()=>{init_partial_from_mapped_result();init_partial()});function FromComputed4(target2,parameters2){return Computed("Required",[Computed(target2,parameters2)])}function FromRef4($ref){return Computed("Required",[Ref($ref)])}function FromProperties18(properties){let requiredProperties={};for(let K2 of globalThis.Object.getOwnPropertyNames(properties))requiredProperties[K2]=Discard(properties[K2],[OptionalKind]);return requiredProperties}function FromObject6(type3,properties){let options=Discard(type3,[TransformKind,"$id","required","properties"]),mappedProperties=FromProperties18(properties);return Object2(mappedProperties,options)}function FromRest7(types18){return types18.map((type3)=>RequiredResolve(type3))}function RequiredResolve(type3){return IsComputed(type3)?FromComputed4(type3.target,type3.parameters):IsRef(type3)?FromRef4(type3.$ref):IsIntersect(type3)?Intersect(FromRest7(type3.allOf)):IsUnion(type3)?Union(FromRest7(type3.anyOf)):IsObject3(type3)?FromObject6(type3,type3.properties):IsBigInt2(type3)?type3:IsBoolean2(type3)?type3:IsInteger(type3)?type3:IsLiteral(type3)?type3:IsNull2(type3)?type3:IsNumber3(type3)?type3:IsString2(type3)?type3:IsSymbol2(type3)?type3:IsUndefined3(type3)?type3:Object2({})}function Required(type3,options){if(IsMappedResult(type3))return RequiredFromMappedResult(type3,options);else return CreateType({...RequiredResolve(type3),...options})}var init_required=__esm(()=>{init_type2();init_computed2();init_object2();init_intersect2();init_union2();init_ref2();init_symbols2();init_discard();init_required_from_mapped_result();init_kind()});function FromProperties19(P,options){let Acc={};for(let K2 of globalThis.Object.getOwnPropertyNames(P))Acc[K2]=Required(P[K2],options);return Acc}function FromMappedResult12(R,options){return FromProperties19(R.properties,options)}function RequiredFromMappedResult(R,options){let P=FromMappedResult12(R,options);return MappedResult(P)}var init_required_from_mapped_result=__esm(()=>{init_mapped2();init_required()});var init_required2=__esm(()=>{init_required_from_mapped_result();init_required()});function DereferenceParameters(moduleProperties,types18){return types18.map((type3)=>{return IsRef(type3)?Dereference(moduleProperties,type3.$ref):FromType2(moduleProperties,type3)})}function Dereference(moduleProperties,ref2){return ref2 in moduleProperties?IsRef(moduleProperties[ref2])?Dereference(moduleProperties,moduleProperties[ref2].$ref):FromType2(moduleProperties,moduleProperties[ref2]):Never()}function FromAwaited(parameters2){return Awaited(parameters2[0])}function FromIndex(parameters2){return Index(parameters2[0],parameters2[1])}function FromKeyOf(parameters2){return KeyOf(parameters2[0])}function FromPartial(parameters2){return Partial(parameters2[0])}function FromOmit(parameters2){return Omit(parameters2[0],parameters2[1])}function FromPick(parameters2){return Pick(parameters2[0],parameters2[1])}function FromRequired(parameters2){return Required(parameters2[0])}function FromComputed5(moduleProperties,target2,parameters2){let dereferenced=DereferenceParameters(moduleProperties,parameters2);return target2==="Awaited"?FromAwaited(dereferenced):target2==="Index"?FromIndex(dereferenced):target2==="KeyOf"?FromKeyOf(dereferenced):target2==="Partial"?FromPartial(dereferenced):target2==="Omit"?FromOmit(dereferenced):target2==="Pick"?FromPick(dereferenced):target2==="Required"?FromRequired(dereferenced):Never()}function FromArray6(moduleProperties,type3){return Array2(FromType2(moduleProperties,type3))}function FromAsyncIterator3(moduleProperties,type3){return AsyncIterator2(FromType2(moduleProperties,type3))}function FromConstructor3(moduleProperties,parameters2,instanceType){return Constructor(FromTypes2(moduleProperties,parameters2),FromType2(moduleProperties,instanceType))}function FromFunction3(moduleProperties,parameters2,returnType){return Function2(FromTypes2(moduleProperties,parameters2),FromType2(moduleProperties,returnType))}function FromIntersect8(moduleProperties,types18){return Intersect(FromTypes2(moduleProperties,types18))}function FromIterator3(moduleProperties,type3){return Iterator2(FromType2(moduleProperties,type3))}function FromObject7(moduleProperties,properties){return Object2(globalThis.Object.keys(properties).reduce((result,key2)=>{return{...result,[key2]:FromType2(moduleProperties,properties[key2])}},{}))}function FromRecord3(moduleProperties,type3){let[value2,pattern2]=[FromType2(moduleProperties,RecordValue2(type3)),RecordPattern(type3)],result=CloneType(type3);return result.patternProperties[pattern2]=value2,result}function FromTransform(moduleProperties,transform){return IsRef(transform)?{...Dereference(moduleProperties,transform.$ref),[TransformKind]:transform[TransformKind]}:transform}function FromTuple5(moduleProperties,types18){return Tuple(FromTypes2(moduleProperties,types18))}function FromUnion10(moduleProperties,types18){return Union(FromTypes2(moduleProperties,types18))}function FromTypes2(moduleProperties,types18){return types18.map((type3)=>FromType2(moduleProperties,type3))}function FromType2(moduleProperties,type3){return IsOptional(type3)?CreateType(FromType2(moduleProperties,Discard(type3,[OptionalKind])),type3):IsReadonly(type3)?CreateType(FromType2(moduleProperties,Discard(type3,[ReadonlyKind])),type3):IsTransform(type3)?CreateType(FromTransform(moduleProperties,type3),type3):IsArray3(type3)?CreateType(FromArray6(moduleProperties,type3.items),type3):IsAsyncIterator2(type3)?CreateType(FromAsyncIterator3(moduleProperties,type3.items),type3):IsComputed(type3)?CreateType(FromComputed5(moduleProperties,type3.target,type3.parameters)):IsConstructor(type3)?CreateType(FromConstructor3(moduleProperties,type3.parameters,type3.returns),type3):IsFunction2(type3)?CreateType(FromFunction3(moduleProperties,type3.parameters,type3.returns),type3):IsIntersect(type3)?CreateType(FromIntersect8(moduleProperties,type3.allOf),type3):IsIterator2(type3)?CreateType(FromIterator3(moduleProperties,type3.items),type3):IsObject3(type3)?CreateType(FromObject7(moduleProperties,type3.properties),type3):IsRecord(type3)?CreateType(FromRecord3(moduleProperties,type3)):IsTuple(type3)?CreateType(FromTuple5(moduleProperties,type3.items||[]),type3):IsUnion(type3)?CreateType(FromUnion10(moduleProperties,type3.anyOf),type3):type3}function ComputeType(moduleProperties,key2){return key2 in moduleProperties?FromType2(moduleProperties,moduleProperties[key2]):Never()}function ComputeModuleProperties(moduleProperties){return globalThis.Object.getOwnPropertyNames(moduleProperties).reduce((result,key2)=>{return{...result,[key2]:ComputeType(moduleProperties,key2)}},{})}var init_compute=__esm(()=>{init_create();init_clone();init_discard();init_array2();init_awaited2();init_async_iterator2();init_constructor2();init_indexed2();init_function2();init_intersect2();init_iterator2();init_keyof2();init_object2();init_omit2();init_pick2();init_never2();init_partial2();init_record2();init_required2();init_tuple2();init_union2();init_symbols2();init_kind()});class TModule{constructor($defs){let computed2=ComputeModuleProperties($defs),identified=this.WithIdentifiers(computed2);this.$defs=identified}Import(key2,options){let $defs={...this.$defs,[key2]:CreateType(this.$defs[key2],options)};return CreateType({[Kind2]:"Import",$defs,$ref:key2})}WithIdentifiers($defs){return globalThis.Object.getOwnPropertyNames($defs).reduce((result,key2)=>{return{...result,[key2]:{...$defs[key2],$id:key2}}},{})}}function Module(properties){return new TModule(properties)}var init_module=__esm(()=>{init_create();init_symbols2();init_compute()});var init_module2=__esm(()=>{init_module()});function Not(type3,options){return CreateType({[Kind2]:"Not",not:type3},options)}var init_not=__esm(()=>{init_type2();init_symbols2()});var init_not2=__esm(()=>{init_not()});function Parameters(schema,options){return IsFunction2(schema)?Tuple(schema.parameters,options):Never()}var init_parameters2=__esm(()=>{init_tuple2();init_never2();init_kind()});var init_parameters3=__esm(()=>{init_parameters2()});function Recursive(callback,options={}){if(IsUndefined(options.$id))options.$id=`T${Ordinal++}`;let thisType=CloneType(callback({[Kind2]:"This",$ref:`${options.$id}`}));return thisType.$id=options.$id,CreateType({[Hint]:"Recursive",...thisType},options)}var Ordinal=0;var init_recursive=__esm(()=>{init_type();init_type2();init_symbols2()});var init_recursive2=__esm(()=>{init_recursive()});function RegExp2(unresolved,options){let expr=IsString(unresolved)?new globalThis.RegExp(unresolved):unresolved;return CreateType({[Kind2]:"RegExp",type:"RegExp",source:expr.source,flags:expr.flags},options)}var init_regexp=__esm(()=>{init_type2();init_symbols2()});var init_regexp2=__esm(()=>{init_regexp()});function RestResolve(T){return IsIntersect(T)?T.allOf:IsUnion(T)?T.anyOf:IsTuple(T)?T.items??[]:[]}function Rest(T){return RestResolve(T)}var init_rest=__esm(()=>{init_kind()});var init_rest2=__esm(()=>{init_rest()});function ReturnType(schema,options){return IsFunction2(schema)?CreateType(schema.returns,options):Never(options)}var init_return_type=__esm(()=>{init_type2();init_never2();init_kind()});var init_return_type2=__esm(()=>{init_return_type()});var init_anyschema=()=>{};var init_schema3=()=>{};var init_schema4=__esm(()=>{init_anyschema();init_schema3()});var init_static=()=>{};var init_static2=__esm(()=>{init_static()});class TransformDecodeBuilder{constructor(schema2){this.schema=schema2}Decode(decode3){return new TransformEncodeBuilder(this.schema,decode3)}}class TransformEncodeBuilder{constructor(schema2,decode3){this.schema=schema2,this.decode=decode3}EncodeTransform(encode4,schema2){let Codec={Encode:(value2)=>schema2[TransformKind].Encode(encode4(value2)),Decode:(value2)=>this.decode(schema2[TransformKind].Decode(value2))};return{...schema2,[TransformKind]:Codec}}EncodeSchema(encode4,schema2){let Codec={Decode:this.decode,Encode:encode4};return{...schema2,[TransformKind]:Codec}}Encode(encode4){return IsTransform(this.schema)?this.EncodeTransform(encode4,this.schema):this.EncodeSchema(encode4,this.schema)}}function Transform(schema2){return new TransformDecodeBuilder(schema2)}var init_transform=__esm(()=>{init_symbols2();init_kind()});var init_transform2=__esm(()=>{init_transform()});function Unsafe(options={}){return CreateType({[Kind2]:options[Kind2]??"Unsafe"},options)}var init_unsafe=__esm(()=>{init_type2();init_symbols2()});var init_unsafe2=__esm(()=>{init_unsafe()});function Void(options){return CreateType({[Kind2]:"Void",type:"void"},options)}var init_void=__esm(()=>{init_type2();init_symbols2()});var init_void2=__esm(()=>{init_void()});var exports_type3={};__export(exports_type3,{Void:()=>Void,Uppercase:()=>Uppercase,Unsafe:()=>Unsafe,Unknown:()=>Unknown,Union:()=>Union,Undefined:()=>Undefined,Uncapitalize:()=>Uncapitalize,Uint8Array:()=>Uint8Array2,Tuple:()=>Tuple,Transform:()=>Transform,TemplateLiteral:()=>TemplateLiteral,Symbol:()=>Symbol2,String:()=>String2,ReturnType:()=>ReturnType,Rest:()=>Rest,Required:()=>Required,RegExp:()=>RegExp2,Ref:()=>Ref,Recursive:()=>Recursive,Record:()=>Record,ReadonlyOptional:()=>ReadonlyOptional,Readonly:()=>Readonly,Promise:()=>Promise2,Pick:()=>Pick,Partial:()=>Partial,Parameters:()=>Parameters,Optional:()=>Optional,Omit:()=>Omit,Object:()=>Object2,Number:()=>Number2,Null:()=>Null2,Not:()=>Not,Never:()=>Never,Module:()=>Module,Mapped:()=>Mapped,Lowercase:()=>Lowercase,Literal:()=>Literal,KeyOf:()=>KeyOf,Iterator:()=>Iterator2,Intersect:()=>Intersect,Integer:()=>Integer2,Instantiate:()=>Instantiate,InstanceType:()=>InstanceType,Index:()=>Index,Function:()=>Function2,Extract:()=>Extract,Extends:()=>Extends,Exclude:()=>Exclude,Enum:()=>Enum,Date:()=>Date2,ConstructorParameters:()=>ConstructorParameters,Constructor:()=>Constructor,Const:()=>Const,Composite:()=>Composite,Capitalize:()=>Capitalize,Boolean:()=>Boolean3,BigInt:()=>BigInt2,Awaited:()=>Awaited,AsyncIterator:()=>AsyncIterator2,Array:()=>Array2,Argument:()=>Argument,Any:()=>Any2});var init_type5=__esm(()=>{init_any2();init_argument2();init_array2();init_async_iterator2();init_awaited2();init_bigint2();init_boolean2();init_composite2();init_const2();init_constructor2();init_constructor_parameters2();init_date2();init_enum2();init_exclude2();init_extends2();init_extract2();init_function2();init_indexed2();init_instance_type2();init_instantiate2();init_integer2();init_intersect2();init_intrinsic2();init_iterator2();init_keyof2();init_literal2();init_mapped2();init_module2();init_never2();init_not2();init_null2();init_number2();init_object2();init_omit2();init_optional2();init_parameters3();init_partial2();init_pick2();init_promise2();init_readonly2();init_readonly_optional2();init_record2();init_recursive2();init_ref2();init_regexp2();init_required2();init_rest2();init_return_type2();init_string2();init_symbol2();init_template_literal2();init_transform2();init_tuple2();init_uint8array2();init_undefined2();init_union2();init_unknown2();init_unsafe2();init_void2()});var Type;var init_type6=__esm(()=>{init_type5();Type=exports_type3});var init_esm3=__esm(()=>{init_clone();init_create();init_error2();init_guard2();init_helpers4();init_patterns();init_registry3();init_sets();init_symbols2();init_any2();init_array2();init_argument2();init_async_iterator2();init_awaited2();init_bigint2();init_boolean2();init_composite2();init_const2();init_constructor2();init_constructor_parameters2();init_date2();init_enum2();init_exclude2();init_extends2();init_extract2();init_function2();init_indexed2();init_instance_type2();init_instantiate2();init_integer2();init_intersect2();init_iterator2();init_intrinsic2();init_keyof2();init_literal2();init_module2();init_mapped2();init_never2();init_not2();init_null2();init_number2();init_object2();init_omit2();init_optional2();init_parameters3();init_partial2();init_pick2();init_promise2();init_readonly2();init_readonly_optional2();init_record2();init_recursive2();init_ref2();init_regexp2();init_required2();init_rest2();init_return_type2();init_schema4();init_static2();init_string2();init_symbol2();init_template_literal2();init_transform2();init_tuple2();init_uint8array2();init_undefined2();init_union2();init_unknown2();init_unsafe2();init_void2();init_type6()});var MagicLinkRequestSchema,MagicLinkVerifySchema,MagicLinkResponseSchema,MagicLinkVerifyResponseSchema;var init_types14=__esm(()=>{init_esm3();MagicLinkRequestSchema=Type.Object({email:Type.String({format:"email"})}),MagicLinkVerifySchema=Type.Object({token:Type.String()}),MagicLinkResponseSchema=Type.Object({success:Type.Boolean(),message:Type.Optional(Type.String())}),MagicLinkVerifyResponseSchema=Type.Object({success:Type.Boolean(),message:Type.Optional(Type.String()),data:Type.Optional(Type.Object({user:Type.Object({id:Type.String(),email:Type.String()}),accessToken:Type.String(),refreshToken:Type.String()}))})});import{eq as eq41}from"drizzle-orm";import{Elysia as Elysia30}from"elysia";function createMagicLinkRoute(config,magicLinkConfig,emailService,signAccessToken,signRefreshToken,createSession,storeMagicToken,getMagicToken,deleteMagicToken,appName,cookieConfig,saveSessionToDb){let{db,logger:logger2}=config,requestRoute=magicLinkConfig.route||"/auth/magic-link",verifyRoute=magicLinkConfig.verifyRoute||"/auth/magic-link/verify",expiresIn=magicLinkConfig.expiresIn||"15m",redirectUrl=magicLinkConfig.redirectUrl||"",magicLinkRoutes=new Elysia30;if(!magicLinkConfig.enabled)return magicLinkRoutes;return magicLinkRoutes.post(requestRoute,async(ctx)=>{let{usersTable}=resolveAuthTablesForRequest(ctx.request,config);if(!db||!usersTable)return{success:!1,message:"Database not configured"};if(!emailService?.isAvailable())return logger2.error("[AUTH] Magic link requested but email service not available"),{success:!1,message:"Email service not available"};let{email:rawEmail}=ctx.body,email=rawEmail.toLowerCase(),user=(await db.select().from(usersTable).where(eq41(usersTable.email,email)).limit(1))[0];if(!user)return logger2.info("[AUTH] Magic link requested for non-existent email",{email}),{success:!0,message:"If an account exists, a magic link has been sent"};if(user.isLocked)return logger2.warn("[AUTH] Magic link requested for locked account",{email}),{success:!0,message:"If an account exists, a magic link has been sent"};let token=generateMagicToken(),tokenHash=hashToken(token,TOKEN_PURPOSE.magicLink),expiresAt=new Date(Date.now()+parseTimeToMs3(expiresIn)),reqSchemaName=ctx.request.headers.get("x-tenant-schema")||void 0;await storeMagicToken({userId:user.id,email,tokenHash,expiresAt},reqSchemaName);let magicLink=redirectUrl?buildEmailActionLink({request:ctx.request,configuredUrl:redirectUrl,path:extractConfiguredPath(redirectUrl,"/verify-magic-link"),query:{token},allowedOrigins:config.authentication?.trustedAppOrigins}):`${verifyRoute}?token=${token}`,result=await emailService.sendMagicLinkEmail(email,magicLink,appName);if(!result.success)return logger2.error("[AUTH] Failed to send magic link email",{email,error:result.error}),{success:!1,message:"Failed to send email"};return logger2.info("[AUTH] Magic link sent",{email,userId:user.id}),{success:!0,message:"If an account exists, a magic link has been sent"}},{body:MagicLinkRequestSchema,detail:{tags:["Authentication"],summary:"Request Magic Link",description:"Send a magic link to the user's email for passwordless login"}}),magicLinkRoutes.get(verifyRoute,async(ctx)=>{let{usersTable}=resolveAuthTablesForRequest(ctx.request,config);if(!db||!usersTable)return{success:!1,message:"Database not configured"};let token=ctx.query.token;if(!token)return{success:!1,message:"Token is required"};let tokenHash=hashToken(token,TOKEN_PURPOSE.magicLink),reqSchemaName=ctx.request.headers.get("x-tenant-schema")||void 0,storedToken=await getMagicToken(tokenHash,reqSchemaName);if(!storedToken)return logger2.warn("[AUTH] Invalid magic link token"),{success:!1,message:"Invalid or expired token"};if(new Date>storedToken.expiresAt)return await deleteMagicToken(tokenHash,reqSchemaName),logger2.warn("[AUTH] Expired magic link token",{email:storedToken.email}),{success:!1,message:"Invalid or expired token"};let user=(await db.select().from(usersTable).where(eq41(usersTable.id,storedToken.userId)).limit(1))[0];if(!user)return await deleteMagicToken(tokenHash,reqSchemaName),{success:!1,message:"User not found"};if(user.isActive===!1)return await deleteMagicToken(tokenHash,reqSchemaName),logger2.warn("[AUTH] Magic link denied: account inactive",{email:storedToken.email}),{success:!1,message:"Invalid or expired token"};if(user.isLocked){let lockedUntil=user.lockedUntil;if(!(lockedUntil&&new Date(lockedUntil)<new Date))return await deleteMagicToken(tokenHash,reqSchemaName),logger2.warn("[AUTH] Magic link denied: account locked",{email:storedToken.email}),{success:!1,message:"Invalid or expired token"}}await deleteMagicToken(tokenHash,reqSchemaName),await db.update(usersTable).set({lastLoginAt:new Date,loginCount:(user.loginCount||0)+1,emailVerified:!0}).where(eq41(usersTable.id,user.id));let ipAddress=ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||ctx.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent=ctx.request.headers.get("user-agent")||"",mlUserRoles=[],mlUserClaims=[],mlUserClaimScopes={};if(db)try{let resolved=resolveAuthTablesForRequest(ctx.request,config),rc=await fetchUserRolesAndClaims(db,user.id,resolved);mlUserRoles=rc.roles,mlUserClaims=rc.claims,mlUserClaimScopes=rc.claimScopes}catch{}let accessToken=signAccessToken(user.id,mlUserRoles.length>0?mlUserRoles:void 0,mlUserClaims.length>0?mlUserClaims:void 0,ctx.request.headers.get("x-tenant-schema")??void 0,mlUserClaimScopes),refreshToken=signRefreshToken(user.id),sessionParams={userId:user.id,deviceInfo:ensureDeviceInfo({ipAddress,userAgent},deviceContextFromRequest(ctx.request).clientHints),loginMethod:"magic_link",rememberMe:!0},sessionId=await createSession(sessionParams),requiresApproval=!1,approvalSessionId=sessionId,deviceTokenCookie;if(saveSessionToDb){let reqSchemaName2=ctx.request.headers.get("x-tenant-schema")||void 0,dtCfg=config.authentication?.deviceTrust;if(dtCfg?.enabled)sessionParams.deviceToken=readDeviceTokenFromCookieHeader(ctx.request.headers.get("cookie"),dtCfg);let saveResult=await saveSessionToDb(sessionId,sessionParams,reqSchemaName2);if(saveResult?.denied)return ctx.set.status=403,{success:!1,message:"This device could not be recognized. Please contact support."};if(deviceTokenCookie=saveResult?.deviceTokenCookie,saveResult?.requiresApproval){if(requiresApproval=!0,saveResult.sessionId)approvalSessionId=saveResult.sessionId}}if(requiresApproval){if(deviceTokenCookie)ctx.set.headers["Set-Cookie"]=deviceTokenCookie;return logger2.info("[AUTH] Magic link login requires device approval",{userId:user.id,email:user.email,approvalSessionId}),{success:!1,requiresApproval:!0,sessionId:approvalSessionId,message:"Login requires approval. Please check your email to approve this device."}}logger2.info("[AUTH] Magic link login successful",{userId:user.id,email:user.email});let cookies={accessTokenName:cookieConfig?.accessTokenName||"access_token",refreshTokenName:cookieConfig?.refreshTokenName||"refresh_token",sessionTokenName:cookieConfig?.sessionTokenName||"session_token",accessTokenMaxAge:cookieConfig?.accessTokenMaxAge||900,refreshTokenMaxAge:cookieConfig?.refreshTokenMaxAge||604800,sessionTokenMaxAge:cookieConfig?.sessionTokenMaxAge||2592000,secure:cookieConfig?.secure??!0,httpOnly:cookieConfig?.httpOnly??!0,sameSite:cookieConfig?.sameSite||"strict",path:cookieConfig?.path||"/",domain:cookieConfig?.domain},securePart=cookies.secure?"; Secure":"",domainPart=cookies.domain?`; Domain=${cookies.domain}`:"",cookieOptions=`; Path=${cookies.path}; HttpOnly; SameSite=${cookies.sameSite}${securePart}${domainPart}`,responseHeaders=new Headers;if(responseHeaders.set("Content-Type","application/json"),responseHeaders.set("x-session-id",sessionId),responseHeaders.append("Set-Cookie",`${cookies.accessTokenName}=${accessToken}${cookieOptions}; Max-Age=${cookies.accessTokenMaxAge}`),responseHeaders.append("Set-Cookie",`${cookies.refreshTokenName}=${refreshToken}${cookieOptions}; Max-Age=${cookies.refreshTokenMaxAge}`),responseHeaders.append("Set-Cookie",`${cookies.sessionTokenName}=${sessionId}${cookieOptions}; Max-Age=${cookies.sessionTokenMaxAge}`),deviceTokenCookie)responseHeaders.append("Set-Cookie",deviceTokenCookie);let jsonBody=JSON.stringify({success:!0,data:{user:{id:user.id,email:user.email},accessToken,refreshToken,sessionId}});return new Response(jsonBody,{status:200,headers:responseHeaders})},{query:MagicLinkVerifySchema,detail:{tags:["Authentication"],summary:"Verify Magic Link",description:"Verify magic link token and login user"}}),magicLinkRoutes}var init_magicLink=__esm(()=>{init_DeviceTrust();init_fetchUserRolesAndClaims();init_deviceInfo();init_types14();init_utils8();init_types14()});import{eq as eq42}from"drizzle-orm";import{Elysia as Elysia31}from"elysia";function createMeRoute(config,meConfig,_schemaTables,_schemaRelations,_databaseUrl){let{db,logger:logger2}=config,route=meConfig.route||"/auth/me",meRoutes=new Elysia31;if(!meConfig.enabled)return meRoutes;return meRoutes.get(route,async(ctx)=>{let resolved=resolveAuthTablesForRequest(ctx.request,config),usersTable=resolved.usersTable,reqSchemaTables=resolved.schemaTables;if(!db||!usersTable)return{success:!1,message:"Database not configured"};let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,message:"Unauthorized"};let user=(await db.select().from(usersTable).where(eq42(usersTable.id,userId)).limit(1))[0];if(!user)return ctx.set.status=404,{success:!1,message:"User not found"};let{password:rawPassword,...restUser}=user,hasPassword=typeof rawPassword==="string"&&rawPassword.length>0,safeUser={...redactSensitiveOutput(restUser),hasPassword},profile=null,addresses=[],phones=[],files=[],roles=[],claims=[];if(meConfig.includeProfile&&reqSchemaTables){let profilesTable=reqSchemaTables.profiles;if(profilesTable&&db)profile=(await db.select().from(profilesTable).where(eq42(profilesTable.userId,userId)).limit(1))[0]||null}if(meConfig.includeAddresses&&reqSchemaTables){let addressesTable=reqSchemaTables.addresses;if(addressesTable&&db)addresses=await db.select().from(addressesTable).where(eq42(addressesTable.ownerId,userId))}if(meConfig.includePhones&&reqSchemaTables){let phonesTable=reqSchemaTables.phones;if(phonesTable&&db)phones=await db.select().from(phonesTable).where(eq42(phonesTable.ownerId,userId))}if(meConfig.includeFiles&&reqSchemaTables){let filesTable=reqSchemaTables.files;if(filesTable&&db)files=await db.select().from(filesTable).where(eq42(filesTable.uploadedBy,userId))}if(meConfig.includeRoles&&reqSchemaTables){let{userRoles:userRolesTable,roles:rolesTable}=reqSchemaTables;if(userRolesTable&&rolesTable&&db){let roleIds=(await db.select().from(userRolesTable).where(eq42(userRolesTable.userId,userId))).map((ur)=>ur.roleId);if(roleIds.length>0){let{inArray:inArray11}=await import("drizzle-orm");roles=await db.select().from(rolesTable).where(inArray11(rolesTable.id,roleIds))}}}if(meConfig.includeClaims&&reqSchemaTables){let{userRoles:userRolesTable,roleClaims:roleClaimsTable,claims:claimsTable}=reqSchemaTables;if(userRolesTable&&roleClaimsTable&&claimsTable&&db){let urCols=userRolesTable,rcCols=roleClaimsTable,cCols=claimsTable,roleIds=(await db.select({roleId:urCols.roleId}).from(userRolesTable).where(eq42(urCols.userId,userId))).map((r2)=>r2.roleId);if(roleIds.length>0){let{inArray:inArray11}=await import("drizzle-orm"),claimRows=await db.select({action:cCols.action,scope:rcCols.scope}).from(roleClaimsTable).innerJoin(claimsTable,eq42(rcCols.claimId,cCols.id)).where(inArray11(rcCols.roleId,roleIds)),seen=new Set;for(let row of claimRows){let r2=row,key2=`${r2.action}|${r2.scope??""}`;if(!seen.has(key2))seen.add(key2),claims.push({action:r2.action,scope:r2.scope??null})}}}}return logger2.info("[AUTH] Me endpoint accessed",{userId}),JSON.parse(JSON.stringify({success:!0,data:{user:safeUser,profile,addresses,phones,files,roles,claims}},(_key,value2)=>typeof value2==="bigint"?Number(value2):value2))},{detail:{tags:["Authentication"],summary:"Get current user",description:"Get the currently authenticated user with profile, addresses, phones and files"}}),meRoutes}var init_me=__esm(()=>{init_utils5()});var exports_accountState={};__export(exports_accountState,{evaluateAccountState:()=>evaluateAccountState});function evaluateAccountState(user,now=new Date){if(user.isActive===!1)return{allowed:!1,reason:"inactive",message:"Account is not active"};if(user.isLocked===!0){let raw=user.lockedUntil,lockedUntil=raw instanceof Date?raw:raw?new Date(raw):null;if(!lockedUntil||Number.isNaN(lockedUntil.getTime())||lockedUntil>now)return{allowed:!1,reason:"locked",message:"Account is locked"}}return{allowed:!0}}import{and as and14,eq as eq43}from"drizzle-orm";import{Elysia as Elysia32}from"elysia";function buildOAuthStateCookie(value2,opts){let securePart=opts.secure?"; Secure":"",domainPart=opts.domain?`; Domain=${opts.domain}`:"";return`${OAUTH_STATE_COOKIE}=${value2}; Path=/; HttpOnly; SameSite=Lax; Max-Age=${opts.maxAge}${securePart}${domainPart}`}function createOAuthRoutes(config,oauthService,signAccessToken,signRefreshToken,createSession,saveSessionToDb,cookieConfig,tokenResponseConfig,emailService,storeMagicToken,appName){let{db,logger:logger2}=config,basePath=oauthService.basePath;for(let provider of oauthService.getEnabledProviders()){let p=oauthService.config.providers[provider];logger2.info("[OAUTH] Provider loaded",{provider,clientIdSuffix:p?.clientId?p.clientId.slice(-4):"none",tenantId:p?.tenantId??"common",redirectUri:p?.redirectUri,scopes:p?.scopes})}let cookies={accessTokenName:cookieConfig?.accessTokenName||"access_token",refreshTokenName:cookieConfig?.refreshTokenName||"refresh_token",sessionTokenName:cookieConfig?.sessionTokenName||"session_token",accessTokenMaxAge:cookieConfig?.accessTokenMaxAge||900,refreshTokenMaxAge:cookieConfig?.refreshTokenMaxAge||604800,sessionTokenMaxAge:cookieConfig?.sessionTokenMaxAge||900,secure:cookieConfig?.secure??!0,httpOnly:cookieConfig?.httpOnly??!0,sameSite:cookieConfig?.sameSite||"lax",path:cookieConfig?.path||"/",domain:cookieConfig?.domain},tokenConfig={accessToken:{setHeadersEnabled:tokenResponseConfig?.accessToken?.setHeadersEnabled??!0,returnJson:tokenResponseConfig?.accessToken?.returnJson??!0},refreshToken:{setHeadersEnabled:tokenResponseConfig?.refreshToken?.setHeadersEnabled??!0,returnJson:tokenResponseConfig?.refreshToken?.returnJson??!0},sessionToken:{setHeadersEnabled:tokenResponseConfig?.sessionToken?.setHeadersEnabled??!0,returnJson:tokenResponseConfig?.sessionToken?.returnJson??!0}},routes=new Elysia32;return routes.get(`${basePath}/:provider`,async(ctx)=>{let provider=ctx.params.provider;if(!oauthService.isProviderEnabled(provider))return ctx.set.status=404,{success:!1,message:`OAuth provider "${provider}" is not enabled`};let redirectUrl=ctx.query.redirect_url,authUrl=await oauthService.buildAuthorizationUrl(provider,void 0,redirectUrl);logger2.debug("[OAUTH] Redirecting to provider",{provider,authUrl:authUrl.replace(/(client_id=)[^&]+/,"$1***")});let issuedState=new URL(authUrl).searchParams.get("state");if(issuedState)ctx.set.headers["Set-Cookie"]=buildOAuthStateCookie(issuedState,{maxAge:600,secure:cookies.secure,domain:cookies.domain});return ctx.set.status=302,ctx.set.headers.Location=authUrl,null},{detail:{tags:["Authentication"],summary:"OAuth Redirect",description:"Redirects to the OAuth provider authorization page"}}),routes.get(`${basePath}/:provider/callback`,async(ctx)=>{let provider=ctx.params.provider,query=ctx.query,{code,state,error:error3,error_description}=query,errorRedirect=oauthService.errorRedirectUrl;if(error3)return logger2.warn("[OAUTH] Provider returned error",{provider,error:error3,error_description}),ctx.set.status=302,ctx.set.headers.Location=`${errorRedirect}?error=${encodeURIComponent(error_description||error3)}`,null;if(!code||!state)return ctx.set.status=302,ctx.set.headers.Location=`${errorRedirect}?error=missing_code_or_state`,null;let statePayload=await oauthService.consumeState(state);if(!statePayload)return logger2.warn("[OAUTH] Invalid or expired state",{provider,state}),ctx.set.status=302,ctx.set.headers.Location=`${errorRedirect}?error=invalid_state`,null;let cookieState=readCookie(ctx.request,OAUTH_STATE_COOKIE),clearStateCookie=buildOAuthStateCookie("",{maxAge:0,secure:cookies.secure,domain:cookies.domain});if(!cookieState||cookieState!==state)return logger2.warn("[OAUTH] State cookie missing or mismatched (possible CSRF)",{provider}),ctx.set.status=302,ctx.set.headers["Set-Cookie"]=clearStateCookie,ctx.set.headers.Location=`${errorRedirect}?error=invalid_state`,null;if(statePayload.provider!==provider)return logger2.warn("[OAUTH] State provider mismatch",{expected:statePayload.provider,got:provider}),ctx.set.status=302,ctx.set.headers.Location=`${errorRedirect}?error=provider_mismatch`,null;let resolved=resolveAuthTablesForRequest(ctx.request,config),usersTable=resolved.usersTable,oauthTable=resolved.oauthAccountsTable??config.oauthAccountsTable;if(!db||!usersTable)return ctx.set.status=302,ctx.set.headers.Location=`${errorRedirect}?error=server_error`,null;logger2.debug("[OAUTH] Exchanging code",{provider,codeLength:code.length,statePresent:!!state});let callbackResult;try{callbackResult=await oauthService.exchangeCode(provider,code)}catch(err){let e=err;return logger2.error("[OAUTH] Code exchange failed",err,{provider,errorMessage:e?.message,errorName:e?.name,errorCauseCode:e?.cause?.code,errorCauseMessage:e?.cause?.message}),ctx.set.status=302,ctx.set.headers.Location=`${errorRedirect}?error=token_exchange_failed`,null}let{profile,tokens}=callbackResult,userId=null;if(statePayload.linkUserId&&oauthService.allowAccountLinking){if(userId=statePayload.linkUserId,oauthTable){let existing=await db.select().from(oauthTable).where(and14(eq43(oauthTable.provider,provider),eq43(oauthTable.providerAccountId,profile.providerAccountId))).limit(1);if(existing.length>0){let existingRecord=existing[0];if(existingRecord.userId!==userId)return ctx.set.status=302,ctx.set.headers.Location=`${errorRedirect}?error=account_already_linked_to_another_user`,null;await db.update(oauthTable).set({accessToken:tokens.accessToken,refreshToken:tokens.refreshToken??null,tokenExpiresAt:tokens.expiresAt??null,scope:tokens.scope??null,rawProfile:profile.rawProfile,lastUsedAt:new Date}).where(eq43(oauthTable.id,existingRecord.id))}else await db.insert(oauthTable).values({userId,provider,providerAccountId:profile.providerAccountId,providerEmail:profile.email??null,providerName:profile.name??null,providerAvatarUrl:profile.avatarUrl??null,accessToken:tokens.accessToken,refreshToken:tokens.refreshToken??null,tokenExpiresAt:tokens.expiresAt??null,scope:tokens.scope??null,rawProfile:profile.rawProfile,isPrimary:!1,lastUsedAt:new Date})}logger2.info("[OAUTH] Account linked successfully",{userId,provider});let successUrl2=resolveSafeOAuthRedirect(statePayload.redirectUrl,oauthService.successRedirectUrl,config.authentication?.trustedAppOrigins);return ctx.set.status=302,ctx.set.headers.Location=`${successUrl2}?linked=true&provider=${provider}`,null}if(oauthTable){let existingOAuth=await db.select().from(oauthTable).where(and14(eq43(oauthTable.provider,provider),eq43(oauthTable.providerAccountId,profile.providerAccountId))).limit(1);if(existingOAuth.length>0){let oauthRecord=existingOAuth[0];userId=oauthRecord.userId,await db.update(oauthTable).set({accessToken:tokens.accessToken,refreshToken:tokens.refreshToken??null,tokenExpiresAt:tokens.expiresAt??null,scope:tokens.scope??null,rawProfile:profile.rawProfile,lastUsedAt:new Date}).where(eq43(oauthTable.id,oauthRecord.id))}}if(!userId&&profile.email){let normalizedOAuthEmail=profile.email.toLowerCase(),existingUsers=await db.select().from(usersTable).where(eq43(usersTable.email,normalizedOAuthEmail)).limit(1);if(existingUsers.length>0&&profile.emailVerified!==!0)return logger2.warn("[OAUTH] Refusing account merge: provider email not verified",{provider,email:profile.email}),ctx.set.status=302,ctx.set.headers.Location=`${errorRedirect}?error=email_not_verified`,null;if(existingUsers.length>0){if(userId=existingUsers[0].id,oauthTable)await db.insert(oauthTable).values({userId,provider,providerAccountId:profile.providerAccountId,providerEmail:profile.email??null,providerName:profile.name??null,providerAvatarUrl:profile.avatarUrl??null,accessToken:tokens.accessToken,refreshToken:tokens.refreshToken??null,tokenExpiresAt:tokens.expiresAt??null,scope:tokens.scope??null,rawProfile:profile.rawProfile,isPrimary:!1,lastUsedAt:new Date}).onConflictDoNothing();logger2.info("[OAUTH] Merged OAuth account with existing user by email",{userId,provider,email:profile.email})}}if(!userId){if(!oauthService.autoCreateUser)return ctx.set.status=302,ctx.set.headers.Location=`${errorRedirect}?error=user_not_found`,null;let userEmail=(profile.email??`${provider}_${profile.providerAccountId}@oauth.local`).toLowerCase(),providerEmailVerified=profile.emailVerified===!0;if(userId=(await db.insert(usersTable).values({email:userEmail,password:null,emailVerified:providerEmailVerified,verifiedAt:providerEmailVerified?new Date:null,isActive:!0}).returning())[0].id,oauthTable)await db.insert(oauthTable).values({userId,provider,providerAccountId:profile.providerAccountId,providerEmail:profile.email??null,providerName:profile.name??null,providerAvatarUrl:profile.avatarUrl??null,accessToken:tokens.accessToken,refreshToken:tokens.refreshToken??null,tokenExpiresAt:tokens.expiresAt??null,scope:tokens.scope??null,rawProfile:profile.rawProfile,isPrimary:!0,lastUsedAt:new Date});if(logger2.info("[OAUTH] Created new user via OAuth",{userId,provider,email:profile.email}),oauthService.sendInviteOnCreate&&profile.email&&emailService?.isAvailable()&&storeMagicToken)try{let rawToken=generateMagicToken(),tokenHash=hashToken(rawToken,TOKEN_PURPOSE.invite),expiresAt=new Date(Date.now()+parseTimeToMs3("7d")),oauthSchemaName=ctx.request.headers.get("x-tenant-schema")||void 0;await storeMagicToken({userId,email:profile.email,tokenHash,expiresAt},oauthSchemaName);let inviteLink=`${oauthService.successRedirectUrl.replace(/\/$/,"").replace(/\/[^/]+$/,"/set-password")}?token=${rawToken}`;await emailService.sendEmail({to:profile.email,subject:`Welcome to ${appName??"the platform"} \u2014 Set your password`,html:`
436
+ `),polyTables=(Array.isArray(polyResult)?polyResult:polyResult.rows||[]).map((r2)=>String(r2.table_name||""));logger2.info("[AUTH] Change User ID - discovered schema references",{fkConstraints:fkConstraints.map((f)=>`${f.table_name}.${f.column_name} (${f.constraint_name})`),userIdColumns:userIdColumns.map((u)=>`${u.table_name}.${u.column_name}`),auditColumns:auditColumns.map((a12)=>`${a12.table_name}.${a12.column_name}`),polyTables});let allUpdates=new Map,addUpdate=(tableName,columnName)=>{if(!allUpdates.has(tableName))allUpdates.set(tableName,new Set);allUpdates.get(tableName)?.add(columnName)};for(let fk of fkConstraints)addUpdate(fk.table_name,fk.column_name);for(let col11 of userIdColumns)addUpdate(col11.table_name,col11.column_name);for(let col11 of auditColumns)addUpdate(col11.table_name,col11.column_name);logger2.info("[AUTH] Change User ID - all column updates to execute",{updates:Array.from(allUpdates.entries()).map(([t19,cols])=>`${t19}: [${Array.from(cols).join(", ")}]`)}),await db.transaction(async(tx)=>{for(let fk of fkConstraints)await tx.execute(sql7.raw(`ALTER TABLE "${effectiveSchema}"."${fk.table_name}" DROP CONSTRAINT "${fk.constraint_name}"`));await tx.execute(sql7.raw(`UPDATE "${effectiveSchema}"."users" SET "id" = '${newId}' WHERE "id" = '${currentId}'`));for(let[tableName,columns]of allUpdates.entries())for(let columnName of columns)await tx.execute(sql7.raw(`UPDATE "${effectiveSchema}"."${tableName}" SET "${columnName}" = '${newId}' WHERE "${columnName}" = '${currentId}'`));for(let tableName of polyTables)await tx.execute(sql7.raw(`UPDATE "${effectiveSchema}"."${tableName}" SET "owner_id" = '${newId}' WHERE "owner_id" = '${currentId}' AND "owner_type" IN ('user', 'users', 'User')`));for(let fk of fkConstraints){let onDelete=fk.delete_rule==="CASCADE"?"ON DELETE CASCADE":fk.delete_rule==="SET NULL"?"ON DELETE SET NULL":"";await tx.execute(sql7.raw(`ALTER TABLE "${effectiveSchema}"."${fk.table_name}" ADD CONSTRAINT "${fk.constraint_name}" FOREIGN KEY ("${fk.column_name}") REFERENCES "${effectiveSchema}"."users" ("id") ${onDelete}`))}});let allAffectedTables=[...new Set([...fkConstraints.map((f)=>f.table_name),...userIdColumns.map((u)=>u.table_name),...auditColumns.map((a12)=>a12.table_name),...polyTables])];return logger2.info("[AUTH] User ID changed successfully",{godminId:requestingUserId,currentId,newId,email:targetUser.email,affectedTables:allAffectedTables,fkConstraintsDroppedAndReadded:fkConstraints.length}),await logger2.audit({entityName:"users",entityId:newId,operation:"CHANGE_USER_ID",userId:requestingUserId,summary:`Godmin changed user ID: ${currentId} \u2192 ${newId} (${targetUser.email})`,oldValues:{id:currentId},newValues:{id:newId},ipAddress:ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||"unknown",userAgent:ctx.request.headers.get("user-agent")||"unknown",path:new URL(ctx.request.url).pathname,query:""}),{success:!0,data:{oldId:currentId,newId,email:targetUser.email,affectedTables:allAffectedTables}}}catch(error){return logger2.error("[AUTH] Failed to change user ID",{error:error instanceof Error?error.message:String(error),stack:error instanceof Error?error.stack:void 0,currentId,newId}),ctx.set.status=500,{success:!1,message:error instanceof Error?error.message:"Failed to change user ID"}}},{body:t18.Object({currentId:t18.String(),newId:t18.String()}),detail:{tags:["Authentication"],summary:"Change User ID",description:"Godmin: change a user's UUID while preserving all FK relations, audit columns, and polymorphic references"}}),routes}var init_changeUserId=__esm(()=>{init_resolveMutationSchema()});function decideCreateUserAuthz(params){let{callerIsGod,callerRoleNames,allowRoles,requestedRoleNames,godminRoleName}=params,callerIsGodmin=callerIsGod||callerRoleNames.includes(godminRoleName);if(!(callerIsGodmin||callerRoleNames.some((n2)=>allowRoles.includes(n2))))return{allowed:!1,status:403,reason:"not_privileged"};if(requestedRoleNames.includes(godminRoleName)&&!callerIsGodmin)return{allowed:!1,status:403,reason:"godmin_assignment_forbidden"};if(!callerIsGodmin){let heldByCaller=new Set(callerRoleNames);if(!requestedRoleNames.every((r2)=>heldByCaller.has(r2)))return{allowed:!1,status:403,reason:"role_above_caller"}}return{allowed:!0,callerIsGodmin}}import{eq as eq33,inArray as inArray9}from"drizzle-orm";import{Elysia as Elysia22,t as t19}from"elysia";function createCreateUserRoute(config,createUserConfig){let{db,logger:logger2}=config,routes=new Elysia22;if(createUserConfig?.enabled===!1)return routes;let route=createUserConfig?.route||"/auth/admin/create-user",allowRoles=createUserConfig?.allowRoles??[];return routes.post(route,async(ctx)=>{let resolved=resolveAuthTablesForRequest(ctx.request,config),{usersTable,rolesTable:resolvedRolesTable,userRolesTable:resolvedUserRolesTable,schemaTables}=resolved,profilesTable=schemaTables?.profiles,rolesTable=resolvedRolesTable??config.rolesTable??null,userRolesTable=resolvedUserRolesTable??config.userRolesTable??null;if(!db||!usersTable)return ctx.set.status=500,{success:!1,message:"Database not configured"};let requestingUserId=ctx.request.headers.get("x-user-id");if(!requestingUserId)return ctx.set.status=401,{success:!1,message:"Unauthorized"};let requestingUser=(await db.select().from(usersTable).where(eq33(usersTable.id,requestingUserId)).limit(1))[0];if(!requestingUser)return ctx.set.status=401,{success:!1,message:"Unauthorized"};let callerIsGod=Boolean(requestingUser.isGod),callerRoleNames=[];if(!callerIsGod&&rolesTable&&userRolesTable){let rolesCols=rolesTable,userRolesCols=userRolesTable;callerRoleNames=(await db.select({name:rolesCols.name}).from(userRolesTable).innerJoin(rolesTable,eq33(rolesCols.id,userRolesCols.roleId)).where(eq33(userRolesCols.userId,requestingUserId))).map((r2)=>r2.name)}let requestedRoleIds=ctx.body.roleIds??[],foundRoles=[];if(requestedRoleIds.length>0&&rolesTable){let rolesCols=rolesTable;foundRoles=(await db.select({id:rolesCols.id,name:rolesCols.name}).from(rolesTable).where(inArray9(rolesCols.id,requestedRoleIds))).map((r2)=>({id:r2.id,name:r2.name}))}let decision=decideCreateUserAuthz({callerIsGod,callerRoleNames,allowRoles,requestedRoleNames:foundRoles.map((r2)=>r2.name),godminRoleName:GODMIN_ROLE_NAME});if(!decision.allowed)return logger2.warn("[AUTH] create-user denied",{callerId:requestingUserId,reason:decision.reason}),ctx.set.status=decision.status,{success:!1,message:decision.reason==="godmin_assignment_forbidden"?"Forbidden: assigning the godmin role requires godmin privileges":"Forbidden"};let{email:rawEmail,password:password4,profile}=ctx.body,email=rawEmail.toLowerCase().trim(),passwordValidation=validatePasswordStrength(password4);if(!passwordValidation.valid)return ctx.set.status=400,{success:!1,message:"Password too weak",errors:passwordValidation.errors};if((await db.select().from(usersTable).where(eq33(usersTable.email,email)).limit(1)).length>0)return logger2.warn("[AUTH] create-user failed \u2014 email already exists",{email}),ctx.set.status=409,{success:!1,message:"Email already registered"};let now=new Date,hashedPassword=await hashPassword(password4),insertValues={email,password:hashedPassword,emailVerified:!0,verifiedAt:now,isLocked:!1,createdAt:now,updatedAt:now},newUser=(await db.insert(usersTable).values(insertValues).returning())[0];if(!newUser)return logger2.error("[AUTH] create-user insert returned nothing",{email}),ctx.set.status=500,{success:!1,message:"Failed to create user"};let newUserId=newUser.id;if(requestedRoleIds.length>0&&rolesTable&&userRolesTable)try{let validRoleIds=foundRoles.map((r2)=>r2.id);if(validRoleIds.length>0)await db.insert(userRolesTable).values(validRoleIds.map((roleId)=>({userId:newUserId,roleId})));let skipped=requestedRoleIds.filter((id)=>!validRoleIds.includes(id));if(skipped.length>0)logger2.warn("[AUTH] create-user: some roleIds were not found",{userId:newUserId,skipped});if(foundRoles.some((r2)=>r2.name===GODMIN_ROLE_NAME))await db.update(usersTable).set({isGod:!0}).where(eq33(usersTable.id,newUserId))}catch(err){logger2.warn("[AUTH] create-user: failed to assign roles \u2014 continuing",{userId:newUserId,error:err instanceof Error?err.message:String(err)})}else if(config.authentication?.defaultRole)await assignDefaultRole({db,userId:newUserId,roleName:config.authentication.defaultRole,rolesTable,userRolesTable,logger:logger2});if(profile&&profilesTable)try{await db.insert(profilesTable).values({userId:newUserId,firstName:profile.firstName??null,lastName:profile.lastName??null,phoneNumber:profile.phoneNumber??null,createdAt:now,updatedAt:now})}catch(err){logger2.warn("[AUTH] create-user: failed to create profile \u2014 continuing",{userId:newUserId,error:err instanceof Error?err.message:String(err)})}let reqUrl=new URL(ctx.request.url),auditIp=ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||ctx.request.headers.get("x-real-ip")?.trim()||"unknown",auditUa=ctx.request.headers.get("user-agent")||"unknown";return logger2.audit({entityName:"users",entityId:newUserId,operation:"ADMIN_CREATE_USER",userId:requestingUserId,summary:`Admin ${requestingUserId} created user ${email}`,ipAddress:auditIp,userAgent:auditUa,path:reqUrl.pathname,query:reqUrl.search}),logger2.info("[AUTH] Admin created user",{newUserId,email,createdBy:requestingUserId}),{success:!0,message:"User created successfully",data:{id:newUserId,email}}},{body:CreateUserBodySchema,detail:{tags:["Authentication","Admin"],summary:"Admin Create User",description:"Create a fully active user with a password, roles, and optional profile. Admin-only. No email is sent."}}),routes}var CreateUserBodySchema;var init_createUser=__esm(()=>{init_Authorization();init_assignDefaultRole();init_utils6();CreateUserBodySchema=t19.Object({email:t19.String({format:"email"}),password:t19.String({minLength:8}),roleIds:t19.Optional(t19.Array(t19.String())),profile:t19.Optional(t19.Object({firstName:t19.Optional(t19.String()),lastName:t19.Optional(t19.String()),phoneNumber:t19.Optional(t19.String())}))})});import{eq as eq34}from"drizzle-orm";import{Elysia as Elysia23,t as t20}from"elysia";function createHardDeleteUserRoute(config){let{db,logger:logger2}=config,routes=new Elysia23({name:"nucleus-auth-admin-hard-delete"});return routes.delete("/auth/admin/hard-delete/:userId",async(ctx)=>{let resolved=resolveAuthTablesForRequest(ctx.request,config),{usersTable,userRolesTable,sessionsTable,oauthAccountsTable,apiKeysTable,schemaTables}=resolved;if(!db||!usersTable)return ctx.set.status=500,{success:!1,message:"Database not configured"};let requestingUserId=ctx.request.headers.get("x-user-id");if(!requestingUserId)return ctx.set.status=401,{success:!1,message:"Unauthorized"};if(!(await db.select().from(usersTable).where(eq34(usersTable.id,requestingUserId)).limit(1))[0]?.isGod)return ctx.set.status=403,{success:!1,message:"Forbidden \u2014 only godmin can hard-delete users"};let{userId:targetUserId}=ctx.params;if(targetUserId===requestingUserId)return ctx.set.status=400,{success:!1,message:"Cannot hard-delete yourself"};let targetUser=(await db.select().from(usersTable).where(eq34(usersTable.id,targetUserId)).limit(1))[0];if(!targetUser)return ctx.set.status=404,{success:!1,message:"User not found"};if(targetUser.isGod)return ctx.set.status=403,{success:!1,message:"Cannot hard-delete a godmin user"};let deletedRelations=[],col11=(table,name2)=>table[name2],profilesTable=schemaTables?.profiles,addressesTable=schemaTables?.addresses,phonesTable=schemaTables?.phones,filesTable=schemaTables?.files,runCascade=async(exec)=>{deletedRelations.length=0;let del=async(table,columnName,label)=>{if(!table)return;await exec.delete(table).where(eq34(col11(table,columnName),targetUserId)),deletedRelations.push(label)};await del(userRolesTable,"userId","user_roles"),await del(sessionsTable,"userId","sessions"),await del(oauthAccountsTable,"userId","oauth_accounts"),await del(apiKeysTable,"userId","api_keys"),await del(profilesTable,"userId","profiles"),await del(addressesTable,"ownerId","addresses"),await del(phonesTable,"ownerId","phones"),await del(filesTable,"uploadedBy","files"),await exec.delete(usersTable).where(eq34(usersTable.id,targetUserId))};try{let txDb=db;if(typeof txDb.transaction==="function")await txDb.transaction(async(tx)=>{await runCascade(tx)});else await runCascade(db)}catch(err){return logger2.error("[AUTH] hard-delete failed; transaction rolled back",{userId:targetUserId,error:err instanceof Error?err.message:String(err)}),ctx.set.status=500,{success:!1,message:"Hard delete failed and was rolled back"}}let reqUrl=new URL(ctx.request.url);return logger2.audit({entityName:"users",entityId:targetUserId,operation:"ADMIN_HARD_DELETE_USER",userId:requestingUserId,summary:`Godmin ${requestingUserId} hard-deleted user ${targetUser.email} (${targetUserId}). Cleaned: ${deletedRelations.join(", ")}`,ipAddress:ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||ctx.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:ctx.request.headers.get("user-agent")||"unknown",path:reqUrl.pathname,query:reqUrl.search}),logger2.info("[AUTH] Hard-deleted user",{targetUserId,email:targetUser.email,deletedBy:requestingUserId,cleanedRelations:deletedRelations}),{success:!0,message:"User permanently deleted",data:{userId:targetUserId,email:targetUser.email,cleanedRelations:deletedRelations}}},{params:HardDeleteUserParamsSchema,detail:{tags:["Authentication","Admin"],summary:"Hard Delete User",description:"Permanently delete a user and all related data (roles, sessions, profile, files, etc.). Godmin-only. Irreversible."}}),routes}var HardDeleteUserParamsSchema;var init_hardDeleteUser=__esm(()=>{HardDeleteUserParamsSchema=t20.Object({userId:t20.String()})});var exports_fetchUserRolesAndClaims={};__export(exports_fetchUserRolesAndClaims,{fetchUserRolesAndClaims:()=>fetchUserRolesAndClaims});import{eq as eq35,inArray as inArray10}from"drizzle-orm";var noopLogger,fetchUserRolesAndClaims=async(db,userId,resolved,logger2=noopLogger)=>{let{userRolesTable,rolesTable,roleClaimsTable,claimsTable,usersTable}=resolved,result={roles:[],claims:[],claimScopes:{}};if(!userRolesTable||!rolesTable)return result;let roleIds=(await db.select().from(userRolesTable).where(eq35(userRolesTable.userId,userId))).map((r2)=>r2.roleId);if(roleIds.length===0)return result;let roleRows=await db.select().from(rolesTable).where(inArray10(rolesTable.id,roleIds));if(result.roles=roleRows.map((r2)=>r2.name),roleClaimsTable&&claimsTable){let rows=(await db.select({action:claimsTable.action,scope:roleClaimsTable.scope}).from(roleClaimsTable).innerJoin(claimsTable,eq35(roleClaimsTable.claimId,claimsTable.id)).where(inArray10(roleClaimsTable.roleId,roleIds))).filter((r2)=>typeof r2.action==="string"&&r2.action.length>0).map((r2)=>({action:r2.action,scope:r2.scope??null})),userData;if(rows.some((r2)=>!!r2.scope)&&usersTable)try{userData=(await db.select().from(usersTable).where(eq35(usersTable.id,userId)))[0]}catch(err){logger2.warn("[Authorization] Failed to load user row for scope resolution",{userId,error:err instanceof Error?err.message:String(err)})}let{claimScopes,dropped}=resolveClaimScopes(rows,userData,logger2),droppedSet=new Set(dropped);result.claims=Array.from(new Set(rows.map((r2)=>r2.action))).filter((a12)=>!droppedSet.has(a12)),result.claimScopes=claimScopes}return result};var init_fetchUserRolesAndClaims=__esm(()=>{init_Middleware();noopLogger={debug:()=>{},info:()=>{},warn:()=>{},error:()=>{}}});import{eq as eq36}from"drizzle-orm";import{Elysia as Elysia24,t as t21}from"elysia";function createImpersonateRoute(config,signAccessToken,signRefreshToken,verifyRefreshToken,createSession,saveSessionToDb,cookieConfig){let{db,logger:logger2}=config,routes=new Elysia24,cookies={accessTokenName:cookieConfig?.accessTokenName||"access_token",refreshTokenName:cookieConfig?.refreshTokenName||"refresh_token",sessionTokenName:cookieConfig?.sessionTokenName||"session_token",accessTokenMaxAge:cookieConfig?.accessTokenMaxAge||900,refreshTokenMaxAge:cookieConfig?.refreshTokenMaxAge||604800,sessionTokenMaxAge:cookieConfig?.sessionTokenMaxAge||900,secure:cookieConfig?.secure??!0,sameSite:cookieConfig?.sameSite||"lax",path:cookieConfig?.path||"/",domain:cookieConfig?.domain};return routes.post("/auth/admin/impersonate",async(ctx)=>{let{usersTable}=resolveAuthTablesForRequest(ctx.request,config);if(!db||!usersTable)return{success:!1,message:"Database not configured"};let requestingUserId=ctx.request.headers.get("x-user-id");if(!requestingUserId)return ctx.set.status=401,{success:!1,message:"Unauthorized"};let{targetUserId}=ctx.body,requestingUser=(await db.select().from(usersTable).where(eq36(usersTable.id,requestingUserId)).limit(1))[0];if(!requestingUser||!requestingUser.isGod)return ctx.set.status=403,{success:!1,message:"Forbidden: godmin privileges required"};{let lockedUntilRaw=requestingUser.lockedUntil,lockedUntil=lockedUntilRaw?new Date(lockedUntilRaw):null;if(requestingUser.isActive===!1)return ctx.set.status=403,{success:!1,message:"Account is not active"};if(requestingUser.isLocked===!0&&(!lockedUntil||lockedUntil>new Date))return ctx.set.status=403,{success:!1,message:"Account is locked"}}if(requestingUserId===targetUserId)return ctx.set.status=400,{success:!1,message:"Cannot impersonate yourself"};let targetUser=(await db.select().from(usersTable).where(eq36(usersTable.id,targetUserId)).limit(1))[0];if(!targetUser)return ctx.set.status=404,{success:!1,message:"Target user not found"};let impRoles=[],impClaims=[],impClaimScopes={};if(config.db)try{let resolved=resolveAuthTablesForRequest(ctx.request,config),rc=await fetchUserRolesAndClaims(config.db,targetUserId,resolved);impRoles=rc.roles,impClaims=rc.claims,impClaimScopes=rc.claimScopes}catch{}let accessToken=signAccessToken(targetUserId,impRoles.length>0?impRoles:void 0,impClaims.length>0?impClaims:void 0,ctx.request.headers.get("x-tenant-schema")??void 0,impClaimScopes),refreshToken=signRefreshToken(targetUserId),reqIp=ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||"unknown",sessionParams={userId:targetUserId,deviceInfo:{deviceName:"Impersonation Session",browserName:"Admin",osName:"Admin",ipAddress:reqIp},loginMethod:"impersonation"},sessionId=await createSession(sessionParams);if(saveSessionToDb){let impSchemaName=ctx.request.headers.get("x-tenant-schema")||void 0;await saveSessionToDb(sessionId,sessionParams,impSchemaName)}logger2.info("[AUTH] Impersonation started",{godminId:requestingUserId,targetUserId,targetEmail:targetUser.email}),await logger2.audit({entityName:"users",entityId:targetUserId,operation:"IMPERSONATE_START",userId:requestingUserId,summary:`Godmin ${requestingUser.email} started impersonating ${targetUser.email}`,ipAddress:ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||"unknown",userAgent:ctx.request.headers.get("user-agent")||"unknown",path:new URL(ctx.request.url).pathname,query:""});let securePart=cookies.secure?"; Secure":"",domainPart=cookies.domain?`; Domain=${cookies.domain}`:"",cookieOptions=`; Path=${cookies.path}; HttpOnly; SameSite=${cookies.sameSite}${securePart}${domainPart}`,cookiesToSet=[`${cookies.accessTokenName}=${accessToken}${cookieOptions}; Max-Age=${cookies.accessTokenMaxAge}`,`${cookies.refreshTokenName}=${refreshToken}${cookieOptions}; Max-Age=${cookies.refreshTokenMaxAge}`,`${cookies.sessionTokenName}=${sessionId}${cookieOptions}; Max-Age=${cookies.sessionTokenMaxAge}`,`nucleus_impersonating_as=${targetUserId}${cookieOptions}; Max-Age=${cookies.sessionTokenMaxAge}`,`nucleus_godmin_id=${requestingUserId}${cookieOptions}; Max-Age=${cookies.sessionTokenMaxAge}`,`nucleus_impersonating_email=${encodeURIComponent(String(targetUser.email))}${cookieOptions}; Max-Age=${cookies.sessionTokenMaxAge}`,`nucleus_imp_sig=${signRefreshToken(requestingUserId)}${cookieOptions}; Max-Age=${cookies.refreshTokenMaxAge}`],jsonBody=JSON.stringify({success:!0,data:{targetUser:{id:targetUser.id,email:targetUser.email},godminId:requestingUserId,sessionId}}),headers=new Headers;headers.set("Content-Type","application/json");for(let cookie of cookiesToSet)headers.append("Set-Cookie",cookie);return new Response(jsonBody,{status:200,headers})},{body:t21.Object({targetUserId:t21.String()}),detail:{tags:["Authentication"],summary:"Impersonate User",description:"Godmin: start a session as another user"}}),routes.post("/auth/admin/impersonate/stop",async(ctx)=>{let{usersTable}=resolveAuthTablesForRequest(ctx.request,config);if(!db||!usersTable)return{success:!1,message:"Database not configured"};let cookieHeader=ctx.request.headers.get("cookie")||"",impSig=Object.fromEntries(cookieHeader.split(";").map((c)=>{let[k,...v]=c.trim().split("=");return[k?.trim(),v.join("=")]})).nucleus_imp_sig,verified=impSig?verifyRefreshToken(impSig):{valid:!1};if(!verified.valid||!verified.payload?.sub)return ctx.set.status=401,{success:!1,message:"No valid impersonation session"};let godminId=verified.payload.sub,godminUser=(await db.select().from(usersTable).where(eq36(usersTable.id,godminId)).limit(1))[0];if(!godminUser)return ctx.set.status=404,{success:!1,message:"Godmin user not found"};{let lockedUntilRaw=godminUser.lockedUntil,lockedUntil=lockedUntilRaw?new Date(lockedUntilRaw):null;if(godminUser.isActive===!1)return ctx.set.status=401,{success:!1,message:"Account is not active"};if(godminUser.isLocked===!0&&(!lockedUntil||lockedUntil>new Date))return ctx.set.status=401,{success:!1,message:"Account is locked"}}let godminRoles=[],godminClaims=[],godminClaimScopes={};if(config.db)try{let resolvedStop=resolveAuthTablesForRequest(ctx.request,config),rcStop=await fetchUserRolesAndClaims(config.db,godminId,resolvedStop);godminRoles=rcStop.roles,godminClaims=rcStop.claims,godminClaimScopes=rcStop.claimScopes}catch{}let accessToken=signAccessToken(godminId,godminRoles.length>0?godminRoles:void 0,godminClaims.length>0?godminClaims:void 0,ctx.request.headers.get("x-tenant-schema")??void 0,godminClaimScopes),refreshToken=signRefreshToken(godminId),stopReqIp=ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||"unknown",sessionParams={userId:godminId,deviceInfo:{deviceName:"Restored Admin Session",browserName:"Admin",osName:"Admin",ipAddress:stopReqIp},loginMethod:"impersonation_stop"},sessionId=await createSession(sessionParams);if(saveSessionToDb){let stopSchemaName=ctx.request.headers.get("x-tenant-schema")||void 0;await saveSessionToDb(sessionId,sessionParams,stopSchemaName)}logger2.info("[AUTH] Impersonation stopped",{godminId}),await logger2.audit({entityName:"users",entityId:godminId,operation:"IMPERSONATE_STOP",userId:godminId,summary:`Godmin ${godminUser.email} stopped impersonation`,ipAddress:ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||"unknown",userAgent:ctx.request.headers.get("user-agent")||"unknown",path:new URL(ctx.request.url).pathname,query:""});let securePart=cookies.secure?"; Secure":"",domainPart=cookies.domain?`; Domain=${cookies.domain}`:"",cookieOptions=`; Path=${cookies.path}; HttpOnly; SameSite=${cookies.sameSite}${securePart}${domainPart}`,expiredOptions=`; Path=${cookies.path}; HttpOnly; SameSite=${cookies.sameSite}${securePart}${domainPart}; Max-Age=0`,cookiesToSet=[`${cookies.accessTokenName}=${accessToken}${cookieOptions}; Max-Age=${cookies.accessTokenMaxAge}`,`${cookies.refreshTokenName}=${refreshToken}${cookieOptions}; Max-Age=${cookies.refreshTokenMaxAge}`,`${cookies.sessionTokenName}=${sessionId}${cookieOptions}; Max-Age=${cookies.sessionTokenMaxAge}`,`nucleus_impersonating_as=deleted${expiredOptions}`,`nucleus_godmin_id=deleted${expiredOptions}`,`nucleus_impersonating_email=deleted${expiredOptions}`,`nucleus_imp_sig=deleted${expiredOptions}`],jsonBody=JSON.stringify({success:!0,data:{godminUser:{id:godminUser.id,email:godminUser.email},sessionId}}),headers=new Headers;headers.set("Content-Type","application/json");for(let cookie of cookiesToSet)headers.append("Set-Cookie",cookie);return new Response(jsonBody,{status:200,headers})},{detail:{tags:["Authentication"],summary:"Stop Impersonation",description:"Godmin: restore own session after impersonation"}}),routes}var init_impersonate=__esm(()=>{init_fetchUserRolesAndClaims()});import{and as and13,count as count2,eq as eq37,sql as sql8}from"drizzle-orm";function createApiKeyRoutes(app,config,apiKeysConfig){let basePath=apiKeysConfig.route||"/auth/api-keys",apiKeysTable=config.apiKeysTable,{db,logger:logger2}=config;if(!apiKeysTable||!db){logger2.warn("[API_KEYS] api_keys table or database not available. Skipping API key routes.");return}let getResolvedConfig=(request)=>{let resolved=resolveAuthTablesForRequest(request,config),reqApiKeysTable=resolved.apiKeysTable??apiKeysTable;return{config:{...config,usersTable:resolved.usersTable??config.usersTable,userRolesTable:resolved.userRolesTable,rolesTable:resolved.rolesTable,roleClaimsTable:resolved.roleClaimsTable,claimsTable:resolved.claimsTable,apiKeysTable:reqApiKeysTable,schemaTables:resolved.schemaTables},apiKeysTable:reqApiKeysTable}},keyPrefix=apiKeysConfig.keyPrefix||"nk_live",maxKeysPerUser=apiKeysConfig.maxKeysPerUser||10,preventManagement=apiKeysConfig.preventApiKeyManagement??!1;app.post(basePath,async({request,set,body:rawBody})=>{let resolved=getResolvedConfig(request),reqApiKeysTable=resolved.apiKeysTable,reqConfig=resolved.config;if(preventManagement)return set.status=403,{isSuccess:!1,message:"API key management is disabled via configuration",data:null};if(request.headers.get("x-auth-type")==="api_key")return set.status=403,{isSuccess:!1,message:"API keys cannot be created using another API key",data:null};let userId=request.headers.get("x-user-id");if(!userId)return set.status=401,{isSuccess:!1,message:"Unauthenticated",data:null};let body;try{body=rawBody??{}}catch{return set.status=400,{isSuccess:!1,message:"Invalid request body",data:null}}if(!body.name||typeof body.name!=="string"||body.name.trim().length===0)return set.status=400,{isSuccess:!1,message:"Name is required",data:null};if(body.ownerType==="application"){if(!(apiKeysConfig.allowApplicationKeys??!0))return set.status=403,{isSuccess:!1,message:"Application API keys are not allowed",data:null};if(!body.applicationName||body.applicationName.trim().length===0)return set.status=400,{isSuccess:!1,message:"Application name is required for application keys",data:null}}if(((await db.select({count:count2()}).from(reqApiKeysTable).where(and13(eq37(col11(reqApiKeysTable,"userId"),userId),eq37(col11(reqApiKeysTable,"isActive"),!0))))[0]?.count||0)>=maxKeysPerUser)return set.status=400,{isSuccess:!1,message:`Maximum API key limit reached (${maxKeysPerUser})`,data:null};let userRoles=await getUserRoleNames(reqConfig,userId),userClaims=await getUserClaimActions(reqConfig,userId),isGodmin3=userRoles.some((r2)=>isGodminRole(r2)),requestedRoles=body.allowedRoles||[],requestedClaims=body.allowedClaims||[],requestedScopes=body.allowedScopes||[],stripGodmin=(roles)=>roles.filter((r2)=>!isGodminRole(r2)),finalRoles,finalClaims;if(isGodmin3)finalRoles=requestedRoles.length>0?stripGodmin(requestedRoles):[],finalClaims=requestedClaims.length>0?requestedClaims:userClaims;else{let validRoles=intersectPermissions(userRoles,requestedRoles),validClaims=intersectPermissions(userClaims,requestedClaims);if(requestedRoles.length>0&&validRoles.length!==requestedRoles.length){let disallowed=requestedRoles.filter((r2)=>!userRoles.includes(r2));return set.status=403,{isSuccess:!1,message:`Cannot assign roles you do not have: ${disallowed.join(", ")}`,data:null}}if(requestedClaims.length>0&&validClaims.length!==requestedClaims.length){let disallowed=requestedClaims.filter((c)=>!userClaims.includes(c));return set.status=403,{isSuccess:!1,message:`Cannot assign claims you do not have: ${disallowed.join(", ")}`,data:null}}if(requestedScopes.length>0){let userScopes=await getUserScopes(reqConfig,userId);if(intersectPermissions(userScopes,requestedScopes).length!==requestedScopes.length){let disallowed=requestedScopes.filter((s)=>!userScopes.includes(s));return set.status=403,{isSuccess:!1,message:`Cannot assign scopes you do not have: ${disallowed.join(", ")}`,data:null}}}finalRoles=stripGodmin(requestedRoles.length>0?validRoles:userRoles),finalClaims=requestedClaims.length>0?validClaims:userClaims}let expiresAt=null,expiresInStr=body.expiresIn||apiKeysConfig.defaultExpiresIn;if(expiresInStr){let seconds=parseTimeToSeconds2(expiresInStr);expiresAt=new Date(Date.now()+seconds*1000)}let generated=generateApiKey(keyPrefix);try{if(await db.insert(reqApiKeysTable).values({userId,name:body.name.trim(),description:body.description?.trim()||null,keyHash:generated.keyHash,keyPreview:generated.keyPreview,ownerType:body.ownerType||"personal",applicationName:body.applicationName?.trim()||null,expiresAt,isActive:!0,usageCount:0,createdAt:new Date,updatedAt:new Date}),finalRoles.length>0||finalClaims.length>0||requestedScopes.length>0){let jsonbUpdate={};if(finalRoles.length>0)jsonbUpdate.allowedRoles=JSON.stringify(finalRoles);if(finalClaims.length>0)jsonbUpdate.allowedClaims=JSON.stringify(finalClaims);if(requestedScopes.length>0)jsonbUpdate.allowedScopes=JSON.stringify(requestedScopes);await db.update(reqApiKeysTable).set(jsonbUpdate).where(eq37(col11(reqApiKeysTable,"keyHash"),generated.keyHash))}return logger2.info("[API_KEYS] API key created",{userId,ownerType:body.ownerType||"personal",applicationName:body.applicationName,rolesCount:finalRoles.length,claimsCount:finalClaims.length,expiresAt:expiresAt?.toISOString()||"never"}),{isSuccess:!0,message:"API key created successfully. Save this key \u2014 it will not be shown again.",data:{key:generated.rawKey,keyPreview:generated.keyPreview,name:body.name.trim(),ownerType:body.ownerType||"personal",applicationName:body.applicationName||null,allowedRoles:finalRoles,allowedClaims:finalClaims,allowedScopes:requestedScopes,expiresAt:expiresAt?.toISOString()||null}}}catch(err){let errDetail;try{errDetail=JSON.stringify(err,Object.getOwnPropertyNames(err))}catch{errDetail=err instanceof Error?err.message:String(err)}return logger2.error("[API_KEYS] Failed to create API key",{error:errDetail,userId}),set.status=500,{isSuccess:!1,message:"Failed to create API key",data:null}}}),app.get(basePath,async({request,set})=>{let{apiKeysTable:reqApiKeysTable}=getResolvedConfig(request),userId=request.headers.get("x-user-id");if(!userId)return set.status=401,{isSuccess:!1,message:"Unauthenticated",data:null};let items=(await db.select().from(reqApiKeysTable).where(eq37(col11(reqApiKeysTable,"userId"),userId)).orderBy(sql8`created_at DESC`)).map((row)=>sanitizeKeyForResponse(row));return{isSuccess:!0,data:{items,totalCount:items.length}}}),app.get(`${basePath}/:id`,async({params,request,set})=>{let{apiKeysTable:reqApiKeysTable}=getResolvedConfig(request),userId=request.headers.get("x-user-id");if(!userId)return set.status=401,{isSuccess:!1,message:"Unauthenticated",data:null};let keyId=params.id,record=(await db.select().from(reqApiKeysTable).where(and13(eq37(col11(reqApiKeysTable,"id"),keyId),eq37(col11(reqApiKeysTable,"userId"),userId))).limit(1))[0];if(!record)return set.status=404,{isSuccess:!1,message:"API key not found",data:null};return{isSuccess:!0,data:sanitizeKeyForResponse(record)}}),app.patch(`${basePath}/:id`,async({params,request,set,body:rawBody})=>{let resolved=getResolvedConfig(request),reqApiKeysTable=resolved.apiKeysTable,reqConfig=resolved.config;if(preventManagement)return set.status=403,{isSuccess:!1,message:"API key management is disabled via configuration",data:null};if(request.headers.get("x-auth-type")==="api_key")return set.status=403,{isSuccess:!1,message:"API keys cannot be modified using another API key",data:null};let userId=request.headers.get("x-user-id");if(!userId)return set.status=401,{isSuccess:!1,message:"Unauthenticated",data:null};let keyId=params.id,body;try{body=rawBody??{}}catch{return set.status=400,{isSuccess:!1,message:"Invalid request body",data:null}}let existing=(await db.select().from(reqApiKeysTable).where(and13(eq37(col11(reqApiKeysTable,"id"),keyId),eq37(col11(reqApiKeysTable,"userId"),userId))).limit(1))[0];if(!existing)return set.status=404,{isSuccess:!1,message:"API key not found",data:null};if(existing.revokedAt)return set.status=400,{isSuccess:!1,message:"Cannot modify a revoked API key",data:null};let userRoles=await getUserRoleNames(reqConfig,userId),userClaims=await getUserClaimActions(reqConfig,userId),updatePayload={updatedAt:new Date};if(body.name!==void 0){if(typeof body.name!=="string"||body.name.trim().length===0)return set.status=400,{isSuccess:!1,message:"Name cannot be empty",data:null};updatePayload.name=body.name.trim()}if(body.description!==void 0)updatePayload.description=body.description?.trim()||null;if(body.allowedRoles!==void 0){if(intersectPermissions(userRoles,body.allowedRoles).length!==body.allowedRoles.length){let disallowed=body.allowedRoles.filter((r2)=>!userRoles.includes(r2));return set.status=403,{isSuccess:!1,message:`Cannot assign roles you do not have: ${disallowed.join(", ")}`,data:null}}updatePayload.allowedRoles=body.allowedRoles.filter((r2)=>!isGodminRole(r2))}if(body.allowedClaims!==void 0){if(intersectPermissions(userClaims,body.allowedClaims).length!==body.allowedClaims.length){let disallowed=body.allowedClaims.filter((c)=>!userClaims.includes(c));return set.status=403,{isSuccess:!1,message:`Cannot assign claims you do not have: ${disallowed.join(", ")}`,data:null}}updatePayload.allowedClaims=body.allowedClaims}if(body.allowedScopes!==void 0){if(body.allowedScopes.length>0){let userScopes=await getUserScopes(reqConfig,userId);if(intersectPermissions(userScopes,body.allowedScopes).length!==body.allowedScopes.length){let disallowed=body.allowedScopes.filter((s)=>!userScopes.includes(s));return set.status=403,{isSuccess:!1,message:`Cannot assign scopes you do not have: ${disallowed.join(", ")}`,data:null}}}updatePayload.allowedScopes=body.allowedScopes}try{await db.update(reqApiKeysTable).set(updatePayload).where(eq37(col11(reqApiKeysTable,"id"),keyId)),logger2.info("[API_KEYS] API key updated",{keyId,userId});let updated=await db.select().from(reqApiKeysTable).where(eq37(col11(reqApiKeysTable,"id"),keyId)).limit(1);return{isSuccess:!0,message:"API key updated successfully",data:sanitizeKeyForResponse(updated[0])}}catch(err){return logger2.error("[API_KEYS] Failed to update API key",{error:err,keyId,userId}),set.status=500,{isSuccess:!1,message:"Failed to update API key",data:null}}}),app.delete(`${basePath}/:id`,async({params,request,set,body:rawBody})=>{let{apiKeysTable:reqApiKeysTable}=getResolvedConfig(request);if(request.headers.get("x-auth-type")==="api_key")return set.status=403,{isSuccess:!1,message:"API keys cannot be revoked using another API key",data:null};let userId=request.headers.get("x-user-id");if(!userId)return set.status=401,{isSuccess:!1,message:"Unauthenticated",data:null};let keyId=params.id,body={};try{if(rawBody)body=rawBody}catch{}let record=(await db.select().from(reqApiKeysTable).where(and13(eq37(col11(reqApiKeysTable,"id"),keyId),eq37(col11(reqApiKeysTable,"userId"),userId))).limit(1))[0];if(!record)return set.status=404,{isSuccess:!1,message:"API key not found",data:null};if(record.revokedAt)return set.status=400,{isSuccess:!1,message:"API key is already revoked",data:null};try{return await db.update(reqApiKeysTable).set({isActive:!1,revokedAt:new Date,revokedReason:body.reason||"user_revoked",updatedAt:new Date}).where(eq37(col11(reqApiKeysTable,"id"),keyId)),logger2.info("[API_KEYS] API key revoked",{keyId,userId,reason:body.reason||"user_revoked"}),{isSuccess:!0,message:"API key revoked successfully",data:null}}catch(err){return logger2.error("[API_KEYS] Failed to revoke API key",{error:err,keyId,userId}),set.status=500,{isSuccess:!1,message:"Failed to revoke API key",data:null}}}),logger2.info(`[API_KEYS] Routes registered at ${basePath}`)}var col11=(table,name2)=>table[name2],getUserRoleNames=async(config,userId)=>{if(!config.db||!config.userRolesTable||!config.rolesTable)return[];return(await config.db.select({name:col11(config.rolesTable,"name")}).from(config.userRolesTable).innerJoin(config.rolesTable,eq37(col11(config.rolesTable,"id"),col11(config.userRolesTable,"roleId"))).where(eq37(col11(config.userRolesTable,"userId"),userId))).map((r2)=>r2.name).filter((n2)=>n2!==void 0)},getUserClaimActions=async(config,userId)=>{if(!config.db||!config.userRolesTable||!config.roleClaimsTable||!config.claimsTable)return[];let rows=await config.db.select({action:col11(config.claimsTable,"action")}).from(config.userRolesTable).innerJoin(config.roleClaimsTable,eq37(col11(config.roleClaimsTable,"roleId"),col11(config.userRolesTable,"roleId"))).innerJoin(config.claimsTable,eq37(col11(config.claimsTable,"id"),col11(config.roleClaimsTable,"claimId"))).where(eq37(col11(config.userRolesTable,"userId"),userId)),uniqueActions=new Set(rows.map((r2)=>r2.action));return Array.from(uniqueActions).filter((a12)=>a12!==void 0)},getUserScopes=async(config,userId)=>{if(!config.db||!config.userRolesTable||!config.roleClaimsTable)return[];let rows=await config.db.select({scope:col11(config.roleClaimsTable,"scope")}).from(config.userRolesTable).innerJoin(config.roleClaimsTable,eq37(col11(config.roleClaimsTable,"roleId"),col11(config.userRolesTable,"roleId"))).where(eq37(col11(config.userRolesTable,"userId"),userId)),uniqueScopes=new Set(rows.map((r2)=>r2.scope).filter((s)=>s!==null&&s!==void 0&&s.length>0));return Array.from(uniqueScopes)},sanitizeKeyForResponse=(record)=>{let{keyHash:_keyHash,...safe}=record;return safe};var init_apiKeys=__esm(()=>{init_ApiKey();init_GodminSetup();init_utils5()});import{Elysia as Elysia25,t as t22}from"elysia";function createCaptchaRoutes(config){let{captchaService,logger:logger2,basePath="/auth/captcha"}=config,captchaRoutes=new Elysia25;if(!captchaService.isEnabled())return captchaRoutes;return captchaRoutes.get(`${basePath}/generate`,async(ctx)=>{let{type,difficulty}=ctx.query,ipAddress=ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||ctx.request.headers.get("x-real-ip")?.trim()||ctx.request.headers.get("cf-connecting-ip")?.trim()||"unknown",result=await captchaService.generate(type,difficulty,ipAddress);if(result.rateLimited)return ctx.set.status=429,{success:!1,message:result.message??"Too many requests. Please try again later."};return logger2.info("[CAPTCHA] Challenge generated via endpoint",{challengeId:result.challengeId,type:result.type,ipAddress}),{success:!0,data:{challengeId:result.challengeId,type:result.type,question:result.question,expiresAt:result.expiresAt,...result.imageData?{imageData:result.imageData}:{},...result.puzzleData?{puzzleData:{pieces:result.puzzleData.pieces}}:{}}}},{query:GenerateCaptchaQuerySchema,detail:{tags:["Captcha"],summary:"Generate Captcha",description:"Generate a new captcha challenge"}}),captchaRoutes.post(`${basePath}/validate`,async(ctx)=>{let{challengeId,answer}=ctx.body,result=await captchaService.validate(challengeId,answer);if(!result.valid)ctx.set.status=400;return result},{body:ValidateCaptchaBodySchema,detail:{tags:["Captcha"],summary:"Validate Captcha",description:"Validate a captcha answer"}}),captchaRoutes}var GenerateCaptchaQuerySchema,ValidateCaptchaBodySchema;var init_captcha=__esm(()=>{GenerateCaptchaQuerySchema=t22.Object({type:t22.Optional(t22.Union([t22.Literal("math"),t22.Literal("image"),t22.Literal("puzzle"),t22.Literal("text")])),difficulty:t22.Optional(t22.Union([t22.Literal("easy"),t22.Literal("medium"),t22.Literal("hard")]))}),ValidateCaptchaBodySchema=t22.Object({challengeId:t22.String(),answer:t22.String()})});import{eq as eq38}from"drizzle-orm";function createCheckRoute(config,checkConfig){let{db,logger:logger2}=config,route=checkConfig.route||"/auth/check";return(app)=>app.post(route,async(ctx)=>{let{body,request,set}=ctx,userId=request.headers.get("x-user-id");if(!userId)return set.status=401,{isSuccess:!1,message:"Unauthenticated",data:null};if(!db)return set.status=503,{isSuccess:!1,message:"Authorization service unavailable",data:null};let{schemaTables}=resolveAuthTablesForRequest(request,config);if(!schemaTables)return set.status=503,{isSuccess:!1,message:"Authorization tables not available",data:null};let{entity,method,fields,relations}=body;if(!entity||!method)return set.status=400,{isSuccess:!1,message:"entity and method are required",data:null};let result=await checkAuthorization({userId,method,entity,requestedFields:fields,requestedRelations:relations,db,schemaTables,logger:logger2,getUserData:async()=>{let usersTbl=schemaTables[AUTHORIZATION_TABLE_KEYS.users];if(!usersTbl||!db)return;let idCol=usersTbl.id;if(!idCol)return;return(await db.select().from(usersTbl).where(eq38(idCol,userId)).limit(1))[0]}});return{isSuccess:!0,message:result.authorized?"Authorized":"Forbidden",data:{authorized:result.authorized,reason:result.reason,allowedFields:result.allowedFields,allowedRelations:result.allowedRelations,scopeFilters:result.scopeFilters}}},{detail:{tags:["Auth"],summary:"Check authorization for a given entity and method",description:"Allows consumer/resource servers to perform full claim checks (including scope) against the IDP's authorization system."}})}var init_check=__esm(()=>{init_Authorization()});import{sql as sql9}from"drizzle-orm";import{Elysia as Elysia26,t as t23}from"elysia";function createEmailVerificationRoutes(config){let{authConfig,registerConfig,emailService,appName}=config,{db,logger:logger2}=authConfig,emailVerificationRoutes=new Elysia26;if(!registerConfig.enabled||!registerConfig.emailVerification?.enabled)return emailVerificationRoutes;let verifyRoute="/verify-email",resendRoute="/resend-verification";return emailVerificationRoutes.get(verifyRoute,async(ctx)=>{let{usersTable}=resolveAuthTablesForRequest(ctx.request,authConfig);if(!db||!usersTable)return{success:!1,message:"Database not configured"};let token=ctx.query.token;if(!token)return{success:!1,message:"Verification token is required"};let users=await db.select().from(usersTable).where(sql9`email_verification_token = ${hashVerificationToken(token)}`).limit(1);if(users.length===0)return logger2.warn("[AUTH] Email verification failed - invalid token"),{success:!1,message:"Invalid or expired verification token"};let user=users[0],tokenExpiresAt=user.emailVerificationTokenExpiresAt;if(tokenExpiresAt&&new Date>new Date(tokenExpiresAt))return logger2.warn("[AUTH] Email verification failed - token expired",{userId:user.id,email:user.email}),{success:!1,message:"Verification token has expired. Please request a new one."};if(await db.update(usersTable).set({verifiedAt:new Date,emailVerificationToken:null,emailVerificationTokenExpiresAt:null}).where(sql9`id = ${user.id}`),logger2.info("[AUTH] Email verified successfully",{userId:user.id,email:user.email}),registerConfig.emailVerification?.templates?.welcome?.enabled&&emailService?.isAvailable())emailService.sendWelcomeEmail(user.email,user.email.split("@")[0]||"User",appName||"Nucleus").catch((err)=>{logger2.error("[AUTH] Failed to send welcome email after verification",{email:user.email,error:err})});return{success:!0,message:"Email verified successfully. You can now log in.",data:{redirectUrl:registerConfig.emailVerification?.redirectUrl||"/login",verified:!0}}},{query:t23.Object({token:t23.String()}),detail:{tags:["Authentication"],summary:"Verify Email",description:"Verify user email address using the verification token"}}),emailVerificationRoutes.post(resendRoute,async(ctx)=>{let{usersTable}=resolveAuthTablesForRequest(ctx.request,authConfig);if(!db||!usersTable)return{success:!1,message:"Database not configured"};if(!emailService?.isAvailable())return{success:!1,message:"Email service not available"};let{email}=ctx.body,antiEnum=authConfig.authentication?.preventUserEnumeration===!0,uniformResend={success:!0,message:"If your email is registered and not yet verified, a verification email has been sent."},users=await db.select().from(usersTable).where(sql9`email = ${email}`).limit(1);if(users.length===0)return antiEnum?uniformResend:{success:!0,message:"If your email is registered, you will receive a verification email."};let user=users[0];if(user.verifiedAt)return antiEnum?uniformResend:{success:!1,message:"Email is already verified"};let maxAttempts=registerConfig.emailVerification?.maxResendAttempts||3,currentAttempts=user.emailVerificationAttempts||0;if(currentAttempts>=maxAttempts){if(logger2.warn("[AUTH] Resend verification failed - max attempts reached",{email,attempts:currentAttempts}),antiEnum)return uniformResend;return{success:!1,message:"Maximum resend attempts reached. Please contact support.",data:{maxAttemptsReached:!0,attemptsUsed:currentAttempts,maxAttempts}}}let resendCooldown=registerConfig.emailVerification?.resendCooldown||"60s",cooldownMs=parseTimeToMs(resendCooldown),lastSentAt=user.emailVerificationSentAt;if(lastSentAt){let timeSinceLastSent=Date.now()-new Date(lastSentAt).getTime();if(timeSinceLastSent<cooldownMs){let waitSeconds=Math.ceil((cooldownMs-timeSinceLastSent)/1000);if(antiEnum)return uniformResend;return{success:!1,message:`Please wait ${waitSeconds} seconds before requesting another verification email.`,data:{cooldownRemaining:waitSeconds,canResendAt:new Date(Date.now()+waitSeconds*1000).toISOString()}}}}let verificationToken=generateVerificationToken(),tokenExpiresIn=registerConfig.emailVerification?.tokenExpiresIn||"24h",tokenExpiresAt=new Date(Date.now()+parseTimeToMs(tokenExpiresIn));await db.update(usersTable).set({emailVerificationToken:hashVerificationToken(verificationToken),emailVerificationTokenExpiresAt:tokenExpiresAt,emailVerificationSentAt:new Date,emailVerificationAttempts:currentAttempts+1}).where(sql9`id = ${user.id}`);let verificationLink=buildEmailActionLink({request:ctx.request,configuredUrl:registerConfig.emailVerification?.redirectUrl,path:"/verify-email",query:{token:verificationToken},allowedOrigins:authConfig.authentication?.trustedAppOrigins}),result=await emailService.sendVerificationEmail(email,email.split("@")[0]||"User",verificationLink,appName||"Nucleus");if(result.success){logger2.info("[AUTH] Verification email resent",{email});let cooldownSeconds=Math.ceil(cooldownMs/1000);if(antiEnum)return uniformResend;return{success:!0,message:"Verification email sent. Please check your inbox.",data:{cooldownSeconds,canResendAt:new Date(Date.now()+cooldownMs).toISOString(),attemptsRemaining:maxAttempts-(currentAttempts+1)}}}if(logger2.error("[AUTH] Failed to resend verification email",{email,error:result.error}),antiEnum)return uniformResend;return{success:!1,message:"Failed to send verification email. Please try again later."}},{body:t23.Object({email:t23.String({format:"email"})}),detail:{tags:["Authentication"],summary:"Resend Verification Email",description:"Resend the email verification link to the user"}}),emailVerificationRoutes}var init_emailVerification=__esm(()=>{init_utils6()});import crypto7 from"crypto";function generateMagicToken(){return crypto7.randomBytes(32).toString("hex")}function hashToken(token,purpose){let input=purpose?`${purpose}:${token}`:token;return crypto7.createHash("sha256").update(input).digest("hex")}function parseTimeToMs3(time2){let match=time2.match(/^(\d+)(s|m|h|d)$/);if(!match?.[1]||!match[2])return 900000;let value=parseInt(match[1],10);switch(match[2]){case"s":return value*1000;case"m":return value*60*1000;case"h":return value*60*60*1000;case"d":return value*24*60*60*1000;default:return 900000}}var TOKEN_PURPOSE;var init_utils8=__esm(()=>{TOKEN_PURPOSE={magicLink:"magic-link",invite:"invite"}});import{eq as eq39}from"drizzle-orm";import{Elysia as Elysia27,t as t24}from"elysia";function createInviteRoute(config,inviteConfig,emailService,storeMagicToken,appName,getMagicToken){let{db,logger:logger2}=config,route=inviteConfig.route||"/auth/invite",expiresIn=inviteConfig.tokenExpiresIn||"7d",redirectUrl=inviteConfig.redirectUrl||"",inviteRoutes=new Elysia27;if(!inviteConfig.enabled)return inviteRoutes;if(inviteRoutes.post(route,async(ctx)=>{let resolved=resolveAuthTablesForRequest(ctx.request,config),{usersTable}=resolved;if(!db||!usersTable)return{success:!1,message:"Database not configured"};if(!emailService?.isAvailable())return logger2.error("[AUTH] Invite requested but email service not available"),{success:!1,message:"Email service not available"};let{email:rawEmail}=ctx.body,email=rawEmail.toLowerCase(),antiEnum=config.authentication?.preventUserEnumeration===!0,uniformInvite={success:!0,message:"If the email address is eligible, an invitation has been sent."},existingUsers=await db.select().from(usersTable).where(eq39(usersTable.email,email)).limit(1),userId;if(existingUsers.length>0){let existingUser=existingUsers[0];if(existingUser.verifiedAt||existingUser.password){if(logger2.warn("[AUTH] Invite failed - user already verified",{email}),antiEnum)return uniformInvite;return{success:!1,message:"User with this email is already verified"}}userId=existingUser.id,logger2.info("[AUTH] Resending invitation to existing unverified user",{userId,email})}else{let insertValues={email,password:null,emailVerified:!1,isLocked:!1,createdAt:new Date,updatedAt:new Date},newUser=(await db.insert(usersTable).values(insertValues).returning())[0];if(!newUser)return logger2.error("[AUTH] Failed to create invited user",{email}),{success:!1,message:"Failed to create user"};if(userId=newUser.id,logger2.info("[AUTH] Invited user created",{userId,email}),config.authentication?.defaultRole)await assignDefaultRole({db,userId,roleName:config.authentication.defaultRole,rolesTable:resolved.rolesTable??config.rolesTable??null,userRolesTable:resolved.userRolesTable??config.userRolesTable??null,logger:logger2})}let token=generateMagicToken(),tokenHash=hashToken(token,TOKEN_PURPOSE.invite),expiresAt=new Date(Date.now()+parseTimeToMs3(expiresIn)),reqSchemaName=ctx.request.headers.get("x-tenant-schema")||void 0;await storeMagicToken({userId,email,tokenHash,expiresAt},reqSchemaName);let inviteLink=redirectUrl?buildEmailActionLink({request:ctx.request,configuredUrl:redirectUrl,path:extractConfiguredPath(redirectUrl,"/set-password"),query:{token,invite:"true"},allowedOrigins:config.authentication?.trustedAppOrigins}):`/set-password?token=${token}&invite=true`,sendResult=await emailService.sendInvitationEmail(email,inviteLink,appName||"Nucleus");if(!sendResult.success){if(logger2.error("[AUTH] Failed to send invitation email",{email,error:sendResult.error}),antiEnum)return uniformInvite;return{success:!0,message:"User created but failed to send invitation email",data:{id:userId,email}}}if(logger2.info("[AUTH] Invitation email sent",{email,userId}),antiEnum)return uniformInvite;return{success:!0,message:"Invitation sent successfully",data:{id:userId,email}}},{body:InviteBodySchema,detail:{tags:["Authentication"],summary:"Invite User",description:"Invite a new user by sending them an email with a magic link to set their password"}}),getMagicToken)inviteRoutes.post(`${route}/verify`,async(ctx)=>{let{token}=ctx.body;if(!token)return{success:!1,message:"Token is required"};let tokenHash=hashToken(token,TOKEN_PURPOSE.invite),invSchemaName=ctx.request.headers.get("x-tenant-schema")||void 0,storedToken=await getMagicToken(tokenHash,invSchemaName);if(!storedToken)return logger2.warn("[AUTH] Invalid invite verify token"),{success:!1,message:"Invalid or expired token"};if(new Date>storedToken.expiresAt)return logger2.warn("[AUTH] Expired invite verify token",{email:storedToken.email}),{success:!1,message:"Invalid or expired token"};return logger2.info("[AUTH] Invite token verified (not consumed)",{email:storedToken.email,userId:storedToken.userId}),{success:!0,data:{userId:storedToken.userId,email:storedToken.email}}},{body:t24.Object({token:t24.String()}),detail:{tags:["Authentication"],summary:"Verify Invite Token",description:"Validate an invite token without consuming it. Returns user info if valid."}});return inviteRoutes}var InviteBodySchema;var init_invite=__esm(()=>{init_assignDefaultRole();init_utils8();InviteBodySchema=t24.Object({email:t24.String({format:"email"})})});var exports_DeviceTrust={};__export(exports_DeviceTrust,{selectUsableDeviceRow:()=>selectUsableDeviceRow,readDeviceTokenFromCookieHeader:()=>readDeviceTokenFromCookieHeader,mintDeviceToken:()=>mintDeviceToken,isDeviceRowUsable:()=>isDeviceRowUsable,isApprovalMethod:()=>isApprovalMethod,hashDeviceToken:()=>hashDeviceToken,deviceCookieName:()=>deviceCookieName,decideDeviceApproval:()=>decideDeviceApproval,buildDeviceTokenCookie:()=>buildDeviceTokenCookie,buildClearedDeviceTokenCookie:()=>buildClearedDeviceTokenCookie,DEVICE_TOKEN_BYTES:()=>DEVICE_TOKEN_BYTES});import{createHash as createHash2,randomBytes as randomBytes4}from"crypto";function hashDeviceToken(raw){return createHash2("sha256").update(raw).digest("hex")}function mintDeviceToken(){let raw=randomBytes4(DEVICE_TOKEN_BYTES).toString("hex");return{raw,hash:hashDeviceToken(raw)}}function isDeviceRowUsable(row,now){if(!row||row.status!=="trusted")return!1;if((row.revoked_at??row.revokedAt)!=null)return!1;let expRaw=row.expires_at??row.expiresAt;if(expRaw==null)return!1;let exp=expRaw instanceof Date?expRaw:new Date(expRaw);if(Number.isNaN(exp.getTime())||exp<=now)return!1;return!0}function selectUsableDeviceRow(rows,expectedUserId,now){if(!expectedUserId)return null;for(let row of rows??[]){if((row.user_id??row.userId)!==expectedUserId)continue;if(isDeviceRowUsable(row,now))return row}return null}function buildDeviceTokenCookie(raw,opts){let prefix=opts.cookiePrefix??"",name2=`${prefix}${opts.cookieName??"device_token"}`,sameSite=opts.sameSite??"Lax",secure=prefix==="__Secure-"||prefix==="__Host-"||opts.secure!==!1,allowDomain=prefix!=="__Host-",parts=[`${name2}=${raw}`,"Path=/","HttpOnly",`SameSite=${sameSite}`];if(secure)parts.push("Secure");if(allowDomain&&opts.domain)parts.push(`Domain=${opts.domain}`);return parts.push(`Max-Age=${Math.max(0,Math.floor(opts.maxAgeSeconds))}`),parts.join("; ")}function buildClearedDeviceTokenCookie(opts){return buildDeviceTokenCookie("",{...opts,maxAgeSeconds:0})}function decideDeviceApproval(params){let NO_APPROVAL={requiresApproval:!1,deny:!1,mintToken:!1,trustImmediately:!1},TRUST_NOW={requiresApproval:!1,deny:!1,mintToken:!0,trustImmediately:!0};if(params.knownDevice)return NO_APPROVAL;if(params.isImpersonation||!isApprovalMethod(params.loginMethod,params.approvalMethods))return NO_APPROVAL;if(!params.hasValidFingerprint&&params.onUnidentifiable==="deny")return{requiresApproval:!1,deny:!0,mintToken:!1,trustImmediately:!1};if(params.trustNewDevices!==!1||params.isEmailExempt||params.isFirstEverDevice)return TRUST_NOW;return{requiresApproval:!0,deny:!1,mintToken:!0,trustImmediately:!1}}function deviceCookieName(cfg){return`${cfg?.cookiePrefix??""}${cfg?.cookieName??"device_token"}`}function readDeviceTokenFromCookieHeader(cookieHeader,cfg){if(!cookieHeader)return;let name2=deviceCookieName(cfg);for(let part of cookieHeader.split(";")){let eq40=part.indexOf("=");if(eq40<0)continue;if(part.slice(0,eq40).trim()===name2)return part.slice(eq40+1).trim()}return}function isApprovalMethod(method,approvalMethods){if(!method)return!1;for(let m2 of approvalMethods){if(m2===method)return!0;if(m2.endsWith(":*")&&method.startsWith(m2.slice(0,-1)))return!0}return!1}var DEVICE_TOKEN_BYTES=32;var init_DeviceTrust=()=>{};import{t as t25}from"elysia";var LoginBodySchema,LoginResponseSchema;var init_types12=__esm(()=>{LoginBodySchema=t25.Object({email:t25.String({format:"email"}),password:t25.String({minLength:1}),rememberMe:t25.Optional(t25.Boolean()),captchaId:t25.Optional(t25.String()),captchaAnswer:t25.Optional(t25.String()),deviceHint:t25.Optional(t25.String())}),LoginResponseSchema=t25.Object({success:t25.Boolean(),message:t25.Optional(t25.String()),data:t25.Optional(t25.Object({user:t25.Object({id:t25.String(),email:t25.String()}),accessToken:t25.String(),refreshToken:t25.String()}))})});import{eq as eq40}from"drizzle-orm";import{Elysia as Elysia28}from"elysia";function createLoginRoute(config,loginConfig,signAccessToken,signRefreshToken,createSession,saveSessionToDb,cookieConfig,tokenResponseConfig,captchaService){let{db,logger:logger2}=config,log4=logger2.scoped(AUTH_LOGIN),route=loginConfig.route||"/auth/login",cookies={accessTokenName:cookieConfig?.accessTokenName||"access_token",refreshTokenName:cookieConfig?.refreshTokenName||"refresh_token",sessionTokenName:cookieConfig?.sessionTokenName||"session_token",accessTokenMaxAge:cookieConfig?.accessTokenMaxAge||900,refreshTokenMaxAge:cookieConfig?.refreshTokenMaxAge||604800,sessionTokenMaxAge:cookieConfig?.sessionTokenMaxAge||900,secure:cookieConfig?.secure??!0,httpOnly:cookieConfig?.httpOnly??!0,sameSite:cookieConfig?.sameSite||"strict",path:cookieConfig?.path||"/",domain:cookieConfig?.domain},loginRoutes=new Elysia28;if(!loginConfig.enabled)return loginRoutes;return loginRoutes.post(route,async(ctx)=>{let resolved=resolveAuthTablesForRequest(ctx.request,config),usersTable=resolved.usersTable;if(!db||!usersTable)return{success:!1,message:"Database not configured"};let{email:rawEmail,password:password4,rememberMe,captchaId,captchaAnswer,deviceHint}=ctx.body,email=rawEmail.toLowerCase(),user=(await db.select().from(usersTable).where(eq40(usersTable.email,email)).limit(1))[0],captchaEnabledForLogin=loginConfig.captcha?.enabled!==!1,captchaThreshold=loginConfig.captcha?.requireAfterFailures,currentFailedAttempts=user?.failedLoginAttempts||0,captchaRequired=Boolean(captchaService?.isEnabled())&&captchaEnabledForLogin&&(captchaThreshold===void 0||currentFailedAttempts>=captchaThreshold);if(captchaRequired&&captchaService){if(!captchaId||!captchaAnswer)return ctx.set.status=400,{success:!1,message:"Captcha is required",requiresCaptcha:!0};let captchaResult=await captchaService.validate(captchaId,captchaAnswer);if(!captchaResult.valid)return ctx.set.status=400,{success:!1,message:captchaResult.message||"Invalid captcha",attemptsRemaining:captchaResult.attemptsRemaining,requiresCaptcha:!0}}let reqUrl=new URL(ctx.request.url),auditIp=ctx.request.headers.get("x-client-ip")?.trim()||"unknown",auditUa=ctx.request.headers.get("user-agent")||"unknown";if(!user)return await verifyPassword(password4,await getTimingEqualizerHash()).catch(()=>!1),log4.warn("Login failed - user not found",{email}),await logger2.audit({entityName:"users",operation:"LOGIN_FAILED",summary:`Login failed: user not found (${email})`,ipAddress:auditIp,userAgent:auditUa,path:reqUrl.pathname,query:reqUrl.search}),{success:!1,message:"Invalid email or password",requiresCaptcha:captchaRequired};if(user.isActive===!1)return log4.warn("Login failed - account inactive",{email,userId:user.id}),{success:!1,message:"Account is not active"};if(user.isLocked){let lockedUntil=user.lockedUntil;if(lockedUntil&&new Date(lockedUntil)<new Date)await db.update(usersTable).set({isLocked:!1,lockedUntil:null,failedLoginAttempts:0}).where(eq40(usersTable.id,user.id)),log4.info("Account lock expired, auto-unlocked",{userId:user.id,email});else return log4.warn("Login failed - account locked",{email,userId:user.id}),await logger2.audit({entityName:"users",entityId:user.id,operation:"LOGIN_FAILED",userId:user.id,summary:`Login failed: account locked (${email})`,ipAddress:auditIp,userAgent:auditUa,path:reqUrl.pathname,query:reqUrl.search}),{success:!1,message:"Account is locked"}}let userCohortId=user.cohortId;if(userCohortId&&db){let cohortsTable=resolved.schemaTables?.userCohorts??resolved.schemaTables?.user_cohorts;if(cohortsTable){let cohortExpiresAt=(await db.select().from(cohortsTable).where(eq40(cohortsTable.id,userCohortId)).limit(1))[0]?.expiresAt;if(cohortExpiresAt&&new Date(cohortExpiresAt)<new Date)return log4.warn("Login failed - cohort expired",{email,userId:user.id,cohortId:userCohortId,expiresAt:cohortExpiresAt}),await logger2.audit({entityName:"users",entityId:user.id,operation:"LOGIN_FAILED",userId:user.id,summary:`Login failed: cohort expired (${email})`,ipAddress:auditIp,userAgent:auditUa,path:reqUrl.pathname,query:reqUrl.search}),{success:!1,message:"Your access has expired. Please contact your administrator."}}}if(!await verifyPassword(password4,user.password)){let failedAttempts=(user.failedLoginAttempts||0)+1;return await db.update(usersTable).set({failedLoginAttempts:failedAttempts,isLocked:failedAttempts>=5,lockedUntil:failedAttempts>=5?new Date(Date.now()+1800000):null}).where(eq40(usersTable.id,user.id)),log4.warn("Login failed - invalid password",{email,failedAttempts}),await logger2.audit({entityName:"users",entityId:user.id,operation:"LOGIN_FAILED",userId:user.id,summary:`Login failed: invalid password (${email}, attempt ${failedAttempts})`,ipAddress:auditIp,userAgent:auditUa,path:reqUrl.pathname,query:reqUrl.search}),{success:!1,message:"Invalid email or password",requiresCaptcha:Boolean(captchaService?.isEnabled())&&captchaEnabledForLogin&&(captchaThreshold===void 0||failedAttempts>=captchaThreshold)}}await db.update(usersTable).set({failedLoginAttempts:0,lastLoginAt:new Date,loginCount:(user.loginCount||0)+1}).where(eq40(usersTable.id,user.id));let ipAddress=ctx.request.headers.get("x-client-ip")?.trim()||"127.0.0.1",isPrivateOrLoopback=(ip)=>!ip||ip==="127.0.0.1"||ip==="::1"||ip==="localhost"||ip.startsWith("10.")||ip.startsWith("192.168.")||ip.startsWith("172."),userAgent=ctx.request.headers.get("user-agent")||"Unknown Browser";log4.info("Parsed device info",{ipAddress,userAgent});let deviceInfo=parseUserAgentForLogin(userAgent,ipAddress,deviceHint,deviceContextFromRequest(ctx.request).clientHints);if(!isPrivateOrLoopback(ipAddress)){let abortCtrl=new AbortController,geoTimeout=setTimeout(()=>abortCtrl.abort(),2000);fetch(`https://ip-api.com/json/${ipAddress}?fields=country,city`,{signal:abortCtrl.signal}).then(async(res)=>{if(clearTimeout(geoTimeout),!res.ok)return;let geo=await res.json();if(geo.country)deviceInfo.locationCountry=geo.country;if(geo.city)deviceInfo.locationCity=geo.city}).catch(()=>{clearTimeout(geoTimeout)})}let userRoles=[],userClaims=[],userClaimScopes={};if(db)try{let{fetchUserRolesAndClaims:fetchUserRolesAndClaims2}=await Promise.resolve().then(() => (init_fetchUserRolesAndClaims(),exports_fetchUserRolesAndClaims)),rc=await fetchUserRolesAndClaims2(db,user.id,resolved);userRoles=rc.roles,userClaims=rc.claims,userClaimScopes=rc.claimScopes}catch(roleError){log4.error("Failed to fetch user roles/claims for JWT",{userId:user.id,error:roleError instanceof Error?roleError.message:String(roleError),stack:roleError instanceof Error?roleError.stack:void 0})}let accessToken=signAccessToken(user.id,userRoles.length>0?userRoles:void 0,userClaims.length>0?userClaims:void 0,ctx.request.headers.get("x-tenant-schema")??void 0,userClaimScopes),refreshToken=signRefreshToken(user.id),requestOrigin=ctx.request.headers.get("origin")||ctx.request.headers.get("referer")?.replace(/\/[^/]*$/,"")||void 0,sessionParams={userId:user.id,deviceInfo,loginMethod:"password",rememberMe,requestOrigin},sessionId=await createSession(sessionParams),requiresApproval=!1,pendingSessionId=sessionId,deviceTokenCookie;if(saveSessionToDb){let reqSchemaName=ctx.request.headers.get("x-tenant-schema")||void 0,dtCfg=config.authentication?.deviceTrust;if(dtCfg?.enabled)sessionParams.deviceToken=readDeviceTokenFromCookieHeader(ctx.request.headers.get("cookie"),dtCfg);let saveResult=await saveSessionToDb(sessionId,sessionParams,reqSchemaName);if(saveResult?.denied)return log4.warn("Login blocked by device-trust (unidentifiable device)",{userId:user.id}),ctx.set.status=403,{success:!1,message:"This device could not be recognized. Please contact support."};if(deviceTokenCookie=saveResult?.deviceTokenCookie,saveResult?.requiresApproval){if(requiresApproval=!0,saveResult.sessionId)pendingSessionId=saveResult.sessionId}}if(requiresApproval){ctx.set.status=202;let approvalHeaders={"Content-Type":"application/json"};if(deviceTokenCookie)approvalHeaders["Set-Cookie"]=deviceTokenCookie;return new Response(JSON.stringify({success:!1,requiresApproval:!0,sessionId:pendingSessionId,message:"Login requires approval. Please check your email to approve this device."}),{status:202,headers:approvalHeaders})}log4.info("Login successful",{userId:user.id,email,rememberMe}),await logger2.audit({entityName:"users",entityId:user.id,operation:"LOGIN",userId:user.id,summary:`${email} logged in successfully`,ipAddress,userAgent,path:reqUrl.pathname,query:reqUrl.search});let tokenConfig={accessToken:{setHeadersEnabled:tokenResponseConfig?.accessToken?.setHeadersEnabled??!0,returnJson:tokenResponseConfig?.accessToken?.returnJson??!0},refreshToken:{setHeadersEnabled:tokenResponseConfig?.refreshToken?.setHeadersEnabled??!0,returnJson:tokenResponseConfig?.refreshToken?.returnJson??!0},sessionToken:{setHeadersEnabled:tokenResponseConfig?.sessionToken?.setHeadersEnabled??!0,returnJson:tokenResponseConfig?.sessionToken?.returnJson??!0}},securePart=cookies.secure?"; Secure":"",domainPart=cookies.domain?`; Domain=${cookies.domain}`:"",cookieOptions=`; Path=${cookies.path}; HttpOnly; SameSite=${cookies.sameSite}${securePart}${domainPart}`,cookiesToSet=[];if(tokenConfig.accessToken.setHeadersEnabled)cookiesToSet.push(`${cookies.accessTokenName}=${accessToken}${cookieOptions}; Max-Age=${cookies.accessTokenMaxAge}`);if(tokenConfig.refreshToken.setHeadersEnabled)cookiesToSet.push(`${cookies.refreshTokenName}=${refreshToken}${cookieOptions}; Max-Age=${cookies.refreshTokenMaxAge}`);if(tokenConfig.sessionToken.setHeadersEnabled)cookiesToSet.push(`${cookies.sessionTokenName}=${sessionId}${cookieOptions}; Max-Age=${cookies.sessionTokenMaxAge}`);if(deviceTokenCookie)cookiesToSet.push(deviceTokenCookie);ctx.set.headers["x-session-id"]=sessionId;let responseData={user:{id:user.id,email:user.email}};if(tokenConfig.accessToken.returnJson)responseData.accessToken=accessToken;if(tokenConfig.refreshToken.returnJson)responseData.refreshToken=refreshToken;if(tokenConfig.sessionToken.returnJson)responseData.sessionId=sessionId;let jsonBody=JSON.stringify({success:!0,data:responseData}),headers=new Headers;headers.set("Content-Type","application/json"),headers.set("x-session-id",sessionId);for(let cookie of cookiesToSet)headers.append("Set-Cookie",cookie);return new Response(jsonBody,{status:200,headers})},{body:LoginBodySchema,detail:{tags:["Authentication"],summary:"Login",description:"Authenticate user with email and password"}}),loginRoutes}var dummyHashPromise=null,getTimingEqualizerHash=()=>{if(!dummyHashPromise)dummyHashPromise=hashPassword("nucleus-login-timing-equalizer");return dummyHashPromise};var init_login=__esm(()=>{init_DeviceTrust();init_scopes();init_utils6();init_types12();init_deviceInfo();init_utils7();init_types12()});function clearAuthCookies(cookieConfig){let path4=cookieConfig?.path||"/",sameSite=cookieConfig?.sameSite||"Strict",securePart=cookieConfig?.secure!==!1?"; Secure":"",domainPart=cookieConfig?.domain?`; Domain=${cookieConfig.domain}`:"",accessName=cookieConfig?.accessTokenName||"access_token",refreshName=cookieConfig?.refreshTokenName||"refresh_token",sessionName=cookieConfig?.sessionTokenName||"session_token",clearOpts=`; Path=${path4}; HttpOnly; SameSite=${sameSite}${securePart}${domainPart}; Max-Age=0`;return[`${accessName}=${clearOpts}`,`${refreshName}=${clearOpts}`,`${sessionName}=${clearOpts}`]}import{t as t26}from"elysia";var LogoutResponseSchema;var init_types13=__esm(()=>{LogoutResponseSchema=t26.Object({success:t26.Boolean(),message:t26.Optional(t26.String())})});import{Elysia as Elysia29}from"elysia";function createLogoutRoute(config,logoutConfig,destroySession,revokeSessionInDb,cookieConfig){let{logger:logger2}=config,route=logoutConfig.route||"/auth/logout",logoutRoutes=new Elysia29;if(!logoutConfig.enabled)return logoutRoutes;return logoutRoutes.post(route,async(ctx)=>{let sessionId=ctx.request.headers.get("x-session-id"),userId=ctx.request.headers.get("x-user-id");if(sessionId){if(await destroySession(sessionId),revokeSessionInDb){let reqSchemaName=ctx.request.headers.get("x-tenant-schema")||void 0;await revokeSessionInDb(sessionId,"user_logout",reqSchemaName)}}let clearCookies=clearAuthCookies(cookieConfig),responseHeaders=new Headers;responseHeaders.set("Content-Type","application/json");for(let cookie of clearCookies)responseHeaders.append("Set-Cookie",cookie);logger2.info("[AUTH] Logout successful",{userId,sessionId});let reqUrl=new URL(ctx.request.url);logger2.audit({entityName:"users",entityId:userId||void 0,operation:"LOGOUT",userId:userId||void 0,summary:`User logged out${sessionId?` (session: ${sessionId.substring(0,8)}...)`:""}`,ipAddress:ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||ctx.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:ctx.request.headers.get("user-agent")||"unknown",path:reqUrl.pathname,query:reqUrl.search});let jsonBody=JSON.stringify({success:!0,message:"Logged out successfully"});return new Response(jsonBody,{status:200,headers:responseHeaders})},{detail:{tags:["Authentication"],summary:"Logout",description:"Logout and invalidate session"}}),logoutRoutes}var init_logout=__esm(()=>{init_types13()});var exports_value={};__export(exports_value,{IsUndefined:()=>IsUndefined,IsUint8Array:()=>IsUint8Array,IsSymbol:()=>IsSymbol,IsString:()=>IsString,IsRegExp:()=>IsRegExp,IsObject:()=>IsObject,IsNumber:()=>IsNumber,IsNull:()=>IsNull,IsIterator:()=>IsIterator,IsFunction:()=>IsFunction,IsDate:()=>IsDate,IsBoolean:()=>IsBoolean,IsBigInt:()=>IsBigInt,IsAsyncIterator:()=>IsAsyncIterator,IsArray:()=>IsArray,HasPropertyKey:()=>HasPropertyKey});function HasPropertyKey(value,key2){return key2 in value}function IsAsyncIterator(value){return IsObject(value)&&!IsArray(value)&&!IsUint8Array(value)&&Symbol.asyncIterator in value}function IsArray(value){return Array.isArray(value)}function IsBigInt(value){return typeof value==="bigint"}function IsBoolean(value){return typeof value==="boolean"}function IsDate(value){return value instanceof globalThis.Date}function IsFunction(value){return typeof value==="function"}function IsIterator(value){return IsObject(value)&&!IsArray(value)&&!IsUint8Array(value)&&Symbol.iterator in value}function IsNull(value){return value===null}function IsNumber(value){return typeof value==="number"}function IsObject(value){return typeof value==="object"&&value!==null}function IsRegExp(value){return value instanceof globalThis.RegExp}function IsString(value){return typeof value==="string"}function IsSymbol(value){return typeof value==="symbol"}function IsUint8Array(value){return value instanceof globalThis.Uint8Array}function IsUndefined(value){return value===void 0}function ArrayType(value){return value.map((value2)=>Visit(value2))}function DateType(value){return new Date(value.getTime())}function Uint8ArrayType(value){return new Uint8Array(value)}function RegExpType(value){return new RegExp(value.source,value.flags)}function ObjectType(value){let result={};for(let key2 of Object.getOwnPropertyNames(value))result[key2]=Visit(value[key2]);for(let key2 of Object.getOwnPropertySymbols(value))result[key2]=Visit(value[key2]);return result}function Visit(value){return IsArray(value)?ArrayType(value):IsDate(value)?DateType(value):IsUint8Array(value)?Uint8ArrayType(value):IsRegExp(value)?RegExpType(value):IsObject(value)?ObjectType(value):value}function Clone(value){return Visit(value)}var init_value=()=>{};function CloneType(schema,options){return options===void 0?Clone(schema):Clone({...options,...schema})}var init_type=__esm(()=>{init_value()});var init_clone=__esm(()=>{init_type();init_value()});function IsObject2(value2){return value2!==null&&typeof value2==="object"}function IsArray2(value2){return globalThis.Array.isArray(value2)&&!globalThis.ArrayBuffer.isView(value2)}function IsUndefined2(value2){return value2===void 0}function IsNumber2(value2){return typeof value2==="number"}var init_guard=()=>{};var TypeSystemPolicy;var init_policy=__esm(()=>{init_guard();(function(TypeSystemPolicy2){TypeSystemPolicy2.InstanceMode="default",TypeSystemPolicy2.ExactOptionalPropertyTypes=!1,TypeSystemPolicy2.AllowArrayObject=!1,TypeSystemPolicy2.AllowNaN=!1,TypeSystemPolicy2.AllowNullVoid=!1;function IsExactOptionalProperty(value2,key2){return TypeSystemPolicy2.ExactOptionalPropertyTypes?key2 in value2:value2[key2]!==void 0}TypeSystemPolicy2.IsExactOptionalProperty=IsExactOptionalProperty;function IsObjectLike(value2){let isObject=IsObject2(value2);return TypeSystemPolicy2.AllowArrayObject?isObject:isObject&&!IsArray2(value2)}TypeSystemPolicy2.IsObjectLike=IsObjectLike;function IsRecordLike(value2){return IsObjectLike(value2)&&!(value2 instanceof Date)&&!(value2 instanceof Uint8Array)}TypeSystemPolicy2.IsRecordLike=IsRecordLike;function IsNumberLike(value2){return TypeSystemPolicy2.AllowNaN?IsNumber2(value2):Number.isFinite(value2)}TypeSystemPolicy2.IsNumberLike=IsNumberLike;function IsVoidLike(value2){let isUndefined=IsUndefined2(value2);return TypeSystemPolicy2.AllowNullVoid?isUndefined||value2===null:isUndefined}TypeSystemPolicy2.IsVoidLike=IsVoidLike})(TypeSystemPolicy||(TypeSystemPolicy={}))});function ImmutableArray(value2){return globalThis.Object.freeze(value2).map((value3)=>Immutable(value3))}function ImmutableDate(value2){return value2}function ImmutableUint8Array(value2){return value2}function ImmutableRegExp(value2){return value2}function ImmutableObject(value2){let result={};for(let key2 of Object.getOwnPropertyNames(value2))result[key2]=Immutable(value2[key2]);for(let key2 of Object.getOwnPropertySymbols(value2))result[key2]=Immutable(value2[key2]);return globalThis.Object.freeze(result)}function Immutable(value2){return IsArray(value2)?ImmutableArray(value2):IsDate(value2)?ImmutableDate(value2):IsUint8Array(value2)?ImmutableUint8Array(value2):IsRegExp(value2)?ImmutableRegExp(value2):IsObject(value2)?ImmutableObject(value2):value2}var init_immutable=()=>{};function CreateType(schema,options){let result=options!==void 0?{...options,...schema}:schema;switch(TypeSystemPolicy.InstanceMode){case"freeze":return Immutable(result);case"clone":return Clone(result);default:return result}}var init_type2=__esm(()=>{init_policy();init_immutable();init_value()});var init_create=__esm(()=>{init_type2()});var TypeBoxError;var init_error=__esm(()=>{TypeBoxError=class TypeBoxError extends Error{constructor(message){super(message)}}});var init_error2=__esm(()=>{init_error()});var TransformKind,ReadonlyKind,OptionalKind,Hint,Kind2;var init_symbols=__esm(()=>{TransformKind=Symbol.for("TypeBox.Transform"),ReadonlyKind=Symbol.for("TypeBox.Readonly"),OptionalKind=Symbol.for("TypeBox.Optional"),Hint=Symbol.for("TypeBox.Hint"),Kind2=Symbol.for("TypeBox.Kind")});var init_symbols2=__esm(()=>{init_symbols()});function IsReadonly(value2){return IsObject(value2)&&value2[ReadonlyKind]==="Readonly"}function IsOptional(value2){return IsObject(value2)&&value2[OptionalKind]==="Optional"}function IsAny(value2){return IsKindOf(value2,"Any")}function IsArgument(value2){return IsKindOf(value2,"Argument")}function IsArray3(value2){return IsKindOf(value2,"Array")}function IsAsyncIterator2(value2){return IsKindOf(value2,"AsyncIterator")}function IsBigInt2(value2){return IsKindOf(value2,"BigInt")}function IsBoolean2(value2){return IsKindOf(value2,"Boolean")}function IsComputed(value2){return IsKindOf(value2,"Computed")}function IsConstructor(value2){return IsKindOf(value2,"Constructor")}function IsDate2(value2){return IsKindOf(value2,"Date")}function IsFunction2(value2){return IsKindOf(value2,"Function")}function IsInteger(value2){return IsKindOf(value2,"Integer")}function IsIntersect(value2){return IsKindOf(value2,"Intersect")}function IsIterator2(value2){return IsKindOf(value2,"Iterator")}function IsKindOf(value2,kind){return IsObject(value2)&&Kind2 in value2&&value2[Kind2]===kind}function IsLiteralValue(value2){return IsBoolean(value2)||IsNumber(value2)||IsString(value2)}function IsLiteral(value2){return IsKindOf(value2,"Literal")}function IsMappedKey(value2){return IsKindOf(value2,"MappedKey")}function IsMappedResult(value2){return IsKindOf(value2,"MappedResult")}function IsNever(value2){return IsKindOf(value2,"Never")}function IsNot(value2){return IsKindOf(value2,"Not")}function IsNull2(value2){return IsKindOf(value2,"Null")}function IsNumber3(value2){return IsKindOf(value2,"Number")}function IsObject3(value2){return IsKindOf(value2,"Object")}function IsPromise(value2){return IsKindOf(value2,"Promise")}function IsRecord(value2){return IsKindOf(value2,"Record")}function IsRef(value2){return IsKindOf(value2,"Ref")}function IsRegExp2(value2){return IsKindOf(value2,"RegExp")}function IsString2(value2){return IsKindOf(value2,"String")}function IsSymbol2(value2){return IsKindOf(value2,"Symbol")}function IsTemplateLiteral(value2){return IsKindOf(value2,"TemplateLiteral")}function IsThis(value2){return IsKindOf(value2,"This")}function IsTransform(value2){return IsObject(value2)&&TransformKind in value2}function IsTuple(value2){return IsKindOf(value2,"Tuple")}function IsUndefined3(value2){return IsKindOf(value2,"Undefined")}function IsUnion(value2){return IsKindOf(value2,"Union")}function IsUint8Array2(value2){return IsKindOf(value2,"Uint8Array")}function IsUnknown(value2){return IsKindOf(value2,"Unknown")}function IsUnsafe(value2){return IsKindOf(value2,"Unsafe")}function IsVoid(value2){return IsKindOf(value2,"Void")}function IsKind(value2){return IsObject(value2)&&Kind2 in value2&&IsString(value2[Kind2])}function IsSchema(value2){return IsAny(value2)||IsArgument(value2)||IsArray3(value2)||IsBoolean2(value2)||IsBigInt2(value2)||IsAsyncIterator2(value2)||IsComputed(value2)||IsConstructor(value2)||IsDate2(value2)||IsFunction2(value2)||IsInteger(value2)||IsIntersect(value2)||IsIterator2(value2)||IsLiteral(value2)||IsMappedKey(value2)||IsMappedResult(value2)||IsNever(value2)||IsNot(value2)||IsNull2(value2)||IsNumber3(value2)||IsObject3(value2)||IsPromise(value2)||IsRecord(value2)||IsRef(value2)||IsRegExp2(value2)||IsString2(value2)||IsSymbol2(value2)||IsTemplateLiteral(value2)||IsThis(value2)||IsTuple(value2)||IsUndefined3(value2)||IsUnion(value2)||IsUint8Array2(value2)||IsUnknown(value2)||IsUnsafe(value2)||IsVoid(value2)||IsKind(value2)}var init_kind=__esm(()=>{init_symbols2()});var exports_type={};__export(exports_type,{TypeGuardUnknownTypeError:()=>TypeGuardUnknownTypeError,IsVoid:()=>IsVoid2,IsUnsafe:()=>IsUnsafe2,IsUnknown:()=>IsUnknown2,IsUnionLiteral:()=>IsUnionLiteral,IsUnion:()=>IsUnion2,IsUndefined:()=>IsUndefined4,IsUint8Array:()=>IsUint8Array3,IsTuple:()=>IsTuple2,IsTransform:()=>IsTransform2,IsThis:()=>IsThis2,IsTemplateLiteral:()=>IsTemplateLiteral2,IsSymbol:()=>IsSymbol3,IsString:()=>IsString3,IsSchema:()=>IsSchema2,IsRegExp:()=>IsRegExp3,IsRef:()=>IsRef2,IsRecursive:()=>IsRecursive,IsRecord:()=>IsRecord2,IsReadonly:()=>IsReadonly2,IsProperties:()=>IsProperties,IsPromise:()=>IsPromise2,IsOptional:()=>IsOptional2,IsObject:()=>IsObject4,IsNumber:()=>IsNumber4,IsNull:()=>IsNull3,IsNot:()=>IsNot2,IsNever:()=>IsNever2,IsMappedResult:()=>IsMappedResult2,IsMappedKey:()=>IsMappedKey2,IsLiteralValue:()=>IsLiteralValue2,IsLiteralString:()=>IsLiteralString,IsLiteralNumber:()=>IsLiteralNumber,IsLiteralBoolean:()=>IsLiteralBoolean,IsLiteral:()=>IsLiteral2,IsKindOf:()=>IsKindOf2,IsKind:()=>IsKind2,IsIterator:()=>IsIterator3,IsIntersect:()=>IsIntersect2,IsInteger:()=>IsInteger2,IsImport:()=>IsImport,IsFunction:()=>IsFunction3,IsDate:()=>IsDate3,IsConstructor:()=>IsConstructor2,IsComputed:()=>IsComputed2,IsBoolean:()=>IsBoolean3,IsBigInt:()=>IsBigInt3,IsAsyncIterator:()=>IsAsyncIterator3,IsArray:()=>IsArray4,IsArgument:()=>IsArgument2,IsAny:()=>IsAny2});function IsPattern(value2){try{return new RegExp(value2),!0}catch{return!1}}function IsControlCharacterFree(value2){if(!IsString(value2))return!1;for(let i=0;i<value2.length;i++){let code=value2.charCodeAt(i);if(code>=7&&code<=13||code===27||code===127)return!1}return!0}function IsAdditionalProperties(value2){return IsOptionalBoolean(value2)||IsSchema2(value2)}function IsOptionalBigInt(value2){return IsUndefined(value2)||IsBigInt(value2)}function IsOptionalNumber(value2){return IsUndefined(value2)||IsNumber(value2)}function IsOptionalBoolean(value2){return IsUndefined(value2)||IsBoolean(value2)}function IsOptionalString(value2){return IsUndefined(value2)||IsString(value2)}function IsOptionalPattern(value2){return IsUndefined(value2)||IsString(value2)&&IsControlCharacterFree(value2)&&IsPattern(value2)}function IsOptionalFormat(value2){return IsUndefined(value2)||IsString(value2)&&IsControlCharacterFree(value2)}function IsOptionalSchema(value2){return IsUndefined(value2)||IsSchema2(value2)}function IsReadonly2(value2){return IsObject(value2)&&value2[ReadonlyKind]==="Readonly"}function IsOptional2(value2){return IsObject(value2)&&value2[OptionalKind]==="Optional"}function IsAny2(value2){return IsKindOf2(value2,"Any")&&IsOptionalString(value2.$id)}function IsArgument2(value2){return IsKindOf2(value2,"Argument")&&IsNumber(value2.index)}function IsArray4(value2){return IsKindOf2(value2,"Array")&&value2.type==="array"&&IsOptionalString(value2.$id)&&IsSchema2(value2.items)&&IsOptionalNumber(value2.minItems)&&IsOptionalNumber(value2.maxItems)&&IsOptionalBoolean(value2.uniqueItems)&&IsOptionalSchema(value2.contains)&&IsOptionalNumber(value2.minContains)&&IsOptionalNumber(value2.maxContains)}function IsAsyncIterator3(value2){return IsKindOf2(value2,"AsyncIterator")&&value2.type==="AsyncIterator"&&IsOptionalString(value2.$id)&&IsSchema2(value2.items)}function IsBigInt3(value2){return IsKindOf2(value2,"BigInt")&&value2.type==="bigint"&&IsOptionalString(value2.$id)&&IsOptionalBigInt(value2.exclusiveMaximum)&&IsOptionalBigInt(value2.exclusiveMinimum)&&IsOptionalBigInt(value2.maximum)&&IsOptionalBigInt(value2.minimum)&&IsOptionalBigInt(value2.multipleOf)}function IsBoolean3(value2){return IsKindOf2(value2,"Boolean")&&value2.type==="boolean"&&IsOptionalString(value2.$id)}function IsComputed2(value2){return IsKindOf2(value2,"Computed")&&IsString(value2.target)&&IsArray(value2.parameters)&&value2.parameters.every((schema)=>IsSchema2(schema))}function IsConstructor2(value2){return IsKindOf2(value2,"Constructor")&&value2.type==="Constructor"&&IsOptionalString(value2.$id)&&IsArray(value2.parameters)&&value2.parameters.every((schema)=>IsSchema2(schema))&&IsSchema2(value2.returns)}function IsDate3(value2){return IsKindOf2(value2,"Date")&&value2.type==="Date"&&IsOptionalString(value2.$id)&&IsOptionalNumber(value2.exclusiveMaximumTimestamp)&&IsOptionalNumber(value2.exclusiveMinimumTimestamp)&&IsOptionalNumber(value2.maximumTimestamp)&&IsOptionalNumber(value2.minimumTimestamp)&&IsOptionalNumber(value2.multipleOfTimestamp)}function IsFunction3(value2){return IsKindOf2(value2,"Function")&&value2.type==="Function"&&IsOptionalString(value2.$id)&&IsArray(value2.parameters)&&value2.parameters.every((schema)=>IsSchema2(schema))&&IsSchema2(value2.returns)}function IsImport(value2){return IsKindOf2(value2,"Import")&&HasPropertyKey(value2,"$defs")&&IsObject(value2.$defs)&&IsProperties(value2.$defs)&&HasPropertyKey(value2,"$ref")&&IsString(value2.$ref)&&value2.$ref in value2.$defs}function IsInteger2(value2){return IsKindOf2(value2,"Integer")&&value2.type==="integer"&&IsOptionalString(value2.$id)&&IsOptionalNumber(value2.exclusiveMaximum)&&IsOptionalNumber(value2.exclusiveMinimum)&&IsOptionalNumber(value2.maximum)&&IsOptionalNumber(value2.minimum)&&IsOptionalNumber(value2.multipleOf)}function IsProperties(value2){return IsObject(value2)&&Object.entries(value2).every(([key2,schema])=>IsControlCharacterFree(key2)&&IsSchema2(schema))}function IsIntersect2(value2){return IsKindOf2(value2,"Intersect")&&(IsString(value2.type)&&value2.type!=="object"?!1:!0)&&IsArray(value2.allOf)&&value2.allOf.every((schema)=>IsSchema2(schema)&&!IsTransform2(schema))&&IsOptionalString(value2.type)&&(IsOptionalBoolean(value2.unevaluatedProperties)||IsOptionalSchema(value2.unevaluatedProperties))&&IsOptionalString(value2.$id)}function IsIterator3(value2){return IsKindOf2(value2,"Iterator")&&value2.type==="Iterator"&&IsOptionalString(value2.$id)&&IsSchema2(value2.items)}function IsKindOf2(value2,kind){return IsObject(value2)&&Kind2 in value2&&value2[Kind2]===kind}function IsLiteralString(value2){return IsLiteral2(value2)&&IsString(value2.const)}function IsLiteralNumber(value2){return IsLiteral2(value2)&&IsNumber(value2.const)}function IsLiteralBoolean(value2){return IsLiteral2(value2)&&IsBoolean(value2.const)}function IsLiteral2(value2){return IsKindOf2(value2,"Literal")&&IsOptionalString(value2.$id)&&IsLiteralValue2(value2.const)}function IsLiteralValue2(value2){return IsBoolean(value2)||IsNumber(value2)||IsString(value2)}function IsMappedKey2(value2){return IsKindOf2(value2,"MappedKey")&&IsArray(value2.keys)&&value2.keys.every((key2)=>IsNumber(key2)||IsString(key2))}function IsMappedResult2(value2){return IsKindOf2(value2,"MappedResult")&&IsProperties(value2.properties)}function IsNever2(value2){return IsKindOf2(value2,"Never")&&IsObject(value2.not)&&Object.getOwnPropertyNames(value2.not).length===0}function IsNot2(value2){return IsKindOf2(value2,"Not")&&IsSchema2(value2.not)}function IsNull3(value2){return IsKindOf2(value2,"Null")&&value2.type==="null"&&IsOptionalString(value2.$id)}function IsNumber4(value2){return IsKindOf2(value2,"Number")&&value2.type==="number"&&IsOptionalString(value2.$id)&&IsOptionalNumber(value2.exclusiveMaximum)&&IsOptionalNumber(value2.exclusiveMinimum)&&IsOptionalNumber(value2.maximum)&&IsOptionalNumber(value2.minimum)&&IsOptionalNumber(value2.multipleOf)}function IsObject4(value2){return IsKindOf2(value2,"Object")&&value2.type==="object"&&IsOptionalString(value2.$id)&&IsProperties(value2.properties)&&IsAdditionalProperties(value2.additionalProperties)&&IsOptionalNumber(value2.minProperties)&&IsOptionalNumber(value2.maxProperties)}function IsPromise2(value2){return IsKindOf2(value2,"Promise")&&value2.type==="Promise"&&IsOptionalString(value2.$id)&&IsSchema2(value2.item)}function IsRecord2(value2){return IsKindOf2(value2,"Record")&&value2.type==="object"&&IsOptionalString(value2.$id)&&IsAdditionalProperties(value2.additionalProperties)&&IsObject(value2.patternProperties)&&((schema)=>{let keys=Object.getOwnPropertyNames(schema.patternProperties);return keys.length===1&&IsPattern(keys[0])&&IsObject(schema.patternProperties)&&IsSchema2(schema.patternProperties[keys[0]])})(value2)}function IsRecursive(value2){return IsObject(value2)&&Hint in value2&&value2[Hint]==="Recursive"}function IsRef2(value2){return IsKindOf2(value2,"Ref")&&IsOptionalString(value2.$id)&&IsString(value2.$ref)}function IsRegExp3(value2){return IsKindOf2(value2,"RegExp")&&IsOptionalString(value2.$id)&&IsString(value2.source)&&IsString(value2.flags)&&IsOptionalNumber(value2.maxLength)&&IsOptionalNumber(value2.minLength)}function IsString3(value2){return IsKindOf2(value2,"String")&&value2.type==="string"&&IsOptionalString(value2.$id)&&IsOptionalNumber(value2.minLength)&&IsOptionalNumber(value2.maxLength)&&IsOptionalPattern(value2.pattern)&&IsOptionalFormat(value2.format)}function IsSymbol3(value2){return IsKindOf2(value2,"Symbol")&&value2.type==="symbol"&&IsOptionalString(value2.$id)}function IsTemplateLiteral2(value2){return IsKindOf2(value2,"TemplateLiteral")&&value2.type==="string"&&IsString(value2.pattern)&&value2.pattern[0]==="^"&&value2.pattern[value2.pattern.length-1]==="$"}function IsThis2(value2){return IsKindOf2(value2,"This")&&IsOptionalString(value2.$id)&&IsString(value2.$ref)}function IsTransform2(value2){return IsObject(value2)&&TransformKind in value2}function IsTuple2(value2){return IsKindOf2(value2,"Tuple")&&value2.type==="array"&&IsOptionalString(value2.$id)&&IsNumber(value2.minItems)&&IsNumber(value2.maxItems)&&value2.minItems===value2.maxItems&&(IsUndefined(value2.items)&&IsUndefined(value2.additionalItems)&&value2.minItems===0||IsArray(value2.items)&&value2.items.every((schema)=>IsSchema2(schema)))}function IsUndefined4(value2){return IsKindOf2(value2,"Undefined")&&value2.type==="undefined"&&IsOptionalString(value2.$id)}function IsUnionLiteral(value2){return IsUnion2(value2)&&value2.anyOf.every((schema)=>IsLiteralString(schema)||IsLiteralNumber(schema))}function IsUnion2(value2){return IsKindOf2(value2,"Union")&&IsOptionalString(value2.$id)&&IsObject(value2)&&IsArray(value2.anyOf)&&value2.anyOf.every((schema)=>IsSchema2(schema))}function IsUint8Array3(value2){return IsKindOf2(value2,"Uint8Array")&&value2.type==="Uint8Array"&&IsOptionalString(value2.$id)&&IsOptionalNumber(value2.minByteLength)&&IsOptionalNumber(value2.maxByteLength)}function IsUnknown2(value2){return IsKindOf2(value2,"Unknown")&&IsOptionalString(value2.$id)}function IsUnsafe2(value2){return IsKindOf2(value2,"Unsafe")}function IsVoid2(value2){return IsKindOf2(value2,"Void")&&value2.type==="void"&&IsOptionalString(value2.$id)}function IsKind2(value2){return IsObject(value2)&&Kind2 in value2&&IsString(value2[Kind2])&&!KnownTypes.includes(value2[Kind2])}function IsSchema2(value2){return IsObject(value2)&&(IsAny2(value2)||IsArgument2(value2)||IsArray4(value2)||IsBoolean3(value2)||IsBigInt3(value2)||IsAsyncIterator3(value2)||IsComputed2(value2)||IsConstructor2(value2)||IsDate3(value2)||IsFunction3(value2)||IsInteger2(value2)||IsIntersect2(value2)||IsIterator3(value2)||IsLiteral2(value2)||IsMappedKey2(value2)||IsMappedResult2(value2)||IsNever2(value2)||IsNot2(value2)||IsNull3(value2)||IsNumber4(value2)||IsObject4(value2)||IsPromise2(value2)||IsRecord2(value2)||IsRef2(value2)||IsRegExp3(value2)||IsString3(value2)||IsSymbol3(value2)||IsTemplateLiteral2(value2)||IsThis2(value2)||IsTuple2(value2)||IsUndefined4(value2)||IsUnion2(value2)||IsUint8Array3(value2)||IsUnknown2(value2)||IsUnsafe2(value2)||IsVoid2(value2)||IsKind2(value2))}var TypeGuardUnknownTypeError,KnownTypes;var init_type3=__esm(()=>{init_symbols2();init_error2();TypeGuardUnknownTypeError=class TypeGuardUnknownTypeError extends TypeBoxError{};KnownTypes=["Argument","Any","Array","AsyncIterator","BigInt","Boolean","Computed","Constructor","Date","Enum","Function","Integer","Intersect","Iterator","Literal","MappedKey","MappedResult","Not","Null","Number","Object","Promise","Record","Ref","RegExp","String","Symbol","TemplateLiteral","This","Tuple","Undefined","Union","Uint8Array","Unknown","Void"]});var init_guard2=__esm(()=>{init_kind();init_type3()});var init_helpers4=()=>{};var PatternBoolean="(true|false)",PatternNumber="(0|[1-9][0-9]*)",PatternString="(.*)",PatternNumberExact="^(0|[1-9][0-9]*)$",PatternStringExact="^(.*)$",PatternNeverExact="^(?!.*)$";var init_patterns=()=>{};var init_format=()=>{};var init_type4=()=>{};var init_registry3=__esm(()=>{init_format();init_type4()});function SetIncludes(T,S){return T.includes(S)}function SetDistinct(T){return[...new Set(T)]}function SetIntersect(T,S){return T.filter((L)=>S.includes(L))}function SetIntersectManyResolve(T,Init){return T.reduce((Acc,L)=>{return SetIntersect(Acc,L)},Init)}function SetIntersectMany(T){return T.length===1?T[0]:T.length>1?SetIntersectManyResolve(T.slice(1),T[0]):[]}function SetUnionMany(T){let Acc=[];for(let L of T)Acc.push(...L);return Acc}var init_sets=()=>{};function Any2(options){return CreateType({[Kind2]:"Any"},options)}var init_any=__esm(()=>{init_create();init_symbols2()});var init_any2=__esm(()=>{init_any()});function Array2(items,options){return CreateType({[Kind2]:"Array",type:"array",items},options)}var init_array=__esm(()=>{init_type2();init_symbols2()});var init_array2=__esm(()=>{init_array()});function Argument(index){return CreateType({[Kind2]:"Argument",index})}var init_argument=__esm(()=>{init_type2();init_symbols2()});var init_argument2=__esm(()=>{init_argument()});function AsyncIterator2(items,options){return CreateType({[Kind2]:"AsyncIterator",type:"AsyncIterator",items},options)}var init_async_iterator=__esm(()=>{init_symbols2();init_type2()});var init_async_iterator2=__esm(()=>{init_async_iterator()});function Computed(target2,parameters2,options){return CreateType({[Kind2]:"Computed",target:target2,parameters:parameters2},options)}var init_computed=__esm(()=>{init_create();init_symbols()});var init_computed2=__esm(()=>{init_computed()});function DiscardKey(value2,key2){let{[key2]:_,...rest}=value2;return rest}function Discard(value2,keys){return keys.reduce((acc,key2)=>DiscardKey(acc,key2),value2)}var init_discard=()=>{};function Never(options){return CreateType({[Kind2]:"Never",not:{}},options)}var init_never=__esm(()=>{init_type2();init_symbols2()});var init_never2=__esm(()=>{init_never()});var init_mapped_key=()=>{};function MappedResult(properties){return CreateType({[Kind2]:"MappedResult",properties})}var init_mapped_result=__esm(()=>{init_type2();init_symbols2()});function Constructor(parameters2,returns,options){return CreateType({[Kind2]:"Constructor",type:"Constructor",parameters:parameters2,returns},options)}var init_constructor=__esm(()=>{init_type2();init_symbols2()});var init_constructor2=__esm(()=>{init_constructor()});function Function2(parameters2,returns,options){return CreateType({[Kind2]:"Function",type:"Function",parameters:parameters2,returns},options)}var init_function=__esm(()=>{init_type2();init_symbols2()});var init_function2=__esm(()=>{init_function()});function UnionCreate(T,options){return CreateType({[Kind2]:"Union",anyOf:T},options)}var init_union_create=__esm(()=>{init_type2();init_symbols2()});function IsUnionOptional(types18){return types18.some((type3)=>IsOptional(type3))}function RemoveOptionalFromRest(types18){return types18.map((left)=>IsOptional(left)?RemoveOptionalFromType(left):left)}function RemoveOptionalFromType(T){return Discard(T,[OptionalKind])}function ResolveUnion(types18,options){return IsUnionOptional(types18)?Optional(UnionCreate(RemoveOptionalFromRest(types18),options)):UnionCreate(RemoveOptionalFromRest(types18),options)}function UnionEvaluated(T,options){return T.length===1?CreateType(T[0],options):T.length===0?Never(options):ResolveUnion(T,options)}var init_union_evaluated=__esm(()=>{init_type2();init_symbols2();init_discard();init_never2();init_optional2();init_union_create();init_kind()});var init_union_type=()=>{};function Union(types18,options){return types18.length===0?Never(options):types18.length===1?CreateType(types18[0],options):UnionCreate(types18,options)}var init_union=__esm(()=>{init_never2();init_type2();init_union_create()});var init_union2=__esm(()=>{init_union_evaluated();init_union_type();init_union()});function Unescape(pattern){return pattern.replace(/\\\$/g,"$").replace(/\\\*/g,"*").replace(/\\\^/g,"^").replace(/\\\|/g,"|").replace(/\\\(/g,"(").replace(/\\\)/g,")")}function IsNonEscaped(pattern,index,char){return pattern[index]===char&&pattern.charCodeAt(index-1)!==92}function IsOpenParen(pattern,index){return IsNonEscaped(pattern,index,"(")}function IsCloseParen(pattern,index){return IsNonEscaped(pattern,index,")")}function IsSeparator(pattern,index){return IsNonEscaped(pattern,index,"|")}function IsGroup(pattern){if(!(IsOpenParen(pattern,0)&&IsCloseParen(pattern,pattern.length-1)))return!1;let count3=0;for(let index=0;index<pattern.length;index++){if(IsOpenParen(pattern,index))count3+=1;if(IsCloseParen(pattern,index))count3-=1;if(count3===0&&index!==pattern.length-1)return!1}return!0}function InGroup(pattern){return pattern.slice(1,pattern.length-1)}function IsPrecedenceOr(pattern){let count3=0;for(let index=0;index<pattern.length;index++){if(IsOpenParen(pattern,index))count3+=1;if(IsCloseParen(pattern,index))count3-=1;if(IsSeparator(pattern,index)&&count3===0)return!0}return!1}function IsPrecedenceAnd(pattern){for(let index=0;index<pattern.length;index++)if(IsOpenParen(pattern,index))return!0;return!1}function Or(pattern){let[count3,start]=[0,0],expressions=[];for(let index=0;index<pattern.length;index++){if(IsOpenParen(pattern,index))count3+=1;if(IsCloseParen(pattern,index))count3-=1;if(IsSeparator(pattern,index)&&count3===0){let range2=pattern.slice(start,index);if(range2.length>0)expressions.push(TemplateLiteralParse(range2));start=index+1}}let range=pattern.slice(start);if(range.length>0)expressions.push(TemplateLiteralParse(range));if(expressions.length===0)return{type:"const",const:""};if(expressions.length===1)return expressions[0];return{type:"or",expr:expressions}}function And(pattern){function Group(value2,index){if(!IsOpenParen(value2,index))throw new TemplateLiteralParserError("TemplateLiteralParser: Index must point to open parens");let count3=0;for(let scan=index;scan<value2.length;scan++){if(IsOpenParen(value2,scan))count3+=1;if(IsCloseParen(value2,scan))count3-=1;if(count3===0)return[index,scan]}throw new TemplateLiteralParserError("TemplateLiteralParser: Unclosed group parens in expression")}function Range(pattern2,index){for(let scan=index;scan<pattern2.length;scan++)if(IsOpenParen(pattern2,scan))return[index,scan];return[index,pattern2.length]}let expressions=[];for(let index=0;index<pattern.length;index++)if(IsOpenParen(pattern,index)){let[start,end]=Group(pattern,index),range=pattern.slice(start,end+1);expressions.push(TemplateLiteralParse(range)),index=end}else{let[start,end]=Range(pattern,index),range=pattern.slice(start,end);if(range.length>0)expressions.push(TemplateLiteralParse(range));index=end-1}return expressions.length===0?{type:"const",const:""}:expressions.length===1?expressions[0]:{type:"and",expr:expressions}}function TemplateLiteralParse(pattern){return IsGroup(pattern)?TemplateLiteralParse(InGroup(pattern)):IsPrecedenceOr(pattern)?Or(pattern):IsPrecedenceAnd(pattern)?And(pattern):{type:"const",const:Unescape(pattern)}}function TemplateLiteralParseExact(pattern){return TemplateLiteralParse(pattern.slice(1,pattern.length-1))}var TemplateLiteralParserError;var init_parse=__esm(()=>{init_error2();TemplateLiteralParserError=class TemplateLiteralParserError extends TypeBoxError{}});function IsNumberExpression(expression){return expression.type==="or"&&expression.expr.length===2&&expression.expr[0].type==="const"&&expression.expr[0].const==="0"&&expression.expr[1].type==="const"&&expression.expr[1].const==="[1-9][0-9]*"}function IsBooleanExpression(expression){return expression.type==="or"&&expression.expr.length===2&&expression.expr[0].type==="const"&&expression.expr[0].const==="true"&&expression.expr[1].type==="const"&&expression.expr[1].const==="false"}function IsStringExpression(expression){return expression.type==="const"&&expression.const===".*"}function IsTemplateLiteralExpressionFinite(expression){return IsNumberExpression(expression)||IsStringExpression(expression)?!1:IsBooleanExpression(expression)?!0:expression.type==="and"?expression.expr.every((expr)=>IsTemplateLiteralExpressionFinite(expr)):expression.type==="or"?expression.expr.every((expr)=>IsTemplateLiteralExpressionFinite(expr)):expression.type==="const"?!0:(()=>{throw new TemplateLiteralFiniteError("Unknown expression type")})()}function IsTemplateLiteralFinite(schema){let expression=TemplateLiteralParseExact(schema.pattern);return IsTemplateLiteralExpressionFinite(expression)}var TemplateLiteralFiniteError;var init_finite=__esm(()=>{init_parse();init_error2();TemplateLiteralFiniteError=class TemplateLiteralFiniteError extends TypeBoxError{}});function*GenerateReduce(buffer){if(buffer.length===1)return yield*buffer[0];for(let left of buffer[0])for(let right of GenerateReduce(buffer.slice(1)))yield`${left}${right}`}function*GenerateAnd(expression){return yield*GenerateReduce(expression.expr.map((expr)=>[...TemplateLiteralExpressionGenerate(expr)]))}function*GenerateOr(expression){for(let expr of expression.expr)yield*TemplateLiteralExpressionGenerate(expr)}function*GenerateConst(expression){return yield expression.const}function*TemplateLiteralExpressionGenerate(expression){return expression.type==="and"?yield*GenerateAnd(expression):expression.type==="or"?yield*GenerateOr(expression):expression.type==="const"?yield*GenerateConst(expression):(()=>{throw new TemplateLiteralGenerateError("Unknown expression")})()}function TemplateLiteralGenerate(schema){let expression=TemplateLiteralParseExact(schema.pattern);return IsTemplateLiteralExpressionFinite(expression)?[...TemplateLiteralExpressionGenerate(expression)]:[]}var TemplateLiteralGenerateError;var init_generate=__esm(()=>{init_finite();init_parse();init_error2();TemplateLiteralGenerateError=class TemplateLiteralGenerateError extends TypeBoxError{}});function Literal(value2,options){return CreateType({[Kind2]:"Literal",const:value2,type:typeof value2},options)}var init_literal=__esm(()=>{init_type2();init_symbols2()});var init_literal2=__esm(()=>{init_literal()});function Boolean3(options){return CreateType({[Kind2]:"Boolean",type:"boolean"},options)}var init_boolean=__esm(()=>{init_symbols2();init_create()});var init_boolean2=__esm(()=>{init_boolean()});function BigInt2(options){return CreateType({[Kind2]:"BigInt",type:"bigint"},options)}var init_bigint=__esm(()=>{init_symbols2();init_create()});var init_bigint2=__esm(()=>{init_bigint()});function Number2(options){return CreateType({[Kind2]:"Number",type:"number"},options)}var init_number=__esm(()=>{init_type2();init_symbols2()});var init_number2=__esm(()=>{init_number()});function String2(options){return CreateType({[Kind2]:"String",type:"string"},options)}var init_string=__esm(()=>{init_type2();init_symbols2()});var init_string2=__esm(()=>{init_string()});function*FromUnion(syntax){let trim=syntax.trim().replace(/"|'/g,"");return trim==="boolean"?yield Boolean3():trim==="number"?yield Number2():trim==="bigint"?yield BigInt2():trim==="string"?yield String2():yield(()=>{let literals=trim.split("|").map((literal2)=>Literal(literal2.trim()));return literals.length===0?Never():literals.length===1?literals[0]:UnionEvaluated(literals)})()}function*FromTerminal(syntax){if(syntax[1]!=="{"){let L=Literal("$"),R=FromSyntax(syntax.slice(1));return yield*[L,...R]}for(let i=2;i<syntax.length;i++)if(syntax[i]==="}"){let L=FromUnion(syntax.slice(2,i)),R=FromSyntax(syntax.slice(i+1));return yield*[...L,...R]}yield Literal(syntax)}function*FromSyntax(syntax){for(let i=0;i<syntax.length;i++)if(syntax[i]==="$"){let L=Literal(syntax.slice(0,i)),R=FromTerminal(syntax.slice(i));return yield*[L,...R]}yield Literal(syntax)}function TemplateLiteralSyntax(syntax){return[...FromSyntax(syntax)]}var init_syntax=__esm(()=>{init_literal2();init_boolean2();init_bigint2();init_number2();init_string2();init_union2();init_never2()});function Escape(value2){return value2.replace(/[.*+?^${}()|[\]\\]/g,"\\$&")}function Visit2(schema,acc){return IsTemplateLiteral(schema)?schema.pattern.slice(1,schema.pattern.length-1):IsUnion(schema)?`(${schema.anyOf.map((schema2)=>Visit2(schema2,acc)).join("|")})`:IsNumber3(schema)?`${acc}${PatternNumber}`:IsInteger(schema)?`${acc}${PatternNumber}`:IsBigInt2(schema)?`${acc}${PatternNumber}`:IsString2(schema)?`${acc}${PatternString}`:IsLiteral(schema)?`${acc}${Escape(schema.const.toString())}`:IsBoolean2(schema)?`${acc}${PatternBoolean}`:(()=>{throw new TemplateLiteralPatternError(`Unexpected Kind '${schema[Kind2]}'`)})()}function TemplateLiteralPattern(kinds){return`^${kinds.map((schema)=>Visit2(schema,"")).join("")}$`}var TemplateLiteralPatternError;var init_pattern=__esm(()=>{init_patterns();init_symbols2();init_error2();init_kind();TemplateLiteralPatternError=class TemplateLiteralPatternError extends TypeBoxError{}});function TemplateLiteralToUnion(schema){let L=TemplateLiteralGenerate(schema).map((S)=>Literal(S));return UnionEvaluated(L)}var init_union3=__esm(()=>{init_union2();init_literal2();init_generate()});function TemplateLiteral(unresolved,options){let pattern=IsString(unresolved)?TemplateLiteralPattern(TemplateLiteralSyntax(unresolved)):TemplateLiteralPattern(unresolved);return CreateType({[Kind2]:"TemplateLiteral",type:"string",pattern},options)}var init_template_literal=__esm(()=>{init_type2();init_syntax();init_pattern();init_symbols2()});var init_template_literal2=__esm(()=>{init_finite();init_generate();init_syntax();init_parse();init_pattern();init_union3();init_template_literal()});function FromTemplateLiteral(templateLiteral){return TemplateLiteralGenerate(templateLiteral).map((key2)=>key2.toString())}function FromUnion2(types18){let result=[];for(let type3 of types18)result.push(...IndexPropertyKeys(type3));return result}function FromLiteral(literalValue){return[literalValue.toString()]}function IndexPropertyKeys(type3){return[...new Set(IsTemplateLiteral(type3)?FromTemplateLiteral(type3):IsUnion(type3)?FromUnion2(type3.anyOf):IsLiteral(type3)?FromLiteral(type3.const):IsNumber3(type3)?["[number]"]:IsInteger(type3)?["[number]"]:[])]}var init_indexed_property_keys=__esm(()=>{init_template_literal2();init_kind()});function FromProperties(type3,properties,options){let result={};for(let K2 of Object.getOwnPropertyNames(properties))result[K2]=Index(type3,IndexPropertyKeys(properties[K2]),options);return result}function FromMappedResult(type3,mappedResult,options){return FromProperties(type3,mappedResult.properties,options)}function IndexFromMappedResult(type3,mappedResult,options){let properties=FromMappedResult(type3,mappedResult,options);return MappedResult(properties)}var init_indexed_from_mapped_result=__esm(()=>{init_mapped2();init_indexed_property_keys();init_indexed2()});function FromRest(types18,key2){return types18.map((type3)=>IndexFromPropertyKey(type3,key2))}function FromIntersectRest(types18){return types18.filter((type3)=>!IsNever(type3))}function FromIntersect(types18,key2){return IntersectEvaluated(FromIntersectRest(FromRest(types18,key2)))}function FromUnionRest(types18){return types18.some((L)=>IsNever(L))?[]:types18}function FromUnion3(types18,key2){return UnionEvaluated(FromUnionRest(FromRest(types18,key2)))}function FromTuple(types18,key2){return key2 in types18?types18[key2]:key2==="[number]"?UnionEvaluated(types18):Never()}function FromArray(type3,key2){return key2==="[number]"?type3:Never()}function FromProperty(properties,propertyKey){return propertyKey in properties?properties[propertyKey]:Never()}function IndexFromPropertyKey(type3,propertyKey){return IsIntersect(type3)?FromIntersect(type3.allOf,propertyKey):IsUnion(type3)?FromUnion3(type3.anyOf,propertyKey):IsTuple(type3)?FromTuple(type3.items??[],propertyKey):IsArray3(type3)?FromArray(type3.items,propertyKey):IsObject3(type3)?FromProperty(type3.properties,propertyKey):Never()}function IndexFromPropertyKeys(type3,propertyKeys){return propertyKeys.map((propertyKey)=>IndexFromPropertyKey(type3,propertyKey))}function FromSchema(type3,propertyKeys){return UnionEvaluated(IndexFromPropertyKeys(type3,propertyKeys))}function Index(type3,key2,options){if(IsRef(type3)||IsRef(key2)){if(!IsSchema(type3)||!IsSchema(key2))throw new TypeBoxError("Index types using Ref parameters require both Type and Key to be of TSchema");return Computed("Index",[type3,key2])}if(IsMappedResult(key2))return IndexFromMappedResult(type3,key2,options);if(IsMappedKey(key2))return IndexFromMappedKey(type3,key2,options);return CreateType(IsSchema(key2)?FromSchema(type3,IndexPropertyKeys(key2)):FromSchema(type3,key2),options)}var init_indexed=__esm(()=>{init_type2();init_error2();init_computed2();init_never2();init_intersect2();init_union2();init_indexed_property_keys();init_indexed_from_mapped_key();init_indexed_from_mapped_result();init_kind()});function MappedIndexPropertyKey(type3,key2,options){return{[key2]:Index(type3,[key2],Clone(options))}}function MappedIndexPropertyKeys(type3,propertyKeys,options){return propertyKeys.reduce((result,left)=>{return{...result,...MappedIndexPropertyKey(type3,left,options)}},{})}function MappedIndexProperties(type3,mappedKey,options){return MappedIndexPropertyKeys(type3,mappedKey.keys,options)}function IndexFromMappedKey(type3,mappedKey,options){let properties=MappedIndexProperties(type3,mappedKey,options);return MappedResult(properties)}var init_indexed_from_mapped_key=__esm(()=>{init_indexed();init_mapped2();init_value()});var init_indexed2=__esm(()=>{init_indexed_from_mapped_key();init_indexed_from_mapped_result();init_indexed_property_keys();init_indexed()});function Iterator2(items,options){return CreateType({[Kind2]:"Iterator",type:"Iterator",items},options)}var init_iterator=__esm(()=>{init_type2();init_symbols2()});var init_iterator2=__esm(()=>{init_iterator()});function RequiredArray(properties){return globalThis.Object.keys(properties).filter((key2)=>!IsOptional(properties[key2]))}function _Object(properties,options){let required=RequiredArray(properties),schema=required.length>0?{[Kind2]:"Object",type:"object",required,properties}:{[Kind2]:"Object",type:"object",properties};return CreateType(schema,options)}var Object2;var init_object=__esm(()=>{init_type2();init_symbols2();init_kind();Object2=_Object});var init_object2=__esm(()=>{init_object()});function Promise2(item,options){return CreateType({[Kind2]:"Promise",type:"Promise",item},options)}var init_promise=__esm(()=>{init_type2();init_symbols2()});var init_promise2=__esm(()=>{init_promise()});function RemoveReadonly(schema){return CreateType(Discard(schema,[ReadonlyKind]))}function AddReadonly(schema){return CreateType({...schema,[ReadonlyKind]:"Readonly"})}function ReadonlyWithFlag(schema,F){return F===!1?RemoveReadonly(schema):AddReadonly(schema)}function Readonly(schema,enable){let F=enable??!0;return IsMappedResult(schema)?ReadonlyFromMappedResult(schema,F):ReadonlyWithFlag(schema,F)}var init_readonly=__esm(()=>{init_type2();init_symbols2();init_discard();init_readonly_from_mapped_result();init_kind()});function FromProperties2(K2,F){let Acc={};for(let K22 of globalThis.Object.getOwnPropertyNames(K2))Acc[K22]=Readonly(K2[K22],F);return Acc}function FromMappedResult2(R,F){return FromProperties2(R.properties,F)}function ReadonlyFromMappedResult(R,F){let P=FromMappedResult2(R,F);return MappedResult(P)}var init_readonly_from_mapped_result=__esm(()=>{init_mapped2();init_readonly()});var init_readonly2=__esm(()=>{init_readonly_from_mapped_result();init_readonly()});function Tuple(types18,options){return CreateType(types18.length>0?{[Kind2]:"Tuple",type:"array",items:types18,additionalItems:!1,minItems:types18.length,maxItems:types18.length}:{[Kind2]:"Tuple",type:"array",minItems:types18.length,maxItems:types18.length},options)}var init_tuple=__esm(()=>{init_type2();init_symbols2()});var init_tuple2=__esm(()=>{init_tuple()});function FromMappedResult3(K2,P){return K2 in P?FromSchemaType(K2,P[K2]):MappedResult(P)}function MappedKeyToKnownMappedResultProperties(K2){return{[K2]:Literal(K2)}}function MappedKeyToUnknownMappedResultProperties(P){let Acc={};for(let L of P)Acc[L]=Literal(L);return Acc}function MappedKeyToMappedResultProperties(K2,P){return SetIncludes(P,K2)?MappedKeyToKnownMappedResultProperties(K2):MappedKeyToUnknownMappedResultProperties(P)}function FromMappedKey(K2,P){let R=MappedKeyToMappedResultProperties(K2,P);return FromMappedResult3(K2,R)}function FromRest2(K2,T){return T.map((L)=>FromSchemaType(K2,L))}function FromProperties3(K2,T){let Acc={};for(let K22 of globalThis.Object.getOwnPropertyNames(T))Acc[K22]=FromSchemaType(K2,T[K22]);return Acc}function FromSchemaType(K2,T){let options={...T};return IsOptional(T)?Optional(FromSchemaType(K2,Discard(T,[OptionalKind]))):IsReadonly(T)?Readonly(FromSchemaType(K2,Discard(T,[ReadonlyKind]))):IsMappedResult(T)?FromMappedResult3(K2,T.properties):IsMappedKey(T)?FromMappedKey(K2,T.keys):IsConstructor(T)?Constructor(FromRest2(K2,T.parameters),FromSchemaType(K2,T.returns),options):IsFunction2(T)?Function2(FromRest2(K2,T.parameters),FromSchemaType(K2,T.returns),options):IsAsyncIterator2(T)?AsyncIterator2(FromSchemaType(K2,T.items),options):IsIterator2(T)?Iterator2(FromSchemaType(K2,T.items),options):IsIntersect(T)?Intersect(FromRest2(K2,T.allOf),options):IsUnion(T)?Union(FromRest2(K2,T.anyOf),options):IsTuple(T)?Tuple(FromRest2(K2,T.items??[]),options):IsObject3(T)?Object2(FromProperties3(K2,T.properties),options):IsArray3(T)?Array2(FromSchemaType(K2,T.items),options):IsPromise(T)?Promise2(FromSchemaType(K2,T.item),options):T}function MappedFunctionReturnType(K2,T){let Acc={};for(let L of K2)Acc[L]=FromSchemaType(L,T);return Acc}function Mapped(key2,map,options){let K2=IsSchema(key2)?IndexPropertyKeys(key2):key2,RT=map({[Kind2]:"MappedKey",keys:K2}),R=MappedFunctionReturnType(K2,RT);return Object2(R,options)}var init_mapped=__esm(()=>{init_symbols2();init_discard();init_array2();init_async_iterator2();init_constructor2();init_function2();init_indexed2();init_intersect2();init_iterator2();init_literal2();init_object2();init_optional2();init_promise2();init_readonly2();init_tuple2();init_union2();init_sets();init_mapped_result();init_kind()});var init_mapped2=__esm(()=>{init_mapped_key();init_mapped_result();init_mapped()});function RemoveOptional(schema){return CreateType(Discard(schema,[OptionalKind]))}function AddOptional(schema){return CreateType({...schema,[OptionalKind]:"Optional"})}function OptionalWithFlag(schema,F){return F===!1?RemoveOptional(schema):AddOptional(schema)}function Optional(schema,enable){let F=enable??!0;return IsMappedResult(schema)?OptionalFromMappedResult(schema,F):OptionalWithFlag(schema,F)}var init_optional=__esm(()=>{init_type2();init_symbols2();init_discard();init_optional_from_mapped_result();init_kind()});function FromProperties4(P,F){let Acc={};for(let K2 of globalThis.Object.getOwnPropertyNames(P))Acc[K2]=Optional(P[K2],F);return Acc}function FromMappedResult4(R,F){return FromProperties4(R.properties,F)}function OptionalFromMappedResult(R,F){let P=FromMappedResult4(R,F);return MappedResult(P)}var init_optional_from_mapped_result=__esm(()=>{init_mapped2();init_optional()});var init_optional2=__esm(()=>{init_optional_from_mapped_result();init_optional()});function IntersectCreate(T,options={}){let allObjects=T.every((schema)=>IsObject3(schema)),clonedUnevaluatedProperties=IsSchema(options.unevaluatedProperties)?{unevaluatedProperties:options.unevaluatedProperties}:{};return CreateType(options.unevaluatedProperties===!1||IsSchema(options.unevaluatedProperties)||allObjects?{...clonedUnevaluatedProperties,[Kind2]:"Intersect",type:"object",allOf:T}:{...clonedUnevaluatedProperties,[Kind2]:"Intersect",allOf:T},options)}var init_intersect_create=__esm(()=>{init_type2();init_symbols2();init_kind()});function IsIntersectOptional(types18){return types18.every((left)=>IsOptional(left))}function RemoveOptionalFromType2(type3){return Discard(type3,[OptionalKind])}function RemoveOptionalFromRest2(types18){return types18.map((left)=>IsOptional(left)?RemoveOptionalFromType2(left):left)}function ResolveIntersect(types18,options){return IsIntersectOptional(types18)?Optional(IntersectCreate(RemoveOptionalFromRest2(types18),options)):IntersectCreate(RemoveOptionalFromRest2(types18),options)}function IntersectEvaluated(types18,options={}){if(types18.length===1)return CreateType(types18[0],options);if(types18.length===0)return Never(options);if(types18.some((schema)=>IsTransform(schema)))throw Error("Cannot intersect transform types");return ResolveIntersect(types18,options)}var init_intersect_evaluated=__esm(()=>{init_symbols2();init_type2();init_discard();init_never2();init_optional2();init_intersect_create();init_kind()});var init_intersect_type=()=>{};function Intersect(types18,options){if(types18.length===1)return CreateType(types18[0],options);if(types18.length===0)return Never(options);if(types18.some((schema)=>IsTransform(schema)))throw Error("Cannot intersect transform types");return IntersectCreate(types18,options)}var init_intersect=__esm(()=>{init_type2();init_never2();init_intersect_create();init_kind()});var init_intersect2=__esm(()=>{init_intersect_evaluated();init_intersect_type();init_intersect()});function Ref(...args){let[$ref,options]=typeof args[0]==="string"?[args[0],args[1]]:[args[0].$id,args[1]];if(typeof $ref!=="string")throw new TypeBoxError("Ref: $ref must be a string");return CreateType({[Kind2]:"Ref",$ref},options)}var init_ref=__esm(()=>{init_error2();init_type2();init_symbols2()});var init_ref2=__esm(()=>{init_ref()});function FromComputed(target2,parameters2){return Computed("Awaited",[Computed(target2,parameters2)])}function FromRef($ref){return Computed("Awaited",[Ref($ref)])}function FromIntersect2(types18){return Intersect(FromRest3(types18))}function FromUnion4(types18){return Union(FromRest3(types18))}function FromPromise(type3){return Awaited(type3)}function FromRest3(types18){return types18.map((type3)=>Awaited(type3))}function Awaited(type3,options){return CreateType(IsComputed(type3)?FromComputed(type3.target,type3.parameters):IsIntersect(type3)?FromIntersect2(type3.allOf):IsUnion(type3)?FromUnion4(type3.anyOf):IsPromise(type3)?FromPromise(type3.item):IsRef(type3)?FromRef(type3.$ref):type3,options)}var init_awaited=__esm(()=>{init_type2();init_computed2();init_intersect2();init_union2();init_ref2();init_kind()});var init_awaited2=__esm(()=>{init_awaited()});function FromRest4(types18){let result=[];for(let L of types18)result.push(KeyOfPropertyKeys(L));return result}function FromIntersect3(types18){let propertyKeysArray=FromRest4(types18);return SetUnionMany(propertyKeysArray)}function FromUnion5(types18){let propertyKeysArray=FromRest4(types18);return SetIntersectMany(propertyKeysArray)}function FromTuple2(types18){return types18.map((_,indexer)=>indexer.toString())}function FromArray2(_){return["[number]"]}function FromProperties5(T){return globalThis.Object.getOwnPropertyNames(T)}function FromPatternProperties(patternProperties){if(!includePatternProperties)return[];return globalThis.Object.getOwnPropertyNames(patternProperties).map((key2)=>{return key2[0]==="^"&&key2[key2.length-1]==="$"?key2.slice(1,key2.length-1):key2})}function KeyOfPropertyKeys(type3){return IsIntersect(type3)?FromIntersect3(type3.allOf):IsUnion(type3)?FromUnion5(type3.anyOf):IsTuple(type3)?FromTuple2(type3.items??[]):IsArray3(type3)?FromArray2(type3.items):IsObject3(type3)?FromProperties5(type3.properties):IsRecord(type3)?FromPatternProperties(type3.patternProperties):[]}var includePatternProperties=!1;var init_keyof_property_keys=__esm(()=>{init_sets();init_kind()});function FromComputed2(target2,parameters2){return Computed("KeyOf",[Computed(target2,parameters2)])}function FromRef2($ref){return Computed("KeyOf",[Ref($ref)])}function KeyOfFromType(type3,options){let propertyKeys=KeyOfPropertyKeys(type3),propertyKeyTypes=KeyOfPropertyKeysToRest(propertyKeys),result=UnionEvaluated(propertyKeyTypes);return CreateType(result,options)}function KeyOfPropertyKeysToRest(propertyKeys){return propertyKeys.map((L)=>L==="[number]"?Number2():Literal(L))}function KeyOf(type3,options){return IsComputed(type3)?FromComputed2(type3.target,type3.parameters):IsRef(type3)?FromRef2(type3.$ref):IsMappedResult(type3)?KeyOfFromMappedResult(type3,options):KeyOfFromType(type3,options)}var init_keyof=__esm(()=>{init_type2();init_literal2();init_number2();init_computed2();init_ref2();init_keyof_property_keys();init_union2();init_keyof_from_mapped_result();init_kind()});function FromProperties6(properties,options){let result={};for(let K2 of globalThis.Object.getOwnPropertyNames(properties))result[K2]=KeyOf(properties[K2],Clone(options));return result}function FromMappedResult5(mappedResult,options){return FromProperties6(mappedResult.properties,options)}function KeyOfFromMappedResult(mappedResult,options){let properties=FromMappedResult5(mappedResult,options);return MappedResult(properties)}var init_keyof_from_mapped_result=__esm(()=>{init_mapped2();init_keyof();init_value()});var init_keyof_property_entries=()=>{};var init_keyof2=__esm(()=>{init_keyof_from_mapped_result();init_keyof_property_entries();init_keyof_property_keys();init_keyof()});function CompositeKeys(T){let Acc=[];for(let L of T)Acc.push(...KeyOfPropertyKeys(L));return SetDistinct(Acc)}function FilterNever(T){return T.filter((L)=>!IsNever(L))}function CompositeProperty(T,K2){let Acc=[];for(let L of T)Acc.push(...IndexFromPropertyKeys(L,[K2]));return FilterNever(Acc)}function CompositeProperties(T,K2){let Acc={};for(let L of K2)Acc[L]=IntersectEvaluated(CompositeProperty(T,L));return Acc}function Composite(T,options){let K2=CompositeKeys(T),P=CompositeProperties(T,K2);return Object2(P,options)}var init_composite=__esm(()=>{init_intersect2();init_indexed2();init_keyof2();init_object2();init_sets();init_kind()});var init_composite2=__esm(()=>{init_composite()});function Date2(options){return CreateType({[Kind2]:"Date",type:"Date"},options)}var init_date=__esm(()=>{init_symbols2();init_type2()});var init_date2=__esm(()=>{init_date()});function Null2(options){return CreateType({[Kind2]:"Null",type:"null"},options)}var init_null=__esm(()=>{init_type2();init_symbols2()});var init_null2=__esm(()=>{init_null()});function Symbol2(options){return CreateType({[Kind2]:"Symbol",type:"symbol"},options)}var init_symbol=__esm(()=>{init_type2();init_symbols2()});var init_symbol2=__esm(()=>{init_symbol()});function Undefined(options){return CreateType({[Kind2]:"Undefined",type:"undefined"},options)}var init_undefined=__esm(()=>{init_type2();init_symbols2()});var init_undefined2=__esm(()=>{init_undefined()});function Uint8Array2(options){return CreateType({[Kind2]:"Uint8Array",type:"Uint8Array"},options)}var init_uint8array=__esm(()=>{init_type2();init_symbols2()});var init_uint8array2=__esm(()=>{init_uint8array()});function Unknown(options){return CreateType({[Kind2]:"Unknown"},options)}var init_unknown=__esm(()=>{init_type2();init_symbols2()});var init_unknown2=__esm(()=>{init_unknown()});function FromArray3(T){return T.map((L)=>FromValue(L,!1))}function FromProperties7(value2){let Acc={};for(let K2 of globalThis.Object.getOwnPropertyNames(value2))Acc[K2]=Readonly(FromValue(value2[K2],!1));return Acc}function ConditionalReadonly(T,root){return root===!0?T:Readonly(T)}function FromValue(value2,root){return IsAsyncIterator(value2)?ConditionalReadonly(Any2(),root):IsIterator(value2)?ConditionalReadonly(Any2(),root):IsArray(value2)?Readonly(Tuple(FromArray3(value2))):IsUint8Array(value2)?Uint8Array2():IsDate(value2)?Date2():IsObject(value2)?ConditionalReadonly(Object2(FromProperties7(value2)),root):IsFunction(value2)?ConditionalReadonly(Function2([],Unknown()),root):IsUndefined(value2)?Undefined():IsNull(value2)?Null2():IsSymbol(value2)?Symbol2():IsBigInt(value2)?BigInt2():IsNumber(value2)?Literal(value2):IsBoolean(value2)?Literal(value2):IsString(value2)?Literal(value2):Object2({})}function Const(T,options){return CreateType(FromValue(T,!0),options)}var init_const=__esm(()=>{init_any2();init_bigint2();init_date2();init_function2();init_literal2();init_null2();init_object2();init_symbol2();init_tuple2();init_readonly2();init_undefined2();init_uint8array2();init_unknown2();init_create()});var init_const2=__esm(()=>{init_const()});function ConstructorParameters(schema,options){return IsConstructor(schema)?Tuple(schema.parameters,options):Never(options)}var init_constructor_parameters=__esm(()=>{init_tuple2();init_never2();init_kind()});var init_constructor_parameters2=__esm(()=>{init_constructor_parameters()});function Enum(item,options){if(IsUndefined(item))throw Error("Enum undefined or empty");let values1=globalThis.Object.getOwnPropertyNames(item).filter((key2)=>isNaN(key2)).map((key2)=>item[key2]),anyOf=[...new Set(values1)].map((value2)=>Literal(value2));return Union(anyOf,{...options,[Hint]:"Enum"})}var init_enum=__esm(()=>{init_literal2();init_symbols2();init_union2()});var init_enum2=__esm(()=>{init_enum()});function IntoBooleanResult(result){return result===ExtendsResult.False?result:ExtendsResult.True}function Throw(message){throw new ExtendsResolverError(message)}function IsStructuralRight(right){return exports_type.IsNever(right)||exports_type.IsIntersect(right)||exports_type.IsUnion(right)||exports_type.IsUnknown(right)||exports_type.IsAny(right)}function StructuralRight(left,right){return exports_type.IsNever(right)?FromNeverRight(left,right):exports_type.IsIntersect(right)?FromIntersectRight(left,right):exports_type.IsUnion(right)?FromUnionRight(left,right):exports_type.IsUnknown(right)?FromUnknownRight(left,right):exports_type.IsAny(right)?FromAnyRight(left,right):Throw("StructuralRight")}function FromAnyRight(left,right){return ExtendsResult.True}function FromAny(left,right){return exports_type.IsIntersect(right)?FromIntersectRight(left,right):exports_type.IsUnion(right)&&right.anyOf.some((schema)=>exports_type.IsAny(schema)||exports_type.IsUnknown(schema))?ExtendsResult.True:exports_type.IsUnion(right)?ExtendsResult.Union:exports_type.IsUnknown(right)?ExtendsResult.True:exports_type.IsAny(right)?ExtendsResult.True:ExtendsResult.Union}function FromArrayRight(left,right){return exports_type.IsUnknown(left)?ExtendsResult.False:exports_type.IsAny(left)?ExtendsResult.Union:exports_type.IsNever(left)?ExtendsResult.True:ExtendsResult.False}function FromArray4(left,right){return exports_type.IsObject(right)&&IsObjectArrayLike(right)?ExtendsResult.True:IsStructuralRight(right)?StructuralRight(left,right):!exports_type.IsArray(right)?ExtendsResult.False:IntoBooleanResult(Visit3(left.items,right.items))}function FromAsyncIterator(left,right){return IsStructuralRight(right)?StructuralRight(left,right):!exports_type.IsAsyncIterator(right)?ExtendsResult.False:IntoBooleanResult(Visit3(left.items,right.items))}function FromBigInt(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):exports_type.IsBigInt(right)?ExtendsResult.True:ExtendsResult.False}function FromBooleanRight(left,right){return exports_type.IsLiteralBoolean(left)?ExtendsResult.True:exports_type.IsBoolean(left)?ExtendsResult.True:ExtendsResult.False}function FromBoolean(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):exports_type.IsBoolean(right)?ExtendsResult.True:ExtendsResult.False}function FromConstructor(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):!exports_type.IsConstructor(right)?ExtendsResult.False:left.parameters.length>right.parameters.length?ExtendsResult.False:!left.parameters.every((schema,index)=>IntoBooleanResult(Visit3(right.parameters[index],schema))===ExtendsResult.True)?ExtendsResult.False:IntoBooleanResult(Visit3(left.returns,right.returns))}function FromDate(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):exports_type.IsDate(right)?ExtendsResult.True:ExtendsResult.False}function FromFunction(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):!exports_type.IsFunction(right)?ExtendsResult.False:left.parameters.length>right.parameters.length?ExtendsResult.False:!left.parameters.every((schema,index)=>IntoBooleanResult(Visit3(right.parameters[index],schema))===ExtendsResult.True)?ExtendsResult.False:IntoBooleanResult(Visit3(left.returns,right.returns))}function FromIntegerRight(left,right){return exports_type.IsLiteral(left)&&exports_value.IsNumber(left.const)?ExtendsResult.True:exports_type.IsNumber(left)||exports_type.IsInteger(left)?ExtendsResult.True:ExtendsResult.False}function FromInteger(left,right){return exports_type.IsInteger(right)||exports_type.IsNumber(right)?ExtendsResult.True:IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):ExtendsResult.False}function FromIntersectRight(left,right){return right.allOf.every((schema)=>Visit3(left,schema)===ExtendsResult.True)?ExtendsResult.True:ExtendsResult.False}function FromIntersect4(left,right){return left.allOf.some((schema)=>Visit3(schema,right)===ExtendsResult.True)?ExtendsResult.True:ExtendsResult.False}function FromIterator(left,right){return IsStructuralRight(right)?StructuralRight(left,right):!exports_type.IsIterator(right)?ExtendsResult.False:IntoBooleanResult(Visit3(left.items,right.items))}function FromLiteral2(left,right){return exports_type.IsLiteral(right)&&right.const===left.const?ExtendsResult.True:IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):exports_type.IsString(right)?FromStringRight(left,right):exports_type.IsNumber(right)?FromNumberRight(left,right):exports_type.IsInteger(right)?FromIntegerRight(left,right):exports_type.IsBoolean(right)?FromBooleanRight(left,right):ExtendsResult.False}function FromNeverRight(left,right){return ExtendsResult.False}function FromNever(left,right){return ExtendsResult.True}function UnwrapTNot(schema){let[current,depth]=[schema,0];while(!0){if(!exports_type.IsNot(current))break;current=current.not,depth+=1}return depth%2===0?current:Unknown()}function FromNot(left,right){return exports_type.IsNot(left)?Visit3(UnwrapTNot(left),right):exports_type.IsNot(right)?Visit3(left,UnwrapTNot(right)):Throw("Invalid fallthrough for Not")}function FromNull(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):exports_type.IsNull(right)?ExtendsResult.True:ExtendsResult.False}function FromNumberRight(left,right){return exports_type.IsLiteralNumber(left)?ExtendsResult.True:exports_type.IsNumber(left)||exports_type.IsInteger(left)?ExtendsResult.True:ExtendsResult.False}function FromNumber(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):exports_type.IsInteger(right)||exports_type.IsNumber(right)?ExtendsResult.True:ExtendsResult.False}function IsObjectPropertyCount(schema,count3){return Object.getOwnPropertyNames(schema.properties).length===count3}function IsObjectStringLike(schema){return IsObjectArrayLike(schema)}function IsObjectSymbolLike(schema){return IsObjectPropertyCount(schema,0)||IsObjectPropertyCount(schema,1)&&"description"in schema.properties&&exports_type.IsUnion(schema.properties.description)&&schema.properties.description.anyOf.length===2&&(exports_type.IsString(schema.properties.description.anyOf[0])&&exports_type.IsUndefined(schema.properties.description.anyOf[1])||exports_type.IsString(schema.properties.description.anyOf[1])&&exports_type.IsUndefined(schema.properties.description.anyOf[0]))}function IsObjectNumberLike(schema){return IsObjectPropertyCount(schema,0)}function IsObjectBooleanLike(schema){return IsObjectPropertyCount(schema,0)}function IsObjectBigIntLike(schema){return IsObjectPropertyCount(schema,0)}function IsObjectDateLike(schema){return IsObjectPropertyCount(schema,0)}function IsObjectUint8ArrayLike(schema){return IsObjectArrayLike(schema)}function IsObjectFunctionLike(schema){let length=Number2();return IsObjectPropertyCount(schema,0)||IsObjectPropertyCount(schema,1)&&"length"in schema.properties&&IntoBooleanResult(Visit3(schema.properties.length,length))===ExtendsResult.True}function IsObjectConstructorLike(schema){return IsObjectPropertyCount(schema,0)}function IsObjectArrayLike(schema){let length=Number2();return IsObjectPropertyCount(schema,0)||IsObjectPropertyCount(schema,1)&&"length"in schema.properties&&IntoBooleanResult(Visit3(schema.properties.length,length))===ExtendsResult.True}function IsObjectPromiseLike(schema){let then=Function2([Any2()],Any2());return IsObjectPropertyCount(schema,0)||IsObjectPropertyCount(schema,1)&&"then"in schema.properties&&IntoBooleanResult(Visit3(schema.properties.then,then))===ExtendsResult.True}function Property(left,right){return Visit3(left,right)===ExtendsResult.False?ExtendsResult.False:exports_type.IsOptional(left)&&!exports_type.IsOptional(right)?ExtendsResult.False:ExtendsResult.True}function FromObjectRight(left,right){return exports_type.IsUnknown(left)?ExtendsResult.False:exports_type.IsAny(left)?ExtendsResult.Union:exports_type.IsNever(left)||exports_type.IsLiteralString(left)&&IsObjectStringLike(right)||exports_type.IsLiteralNumber(left)&&IsObjectNumberLike(right)||exports_type.IsLiteralBoolean(left)&&IsObjectBooleanLike(right)||exports_type.IsSymbol(left)&&IsObjectSymbolLike(right)||exports_type.IsBigInt(left)&&IsObjectBigIntLike(right)||exports_type.IsString(left)&&IsObjectStringLike(right)||exports_type.IsSymbol(left)&&IsObjectSymbolLike(right)||exports_type.IsNumber(left)&&IsObjectNumberLike(right)||exports_type.IsInteger(left)&&IsObjectNumberLike(right)||exports_type.IsBoolean(left)&&IsObjectBooleanLike(right)||exports_type.IsUint8Array(left)&&IsObjectUint8ArrayLike(right)||exports_type.IsDate(left)&&IsObjectDateLike(right)||exports_type.IsConstructor(left)&&IsObjectConstructorLike(right)||exports_type.IsFunction(left)&&IsObjectFunctionLike(right)?ExtendsResult.True:exports_type.IsRecord(left)&&exports_type.IsString(RecordKey(left))?(()=>{return right[Hint]==="Record"?ExtendsResult.True:ExtendsResult.False})():exports_type.IsRecord(left)&&exports_type.IsNumber(RecordKey(left))?(()=>{return IsObjectPropertyCount(right,0)?ExtendsResult.True:ExtendsResult.False})():ExtendsResult.False}function FromObject(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):!exports_type.IsObject(right)?ExtendsResult.False:(()=>{for(let key2 of Object.getOwnPropertyNames(right.properties)){if(!(key2 in left.properties)&&!exports_type.IsOptional(right.properties[key2]))return ExtendsResult.False;if(exports_type.IsOptional(right.properties[key2]))return ExtendsResult.True;if(Property(left.properties[key2],right.properties[key2])===ExtendsResult.False)return ExtendsResult.False}return ExtendsResult.True})()}function FromPromise2(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)&&IsObjectPromiseLike(right)?ExtendsResult.True:!exports_type.IsPromise(right)?ExtendsResult.False:IntoBooleanResult(Visit3(left.item,right.item))}function RecordKey(schema){return PatternNumberExact in schema.patternProperties?Number2():(PatternStringExact in schema.patternProperties)?String2():Throw("Unknown record key pattern")}function RecordValue(schema){return PatternNumberExact in schema.patternProperties?schema.patternProperties[PatternNumberExact]:(PatternStringExact in schema.patternProperties)?schema.patternProperties[PatternStringExact]:Throw("Unable to get record value schema")}function FromRecordRight(left,right){let[Key,Value]=[RecordKey(right),RecordValue(right)];return exports_type.IsLiteralString(left)&&exports_type.IsNumber(Key)&&IntoBooleanResult(Visit3(left,Value))===ExtendsResult.True?ExtendsResult.True:exports_type.IsUint8Array(left)&&exports_type.IsNumber(Key)?Visit3(left,Value):exports_type.IsString(left)&&exports_type.IsNumber(Key)?Visit3(left,Value):exports_type.IsArray(left)&&exports_type.IsNumber(Key)?Visit3(left,Value):exports_type.IsObject(left)?(()=>{for(let key2 of Object.getOwnPropertyNames(left.properties))if(Property(Value,left.properties[key2])===ExtendsResult.False)return ExtendsResult.False;return ExtendsResult.True})():ExtendsResult.False}function FromRecord(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):!exports_type.IsRecord(right)?ExtendsResult.False:Visit3(RecordValue(left),RecordValue(right))}function FromRegExp(left,right){let L=exports_type.IsRegExp(left)?String2():left,R=exports_type.IsRegExp(right)?String2():right;return Visit3(L,R)}function FromStringRight(left,right){return exports_type.IsLiteral(left)&&exports_value.IsString(left.const)?ExtendsResult.True:exports_type.IsString(left)?ExtendsResult.True:ExtendsResult.False}function FromString(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):exports_type.IsString(right)?ExtendsResult.True:ExtendsResult.False}function FromSymbol(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):exports_type.IsSymbol(right)?ExtendsResult.True:ExtendsResult.False}function FromTemplateLiteral2(left,right){return exports_type.IsTemplateLiteral(left)?Visit3(TemplateLiteralToUnion(left),right):exports_type.IsTemplateLiteral(right)?Visit3(left,TemplateLiteralToUnion(right)):Throw("Invalid fallthrough for TemplateLiteral")}function IsArrayOfTuple(left,right){return exports_type.IsArray(right)&&left.items!==void 0&&left.items.every((schema)=>Visit3(schema,right.items)===ExtendsResult.True)}function FromTupleRight(left,right){return exports_type.IsNever(left)?ExtendsResult.True:exports_type.IsUnknown(left)?ExtendsResult.False:exports_type.IsAny(left)?ExtendsResult.Union:ExtendsResult.False}function FromTuple3(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)&&IsObjectArrayLike(right)?ExtendsResult.True:exports_type.IsArray(right)&&IsArrayOfTuple(left,right)?ExtendsResult.True:!exports_type.IsTuple(right)?ExtendsResult.False:exports_value.IsUndefined(left.items)&&!exports_value.IsUndefined(right.items)||!exports_value.IsUndefined(left.items)&&exports_value.IsUndefined(right.items)?ExtendsResult.False:exports_value.IsUndefined(left.items)&&!exports_value.IsUndefined(right.items)?ExtendsResult.True:left.items.every((schema,index)=>Visit3(schema,right.items[index])===ExtendsResult.True)?ExtendsResult.True:ExtendsResult.False}function FromUint8Array(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):exports_type.IsUint8Array(right)?ExtendsResult.True:ExtendsResult.False}function FromUndefined(left,right){return IsStructuralRight(right)?StructuralRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsRecord(right)?FromRecordRight(left,right):exports_type.IsVoid(right)?FromVoidRight(left,right):exports_type.IsUndefined(right)?ExtendsResult.True:ExtendsResult.False}function FromUnionRight(left,right){return right.anyOf.some((schema)=>Visit3(left,schema)===ExtendsResult.True)?ExtendsResult.True:ExtendsResult.False}function FromUnion6(left,right){return left.anyOf.every((schema)=>Visit3(schema,right)===ExtendsResult.True)?ExtendsResult.True:ExtendsResult.False}function FromUnknownRight(left,right){return ExtendsResult.True}function FromUnknown(left,right){return exports_type.IsNever(right)?FromNeverRight(left,right):exports_type.IsIntersect(right)?FromIntersectRight(left,right):exports_type.IsUnion(right)?FromUnionRight(left,right):exports_type.IsAny(right)?FromAnyRight(left,right):exports_type.IsString(right)?FromStringRight(left,right):exports_type.IsNumber(right)?FromNumberRight(left,right):exports_type.IsInteger(right)?FromIntegerRight(left,right):exports_type.IsBoolean(right)?FromBooleanRight(left,right):exports_type.IsArray(right)?FromArrayRight(left,right):exports_type.IsTuple(right)?FromTupleRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsUnknown(right)?ExtendsResult.True:ExtendsResult.False}function FromVoidRight(left,right){return exports_type.IsUndefined(left)?ExtendsResult.True:exports_type.IsUndefined(left)?ExtendsResult.True:ExtendsResult.False}function FromVoid(left,right){return exports_type.IsIntersect(right)?FromIntersectRight(left,right):exports_type.IsUnion(right)?FromUnionRight(left,right):exports_type.IsUnknown(right)?FromUnknownRight(left,right):exports_type.IsAny(right)?FromAnyRight(left,right):exports_type.IsObject(right)?FromObjectRight(left,right):exports_type.IsVoid(right)?ExtendsResult.True:ExtendsResult.False}function Visit3(left,right){return exports_type.IsTemplateLiteral(left)||exports_type.IsTemplateLiteral(right)?FromTemplateLiteral2(left,right):exports_type.IsRegExp(left)||exports_type.IsRegExp(right)?FromRegExp(left,right):exports_type.IsNot(left)||exports_type.IsNot(right)?FromNot(left,right):exports_type.IsAny(left)?FromAny(left,right):exports_type.IsArray(left)?FromArray4(left,right):exports_type.IsBigInt(left)?FromBigInt(left,right):exports_type.IsBoolean(left)?FromBoolean(left,right):exports_type.IsAsyncIterator(left)?FromAsyncIterator(left,right):exports_type.IsConstructor(left)?FromConstructor(left,right):exports_type.IsDate(left)?FromDate(left,right):exports_type.IsFunction(left)?FromFunction(left,right):exports_type.IsInteger(left)?FromInteger(left,right):exports_type.IsIntersect(left)?FromIntersect4(left,right):exports_type.IsIterator(left)?FromIterator(left,right):exports_type.IsLiteral(left)?FromLiteral2(left,right):exports_type.IsNever(left)?FromNever(left,right):exports_type.IsNull(left)?FromNull(left,right):exports_type.IsNumber(left)?FromNumber(left,right):exports_type.IsObject(left)?FromObject(left,right):exports_type.IsRecord(left)?FromRecord(left,right):exports_type.IsString(left)?FromString(left,right):exports_type.IsSymbol(left)?FromSymbol(left,right):exports_type.IsTuple(left)?FromTuple3(left,right):exports_type.IsPromise(left)?FromPromise2(left,right):exports_type.IsUint8Array(left)?FromUint8Array(left,right):exports_type.IsUndefined(left)?FromUndefined(left,right):exports_type.IsUnion(left)?FromUnion6(left,right):exports_type.IsUnknown(left)?FromUnknown(left,right):exports_type.IsVoid(left)?FromVoid(left,right):Throw(`Unknown left type operand '${left[Kind2]}'`)}function ExtendsCheck(left,right){return Visit3(left,right)}var ExtendsResolverError,ExtendsResult;var init_extends_check=__esm(()=>{init_any2();init_function2();init_number2();init_string2();init_unknown2();init_template_literal2();init_patterns();init_symbols2();init_error2();init_guard2();ExtendsResolverError=class ExtendsResolverError extends TypeBoxError{};(function(ExtendsResult2){ExtendsResult2[ExtendsResult2.Union=0]="Union",ExtendsResult2[ExtendsResult2.True=1]="True",ExtendsResult2[ExtendsResult2.False=2]="False"})(ExtendsResult||(ExtendsResult={}))});function FromProperties8(P,Right,True,False,options){let Acc={};for(let K2 of globalThis.Object.getOwnPropertyNames(P))Acc[K2]=Extends(P[K2],Right,True,False,Clone(options));return Acc}function FromMappedResult6(Left,Right,True,False,options){return FromProperties8(Left.properties,Right,True,False,options)}function ExtendsFromMappedResult(Left,Right,True,False,options){let P=FromMappedResult6(Left,Right,True,False,options);return MappedResult(P)}var init_extends_from_mapped_result=__esm(()=>{init_mapped2();init_extends();init_value()});function ExtendsResolve(left,right,trueType,falseType){let R=ExtendsCheck(left,right);return R===ExtendsResult.Union?Union([trueType,falseType]):R===ExtendsResult.True?trueType:falseType}function Extends(L,R,T,F,options){return IsMappedResult(L)?ExtendsFromMappedResult(L,R,T,F,options):IsMappedKey(L)?CreateType(ExtendsFromMappedKey(L,R,T,F,options)):CreateType(ExtendsResolve(L,R,T,F),options)}var init_extends=__esm(()=>{init_type2();init_union2();init_extends_check();init_extends_from_mapped_key();init_extends_from_mapped_result();init_kind()});function FromPropertyKey(K2,U,L,R,options){return{[K2]:Extends(Literal(K2),U,L,R,Clone(options))}}function FromPropertyKeys(K2,U,L,R,options){return K2.reduce((Acc,LK)=>{return{...Acc,...FromPropertyKey(LK,U,L,R,options)}},{})}function FromMappedKey2(K2,U,L,R,options){return FromPropertyKeys(K2.keys,U,L,R,options)}function ExtendsFromMappedKey(T,U,L,R,options){let P=FromMappedKey2(T,U,L,R,options);return MappedResult(P)}var init_extends_from_mapped_key=__esm(()=>{init_mapped2();init_literal2();init_extends();init_value()});var init_extends_undefined=()=>{};var init_extends2=__esm(()=>{init_extends_check();init_extends_from_mapped_key();init_extends_from_mapped_result();init_extends_undefined();init_extends()});function ExcludeFromTemplateLiteral(L,R){return Exclude(TemplateLiteralToUnion(L),R)}var init_exclude_from_template_literal=__esm(()=>{init_exclude();init_template_literal2()});function ExcludeRest(L,R){let excluded=L.filter((inner)=>ExtendsCheck(inner,R)===ExtendsResult.False);return excluded.length===1?excluded[0]:Union(excluded)}function Exclude(L,R,options={}){if(IsTemplateLiteral(L))return CreateType(ExcludeFromTemplateLiteral(L,R),options);if(IsMappedResult(L))return CreateType(ExcludeFromMappedResult(L,R),options);return CreateType(IsUnion(L)?ExcludeRest(L.anyOf,R):ExtendsCheck(L,R)!==ExtendsResult.False?Never():L,options)}var init_exclude=__esm(()=>{init_type2();init_union2();init_never2();init_extends2();init_exclude_from_mapped_result();init_exclude_from_template_literal();init_kind()});function FromProperties9(P,U){let Acc={};for(let K2 of globalThis.Object.getOwnPropertyNames(P))Acc[K2]=Exclude(P[K2],U);return Acc}function FromMappedResult7(R,T){return FromProperties9(R.properties,T)}function ExcludeFromMappedResult(R,T){let P=FromMappedResult7(R,T);return MappedResult(P)}var init_exclude_from_mapped_result=__esm(()=>{init_mapped2();init_exclude()});var init_exclude2=__esm(()=>{init_exclude_from_mapped_result();init_exclude_from_template_literal();init_exclude()});function ExtractFromTemplateLiteral(L,R){return Extract(TemplateLiteralToUnion(L),R)}var init_extract_from_template_literal=__esm(()=>{init_extract();init_template_literal2()});function ExtractRest(L,R){let extracted=L.filter((inner)=>ExtendsCheck(inner,R)!==ExtendsResult.False);return extracted.length===1?extracted[0]:Union(extracted)}function Extract(L,R,options){if(IsTemplateLiteral(L))return CreateType(ExtractFromTemplateLiteral(L,R),options);if(IsMappedResult(L))return CreateType(ExtractFromMappedResult(L,R),options);return CreateType(IsUnion(L)?ExtractRest(L.anyOf,R):ExtendsCheck(L,R)!==ExtendsResult.False?L:Never(),options)}var init_extract=__esm(()=>{init_type2();init_union2();init_never2();init_extends2();init_extract_from_mapped_result();init_extract_from_template_literal();init_kind()});function FromProperties10(P,T){let Acc={};for(let K2 of globalThis.Object.getOwnPropertyNames(P))Acc[K2]=Extract(P[K2],T);return Acc}function FromMappedResult8(R,T){return FromProperties10(R.properties,T)}function ExtractFromMappedResult(R,T){let P=FromMappedResult8(R,T);return MappedResult(P)}var init_extract_from_mapped_result=__esm(()=>{init_mapped2();init_extract()});var init_extract2=__esm(()=>{init_extract_from_mapped_result();init_extract_from_template_literal();init_extract()});function InstanceType(schema,options){return IsConstructor(schema)?CreateType(schema.returns,options):Never(options)}var init_instance_type=__esm(()=>{init_type2();init_never2();init_kind()});var init_instance_type2=__esm(()=>{init_instance_type()});function ReadonlyOptional(schema){return Readonly(Optional(schema))}var init_readonly_optional=__esm(()=>{init_readonly2();init_optional2()});var init_readonly_optional2=__esm(()=>{init_readonly_optional()});function RecordCreateFromPattern(pattern2,T,options){return CreateType({[Kind2]:"Record",type:"object",patternProperties:{[pattern2]:T}},options)}function RecordCreateFromKeys(K2,T,options){let result={};for(let K22 of K2)result[K22]=T;return Object2(result,{...options,[Hint]:"Record"})}function FromTemplateLiteralKey(K2,T,options){return IsTemplateLiteralFinite(K2)?RecordCreateFromKeys(IndexPropertyKeys(K2),T,options):RecordCreateFromPattern(K2.pattern,T,options)}function FromUnionKey(key2,type3,options){return RecordCreateFromKeys(IndexPropertyKeys(Union(key2)),type3,options)}function FromLiteralKey(key2,type3,options){return RecordCreateFromKeys([key2.toString()],type3,options)}function FromRegExpKey(key2,type3,options){return RecordCreateFromPattern(key2.source,type3,options)}function FromStringKey(key2,type3,options){let pattern2=IsUndefined(key2.pattern)?PatternStringExact:key2.pattern;return RecordCreateFromPattern(pattern2,type3,options)}function FromAnyKey(_,type3,options){return RecordCreateFromPattern(PatternStringExact,type3,options)}function FromNeverKey(_key,type3,options){return RecordCreateFromPattern(PatternNeverExact,type3,options)}function FromBooleanKey(_key,type3,options){return Object2({true:type3,false:type3},options)}function FromIntegerKey(_key,type3,options){return RecordCreateFromPattern(PatternNumberExact,type3,options)}function FromNumberKey(_,type3,options){return RecordCreateFromPattern(PatternNumberExact,type3,options)}function Record(key2,type3,options={}){return IsUnion(key2)?FromUnionKey(key2.anyOf,type3,options):IsTemplateLiteral(key2)?FromTemplateLiteralKey(key2,type3,options):IsLiteral(key2)?FromLiteralKey(key2.const,type3,options):IsBoolean2(key2)?FromBooleanKey(key2,type3,options):IsInteger(key2)?FromIntegerKey(key2,type3,options):IsNumber3(key2)?FromNumberKey(key2,type3,options):IsRegExp2(key2)?FromRegExpKey(key2,type3,options):IsString2(key2)?FromStringKey(key2,type3,options):IsAny(key2)?FromAnyKey(key2,type3,options):IsNever(key2)?FromNeverKey(key2,type3,options):Never(options)}function RecordPattern(record){return globalThis.Object.getOwnPropertyNames(record.patternProperties)[0]}function RecordKey2(type3){let pattern2=RecordPattern(type3);return pattern2===PatternStringExact?String2():pattern2===PatternNumberExact?Number2():String2({pattern:pattern2})}function RecordValue2(type3){return type3.patternProperties[RecordPattern(type3)]}var init_record=__esm(()=>{init_type2();init_symbols2();init_never2();init_number2();init_object2();init_string2();init_union2();init_template_literal2();init_patterns();init_indexed2();init_kind()});var init_record2=__esm(()=>{init_record()});function FromConstructor2(args,type3){return type3.parameters=FromTypes(args,type3.parameters),type3.returns=FromType(args,type3.returns),type3}function FromFunction2(args,type3){return type3.parameters=FromTypes(args,type3.parameters),type3.returns=FromType(args,type3.returns),type3}function FromIntersect5(args,type3){return type3.allOf=FromTypes(args,type3.allOf),type3}function FromUnion7(args,type3){return type3.anyOf=FromTypes(args,type3.anyOf),type3}function FromTuple4(args,type3){if(IsUndefined(type3.items))return type3;return type3.items=FromTypes(args,type3.items),type3}function FromArray5(args,type3){return type3.items=FromType(args,type3.items),type3}function FromAsyncIterator2(args,type3){return type3.items=FromType(args,type3.items),type3}function FromIterator2(args,type3){return type3.items=FromType(args,type3.items),type3}function FromPromise3(args,type3){return type3.item=FromType(args,type3.item),type3}function FromObject2(args,type3){let mappedProperties=FromProperties11(args,type3.properties);return{...type3,...Object2(mappedProperties)}}function FromRecord2(args,type3){let mappedKey=FromType(args,RecordKey2(type3)),mappedValue=FromType(args,RecordValue2(type3)),result=Record(mappedKey,mappedValue);return{...type3,...result}}function FromArgument(args,argument2){return argument2.index in args?args[argument2.index]:Unknown()}function FromProperty2(args,type3){let isReadonly=IsReadonly(type3),isOptional=IsOptional(type3),mapped2=FromType(args,type3);return isReadonly&&isOptional?ReadonlyOptional(mapped2):isReadonly&&!isOptional?Readonly(mapped2):!isReadonly&&isOptional?Optional(mapped2):mapped2}function FromProperties11(args,properties){return globalThis.Object.getOwnPropertyNames(properties).reduce((result,key2)=>{return{...result,[key2]:FromProperty2(args,properties[key2])}},{})}function FromTypes(args,types18){return types18.map((type3)=>FromType(args,type3))}function FromType(args,type3){return IsConstructor(type3)?FromConstructor2(args,type3):IsFunction2(type3)?FromFunction2(args,type3):IsIntersect(type3)?FromIntersect5(args,type3):IsUnion(type3)?FromUnion7(args,type3):IsTuple(type3)?FromTuple4(args,type3):IsArray3(type3)?FromArray5(args,type3):IsAsyncIterator2(type3)?FromAsyncIterator2(args,type3):IsIterator2(type3)?FromIterator2(args,type3):IsPromise(type3)?FromPromise3(args,type3):IsObject3(type3)?FromObject2(args,type3):IsRecord(type3)?FromRecord2(args,type3):IsArgument(type3)?FromArgument(args,type3):type3}function Instantiate(type3,args){return FromType(args,CloneType(type3))}var init_instantiate=__esm(()=>{init_type();init_unknown2();init_readonly_optional2();init_readonly2();init_optional2();init_object2();init_record2();init_kind()});var init_instantiate2=__esm(()=>{init_instantiate()});function Integer2(options){return CreateType({[Kind2]:"Integer",type:"integer"},options)}var init_integer=__esm(()=>{init_type2();init_symbols2()});var init_integer2=__esm(()=>{init_integer()});function MappedIntrinsicPropertyKey(K2,M,options){return{[K2]:Intrinsic(Literal(K2),M,Clone(options))}}function MappedIntrinsicPropertyKeys(K2,M,options){return K2.reduce((Acc,L)=>{return{...Acc,...MappedIntrinsicPropertyKey(L,M,options)}},{})}function MappedIntrinsicProperties(T,M,options){return MappedIntrinsicPropertyKeys(T.keys,M,options)}function IntrinsicFromMappedKey(T,M,options){let P=MappedIntrinsicProperties(T,M,options);return MappedResult(P)}var init_intrinsic_from_mapped_key=__esm(()=>{init_mapped2();init_intrinsic();init_literal2();init_value()});function ApplyUncapitalize(value2){let[first,rest]=[value2.slice(0,1),value2.slice(1)];return[first.toLowerCase(),rest].join("")}function ApplyCapitalize(value2){let[first,rest]=[value2.slice(0,1),value2.slice(1)];return[first.toUpperCase(),rest].join("")}function ApplyUppercase(value2){return value2.toUpperCase()}function ApplyLowercase(value2){return value2.toLowerCase()}function FromTemplateLiteral3(schema,mode,options){let expression=TemplateLiteralParseExact(schema.pattern);if(!IsTemplateLiteralExpressionFinite(expression))return{...schema,pattern:FromLiteralValue(schema.pattern,mode)};let literals=[...TemplateLiteralExpressionGenerate(expression)].map((value2)=>Literal(value2)),mapped2=FromRest5(literals,mode),union3=Union(mapped2);return TemplateLiteral([union3],options)}function FromLiteralValue(value2,mode){return typeof value2==="string"?mode==="Uncapitalize"?ApplyUncapitalize(value2):mode==="Capitalize"?ApplyCapitalize(value2):mode==="Uppercase"?ApplyUppercase(value2):mode==="Lowercase"?ApplyLowercase(value2):value2:value2.toString()}function FromRest5(T,M){return T.map((L)=>Intrinsic(L,M))}function Intrinsic(schema,mode,options={}){return IsMappedKey(schema)?IntrinsicFromMappedKey(schema,mode,options):IsTemplateLiteral(schema)?FromTemplateLiteral3(schema,mode,options):IsUnion(schema)?Union(FromRest5(schema.anyOf,mode),options):IsLiteral(schema)?Literal(FromLiteralValue(schema.const,mode),options):CreateType(schema,options)}var init_intrinsic=__esm(()=>{init_type2();init_template_literal2();init_intrinsic_from_mapped_key();init_literal2();init_union2();init_kind()});function Capitalize(T,options={}){return Intrinsic(T,"Capitalize",options)}var init_capitalize=__esm(()=>{init_intrinsic()});function Lowercase(T,options={}){return Intrinsic(T,"Lowercase",options)}var init_lowercase=__esm(()=>{init_intrinsic()});function Uncapitalize(T,options={}){return Intrinsic(T,"Uncapitalize",options)}var init_uncapitalize=__esm(()=>{init_intrinsic()});function Uppercase(T,options={}){return Intrinsic(T,"Uppercase",options)}var init_uppercase=__esm(()=>{init_intrinsic()});var init_intrinsic2=__esm(()=>{init_capitalize();init_intrinsic_from_mapped_key();init_intrinsic();init_lowercase();init_uncapitalize();init_uppercase()});function FromProperties12(properties,propertyKeys,options){let result={};for(let K2 of globalThis.Object.getOwnPropertyNames(properties))result[K2]=Omit(properties[K2],propertyKeys,Clone(options));return result}function FromMappedResult9(mappedResult,propertyKeys,options){return FromProperties12(mappedResult.properties,propertyKeys,options)}function OmitFromMappedResult(mappedResult,propertyKeys,options){let properties=FromMappedResult9(mappedResult,propertyKeys,options);return MappedResult(properties)}var init_omit_from_mapped_result=__esm(()=>{init_mapped2();init_omit();init_value()});function FromIntersect6(types18,propertyKeys){return types18.map((type3)=>OmitResolve(type3,propertyKeys))}function FromUnion8(types18,propertyKeys){return types18.map((type3)=>OmitResolve(type3,propertyKeys))}function FromProperty3(properties,key2){let{[key2]:_,...R}=properties;return R}function FromProperties13(properties,propertyKeys){return propertyKeys.reduce((T,K2)=>FromProperty3(T,K2),properties)}function FromObject3(type3,propertyKeys,properties){let options=Discard(type3,[TransformKind,"$id","required","properties"]),mappedProperties=FromProperties13(properties,propertyKeys);return Object2(mappedProperties,options)}function UnionFromPropertyKeys(propertyKeys){let result=propertyKeys.reduce((result2,key2)=>IsLiteralValue(key2)?[...result2,Literal(key2)]:result2,[]);return Union(result)}function OmitResolve(type3,propertyKeys){return IsIntersect(type3)?Intersect(FromIntersect6(type3.allOf,propertyKeys)):IsUnion(type3)?Union(FromUnion8(type3.anyOf,propertyKeys)):IsObject3(type3)?FromObject3(type3,propertyKeys,type3.properties):Object2({})}function Omit(type3,key2,options){let typeKey=IsArray(key2)?UnionFromPropertyKeys(key2):key2,propertyKeys=IsSchema(key2)?IndexPropertyKeys(key2):key2,isTypeRef=IsRef(type3),isKeyRef=IsRef(key2);return IsMappedResult(type3)?OmitFromMappedResult(type3,propertyKeys,options):IsMappedKey(key2)?OmitFromMappedKey(type3,key2,options):isTypeRef&&isKeyRef?Computed("Omit",[type3,typeKey],options):!isTypeRef&&isKeyRef?Computed("Omit",[type3,typeKey],options):isTypeRef&&!isKeyRef?Computed("Omit",[type3,typeKey],options):CreateType({...OmitResolve(type3,propertyKeys),...options})}var init_omit=__esm(()=>{init_type2();init_symbols();init_computed2();init_literal2();init_indexed2();init_intersect2();init_union2();init_object2();init_omit_from_mapped_key();init_omit_from_mapped_result();init_kind()});function FromPropertyKey2(type3,key2,options){return{[key2]:Omit(type3,[key2],Clone(options))}}function FromPropertyKeys2(type3,propertyKeys,options){return propertyKeys.reduce((Acc,LK)=>{return{...Acc,...FromPropertyKey2(type3,LK,options)}},{})}function FromMappedKey3(type3,mappedKey,options){return FromPropertyKeys2(type3,mappedKey.keys,options)}function OmitFromMappedKey(type3,mappedKey,options){let properties=FromMappedKey3(type3,mappedKey,options);return MappedResult(properties)}var init_omit_from_mapped_key=__esm(()=>{init_mapped2();init_omit();init_value()});var init_omit2=__esm(()=>{init_omit_from_mapped_key();init_omit_from_mapped_result();init_omit()});function FromProperties14(properties,propertyKeys,options){let result={};for(let K2 of globalThis.Object.getOwnPropertyNames(properties))result[K2]=Pick(properties[K2],propertyKeys,Clone(options));return result}function FromMappedResult10(mappedResult,propertyKeys,options){return FromProperties14(mappedResult.properties,propertyKeys,options)}function PickFromMappedResult(mappedResult,propertyKeys,options){let properties=FromMappedResult10(mappedResult,propertyKeys,options);return MappedResult(properties)}var init_pick_from_mapped_result=__esm(()=>{init_mapped2();init_pick();init_value()});function FromIntersect7(types18,propertyKeys){return types18.map((type3)=>PickResolve(type3,propertyKeys))}function FromUnion9(types18,propertyKeys){return types18.map((type3)=>PickResolve(type3,propertyKeys))}function FromProperties15(properties,propertyKeys){let result={};for(let K2 of propertyKeys)if(K2 in properties)result[K2]=properties[K2];return result}function FromObject4(Type,keys,properties){let options=Discard(Type,[TransformKind,"$id","required","properties"]),mappedProperties=FromProperties15(properties,keys);return Object2(mappedProperties,options)}function UnionFromPropertyKeys2(propertyKeys){let result=propertyKeys.reduce((result2,key2)=>IsLiteralValue(key2)?[...result2,Literal(key2)]:result2,[]);return Union(result)}function PickResolve(type3,propertyKeys){return IsIntersect(type3)?Intersect(FromIntersect7(type3.allOf,propertyKeys)):IsUnion(type3)?Union(FromUnion9(type3.anyOf,propertyKeys)):IsObject3(type3)?FromObject4(type3,propertyKeys,type3.properties):Object2({})}function Pick(type3,key2,options){let typeKey=IsArray(key2)?UnionFromPropertyKeys2(key2):key2,propertyKeys=IsSchema(key2)?IndexPropertyKeys(key2):key2,isTypeRef=IsRef(type3),isKeyRef=IsRef(key2);return IsMappedResult(type3)?PickFromMappedResult(type3,propertyKeys,options):IsMappedKey(key2)?PickFromMappedKey(type3,key2,options):isTypeRef&&isKeyRef?Computed("Pick",[type3,typeKey],options):!isTypeRef&&isKeyRef?Computed("Pick",[type3,typeKey],options):isTypeRef&&!isKeyRef?Computed("Pick",[type3,typeKey],options):CreateType({...PickResolve(type3,propertyKeys),...options})}var init_pick=__esm(()=>{init_type2();init_computed2();init_intersect2();init_literal2();init_object2();init_union2();init_indexed2();init_symbols();init_kind();init_pick_from_mapped_key();init_pick_from_mapped_result()});function FromPropertyKey3(type3,key2,options){return{[key2]:Pick(type3,[key2],Clone(options))}}function FromPropertyKeys3(type3,propertyKeys,options){return propertyKeys.reduce((result,leftKey)=>{return{...result,...FromPropertyKey3(type3,leftKey,options)}},{})}function FromMappedKey4(type3,mappedKey,options){return FromPropertyKeys3(type3,mappedKey.keys,options)}function PickFromMappedKey(type3,mappedKey,options){let properties=FromMappedKey4(type3,mappedKey,options);return MappedResult(properties)}var init_pick_from_mapped_key=__esm(()=>{init_mapped2();init_pick();init_value()});var init_pick2=__esm(()=>{init_pick_from_mapped_key();init_pick_from_mapped_result();init_pick()});function FromComputed3(target2,parameters2){return Computed("Partial",[Computed(target2,parameters2)])}function FromRef3($ref){return Computed("Partial",[Ref($ref)])}function FromProperties16(properties){let partialProperties={};for(let K2 of globalThis.Object.getOwnPropertyNames(properties))partialProperties[K2]=Optional(properties[K2]);return partialProperties}function FromObject5(type3,properties){let options=Discard(type3,[TransformKind,"$id","required","properties"]),mappedProperties=FromProperties16(properties);return Object2(mappedProperties,options)}function FromRest6(types18){return types18.map((type3)=>PartialResolve(type3))}function PartialResolve(type3){return IsComputed(type3)?FromComputed3(type3.target,type3.parameters):IsRef(type3)?FromRef3(type3.$ref):IsIntersect(type3)?Intersect(FromRest6(type3.allOf)):IsUnion(type3)?Union(FromRest6(type3.anyOf)):IsObject3(type3)?FromObject5(type3,type3.properties):IsBigInt2(type3)?type3:IsBoolean2(type3)?type3:IsInteger(type3)?type3:IsLiteral(type3)?type3:IsNull2(type3)?type3:IsNumber3(type3)?type3:IsString2(type3)?type3:IsSymbol2(type3)?type3:IsUndefined3(type3)?type3:Object2({})}function Partial(type3,options){if(IsMappedResult(type3))return PartialFromMappedResult(type3,options);else return CreateType({...PartialResolve(type3),...options})}var init_partial=__esm(()=>{init_type2();init_computed2();init_optional2();init_object2();init_intersect2();init_union2();init_ref2();init_discard();init_symbols2();init_partial_from_mapped_result();init_kind()});function FromProperties17(K2,options){let Acc={};for(let K22 of globalThis.Object.getOwnPropertyNames(K2))Acc[K22]=Partial(K2[K22],Clone(options));return Acc}function FromMappedResult11(R,options){return FromProperties17(R.properties,options)}function PartialFromMappedResult(R,options){let P=FromMappedResult11(R,options);return MappedResult(P)}var init_partial_from_mapped_result=__esm(()=>{init_mapped2();init_partial();init_value()});var init_partial2=__esm(()=>{init_partial_from_mapped_result();init_partial()});function FromComputed4(target2,parameters2){return Computed("Required",[Computed(target2,parameters2)])}function FromRef4($ref){return Computed("Required",[Ref($ref)])}function FromProperties18(properties){let requiredProperties={};for(let K2 of globalThis.Object.getOwnPropertyNames(properties))requiredProperties[K2]=Discard(properties[K2],[OptionalKind]);return requiredProperties}function FromObject6(type3,properties){let options=Discard(type3,[TransformKind,"$id","required","properties"]),mappedProperties=FromProperties18(properties);return Object2(mappedProperties,options)}function FromRest7(types18){return types18.map((type3)=>RequiredResolve(type3))}function RequiredResolve(type3){return IsComputed(type3)?FromComputed4(type3.target,type3.parameters):IsRef(type3)?FromRef4(type3.$ref):IsIntersect(type3)?Intersect(FromRest7(type3.allOf)):IsUnion(type3)?Union(FromRest7(type3.anyOf)):IsObject3(type3)?FromObject6(type3,type3.properties):IsBigInt2(type3)?type3:IsBoolean2(type3)?type3:IsInteger(type3)?type3:IsLiteral(type3)?type3:IsNull2(type3)?type3:IsNumber3(type3)?type3:IsString2(type3)?type3:IsSymbol2(type3)?type3:IsUndefined3(type3)?type3:Object2({})}function Required(type3,options){if(IsMappedResult(type3))return RequiredFromMappedResult(type3,options);else return CreateType({...RequiredResolve(type3),...options})}var init_required=__esm(()=>{init_type2();init_computed2();init_object2();init_intersect2();init_union2();init_ref2();init_symbols2();init_discard();init_required_from_mapped_result();init_kind()});function FromProperties19(P,options){let Acc={};for(let K2 of globalThis.Object.getOwnPropertyNames(P))Acc[K2]=Required(P[K2],options);return Acc}function FromMappedResult12(R,options){return FromProperties19(R.properties,options)}function RequiredFromMappedResult(R,options){let P=FromMappedResult12(R,options);return MappedResult(P)}var init_required_from_mapped_result=__esm(()=>{init_mapped2();init_required()});var init_required2=__esm(()=>{init_required_from_mapped_result();init_required()});function DereferenceParameters(moduleProperties,types18){return types18.map((type3)=>{return IsRef(type3)?Dereference(moduleProperties,type3.$ref):FromType2(moduleProperties,type3)})}function Dereference(moduleProperties,ref2){return ref2 in moduleProperties?IsRef(moduleProperties[ref2])?Dereference(moduleProperties,moduleProperties[ref2].$ref):FromType2(moduleProperties,moduleProperties[ref2]):Never()}function FromAwaited(parameters2){return Awaited(parameters2[0])}function FromIndex(parameters2){return Index(parameters2[0],parameters2[1])}function FromKeyOf(parameters2){return KeyOf(parameters2[0])}function FromPartial(parameters2){return Partial(parameters2[0])}function FromOmit(parameters2){return Omit(parameters2[0],parameters2[1])}function FromPick(parameters2){return Pick(parameters2[0],parameters2[1])}function FromRequired(parameters2){return Required(parameters2[0])}function FromComputed5(moduleProperties,target2,parameters2){let dereferenced=DereferenceParameters(moduleProperties,parameters2);return target2==="Awaited"?FromAwaited(dereferenced):target2==="Index"?FromIndex(dereferenced):target2==="KeyOf"?FromKeyOf(dereferenced):target2==="Partial"?FromPartial(dereferenced):target2==="Omit"?FromOmit(dereferenced):target2==="Pick"?FromPick(dereferenced):target2==="Required"?FromRequired(dereferenced):Never()}function FromArray6(moduleProperties,type3){return Array2(FromType2(moduleProperties,type3))}function FromAsyncIterator3(moduleProperties,type3){return AsyncIterator2(FromType2(moduleProperties,type3))}function FromConstructor3(moduleProperties,parameters2,instanceType){return Constructor(FromTypes2(moduleProperties,parameters2),FromType2(moduleProperties,instanceType))}function FromFunction3(moduleProperties,parameters2,returnType){return Function2(FromTypes2(moduleProperties,parameters2),FromType2(moduleProperties,returnType))}function FromIntersect8(moduleProperties,types18){return Intersect(FromTypes2(moduleProperties,types18))}function FromIterator3(moduleProperties,type3){return Iterator2(FromType2(moduleProperties,type3))}function FromObject7(moduleProperties,properties){return Object2(globalThis.Object.keys(properties).reduce((result,key2)=>{return{...result,[key2]:FromType2(moduleProperties,properties[key2])}},{}))}function FromRecord3(moduleProperties,type3){let[value2,pattern2]=[FromType2(moduleProperties,RecordValue2(type3)),RecordPattern(type3)],result=CloneType(type3);return result.patternProperties[pattern2]=value2,result}function FromTransform(moduleProperties,transform){return IsRef(transform)?{...Dereference(moduleProperties,transform.$ref),[TransformKind]:transform[TransformKind]}:transform}function FromTuple5(moduleProperties,types18){return Tuple(FromTypes2(moduleProperties,types18))}function FromUnion10(moduleProperties,types18){return Union(FromTypes2(moduleProperties,types18))}function FromTypes2(moduleProperties,types18){return types18.map((type3)=>FromType2(moduleProperties,type3))}function FromType2(moduleProperties,type3){return IsOptional(type3)?CreateType(FromType2(moduleProperties,Discard(type3,[OptionalKind])),type3):IsReadonly(type3)?CreateType(FromType2(moduleProperties,Discard(type3,[ReadonlyKind])),type3):IsTransform(type3)?CreateType(FromTransform(moduleProperties,type3),type3):IsArray3(type3)?CreateType(FromArray6(moduleProperties,type3.items),type3):IsAsyncIterator2(type3)?CreateType(FromAsyncIterator3(moduleProperties,type3.items),type3):IsComputed(type3)?CreateType(FromComputed5(moduleProperties,type3.target,type3.parameters)):IsConstructor(type3)?CreateType(FromConstructor3(moduleProperties,type3.parameters,type3.returns),type3):IsFunction2(type3)?CreateType(FromFunction3(moduleProperties,type3.parameters,type3.returns),type3):IsIntersect(type3)?CreateType(FromIntersect8(moduleProperties,type3.allOf),type3):IsIterator2(type3)?CreateType(FromIterator3(moduleProperties,type3.items),type3):IsObject3(type3)?CreateType(FromObject7(moduleProperties,type3.properties),type3):IsRecord(type3)?CreateType(FromRecord3(moduleProperties,type3)):IsTuple(type3)?CreateType(FromTuple5(moduleProperties,type3.items||[]),type3):IsUnion(type3)?CreateType(FromUnion10(moduleProperties,type3.anyOf),type3):type3}function ComputeType(moduleProperties,key2){return key2 in moduleProperties?FromType2(moduleProperties,moduleProperties[key2]):Never()}function ComputeModuleProperties(moduleProperties){return globalThis.Object.getOwnPropertyNames(moduleProperties).reduce((result,key2)=>{return{...result,[key2]:ComputeType(moduleProperties,key2)}},{})}var init_compute=__esm(()=>{init_create();init_clone();init_discard();init_array2();init_awaited2();init_async_iterator2();init_constructor2();init_indexed2();init_function2();init_intersect2();init_iterator2();init_keyof2();init_object2();init_omit2();init_pick2();init_never2();init_partial2();init_record2();init_required2();init_tuple2();init_union2();init_symbols2();init_kind()});class TModule{constructor($defs){let computed2=ComputeModuleProperties($defs),identified=this.WithIdentifiers(computed2);this.$defs=identified}Import(key2,options){let $defs={...this.$defs,[key2]:CreateType(this.$defs[key2],options)};return CreateType({[Kind2]:"Import",$defs,$ref:key2})}WithIdentifiers($defs){return globalThis.Object.getOwnPropertyNames($defs).reduce((result,key2)=>{return{...result,[key2]:{...$defs[key2],$id:key2}}},{})}}function Module(properties){return new TModule(properties)}var init_module=__esm(()=>{init_create();init_symbols2();init_compute()});var init_module2=__esm(()=>{init_module()});function Not(type3,options){return CreateType({[Kind2]:"Not",not:type3},options)}var init_not=__esm(()=>{init_type2();init_symbols2()});var init_not2=__esm(()=>{init_not()});function Parameters(schema,options){return IsFunction2(schema)?Tuple(schema.parameters,options):Never()}var init_parameters2=__esm(()=>{init_tuple2();init_never2();init_kind()});var init_parameters3=__esm(()=>{init_parameters2()});function Recursive(callback,options={}){if(IsUndefined(options.$id))options.$id=`T${Ordinal++}`;let thisType=CloneType(callback({[Kind2]:"This",$ref:`${options.$id}`}));return thisType.$id=options.$id,CreateType({[Hint]:"Recursive",...thisType},options)}var Ordinal=0;var init_recursive=__esm(()=>{init_type();init_type2();init_symbols2()});var init_recursive2=__esm(()=>{init_recursive()});function RegExp2(unresolved,options){let expr=IsString(unresolved)?new globalThis.RegExp(unresolved):unresolved;return CreateType({[Kind2]:"RegExp",type:"RegExp",source:expr.source,flags:expr.flags},options)}var init_regexp=__esm(()=>{init_type2();init_symbols2()});var init_regexp2=__esm(()=>{init_regexp()});function RestResolve(T){return IsIntersect(T)?T.allOf:IsUnion(T)?T.anyOf:IsTuple(T)?T.items??[]:[]}function Rest(T){return RestResolve(T)}var init_rest=__esm(()=>{init_kind()});var init_rest2=__esm(()=>{init_rest()});function ReturnType(schema,options){return IsFunction2(schema)?CreateType(schema.returns,options):Never(options)}var init_return_type=__esm(()=>{init_type2();init_never2();init_kind()});var init_return_type2=__esm(()=>{init_return_type()});var init_anyschema=()=>{};var init_schema3=()=>{};var init_schema4=__esm(()=>{init_anyschema();init_schema3()});var init_static=()=>{};var init_static2=__esm(()=>{init_static()});class TransformDecodeBuilder{constructor(schema2){this.schema=schema2}Decode(decode3){return new TransformEncodeBuilder(this.schema,decode3)}}class TransformEncodeBuilder{constructor(schema2,decode3){this.schema=schema2,this.decode=decode3}EncodeTransform(encode4,schema2){let Codec={Encode:(value2)=>schema2[TransformKind].Encode(encode4(value2)),Decode:(value2)=>this.decode(schema2[TransformKind].Decode(value2))};return{...schema2,[TransformKind]:Codec}}EncodeSchema(encode4,schema2){let Codec={Decode:this.decode,Encode:encode4};return{...schema2,[TransformKind]:Codec}}Encode(encode4){return IsTransform(this.schema)?this.EncodeTransform(encode4,this.schema):this.EncodeSchema(encode4,this.schema)}}function Transform(schema2){return new TransformDecodeBuilder(schema2)}var init_transform=__esm(()=>{init_symbols2();init_kind()});var init_transform2=__esm(()=>{init_transform()});function Unsafe(options={}){return CreateType({[Kind2]:options[Kind2]??"Unsafe"},options)}var init_unsafe=__esm(()=>{init_type2();init_symbols2()});var init_unsafe2=__esm(()=>{init_unsafe()});function Void(options){return CreateType({[Kind2]:"Void",type:"void"},options)}var init_void=__esm(()=>{init_type2();init_symbols2()});var init_void2=__esm(()=>{init_void()});var exports_type3={};__export(exports_type3,{Void:()=>Void,Uppercase:()=>Uppercase,Unsafe:()=>Unsafe,Unknown:()=>Unknown,Union:()=>Union,Undefined:()=>Undefined,Uncapitalize:()=>Uncapitalize,Uint8Array:()=>Uint8Array2,Tuple:()=>Tuple,Transform:()=>Transform,TemplateLiteral:()=>TemplateLiteral,Symbol:()=>Symbol2,String:()=>String2,ReturnType:()=>ReturnType,Rest:()=>Rest,Required:()=>Required,RegExp:()=>RegExp2,Ref:()=>Ref,Recursive:()=>Recursive,Record:()=>Record,ReadonlyOptional:()=>ReadonlyOptional,Readonly:()=>Readonly,Promise:()=>Promise2,Pick:()=>Pick,Partial:()=>Partial,Parameters:()=>Parameters,Optional:()=>Optional,Omit:()=>Omit,Object:()=>Object2,Number:()=>Number2,Null:()=>Null2,Not:()=>Not,Never:()=>Never,Module:()=>Module,Mapped:()=>Mapped,Lowercase:()=>Lowercase,Literal:()=>Literal,KeyOf:()=>KeyOf,Iterator:()=>Iterator2,Intersect:()=>Intersect,Integer:()=>Integer2,Instantiate:()=>Instantiate,InstanceType:()=>InstanceType,Index:()=>Index,Function:()=>Function2,Extract:()=>Extract,Extends:()=>Extends,Exclude:()=>Exclude,Enum:()=>Enum,Date:()=>Date2,ConstructorParameters:()=>ConstructorParameters,Constructor:()=>Constructor,Const:()=>Const,Composite:()=>Composite,Capitalize:()=>Capitalize,Boolean:()=>Boolean3,BigInt:()=>BigInt2,Awaited:()=>Awaited,AsyncIterator:()=>AsyncIterator2,Array:()=>Array2,Argument:()=>Argument,Any:()=>Any2});var init_type5=__esm(()=>{init_any2();init_argument2();init_array2();init_async_iterator2();init_awaited2();init_bigint2();init_boolean2();init_composite2();init_const2();init_constructor2();init_constructor_parameters2();init_date2();init_enum2();init_exclude2();init_extends2();init_extract2();init_function2();init_indexed2();init_instance_type2();init_instantiate2();init_integer2();init_intersect2();init_intrinsic2();init_iterator2();init_keyof2();init_literal2();init_mapped2();init_module2();init_never2();init_not2();init_null2();init_number2();init_object2();init_omit2();init_optional2();init_parameters3();init_partial2();init_pick2();init_promise2();init_readonly2();init_readonly_optional2();init_record2();init_recursive2();init_ref2();init_regexp2();init_required2();init_rest2();init_return_type2();init_string2();init_symbol2();init_template_literal2();init_transform2();init_tuple2();init_uint8array2();init_undefined2();init_union2();init_unknown2();init_unsafe2();init_void2()});var Type;var init_type6=__esm(()=>{init_type5();Type=exports_type3});var init_esm3=__esm(()=>{init_clone();init_create();init_error2();init_guard2();init_helpers4();init_patterns();init_registry3();init_sets();init_symbols2();init_any2();init_array2();init_argument2();init_async_iterator2();init_awaited2();init_bigint2();init_boolean2();init_composite2();init_const2();init_constructor2();init_constructor_parameters2();init_date2();init_enum2();init_exclude2();init_extends2();init_extract2();init_function2();init_indexed2();init_instance_type2();init_instantiate2();init_integer2();init_intersect2();init_iterator2();init_intrinsic2();init_keyof2();init_literal2();init_module2();init_mapped2();init_never2();init_not2();init_null2();init_number2();init_object2();init_omit2();init_optional2();init_parameters3();init_partial2();init_pick2();init_promise2();init_readonly2();init_readonly_optional2();init_record2();init_recursive2();init_ref2();init_regexp2();init_required2();init_rest2();init_return_type2();init_schema4();init_static2();init_string2();init_symbol2();init_template_literal2();init_transform2();init_tuple2();init_uint8array2();init_undefined2();init_union2();init_unknown2();init_unsafe2();init_void2();init_type6()});var MagicLinkRequestSchema,MagicLinkVerifySchema,MagicLinkResponseSchema,MagicLinkVerifyResponseSchema;var init_types14=__esm(()=>{init_esm3();MagicLinkRequestSchema=Type.Object({email:Type.String({format:"email"})}),MagicLinkVerifySchema=Type.Object({token:Type.String()}),MagicLinkResponseSchema=Type.Object({success:Type.Boolean(),message:Type.Optional(Type.String())}),MagicLinkVerifyResponseSchema=Type.Object({success:Type.Boolean(),message:Type.Optional(Type.String()),data:Type.Optional(Type.Object({user:Type.Object({id:Type.String(),email:Type.String()}),accessToken:Type.String(),refreshToken:Type.String()}))})});import{eq as eq41}from"drizzle-orm";import{Elysia as Elysia30}from"elysia";function createMagicLinkRoute(config,magicLinkConfig,emailService,signAccessToken,signRefreshToken,createSession,storeMagicToken,getMagicToken,deleteMagicToken,appName,cookieConfig,saveSessionToDb){let{db,logger:logger2}=config,requestRoute=magicLinkConfig.route||"/auth/magic-link",verifyRoute=magicLinkConfig.verifyRoute||"/auth/magic-link/verify",expiresIn=magicLinkConfig.expiresIn||"15m",redirectUrl=magicLinkConfig.redirectUrl||"",magicLinkRoutes=new Elysia30;if(!magicLinkConfig.enabled)return magicLinkRoutes;return magicLinkRoutes.post(requestRoute,async(ctx)=>{let{usersTable}=resolveAuthTablesForRequest(ctx.request,config);if(!db||!usersTable)return{success:!1,message:"Database not configured"};if(!emailService?.isAvailable())return logger2.error("[AUTH] Magic link requested but email service not available"),{success:!1,message:"Email service not available"};let{email:rawEmail}=ctx.body,email=rawEmail.toLowerCase(),user=(await db.select().from(usersTable).where(eq41(usersTable.email,email)).limit(1))[0];if(!user)return logger2.info("[AUTH] Magic link requested for non-existent email",{email}),{success:!0,message:"If an account exists, a magic link has been sent"};if(user.isLocked)return logger2.warn("[AUTH] Magic link requested for locked account",{email}),{success:!0,message:"If an account exists, a magic link has been sent"};let token=generateMagicToken(),tokenHash=hashToken(token,TOKEN_PURPOSE.magicLink),expiresAt=new Date(Date.now()+parseTimeToMs3(expiresIn)),reqSchemaName=ctx.request.headers.get("x-tenant-schema")||void 0;await storeMagicToken({userId:user.id,email,tokenHash,expiresAt},reqSchemaName);let magicLink=redirectUrl?buildEmailActionLink({request:ctx.request,configuredUrl:redirectUrl,path:extractConfiguredPath(redirectUrl,"/verify-magic-link"),query:{token},allowedOrigins:config.authentication?.trustedAppOrigins}):`${verifyRoute}?token=${token}`,result=await emailService.sendMagicLinkEmail(email,magicLink,appName);if(!result.success)return logger2.error("[AUTH] Failed to send magic link email",{email,error:result.error}),{success:!1,message:"Failed to send email"};return logger2.info("[AUTH] Magic link sent",{email,userId:user.id}),{success:!0,message:"If an account exists, a magic link has been sent"}},{body:MagicLinkRequestSchema,detail:{tags:["Authentication"],summary:"Request Magic Link",description:"Send a magic link to the user's email for passwordless login"}}),magicLinkRoutes.get(verifyRoute,async(ctx)=>{let{usersTable}=resolveAuthTablesForRequest(ctx.request,config);if(!db||!usersTable)return{success:!1,message:"Database not configured"};let token=ctx.query.token;if(!token)return{success:!1,message:"Token is required"};let tokenHash=hashToken(token,TOKEN_PURPOSE.magicLink),reqSchemaName=ctx.request.headers.get("x-tenant-schema")||void 0,storedToken=await getMagicToken(tokenHash,reqSchemaName);if(!storedToken)return logger2.warn("[AUTH] Invalid magic link token"),{success:!1,message:"Invalid or expired token"};if(new Date>storedToken.expiresAt)return await deleteMagicToken(tokenHash,reqSchemaName),logger2.warn("[AUTH] Expired magic link token",{email:storedToken.email}),{success:!1,message:"Invalid or expired token"};let user=(await db.select().from(usersTable).where(eq41(usersTable.id,storedToken.userId)).limit(1))[0];if(!user)return await deleteMagicToken(tokenHash,reqSchemaName),{success:!1,message:"User not found"};if(user.isActive===!1)return await deleteMagicToken(tokenHash,reqSchemaName),logger2.warn("[AUTH] Magic link denied: account inactive",{email:storedToken.email}),{success:!1,message:"Invalid or expired token"};if(user.isLocked){let lockedUntil=user.lockedUntil;if(!(lockedUntil&&new Date(lockedUntil)<new Date))return await deleteMagicToken(tokenHash,reqSchemaName),logger2.warn("[AUTH] Magic link denied: account locked",{email:storedToken.email}),{success:!1,message:"Invalid or expired token"}}await deleteMagicToken(tokenHash,reqSchemaName),await db.update(usersTable).set({lastLoginAt:new Date,loginCount:(user.loginCount||0)+1,emailVerified:!0}).where(eq41(usersTable.id,user.id));let ipAddress=ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||ctx.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent=ctx.request.headers.get("user-agent")||"",mlUserRoles=[],mlUserClaims=[],mlUserClaimScopes={};if(db)try{let resolved=resolveAuthTablesForRequest(ctx.request,config),rc=await fetchUserRolesAndClaims(db,user.id,resolved);mlUserRoles=rc.roles,mlUserClaims=rc.claims,mlUserClaimScopes=rc.claimScopes}catch{}let accessToken=signAccessToken(user.id,mlUserRoles.length>0?mlUserRoles:void 0,mlUserClaims.length>0?mlUserClaims:void 0,ctx.request.headers.get("x-tenant-schema")??void 0,mlUserClaimScopes),refreshToken=signRefreshToken(user.id),sessionParams={userId:user.id,deviceInfo:ensureDeviceInfo({ipAddress,userAgent},deviceContextFromRequest(ctx.request).clientHints),loginMethod:"magic_link",rememberMe:!0},sessionId=await createSession(sessionParams),requiresApproval=!1,approvalSessionId=sessionId,deviceTokenCookie;if(saveSessionToDb){let reqSchemaName2=ctx.request.headers.get("x-tenant-schema")||void 0,dtCfg=config.authentication?.deviceTrust;if(dtCfg?.enabled)sessionParams.deviceToken=readDeviceTokenFromCookieHeader(ctx.request.headers.get("cookie"),dtCfg);let saveResult=await saveSessionToDb(sessionId,sessionParams,reqSchemaName2);if(saveResult?.denied)return ctx.set.status=403,{success:!1,message:"This device could not be recognized. Please contact support."};if(deviceTokenCookie=saveResult?.deviceTokenCookie,saveResult?.requiresApproval){if(requiresApproval=!0,saveResult.sessionId)approvalSessionId=saveResult.sessionId}}if(requiresApproval){if(deviceTokenCookie)ctx.set.headers["Set-Cookie"]=deviceTokenCookie;return logger2.info("[AUTH] Magic link login requires device approval",{userId:user.id,email:user.email,approvalSessionId}),{success:!1,requiresApproval:!0,sessionId:approvalSessionId,message:"Login requires approval. Please check your email to approve this device."}}logger2.info("[AUTH] Magic link login successful",{userId:user.id,email:user.email});let cookies={accessTokenName:cookieConfig?.accessTokenName||"access_token",refreshTokenName:cookieConfig?.refreshTokenName||"refresh_token",sessionTokenName:cookieConfig?.sessionTokenName||"session_token",accessTokenMaxAge:cookieConfig?.accessTokenMaxAge||900,refreshTokenMaxAge:cookieConfig?.refreshTokenMaxAge||604800,sessionTokenMaxAge:cookieConfig?.sessionTokenMaxAge||2592000,secure:cookieConfig?.secure??!0,httpOnly:cookieConfig?.httpOnly??!0,sameSite:cookieConfig?.sameSite||"strict",path:cookieConfig?.path||"/",domain:cookieConfig?.domain},securePart=cookies.secure?"; Secure":"",domainPart=cookies.domain?`; Domain=${cookies.domain}`:"",cookieOptions=`; Path=${cookies.path}; HttpOnly; SameSite=${cookies.sameSite}${securePart}${domainPart}`,responseHeaders=new Headers;if(responseHeaders.set("Content-Type","application/json"),responseHeaders.set("x-session-id",sessionId),responseHeaders.append("Set-Cookie",`${cookies.accessTokenName}=${accessToken}${cookieOptions}; Max-Age=${cookies.accessTokenMaxAge}`),responseHeaders.append("Set-Cookie",`${cookies.refreshTokenName}=${refreshToken}${cookieOptions}; Max-Age=${cookies.refreshTokenMaxAge}`),responseHeaders.append("Set-Cookie",`${cookies.sessionTokenName}=${sessionId}${cookieOptions}; Max-Age=${cookies.sessionTokenMaxAge}`),deviceTokenCookie)responseHeaders.append("Set-Cookie",deviceTokenCookie);let jsonBody=JSON.stringify({success:!0,data:{user:{id:user.id,email:user.email},accessToken,refreshToken,sessionId}});return new Response(jsonBody,{status:200,headers:responseHeaders})},{query:MagicLinkVerifySchema,detail:{tags:["Authentication"],summary:"Verify Magic Link",description:"Verify magic link token and login user"}}),magicLinkRoutes}var init_magicLink=__esm(()=>{init_DeviceTrust();init_fetchUserRolesAndClaims();init_deviceInfo();init_types14();init_utils8();init_types14()});import{eq as eq42}from"drizzle-orm";import{Elysia as Elysia31}from"elysia";function createMeRoute(config,meConfig,_schemaTables,_schemaRelations,_databaseUrl){let{db,logger:logger2}=config,route=meConfig.route||"/auth/me",meRoutes=new Elysia31;if(!meConfig.enabled)return meRoutes;return meRoutes.get(route,async(ctx)=>{let resolved=resolveAuthTablesForRequest(ctx.request,config),usersTable=resolved.usersTable,reqSchemaTables=resolved.schemaTables;if(!db||!usersTable)return{success:!1,message:"Database not configured"};let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,message:"Unauthorized"};let user=(await db.select().from(usersTable).where(eq42(usersTable.id,userId)).limit(1))[0];if(!user)return ctx.set.status=404,{success:!1,message:"User not found"};let{password:rawPassword,...restUser}=user,hasPassword=typeof rawPassword==="string"&&rawPassword.length>0,safeUser={...redactSensitiveOutput(restUser),hasPassword},profile=null,addresses=[],phones=[],files=[],roles=[],claims=[];if(meConfig.includeProfile&&reqSchemaTables){let profilesTable=reqSchemaTables.profiles;if(profilesTable&&db)profile=(await db.select().from(profilesTable).where(eq42(profilesTable.userId,userId)).limit(1))[0]||null}if(meConfig.includeAddresses&&reqSchemaTables){let addressesTable=reqSchemaTables.addresses;if(addressesTable&&db)addresses=await db.select().from(addressesTable).where(eq42(addressesTable.ownerId,userId))}if(meConfig.includePhones&&reqSchemaTables){let phonesTable=reqSchemaTables.phones;if(phonesTable&&db)phones=await db.select().from(phonesTable).where(eq42(phonesTable.ownerId,userId))}if(meConfig.includeFiles&&reqSchemaTables){let filesTable=reqSchemaTables.files;if(filesTable&&db)files=await db.select().from(filesTable).where(eq42(filesTable.uploadedBy,userId))}if(meConfig.includeRoles&&reqSchemaTables){let{userRoles:userRolesTable,roles:rolesTable}=reqSchemaTables;if(userRolesTable&&rolesTable&&db){let roleIds=(await db.select().from(userRolesTable).where(eq42(userRolesTable.userId,userId))).map((ur)=>ur.roleId);if(roleIds.length>0){let{inArray:inArray11}=await import("drizzle-orm");roles=await db.select().from(rolesTable).where(inArray11(rolesTable.id,roleIds))}}}if(meConfig.includeClaims&&reqSchemaTables){let{userRoles:userRolesTable,roleClaims:roleClaimsTable,claims:claimsTable}=reqSchemaTables;if(userRolesTable&&roleClaimsTable&&claimsTable&&db){let urCols=userRolesTable,rcCols=roleClaimsTable,cCols=claimsTable,roleIds=(await db.select({roleId:urCols.roleId}).from(userRolesTable).where(eq42(urCols.userId,userId))).map((r2)=>r2.roleId);if(roleIds.length>0){let{inArray:inArray11}=await import("drizzle-orm"),claimRows=await db.select({action:cCols.action,scope:rcCols.scope}).from(roleClaimsTable).innerJoin(claimsTable,eq42(rcCols.claimId,cCols.id)).where(inArray11(rcCols.roleId,roleIds)),seen=new Set;for(let row of claimRows){let r2=row,key2=`${r2.action}|${r2.scope??""}`;if(!seen.has(key2))seen.add(key2),claims.push({action:r2.action,scope:r2.scope??null})}}}}return logger2.info("[AUTH] Me endpoint accessed",{userId}),JSON.parse(JSON.stringify({success:!0,data:{user:safeUser,profile,addresses,phones,files,roles,claims}},(_key,value2)=>typeof value2==="bigint"?Number(value2):value2))},{detail:{tags:["Authentication"],summary:"Get current user",description:"Get the currently authenticated user with profile, addresses, phones and files"}}),meRoutes}var init_me=__esm(()=>{init_utils5()});var exports_accountState={};__export(exports_accountState,{evaluateAccountState:()=>evaluateAccountState});function evaluateAccountState(user,now=new Date){if(user.isActive===!1)return{allowed:!1,reason:"inactive",message:"Account is not active"};if(user.isLocked===!0){let raw=user.lockedUntil,lockedUntil=raw instanceof Date?raw:raw?new Date(raw):null;if(!lockedUntil||Number.isNaN(lockedUntil.getTime())||lockedUntil>now)return{allowed:!1,reason:"locked",message:"Account is locked"}}return{allowed:!0}}import{and as and14,eq as eq43}from"drizzle-orm";import{Elysia as Elysia32}from"elysia";function buildOAuthStateCookie(value2,opts){let securePart=opts.secure?"; Secure":"",domainPart=opts.domain?`; Domain=${opts.domain}`:"";return`${OAUTH_STATE_COOKIE}=${value2}; Path=/; HttpOnly; SameSite=Lax; Max-Age=${opts.maxAge}${securePart}${domainPart}`}function createOAuthRoutes(config,oauthService,signAccessToken,signRefreshToken,createSession,saveSessionToDb,cookieConfig,tokenResponseConfig,emailService,storeMagicToken,appName){let{db,logger:logger2}=config,basePath=oauthService.basePath;for(let provider of oauthService.getEnabledProviders()){let p=oauthService.config.providers[provider];logger2.info("[OAUTH] Provider loaded",{provider,clientIdSuffix:p?.clientId?p.clientId.slice(-4):"none",tenantId:p?.tenantId??"common",redirectUri:p?.redirectUri,scopes:p?.scopes})}let cookies={accessTokenName:cookieConfig?.accessTokenName||"access_token",refreshTokenName:cookieConfig?.refreshTokenName||"refresh_token",sessionTokenName:cookieConfig?.sessionTokenName||"session_token",accessTokenMaxAge:cookieConfig?.accessTokenMaxAge||900,refreshTokenMaxAge:cookieConfig?.refreshTokenMaxAge||604800,sessionTokenMaxAge:cookieConfig?.sessionTokenMaxAge||900,secure:cookieConfig?.secure??!0,httpOnly:cookieConfig?.httpOnly??!0,sameSite:cookieConfig?.sameSite||"lax",path:cookieConfig?.path||"/",domain:cookieConfig?.domain},tokenConfig={accessToken:{setHeadersEnabled:tokenResponseConfig?.accessToken?.setHeadersEnabled??!0,returnJson:tokenResponseConfig?.accessToken?.returnJson??!0},refreshToken:{setHeadersEnabled:tokenResponseConfig?.refreshToken?.setHeadersEnabled??!0,returnJson:tokenResponseConfig?.refreshToken?.returnJson??!0},sessionToken:{setHeadersEnabled:tokenResponseConfig?.sessionToken?.setHeadersEnabled??!0,returnJson:tokenResponseConfig?.sessionToken?.returnJson??!0}},routes=new Elysia32;return routes.get(`${basePath}/:provider`,async(ctx)=>{let provider=ctx.params.provider;if(!oauthService.isProviderEnabled(provider))return ctx.set.status=404,{success:!1,message:`OAuth provider "${provider}" is not enabled`};let redirectUrl=ctx.query.redirect_url,authUrl=await oauthService.buildAuthorizationUrl(provider,void 0,redirectUrl);logger2.debug("[OAUTH] Redirecting to provider",{provider,authUrl:authUrl.replace(/(client_id=)[^&]+/,"$1***")});let issuedState=new URL(authUrl).searchParams.get("state");if(issuedState)ctx.set.headers["Set-Cookie"]=buildOAuthStateCookie(issuedState,{maxAge:600,secure:cookies.secure,domain:cookies.domain});return ctx.set.status=302,ctx.set.headers.Location=authUrl,null},{detail:{tags:["Authentication"],summary:"OAuth Redirect",description:"Redirects to the OAuth provider authorization page"}}),routes.get(`${basePath}/:provider/callback`,async(ctx)=>{let provider=ctx.params.provider,query=ctx.query,{code,state,error:error3,error_description}=query,errorRedirect=oauthService.errorRedirectUrl;if(error3)return logger2.warn("[OAUTH] Provider returned error",{provider,error:error3,error_description}),ctx.set.status=302,ctx.set.headers.Location=`${errorRedirect}?error=${encodeURIComponent(error_description||error3)}`,null;if(!code||!state)return ctx.set.status=302,ctx.set.headers.Location=`${errorRedirect}?error=missing_code_or_state`,null;let statePayload=await oauthService.consumeState(state);if(!statePayload)return logger2.warn("[OAUTH] Invalid or expired state",{provider,state}),ctx.set.status=302,ctx.set.headers.Location=`${errorRedirect}?error=invalid_state`,null;let cookieState=readCookie(ctx.request,OAUTH_STATE_COOKIE),clearStateCookie=buildOAuthStateCookie("",{maxAge:0,secure:cookies.secure,domain:cookies.domain});if(!cookieState||cookieState!==state)return logger2.warn("[OAUTH] State cookie missing or mismatched (possible CSRF)",{provider}),ctx.set.status=302,ctx.set.headers["Set-Cookie"]=clearStateCookie,ctx.set.headers.Location=`${errorRedirect}?error=invalid_state`,null;if(statePayload.provider!==provider)return logger2.warn("[OAUTH] State provider mismatch",{expected:statePayload.provider,got:provider}),ctx.set.status=302,ctx.set.headers.Location=`${errorRedirect}?error=provider_mismatch`,null;let resolved=resolveAuthTablesForRequest(ctx.request,config),usersTable=resolved.usersTable,oauthTable=resolved.oauthAccountsTable??config.oauthAccountsTable;if(!db||!usersTable)return ctx.set.status=302,ctx.set.headers.Location=`${errorRedirect}?error=server_error`,null;logger2.debug("[OAUTH] Exchanging code",{provider,codeLength:code.length,statePresent:!!state});let callbackResult;try{callbackResult=await oauthService.exchangeCode(provider,code)}catch(err){let e=err;return logger2.error("[OAUTH] Code exchange failed",err,{provider,errorMessage:e?.message,errorName:e?.name,errorCauseCode:e?.cause?.code,errorCauseMessage:e?.cause?.message}),ctx.set.status=302,ctx.set.headers.Location=`${errorRedirect}?error=token_exchange_failed`,null}let{profile,tokens}=callbackResult,userId=null;if(statePayload.linkUserId&&oauthService.allowAccountLinking){if(userId=statePayload.linkUserId,oauthTable){let existing=await db.select().from(oauthTable).where(and14(eq43(oauthTable.provider,provider),eq43(oauthTable.providerAccountId,profile.providerAccountId))).limit(1);if(existing.length>0){let existingRecord=existing[0];if(existingRecord.userId!==userId)return ctx.set.status=302,ctx.set.headers.Location=`${errorRedirect}?error=account_already_linked_to_another_user`,null;await db.update(oauthTable).set({accessToken:tokens.accessToken,refreshToken:tokens.refreshToken??null,tokenExpiresAt:tokens.expiresAt??null,scope:tokens.scope??null,rawProfile:profile.rawProfile,lastUsedAt:new Date}).where(eq43(oauthTable.id,existingRecord.id))}else await db.insert(oauthTable).values({userId,provider,providerAccountId:profile.providerAccountId,providerEmail:profile.email??null,providerName:profile.name??null,providerAvatarUrl:profile.avatarUrl??null,accessToken:tokens.accessToken,refreshToken:tokens.refreshToken??null,tokenExpiresAt:tokens.expiresAt??null,scope:tokens.scope??null,rawProfile:profile.rawProfile,isPrimary:!1,lastUsedAt:new Date})}logger2.info("[OAUTH] Account linked successfully",{userId,provider});let successUrl2=resolveSafeOAuthRedirect(statePayload.redirectUrl,oauthService.successRedirectUrl,config.authentication?.trustedAppOrigins);return ctx.set.status=302,ctx.set.headers.Location=`${successUrl2}?linked=true&provider=${provider}`,null}if(oauthTable){let existingOAuth=await db.select().from(oauthTable).where(and14(eq43(oauthTable.provider,provider),eq43(oauthTable.providerAccountId,profile.providerAccountId))).limit(1);if(existingOAuth.length>0){let oauthRecord=existingOAuth[0];userId=oauthRecord.userId,await db.update(oauthTable).set({accessToken:tokens.accessToken,refreshToken:tokens.refreshToken??null,tokenExpiresAt:tokens.expiresAt??null,scope:tokens.scope??null,rawProfile:profile.rawProfile,lastUsedAt:new Date}).where(eq43(oauthTable.id,oauthRecord.id))}}if(!userId&&profile.email){let normalizedOAuthEmail=profile.email.toLowerCase(),existingUsers=await db.select().from(usersTable).where(eq43(usersTable.email,normalizedOAuthEmail)).limit(1);if(existingUsers.length>0&&profile.emailVerified!==!0)return logger2.warn("[OAUTH] Refusing account merge: provider email not verified",{provider,email:profile.email}),ctx.set.status=302,ctx.set.headers.Location=`${errorRedirect}?error=email_not_verified`,null;if(existingUsers.length>0){if(userId=existingUsers[0].id,oauthTable)await db.insert(oauthTable).values({userId,provider,providerAccountId:profile.providerAccountId,providerEmail:profile.email??null,providerName:profile.name??null,providerAvatarUrl:profile.avatarUrl??null,accessToken:tokens.accessToken,refreshToken:tokens.refreshToken??null,tokenExpiresAt:tokens.expiresAt??null,scope:tokens.scope??null,rawProfile:profile.rawProfile,isPrimary:!1,lastUsedAt:new Date}).onConflictDoNothing();logger2.info("[OAUTH] Merged OAuth account with existing user by email",{userId,provider,email:profile.email})}}if(!userId){if(!oauthService.autoCreateUser)return ctx.set.status=302,ctx.set.headers.Location=`${errorRedirect}?error=user_not_found`,null;let userEmail=(profile.email??`${provider}_${profile.providerAccountId}@oauth.local`).toLowerCase(),providerEmailVerified=profile.emailVerified===!0;if(userId=(await db.insert(usersTable).values({email:userEmail,password:null,emailVerified:providerEmailVerified,verifiedAt:providerEmailVerified?new Date:null,isActive:!0}).returning())[0].id,oauthTable)await db.insert(oauthTable).values({userId,provider,providerAccountId:profile.providerAccountId,providerEmail:profile.email??null,providerName:profile.name??null,providerAvatarUrl:profile.avatarUrl??null,accessToken:tokens.accessToken,refreshToken:tokens.refreshToken??null,tokenExpiresAt:tokens.expiresAt??null,scope:tokens.scope??null,rawProfile:profile.rawProfile,isPrimary:!0,lastUsedAt:new Date});if(logger2.info("[OAUTH] Created new user via OAuth",{userId,provider,email:profile.email}),oauthService.sendInviteOnCreate&&profile.email&&emailService?.isAvailable()&&storeMagicToken)try{let rawToken=generateMagicToken(),tokenHash=hashToken(rawToken,TOKEN_PURPOSE.invite),expiresAt=new Date(Date.now()+parseTimeToMs3("7d")),oauthSchemaName=ctx.request.headers.get("x-tenant-schema")||void 0;await storeMagicToken({userId,email:profile.email,tokenHash,expiresAt},oauthSchemaName);let inviteLink=`${oauthService.successRedirectUrl.replace(/\/$/,"").replace(/\/[^/]+$/,"/set-password")}?token=${rawToken}`;await emailService.sendEmail({to:profile.email,subject:`Welcome to ${appName??"the platform"} \u2014 Set your password`,html:`
437
437
  <p>Hi${profile.name?` ${profile.name}`:""},</p>
438
438
  <p>Your account has been created via ${provider} login. You can optionally set a password to also sign in with your email and password.</p>
439
439
  <p><a href="${inviteLink}">Set your password</a></p>
@@ -524,7 +524,7 @@ ${strMDSAlgs}`)}if(attestationStatementAlg!==void 0&&authenticatorGetInfo?.algor
524
524
  <p>Redirecting...</p>
525
525
  </body>
526
526
  </html>
527
- `},createPaymentRoutes=(config)=>{let{provider,basePath,defaultCurrency,defaultLocale,successRedirectUrl,failedRedirectUrl,errorRedirectUrl,savedMethodsEnabled,threeDSecureEnabled,subMerchantsEnabled,transactionsTable,methodsTable,webhookLogsTable,subMerchantsTable,commissionSplitsTable,productsTable,pricesTable,customersTable,subscriptionsTable,invoicesTable,db,logger:logger2}=config,txTable=transactionsTable,pmTable=methodsTable,whTable=webhookLogsTable,smTable=subMerchantsTable,csTable=commissionSplitsTable,prodTable=productsTable,priceTable=pricesTable,cusTable=customersTable,subTable=subscriptionsTable,invTable=invoicesTable,database=db,app=new Elysia41({prefix:basePath}),customerBelongsToCaller=async(request,customerId)=>{if(hasGodminRole(request))return!0;let uid=request.headers.get("x-user-id");if(!uid||!customerId)return!1;let[c]=await database.select().from(cusTable).where(eq52(cusTable.id,String(customerId)));return!!c&&String(c.user_id)===String(uid)},callerCustomerIds=async(uid)=>{return(await database.select().from(cusTable).where(eq52(cusTable.user_id,uid))).map((r2)=>String(r2.id))};if(app.post("/initialize",async(ctx)=>{if(!threeDSecureEnabled)return ctx.set.status=400,{success:!1,error:"3D Secure is not enabled"};let userId=ctx.request.headers.get("x-user-id"),body=ctx.body;try{let[transaction]=await database.insert(txTable).values({userId:userId??null,orderId:body.orderId??body.conversationId??null,provider:provider.name,amount:Number(body.paidPrice??body.price??0),currency:body.currency??defaultCurrency,status:"pending",statusCode:1000,statusMessage:"3DS initialization started",isThreeDSecure:!0,installment:body.installment??1,ipAddress:ctx.request.headers.get("x-forwarded-for")??ctx.request.headers.get("x-real-ip")??null,metadata:body.metadata??{}}).returning(),result=await provider.initialize3DS({locale:body.locale??defaultLocale,conversationId:transaction.id,price:body.price,paidPrice:body.paidPrice,currency:body.currency??defaultCurrency,installment:body.installment,paymentChannel:body.paymentChannel,basketId:body.basketId,paymentGroup:body.paymentGroup,paymentCard:body.paymentCard,buyer:body.buyer,shippingAddress:body.shippingAddress,billingAddress:body.billingAddress,basketItems:body.basketItems,callbackUrl:body.callbackUrl??config.callbackUrl??`${basePath}/callback`});if(!result.success)return await database.update(txTable).set({status:"failed",statusCode:1003,statusMessage:result.errorMessage??"Initialization failed",providerResponse:result.rawResponse??{},failedAt:new Date}).where(eq52(txTable.id,transaction.id)),ctx.set.status=400,{success:!1,error:result.errorMessage??"Payment initialization failed",errorCode:result.errorCode};return await database.update(txTable).set({status:"processing",statusCode:1001,statusMessage:"3DS initialized, awaiting bank verification",providerPaymentId:result.paymentId,providerResponse:result.rawResponse??{}}).where(eq52(txTable.id,transaction.id)),{success:!0,transactionId:transaction.id,threeDSHtmlContent:result.threeDSHtmlContent,paymentId:result.paymentId}}catch(error3){return logger2.error("[Payment] initialize3DS error",{error:error3 instanceof Error?error3.message:String(error3)}),ctx.set.status=500,{success:!1,error:"Internal payment error"}}}),app.post("/callback",async(ctx)=>{let requestOrigin=new URL(ctx.request.url).origin,htmlHeaders={"Content-Type":"text/html; charset=utf-8","Access-Control-Allow-Origin":requestOrigin,"Access-Control-Allow-Methods":"POST, OPTIONS"};try{let formData=await ctx.request.formData(),rawData={};formData.forEach((value2,key2)=>{rawData[key2]=String(value2)});let parsed=provider.parseCallback(rawData);if(await database.insert(whTable).values({provider:provider.name,eventType:"three_ds_callback",providerPaymentId:parsed.paymentId,rawPayload:rawData,processed:!1,idempotencyKey:`${provider.name}:${parsed.paymentId}:${parsed.mdStatus}`,ipAddress:ctx.request.headers.get("x-forwarded-for")??ctx.request.headers.get("x-real-ip")??null}).onConflictDoNothing(),!parsed.success){if(logger2.warn("[Payment] 3DS callback failed",{mdStatus:parsed.mdStatus,paymentId:parsed.paymentId}),parsed.conversationId)await database.update(txTable).set({status:"failed",statusCode:1003,statusMessage:`3DS verification failed: mdStatus=${parsed.mdStatus}`,failedAt:new Date}).where(eq52(txTable.id,parsed.conversationId)).catch(()=>{});return new Response(generateRedirectHtml(`${requestOrigin}${failedRedirectUrl}`,"Payment Failed"),{headers:htmlHeaders})}let completion=await provider.complete3DS({locale:defaultLocale,conversationId:parsed.conversationId,paymentId:parsed.paymentId});if(!completion.success){if(logger2.error("[Payment] 3DS completion failed",{paymentId:parsed.paymentId,errorCode:completion.errorCode,errorMessage:completion.errorMessage}),parsed.conversationId)await database.update(txTable).set({status:"failed",statusCode:1003,statusMessage:`3DS completion failed: ${completion.errorMessage}`,providerResponse:completion.rawResponse??{},failedAt:new Date}).where(eq52(txTable.id,parsed.conversationId)).catch(()=>{});return new Response(generateRedirectHtml(`${requestOrigin}${failedRedirectUrl}`,"Payment Failed"),{headers:htmlHeaders})}if(parsed.conversationId)await database.update(txTable).set({status:"completed",statusCode:1001,statusMessage:"Payment completed successfully",providerPaymentId:completion.paymentId??parsed.paymentId,providerTransactionId:completion.signature,amount:completion.paidPrice??0,currency:completion.currency??defaultCurrency,paymentMethod:completion.cardAssociation,cardLastFour:completion.lastFourDigits,cardType:completion.cardType,cardAssociation:completion.cardAssociation,installment:completion.installment??1,providerResponse:completion.rawResponse??{},completedAt:new Date}).where(and17(eq52(txTable.id,parsed.conversationId),eq52(txTable.status,"pending"))).catch(()=>{});await database.update(whTable).set({processed:!0,processingResult:{completion}}).where(eq52(whTable.idempotencyKey,`${provider.name}:${parsed.paymentId}:${parsed.mdStatus}`)).catch(()=>{}),logger2.info("[Payment] 3DS payment completed",{paymentId:completion.paymentId,amount:completion.paidPrice,currency:completion.currency});let queryParams=new URLSearchParams;if(parsed.conversationId)queryParams.append("transactionId",parsed.conversationId);if(completion.paymentId)queryParams.append("paymentId",completion.paymentId);if(completion.paidPrice)queryParams.append("amount",String(completion.paidPrice));let redirectUrl=`${requestOrigin}${successRedirectUrl}?${queryParams.toString()}`;return new Response(generateRedirectHtml(redirectUrl,"Payment Successful"),{headers:htmlHeaders})}catch(error3){return logger2.error("[Payment] callback error",{error:error3 instanceof Error?error3.message:String(error3)}),new Response(generateRedirectHtml(`${requestOrigin}${errorRedirectUrl}`,"Payment Error"),{headers:htmlHeaders})}}),app.get("/transactions",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{return{success:!0,data:{items:await database.select().from(txTable).where(eq52(txTable.userId,userId)).orderBy(txTable.createdAt)}}}catch(error3){return logger2.error("[Payment] list transactions error",{error:error3 instanceof Error?error3.message:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to list transactions"}}}),app.get("/transactions/:id",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let[transaction]=await database.select().from(txTable).where(and17(eq52(txTable.id,ctx.params.id),eq52(txTable.userId,userId))).limit(1);if(!transaction)return ctx.set.status=404,{success:!1,error:"Transaction not found"};return{success:!0,data:transaction}}catch{return ctx.set.status=500,{success:!1,error:"Failed to get transaction"}}}),app.post("/bin-query",async(ctx)=>{let body=ctx.body,binNumber=body.binNumber??body.cardNumber;if(!binNumber||typeof binNumber!=="string")return ctx.set.status=400,{success:!1,error:"binNumber is required"};try{let result=await provider.queryBin({locale:body.locale??defaultLocale,binNumber,price:body.price});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"BIN query failed",errorCode:result.errorCode};return{success:!0,data:result}}catch{return ctx.set.status=500,{success:!1,error:"BIN query failed"}}}),app.post("/payment-detail",async(ctx)=>{let body=ctx.body;if(!body.paymentId)return ctx.set.status=400,{success:!1,error:"paymentId is required"};try{let result=await provider.getPaymentDetail({locale:body.locale??defaultLocale,paymentId:body.paymentId,conversationId:body.conversationId,paymentConversationId:body.paymentConversationId});return{success:result.success,data:result}}catch{return ctx.set.status=500,{success:!1,error:"Payment detail query failed"}}}),app.post("/refund",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};let body=ctx.body;if(!body.paymentTransactionId||!body.price)return ctx.set.status=400,{success:!1,error:"paymentTransactionId and price are required"};let refundAmt=validateAmount(body.price,"price");if(!refundAmt.ok)return ctx.set.status=400,{success:!1,error:refundAmt.error};if(!hasGodminRole(ctx.request)){if(!body.transactionId)return ctx.set.status=400,{success:!1,error:"transactionId is required"};let[tx]=await database.select().from(txTable).where(eq52(txTable.id,body.transactionId)).limit(1);if(!tx)return ctx.set.status=404,{success:!1,error:"Transaction not found"};if(String(tx.userId)!==String(userId))return ctx.set.status=403,{success:!1,error:"You can only refund your own transactions"};let ownedProviderId=tx.providerTransactionId??tx.providerPaymentId;if(ownedProviderId&&String(body.paymentTransactionId)!==String(ownedProviderId))return ctx.set.status=403,{success:!1,error:"paymentTransactionId does not match this transaction"};let refundable=Number(tx.amount??0)-Number(tx.refundedAmount??0);if(!(Number(body.price)>0)||Number(body.price)>refundable)return ctx.set.status=400,{success:!1,error:`Refund amount exceeds the refundable balance (${refundable})`}}try{let result=await provider.refund({locale:body.locale??defaultLocale,conversationId:body.conversationId,paymentTransactionId:body.paymentTransactionId,price:String(body.price),currency:body.currency??defaultCurrency,ip:ctx.request.headers.get("x-forwarded-for")??ctx.request.headers.get("x-real-ip")??void 0});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Refund failed",errorCode:result.errorCode};if(body.transactionId){let price=Number(body.price);await database.update(txTable).set({status:sql10`CASE WHEN COALESCE(${txTable.refundedAmount}, 0) + ${price} >= ${txTable.amount} THEN 'refunded' ELSE 'partially_refunded' END`,refundedAmount:sql10`COALESCE(${txTable.refundedAmount}, 0) + ${price}`,refundedAt:new Date,statusMessage:"Payment refunded"}).where(eq52(txTable.id,body.transactionId)).catch(()=>{})}return logger2.info("[Payment] Refund processed",{paymentId:result.paymentId,price:result.price}),{success:!0,data:result}}catch{return ctx.set.status=500,{success:!1,error:"Refund failed"}}}),savedMethodsEnabled)app.post("/cards/save",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};let body=ctx.body;if(!body.email||!body.card)return ctx.set.status=400,{success:!1,error:"email and card are required"};try{let result=await provider.saveCard({locale:body.locale??defaultLocale,email:body.email,externalId:userId,card:body.card});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Failed to save card",errorCode:result.errorCode};let[saved]=await database.insert(pmTable).values({userId,provider:provider.name,type:"card",alias:result.cardAlias??body.card.cardAlias,cardLastFour:result.lastFourDigits,cardType:result.cardType,cardAssociation:result.cardAssociation,cardFamily:result.cardFamily,cardBankName:result.cardBankName,providerCardUserKey:result.cardUserKey,providerCardToken:result.cardToken,binNumber:result.binNumber}).returning();return logger2.info("[Payment] Card saved",{userId,cardAlias:result.cardAlias}),{success:!0,data:saved}}catch{return ctx.set.status=500,{success:!1,error:"Failed to save card"}}}),app.get("/cards",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{return{success:!0,data:{items:await database.select().from(pmTable).where(and17(eq52(pmTable.userId,userId),eq52(pmTable.isActive,!0))).orderBy(pmTable.createdAt)}}}catch{return ctx.set.status=500,{success:!1,error:"Failed to list cards"}}}),app.delete("/cards/:id",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let[card]=await database.select().from(pmTable).where(and17(eq52(pmTable.id,ctx.params.id),eq52(pmTable.userId,userId))).limit(1);if(!card)return ctx.set.status=404,{success:!1,error:"Card not found"};if(card.providerCardUserKey&&card.providerCardToken){let deleteResult=await provider.deleteCard({locale:defaultLocale,cardUserKey:card.providerCardUserKey,cardToken:card.providerCardToken});if(!deleteResult.success)logger2.warn("[Payment] Provider card delete failed (proceeding with local delete)",{errorCode:deleteResult.errorCode,errorMessage:deleteResult.errorMessage})}return await database.update(pmTable).set({isActive:!1}).where(eq52(pmTable.id,ctx.params.id)),logger2.info("[Payment] Card deleted",{userId,cardId:ctx.params.id}),{success:!0}}catch{return ctx.set.status=500,{success:!1,error:"Failed to delete card"}}}),app.post("/cards/sync",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};let body=ctx.body,cardUserKey=body.cardUserKey;if(!cardUserKey)return ctx.set.status=400,{success:!1,error:"cardUserKey is required"};try{let result=await provider.listCards({locale:body.locale??defaultLocale,cardUserKey});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Failed to list cards from provider"};return{success:!0,data:{cardUserKey:result.cardUserKey,cards:result.cards}}}catch{return ctx.set.status=500,{success:!1,error:"Failed to sync cards"}}});if(app.post("/products",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};let body=ctx.body;if(!body.name)return ctx.set.status=400,{success:!1,error:"name is required"};try{let providerResult=await provider.createProduct({name:body.name,description:body.description,type:body.type,images:body.images,unitLabel:body.unitLabel,url:body.url,metadata:body.metadata});if(!providerResult.success)return ctx.set.status=400,{success:!1,error:providerResult.errorMessage??"Failed to create product at provider",errorCode:providerResult.errorCode};let[saved]=await database.insert(prodTable).values({provider:provider.name,providerProductId:providerResult.providerProductId,name:body.name,description:body.description??null,type:body.type??"service",status:"active",images:body.images?JSON.stringify(body.images):"[]",unitLabel:body.unitLabel??null,url:body.url??null,metadata:body.metadata?JSON.stringify(body.metadata):"{}"}).returning();return logger2.info("[Payment] Product created",{id:saved.id,providerProductId:providerResult.providerProductId}),{success:!0,data:saved}}catch(error3){return logger2.error("[Payment] create product error",{error:error3 instanceof Error?error3.message:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to create product"}}}),app.put("/products/:id",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};let body=ctx.body;try{let[existing]=await database.select().from(prodTable).where(eq52(prodTable.id,ctx.params.id)).limit(1);if(!existing)return ctx.set.status=404,{success:!1,error:"Product not found"};if(existing.providerProductId){let providerResult=await provider.updateProduct({providerProductId:existing.providerProductId,name:body.name,description:body.description,images:body.images,unitLabel:body.unitLabel,url:body.url,active:body.status==="active"?!0:body.status==="archived"?!1:void 0,metadata:body.metadata});if(!providerResult.success)logger2.warn("[Payment] Provider product update failed",{errorCode:providerResult.errorCode})}let updateData={};if(body.name)updateData.name=body.name;if(body.description!==void 0)updateData.description=body.description;if(body.type)updateData.type=body.type;if(body.status)updateData.status=body.status;if(body.images)updateData.images=JSON.stringify(body.images);if(body.unitLabel!==void 0)updateData.unitLabel=body.unitLabel;if(body.url!==void 0)updateData.url=body.url;if(body.metadata)updateData.metadata=JSON.stringify(body.metadata);let[updated]=await database.update(prodTable).set(updateData).where(eq52(prodTable.id,ctx.params.id)).returning();return{success:!0,data:updated}}catch{return ctx.set.status=500,{success:!1,error:"Failed to update product"}}}),app.get("/products",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let status=new URL(ctx.request.url).searchParams.get("status"),query=database.select().from(prodTable).where(eq52(prodTable.isActive,!0));if(status)query=database.select().from(prodTable).where(and17(eq52(prodTable.isActive,!0),eq52(prodTable.status,status)));return{success:!0,data:{items:await query.orderBy(prodTable.createdAt)}}}catch{return ctx.set.status=500,{success:!1,error:"Failed to list products"}}}),app.get("/products/:id",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let[item]=await database.select().from(prodTable).where(eq52(prodTable.id,ctx.params.id)).limit(1);if(!item)return ctx.set.status=404,{success:!1,error:"Product not found"};let prices=await database.select().from(priceTable).where(and17(eq52(priceTable.productId,ctx.params.id),eq52(priceTable.isActive,!0))).orderBy(priceTable.createdAt);return{success:!0,data:{...item,prices}}}catch{return ctx.set.status=500,{success:!1,error:"Failed to get product"}}}),app.delete("/products/:id",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};try{let[existing]=await database.select().from(prodTable).where(eq52(prodTable.id,ctx.params.id)).limit(1);if(!existing)return ctx.set.status=404,{success:!1,error:"Product not found"};if(existing.providerProductId)await provider.archiveProduct({providerProductId:existing.providerProductId});let[updated]=await database.update(prodTable).set({status:"archived"}).where(eq52(prodTable.id,ctx.params.id)).returning();return{success:!0,data:updated}}catch{return ctx.set.status=500,{success:!1,error:"Failed to archive product"}}}),app.post("/prices",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};let body=ctx.body;if(!body.productId||body.unitAmount===void 0||!body.currency)return ctx.set.status=400,{success:!1,error:"productId, unitAmount, and currency are required"};try{let[product]=await database.select().from(prodTable).where(eq52(prodTable.id,body.productId)).limit(1);if(!product)return ctx.set.status=404,{success:!1,error:"Product not found"};let providerResult=await provider.createPrice({providerProductId:product.providerProductId,currency:body.currency,unitAmount:body.unitAmount,type:body.type,billingScheme:body.billingScheme,nickname:body.nickname,recurring:body.recurring,transformQuantity:body.transformQuantity,unitAmountDecimal:body.unitAmountDecimal,metadata:body.metadata});if(!providerResult.success)return ctx.set.status=400,{success:!1,error:providerResult.errorMessage??"Failed to create price at provider",errorCode:providerResult.errorCode};let[saved]=await database.insert(priceTable).values({productId:body.productId,provider:provider.name,providerPriceId:providerResult.providerPriceId,currency:body.currency,unitAmount:body.unitAmount,unitAmountDecimal:body.unitAmountDecimal??null,type:body.type??"one_time",billingScheme:body.billingScheme??"per_unit",nickname:body.nickname??null,recurringInterval:body.recurring?.interval??null,recurringIntervalCount:body.recurring?.intervalCount??1,recurringUsageType:body.recurring?.usageType??"licensed",recurringAggregateUsage:body.recurring?.aggregateUsage??null,transformQuantityDivideBy:body.transformQuantity?.divideBy??null,transformQuantityRound:body.transformQuantity?.round??null,status:"active",metadata:body.metadata?JSON.stringify(body.metadata):"{}"}).returning();return logger2.info("[Payment] Price created",{id:saved.id,providerPriceId:providerResult.providerPriceId}),{success:!0,data:saved}}catch(error3){return logger2.error("[Payment] create price error",{error:error3 instanceof Error?error3.message:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to create price"}}}),app.put("/prices/:id",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};let body=ctx.body;try{let[existing]=await database.select().from(priceTable).where(eq52(priceTable.id,ctx.params.id)).limit(1);if(!existing)return ctx.set.status=404,{success:!1,error:"Price not found"};if(existing.providerPriceId){let providerResult=await provider.updatePrice({providerPriceId:existing.providerPriceId,nickname:body.nickname,active:body.status==="active"?!0:body.status==="archived"?!1:void 0,metadata:body.metadata});if(!providerResult.success)logger2.warn("[Payment] Provider price update failed",{errorCode:providerResult.errorCode})}let updateData={};if(body.nickname!==void 0)updateData.nickname=body.nickname;if(body.status)updateData.status=body.status;if(body.metadata)updateData.metadata=JSON.stringify(body.metadata);let[updated]=await database.update(priceTable).set(updateData).where(eq52(priceTable.id,ctx.params.id)).returning();return{success:!0,data:updated}}catch{return ctx.set.status=500,{success:!1,error:"Failed to update price"}}}),app.get("/prices",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let url=new URL(ctx.request.url),productId=url.searchParams.get("productId"),status=url.searchParams.get("status"),query=database.select().from(priceTable).where(eq52(priceTable.isActive,!0));if(productId&&status)query=database.select().from(priceTable).where(and17(eq52(priceTable.productId,productId),eq52(priceTable.status,status),eq52(priceTable.isActive,!0)));else if(productId)query=database.select().from(priceTable).where(and17(eq52(priceTable.productId,productId),eq52(priceTable.isActive,!0)));else if(status)query=database.select().from(priceTable).where(and17(eq52(priceTable.status,status),eq52(priceTable.isActive,!0)));return{success:!0,data:{items:await query.orderBy(priceTable.createdAt)}}}catch{return ctx.set.status=500,{success:!1,error:"Failed to list prices"}}}),app.get("/prices/:id",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let[item]=await database.select().from(priceTable).where(eq52(priceTable.id,ctx.params.id)).limit(1);if(!item)return ctx.set.status=404,{success:!1,error:"Price not found"};return{success:!0,data:item}}catch{return ctx.set.status=500,{success:!1,error:"Failed to get price"}}}),app.delete("/prices/:id",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};try{let[existing]=await database.select().from(priceTable).where(eq52(priceTable.id,ctx.params.id)).limit(1);if(!existing)return ctx.set.status=404,{success:!1,error:"Price not found"};if(existing.providerPriceId)await provider.archivePrice({providerPriceId:existing.providerPriceId});let[updated]=await database.update(priceTable).set({status:"archived"}).where(eq52(priceTable.id,ctx.params.id)).returning();return{success:!0,data:updated}}catch{return ctx.set.status=500,{success:!1,error:"Failed to archive price"}}}),app.post("/customers",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let body=ctx.body,result=await provider.createCustomer({email:body.email,name:body.name,phone:body.phone,description:body.description,metadata:body.metadata,address:body.address?{line1:body.address?.line1,line2:body.address?.line2,city:body.address?.city,state:body.address?.state,postalCode:body.address?.postalCode,country:body.address?.country}:void 0,taxId:body.taxId});if(!result.success)return ctx.set.status=400,result;let[row]=await database.insert(cusTable).values({user_id:userId,provider:provider.name,provider_customer_id:result.providerCustomerId,email:body.email,name:body.name??null,phone:body.phone??null,description:body.description??null,address:body.address??{},tax_id_type:body.taxId?.type??null,tax_id_value:body.taxId?.value??null,metadata:body.metadata??{}}).returning();return{success:!0,customer:row,providerCustomerId:result.providerCustomerId}}catch(error3){return logger2.error("[Payment] Create customer error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to create customer"}}}),app.put("/customers/:id",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,body=ctx.body,[existing]=await database.select().from(cusTable).where(eq52(cusTable.id,id));if(!existing)return ctx.set.status=404,{success:!1,error:"Customer not found"};if(String(existing.user_id)!==String(userId)&&!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden"};let result=await provider.updateCustomer({providerCustomerId:existing.provider_customer_id,email:body.email,name:body.name,phone:body.phone,description:body.description,metadata:body.metadata,address:body.address?{line1:body.address?.line1,line2:body.address?.line2,city:body.address?.city,state:body.address?.state,postalCode:body.address?.postalCode,country:body.address?.country}:void 0});if(!result.success)return ctx.set.status=400,result;let updates={};if(body.email)updates.email=body.email;if(body.name!==void 0)updates.name=body.name;if(body.phone!==void 0)updates.phone=body.phone;if(body.description!==void 0)updates.description=body.description;if(body.address)updates.address=body.address;if(body.metadata)updates.metadata=body.metadata;let[updated]=await database.update(cusTable).set(updates).where(eq52(cusTable.id,id)).returning();return{success:!0,customer:updated}}catch(error3){return logger2.error("[Payment] Update customer error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to update customer"}}}),app.get("/customers",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{return{success:!0,customers:await database.select().from(cusTable).where(eq52(cusTable.user_id,userId))}}catch(error3){return logger2.error("[Payment] List customers error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to list customers"}}}),app.get("/customers/:id",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,[customer]=await database.select().from(cusTable).where(eq52(cusTable.id,id));if(!customer)return ctx.set.status=404,{success:!1,error:"Customer not found"};if(String(customer.user_id)!==String(userId)&&!hasGodminRole(ctx.request))return ctx.set.status=404,{success:!1,error:"Customer not found"};return{success:!0,customer}}catch(error3){return logger2.error("[Payment] Get customer error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to get customer"}}}),app.delete("/customers/:id",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,[existing]=await database.select().from(cusTable).where(eq52(cusTable.id,id));if(!existing)return ctx.set.status=404,{success:!1,error:"Customer not found"};if(String(existing.user_id)!==String(userId)&&!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden"};return await provider.deleteCustomer({providerCustomerId:existing.provider_customer_id}),await database.delete(cusTable).where(eq52(cusTable.id,id)),{success:!0}}catch(error3){return logger2.error("[Payment] Delete customer error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to delete customer"}}}),app.post("/subscriptions",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let body=ctx.body,customerId=body.customerId,[customer]=await database.select().from(cusTable).where(eq52(cusTable.id,customerId));if(!customer)return ctx.set.status=404,{success:!1,error:"Customer not found"};if(String(customer.user_id)!==String(userId)&&!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden"};let items=body.items,result=await provider.createSubscription({providerCustomerId:customer.provider_customer_id,items,trialPeriodDays:body.trialPeriodDays,collectionMethod:body.collectionMethod,daysUntilDue:body.daysUntilDue,cancelAtPeriodEnd:body.cancelAtPeriodEnd,metadata:body.metadata,defaultPaymentMethod:body.defaultPaymentMethod});if(!result.success)return ctx.set.status=400,result;let[row]=await database.insert(subTable).values({customer_id:customerId,provider:provider.name,provider_subscription_id:result.providerSubscriptionId,status:result.status??"incomplete",collection_method:body.collectionMethod??"charge_automatically",current_period_start:result.currentPeriodStart?new Date(result.currentPeriodStart):null,current_period_end:result.currentPeriodEnd?new Date(result.currentPeriodEnd):null,cancel_at_period_end:body.cancelAtPeriodEnd??!1,items,metadata:body.metadata??{}}).returning();return{success:!0,subscription:row,clientSecret:result.clientSecret}}catch(error3){return logger2.error("[Payment] Create subscription error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to create subscription"}}}),app.put("/subscriptions/:id",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,body=ctx.body,[existing]=await database.select().from(subTable).where(eq52(subTable.id,id));if(!existing)return ctx.set.status=404,{success:!1,error:"Subscription not found"};if(!await customerBelongsToCaller(ctx.request,existing.customer_id))return ctx.set.status=403,{success:!1,error:"Forbidden"};let result=await provider.updateSubscription({providerSubscriptionId:existing.provider_subscription_id,items:body.items,cancelAtPeriodEnd:body.cancelAtPeriodEnd,metadata:body.metadata,collectionMethod:body.collectionMethod,daysUntilDue:body.daysUntilDue,defaultPaymentMethod:body.defaultPaymentMethod,prorationBehavior:body.prorationBehavior});if(!result.success)return ctx.set.status=400,result;let updates={};if(result.status)updates.status=result.status;if(body.cancelAtPeriodEnd!==void 0)updates.cancel_at_period_end=body.cancelAtPeriodEnd;if(body.items)updates.items=body.items;if(body.metadata)updates.metadata=body.metadata;if(body.collectionMethod)updates.collection_method=body.collectionMethod;let[updated]=await database.update(subTable).set(updates).where(eq52(subTable.id,id)).returning();return{success:!0,subscription:updated}}catch(error3){return logger2.error("[Payment] Update subscription error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to update subscription"}}}),app.post("/subscriptions/:id/cancel",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,body=ctx.body??{},[existing]=await database.select().from(subTable).where(eq52(subTable.id,id));if(!existing)return ctx.set.status=404,{success:!1,error:"Subscription not found"};if(!await customerBelongsToCaller(ctx.request,existing.customer_id))return ctx.set.status=403,{success:!1,error:"Forbidden"};let result=await provider.cancelSubscription({providerSubscriptionId:existing.provider_subscription_id,cancelAtPeriodEnd:body.cancelAtPeriodEnd,invoiceNow:body.invoiceNow,prorate:body.prorate});if(!result.success)return ctx.set.status=400,result;let updates={status:result.status??"canceled",canceled_at:new Date};if(body.cancelAtPeriodEnd)updates.cancel_at_period_end=!0;let[updated]=await database.update(subTable).set(updates).where(eq52(subTable.id,id)).returning();return{success:!0,subscription:updated}}catch(error3){return logger2.error("[Payment] Cancel subscription error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to cancel subscription"}}}),app.get("/subscriptions",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let query=ctx.query,conditions=[];if(query.customerId)conditions.push(eq52(subTable.customer_id,query.customerId));if(query.status)conditions.push(eq52(subTable.status,query.status));if(!hasGodminRole(ctx.request)){let ids=await callerCustomerIds(userId);if(ids.length===0)return{success:!0,subscriptions:[]};conditions.push(inArray12(subTable.customer_id,ids))}return{success:!0,subscriptions:conditions.length>0?await database.select().from(subTable).where(and17(...conditions)):await database.select().from(subTable)}}catch(error3){return logger2.error("[Payment] List subscriptions error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to list subscriptions"}}}),app.get("/subscriptions/:id",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,[subscription]=await database.select().from(subTable).where(eq52(subTable.id,id));if(!subscription)return ctx.set.status=404,{success:!1,error:"Subscription not found"};if(!await customerBelongsToCaller(ctx.request,subscription.customer_id))return ctx.set.status=403,{success:!1,error:"Forbidden"};return{success:!0,subscription}}catch(error3){return logger2.error("[Payment] Get subscription error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to get subscription"}}}),app.post("/usage-records",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let body=ctx.body,result=await provider.reportUsage({subscriptionItemId:body.subscriptionItemId,quantity:body.quantity,timestamp:body.timestamp,action:body.action});if(!result.success)return ctx.set.status=400,result;return{success:!0,usageRecord:result}}catch(error3){return logger2.error("[Payment] Report usage error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to report usage"}}}),app.get("/usage-records/:subscriptionItemId/summaries",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{subscriptionItemId}=ctx.params,query=ctx.query,result=await provider.listUsageRecordSummaries({subscriptionItemId,limit:query.limit?parseInt(query.limit,10):void 0,startingAfter:query.startingAfter});if(!result.success)return ctx.set.status=400,result;return{success:!0,summaries:result.summaries,hasMore:result.hasMore}}catch(error3){return logger2.error("[Payment] List usage summaries error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to list usage summaries"}}}),app.post("/invoices",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let body=ctx.body,customerId=body.customerId,[customer]=await database.select().from(cusTable).where(eq52(cusTable.id,customerId));if(!customer)return ctx.set.status=404,{success:!1,error:"Customer not found"};if(String(customer.user_id)!==String(userId)&&!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden"};let result=await provider.createInvoice({providerCustomerId:customer.provider_customer_id,collectionMethod:body.collectionMethod,daysUntilDue:body.daysUntilDue,description:body.description,metadata:body.metadata,autoAdvance:body.autoAdvance,items:body.items});if(!result.success)return ctx.set.status=400,result;let[row]=await database.insert(invTable).values({customer_id:customerId,subscription_id:body.subscriptionId??null,provider:provider.name,provider_invoice_id:result.providerInvoiceId,status:result.status??"draft",collection_method:body.collectionMethod??"charge_automatically",currency:body.currency??defaultCurrency,description:body.description??null,hosted_invoice_url:result.hostedInvoiceUrl??null,invoice_pdf:result.invoicePdf??null,days_until_due:body.daysUntilDue??null,lines:body.items??[],metadata:body.metadata??{}}).returning();return{success:!0,invoice:row,providerInvoiceId:result.providerInvoiceId}}catch(error3){return logger2.error("[Payment] Create invoice error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to create invoice"}}}),app.post("/invoices/:id/finalize",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,body=ctx.body??{},[existing]=await database.select().from(invTable).where(eq52(invTable.id,id));if(!existing)return ctx.set.status=404,{success:!1,error:"Invoice not found"};if(!await customerBelongsToCaller(ctx.request,existing.customer_id))return ctx.set.status=403,{success:!1,error:"Forbidden"};let result=await provider.finalizeInvoice({providerInvoiceId:existing.provider_invoice_id,autoAdvance:body.autoAdvance});if(!result.success)return ctx.set.status=400,result;let[updated]=await database.update(invTable).set({status:result.status??"open",hosted_invoice_url:result.hostedInvoiceUrl??existing.hosted_invoice_url,invoice_pdf:result.invoicePdf??existing.invoice_pdf}).where(eq52(invTable.id,id)).returning();return{success:!0,invoice:updated}}catch(error3){return logger2.error("[Payment] Finalize invoice error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to finalize invoice"}}}),app.post("/invoices/:id/send",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,[existing]=await database.select().from(invTable).where(eq52(invTable.id,id));if(!existing)return ctx.set.status=404,{success:!1,error:"Invoice not found"};if(!await customerBelongsToCaller(ctx.request,existing.customer_id))return ctx.set.status=403,{success:!1,error:"Forbidden"};let result=await provider.sendInvoice({providerInvoiceId:existing.provider_invoice_id});if(!result.success)return ctx.set.status=400,result;return{success:!0}}catch(error3){return logger2.error("[Payment] Send invoice error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to send invoice"}}}),app.post("/invoices/:id/void",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,[existing]=await database.select().from(invTable).where(eq52(invTable.id,id));if(!existing)return ctx.set.status=404,{success:!1,error:"Invoice not found"};if(!await customerBelongsToCaller(ctx.request,existing.customer_id))return ctx.set.status=403,{success:!1,error:"Forbidden"};let result=await provider.voidInvoice({providerInvoiceId:existing.provider_invoice_id});if(!result.success)return ctx.set.status=400,result;let[updated]=await database.update(invTable).set({status:"void",voided_at:new Date}).where(eq52(invTable.id,id)).returning();return{success:!0,invoice:updated}}catch(error3){return logger2.error("[Payment] Void invoice error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to void invoice"}}}),app.post("/invoices/:id/pay",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,body=ctx.body??{},[existing]=await database.select().from(invTable).where(eq52(invTable.id,id));if(!existing)return ctx.set.status=404,{success:!1,error:"Invoice not found"};if(!await customerBelongsToCaller(ctx.request,existing.customer_id))return ctx.set.status=403,{success:!1,error:"Forbidden"};let result=await provider.payInvoice({providerInvoiceId:existing.provider_invoice_id,paymentMethod:body.paymentMethod});if(!result.success)return ctx.set.status=400,result;let[updated]=await database.update(invTable).set({status:result.status??"paid",amount_paid:result.amountPaid??existing.amount_paid,amount_due:result.amountDue??existing.amount_due,paid_at:new Date}).where(eq52(invTable.id,id)).returning();return{success:!0,invoice:updated}}catch(error3){return logger2.error("[Payment] Pay invoice error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to pay invoice"}}}),app.get("/invoices",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let query=ctx.query,conditions=[];if(query.customerId)conditions.push(eq52(invTable.customer_id,query.customerId));if(query.subscriptionId)conditions.push(eq52(invTable.subscription_id,query.subscriptionId));if(query.status)conditions.push(eq52(invTable.status,query.status));if(!hasGodminRole(ctx.request)){let ids=await callerCustomerIds(userId);if(ids.length===0)return{success:!0,invoices:[]};conditions.push(inArray12(invTable.customer_id,ids))}return{success:!0,invoices:conditions.length>0?await database.select().from(invTable).where(and17(...conditions)):await database.select().from(invTable)}}catch(error3){return logger2.error("[Payment] List invoices error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to list invoices"}}}),app.get("/invoices/:id",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,[invoice]=await database.select().from(invTable).where(eq52(invTable.id,id));if(!invoice)return ctx.set.status=404,{success:!1,error:"Invoice not found"};if(!await customerBelongsToCaller(ctx.request,invoice.customer_id))return ctx.set.status=403,{success:!1,error:"Forbidden"};return{success:!0,invoice}}catch(error3){return logger2.error("[Payment] Get invoice error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to get invoice"}}}),subMerchantsEnabled)app.post("/sub-merchants",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};let body=ctx.body;if(!body.name||!body.email||!body.subMerchantType)return ctx.set.status=400,{success:!1,error:"name, email, and subMerchantType are required"};try{let externalId=body.externalId??`sm-${Date.now().toString(36)}`,result=await provider.registerSubMerchant({locale:body.locale??defaultLocale,subMerchantExternalId:externalId,subMerchantType:body.subMerchantType,name:body.name,email:body.email,gsmNumber:body.gsmNumber,address:body.address,iban:body.iban,contactName:body.contactName,contactSurname:body.contactSurname,identityNumber:body.identityNumber,taxOffice:body.taxOffice,taxNumber:body.taxNumber,legalCompanyTitle:body.legalCompanyTitle,currency:body.currency??defaultCurrency});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Failed to register sub-merchant",errorCode:result.errorCode};let[saved]=await database.insert(smTable).values({userId:hasGodminRole(ctx.request)?body.userId??userId:userId,provider:provider.name,providerSubMerchantKey:result.subMerchantKey,externalId,type:body.subMerchantType,status:"active",name:body.name,email:body.email,gsmNumber:body.gsmNumber??null,address:body.address??null,iban:body.iban??null,contactName:body.contactName??null,contactSurname:body.contactSurname??null,identityNumber:body.identityNumber??null,taxOffice:body.taxOffice??null,taxNumber:body.taxNumber??null,legalCompanyTitle:body.legalCompanyTitle??null,currency:body.currency??defaultCurrency,commissionRate:hasGodminRole(ctx.request)?body.commissionRate??0:0}).returning();return logger2.info("[Payment] Sub-merchant registered",{externalId,providerKey:result.subMerchantKey}),{success:!0,data:saved}}catch(error3){return logger2.error("[Payment] register sub-merchant error",{error:error3 instanceof Error?error3.message:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to register sub-merchant"}}}),app.put("/sub-merchants/:id",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};let body=ctx.body;try{let[existing]=await database.select().from(smTable).where(eq52(smTable.id,ctx.params.id)).limit(1);if(!existing)return ctx.set.status=404,{success:!1,error:"Sub-merchant not found"};let smIsGodmin=hasGodminRole(ctx.request);if(String(existing.userId)!==String(userId)&&!smIsGodmin)return ctx.set.status=403,{success:!1,error:"Forbidden"};if(existing.providerSubMerchantKey){let providerResult=await provider.updateSubMerchant({locale:body.locale??defaultLocale,subMerchantKey:existing.providerSubMerchantKey,name:body.name,email:body.email,gsmNumber:body.gsmNumber,address:body.address,iban:body.iban,contactName:body.contactName,contactSurname:body.contactSurname,identityNumber:body.identityNumber,taxOffice:body.taxOffice,taxNumber:body.taxNumber,legalCompanyTitle:body.legalCompanyTitle,currency:body.currency});if(!providerResult.success)logger2.warn("[Payment] Provider sub-merchant update failed",{errorCode:providerResult.errorCode})}let updateData={};if(body.name)updateData.name=body.name;if(body.email)updateData.email=body.email;if(body.gsmNumber!==void 0)updateData.gsmNumber=body.gsmNumber;if(body.address!==void 0)updateData.address=body.address;if(body.iban!==void 0)updateData.iban=body.iban;if(body.contactName!==void 0)updateData.contactName=body.contactName;if(body.contactSurname!==void 0)updateData.contactSurname=body.contactSurname;if(body.identityNumber!==void 0)updateData.identityNumber=body.identityNumber;if(body.taxOffice!==void 0)updateData.taxOffice=body.taxOffice;if(body.taxNumber!==void 0)updateData.taxNumber=body.taxNumber;if(body.legalCompanyTitle!==void 0)updateData.legalCompanyTitle=body.legalCompanyTitle;if(body.currency!==void 0)updateData.currency=body.currency;if(body.commissionRate!==void 0&&smIsGodmin)updateData.commissionRate=body.commissionRate;if(body.status!==void 0&&smIsGodmin)updateData.status=body.status;let[updated]=await database.update(smTable).set(updateData).where(eq52(smTable.id,ctx.params.id)).returning();return{success:!0,data:updated}}catch{return ctx.set.status=500,{success:!1,error:"Failed to update sub-merchant"}}}),app.get("/sub-merchants",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let smListGodmin=hasGodminRole(ctx.request);return{success:!0,data:{items:await database.select().from(smTable).where(smListGodmin?eq52(smTable.isActive,!0):and17(eq52(smTable.isActive,!0),eq52(smTable.userId,userId))).orderBy(smTable.createdAt)}}}catch{return ctx.set.status=500,{success:!1,error:"Failed to list sub-merchants"}}}),app.get("/sub-merchants/:id",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let[item]=await database.select().from(smTable).where(eq52(smTable.id,ctx.params.id)).limit(1);if(!item)return ctx.set.status=404,{success:!1,error:"Sub-merchant not found"};if(String(item.userId)!==String(userId)&&!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden"};return{success:!0,data:item}}catch{return ctx.set.status=500,{success:!1,error:"Failed to get sub-merchant"}}}),app.post("/splits/:splitId/approve",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};try{let[split]=await database.select().from(csTable).where(eq52(csTable.id,ctx.params.splitId)).limit(1);if(!split)return ctx.set.status=404,{success:!1,error:"Split not found"};if(split.status!=="pending")return ctx.set.status=400,{success:!1,error:`Split already ${split.status}`};if(split.providerSplitId){let result=await provider.approveSplit({locale:defaultLocale,paymentTransactionId:split.providerSplitId});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Provider approval failed",errorCode:result.errorCode}}let[updated]=await database.update(csTable).set({status:"approved",approvedAt:new Date}).where(eq52(csTable.id,ctx.params.splitId)).returning();return logger2.info("[Payment] Split approved",{splitId:ctx.params.splitId}),{success:!0,data:updated}}catch{return ctx.set.status=500,{success:!1,error:"Failed to approve split"}}}),app.post("/splits/:splitId/disapprove",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};try{let[split]=await database.select().from(csTable).where(eq52(csTable.id,ctx.params.splitId)).limit(1);if(!split)return ctx.set.status=404,{success:!1,error:"Split not found"};if(split.status!=="pending")return ctx.set.status=400,{success:!1,error:`Split already ${split.status}`};if(split.providerSplitId){let result=await provider.disapproveSplit({locale:defaultLocale,paymentTransactionId:split.providerSplitId});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Provider disapproval failed",errorCode:result.errorCode}}let[updated]=await database.update(csTable).set({status:"disapproved",disapprovedAt:new Date}).where(eq52(csTable.id,ctx.params.splitId)).returning();return logger2.info("[Payment] Split disapproved",{splitId:ctx.params.splitId}),{success:!0,data:updated}}catch{return ctx.set.status=500,{success:!1,error:"Failed to disapprove split"}}}),app.get("/splits",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};try{let url=new URL(ctx.request.url),transactionId=url.searchParams.get("transactionId"),subMerchantId=url.searchParams.get("subMerchantId"),query=database.select().from(csTable);if(transactionId&&subMerchantId)query=query.where(and17(eq52(csTable.transactionId,transactionId),eq52(csTable.subMerchantId,subMerchantId)));else if(transactionId)query=query.where(eq52(csTable.transactionId,transactionId));else if(subMerchantId)query=query.where(eq52(csTable.subMerchantId,subMerchantId));return{success:!0,data:{items:await query.orderBy(csTable.createdAt)}}}catch{return ctx.set.status=500,{success:!1,error:"Failed to list splits"}}});return app.get("/balance",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let result=await provider.getBalance();if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Failed to get balance"};return{success:!0,data:{available:result.available,pending:result.pending,connectReserved:result.connectReserved}}}catch{return ctx.set.status=500,{success:!1,error:"Failed to get balance"}}}),app.post("/payouts",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};try{let body=ctx.body,payoutAmt=validateAmount(body.amount,"amount");if(!payoutAmt.ok)return ctx.set.status=400,{success:!1,error:payoutAmt.error};if(!isValidCurrency(body.currency))return ctx.set.status=400,{success:!1,error:"currency must be a 3-letter code"};let result=await provider.createPayout({amount:payoutAmt.value,currency:body.currency??defaultCurrency,destination:body.destination,description:body.description,metadata:body.metadata,method:body.method,sourceType:body.sourceType,statementDescriptor:body.statementDescriptor});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Failed to create payout"};return{success:!0,data:result}}catch{return ctx.set.status=500,{success:!1,error:"Failed to create payout"}}}),app.get("/payouts",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let url=new URL(ctx.request.url),result=await provider.listPayouts({status:url.searchParams.get("status")??void 0,destination:url.searchParams.get("destination")??void 0,limit:url.searchParams.get("limit")?Number(url.searchParams.get("limit")):void 0,startingAfter:url.searchParams.get("startingAfter")??void 0});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Failed to list payouts"};return{success:!0,data:{payouts:result.payouts,hasMore:result.hasMore}}}catch{return ctx.set.status=500,{success:!1,error:"Failed to list payouts"}}}),app.get("/payouts/:id",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let result=await provider.getPayout({providerPayoutId:ctx.params.id});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Failed to get payout"};return{success:!0,data:result}}catch{return ctx.set.status=500,{success:!1,error:"Failed to get payout"}}}),app.post("/payouts/:id/cancel",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};try{let result=await provider.cancelPayout({providerPayoutId:ctx.params.id});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Failed to cancel payout"};return{success:!0,data:result}}catch{return ctx.set.status=500,{success:!1,error:"Failed to cancel payout"}}}),app.post("/transfers",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};try{let body=ctx.body,transferAmt=validateAmount(body.amount,"amount");if(!transferAmt.ok)return ctx.set.status=400,{success:!1,error:transferAmt.error};if(!isValidCurrency(body.currency))return ctx.set.status=400,{success:!1,error:"currency must be a 3-letter code"};let result=await provider.createTransfer({amount:transferAmt.value,currency:body.currency??defaultCurrency,destination:body.destination,description:body.description,metadata:body.metadata,sourceTransaction:body.sourceTransaction,transferGroup:body.transferGroup});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Failed to create transfer"};return{success:!0,data:result}}catch{return ctx.set.status=500,{success:!1,error:"Failed to create transfer"}}}),app.get("/transfers",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let url=new URL(ctx.request.url),result=await provider.listTransfers({destination:url.searchParams.get("destination")??void 0,transferGroup:url.searchParams.get("transferGroup")??void 0,limit:url.searchParams.get("limit")?Number(url.searchParams.get("limit")):void 0,startingAfter:url.searchParams.get("startingAfter")??void 0});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Failed to list transfers"};return{success:!0,data:{transfers:result.transfers,hasMore:result.hasMore}}}catch{return ctx.set.status=500,{success:!1,error:"Failed to list transfers"}}}),app.options("/callback",()=>{return new Response(null,{headers:{"Access-Control-Allow-Origin":"*","Access-Control-Allow-Methods":"GET,POST,OPTIONS","Access-Control-Allow-Headers":"Content-Type"}})}),registerStripeWebhookRoute(app,{provider,webhookSecret:config.webhookSecret,db:database,webhookLogsTable:whTable,transactionsTable:txTable,getPayoutService:config.getPayoutService,logger:logger2}),app};var init_payment=__esm(()=>{init_adminGuard();init_webhook()});var requireUser=(ctx)=>ctx.request.headers.get("x-user-id"),isAdmin=(ctx)=>decodeHeaderList(ctx.request.headers.get("x-user-roles")).some((r2)=>isGodminRole(r2)),canReadOwnerLedger=(ctx,ownerType,ownerId)=>{if(isAdmin(ctx))return!0;let userId=ctx.request.headers.get("x-user-id");return!!userId&&ownerType==="user"&&!!ownerId&&ownerId===userId},failResponse=(ctx,status,message)=>{return ctx.set.status=status,{success:!1,message,data:null}};var init_types22=__esm(()=>{init_Authorization()});import{Elysia as Elysia42,t as t34}from"elysia";function createPayoutRoutes(config){let base=`${config.basePath}/marketplace`,app=new Elysia42;return app.post(`${base}/payout-requests`,async(ctx)=>{let svc=config.getPayoutService();if(!svc)return failResponse(ctx,503,"Marketplace not available");let userId=requireUser(ctx);if(!userId)return failResponse(ctx,401,"Authentication required");let body=ctx.body;if(!canReadOwnerLedger(ctx,body.recipientOwnerType,body.recipientOwnerId))return failResponse(ctx,403,"Forbidden: cannot request a payout for another owner's balance");try{return{success:!0,message:"Payout requested",data:await svc.requestPayout({...body,requestedBy:userId})}}catch(err){return failResponse(ctx,400,err instanceof Error?err.message:"Failed")}},{body:t34.Object({recipientOwnerId:t34.String(),recipientOwnerType:t34.Optional(t34.String()),amount:t34.Number(),currency:t34.Optional(t34.String()),destination:t34.Optional(t34.String()),requestedBy:t34.Optional(t34.String())}),detail:{tags:["Payments Marketplace"],summary:"Request a payout"}}),app.get(`${base}/payout-requests`,async(ctx)=>{let svc=config.getPayoutService();if(!svc)return failResponse(ctx,503,"Marketplace not available");let userId=requireUser(ctx);if(!userId)return failResponse(ctx,401,"Authentication required");let url=new URL(ctx.request.url),requestedOwnerId=url.searchParams.get("recipientOwnerId")??void 0,recipientOwnerId=isAdmin(ctx)?requestedOwnerId:userId,items=await svc.listPayoutRequests({recipientOwnerId,status:url.searchParams.get("status")??void 0});return{success:!0,message:`Found ${items.length} payout requests`,data:{items}}}),app.get(`${base}/payout-requests/:id`,async(ctx)=>{let svc=config.getPayoutService();if(!svc)return failResponse(ctx,503,"Marketplace not available");if(!requireUser(ctx))return failResponse(ctx,401,"Authentication required");let record3=await svc.getPayoutRequest(ctx.params.id);if(!record3)return failResponse(ctx,404,"Payout request not found");let r2=record3;if(!canReadOwnerLedger(ctx,r2.recipientOwnerType,r2.recipientOwnerId))return failResponse(ctx,404,"Payout request not found");return{success:!0,message:"Payout request",data:record3}}),app.post(`${base}/payout-requests/:id/approve`,async(ctx)=>{let svc=config.getPayoutService();if(!svc)return failResponse(ctx,503,"Marketplace not available");let userId=requireUser(ctx);if(!userId)return failResponse(ctx,401,"Authentication required");if(!isAdmin(ctx))return failResponse(ctx,403,"Forbidden: operator privileges required");try{let record3=await svc.approvePayout(ctx.params.id,{deciderId:userId});if(!record3)return failResponse(ctx,404,"Payout request not found");return{success:!0,message:"Payout approved",data:record3}}catch(err){return failResponse(ctx,400,err instanceof Error?err.message:"Failed")}}),app.post(`${base}/payout-requests/:id/reject`,async(ctx)=>{let svc=config.getPayoutService();if(!svc)return failResponse(ctx,503,"Marketplace not available");let userId=requireUser(ctx);if(!userId)return failResponse(ctx,401,"Authentication required");if(!isAdmin(ctx))return failResponse(ctx,403,"Forbidden: operator privileges required");let record3=await svc.rejectPayout(ctx.params.id,userId);if(!record3)return failResponse(ctx,404,"Payout request not found");return{success:!0,message:"Payout rejected",data:record3}}),app.post(`${base}/disputes`,async(ctx)=>{let svc=config.getPayoutService();if(!svc)return failResponse(ctx,503,"Marketplace not available");if(!requireUser(ctx))return failResponse(ctx,401,"Authentication required");if(!isAdmin(ctx))return failResponse(ctx,403,"Forbidden: operator privileges required");let body=ctx.body;return{success:!0,message:"Dispute opened",data:await svc.openDispute(body)}},{body:t34.Object({provider:t34.String(),transactionId:t34.Optional(t34.String()),providerDisputeId:t34.Optional(t34.String()),ownerType:t34.Optional(t34.String()),ownerId:t34.Optional(t34.String()),amount:t34.Optional(t34.Number()),currency:t34.Optional(t34.String()),reason:t34.Optional(t34.String())}),detail:{tags:["Payments Marketplace"],summary:"Open a dispute"}}),app.get(`${base}/disputes`,async(ctx)=>{let svc=config.getPayoutService();if(!svc)return failResponse(ctx,503,"Marketplace not available");let userId=requireUser(ctx);if(!userId)return failResponse(ctx,401,"Authentication required");let url=new URL(ctx.request.url),requestedOwnerId=url.searchParams.get("ownerId")??void 0,ownerId=isAdmin(ctx)?requestedOwnerId:userId,items=await svc.listDisputes({ownerId,status:url.searchParams.get("status")??void 0});return{success:!0,message:`Found ${items.length} disputes`,data:{items}}}),app.post(`${base}/disputes/:id/resolve`,async(ctx)=>{let svc=config.getPayoutService();if(!svc)return failResponse(ctx,503,"Marketplace not available");if(!requireUser(ctx))return failResponse(ctx,401,"Authentication required");if(!isAdmin(ctx))return failResponse(ctx,403,"Forbidden: operator privileges required");let body=ctx.body,record3=await svc.resolveDispute(ctx.params.id,body.outcome);if(!record3)return failResponse(ctx,404,"Dispute not found");return{success:!0,message:"Dispute resolved",data:record3}},{body:t34.Object({outcome:t34.Union([t34.Literal("won"),t34.Literal("lost"),t34.Literal("accepted"),t34.Literal("cancelled")])}),detail:{tags:["Payments Marketplace"],summary:"Resolve a dispute"}}),app}var init_payouts=__esm(()=>{init_types22()});import{Elysia as Elysia43,t as t35}from"elysia";function createSplitRoutes(config){let base=`${config.basePath}/marketplace`,app=new Elysia43;return app.post(`${base}/splits`,async(ctx)=>{let svc=config.getMarketplaceService();if(!svc)return failResponse(ctx,503,"Marketplace not available");if(!requireUser(ctx))return failResponse(ctx,401,"Authentication required");if(!isAdmin(ctx))return failResponse(ctx,403,"Forbidden: operator privileges required");let body=ctx.body;try{return{success:!0,message:"Split recorded",data:await svc.recordSplit(body)}}catch(err){return failResponse(ctx,400,err instanceof Error?err.message:"Failed")}},{body:t35.Object({recipientOwnerId:t35.String(),recipientOwnerType:t35.Optional(t35.String()),provider:t35.String(),grossAmount:t35.Number(),providerFeeAmount:t35.Optional(t35.Number()),platformFeeAmount:t35.Number(),currency:t35.Optional(t35.String()),transactionId:t35.Optional(t35.String()),sourceType:t35.Optional(t35.String()),sourceId:t35.Optional(t35.String()),settlementDelayDays:t35.Optional(t35.Number()),reserveRate:t35.Optional(t35.Number()),isNewSeller:t35.Optional(t35.Boolean())}),detail:{tags:["Payments Marketplace"],summary:"Record a payment split"}}),app.get(`${base}/splits`,async(ctx)=>{let svc=config.getMarketplaceService();if(!svc)return failResponse(ctx,503,"Marketplace not available");let userId=requireUser(ctx);if(!userId)return failResponse(ctx,401,"Authentication required");let url=new URL(ctx.request.url),requestedOwnerId=url.searchParams.get("recipientOwnerId")??void 0,recipientOwnerId=isAdmin(ctx)?requestedOwnerId:userId,items=await svc.listSplits({recipientOwnerId,status:url.searchParams.get("status")??void 0});return{success:!0,message:`Found ${items.length} splits`,data:{items}}}),app.get(`${base}/balance/:ownerId`,async(ctx)=>{let svc=config.getMarketplaceService();if(!svc)return failResponse(ctx,503,"Marketplace not available");if(!requireUser(ctx))return failResponse(ctx,401,"Authentication required");let url=new URL(ctx.request.url),ownerType=url.searchParams.get("ownerType")??"seller",ownerId=ctx.params.ownerId;if(!canReadOwnerLedger(ctx,ownerType,ownerId))return failResponse(ctx,403,"Forbidden: cannot read another owner's balance");return{success:!0,message:"Balance",data:await svc.getBalance(ownerType,ownerId,url.searchParams.get("currency")??void 0)}}),app.post(`${base}/reserves/:id/release`,async(ctx)=>{let svc=config.getMarketplaceService();if(!svc)return failResponse(ctx,503,"Marketplace not available");if(!requireUser(ctx))return failResponse(ctx,401,"Authentication required");if(!isAdmin(ctx))return failResponse(ctx,403,"Forbidden: operator privileges required");if(!await svc.releaseReserve(ctx.params.id))return failResponse(ctx,400,"Reserve not found or not held");return{success:!0,message:"Reserve released",data:{released:!0}}}),app.get(`${base}/settlement-policy`,async(ctx)=>{let svc=config.getMarketplaceService();if(!svc)return failResponse(ctx,503,"Marketplace not available");if(!requireUser(ctx))return failResponse(ctx,401,"Authentication required");let url=new URL(ctx.request.url),ownerType=url.searchParams.get("ownerType")??"tenant",ownerId=url.searchParams.get("ownerId")??"";if(!canReadOwnerLedger(ctx,ownerType,ownerId))return failResponse(ctx,403,"Forbidden: cannot read this settlement policy");return{success:!0,message:"Settlement policy",data:await svc.getSettlementPolicy(ownerType,ownerId)}}),app.post(`${base}/settlement-policy`,async(ctx)=>{let svc=config.getMarketplaceService();if(!svc)return failResponse(ctx,503,"Marketplace not available");if(!requireUser(ctx))return failResponse(ctx,401,"Authentication required");if(!isAdmin(ctx))return failResponse(ctx,403,"Forbidden: operator privileges required");let body=ctx.body;return{success:!0,message:"Settlement policy saved",data:await svc.upsertSettlementPolicy(body)}},{body:t35.Object({ownerType:t35.String(),ownerId:t35.String(),defaultDelayDays:t35.Optional(t35.Number()),newSellerDelayDays:t35.Optional(t35.Number()),reserveRate:t35.Optional(t35.Number()),reserveDays:t35.Optional(t35.Number()),minimumPayoutAmount:t35.Optional(t35.Number()),currency:t35.Optional(t35.String()),earlyPayoutEnabled:t35.Optional(t35.Boolean())}),detail:{tags:["Payments Marketplace"],summary:"Upsert settlement policy"}}),app}var init_splits=__esm(()=>{init_types22()});var exports_marketplace={};__export(exports_marketplace,{createMarketplaceRoutes:()=>createMarketplaceRoutes});function createMarketplaceRoutes(app,config){return app.use(createSplitRoutes(config)),app.use(createPayoutRoutes(config)),app}var init_marketplace=__esm(()=>{init_payouts();init_splits()});function normSegment(input){return input.toLowerCase().replace(/[^a-z0-9]+/g,"_").replace(/_+/g,"_").replace(/^_|_$/g,"")}function normPath(path4){return normSegment(path4.replace(/\{[^}]+\}/g,(m2)=>m2.slice(1,-1)))}function shortHash(input){let h=5381;for(let i=0;i<input.length;i++)h=(h*33^input.charCodeAt(i))>>>0;return h.toString(36)}function capAction(action,max=100){if(action.length<=max)return action;let suffix=`_${shortHash(action)}`;return action.slice(0,Math.max(1,max-suffix.length))+suffix}function resourceFromPath(path4){let segs=path4.split("/").filter(Boolean).filter((s)=>!s.startsWith("{"));for(let s of segs){if(s==="api"||/^v\d+$/i.test(s))continue;return normSegment(s)}return normSegment(segs[0]??"root")}function matchesExclude(path4,patterns3){if(!patterns3?.length)return!1;for(let raw of patterns3){let p=raw.trim();if(!p)continue;if(p.endsWith("/*")){let prefix=p.slice(0,-2);if(path4===prefix||path4.startsWith(`${prefix}/`))return!0}else if(p.endsWith("*")){if(path4.startsWith(p.slice(0,-1)))return!0}else if(path4===p)return!0}return!1}function parseOpenApiToClaims(serviceId,doc,opts={}){let sid=normSegment(serviceId);if(!sid)throw Error("endpointDiscovery: serviceId is empty after normalization");if(RESERVED_SERVICE_IDS.has(sid))throw Error(`endpointDiscovery: serviceId "${serviceId}" collides with an HTTP-method claim prefix; pick another id`);let specs=[],seen=new Set,paths=doc.paths??{};for(let[path4,ops]of Object.entries(paths)){if(!ops||matchesExclude(path4,opts.exclude))continue;for(let method of HTTP_METHODS2){let op=ops[method];if(!op)continue;let tag=(op.tags?.[0]?normSegment(op.tags[0]):"")||resourceFromPath(path4),opToken=(op.operationId?normSegment(op.operationId):"")||`${method}_${normPath(path4)}`,action=capAction(`${sid}.${tag||"root"}.${opToken||method}`);if(seen.has(action)){action=capAction(`${action}_${shortHash(`${method} ${path4}`)}`);while(seen.has(action))action=capAction(`${action}_${shortHash(action)}`)}seen.add(action),specs.push({action,path:path4,method:method.toUpperCase(),description:op.summary||op.description||`${method.toUpperCase()} ${path4}`})}}return specs}function diffClaims(existing,specs){let specByAction=new Map(specs.map((s)=>[s.action,s])),existByAction=new Map(existing.map((e)=>[e.action,e]));return{toInsert:specs.filter((s)=>!existByAction.has(s.action)),toReactivate:specs.filter((s)=>existByAction.get(s.action)?.isActive===!1),toDeactivate:existing.filter((e)=>e.isActive&&!specByAction.has(e.action)),unchanged:specs.filter((s)=>existByAction.get(s.action)?.isActive===!0)}}async function fetchOpenApi(baseUrl,openapiPath,fetchImpl=fetch){let url=`${baseUrl.replace(/\/$/,"")}${openapiPath.startsWith("/")?"":"/"}${openapiPath}`,res=await fetchImpl(url);if(!res.ok)throw Error(`endpointDiscovery: OpenAPI fetch failed ${res.status} for ${url}`);return await res.json()}var HTTP_METHODS2,RESERVED_SERVICE_IDS;var init_EndpointDiscovery=__esm(()=>{HTTP_METHODS2=["get","post","put","patch","delete"],RESERVED_SERVICE_IDS=new Set(["get","post","put","patch","delete","toggle","bulk"])});var exports_seed={};__export(exports_seed,{seedDiscoveredClaims:()=>seedDiscoveredClaims,runEndpointDiscovery:()=>runEndpointDiscovery,getRouteManifest:()=>getRouteManifest,getRoleClaimsManifest:()=>getRoleClaimsManifest});import{eq as eq53,like as like2}from"drizzle-orm";function col14(table,name2){return table[name2]}async function seedDiscoveredClaims(db,claimsTable,serviceId,specs,logger2){let actionCol=col14(claimsTable,"action"),prefix=specs[0]?.action.split(".")[0]??serviceId.toLowerCase(),existing=(await db.select().from(claimsTable).where(like2(actionCol,`${prefix}.%`))).map((r2)=>({action:String(r2.action),isActive:r2.isActive!==!1,path:String(r2.path??""),method:String(r2.method??""),description:String(r2.description??"")})),plan=diffClaims(existing,specs);for(let s of plan.toInsert)await db.insert(claimsTable).values({action:s.action,path:s.path,method:s.method,description:s.description});for(let s of plan.toReactivate)await db.update(claimsTable).set({isActive:!0,path:s.path,method:s.method,description:s.description}).where(eq53(actionCol,s.action));for(let e of plan.toDeactivate)await db.update(claimsTable).set({isActive:!1}).where(eq53(actionCol,e.action));let summary={added:plan.toInsert.length,reactivated:plan.toReactivate.length,deactivated:plan.toDeactivate.length,unchanged:plan.unchanged.length,total:specs.length};return logger2.info(`[Discovery] Reconciled "${serviceId}"`,summary),summary}async function runEndpointDiscovery(db,schemaTables,config,logger2,fetchImpl=fetch){let claimsTable=schemaTables.claims,services=config.services??[],results=[];if(!claimsTable)return logger2.warn("[Discovery] No claims table in schema; skipping endpoint discovery"),{services:[]};for(let svc of services)try{let doc=await fetchOpenApi(svc.baseUrl,svc.openapi??"/openapi.json",fetchImpl),specs=parseOpenApiToClaims(svc.id,doc,{exclude:svc.exclude}),summary=await seedDiscoveredClaims(db,claimsTable,svc.id,specs,logger2);results.push({id:svc.id,...summary})}catch(err){let message=err instanceof Error?err.message:String(err);logger2.error(`[Discovery] Service "${svc.id}" discovery failed`,{error:message}),results.push({id:svc.id,added:0,reactivated:0,deactivated:0,unchanged:0,total:0,error:message})}return{services:results}}async function getRouteManifest(db,claimsTable,serviceId){return(await db.select().from(claimsTable).where(like2(col14(claimsTable,"action"),`${serviceId.toLowerCase()}.%`))).filter((r2)=>r2.isActive!==!1).map((r2)=>({action:String(r2.action),path:String(r2.path??""),method:String(r2.method??"")}))}async function getRoleClaimsManifest(db,schemaTables,serviceId){let{roles:rolesTable,claims:claimsTable}=schemaTables,roleClaimsTable=schemaTables.roleClaims??schemaTables.role_claims;if(!rolesTable||!claimsTable||!roleClaimsTable)return{};let sid=serviceId.toLowerCase(),claimRows=await db.select().from(claimsTable),claimIdToAction=new Map;for(let c of claimRows){if(c.isActive===!1)continue;let action=String(c.action??"");if(action===sid||action.startsWith(`${sid}.`))claimIdToAction.set(String(c.id),action)}if(claimIdToAction.size===0)return{};let roleRows=await db.select().from(rolesTable),roleIdToName=new Map;for(let r2 of roleRows)roleIdToName.set(String(r2.id),String(r2.name??""));let rcRows=await db.select().from(roleClaimsTable),out={};for(let rc of rcRows){if(rc.isActive===!1)continue;let action=claimIdToAction.get(String(rc.claimId??rc.claim_id)),roleName=roleIdToName.get(String(rc.roleId??rc.role_id));if(!action||!roleName)continue;(out[roleName]??=[]).push(action)}return out}var init_seed=__esm(()=>{init_EndpointDiscovery()});var OPS_BY_TYPE;var init_types23=__esm(()=>{OPS_BY_TYPE={int:["gt","gte","lt","lte","eq","ne"],boolean:["eq","ne"],string:["eq","ne"]}});function isRecord(v){return typeof v==="object"&&v!==null}function guardActionFromName(name2){let brace=name2.indexOf("{");return(brace>=0?name2.slice(0,brace):name2).replace(/:$/,"")}function parseGuardCatalogEntry(entry){if(!isRecord(entry))return null;let name2=typeof entry.name==="string"?entry.name.trim():"";if(!name2)return null;let valueType=entry.value;if(typeof valueType!=="string"||!VALUE_TYPES.includes(valueType))return null;let action=guardActionFromName(name2);if(!action)return null;return{action,policy:{kind:"guard",keyTemplate:name2,valueType}}}function parseGuardPolicy(raw){if(!isRecord(raw)||raw.kind!=="guard")return null;if(typeof raw.keyTemplate!=="string"||!raw.keyTemplate)return null;let vt=raw.valueType;if(typeof vt!=="string"||!VALUE_TYPES.includes(vt))return null;return{kind:"guard",keyTemplate:raw.keyTemplate,valueType:vt}}function resolveGuardKey(keyTemplate,ctx){return keyTemplate.replaceAll("{userId}",ctx.userId).replaceAll("{tenant}",ctx.tenant??"default")}function coerceThreshold(value2,type4){if(type4==="int"){if(value2==null)return null;if(typeof value2==="boolean"||typeof value2==="symbol")return null;if(typeof value2==="string"&&value2.trim()==="")return null;if(typeof value2==="object")return null;let n2=Number(value2);return Number.isFinite(n2)?n2:null}if(type4==="boolean"){if(typeof value2==="boolean")return value2;if(value2==="true"||value2===1||value2==="1")return!0;if(value2==="false"||value2===0||value2==="0")return!1;return null}return value2==null?null:String(value2)}function parseGuardCondition(scope,valueType){let raw=scope;if(typeof scope==="string")try{raw=JSON.parse(scope)}catch{return null}if(!isRecord(raw))return null;let op=raw.op;if(typeof op!=="string"||!OPS_BY_TYPE[valueType].includes(op))return null;let value2=coerceThreshold(raw.value,valueType);if(value2===null)return null;let invalidates=Array.isArray(raw.invalidates)?raw.invalidates.filter((a12)=>typeof a12==="string"&&a12.length>0):[];return{op,value:value2,invalidates}}function coerceStateValue(raw,type4){if(raw==null)return null;let v=isRecord(raw)&&"data"in raw?raw.data:raw;if(v==null)return null;if(typeof v==="object")return null;if(type4==="int"&&typeof v==="string"&&v.trim()==="")return null;return coerceThreshold(v,type4)}function guardConditionHolds(rawValue,valueType,condition){let actual=coerceStateValue(rawValue,valueType);if(actual===null)return!1;let target2=condition.value;switch(condition.op){case"gt":return actual>target2;case"gte":return actual>=target2;case"lt":return actual<target2;case"lte":return actual<=target2;case"eq":return actual===target2;case"ne":return actual!==target2;default:return!1}}function parseClaimGuardCatalog(entries){if(!entries?.length)return[];let out=[],seen=new Set;for(let e of entries){let parsed=parseGuardCatalogEntry(e);if(parsed&&!seen.has(parsed.action))seen.add(parsed.action),out.push(parsed)}return out}var VALUE_TYPES;var init_evaluate=__esm(()=>{init_types23();VALUE_TYPES=["int","boolean","string"]});async function resolveClaimGuards(db,schemaTables,userId,read,ctx={}){let claimsTable=schemaTables.claims,roleClaimsTable=schemaTables.roleClaims??schemaTables.role_claims,userRolesTable=schemaTables.userRoles??schemaTables.user_roles;if(!claimsTable||!roleClaimsTable||!userRolesTable)return EMPTY;let claimRows=await db.select().from(claimsTable),guardByClaimId=new Map;for(let c of claimRows){if(c.isActive===!1)continue;let policy=parseGuardPolicy(c.policy);if(policy)guardByClaimId.set(String(c.id),{action:String(c.action??""),policy})}if(guardByClaimId.size===0)return EMPTY;let urRows=await db.select().from(userRolesTable),roleIds=new Set(urRows.filter((r2)=>r2.isActive!==!1&&String(r2.userId??r2.user_id)===userId).map((r2)=>String(r2.roleId??r2.role_id)));if(roleIds.size===0)return EMPTY;let rcRows=await db.select().from(roleClaimsTable),guards=[],suppressed=new Set,firedGuards=[],stateCache=new Map;for(let rc of rcRows){if(rc.isActive===!1)continue;if(!roleIds.has(String(rc.roleId??rc.role_id)))continue;let guard4=guardByClaimId.get(String(rc.claimId??rc.claim_id));if(!guard4)continue;let condition=parseGuardCondition(rc.scope,guard4.policy.valueType);if(!condition)continue;let key2=resolveGuardKey(guard4.policy.keyTemplate,{userId,tenant:ctx.tenant}),value2;if(stateCache.has(key2))value2=stateCache.get(key2);else value2=await read(key2).catch(()=>null),stateCache.set(key2,value2);let holds=guardConditionHolds(value2,guard4.policy.valueType,condition),current=normalizeCurrent(value2,guard4.policy.valueType);if(guards.push({action:guard4.action,key:key2,valueType:guard4.policy.valueType,op:condition.op,threshold:condition.value,current,invalidates:condition.invalidates,holds}),holds&&condition.invalidates.length>0){for(let a12 of condition.invalidates)suppressed.add(a12);firedGuards.push({action:guard4.action,key:key2,invalidates:condition.invalidates})}}return{guards,suppressedClaims:[...suppressed],firedGuards}}function normalizeCurrent(raw,type4){if(raw==null)return null;let v=typeof raw==="object"&&raw!==null&&"data"in raw?raw.data:raw;if(v==null)return null;if(type4==="int"){let n2=Number(v);return Number.isFinite(n2)?n2:null}if(type4==="boolean")return v===!0||v==="true"||v===1||v==="1";return String(v)}var EMPTY;var init_resolve=__esm(()=>{init_evaluate();EMPTY={guards:[],suppressedClaims:[],firedGuards:[]}});import{eq as eq54}from"drizzle-orm";async function seedClaimGuards(db,schemaTables,claimGuards,logger2){let claimsTable=schemaTables.claims;if(!claimsTable)return{created:0,updated:0,deactivated:0};let actionCol=claimsTable.action,desired=parseClaimGuardCatalog(claimGuards),desiredByAction=new Map(desired.map((d)=>[d.action,d.policy])),existing=await db.select().from(claimsTable),existingGuardActions=new Set,result={created:0,updated:0,deactivated:0};for(let row of existing){if(!parseGuardPolicy(row.policy))continue;let action=String(row.action??"");existingGuardActions.add(action);let want=desiredByAction.get(action);if(!want){if(row.isActive!==!1)await db.update(claimsTable).set({isActive:!1}).where(eq54(actionCol,action)),result.deactivated++;continue}let current=row.policy;if(JSON.stringify(current)!==JSON.stringify(want)||row.isActive===!1)await db.update(claimsTable).set({policy:want,isActive:!0,path:want.keyTemplate,method:"GUARD"}).where(eq54(actionCol,action)),result.updated++}for(let{action,policy}of desired){if(existingGuardActions.has(action))continue;await db.insert(claimsTable).values({action,description:`ClaimGuard [${policy.valueType}] key=${policy.keyTemplate}`,path:policy.keyTemplate,method:"GUARD",policy,isActive:!0}),result.created++}return logger2?.info?.(`[Authorization] ClaimGuards seeded (created=${result.created}, updated=${result.updated}, deactivated=${result.deactivated})`),result}var init_seed2=__esm(()=>{init_evaluate()});var exports_ClaimGuard={};__export(exports_ClaimGuard,{seedClaimGuards:()=>seedClaimGuards,resolveGuardKey:()=>resolveGuardKey,resolveClaimGuards:()=>resolveClaimGuards,parseGuardPolicy:()=>parseGuardPolicy,parseGuardCondition:()=>parseGuardCondition,parseGuardCatalogEntry:()=>parseGuardCatalogEntry,parseClaimGuardCatalog:()=>parseClaimGuardCatalog,guardConditionHolds:()=>guardConditionHolds,guardActionFromName:()=>guardActionFromName,OPS_BY_TYPE:()=>OPS_BY_TYPE});var init_ClaimGuard=__esm(()=>{init_evaluate();init_resolve();init_seed2();init_types23()});var exports_dbStorage={};__export(exports_dbStorage,{createDbWebAuthnStorage:()=>createDbWebAuthnStorage});import{and as and18,eq as eq55}from"drizzle-orm";function rowToRecord(row){return{id:row.id,userId:row.userId,credentialId:row.credentialId,publicKey:row.publicKey,counter:typeof row.counter==="bigint"?Number(row.counter):Number(row.counter??0),transports:parseTransports(row.transports),deviceType:parseDeviceType(row.deviceType),backedUp:row.backedUp,aaguid:row.aaguid,authenticatorAttachment:row.authenticatorAttachment==="platform"||row.authenticatorAttachment==="cross-platform"?row.authenticatorAttachment:null,nickname:row.nickname,lastUsedAt:row.lastUsedAt,revokedAt:row.revokedAt,createdAt:row.createdAt}}function col15(table,key2){return table[key2]}function createDbWebAuthnStorage(deps){let{db,resolveTable}=deps,credentialsName="webauthnCredentials",challengesName="webauthnChallenges";return{storeChallenge:async(challenge,schemaName)=>{let table=resolveTable("webauthnChallenges",schemaName);if(!table)return;await db.insert(table).values({userId:challenge.userId??null,challenge:challenge.challenge,challengeType:challenge.challengeType,expiresAt:challenge.expiresAt})},consumeChallenge:async(challenge,challengeType,schemaName)=>{let table=resolveTable("webauthnChallenges",schemaName);if(!table)return null;let row=(await db.select().from(table).where(and18(eq55(col15(table,"challenge"),challenge),eq55(col15(table,"challengeType"),challengeType))).limit(1))[0];if(!row||row.consumedAt)return null;return await db.update(table).set({consumedAt:new Date}).where(eq55(col15(table,"challenge"),challenge)),{challenge:row.challenge,challengeType:row.challengeType,userId:row.userId,expiresAt:row.expiresAt}},listCredentialsByUser:async(userId,schemaName)=>{let table=resolveTable("webauthnCredentials",schemaName);if(!table)return[];return(await db.select().from(table).where(eq55(col15(table,"userId"),userId))).map(rowToRecord)},findCredentialById:async(credentialId,schemaName)=>{let table=resolveTable("webauthnCredentials",schemaName);if(!table)return null;let rows=await db.select().from(table).where(eq55(col15(table,"credentialId"),credentialId)).limit(1);return rows[0]?rowToRecord(rows[0]):null},insertCredential:async(record3,schemaName)=>{let table=resolveTable("webauthnCredentials",schemaName);if(!table)throw Error("webauthn_credentials table not configured");let row=(await db.insert(table).values({userId:record3.userId,credentialId:record3.credentialId,publicKey:record3.publicKey,counter:record3.counter,transports:record3.transports??null,deviceType:record3.deviceType??null,backedUp:record3.backedUp,aaguid:record3.aaguid??null,authenticatorAttachment:record3.authenticatorAttachment??null,nickname:record3.nickname??null}).returning())[0];if(!row)throw Error("Failed to insert webauthn credential");return rowToRecord(row)},updateCredentialCounter:async(credentialId,counter,schemaName)=>{let table=resolveTable("webauthnCredentials",schemaName);if(!table)return;await db.update(table).set({counter,lastUsedAt:new Date}).where(eq55(col15(table,"credentialId"),credentialId))},revokeCredential:async(credentialId,userId,schemaName)=>{let table=resolveTable("webauthnCredentials",schemaName);if(!table)return!1;return(await db.update(table).set({revokedAt:new Date}).where(and18(eq55(col15(table,"credentialId"),credentialId),eq55(col15(table,"userId"),userId))).returning()).length>0},renameCredential:async(credentialId,userId,nickname,schemaName)=>{let table=resolveTable("webauthnCredentials",schemaName);if(!table)return!1;return(await db.update(table).set({nickname}).where(and18(eq55(col15(table,"credentialId"),credentialId),eq55(col15(table,"userId"),userId))).returning()).length>0}}}var init_dbStorage=()=>{};var exports_authorization={};__export(exports_authorization,{createAuthorizationDiscoveryRoutes:()=>createAuthorizationDiscoveryRoutes});import{timingSafeEqual as timingSafeEqual3}from"crypto";import{Elysia as Elysia44}from"elysia";function tokensMatch2(a12,b){let ba=Buffer.from(a12),bb=Buffer.from(b);if(ba.length!==bb.length)return!1;return timingSafeEqual3(ba,bb)}function createAuthorizationDiscoveryRoutes(cfg){let{db,schemaTables,logger:logger2,discovery,readState}=cfg,token=discovery.token||process.env.NUCLEUS_DISCOVERY_TOKEN,claimsTable=schemaTables.claims,manifestAuthorized=(request)=>{if(hasGodminRole(request))return!0;if(token){let presented=request.headers.get("x-discovery-token")??"";return tokensMatch2(presented,token)}return!1},routes=new Elysia44;routes.post("/authorization/discover",async({request,set:set2})=>{if(!hasGodminRole(request))return fail3(set2,403,"Forbidden: endpoint discovery requires godmin");if(!discovery.enabled)return fail3(set2,400,"endpointDiscovery is not enabled");return{success:!0,message:"Discovery completed",data:await runEndpointDiscovery(db,schemaTables,discovery,logger2)}}),routes.get("/authorization/route-manifest",async({request,query,set:set2})=>{if(!manifestAuthorized(request))return fail3(set2,403,"Forbidden: godmin or a valid x-discovery-token required");if(!claimsTable)return fail3(set2,503,"Claims table unavailable");let service=query.service;if(service){let rows=await getRouteManifest(db,claimsTable,service);return{success:!0,data:{service,routes:rows}}}let all={};for(let svc of discovery.services??[])all[svc.id]=await getRouteManifest(db,claimsTable,svc.id);return{success:!0,data:all}}),routes.get("/authorization/role-claims-manifest",async({request,query,set:set2})=>{if(!manifestAuthorized(request))return fail3(set2,403,"Forbidden: godmin or a valid x-discovery-token required");let service=query.service;if(!service)return fail3(set2,400,"service query param required");let map=await getRoleClaimsManifest(db,schemaTables,service);return{success:!0,data:{service,roleClaims:map}}});let authorizeGuardRead=(request,query,set2)=>{let callerId=request.headers.get("x-user-id")??"",isGodmin3=hasGodminRole(request),requested=query.userId;if(requested&&requested!==callerId&&!isGodmin3)return{error:fail3(set2,403,"Forbidden: only godmin can read another user's guards")};let targetUserId=requested&&isGodmin3?requested:callerId;if(!targetUserId)return{error:fail3(set2,401,"Unauthorized: no user context")};return{userId:targetUserId}},guardsHandler=async({request,query,set:set2})=>{let auth=authorizeGuardRead(request,query,set2);if("error"in auth)return auth.error;let tenant=request.headers.get("x-tenant-id")??void 0;if(!readState)return{success:!0,data:{userId:auth.userId,guards:[]}};let{guards}=await resolveClaimGuards(db,schemaTables,auth.userId,readState,{tenant});return{success:!0,data:{userId:auth.userId,guards}}};return routes.get("/authorization/guards",guardsHandler),routes.get("/authorization/quotas",guardsHandler),routes.get("/authorization/suppressed-claims",async({request,query,set:set2})=>{let auth=authorizeGuardRead(request,query,set2);if("error"in auth)return auth.error;if(!readState)return{success:!0,data:{userId:auth.userId,suppressedClaims:[],firedGuards:[]}};let tenant=request.headers.get("x-tenant-id")??void 0,{suppressedClaims,firedGuards}=await resolveClaimGuards(db,schemaTables,auth.userId,readState,{tenant});return{success:!0,data:{userId:auth.userId,suppressedClaims,firedGuards}}}),routes}var fail3=(set2,status,message)=>{return set2.status=status,{success:!1,message,data:null}};var init_authorization=__esm(()=>{init_seed();init_ClaimGuard();init_adminGuard()});var import_reflect_metadata2=__toESM(require_Reflect(),1);import{batch,createStore}from"h-state";import{useEffectEvent}from"react";function createInitialState(endpoints){let state={};for(let key of Object.keys(endpoints))state[key]={isPending:!1,data:null,error:null,code:null};return state}function createApiHook(endpoints,factory){let{useStore}=createStore(createInitialState(endpoints),{_callEndpoint:(store)=>async(endpointKey,options)=>{if(!store[endpointKey])return;batch(()=>{store[endpointKey].isPending=!0,store[endpointKey].error=null});try{let response=await factory(endpointKey,options.payload);if(batch(()=>{if(store[endpointKey].isPending=!1,store[endpointKey].code=response.code??null,response.isSuccess&&response.data!==void 0)store[endpointKey].data=response.data,store[endpointKey].error=null;else store[endpointKey].error=response.errors??null}),response.isSuccess)options.onAfterHandle?.(response.data??response);else options.onErrorHandle?.(response.errors??{message:"Request failed"},response.code)}catch(err){batch(()=>{store[endpointKey].isPending=!1,store[endpointKey].error={message:err instanceof Error?err.message:"Unknown error"}}),options.onErrorHandle?.({message:err instanceof Error?err.message:"Unknown error"},null)}}});return function(){let store=useStore(),callEndpoint=useEffectEvent((endpointKey,options)=>{store._callEndpoint(endpointKey,options)}),actions={};for(let key of Object.keys(endpoints)){let startFn=(options)=>{callEndpoint(key,options)};actions[key]={state:store[key],start:startFn}}return actions}}var system_tables_default={$schema:"../schemas/nucleus.tables.schema.json",tables:[{table_name:"users",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"email",type:"varchar",length:255},{name:"password",type:"varchar",length:255},{name:"verified_at",type:"timestamp"},{name:"email_verification_token",type:"varchar",length:255},{name:"email_verification_token_expires_at",type:"timestamp"},{name:"email_verification_sent_at",type:"timestamp"},{name:"email_verification_attempts",type:"integer",default:0},{name:"last_login_at",type:"timestamp"},{name:"login_count",type:"integer",default:0},{name:"is_locked",type:"boolean",default:!1},{name:"locked_until",type:"timestamp"},{name:"failed_login_attempts",type:"integer",default:0},{name:"is_god",type:"boolean",default:!1},{name:"cohort_id",type:"uuid",references:{table:"user_cohorts",column:"id",onDelete:"set null"}},{name:"email_verified",type:"boolean",default:!1}],indexes:[{columns:["email"],unique:!0},{columns:["email","is_active"]},{columns:["last_login_at"]},{columns:["is_locked","locked_until"]}]},{table_name:"profiles",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"first_name",type:"varchar",length:100,notNull:!0},{name:"last_name",type:"varchar",length:100,notNull:!0}],indexes:[{columns:["user_id"],unique:!0},{columns:["first_name","last_name"]}]},{table_name:"roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500}],indexes:[{columns:["name"],unique:!0}]},{table_name:"claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"action",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500},{name:"path",type:"varchar",length:200,notNull:!0},{name:"method",type:"varchar",length:10,notNull:!0},{name:"policy",type:"jsonb"}],indexes:[{columns:["action"],unique:!0},{columns:["path","method"]}]},{table_name:"user_roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}}],indexes:[{columns:["user_id"]},{columns:["role_id"]}],constraints:{unique:[{name:"unique_user_role",columns:["user_id","role_id"]}]}},{table_name:"role_claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}},{name:"claim_id",type:"uuid",notNull:!0,references:{table:"claims",column:"id",onDelete:"cascade"}},{name:"scope",type:"text"}],indexes:[{columns:["role_id"]},{columns:["claim_id"]},{columns:["role_id","claim_id","scope"]}]},{table_name:"files",feature_set:["storage"],add_base_columns:!0,is_form_data:!0,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:255,notNull:!0},{name:"original_name",type:"varchar",length:255,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["image","document","video","audio","profile_picture"]},{name:"path",type:"varchar",length:500,notNull:!0},{name:"size",type:"bigint",mode:"number",notNull:!0},{name:"mime_type",type:"varchar",length:100,notNull:!0},{name:"extension",type:"varchar",length:10,notNull:!0},{name:"uploaded_by",type:"uuid",references:{table:"users",column:"id"}}],indexes:[{columns:["type"]},{columns:["uploaded_by"]},{columns:["size"]}]},{table_name:"addresses",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"street",type:"varchar",length:255},{name:"city",type:"varchar",length:100},{name:"state",type:"varchar",length:50},{name:"zip",type:"varchar",length:20},{name:"country",type:"varchar",length:50,default:"US"},{name:"latitude",type:"decimal",precision:10,scale:8},{name:"longitude",type:"decimal",precision:11,scale:8},{name:"neighborhood",type:"varchar",length:100},{name:"apartment",type:"varchar",length:50},{name:"province",type:"varchar",length:100},{name:"district",type:"varchar",length:100},{name:"type",type:"varchar",length:50}],indexes:[{columns:["city","state"]},{columns:["latitude","longitude"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"phones",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["mobile","office","fax"]},{name:"number",type:"varchar",length:20,notNull:!0},{name:"country_code",type:"varchar",length:10,notNull:!0,default:"+1"},{name:"extension",type:"varchar",length:10}],indexes:[{columns:["number"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"notifications",feature_set:["notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",notNull:!0},{name:"title",type:"varchar",length:255,notNull:!0},{name:"body",type:"varchar",length:1000},{name:"entity_name",type:"varchar",length:100},{name:"entity_id",type:"uuid"},{name:"type",type:"varchar",length:50,notNull:!0,default:"system",enumValues:["verification","system","custom"]},{name:"source",type:"varchar",length:100},{name:"is_seen",type:"boolean",notNull:!0,default:!1},{name:"seen_at",type:"timestamptz"}],indexes:[{columns:["user_id","created_at"]},{columns:["is_seen"]},{columns:["type"]},{columns:["user_id","type","is_seen"]}]},{table_name:"tenants",feature_set:["multi-tenant"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:[],columns:[{name:"subdomain",type:"varchar",length:100,notNull:!0,unique:!0},{name:"schema_name",type:"varchar",length:100,notNull:!0,unique:!0},{name:"company_id",type:"uuid",notNull:!0},{name:"company_name",type:"varchar",length:255},{name:"god_admin_email",type:"varchar",length:255,notNull:!0},{name:"status",type:"varchar",length:20,notNull:!0,default:"provisioning"},{name:"plan",type:"varchar",length:50,default:"free"},{name:"domain",type:"varchar",length:255},{name:"settings",type:"jsonb",default:"{}"},{name:"trusted_sources",type:"jsonb",default:"[]"},{name:"max_users",type:"integer"},{name:"provisioned_at",type:"timestamptz"},{name:"suspended_at",type:"timestamptz"},{name:"suspended_reason",type:"text"}],indexes:[{columns:["status"]}]},{table_name:"tenant_events",feature_set:["multi-tenant"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"tenant_id",type:"uuid",notNull:!0,references:{table:"tenants",column:"id",onDelete:"cascade"}},{name:"event_type",type:"varchar",length:50,notNull:!0},{name:"event_data",type:"jsonb",default:"{}"},{name:"performed_by",type:"varchar",length:255},{name:"ip_address",type:"varchar",length:45}],indexes:[{columns:["tenant_id"]},{columns:["event_type"]}]},{table_name:"tenant_features",feature_set:["multi-tenant"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:[],columns:[{name:"tenant_id",type:"uuid",notNull:!0,references:{table:"tenants",column:"id",onDelete:"cascade"}},{name:"feature_name",type:"varchar",length:100,notNull:!0},{name:"enabled",type:"boolean",notNull:!0,default:!0},{name:"config",type:"jsonb",default:"{}"}],indexes:[{columns:["tenant_id","feature_name"],unique:!0},{columns:["feature_name"]}]},{table_name:"domain_hostnames",feature_set:["domains"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["PUT"],group_name:"Domains",columns:[{name:"owner_type",type:"varchar",length:20,notNull:!0,default:"tenant",comment:"tenant | organization | user | external"},{name:"owner_id",type:"uuid",notNull:!0,comment:"Product-defined owner reference (e.g. band id, org id)"},{name:"tenant_id",type:"uuid",references:{table:"tenants",column:"id",onDelete:"cascade"},comment:"Tenant this hostname routes to; null for non-tenant owners"},{name:"schema_name",type:"varchar",length:100,comment:"Resolved tenant schema for routing"},{name:"hostname",type:"varchar",length:255,notNull:!0,comment:"Original hostname as entered by the user"},{name:"normalized_hostname",type:"varchar",length:255,notNull:!0,unique:!0,comment:"Lowercased, punycode, port-stripped hostname used for matching"},{name:"hostname_kind",type:"varchar",length:20,notNull:!0,default:"apex",comment:"platform_subdomain | apex | www | subdomain"},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending_verification",comment:"draft | pending_verification | verifying | active | failed | disabled | archived"},{name:"routing_status",type:"varchar",length:20,notNull:!0,default:"inactive",comment:"inactive | pending | active | failed"},{name:"certificate_status",type:"varchar",length:20,notNull:!0,default:"pending",comment:"not_required | pending | active | failed"},{name:"verification_status",type:"varchar",length:20,notNull:!0,default:"pending",comment:"pending | verified | failed | expired"},{name:"provider",type:"varchar",length:30,notNull:!0,default:"manual_dns",comment:"manual_dns | cloudflare_for_saas | cloudflare_registrar"},{name:"provider_hostname_id",type:"varchar",length:255},{name:"dns_target",type:"varchar",length:255,comment:"CNAME / A target the customer must point at"},{name:"is_primary",type:"boolean",notNull:!0,default:!1},{name:"redirect_to_hostname_id",type:"uuid",comment:"When set, this hostname 301-redirects to another hostname (e.g. apex to www)"},{name:"activated_at",type:"timestamptz"},{name:"disabled_at",type:"timestamptz"},{name:"failure_reason",type:"text"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["tenant_id"]},{columns:["schema_name"]},{columns:["status"]},{columns:["owner_type","owner_id"]},{columns:["provider","provider_hostname_id"]}]},{table_name:"domain_registrations",feature_set:["domains"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["PUT"],group_name:"Domains",columns:[{name:"owner_type",type:"varchar",length:20,notNull:!0,default:"tenant"},{name:"owner_id",type:"uuid",notNull:!0},{name:"tenant_id",type:"uuid",references:{table:"tenants",column:"id",onDelete:"set null"}},{name:"requested_domain",type:"varchar",length:255,notNull:!0},{name:"registered_domain",type:"varchar",length:255},{name:"provider",type:"varchar",length:30,notNull:!0,default:"cloudflare_registrar"},{name:"provider_registration_id",type:"varchar",length:255},{name:"registrant_owner_type",type:"varchar",length:20,notNull:!0,default:"customer",comment:"customer | platform"},{name:"registrant_contact_snapshot",type:"jsonb",default:"{}"},{name:"status",type:"varchar",length:30,notNull:!0,default:"draft",comment:"draft | availability_checked | awaiting_payment | registering | active | failed | transfer_requested | transferred_out | cancelled | expired"},{name:"price_amount",type:"numeric",precision:12,scale:2},{name:"currency",type:"varchar",length:10},{name:"renewal_date",type:"timestamptz"},{name:"auto_renew",type:"boolean",notNull:!0,default:!0},{name:"terms_version",type:"varchar",length:50},{name:"terms_accepted_at",type:"timestamptz"},{name:"failure_reason",type:"text"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["owner_type","owner_id"]},{columns:["tenant_id"]},{columns:["status"]}]},{table_name:"domain_verification_challenges",feature_set:["domains"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Domains",columns:[{name:"domain_hostname_id",type:"uuid",notNull:!0,references:{table:"domainHostnames",column:"id",onDelete:"cascade"}},{name:"challenge_type",type:"varchar",length:30,notNull:!0,default:"ownership_validation",comment:"hostname_validation | certificate_validation | ownership_validation"},{name:"record_type",type:"varchar",length:10,notNull:!0,default:"TXT",comment:"TXT | CNAME | A | AAAA | HTTP"},{name:"record_name",type:"varchar",length:255,notNull:!0},{name:"record_value",type:"text",notNull:!0},{name:"expected_target",type:"varchar",length:255},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending",comment:"pending | verified | failed | expired"},{name:"expires_at",type:"timestamptz"},{name:"verified_at",type:"timestamptz"},{name:"failure_reason",type:"text"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["domain_hostname_id"]},{columns:["status"]}]},{table_name:"domain_provider_records",feature_set:["domains"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Domains",columns:[{name:"domain_hostname_id",type:"uuid",notNull:!0,references:{table:"domainHostnames",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:30,notNull:!0},{name:"provider_resource_type",type:"varchar",length:30,notNull:!0,comment:"custom_hostname | certificate | validation | zone | dns_record | registration"},{name:"provider_resource_id",type:"varchar",length:255},{name:"provider_status",type:"varchar",length:50},{name:"last_synced_at",type:"timestamptz"},{name:"raw_status",type:"jsonb",default:"{}"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["domain_hostname_id"]},{columns:["provider","provider_resource_id"]}]},{table_name:"domain_events",feature_set:["domains"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Domains",columns:[{name:"domain_hostname_id",type:"uuid",references:{table:"domainHostnames",column:"id",onDelete:"cascade"}},{name:"domain_registration_id",type:"uuid",references:{table:"domainRegistrations",column:"id",onDelete:"cascade"}},{name:"event_type",type:"varchar",length:50,notNull:!0},{name:"actor_type",type:"varchar",length:20},{name:"actor_id",type:"varchar",length:255},{name:"message",type:"text"},{name:"ip_address",type:"varchar",length:45},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["domain_hostname_id"]},{columns:["event_type"]}]},{table_name:"verifications",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"instance_id",type:"uuid",notNull:!0,references:{table:"verificationInstances",column:"id",onDelete:"cascade"}},{name:"requirement_id",type:"uuid",notNull:!0,references:{table:"verificationRequirements",column:"id"}},{name:"verifier_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"signature_id",type:"uuid",references:{table:"files",column:"id"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"decision",type:"varchar",length:50,notNull:!0,default:"pending",enumValues:["approved","rejected","pending"]},{name:"reason",type:"text"},{name:"diff",type:"jsonb"}],indexes:[{columns:["instance_id"]},{columns:["requirement_id"]},{columns:["verifier_id"]},{columns:["entity_name","entity_id"]},{columns:["entity_name","entity_id","step_order"]},{columns:["decision"]}]},{table_name:"verificationRequirements",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"instance_id",type:"uuid",notNull:!0,references:{table:"verificationInstances",column:"id",onDelete:"cascade"}},{name:"step_node_id",type:"varchar",length:100,notNull:!0},{name:"verifier_node_id",type:"varchar",length:100,notNull:!0},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"verifier_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role"]},{name:"verifier_user_id",type:"uuid"},{name:"verifier_role",type:"varchar",length:100},{name:"require_signature",type:"boolean",notNull:!0,default:!1},{name:"all_must_approve",type:"boolean",notNull:!0,default:!1},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"status",type:"varchar",length:30,notNull:!0,default:"pending",enumValues:["pending","approved","rejected"]}],indexes:[{columns:["instance_id"]},{columns:["instance_id","step_order"]},{columns:["entity_name","entity_id"]},{columns:["verifier_user_id"]},{columns:["status"]}]},{table_name:"verificationFlows",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"trigger_on",type:"varchar",length:50,notNull:!0,default:"update",enumValues:["create","update","delete","manual"]},{name:"trigger_fields",type:"jsonb"},{name:"is_draft",type:"boolean",notNull:!0,default:!0},{name:"published_at",type:"timestamptz"},{name:"viewport",type:"jsonb"}],indexes:[{columns:["entity_name"]},{columns:["entity_name","trigger_on"]},{columns:["is_draft"]}]},{table_name:"verificationSteps",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"node_type",type:"varchar",length:50,notNull:!0,default:"step",enumValues:["step","verifier","notification"]},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"name",type:"varchar",length:255},{name:"description",type:"text"},{name:"position_x",type:"numeric",notNull:!0,default:0},{name:"position_y",type:"numeric",notNull:!0,default:0},{name:"width",type:"numeric"},{name:"height",type:"numeric"},{name:"style",type:"jsonb"},{name:"data",type:"jsonb"}],indexes:[{columns:["flow_id"]},{columns:["entity_name"]},{columns:["flow_id","node_id"],unique:!0},{columns:["entity_name","step_order"]}]},{table_name:"verificationEdges",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"edge_id",type:"varchar",length:100,notNull:!0},{name:"source_node_id",type:"varchar",length:100,notNull:!0},{name:"target_node_id",type:"varchar",length:100,notNull:!0},{name:"source_handle",type:"varchar",length:50},{name:"target_handle",type:"varchar",length:50},{name:"edge_type",type:"varchar",length:50,default:"default",enumValues:["default","conditional","success","failure"]},{name:"label",type:"varchar",length:255},{name:"condition",type:"jsonb"},{name:"style",type:"jsonb"},{name:"animated",type:"boolean",default:!1}],indexes:[{columns:["flow_id"]},{columns:["flow_id","edge_id"],unique:!0},{columns:["source_node_id"]},{columns:["target_node_id"]}]},{table_name:"verificationNotificationRules",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"trigger",type:"varchar",length:50,notNull:!0,enumValues:["on_flow_started","on_step_reached","on_approved","on_rejected","on_flow_completed"]},{name:"title_template",type:"varchar",length:255},{name:"body_template",type:"text"},{name:"starts_at",type:"timestamptz"},{name:"expires_at",type:"timestamptz"}],indexes:[{columns:["flow_id"]},{columns:["flow_id","node_id"],unique:!0},{columns:["trigger"]}]},{table_name:"verificationNotificationRecipients",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"rule_id",type:"uuid",notNull:!0,references:{table:"verificationNotificationRules",column:"id",onDelete:"cascade"}},{name:"recipient_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role","all_verifiers","step_verifier","entity_creator"]},{name:"recipient_user_id",type:"uuid"},{name:"recipient_role",type:"varchar",length:100}],indexes:[{columns:["rule_id"]},{columns:["recipient_type"]}]},{table_name:"verificationVerifierConfigs",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"verifier_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role"]},{name:"verifier_user_id",type:"uuid"},{name:"verifier_role",type:"varchar",length:100},{name:"require_signature",type:"boolean",notNull:!0,default:!1},{name:"all_must_approve",type:"boolean",notNull:!0,default:!1}],indexes:[{columns:["flow_id"]},{columns:["flow_id","node_id"],unique:!0},{columns:["verifier_type"]}]},{table_name:"verificationInstances",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"started_by",type:"uuid",references:{table:"users",column:"id"}},{name:"status",type:"varchar",length:30,notNull:!0,default:"active",enumValues:["active","completed","rejected","cancelled"]},{name:"current_step_order",type:"integer",notNull:!0,default:1},{name:"started_at",type:"timestamptz",notNull:!0,defaultRaw:"now()"},{name:"completed_at",type:"timestamptz"}],indexes:[{columns:["flow_id"]},{columns:["entity_name","entity_id"]},{columns:["entity_name","entity_id","status"]},{columns:["status"]},{columns:["started_by"]}]},{table_name:"verificationNotificationChannels",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"rule_id",type:"uuid",notNull:!0,references:{table:"verificationNotificationRules",column:"id",onDelete:"cascade"}},{name:"channel",type:"varchar",length:30,notNull:!0,enumValues:["portal","email","sms","telegram","webhook"]}],indexes:[{columns:["rule_id"]},{columns:["rule_id","channel"],unique:!0},{columns:["channel"]}]},{table_name:"user_cohorts",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"created_by",type:"uuid",references:{table:"users",column:"id",onDelete:"set null"}},{name:"expires_at",type:"timestamptz"},{name:"user_count",type:"integer",notNull:!0,default:0},{name:"metadata",type:"jsonb",default:"{}"}]},{table_name:"user_sessions",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"refresh_token_hash",type:"varchar",length:255},{name:"device_fingerprint",type:"varchar",length:255},{name:"device_name",type:"varchar",length:100},{name:"device_type",type:"varchar",length:50,enumValues:["desktop","mobile","tablet","unknown"]},{name:"browser_name",type:"varchar",length:50},{name:"browser_version",type:"varchar",length:20},{name:"os_name",type:"varchar",length:50},{name:"os_version",type:"varchar",length:20},{name:"ip_address",type:"varchar",length:45,notNull:!0},{name:"location_country",type:"varchar",length:100},{name:"location_city",type:"varchar",length:100},{name:"location_coordinates",type:"varchar",length:50},{name:"last_activity_at",type:"timestamptz",notNull:!0,defaultRaw:"now()"},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"revoked_at",type:"timestamptz"},{name:"revoked_reason",type:"varchar",length:100,enumValues:["user_logout","user_revoked","admin_revoked","security_concern","password_changed","expired","replaced"]},{name:"is_current",type:"boolean",notNull:!0,default:!1},{name:"login_method",type:"varchar",length:50,enumValues:["password","oauth_google","oauth_github","oauth_microsoft","magic_link","sso","api_key"]},{name:"remember_me",type:"boolean",notNull:!0,default:!1},{name:"trust_score",type:"integer",default:100},{name:"approval_status",type:"varchar",length:20,default:"approved",enumValues:["approved","pending","rejected"]},{name:"approval_token",type:"varchar",length:64},{name:"approval_requested_at",type:"timestamptz"},{name:"approval_responded_at",type:"timestamptz"}],indexes:[{columns:["user_id"]},{columns:["token_hash"],unique:!0},{columns:["refresh_token_hash"]},{columns:["user_id","is_active"]},{columns:["expires_at"]},{columns:["device_fingerprint"]},{columns:["ip_address"]},{columns:["last_activity_at"]},{columns:["approval_status"]},{columns:["approval_token"]}]},{table_name:"trusted_devices",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:64,notNull:!0},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending",enumValues:["pending","trusted","revoked"]},{name:"origin_session_id",type:"uuid"},{name:"label",type:"varchar",length:120},{name:"device_fingerprint",type:"varchar",length:255},{name:"first_seen_ip",type:"varchar",length:45},{name:"last_seen_ip",type:"varchar",length:45},{name:"last_seen_at",type:"timestamptz"},{name:"expires_at",type:"timestamptz"},{name:"revoked_at",type:"timestamptz"},{name:"revoked_reason",type:"varchar",length:30,enumValues:["user_revoked","password_reset","logout","admin_revoked","expired","replaced"]}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["user_id","status"]},{columns:["origin_session_id"]},{columns:["expires_at"]}]},{table_name:"password_reset_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",requires:["email"],available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["expires_at"]}]},{table_name:"magic_link_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",requires:["email"],available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"email",type:"varchar",length:255,notNull:!0},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["email"]},{columns:["expires_at"]}]},{table_name:"webauthn_credentials",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",requires:[],available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"credential_id",type:"text",notNull:!0},{name:"public_key",type:"text",notNull:!0},{name:"counter",type:"bigint",mode:"number",notNull:!0,defaultValue:0},{name:"transports",type:"jsonb"},{name:"device_type",type:"varchar",length:32},{name:"backed_up",type:"boolean",notNull:!0,defaultValue:!1},{name:"aaguid",type:"varchar",length:64},{name:"authenticator_attachment",type:"varchar",length:32},{name:"nickname",type:"varchar",length:128},{name:"last_used_at",type:"timestamptz"},{name:"revoked_at",type:"timestamptz"}],indexes:[{columns:["credential_id"],unique:!0},{columns:["user_id"]}]},{table_name:"webauthn_challenges",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",requires:[],available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE","GET"],columns:[{name:"user_id",type:"uuid",references:{table:"users",column:"id",onDelete:"cascade"}},{name:"challenge",type:"text",notNull:!0},{name:"challenge_type",type:"varchar",length:32,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"consumed_at",type:"timestamptz"}],indexes:[{columns:["challenge"],unique:!0},{columns:["user_id"]},{columns:["expires_at"]}]},{table_name:"audit_logs",feature_set:["audit"],add_base_columns:!1,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","DELETE","PATCH","TOGGLE","VERIFICATION"],columns:[{name:"id",type:"uuid",primaryKey:!0,defaultRaw:"gen_random_uuid()"},{name:"entity_id",type:"uuid"},{name:"entity_name",type:"text",notNull:!0},{name:"operation_type",type:"text",notNull:!0},{name:"user_id",type:"uuid"},{name:"ip_address",type:"text"},{name:"user_agent",type:"text"},{name:"summary",type:"text"},{name:"severity",type:"text",default:"info"},{name:"category",type:"text"},{name:"occurrence_count",type:"integer",default:1},{name:"last_occurrence_at",type:"timestamp"},{name:"old_values",type:"jsonb"},{name:"new_values",type:"jsonb"},{name:"created_at",type:"timestamp",notNull:!0,defaultRaw:"now()"},{name:"path",type:"text"},{name:"query",type:"text"}],indexes:[{columns:["entity_id"]},{columns:["entity_name"]},{columns:["user_id"]},{columns:["created_at"]},{columns:["severity"]},{columns:["category"]}]},{table_name:"monitoring_metrics",feature_set:["monitoring"],add_base_columns:!1,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","DELETE","PATCH","TOGGLE","VERIFICATION"],columns:[{name:"id",type:"uuid",primaryKey:!0,defaultRaw:"gen_random_uuid()"},{name:"metric_type",type:"text",notNull:!0},{name:"metric_name",type:"text",notNull:!0},{name:"value",type:"doublePrecision",notNull:!0},{name:"tags",type:"jsonb"},{name:"recorded_at",type:"timestamp",notNull:!0}],indexes:[{columns:["metric_type"]},{columns:["metric_name"]},{columns:["recorded_at"]}]},{table_name:"oauth_accounts",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!1,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:50,notNull:!0,enumValues:["google","github","microsoft","discord","facebook","twitter","apple","custom"]},{name:"provider_account_id",type:"varchar",length:255,notNull:!0},{name:"provider_email",type:"varchar",length:255},{name:"provider_name",type:"varchar",length:255},{name:"provider_avatar_url",type:"text"},{name:"access_token",type:"text"},{name:"refresh_token",type:"text"},{name:"token_expires_at",type:"timestamp"},{name:"scope",type:"text"},{name:"raw_profile",type:"jsonb"},{name:"is_primary",type:"boolean",notNull:!0,default:!1},{name:"last_used_at",type:"timestamp"}],indexes:[{columns:["user_id"]},{columns:["provider","provider_account_id"],unique:!0},{columns:["provider_email"]},{columns:["user_id","provider"]}],constraints:{unique:[{name:"unique_provider_account",columns:["provider","provider_account_id"]}]}},{table_name:"api_keys",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH"],bulk_endpoints_enabled:!1,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"key_hash",type:"varchar",length:255,notNull:!0},{name:"key_preview",type:"varchar",length:20,notNull:!0},{name:"owner_type",type:"varchar",length:30,notNull:!0,default:"personal",enumValues:["personal","application"]},{name:"application_name",type:"varchar",length:255},{name:"allowed_roles",type:"jsonb",notNull:!0,default:"[]"},{name:"allowed_claims",type:"jsonb",notNull:!0,default:"[]"},{name:"allowed_scopes",type:"jsonb",notNull:!0,default:"[]"},{name:"expires_at",type:"timestamptz"},{name:"last_used_at",type:"timestamptz"},{name:"last_used_ip",type:"varchar",length:45},{name:"usage_count",type:"integer",notNull:!0,default:0},{name:"revoked_at",type:"timestamptz"},{name:"revoked_reason",type:"varchar",length:255}],indexes:[{columns:["key_hash"],unique:!0},{columns:["user_id"]},{columns:["user_id","is_active"]},{columns:["owner_type"]},{columns:["expires_at"]},{columns:["last_used_at"]}]},{table_name:"backup_logs",feature_set:["backup"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main","all"],excluded_schemas:[],excluded_methods:["PUT","PATCH"],columns:[{name:"backup_name",type:"varchar",length:255,notNull:!0},{name:"file_name",type:"varchar",length:500,notNull:!0},{name:"schema_name",type:"varchar",length:100,notNull:!0},{name:"format",type:"varchar",length:20,notNull:!0,default:"json"},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending"},{name:"trigger",type:"varchar",length:20,notNull:!0,default:"manual"},{name:"size_bytes",type:"integer"},{name:"table_count",type:"integer"},{name:"row_count",type:"integer"},{name:"included_tables",type:"jsonb",default:"[]"},{name:"excluded_tables",type:"jsonb",default:"[]"},{name:"error_message",type:"text"},{name:"started_at",type:"timestamp"},{name:"completed_at",type:"timestamp"},{name:"performed_by",type:"varchar",length:255},{name:"cron_expression",type:"varchar",length:100},{name:"retention_days",type:"integer"}],indexes:[{columns:["schema_name"]},{columns:["status"]},{columns:["trigger"]},{columns:["created_at"]}]},{table_name:"payment_transactions",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["DELETE"],columns:[{name:"user_id",type:"uuid",references:{table:"users",column:"id"}},{name:"order_id",type:"varchar",length:255},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_transaction_id",type:"varchar",length:255},{name:"provider_payment_id",type:"varchar",length:255},{name:"payment_method",type:"varchar",length:50},{name:"amount",type:"numeric",precision:12,scale:2,notNull:!0,default:0},{name:"currency",type:"varchar",length:10,notNull:!0,default:"TRY"},{name:"status",type:"varchar",length:30,notNull:!0,default:"pending",enumValues:["pending","processing","completed","failed","refunded","partially_refunded","cancelled"]},{name:"status_code",type:"integer"},{name:"status_message",type:"text"},{name:"card_last_four",type:"varchar",length:4},{name:"card_type",type:"varchar",length:50},{name:"card_association",type:"varchar",length:50},{name:"installment",type:"integer",default:1},{name:"is_three_d_secure",type:"boolean",default:!1},{name:"provider_response",type:"jsonb",default:"{}"},{name:"metadata",type:"jsonb",default:"{}"},{name:"refunded_amount",type:"numeric",precision:12,scale:2,default:0},{name:"refunded_at",type:"timestamptz"},{name:"completed_at",type:"timestamptz"},{name:"failed_at",type:"timestamptz"},{name:"ip_address",type:"varchar",length:45}],indexes:[{columns:["user_id"]},{columns:["order_id"]},{columns:["provider"]},{columns:["provider_payment_id"]},{columns:["status"]},{columns:["user_id","status"]}]},{table_name:"payment_methods",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"type",type:"varchar",length:30,notNull:!0,default:"card",enumValues:["card","bank_account","wallet"]},{name:"alias",type:"varchar",length:100},{name:"card_last_four",type:"varchar",length:4},{name:"card_type",type:"varchar",length:50},{name:"card_association",type:"varchar",length:50},{name:"card_family",type:"varchar",length:100},{name:"card_bank_name",type:"varchar",length:100},{name:"provider_card_user_key",type:"varchar",length:255},{name:"provider_card_token",type:"varchar",length:255},{name:"bin_number",type:"varchar",length:8},{name:"is_default",type:"boolean",default:!1},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["user_id"]},{columns:["provider"]},{columns:["user_id","is_default"]},{columns:["provider_card_user_key"]}]},{table_name:"payment_webhook_logs",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["PUT","PATCH","DELETE"],columns:[{name:"provider",type:"varchar",length:50,notNull:!0},{name:"event_type",type:"varchar",length:100,notNull:!0},{name:"provider_payment_id",type:"varchar",length:255},{name:"raw_payload",type:"jsonb",notNull:!0},{name:"processed",type:"boolean",default:!1},{name:"processing_result",type:"jsonb"},{name:"error_message",type:"text"},{name:"ip_address",type:"varchar",length:45},{name:"idempotency_key",type:"varchar",length:255}],indexes:[{columns:["provider"]},{columns:["event_type"]},{columns:["provider_payment_id"]},{columns:["processed"]},{columns:["idempotency_key"],unique:!0}]},{table_name:"payment_sub_merchants",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",references:{table:"users",column:"id"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_sub_merchant_key",type:"varchar",length:255},{name:"external_id",type:"varchar",length:255},{name:"type",type:"varchar",length:50,notNull:!0,default:"personal",enumValues:["personal","private_company","limited_or_joint_stock_company"]},{name:"status",type:"varchar",length:30,notNull:!0,default:"pending",enumValues:["pending","active","suspended","rejected"]},{name:"name",type:"varchar",length:255,notNull:!0},{name:"email",type:"varchar",length:255,notNull:!0},{name:"gsm_number",type:"varchar",length:20},{name:"address",type:"text"},{name:"iban",type:"varchar",length:50},{name:"contact_name",type:"varchar",length:100},{name:"contact_surname",type:"varchar",length:100},{name:"identity_number",type:"varchar",length:20},{name:"tax_office",type:"varchar",length:100},{name:"tax_number",type:"varchar",length:20},{name:"legal_company_title",type:"varchar",length:255},{name:"currency",type:"varchar",length:10,default:"TRY"},{name:"commission_rate",type:"numeric",precision:5,scale:2,default:0},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["user_id"]},{columns:["provider"]},{columns:["provider_sub_merchant_key"]},{columns:["external_id"]},{columns:["status"]},{columns:["email"]}]},{table_name:"payment_commission_splits",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["DELETE"],columns:[{name:"transaction_id",type:"uuid",notNull:!0,references:{table:"payment_transactions",column:"id",onDelete:"cascade"}},{name:"sub_merchant_id",type:"uuid",notNull:!0,references:{table:"payment_sub_merchants",column:"id"}},{name:"basket_item_id",type:"varchar",length:255},{name:"item_price",type:"numeric",precision:12,scale:2,notNull:!0,default:0},{name:"sub_merchant_price",type:"numeric",precision:12,scale:2,notNull:!0,default:0},{name:"platform_commission",type:"numeric",precision:12,scale:2,notNull:!0,default:0},{name:"commission_rate",type:"numeric",precision:5,scale:2,default:0},{name:"provider_split_id",type:"varchar",length:255},{name:"currency",type:"varchar",length:10,notNull:!0,default:"TRY"},{name:"status",type:"varchar",length:30,notNull:!0,default:"pending",enumValues:["pending","approved","disapproved","refunded"]},{name:"approved_at",type:"timestamptz"},{name:"disapproved_at",type:"timestamptz"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["transaction_id"]},{columns:["sub_merchant_id"]},{columns:["status"]},{columns:["transaction_id","sub_merchant_id"]},{columns:["provider_split_id"]}]},{table_name:"payment_products",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_product_id",type:"varchar",length:255},{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"type",type:"varchar",length:30,default:"service",enumValues:["service","good"]},{name:"status",type:"varchar",length:30,notNull:!0,default:"active",enumValues:["active","archived","draft"]},{name:"images",type:"jsonb",default:"[]"},{name:"unit_label",type:"varchar",length:50},{name:"url",type:"varchar",length:500},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["provider"]},{columns:["provider_product_id"]},{columns:["name"]},{columns:["status"]},{columns:["type"]}]},{table_name:"payment_prices",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["DELETE"],columns:[{name:"product_id",type:"uuid",notNull:!0,references:{table:"payment_products",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_price_id",type:"varchar",length:255},{name:"currency",type:"varchar",length:10,notNull:!0,default:"USD"},{name:"unit_amount",type:"integer",notNull:!0,default:0},{name:"unit_amount_decimal",type:"varchar",length:30},{name:"type",type:"varchar",length:30,notNull:!0,default:"one_time",enumValues:["one_time","recurring"]},{name:"billing_scheme",type:"varchar",length:30,default:"per_unit",enumValues:["per_unit","tiered"]},{name:"nickname",type:"varchar",length:255},{name:"recurring_interval",type:"varchar",length:20,enumValues:["day","week","month","year"]},{name:"recurring_interval_count",type:"integer",default:1},{name:"recurring_usage_type",type:"varchar",length:20,default:"licensed",enumValues:["licensed","metered"]},{name:"recurring_aggregate_usage",type:"varchar",length:30,enumValues:["sum","last_during_period","last_ever","max"]},{name:"transform_quantity_divide_by",type:"integer"},{name:"transform_quantity_round",type:"varchar",length:10,enumValues:["up","down"]},{name:"status",type:"varchar",length:30,notNull:!0,default:"active",enumValues:["active","archived"]},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["product_id"]},{columns:["provider"]},{columns:["provider_price_id"]},{columns:["type"]},{columns:["currency"]},{columns:["status"]},{columns:["product_id","status"]}]},{table_name:"payment_customers",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",references:{table:"users",column:"id"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_customer_id",type:"varchar",length:255,notNull:!0},{name:"email",type:"varchar",length:255,notNull:!0},{name:"name",type:"varchar",length:255},{name:"phone",type:"varchar",length:50},{name:"description",type:"text"},{name:"address",type:"jsonb",default:"{}"},{name:"tax_id_type",type:"varchar",length:50},{name:"tax_id_value",type:"varchar",length:100},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["user_id"]},{columns:["provider"]},{columns:["provider_customer_id"]},{columns:["email"]},{columns:["user_id","provider"],unique:!0}]},{table_name:"payment_subscriptions",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["DELETE"],columns:[{name:"customer_id",type:"uuid",notNull:!0,references:{table:"payment_customers",column:"id"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_subscription_id",type:"varchar",length:255},{name:"status",type:"varchar",length:30,notNull:!0,default:"incomplete",enumValues:["active","past_due","unpaid","canceled","incomplete","incomplete_expired","trialing","paused"]},{name:"collection_method",type:"varchar",length:30,default:"charge_automatically",enumValues:["charge_automatically","send_invoice"]},{name:"current_period_start",type:"timestamptz"},{name:"current_period_end",type:"timestamptz"},{name:"cancel_at_period_end",type:"boolean",default:!1},{name:"canceled_at",type:"timestamptz"},{name:"trial_start",type:"timestamptz"},{name:"trial_end",type:"timestamptz"},{name:"items",type:"jsonb",default:"[]"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["customer_id"]},{columns:["provider"]},{columns:["provider_subscription_id"]},{columns:["status"]},{columns:["customer_id","status"]}]},{table_name:"payment_invoices",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["DELETE"],columns:[{name:"customer_id",type:"uuid",notNull:!0,references:{table:"payment_customers",column:"id"}},{name:"subscription_id",type:"uuid",references:{table:"payment_subscriptions",column:"id"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_invoice_id",type:"varchar",length:255},{name:"status",type:"varchar",length:30,notNull:!0,default:"draft",enumValues:["draft","open","paid","uncollectible","void"]},{name:"collection_method",type:"varchar",length:30,default:"charge_automatically",enumValues:["charge_automatically","send_invoice"]},{name:"currency",type:"varchar",length:10,notNull:!0,default:"USD"},{name:"amount_due",type:"integer",default:0},{name:"amount_paid",type:"integer",default:0},{name:"amount_remaining",type:"integer",default:0},{name:"description",type:"text"},{name:"hosted_invoice_url",type:"varchar",length:1000},{name:"invoice_pdf",type:"varchar",length:1000},{name:"due_date",type:"timestamptz"},{name:"days_until_due",type:"integer"},{name:"period_start",type:"timestamptz"},{name:"period_end",type:"timestamptz"},{name:"paid_at",type:"timestamptz"},{name:"voided_at",type:"timestamptz"},{name:"lines",type:"jsonb",default:"[]"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["customer_id"]},{columns:["subscription_id"]},{columns:["provider"]},{columns:["provider_invoice_id"]},{columns:["status"]},{columns:["customer_id","status"]}]},{table_name:"chat_conversations",feature_set:["authentication","chat"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"type",type:"varchar",length:20,notNull:!0,default:"direct",enumValues:["direct","group"]},{name:"title",type:"varchar",length:255},{name:"description",type:"text"},{name:"avatar_file_id",type:"uuid"},{name:"direct_key",type:"varchar",length:255},{name:"last_message_at",type:"timestamptz"},{name:"last_message_preview",type:"varchar",length:500},{name:"last_message_sender_id",type:"uuid",references:{table:"users",column:"id",onDelete:"set null"}}],indexes:[{columns:["direct_key"],unique:!0},{columns:["type"]},{columns:["last_message_at"]}]},{table_name:"chat_participants",feature_set:["authentication","chat"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"conversation_id",type:"uuid",notNull:!0,references:{table:"chat_conversations",column:"id",onDelete:"cascade"}},{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"role",type:"varchar",length:20,notNull:!0,default:"member",enumValues:["member","admin","owner"]},{name:"last_read_message_id",type:"uuid"},{name:"last_read_at",type:"timestamptz"},{name:"unread_count",type:"integer",notNull:!0,default:0},{name:"muted",type:"boolean",notNull:!0,default:!1},{name:"muted_until",type:"timestamptz"},{name:"notifications_enabled",type:"boolean",notNull:!0,default:!0},{name:"left_at",type:"timestamptz"}],indexes:[{columns:["user_id"]},{columns:["conversation_id"]}],constraints:{unique:[{name:"unique_conversation_participant",columns:["conversation_id","user_id"]}]}},{table_name:"chat_messages",feature_set:["authentication","chat"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"conversation_id",type:"uuid",notNull:!0,references:{table:"chat_conversations",column:"id",onDelete:"cascade"}},{name:"sender_id",type:"uuid",references:{table:"users",column:"id",onDelete:"set null"}},{name:"content",type:"text"},{name:"content_type",type:"varchar",length:20,notNull:!0,default:"text",enumValues:["text","image","file","video","audio","system"]},{name:"reply_to_id",type:"uuid",references:{table:"chat_messages",column:"id",onDelete:"set null"}},{name:"metadata",type:"jsonb",default:"{}"},{name:"client_message_id",type:"varchar",length:100},{name:"edited_at",type:"timestamptz"},{name:"deleted_at",type:"timestamptz"}],indexes:[{columns:["conversation_id","created_at"]},{columns:["sender_id"]},{columns:["reply_to_id"]}]},{table_name:"chat_message_attachments",feature_set:["authentication","chat","storage"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"message_id",type:"uuid",notNull:!0,references:{table:"chat_messages",column:"id",onDelete:"cascade"}},{name:"conversation_id",type:"uuid",notNull:!0,references:{table:"chat_conversations",column:"id",onDelete:"cascade"}},{name:"file_id",type:"uuid",notNull:!0,references:{table:"files",column:"id",onDelete:"cascade"}},{name:"kind",type:"varchar",length:20,notNull:!0,default:"file",enumValues:["image","video","audio","file"]},{name:"original_name",type:"varchar",length:255},{name:"mime_type",type:"varchar",length:100},{name:"size",type:"bigint",mode:"number"},{name:"width",type:"integer"},{name:"height",type:"integer"},{name:"duration",type:"integer"}],indexes:[{columns:["message_id"]},{columns:["conversation_id"]},{columns:["file_id"]}]},{table_name:"payment_splits",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Payments Marketplace",columns:[{name:"transaction_id",type:"uuid",references:{table:"paymentTransactions",column:"id",onDelete:"set null"}},{name:"recipient_owner_type",type:"varchar",length:20,notNull:!0,default:"seller",comment:"seller | platform | tenant | user"},{name:"recipient_owner_id",type:"uuid",notNull:!0},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"gross_amount",type:"bigint",mode:"number",notNull:!0,comment:"Minor units"},{name:"provider_fee_amount",type:"bigint",mode:"number",notNull:!0,default:0},{name:"platform_fee_amount",type:"bigint",mode:"number",notNull:!0,default:0},{name:"reserve_amount",type:"bigint",mode:"number",notNull:!0,default:0},{name:"net_payable_amount",type:"bigint",mode:"number",notNull:!0},{name:"currency",type:"varchar",length:10,notNull:!0},{name:"available_for_payout_at",type:"timestamptz"},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending",comment:"pending | available | payout_requested | paid | held | refunded | disputed | cancelled"},{name:"source_type",type:"varchar",length:50},{name:"source_id",type:"varchar",length:255},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["recipient_owner_type","recipient_owner_id"]},{columns:["status"]},{columns:["transaction_id"]}]},{table_name:"payment_ledger_entries",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Payments Marketplace",columns:[{name:"account",type:"varchar",length:40,notNull:!0,comment:"platform_revenue | provider_fee | seller_payable | reserve | refund_liability | dispute_liability | payout_in_transit | payout_completed"},{name:"owner_type",type:"varchar",length:20},{name:"owner_id",type:"uuid"},{name:"direction",type:"varchar",length:6,notNull:!0,comment:"debit | credit"},{name:"amount",type:"bigint",mode:"number",notNull:!0,comment:"Minor units"},{name:"currency",type:"varchar",length:10,notNull:!0},{name:"entry_type",type:"varchar",length:40,notNull:!0,comment:"split | refund | payout | reserve_hold | reserve_release | dispute | adjustment"},{name:"reference_type",type:"varchar",length:50},{name:"reference_id",type:"varchar",length:255},{name:"split_id",type:"uuid",references:{table:"paymentSplits",column:"id",onDelete:"set null"}},{name:"description",type:"text"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["account"]},{columns:["owner_type","owner_id"]},{columns:["entry_type"]},{columns:["reference_type","reference_id"]}]},{table_name:"payment_settlement_policies",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],group_name:"Payments Marketplace",columns:[{name:"owner_type",type:"varchar",length:20,notNull:!0,default:"tenant",comment:"tenant | seller"},{name:"owner_id",type:"uuid",notNull:!0},{name:"default_delay_days",type:"integer",notNull:!0,default:7},{name:"new_seller_delay_days",type:"integer",notNull:!0,default:14},{name:"reserve_rate",type:"numeric",precision:5,scale:4,notNull:!0,default:0,comment:"Fraction 0..1 held as reserve"},{name:"reserve_days",type:"integer",notNull:!0,default:0},{name:"minimum_payout_amount",type:"bigint",mode:"number",notNull:!0,default:0},{name:"currency",type:"varchar",length:10},{name:"early_payout_enabled",type:"boolean",notNull:!0,default:!1},{name:"status",type:"varchar",length:20,notNull:!0,default:"active"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["owner_type","owner_id"],unique:!0}]},{table_name:"payment_reserves",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Payments Marketplace",columns:[{name:"owner_type",type:"varchar",length:20,notNull:!0,default:"seller"},{name:"owner_id",type:"uuid",notNull:!0},{name:"split_id",type:"uuid",references:{table:"paymentSplits",column:"id",onDelete:"set null"}},{name:"amount",type:"bigint",mode:"number",notNull:!0},{name:"currency",type:"varchar",length:10,notNull:!0},{name:"reason",type:"varchar",length:30,notNull:!0,default:"refund_window",comment:"refund_window | chargeback_risk | new_seller | manual_hold | dispute | compliance_review"},{name:"status",type:"varchar",length:20,notNull:!0,default:"held",comment:"held | released | consumed | cancelled"},{name:"release_at",type:"timestamptz"},{name:"released_at",type:"timestamptz"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["owner_type","owner_id"]},{columns:["status"]},{columns:["release_at"]}]},{table_name:"payment_payout_requests",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["PUT"],group_name:"Payments Marketplace",columns:[{name:"recipient_owner_type",type:"varchar",length:20,notNull:!0,default:"seller"},{name:"recipient_owner_id",type:"uuid",notNull:!0},{name:"amount",type:"bigint",mode:"number",notNull:!0},{name:"currency",type:"varchar",length:10,notNull:!0},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending",comment:"pending | approved | rejected | processing | completed | failed | cancelled"},{name:"provider",type:"varchar",length:50},{name:"provider_payout_id",type:"varchar",length:255},{name:"provider_transfer_id",type:"varchar",length:255},{name:"destination",type:"varchar",length:255},{name:"requested_by",type:"uuid"},{name:"decided_by",type:"uuid"},{name:"decided_at",type:"timestamptz"},{name:"completed_at",type:"timestamptz"},{name:"failure_reason",type:"text"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["recipient_owner_type","recipient_owner_id"]},{columns:["status"]}]},{table_name:"payment_disputes",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["PUT"],group_name:"Payments Marketplace",columns:[{name:"transaction_id",type:"uuid",references:{table:"paymentTransactions",column:"id",onDelete:"set null"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_dispute_id",type:"varchar",length:255},{name:"owner_type",type:"varchar",length:20},{name:"owner_id",type:"uuid"},{name:"amount",type:"bigint",mode:"number"},{name:"currency",type:"varchar",length:10},{name:"reason",type:"varchar",length:100},{name:"status",type:"varchar",length:30,notNull:!0,default:"open",comment:"open | under_review | won | lost | accepted | cancelled"},{name:"evidence_due_at",type:"timestamptz"},{name:"resolved_at",type:"timestamptz"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["provider","provider_dispute_id"]},{columns:["status"]},{columns:["owner_type","owner_id"]},{columns:["transaction_id"]}]}]};var AUTH_ENDPOINT_CONFIGS={login:{key:"LOGIN",method:"POST",defaultRoute:"/auth/login",defaultIsPublic:!0,_payload:void 0,_success:void 0,_error:void 0},register:{key:"REGISTER",method:"POST",defaultRoute:"/auth/register",defaultIsPublic:!0,_payload:void 0,_success:void 0,_error:void 0},logout:{key:"LOGOUT",method:"POST",defaultRoute:"/auth/logout",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},refresh:{key:"REFRESH",method:"POST",defaultRoute:"/auth/refresh",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},me:{key:"ME",method:"GET",defaultRoute:"/auth/me",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},passwordChange:{key:"PASSWORD_CHANGE",method:"POST",defaultRoute:"/auth/password-change",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},passwordSet:{key:"PASSWORD_SET",method:"POST",defaultRoute:"/auth/password-set",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},passwordReset:{key:"PASSWORD_RESET_REQUEST",method:"POST",defaultRoute:"/auth/password-reset",defaultIsPublic:!0,subEndpoints:[{key:"PASSWORD_RESET_REQUEST",method:"POST",suffix:"/request",_payload:void 0,_success:void 0,_error:void 0},{key:"PASSWORD_RESET_CONFIRM",method:"POST",suffix:"/confirm",_payload:void 0,_success:void 0,_error:void 0}]},sessions:{key:"SESSIONS",method:"GET",defaultRoute:"/auth/sessions",defaultIsPublic:!1,subEndpoints:[{key:"SESSIONS",method:"GET",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_CURRENT",method:"GET",suffix:"/current",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_STATS",method:"GET",suffix:"/stats",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_PENDING",method:"GET",suffix:"/pending",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_REVOKE",method:"DELETE",suffix:"/:sessionId",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_REVOKE_ALL",method:"DELETE",suffix:"/all",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_APPROVE",method:"POST",suffix:"/approve",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_REJECT",method:"POST",suffix:"/reject",_payload:void 0,_success:void 0,_error:void 0}]},magicLink:{key:"MAGIC_LINK",method:"POST",defaultRoute:"/auth/magic-link",defaultIsPublic:!0,subEndpoints:[{key:"MAGIC_LINK",method:"POST",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"MAGIC_LINK_VERIFY",method:"GET",suffix:"/verify",routeKey:"verifyRoute",_payload:void 0,_success:void 0,_error:void 0}]},invite:{key:"INVITE",method:"POST",defaultRoute:"/auth/invite",defaultIsPublic:!1,subEndpoints:[{key:"INVITE",method:"POST",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"INVITE_VERIFY",method:"POST",suffix:"/verify",_payload:void 0,_success:void 0,_error:void 0}]},emailVerification:{key:"VERIFY_EMAIL",method:"GET",defaultRoute:"/verify-email",defaultIsPublic:!0,subEndpoints:[{key:"VERIFY_EMAIL",method:"GET",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"RESEND_VERIFICATION",method:"POST",suffix:"",routeKey:"resendRoute",defaultRoute:"/resend-verification",_payload:void 0,_success:void 0,_error:void 0}]},captcha:{key:"CAPTCHA",method:"GET",defaultRoute:"/auth/captcha",defaultIsPublic:!0,subEndpoints:[{key:"CAPTCHA_GENERATE",method:"GET",suffix:"/generate",_payload:void 0,_success:void 0,_error:void 0},{key:"CAPTCHA_VALIDATE",method:"POST",suffix:"/validate",_payload:void 0,_success:void 0,_error:void 0}]},oauth:{key:"OAUTH_PROVIDERS",method:"GET",defaultRoute:"/auth/oauth/providers",defaultIsPublic:!0,subEndpoints:[{key:"OAUTH_PROVIDERS",method:"GET",suffix:"/providers",_payload:void 0,_success:void 0,_error:void 0},{key:"OAUTH_REDIRECT",method:"GET",suffix:"/:provider",_payload:void 0,_success:void 0,_error:void 0},{key:"OAUTH_ACCOUNTS",method:"GET",suffix:"/accounts",_payload:void 0,_success:void 0,_error:void 0},{key:"OAUTH_UNLINK",method:"DELETE",suffix:"/unlink/:provider",_payload:void 0,_success:void 0,_error:void 0}]},webauthn:{key:"WEBAUTHN",method:"POST",defaultRoute:"/auth/webauthn",defaultIsPublic:!1,subEndpoints:[{key:"WEBAUTHN_REGISTER_OPTIONS",method:"POST",suffix:"/register/options",_payload:void 0,_success:void 0,_error:void 0},{key:"WEBAUTHN_REGISTER_VERIFY",method:"POST",suffix:"/register/verify",_payload:void 0,_success:void 0,_error:void 0},{key:"WEBAUTHN_AUTH_OPTIONS",method:"POST",suffix:"/authenticate/options",_payload:void 0,_success:void 0,_error:void 0},{key:"WEBAUTHN_AUTH_VERIFY",method:"POST",suffix:"/authenticate/verify",_payload:void 0,_success:void 0,_error:void 0},{key:"WEBAUTHN_LIST",method:"GET",suffix:"/credentials",_payload:void 0,_success:void 0,_error:void 0},{key:"WEBAUTHN_REVOKE",method:"DELETE",suffix:"/credentials/:credentialId",_payload:void 0,_success:void 0,_error:void 0},{key:"WEBAUTHN_RENAME",method:"PATCH",suffix:"/credentials/:credentialId",_payload:void 0,_success:void 0,_error:void 0}]},apiKeys:{key:"API_KEYS",method:"GET",defaultRoute:"/auth/api-keys",defaultIsPublic:!1,subEndpoints:[{key:"API_KEYS_CREATE",method:"POST",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"API_KEYS_LIST",method:"GET",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"API_KEYS_DETAIL",method:"GET",suffix:"/:id",_payload:void 0,_success:void 0,_error:void 0},{key:"API_KEYS_UPDATE",method:"PATCH",suffix:"/:id",_payload:void 0,_success:void 0,_error:void 0},{key:"API_KEYS_REVOKE",method:"DELETE",suffix:"/:id",_payload:void 0,_success:void 0,_error:void 0}]}},AUTH_ENDPOINTS={LOGIN:{method:"POST",path:"/auth/login",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},REGISTER:{method:"POST",path:"/auth/register",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},LOGOUT:{method:"POST",path:"/auth/logout",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},REFRESH:{method:"POST",path:"/auth/refresh",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},ME:{method:"GET",path:"/auth/me",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PASSWORD_CHANGE:{method:"POST",path:"/auth/password/change",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PASSWORD_SET:{method:"POST",path:"/auth/password/set",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PASSWORD_RESET_REQUEST:{method:"POST",path:"/auth/password/reset-request",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},PASSWORD_RESET_CONFIRM:{method:"POST",path:"/auth/password/reset-confirm",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},SESSIONS:{method:"GET",path:"/auth/sessions",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},SESSIONS_CURRENT:{method:"GET",path:"/auth/sessions/current",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},SESSIONS_STATS:{method:"GET",path:"/auth/sessions/stats",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},SESSIONS_PENDING:{method:"GET",path:"/auth/sessions/pending",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},SESSIONS_REVOKE:{method:"POST",path:"/auth/sessions/revoke",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},SESSIONS_REVOKE_ALL:{method:"POST",path:"/auth/sessions/revoke-all",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},SESSIONS_APPROVE:{method:"POST",path:"/auth/sessions/approve",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},SESSIONS_REJECT:{method:"POST",path:"/auth/sessions/reject",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},MAGIC_LINK:{method:"POST",path:"/auth/magic-link",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},MAGIC_LINK_VERIFY:{method:"POST",path:"/auth/magic-link/verify",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},INVITE:{method:"POST",path:"/auth/invite",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},INVITE_VERIFY:{method:"POST",path:"/auth/invite/verify",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},VERIFY_EMAIL:{method:"POST",path:"/auth/verify-email",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},RESEND_VERIFICATION:{method:"POST",path:"/auth/resend-verification",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},CAPTCHA_GENERATE:{method:"POST",path:"/auth/captcha/generate",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},CAPTCHA_VALIDATE:{method:"POST",path:"/auth/captcha/validate",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},WEBAUTHN_REGISTER_OPTIONS:{method:"POST",path:"/auth/webauthn/register/options",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},WEBAUTHN_REGISTER_VERIFY:{method:"POST",path:"/auth/webauthn/register/verify",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},WEBAUTHN_AUTH_OPTIONS:{method:"POST",path:"/auth/webauthn/authenticate/options",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},WEBAUTHN_AUTH_VERIFY:{method:"POST",path:"/auth/webauthn/authenticate/verify",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},WEBAUTHN_LIST:{method:"GET",path:"/auth/webauthn/credentials",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},WEBAUTHN_REVOKE:{method:"DELETE",path:"/auth/webauthn/credentials/:credentialId",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},WEBAUTHN_RENAME:{method:"PATCH",path:"/auth/webauthn/credentials/:credentialId",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_IMPERSONATE:{method:"POST",path:"/auth/admin/impersonate",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_IMPERSONATE_STOP:{method:"POST",path:"/auth/admin/impersonate/stop",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_CHANGE_USER_ID:{method:"POST",path:"/auth/admin/change-user-id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_CREATE_USER:{method:"POST",path:"/auth/admin/create-user",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_HARD_DELETE_USER:{method:"DELETE",path:"/auth/admin/hard-delete/:userId",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},API_KEYS_CREATE:{method:"POST",path:"/auth/api-keys",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},API_KEYS_LIST:{method:"GET",path:"/auth/api-keys",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},API_KEYS_DETAIL:{method:"GET",path:"/auth/api-keys/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},API_KEYS_UPDATE:{method:"PUT",path:"/auth/api-keys/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},API_KEYS_REVOKE:{method:"DELETE",path:"/auth/api-keys/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}},CONFIG_ENDPOINTS={CONFIG_GET:{method:"GET",path:"/nucleus/config",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CONFIG_SECTIONS:{method:"GET",path:"/nucleus/config/sections",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CONFIG_SECTION_GET:{method:"GET",path:"/nucleus/config/:section",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CONFIG_SECTION_UPDATE:{method:"PATCH",path:"/nucleus/config/:section",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CONFIG_ENV:{method:"GET",path:"/nucleus/config/env",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CONFIG_OVERRIDES_GET:{method:"GET",path:"/nucleus/config/overrides",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CONFIG_OVERRIDES_CLEAR:{method:"DELETE",path:"/nucleus/config/overrides",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CONFIG_RESTART:{method:"POST",path:"/nucleus/config/restart",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}},VERIFICATION_ENDPOINTS={VERIFICATION_STATUS:{method:"GET",path:"/verification/status/:entity_name/:entity_id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},VERIFICATION_DECIDE:{method:"POST",path:"/verification/decide/:entity_name/:entity_id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},VERIFICATION_PENDING:{method:"GET",path:"/verification/pending",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},VERIFICATION_HISTORY:{method:"GET",path:"/verification/history/:entity_name/:entity_id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},VERIFICATION_START:{method:"POST",path:"/verification/start",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},VERIFICATION_START_FOR_ENTITY:{method:"POST",path:"/verification/start-for-entity",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},VERIFICATION_ENTITY_STATUSES:{method:"GET",path:"/verification/entity-statuses/:entity_name",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},FLOW_LIST:{method:"GET",path:"/verification/flows",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},FLOW_GET:{method:"GET",path:"/verification/flows/:flow_id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},FLOW_SAVE:{method:"POST",path:"/verification/flows",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},FLOW_PUBLISH:{method:"POST",path:"/verification/flows/:flow_id/publish",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},FLOW_DELETE:{method:"DELETE",path:"/verification/flows/:flow_id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},NOTIFICATION_LIST:{method:"GET",path:"/notifications",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},NOTIFICATION_UNSEEN_COUNT:{method:"GET",path:"/notifications/unseen-count",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},NOTIFICATION_MARK_SEEN:{method:"POST",path:"/notifications/:notification_id/seen",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},NOTIFICATION_MARK_ALL_SEEN:{method:"POST",path:"/notifications/seen-all",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}},CHAT_ENDPOINTS={CHAT_LIST_CONVERSATIONS:{method:"GET",path:"/chat/conversations",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CHAT_CREATE_CONVERSATION:{method:"POST",path:"/chat/conversations",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CHAT_GET_CONVERSATION:{method:"GET",path:"/chat/conversations/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CHAT_GET_MESSAGES:{method:"GET",path:"/chat/conversations/:id/messages",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CHAT_SEND_MESSAGE:{method:"POST",path:"/chat/conversations/:id/messages",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CHAT_MARK_READ:{method:"POST",path:"/chat/conversations/:id/read",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CHAT_TYPING:{method:"POST",path:"/chat/conversations/:id/typing",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CHAT_ADD_PARTICIPANTS:{method:"POST",path:"/chat/conversations/:id/participants",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CHAT_REMOVE_PARTICIPANT:{method:"DELETE",path:"/chat/conversations/:id/participants/:userId",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CHAT_EDIT_MESSAGE:{method:"PATCH",path:"/chat/messages/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CHAT_DELETE_MESSAGE:{method:"DELETE",path:"/chat/messages/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}},MONITORING_ENDPOINTS={MONITORING_HEALTH_CHECK:{method:"GET",path:"/monitoring/health",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},MONITORING_GET_SETTINGS:{method:"GET",path:"/monitoring/settings",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},MONITORING_CHANGE_SETTINGS:{method:"PATCH",path:"/monitoring/settings",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},MONITORING_GET_LOGS:{method:"GET",path:"/monitoring/logs",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}},PAYMENT_ENDPOINTS={PAYMENT_INITIALIZE:{method:"POST",path:"/payments/initialize",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_TRANSACTIONS:{method:"GET",path:"/payments/transactions",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_TRANSACTION_DETAIL:{method:"GET",path:"/payments/transactions/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_BIN_QUERY:{method:"POST",path:"/payments/bin-query",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_DETAIL:{method:"POST",path:"/payments/payment-detail",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_REFUND:{method:"POST",path:"/payments/refund",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_SAVE_CARD:{method:"POST",path:"/payments/cards/save",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_CARDS:{method:"GET",path:"/payments/cards",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_DELETE_CARD:{method:"DELETE",path:"/payments/cards/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_SYNC_CARDS:{method:"POST",path:"/payments/cards/sync",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_REGISTER_SUB_MERCHANT:{method:"POST",path:"/payments/sub-merchants",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_UPDATE_SUB_MERCHANT:{method:"PUT",path:"/payments/sub-merchants/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_SUB_MERCHANTS:{method:"GET",path:"/payments/sub-merchants",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_GET_SUB_MERCHANT:{method:"GET",path:"/payments/sub-merchants/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_SPLITS:{method:"GET",path:"/payments/splits",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_APPROVE_SPLIT:{method:"POST",path:"/payments/splits/:splitId/approve",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_DISAPPROVE_SPLIT:{method:"POST",path:"/payments/splits/:splitId/disapprove",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_CREATE_PRODUCT:{method:"POST",path:"/payments/products",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_UPDATE_PRODUCT:{method:"PUT",path:"/payments/products/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_PRODUCTS:{method:"GET",path:"/payments/products",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_GET_PRODUCT:{method:"GET",path:"/payments/products/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_ARCHIVE_PRODUCT:{method:"DELETE",path:"/payments/products/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_CREATE_PRICE:{method:"POST",path:"/payments/prices",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_UPDATE_PRICE:{method:"PUT",path:"/payments/prices/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_PRICES:{method:"GET",path:"/payments/prices",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_GET_PRICE:{method:"GET",path:"/payments/prices/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_ARCHIVE_PRICE:{method:"DELETE",path:"/payments/prices/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_CREATE_CUSTOMER:{method:"POST",path:"/payments/customers",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_UPDATE_CUSTOMER:{method:"PUT",path:"/payments/customers/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_CUSTOMERS:{method:"GET",path:"/payments/customers",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_GET_CUSTOMER:{method:"GET",path:"/payments/customers/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_DELETE_CUSTOMER:{method:"DELETE",path:"/payments/customers/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_CREATE_SUBSCRIPTION:{method:"POST",path:"/payments/subscriptions",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_UPDATE_SUBSCRIPTION:{method:"PUT",path:"/payments/subscriptions/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_CANCEL_SUBSCRIPTION:{method:"POST",path:"/payments/subscriptions/:id/cancel",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_SUBSCRIPTIONS:{method:"GET",path:"/payments/subscriptions",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_GET_SUBSCRIPTION:{method:"GET",path:"/payments/subscriptions/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_REPORT_USAGE:{method:"POST",path:"/payments/usage-records",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_USAGE_SUMMARIES:{method:"GET",path:"/payments/usage-records/:subscriptionItemId/summaries",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_CREATE_INVOICE:{method:"POST",path:"/payments/invoices",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_FINALIZE_INVOICE:{method:"POST",path:"/payments/invoices/:id/finalize",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_SEND_INVOICE:{method:"POST",path:"/payments/invoices/:id/send",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_VOID_INVOICE:{method:"POST",path:"/payments/invoices/:id/void",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_PAY_INVOICE:{method:"POST",path:"/payments/invoices/:id/pay",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_INVOICES:{method:"GET",path:"/payments/invoices",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_GET_INVOICE:{method:"GET",path:"/payments/invoices/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_GET_BALANCE:{method:"GET",path:"/payments/balance",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_CREATE_PAYOUT:{method:"POST",path:"/payments/payouts",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_PAYOUTS:{method:"GET",path:"/payments/payouts",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_GET_PAYOUT:{method:"GET",path:"/payments/payouts/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_CANCEL_PAYOUT:{method:"POST",path:"/payments/payouts/:id/cancel",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_CREATE_TRANSFER:{method:"POST",path:"/payments/transfers",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_TRANSFERS:{method:"GET",path:"/payments/transfers",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}},TENANT_ENDPOINTS={TENANT_CHECK_SUBDOMAIN:{method:"GET",path:"/tenants/check-subdomain/:subdomain",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},TENANT_PROVISION:{method:"POST",path:"/tenants/provision",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},TENANT_LIST:{method:"GET",path:"/tenants",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},TENANT_DETAIL:{method:"GET",path:"/tenants/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},TENANT_SUSPEND:{method:"POST",path:"/tenants/:id/suspend",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},TENANT_REACTIVATE:{method:"POST",path:"/tenants/:id/reactivate",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},TENANT_SELF_SIGNUP:{method:"POST",path:"/tenants/self-signup",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0}},DOMAIN_ENDPOINTS={DOMAIN_RESOLVE:{method:"GET",path:"/domains/resolve",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_CREATE_HOSTNAME:{method:"POST",path:"/domains/hostnames",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_LIST_HOSTNAMES:{method:"GET",path:"/domains/hostnames",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_GET_HOSTNAME:{method:"GET",path:"/domains/hostnames/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_HOSTNAME_INSTRUCTIONS:{method:"GET",path:"/domains/hostnames/:id/instructions",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_VERIFY_HOSTNAME:{method:"POST",path:"/domains/hostnames/:id/verify",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_ACTIVATE_HOSTNAME:{method:"POST",path:"/domains/hostnames/:id/activate",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_DISABLE_HOSTNAME:{method:"POST",path:"/domains/hostnames/:id/disable",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_MAKE_PRIMARY:{method:"POST",path:"/domains/hostnames/:id/make-primary",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_REFRESH_HOSTNAME:{method:"POST",path:"/domains/hostnames/:id/refresh-status",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_CREATE_REGISTRATION:{method:"POST",path:"/domains/registrations",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_LIST_REGISTRATIONS:{method:"GET",path:"/domains/registrations",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_GET_REGISTRATION:{method:"GET",path:"/domains/registrations/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_CANCEL_REGISTRATION:{method:"POST",path:"/domains/registrations/:id/cancel",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_TRANSFER_OUT:{method:"POST",path:"/domains/registrations/:id/transfer-out",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}},MARKETPLACE_ENDPOINTS={PAYMENT_MARKETPLACE_RECORD_SPLIT:{method:"POST",path:"/payment/marketplace/splits",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_LIST_SPLITS:{method:"GET",path:"/payment/marketplace/splits",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_BALANCE:{method:"GET",path:"/payment/marketplace/balance/:ownerId",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_RELEASE_RESERVE:{method:"POST",path:"/payment/marketplace/reserves/:id/release",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_GET_SETTLEMENT_POLICY:{method:"GET",path:"/payment/marketplace/settlement-policy",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_UPSERT_SETTLEMENT_POLICY:{method:"POST",path:"/payment/marketplace/settlement-policy",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_REQUEST_PAYOUT:{method:"POST",path:"/payment/marketplace/payout-requests",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_LIST_PAYOUTS:{method:"GET",path:"/payment/marketplace/payout-requests",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_GET_PAYOUT:{method:"GET",path:"/payment/marketplace/payout-requests/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_APPROVE_PAYOUT:{method:"POST",path:"/payment/marketplace/payout-requests/:id/approve",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_REJECT_PAYOUT:{method:"POST",path:"/payment/marketplace/payout-requests/:id/reject",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_OPEN_DISPUTE:{method:"POST",path:"/payment/marketplace/disputes",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_LIST_DISPUTES:{method:"GET",path:"/payment/marketplace/disputes",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_RESOLVE_DISPUTE:{method:"POST",path:"/payment/marketplace/disputes/:id/resolve",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}},COHORT_ENDPOINTS={ADMIN_LIST_COHORTS:{method:"GET",path:"/auth/admin/cohorts",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_GET_COHORT:{method:"GET",path:"/auth/admin/cohorts/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_CREATE_COHORT:{method:"POST",path:"/auth/admin/cohorts",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_UPDATE_COHORT:{method:"PATCH",path:"/auth/admin/cohorts/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_DELETE_COHORT:{method:"DELETE",path:"/auth/admin/cohorts/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_COHORT_BULK_CREATE:{method:"POST",path:"/auth/admin/cohorts/:id/bulk-create",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_COHORT_DEACTIVATE:{method:"POST",path:"/auth/admin/cohorts/:id/deactivate-users",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_COHORT_ACTIVATE:{method:"POST",path:"/auth/admin/cohorts/:id/activate-users",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_COHORT_DELETE_USERS:{method:"POST",path:"/auth/admin/cohorts/:id/delete-users",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_COHORT_EXPORT:{method:"GET",path:"/auth/admin/cohorts/:id/export",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}};var SYSTEM_TABLE_NAMES=["profiles","addresses","phones","files","users","roles","claims","user_roles","role_claims","audit_logs","monitoring_metrics"],systemTables=system_tables_default.tables.filter((t)=>SYSTEM_TABLE_NAMES.includes(t.table_name));function toUpperSnakeCase(str){return str.replace(/([a-z])([A-Z])/g,"$1_$2").replace(/[\s-]+/g,"_").toUpperCase()}function snakeToCamelCase(str){return str.replace(/_([a-z])/g,(_,letter)=>letter.toUpperCase())}function singularize(str){if(str.endsWith("ies"))return`${str.slice(0,-3)}y`;if(str.endsWith("ses"))return`${str.slice(0,-2)}`;if(str.endsWith("s"))return str.slice(0,-1);return str}function generateEntityEndpointKey(tableName,method){let upperName=toUpperSnakeCase(tableName),singularName=toUpperSnakeCase(singularize(tableName));switch(method){case"GET":return`GET_${upperName}`;case"POST":return`ADD_${singularName}`;case"PUT":return`UPDATE_${singularName}`;case"PATCH":return`PATCH_${singularName}`;case"DELETE":return`DELETE_${singularName}`}}function generateBulkEndpointKey(tableName,method){let upperName=toUpperSnakeCase(tableName);switch(method){case"POST":return`BULK_ADD_${upperName}`;case"PUT":return`BULK_UPDATE_${upperName}`;case"DELETE":return`BULK_DELETE_${upperName}`}}function isMethodExcluded(table,method){if(!table.excluded_methods)return!1;let methodMap={GET:"GET",POST:"POST",PUT:"PUT",PATCH:"PATCH",DELETE:"DELETE"};return table.excluded_methods.includes(methodMap[method])}function generateEndpointsFromConfig(config){let endpoints={};for(let table of config.entities){let tableName=table.table_name,basePath=`/${snakeToCamelCase(tableName)}`,sid=table.serviceId;if(!isMethodExcluded(table,"GET")){endpoints[generateEntityEndpointKey(tableName,"GET")]={method:"GET",path:basePath,isPublic:table.is_public?.GET??!1,serviceId:sid,_payload:void 0,_success:void 0,_error:void 0};let singularName=toUpperSnakeCase(singularize(tableName));endpoints[`GET_${singularName}_BY_ID`]={method:"GET",path:`${basePath}/:id`,isPublic:table.is_public?.GET??!1,serviceId:sid,_payload:void 0,_success:void 0,_error:void 0},endpoints[`GET_${toUpperSnakeCase(tableName)}_DISTINCT`]={method:"GET",path:`${basePath}/distinct/:field`,isPublic:table.is_public?.GET??!1,serviceId:sid,_payload:void 0,_success:void 0,_error:void 0}}if(!isMethodExcluded(table,"POST"))endpoints[generateEntityEndpointKey(tableName,"POST")]={method:"POST",path:basePath,isPublic:table.is_public?.POST??!1,isFormData:table.is_form_data,serviceId:sid,_payload:void 0,_success:void 0,_error:void 0};if(!isMethodExcluded(table,"PUT"))endpoints[generateEntityEndpointKey(tableName,"PUT")]={method:"PUT",path:`${basePath}/:id`,isPublic:table.is_public?.PUT??!1,isFormData:table.is_form_data,serviceId:sid,_payload:void 0,_success:void 0,_error:void 0};if(!isMethodExcluded(table,"PATCH"))endpoints[generateEntityEndpointKey(tableName,"PATCH")]={method:"PATCH",path:`${basePath}/:id`,isPublic:table.is_public?.PATCH??!1,serviceId:sid,_payload:void 0,_success:void 0,_error:void 0};if(!isMethodExcluded(table,"DELETE"))endpoints[generateEntityEndpointKey(tableName,"DELETE")]={method:"DELETE",path:`${basePath}/:id`,isPublic:table.is_public?.DELETE??!1,serviceId:sid,_payload:void 0,_success:void 0,_error:void 0};if(table.bulk_endpoints_enabled){if(!isMethodExcluded(table,"POST"))endpoints[generateBulkEndpointKey(tableName,"POST")]={method:"POST",path:`${basePath}/bulk`,isPublic:table.is_public?.POST??!1,serviceId:sid,_payload:void 0,_success:void 0,_error:void 0};if(!isMethodExcluded(table,"PUT"))endpoints[generateBulkEndpointKey(tableName,"PUT")]={method:"PUT",path:`${basePath}/bulk`,isPublic:table.is_public?.PUT??!1,serviceId:sid,_payload:void 0,_success:void 0,_error:void 0};if(!isMethodExcluded(table,"DELETE"))endpoints[generateBulkEndpointKey(tableName,"DELETE")]={method:"DELETE",path:`${basePath}/bulk`,isPublic:table.is_public?.DELETE??!1,serviceId:sid,_payload:void 0,_success:void 0,_error:void 0}}}return endpoints}function generateAuthEndpoints(config){let endpoints={},auth=config.authentication;if(!auth?.enabled)return endpoints;for(let[featureKey,endpointConfig]of Object.entries(AUTH_ENDPOINT_CONFIGS)){let feature=auth[featureKey];if(!feature?.enabled)continue;let feat=feature,baseRoute=feat.route||endpointConfig.defaultRoute,isPublic=feat.isPublic??endpointConfig.defaultIsPublic;if("subEndpoints"in endpointConfig&&endpointConfig.subEndpoints)for(let sub of endpointConfig.subEndpoints){let subRoute="routeKey"in sub&&sub.routeKey&&feature[sub.routeKey]?String(feature[sub.routeKey]):("defaultRoute"in sub)&&sub.defaultRoute?String(sub.defaultRoute):`${baseRoute}${sub.suffix}`;endpoints[sub.key]={method:sub.method,path:subRoute,isPublic:sub.key==="MAGIC_LINK_VERIFY"?!0:isPublic,_payload:sub._payload,_success:sub._success,_error:sub._error}}else if("_payload"in endpointConfig)endpoints[endpointConfig.key]={method:endpointConfig.method,path:baseRoute,isPublic,_payload:endpointConfig._payload,_success:endpointConfig._success,_error:endpointConfig._error}}return endpoints}function generateSystemTableEndpoints(){let endpoints={};for(let table of systemTables){let tableName=table.table_name,basePath=`/${snakeToCamelCase(tableName)}`,isFormData=tableName==="files";endpoints[generateEntityEndpointKey(tableName,"GET")]={method:"GET",path:basePath,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0};let singularName=toUpperSnakeCase(singularize(tableName));if(endpoints[`GET_${singularName}_BY_ID`]={method:"GET",path:`${basePath}/:id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints[generateEntityEndpointKey(tableName,"POST")]={method:"POST",path:basePath,isPublic:!1,isFormData,_payload:void 0,_success:void 0,_error:void 0},endpoints[generateEntityEndpointKey(tableName,"PUT")]={method:"PUT",path:`${basePath}/:id`,isPublic:!1,isFormData,_payload:void 0,_success:void 0,_error:void 0},endpoints[generateEntityEndpointKey(tableName,"PATCH")]={method:"PATCH",path:`${basePath}/:id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints[generateEntityEndpointKey(tableName,"DELETE")]={method:"DELETE",path:`${basePath}/:id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},table.bulk_endpoints_enabled)endpoints[generateBulkEndpointKey(tableName,"POST")]={method:"POST",path:`${basePath}/bulk`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints[generateBulkEndpointKey(tableName,"PUT")]={method:"PUT",path:`${basePath}/bulk`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints[generateBulkEndpointKey(tableName,"DELETE")]={method:"DELETE",path:`${basePath}/bulk`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}}return endpoints}function generateMonitoringEndpoints(config){if(!config.liveMonitoring?.enabled)return{};return{...MONITORING_ENDPOINTS}}function generateAdminEndpoints(config){let endpoints={};if(!config.authentication?.enabled)return endpoints;return endpoints.ADMIN_IMPERSONATE={method:"POST",path:"/auth/admin/impersonate",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.ADMIN_IMPERSONATE_STOP={method:"POST",path:"/auth/admin/impersonate/stop",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.ADMIN_CHANGE_USER_ID={method:"POST",path:"/auth/admin/change-user-id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.ADMIN_CREATE_USER={method:"POST",path:"/auth/admin/create-user",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.ADMIN_HARD_DELETE_USER={method:"DELETE",path:"/auth/admin/hard-delete/:userId",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints}function generateCohortEndpoints(config){let auth=config.authentication;if(!auth?.enabled||!auth.cohorts?.enabled)return{};return{...COHORT_ENDPOINTS}}function generateVerificationEndpoints(config){let endpoints={},verification=config.verification,notification=config.notification;if(!verification?.enabled)return endpoints;let basePath=verification.endpoints?.basePath||"/verifications",flowBasePath=verification.flowEndpoints?.basePath||"/verification-flows",notifBasePath=notification?.endpoints?.basePath||"/notifications";if(endpoints.VERIFICATION_STATUS={method:"GET",path:`${basePath}/status/:entity_name/:entity_id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.VERIFICATION_DECIDE={method:"POST",path:`${basePath}/:entity_name/:entity_id/decide`,isPublic:!1,skipCamelCase:!0,_payload:void 0,_success:void 0,_error:void 0},endpoints.VERIFICATION_PENDING={method:"GET",path:`${basePath}/pending`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.VERIFICATION_HISTORY={method:"GET",path:`${basePath}/history/:entity_name/:entity_id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.VERIFICATION_START={method:"POST",path:`${basePath}/start`,isPublic:!1,skipCamelCase:!0,_payload:void 0,_success:void 0,_error:void 0},endpoints.VERIFICATION_START_FOR_ENTITY={method:"POST",path:`${basePath}/start-for-entity`,isPublic:!1,skipCamelCase:!0,_payload:void 0,_success:void 0,_error:void 0},endpoints.VERIFICATION_ENTITY_STATUSES={method:"GET",path:`${basePath}/statuses/:entity_name`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},verification.flowEndpoints?.enabled)endpoints.FLOW_LIST={method:"GET",path:flowBasePath,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.FLOW_GET={method:"GET",path:`${flowBasePath}/:flow_id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.FLOW_SAVE={method:"POST",path:flowBasePath,isPublic:!1,skipCamelCase:!0,_payload:void 0,_success:void 0,_error:void 0},endpoints.FLOW_PUBLISH={method:"POST",path:`${flowBasePath}/:flow_id/publish`,isPublic:!1,skipCamelCase:!0,_payload:void 0,_success:void 0,_error:void 0},endpoints.FLOW_DELETE={method:"DELETE",path:`${flowBasePath}/:flow_id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0};if(notification?.enabled&&notification.endpoints?.enabled)endpoints.NOTIFICATION_LIST={method:"GET",path:notifBasePath,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.NOTIFICATION_UNSEEN_COUNT={method:"GET",path:`${notifBasePath}/unseen-count`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.NOTIFICATION_MARK_SEEN={method:"POST",path:`${notifBasePath}/:notification_id/seen`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.NOTIFICATION_MARK_ALL_SEEN={method:"POST",path:`${notifBasePath}/seen-all`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0};return endpoints}function generateTenantEndpoints(config){if(!config.database?.isMultiTenant)return{};return{...TENANT_ENDPOINTS}}function generateChatEndpoints(config){if(!config.chat?.enabled)return{};return{...CHAT_ENDPOINTS}}function generateDomainEndpoints(config){if(!config.domains?.enabled)return{};return{...DOMAIN_ENDPOINTS}}function generateMarketplaceEndpoints(config){let payment=config.payment;if(!payment?.enabled||!payment.marketplace?.enabled)return{};return{...MARKETPLACE_ENDPOINTS}}function generateAllEndpoints(config,extraEndpoints){let entityEndpoints=generateEndpointsFromConfig(config),authEndpoints=generateAuthEndpoints(config),adminEndpoints=generateAdminEndpoints(config),cohortEndpoints=generateCohortEndpoints(config),systemEndpoints=generateSystemTableEndpoints(),monitoringEndpoints=generateMonitoringEndpoints(config),verificationEndpoints=generateVerificationEndpoints(config),chatEndpoints=generateChatEndpoints(config),tenantEndpoints=generateTenantEndpoints(config),domainEndpoints=generateDomainEndpoints(config),marketplaceEndpoints=generateMarketplaceEndpoints(config);return{...entityEndpoints,...authEndpoints,...adminEndpoints,...cohortEndpoints,...systemEndpoints,...monitoringEndpoints,...verificationEndpoints,...chatEndpoints,...tenantEndpoints,...domainEndpoints,...marketplaceEndpoints,...extraEndpoints??{}}}init_Logger();import{randomUUID as randomUUID2}from"crypto";var DEFAULT_CONFIG2={timeout:30000,retries:0,retryDelay:1000,debug:!1};class ServerFetch{config;logger;constructor(config={}){this.config={...DEFAULT_CONFIG2,...config},this.logger=new Logger({service:"ServerFetch",prettyPrint:this.config.debug,colorize:this.config.debug,auditEnabled:!1})}buildUrl(url){if(url.startsWith("http://")||url.startsWith("https://"))return url;return this.config.baseUrl?`${this.config.baseUrl}${url}`:url}buildHeaders(customHeaders){let headers=new Headers;if(this.config.defaultHeaders)for(let[key,value]of Object.entries(this.config.defaultHeaders))headers.set(key,value);if(customHeaders)if(customHeaders instanceof Headers)customHeaders.forEach((value,key)=>{headers.set(key,value)});else if(Array.isArray(customHeaders))for(let[key,value]of customHeaders)headers.set(key,value);else for(let[key,value]of Object.entries(customHeaders))headers.set(key,value);return headers}parseResponseHeaders(headers){let result={};if(headers.forEach((value,key)=>{if(key.toLowerCase()==="set-cookie"){let existing=result[key];result[key]=existing?`${existing}, ${value}`:value}else result[key]=value}),typeof headers.getSetCookie==="function"){let setCookies=headers.getSetCookie();if(setCookies.length>0)result["set-cookie"]=setCookies.join(", ")}return result}async executeWithTimeout(promise,timeoutMs,_requestId){let controller=new AbortController,timeoutId=setTimeout(()=>controller.abort(),timeoutMs);try{return await Promise.race([promise,new Promise((_,reject)=>{controller.signal.addEventListener("abort",()=>{reject(Error(`Request timeout after ${timeoutMs}ms`))})})])}finally{clearTimeout(timeoutId)}}async fetch(options){let requestId=randomUUID2(),startTime=performance.now(),url=this.buildUrl(options.url),headers=this.buildHeaders(options.headers),timeout=options.timeout??this.config.timeout??30000,retries=options.retries??this.config.retries??0,retryDelay=options.retryDelay??this.config.retryDelay??1000,body;if(options.body)if(typeof options.body==="object"&&!(options.body instanceof FormData)&&!(options.body instanceof URLSearchParams)&&!(options.body instanceof Blob)&&!(options.body instanceof ArrayBuffer)){if(body=JSON.stringify(options.body),!headers.has("content-type"))headers.set("content-type","application/json")}else body=options.body;this.logger.debug(`[${requestId}] ${options.method} ${url}`,{method:options.method,url,hasBody:!!body});let lastError=null,attempt=0;while(attempt<=retries)try{let response=await this.executeWithTimeout(fetch(url,{method:options.method,headers,body}),timeout,requestId),durationMs2=performance.now()-startTime,responseHeaders=this.parseResponseHeaders(response.headers),rawSetCookies=typeof response.headers.getSetCookie==="function"?response.headers.getSetCookie():[],responseData,errorData,rawText=await response.text();if(rawText)try{let json=JSON.parse(rawText);if(response.ok)responseData=json;else errorData=json}catch{if(!response.ok)errorData={message:rawText||response.statusText}}else if(!response.ok)errorData={message:response.statusText};let result={isSuccess:response.ok,response:responseData,errors:errorData,code:response.status,headers:responseHeaders,rawSetCookies,durationMs:durationMs2,requestId,createdAt:new Date};if(response.ok)this.logger.info(`[${requestId}] ${options.method} ${url} ${response.status}`,{method:options.method,url,statusCode:response.status,durationMs:Math.round(durationMs2)});else this.logger.warn(`[${requestId}] ${options.method} ${url} ${response.status}`,{method:options.method,url,statusCode:response.status,durationMs:Math.round(durationMs2),error:errorData});return result}catch(error){if(lastError=error instanceof Error?error:Error(String(error)),attempt++,attempt<=retries)this.logger.warn(`[${requestId}] Retry ${attempt}/${retries} after error`,{method:options.method,url,error:lastError.message,attempt,retries}),await new Promise((resolve)=>setTimeout(resolve,retryDelay))}let durationMs=performance.now()-startTime;return this.logger.error(`[${requestId}] ${options.method} ${url} failed`,lastError,{method:options.method,url,durationMs:Math.round(durationMs),attempts:attempt}),{isSuccess:!1,response:void 0,errors:{message:lastError?.message||"Unknown error"},code:null,headers:{},rawSetCookies:[],durationMs,requestId,createdAt:new Date}}async get(url,options){return this.fetch({...options,url,method:"GET"})}async post(url,body,options){return this.fetch({...options,url,method:"POST",body})}async put(url,body,options){return this.fetch({...options,url,method:"PUT",body})}async patch(url,body,options){return this.fetch({...options,url,method:"PATCH",body})}async delete(url,options){return this.fetch({...options,url,method:"DELETE"})}}var serverFetch=new ServerFetch;var DEFAULT_TOKEN_NAMES={accessToken:"access_token",refreshToken:"refresh_token",sessionToken:"session_token"};function splitSetCookieHeader(header){let cookies=[],current="";for(let i=0;i<header.length;i++){let char=header[i];if(char===","){let next=header.slice(i+1).trimStart();if(/^[a-zA-Z0-9_-]+=/.test(next)){cookies.push(current.trim()),current="";continue}}current+=char}if(current.trim())cookies.push(current.trim());return cookies}function buildRequestHeaders(headersStore,tokenNames){let headers={},forwardHeaders=["x-forwarded-for","x-real-ip","user-agent","accept-language","x-request-id","x-client-ip","cf-connecting-ip","true-client-ip","x-tenant-id","x-app-origin"];for(let header of forwardHeaders){let value=headersStore.get(header);if(value)headers[header]=value}if(!headers["user-agent"])headers["user-agent"]="Nucleus-ServerAction/1.0";let accessToken=headersStore.get(`x-${tokenNames.accessToken}`),refreshToken=headersStore.get(`x-${tokenNames.refreshToken}`),sessionToken=headersStore.get(`x-${tokenNames.sessionToken}`);if(accessToken)headers[`x-${tokenNames.accessToken}`]=accessToken;if(refreshToken)headers[`x-${tokenNames.refreshToken}`]=refreshToken;if(sessionToken)headers[`x-${tokenNames.sessionToken}`]=sessionToken;let cookieHeader=headersStore.get("cookie");if(cookieHeader)headers.cookie=cookieHeader;return headers}function toCamelCase(str){return str.replace(/_([a-z])/g,(_,c)=>c.toUpperCase())}function convertKeysToCamelCase(obj){let result={};for(let[key,value]of Object.entries(obj)){let camelKey=key.startsWith("_")?key:toCamelCase(key);if(value instanceof Date)result[camelKey]=value.toISOString();else if(value&&typeof value==="object"&&!Array.isArray(value))result[camelKey]=convertKeysToCamelCase(value);else result[camelKey]=value}return result}var JSON_STRINGIFY_KEYS=new Set(["filters","sort","with","searchFields","select","distinctOn"]);function appendQueryParams(url,params){let searchParams=new URLSearchParams;for(let[key,value]of Object.entries(params)){if(value===void 0||value===null)continue;if(JSON_STRINGIFY_KEYS.has(key)&&typeof value==="object"){searchParams.append(key,JSON.stringify(value));continue}if(value instanceof Date)searchParams.append(key,value.toISOString());else if(Array.isArray(value))searchParams.append(key,value.filter((v)=>v!=null).map(String).join(","));else if(typeof value==="object")searchParams.append(key,JSON.stringify(value));else searchParams.append(key,String(value))}let queryString=searchParams.toString();if(!queryString)return url;return url.includes("?")?`${url}&${queryString}`:`${url}?${queryString}`}function createServerFactory(endpoints,config,getCookies,getHeaders){let tokenNames={...DEFAULT_TOKEN_NAMES,...config.tokenNames},serverFetch2=new ServerFetch({baseUrl:config.baseUrl,debug:config.debug,timeout:30000,retries:0});return async function(endpointKey,payload){let endpoint=endpoints[endpointKey];if(!endpoint)return{isSuccess:!1,errors:{message:`Endpoint "${endpointKey}" not found`},code:404};let cookieStore=await getCookies(),headersStore=await getHeaders(),allHeaders={};if(headersStore.forEach((value,key)=>{allHeaders[key]=value}),(endpoint.path.includes("/auth/login")||endpoint.path.includes("/auth/oauth"))&&endpoint.method==="POST")try{cookieStore.delete(tokenNames.accessToken),cookieStore.delete(tokenNames.refreshToken),cookieStore.delete(tokenNames.sessionToken)}catch(_){}let headers=buildRequestHeaders(headersStore,tokenNames),url=endpoint.path,body,pathParamNames=new Set,pathParamRegex=/:([a-zA-Z_][a-zA-Z0-9_]*)/g,paramMatch=pathParamRegex.exec(url);while(paramMatch!==null){if(paramMatch[1])pathParamNames.add(paramMatch[1]);paramMatch=pathParamRegex.exec(url)}if(payload&&typeof payload==="object"&&!(payload instanceof FormData)){let payloadObj=payload;for(let[key,value]of Object.entries(payloadObj))if(value!=null){if(pathParamNames.has(key))url=url.replace(`:${key}`,String(value));else if(key.startsWith("_")&&pathParamNames.has(key.substring(1)))url=url.replace(`:${key.substring(1)}`,String(value));else if(key==="id"&&pathParamNames.has("id"))url=url.replace(":id",String(value))}}if(endpoint.method==="GET"&&payload&&typeof payload==="object"){let queryPayload={...payload};for(let paramName of pathParamNames)delete queryPayload[paramName],delete queryPayload[`_${paramName}`];url=appendQueryParams(url,queryPayload)}else if(payload!==void 0){if(endpoint.isFormData&&payload instanceof FormData)body=payload;else if(Array.isArray(payload)){if(body=payload.map((item)=>item&&typeof item==="object"?convertKeysToCamelCase(item):item),!headers["content-type"])headers["content-type"]="application/json"}else if(body=endpoint.skipCamelCase?payload:convertKeysToCamelCase(payload),!headers["content-type"])headers["content-type"]="application/json"}let response=await serverFetch2.fetch({url,method:endpoint.method,headers,body}),setCookiesToProcess=response.rawSetCookies.length>0?response.rawSetCookies:response.headers["set-cookie"]?splitSetCookieHeader(response.headers["set-cookie"]):[];if(setCookiesToProcess.length>0)try{for(let cookie of setCookiesToProcess){let[nameValue,...options]=cookie.split(";");if(!nameValue)continue;let eqIdx=nameValue.indexOf("=");if(eqIdx===-1)continue;let name=nameValue.substring(0,eqIdx).trim(),value=nameValue.substring(eqIdx+1).trim();if(name&&value){let cookieOptions={};for(let opt of options){let trimmed=opt.trim(),optEqIdx=trimmed.indexOf("="),optName=optEqIdx===-1?trimmed:trimmed.substring(0,optEqIdx),optValue=optEqIdx===-1?void 0:trimmed.substring(optEqIdx+1);if(!optName)continue;let optNameLower=optName.toLowerCase();if(optNameLower==="path")cookieOptions.path=optValue;else if(optNameLower==="domain")cookieOptions.domain=optValue;else if(optNameLower==="max-age")cookieOptions.maxAge=Number(optValue);else if(optNameLower==="expires"&&optValue)cookieOptions.expires=new Date(optValue);else if(optNameLower==="httponly")cookieOptions.httpOnly=!0;else if(optNameLower==="secure")cookieOptions.secure=!0;else if(optNameLower==="samesite")cookieOptions.sameSite=optValue}cookieStore.set(name,value,cookieOptions)}}}catch(cookieError){console.warn("[ServerFactory] Failed to process Set-Cookie headers:",cookieError instanceof Error?cookieError.message:String(cookieError))}let normalizedResponse=response.response;if(response.isSuccess&&normalizedResponse&&typeof normalizedResponse==="object"&&!Array.isArray(normalizedResponse)){let raw=normalizedResponse;if("success"in raw&&!("data"in raw)){let{success,message,error,...rest}=raw;normalizedResponse={success,...message!==void 0?{message}:{},...error!==void 0?{error}:{},...Object.keys(rest).length>0?{data:rest}:{}}}}return{isSuccess:response.isSuccess,data:normalizedResponse,errors:response.errors,code:response.code,message:response.isSuccess?void 0:response.errors?.message}}}import{batch as batch2,createStore as createStore2}from"h-state";var initialState={connection:{status:"disconnected",clientId:null,subscribedTopics:[],error:null,reconnectAttempt:0},events:[],maxEvents:100},{useStore:usePubSubStore}=createStore2(initialState,{setConnectionStatus:(store)=>(status)=>{store.connection.status=status},setClientId:(store)=>(clientId)=>{store.connection.clientId=clientId},setSubscribedTopics:(store)=>(topics)=>{store.connection.subscribedTopics=topics},setError:(store)=>(error)=>{store.connection.error=error},setReconnectAttempt:(store)=>(attempt)=>{store.connection.reconnectAttempt=attempt},addEvent:(store)=>(event)=>{let updated=[event,...store.events];store.events=updated.slice(0,store.maxEvents)},clearEvents:(store)=>()=>{store.events=[]},reset:(store)=>()=>{batch2(()=>{store.connection.status="disconnected",store.connection.clientId=null,store.connection.subscribedTopics=[],store.connection.error=null,store.connection.reconnectAttempt=0,store.events=[]})}});import{useEffect}from"react";function buildWsUrl(config){let path=config.wsPath||"/api/events/subscribe",topics=(config.topics||["*"]).join(","),query=`?userId=${encodeURIComponent(config.userId)}&topics=${encodeURIComponent(topics)}`;if(config.wsUrl)return`${config.wsUrl.replace(/\/$/,"")}${path}${query}`;if(typeof window>"u")return"";return`${window.location.protocol==="https:"?"wss:":"ws:"}//${window.location.host}${path}${query}`}var connections=new Map,eventIdCounter=0;function log(conn,...args){if(conn.options.debug)console.log("[usePubSub]",...args)}function clearTimers(conn){if(conn.heartbeat)clearInterval(conn.heartbeat),conn.heartbeat=null;if(conn.reconnectTimeout)clearTimeout(conn.reconnectTimeout),conn.reconnectTimeout=null}function detachSocket(conn){let ws=conn.ws;if(!ws)return;if(ws.onopen=null,ws.onmessage=null,ws.onerror=null,ws.onclose=null,ws.readyState===WebSocket.OPEN||ws.readyState===WebSocket.CONNECTING)ws.close();conn.ws=null}function startHeartbeat(conn){if(conn.heartbeat)clearInterval(conn.heartbeat);conn.heartbeat=setInterval(()=>{if(conn.ws?.readyState===WebSocket.OPEN)conn.ws.send(JSON.stringify({type:"ping"}))},conn.options.heartbeatInterval)}function scheduleReconnect(conn){if(!conn.options.autoReconnect)return;if(connections.get(conn.url)!==conn)return;if(conn.reconnectAttempt>=conn.options.maxReconnectAttempts){conn.dispatch.setConnectionStatus("disconnected"),conn.dispatch.setError(Error("Max reconnection attempts reached")),log(conn,"Max reconnect attempts reached");return}let delay=Math.min(conn.options.reconnectBaseDelay*2**conn.reconnectAttempt,conn.options.reconnectMaxDelay);if(conn.reconnectAttempt+=1,conn.dispatch.setConnectionStatus("reconnecting"),conn.dispatch.setReconnectAttempt(conn.reconnectAttempt),log(conn,`Reconnecting in ${delay}ms (attempt ${conn.reconnectAttempt})`),conn.reconnectTimeout)clearTimeout(conn.reconnectTimeout);conn.reconnectTimeout=setTimeout(()=>{if(connections.get(conn.url)===conn)openSocket(conn)},delay)}function handleMessage(conn,raw){let message;try{message=JSON.parse(raw)}catch{log(conn,"Failed to parse message");return}switch(message.type){case"connected":conn.reconnectAttempt=0,conn.dispatch.setConnectionStatus("connected"),conn.dispatch.setClientId(message.clientId),conn.dispatch.setSubscribedTopics(message.subscribedTopics),conn.dispatch.setReconnectAttempt(0),conn.dispatch.setError(null),log(conn,"Connected, clientId:",message.clientId);break;case"subscribed":conn.dispatch.setSubscribedTopics(message.topics),log(conn,"Subscribed to:",message.topics);break;case"event":{if(conn.dispatch.addEvent({id:`evt_${Date.now()}_${eventIdCounter++}`,topic:message.topic,data:message.data,timestamp:message.timestamp,receivedAt:Date.now(),messageId:message.messageId,isRedelivery:message.isRedelivery}),message.messageId&&conn.ws?.readyState===WebSocket.OPEN)conn.ws.send(JSON.stringify({type:"ack",messageId:message.messageId}));break}case"pong":break;case"error":conn.dispatch.setError(Error(message.error)),log(conn,"Server error:",message.error);break}}function openSocket(conn){if(conn.ws?.readyState===WebSocket.OPEN||conn.ws?.readyState===WebSocket.CONNECTING)return;detachSocket(conn),conn.dispatch.setConnectionStatus("connecting"),conn.dispatch.setError(null),log(conn,"Connecting to:",conn.url);let ws=new WebSocket(conn.url);conn.ws=ws,ws.onopen=()=>{log(conn,"WebSocket opened"),startHeartbeat(conn)},ws.onmessage=(event)=>handleMessage(conn,event.data),ws.onerror=()=>{log(conn,"WebSocket error"),conn.dispatch.setError(Error("WebSocket connection error"))},ws.onclose=(event)=>{if(log(conn,"WebSocket closed",event.code,event.reason),conn.heartbeat)clearInterval(conn.heartbeat),conn.heartbeat=null;if(conn.dispatch.setConnectionStatus("disconnected"),conn.dispatch.setClientId(null),connections.get(conn.url)===conn&&event.code!==4001)scheduleReconnect(conn)}}function acquire(url,dispatch,options){let conn=connections.get(url);if(!conn)conn={url,ws:null,refCount:0,reconnectAttempt:0,heartbeat:null,reconnectTimeout:null,dispatch,options},connections.set(url,conn);else conn.dispatch=dispatch,conn.options=options;conn.refCount+=1,openSocket(conn)}function release(url){let conn=connections.get(url);if(!conn)return;if(conn.refCount-=1,conn.refCount>0)return;connections.delete(url),clearTimers(conn),detachSocket(conn),conn.dispatch.setConnectionStatus("disconnected"),conn.dispatch.setClientId(null)}function send(url,payload){let ws=connections.get(url)?.ws;if(ws?.readyState===WebSocket.OPEN)ws.send(JSON.stringify(payload))}function usePubSub(config){let store=usePubSubStore(),url=config.userId?buildWsUrl(config):"";return useEffect(()=>{if(!url)return;let dispatch={setConnectionStatus:store.setConnectionStatus,setClientId:store.setClientId,setSubscribedTopics:store.setSubscribedTopics,setError:store.setError,setReconnectAttempt:store.setReconnectAttempt,addEvent:store.addEvent},options={autoReconnect:config.autoReconnect??!0,maxReconnectAttempts:config.maxReconnectAttempts??10,reconnectBaseDelay:config.reconnectBaseDelay??1000,reconnectMaxDelay:config.reconnectMaxDelay??30000,heartbeatInterval:config.heartbeatInterval??30000,debug:config.debug??!1};return acquire(url,dispatch,options),()=>release(url)},[url]),{isConnected:store.connection.status==="connected",isConnecting:store.connection.status==="connecting"||store.connection.status==="reconnecting",clientId:store.connection.clientId,subscribedTopics:store.connection.subscribedTopics,events:store.events,error:store.connection.error,reconnectAttempt:store.connection.reconnectAttempt,connect:()=>{let conn=connections.get(url);if(conn)openSocket(conn)},disconnect:()=>release(url),subscribe:(topics)=>send(url,{type:"subscribe",topics}),unsubscribe:(topics)=>send(url,{type:"unsubscribe",topics}),clearEvents:store.clearEvents,getEventsByTopic:(topic)=>store.events.filter((e)=>e.topic===topic)}}import{createHash as createHash3,randomUUID as randomUUID6}from"crypto";var import_fast_decode_uri_component=__toESM(require_fast_decode_uri_component(),1);import{Elysia,NotFoundError}from"elysia";var fs,path,isBun=typeof Bun<"u"&&!!Bun.file;function getBuiltinModule(){if(fs||(fs=process.getBuiltinModule("fs/promises")),path||(path=process.getBuiltinModule("path")),!path){console.warn("@elysiajs/static require path to be available.");return}return[fs,path]}async function listHTMLFiles(dir){if(fs||getBuiltinModule(),isBun){let glob=new Bun.Glob("**/*.html"),files=[];for await(let file of glob.scan(dir))files.push(path.join(dir,file));return files}return[]}async function listFiles(dir){if(fs||getBuiltinModule(),isBun){let glob=new Bun.Glob("**/*"),files2=[];for await(let file of glob.scan(dir))files2.push(path.join(dir,file));return files2}let files=await fs.readdir(dir).catch(()=>[]);return(await Promise.all(files.map(async(name)=>{let file=dir+path.sep+name,stats=await fs.stat(file).catch(()=>null);return stats?stats.isDirectory()?await listFiles(file):[path.resolve(dir,file)]:[]}))).flat()}function fileExists(path2){return fs||getBuiltinModule(),fs.stat(path2).then(()=>!0,()=>!1)}class LRUCache{constructor(max=250,ttl=10800){this.max=max,this.ttl=ttl,this.map=new Map}get(key){let entry=this.map.get(key);if(entry)return entry[1]<=Date.now()?void this.delete(key):(this.map.delete(key),this.map.set(key,entry),entry[0])}set(key,value){if(this.interval||(this.interval=setInterval(()=>{let now=Date.now();for(let[key2,entry]of this.map)entry[1]<=now&&this.map.delete(key2)},this.ttl)),this.map.has(key))this.map.delete(key);else if(this.map.size>=this.max){let oldestKey=this.map.keys().next().value;oldestKey!==void 0&&this.delete(oldestKey)}this.map.set(key,[value,Date.now()+this.ttl*1000])}delete(key){this.map.get(key)&&this.map.delete(key)}clear(){this.map.clear()}size(){return this.map.size}[Symbol.dispose](){this.interval&&clearInterval(this.interval)}}function isCached(headers,etag,filePath){if(headers["cache-control"]&&/no-cache|no-store/.test(headers["cache-control"]))return!1;if("if-none-match"in headers){let ifNoneMatch=headers["if-none-match"];return ifNoneMatch==="*"?!0:ifNoneMatch===null||typeof etag!="string"?!1:ifNoneMatch===etag}if(headers["if-modified-since"]){let ifModifiedSince=headers["if-modified-since"];try{return fs.stat(filePath).then((stat)=>{if(stat.mtime!==void 0&&stat.mtime.getTime()<=Date.parse(ifModifiedSince))return!0})}catch{}}return!1}var Crypto;function getFile(path2){return isBun?Bun.file(path2):(fs||getBuiltinModule(),fs.readFile(path2))}async function generateETag(file){return isBun?new Bun.CryptoHasher("md5").update(await file.arrayBuffer()).digest("base64"):(Crypto||(Crypto=process.getBuiltinModule("crypto")),Crypto?Crypto.createHash("md5").update(file).digest("base64"):void console.warn("[@elysiajs/static] crypto is required to generate etag."))}var isNotEmpty=(obj)=>{if(!obj)return!1;for(let _ in obj)return!0;return!1};async function staticPlugin({assets="public",prefix="/public",staticLimit=1024,alwaysStatic=!1,ignorePatterns=[".DS_Store",".git",".env"],headers:initialHeaders,maxAge=86400,directive="public",etag:useETag=!0,extension=!0,indexHTML=!0,decodeURI,silent}={}){if(typeof process>"u"||typeof process.getBuiltinModule>"u")return silent||console.warn("[@elysiajs/static] require process.getBuiltinModule. Static plugin is disabled"),new Elysia;let builtinModule=getBuiltinModule();if(!builtinModule)return new Elysia;let[fs2,path2]=builtinModule,normalizePath=path2.sep!=="/"?(p)=>p.replace(/\\/g,"/"):(p)=>p,fileCache=new LRUCache;prefix===path2.sep&&(prefix="");let assetsDir=path2.resolve(assets),shouldIgnore=ignorePatterns.length?(file)=>ignorePatterns.find((pattern)=>typeof pattern=="string"?pattern.includes(file):pattern.test(file)):()=>!1,app=new Elysia({name:"static",seed:prefix});if(alwaysStatic){let files=await listFiles(path2.resolve(assets));if(files.length<=staticLimit)for(let absolutePath of files){let handleCache2=function({headers:requestHeaders}){if(etag){let cached=isCached(requestHeaders,etag,absolutePath);if(cached===!0)return new Response(null,{status:304,headers:isNotEmpty(initialHeaders)?initialHeaders:void 0});if(cached!==!1){let cache2=fileCache.get(pathName);return cache2?cache2.clone():cached.then((cached2)=>{if(cached2)return new Response(null,{status:304,headers:initialHeaders||void 0});let response2=new Response(file,{headers:Object.assign({"Cache-Control":maxAge?`${directive}, max-age=${maxAge}`:directive},initialHeaders,etag?{Etag:etag}:{})});return fileCache.set(prefix,response2),response2.clone()})}}let cache=fileCache.get(pathName);if(cache)return cache.clone();let response=new Response(file,{headers:Object.assign({"Cache-Control":maxAge?`${directive}, max-age=${maxAge}`:directive},initialHeaders,etag?{Etag:etag}:{})});return fileCache.set(pathName,response),response.clone()};var handleCache=handleCache2;if(!absolutePath||shouldIgnore(absolutePath))continue;let relativePath=absolutePath.replace(assetsDir,"");decodeURI&&(relativePath=import_fast_decode_uri_component.default(relativePath)??relativePath);let pathName=normalizePath(path2.join(prefix,relativePath));if(isBun&&absolutePath.endsWith(".html")){let htmlBundle=await import(absolutePath);app.get(pathName,htmlBundle.default),indexHTML&&pathName.endsWith("/index.html")&&app.get(pathName.replace("/index.html",""),htmlBundle.default);continue}extension||(pathName=normalizePath(pathName.slice(0,pathName.lastIndexOf("."))));let file=isBun?getFile(absolutePath):await getFile(absolutePath);if(!file)return silent||console.warn(`[@elysiajs/static] Failed to load file: ${absolutePath}`),new Elysia;let etag=await generateETag(file);app.get(pathName,useETag?handleCache2:new Response(file,isNotEmpty(initialHeaders)?{headers:initialHeaders}:void 0)),indexHTML&&pathName.endsWith("/index.html")&&app.get(pathName.replace("/index.html",""),useETag?handleCache2:new Response(file,isNotEmpty(initialHeaders)?{headers:initialHeaders}:void 0))}return app}if(!(`GET_${prefix}/*`in app.routeTree)){if(isBun){let htmls=await listHTMLFiles(path2.resolve(assets));for(let absolutePath of htmls){if(!absolutePath||shouldIgnore(absolutePath))continue;let relativePath=absolutePath.replace(assetsDir,""),pathName=normalizePath(path2.join(prefix,relativePath)),htmlBundle=await import(absolutePath);app.get(pathName,htmlBundle.default),indexHTML&&pathName.endsWith("/index.html")&&app.get(pathName.replace("/index.html",""),htmlBundle.default)}}app.onError(()=>{}).get(`${prefix.endsWith("/")?prefix.slice(0,-1):prefix}/*`,async({params,headers:requestHeaders})=>{let pathName=normalizePath(path2.join(assets,decodeURI?import_fast_decode_uri_component.default(params["*"])??params["*"]:params["*"]));if(shouldIgnore(pathName))throw new NotFoundError;let cache=fileCache.get(pathName);if(cache)return cache.clone();try{let fileStat=await fs2.stat(pathName).catch(()=>null);if(!fileStat)throw new NotFoundError;if(!indexHTML&&fileStat.isDirectory())throw new NotFoundError;let file;if(!isBun&&indexHTML){let htmlPath=path2.join(pathName,"index.html"),cache2=fileCache.get(htmlPath);if(cache2)return cache2.clone();await fileExists(htmlPath)&&(file=await getFile(htmlPath))}if(!file&&!fileStat.isDirectory()&&await fileExists(pathName))file=await getFile(pathName);else throw new NotFoundError;if(!useETag)return new Response(file,isNotEmpty(initialHeaders)?{headers:initialHeaders}:void 0);let etag=await generateETag(file);if(etag&&await isCached(requestHeaders,etag,pathName))return new Response(null,{status:304});let response=new Response(file,{headers:Object.assign({"Cache-Control":maxAge?`${directive}, max-age=${maxAge}`:directive},initialHeaders,etag?{Etag:etag}:{})});return fileCache.set(pathName,response),response.clone()}catch(error){throw error instanceof NotFoundError?error:(silent||console.error("[@elysiajs/static]",error),new NotFoundError)}})}return app}import{pushSchema}from"drizzle-kit/api";import{and as and19,eq as eq56,lt as lt3,sql as sql11}from"drizzle-orm";import{drizzle as drizzle2}from"drizzle-orm/node-postgres";import{pgSchema as pgSchema2}from"drizzle-orm/pg-core";import Elysia45 from"elysia";function resolveAuthType(pathname,auth){let at=(route)=>pathname===route||pathname.endsWith(route);if(at(auth?.login?.route||"/auth/login"))return"login";if(at(auth?.register?.route||"/auth/register"))return"register";if(at(auth?.passwordReset?.route||"/auth/password-reset"))return"passwordReset";if(at(auth?.magicLink?.route||"/auth/magic-link"))return"magicLink";if(at(auth?.invite?.route||"/auth/invite"))return"other";if(at("/sessions/approve")||at("/sessions/reject"))return"login";return}init_Services();init_ApiKey();init_Captcha();init_Domain();init_Middleware();var SYSTEM_TABLES=[{table_name:"users",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"email",type:"varchar",length:255},{name:"password",type:"varchar",length:255},{name:"verified_at",type:"timestamp"},{name:"email_verification_token",type:"varchar",length:255},{name:"email_verification_token_expires_at",type:"timestamp"},{name:"email_verification_sent_at",type:"timestamp"},{name:"email_verification_attempts",type:"integer",default:0},{name:"last_login_at",type:"timestamp"},{name:"login_count",type:"integer",default:0},{name:"is_locked",type:"boolean",default:!1},{name:"locked_until",type:"timestamp"},{name:"failed_login_attempts",type:"integer",default:0},{name:"is_god",type:"boolean",default:!1},{name:"cohort_id",type:"uuid",references:{table:"user_cohorts",column:"id",onDelete:"set null"}},{name:"email_verified",type:"boolean",default:!1}],indexes:[{columns:["email"],unique:!0},{columns:["email","is_active"]},{columns:["last_login_at"]},{columns:["is_locked","locked_until"]}]},{table_name:"profiles",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"first_name",type:"varchar",length:100,notNull:!0},{name:"last_name",type:"varchar",length:100,notNull:!0}],indexes:[{columns:["user_id"],unique:!0},{columns:["first_name","last_name"]}]},{table_name:"roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500}],indexes:[{columns:["name"],unique:!0}]},{table_name:"claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"action",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500},{name:"path",type:"varchar",length:200,notNull:!0},{name:"method",type:"varchar",length:10,notNull:!0},{name:"policy",type:"jsonb"}],indexes:[{columns:["action"],unique:!0},{columns:["path","method"]}]},{table_name:"user_roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}}],indexes:[{columns:["user_id"]},{columns:["role_id"]}],constraints:{unique:[{name:"unique_user_role",columns:["user_id","role_id"]}]}},{table_name:"role_claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}},{name:"claim_id",type:"uuid",notNull:!0,references:{table:"claims",column:"id",onDelete:"cascade"}},{name:"scope",type:"text"}],indexes:[{columns:["role_id"]},{columns:["claim_id"]},{columns:["role_id","claim_id","scope"]}]},{table_name:"files",feature_set:["storage"],add_base_columns:!0,is_form_data:!0,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:255,notNull:!0},{name:"original_name",type:"varchar",length:255,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["image","document","video","audio","profile_picture"]},{name:"path",type:"varchar",length:500,notNull:!0},{name:"size",type:"bigint",mode:"number",notNull:!0},{name:"mime_type",type:"varchar",length:100,notNull:!0},{name:"extension",type:"varchar",length:10,notNull:!0},{name:"uploaded_by",type:"uuid",references:{table:"users",column:"id"}}],indexes:[{columns:["type"]},{columns:["uploaded_by"]},{columns:["size"]}]},{table_name:"addresses",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"street",type:"varchar",length:255},{name:"city",type:"varchar",length:100},{name:"state",type:"varchar",length:50},{name:"zip",type:"varchar",length:20},{name:"country",type:"varchar",length:50,default:"US"},{name:"latitude",type:"decimal",precision:10,scale:8},{name:"longitude",type:"decimal",precision:11,scale:8},{name:"neighborhood",type:"varchar",length:100},{name:"apartment",type:"varchar",length:50},{name:"province",type:"varchar",length:100},{name:"district",type:"varchar",length:100},{name:"type",type:"varchar",length:50}],indexes:[{columns:["city","state"]},{columns:["latitude","longitude"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"phones",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["mobile","office","fax"]},{name:"number",type:"varchar",length:20,notNull:!0},{name:"country_code",type:"varchar",length:10,notNull:!0,default:"+1"},{name:"extension",type:"varchar",length:10}],indexes:[{columns:["number"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"notifications",feature_set:["notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",notNull:!0},{name:"title",type:"varchar",length:255,notNull:!0},{name:"body",type:"varchar",length:1000},{name:"entity_name",type:"varchar",length:100},{name:"entity_id",type:"uuid"},{name:"type",type:"varchar",length:50,notNull:!0,default:"system",enumValues:["verification","system","custom"]},{name:"source",type:"varchar",length:100},{name:"is_seen",type:"boolean",notNull:!0,default:!1},{name:"seen_at",type:"timestamptz"}],indexes:[{columns:["user_id","created_at"]},{columns:["is_seen"]},{columns:["type"]},{columns:["user_id","type","is_seen"]}]},{table_name:"tenants",feature_set:["multi-tenant"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:[],columns:[{name:"subdomain",type:"varchar",length:100,notNull:!0,unique:!0},{name:"schema_name",type:"varchar",length:100,notNull:!0,unique:!0},{name:"company_id",type:"uuid",notNull:!0},{name:"company_name",type:"varchar",length:255},{name:"god_admin_email",type:"varchar",length:255,notNull:!0},{name:"status",type:"varchar",length:20,notNull:!0,default:"provisioning"},{name:"plan",type:"varchar",length:50,default:"free"},{name:"domain",type:"varchar",length:255},{name:"settings",type:"jsonb",default:"{}"},{name:"trusted_sources",type:"jsonb",default:"[]"},{name:"max_users",type:"integer"},{name:"provisioned_at",type:"timestamptz"},{name:"suspended_at",type:"timestamptz"},{name:"suspended_reason",type:"text"}],indexes:[{columns:["status"]}]},{table_name:"tenant_events",feature_set:["multi-tenant"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"tenant_id",type:"uuid",notNull:!0,references:{table:"tenants",column:"id",onDelete:"cascade"}},{name:"event_type",type:"varchar",length:50,notNull:!0},{name:"event_data",type:"jsonb",default:"{}"},{name:"performed_by",type:"varchar",length:255},{name:"ip_address",type:"varchar",length:45}],indexes:[{columns:["tenant_id"]},{columns:["event_type"]}]},{table_name:"tenant_features",feature_set:["multi-tenant"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:[],columns:[{name:"tenant_id",type:"uuid",notNull:!0,references:{table:"tenants",column:"id",onDelete:"cascade"}},{name:"feature_name",type:"varchar",length:100,notNull:!0},{name:"enabled",type:"boolean",notNull:!0,default:!0},{name:"config",type:"jsonb",default:"{}"}],indexes:[{columns:["tenant_id","feature_name"],unique:!0},{columns:["feature_name"]}]},{table_name:"domain_hostnames",feature_set:["domains"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["PUT"],group_name:"Domains",columns:[{name:"owner_type",type:"varchar",length:20,notNull:!0,default:"tenant",comment:"tenant | organization | user | external"},{name:"owner_id",type:"uuid",notNull:!0,comment:"Product-defined owner reference (e.g. band id, org id)"},{name:"tenant_id",type:"uuid",references:{table:"tenants",column:"id",onDelete:"cascade"},comment:"Tenant this hostname routes to; null for non-tenant owners"},{name:"schema_name",type:"varchar",length:100,comment:"Resolved tenant schema for routing"},{name:"hostname",type:"varchar",length:255,notNull:!0,comment:"Original hostname as entered by the user"},{name:"normalized_hostname",type:"varchar",length:255,notNull:!0,unique:!0,comment:"Lowercased, punycode, port-stripped hostname used for matching"},{name:"hostname_kind",type:"varchar",length:20,notNull:!0,default:"apex",comment:"platform_subdomain | apex | www | subdomain"},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending_verification",comment:"draft | pending_verification | verifying | active | failed | disabled | archived"},{name:"routing_status",type:"varchar",length:20,notNull:!0,default:"inactive",comment:"inactive | pending | active | failed"},{name:"certificate_status",type:"varchar",length:20,notNull:!0,default:"pending",comment:"not_required | pending | active | failed"},{name:"verification_status",type:"varchar",length:20,notNull:!0,default:"pending",comment:"pending | verified | failed | expired"},{name:"provider",type:"varchar",length:30,notNull:!0,default:"manual_dns",comment:"manual_dns | cloudflare_for_saas | cloudflare_registrar"},{name:"provider_hostname_id",type:"varchar",length:255},{name:"dns_target",type:"varchar",length:255,comment:"CNAME / A target the customer must point at"},{name:"is_primary",type:"boolean",notNull:!0,default:!1},{name:"redirect_to_hostname_id",type:"uuid",comment:"When set, this hostname 301-redirects to another hostname (e.g. apex to www)"},{name:"activated_at",type:"timestamptz"},{name:"disabled_at",type:"timestamptz"},{name:"failure_reason",type:"text"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["tenant_id"]},{columns:["schema_name"]},{columns:["status"]},{columns:["owner_type","owner_id"]},{columns:["provider","provider_hostname_id"]}]},{table_name:"domain_registrations",feature_set:["domains"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["PUT"],group_name:"Domains",columns:[{name:"owner_type",type:"varchar",length:20,notNull:!0,default:"tenant"},{name:"owner_id",type:"uuid",notNull:!0},{name:"tenant_id",type:"uuid",references:{table:"tenants",column:"id",onDelete:"set null"}},{name:"requested_domain",type:"varchar",length:255,notNull:!0},{name:"registered_domain",type:"varchar",length:255},{name:"provider",type:"varchar",length:30,notNull:!0,default:"cloudflare_registrar"},{name:"provider_registration_id",type:"varchar",length:255},{name:"registrant_owner_type",type:"varchar",length:20,notNull:!0,default:"customer",comment:"customer | platform"},{name:"registrant_contact_snapshot",type:"jsonb",default:"{}"},{name:"status",type:"varchar",length:30,notNull:!0,default:"draft",comment:"draft | availability_checked | awaiting_payment | registering | active | failed | transfer_requested | transferred_out | cancelled | expired"},{name:"price_amount",type:"numeric",precision:12,scale:2},{name:"currency",type:"varchar",length:10},{name:"renewal_date",type:"timestamptz"},{name:"auto_renew",type:"boolean",notNull:!0,default:!0},{name:"terms_version",type:"varchar",length:50},{name:"terms_accepted_at",type:"timestamptz"},{name:"failure_reason",type:"text"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["owner_type","owner_id"]},{columns:["tenant_id"]},{columns:["status"]}]},{table_name:"domain_verification_challenges",feature_set:["domains"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Domains",columns:[{name:"domain_hostname_id",type:"uuid",notNull:!0,references:{table:"domainHostnames",column:"id",onDelete:"cascade"}},{name:"challenge_type",type:"varchar",length:30,notNull:!0,default:"ownership_validation",comment:"hostname_validation | certificate_validation | ownership_validation"},{name:"record_type",type:"varchar",length:10,notNull:!0,default:"TXT",comment:"TXT | CNAME | A | AAAA | HTTP"},{name:"record_name",type:"varchar",length:255,notNull:!0},{name:"record_value",type:"text",notNull:!0},{name:"expected_target",type:"varchar",length:255},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending",comment:"pending | verified | failed | expired"},{name:"expires_at",type:"timestamptz"},{name:"verified_at",type:"timestamptz"},{name:"failure_reason",type:"text"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["domain_hostname_id"]},{columns:["status"]}]},{table_name:"domain_provider_records",feature_set:["domains"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Domains",columns:[{name:"domain_hostname_id",type:"uuid",notNull:!0,references:{table:"domainHostnames",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:30,notNull:!0},{name:"provider_resource_type",type:"varchar",length:30,notNull:!0,comment:"custom_hostname | certificate | validation | zone | dns_record | registration"},{name:"provider_resource_id",type:"varchar",length:255},{name:"provider_status",type:"varchar",length:50},{name:"last_synced_at",type:"timestamptz"},{name:"raw_status",type:"jsonb",default:"{}"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["domain_hostname_id"]},{columns:["provider","provider_resource_id"]}]},{table_name:"domain_events",feature_set:["domains"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Domains",columns:[{name:"domain_hostname_id",type:"uuid",references:{table:"domainHostnames",column:"id",onDelete:"cascade"}},{name:"domain_registration_id",type:"uuid",references:{table:"domainRegistrations",column:"id",onDelete:"cascade"}},{name:"event_type",type:"varchar",length:50,notNull:!0},{name:"actor_type",type:"varchar",length:20},{name:"actor_id",type:"varchar",length:255},{name:"message",type:"text"},{name:"ip_address",type:"varchar",length:45},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["domain_hostname_id"]},{columns:["event_type"]}]},{table_name:"verifications",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"instance_id",type:"uuid",notNull:!0,references:{table:"verificationInstances",column:"id",onDelete:"cascade"}},{name:"requirement_id",type:"uuid",notNull:!0,references:{table:"verificationRequirements",column:"id"}},{name:"verifier_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"signature_id",type:"uuid",references:{table:"files",column:"id"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"decision",type:"varchar",length:50,notNull:!0,default:"pending",enumValues:["approved","rejected","pending"]},{name:"reason",type:"text"},{name:"diff",type:"jsonb"}],indexes:[{columns:["instance_id"]},{columns:["requirement_id"]},{columns:["verifier_id"]},{columns:["entity_name","entity_id"]},{columns:["entity_name","entity_id","step_order"]},{columns:["decision"]}]},{table_name:"verificationRequirements",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"instance_id",type:"uuid",notNull:!0,references:{table:"verificationInstances",column:"id",onDelete:"cascade"}},{name:"step_node_id",type:"varchar",length:100,notNull:!0},{name:"verifier_node_id",type:"varchar",length:100,notNull:!0},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"verifier_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role"]},{name:"verifier_user_id",type:"uuid"},{name:"verifier_role",type:"varchar",length:100},{name:"require_signature",type:"boolean",notNull:!0,default:!1},{name:"all_must_approve",type:"boolean",notNull:!0,default:!1},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"status",type:"varchar",length:30,notNull:!0,default:"pending",enumValues:["pending","approved","rejected"]}],indexes:[{columns:["instance_id"]},{columns:["instance_id","step_order"]},{columns:["entity_name","entity_id"]},{columns:["verifier_user_id"]},{columns:["status"]}]},{table_name:"verificationFlows",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"trigger_on",type:"varchar",length:50,notNull:!0,default:"update",enumValues:["create","update","delete","manual"]},{name:"trigger_fields",type:"jsonb"},{name:"is_draft",type:"boolean",notNull:!0,default:!0},{name:"published_at",type:"timestamptz"},{name:"viewport",type:"jsonb"}],indexes:[{columns:["entity_name"]},{columns:["entity_name","trigger_on"]},{columns:["is_draft"]}]},{table_name:"verificationSteps",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"node_type",type:"varchar",length:50,notNull:!0,default:"step",enumValues:["step","verifier","notification"]},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"name",type:"varchar",length:255},{name:"description",type:"text"},{name:"position_x",type:"numeric",notNull:!0,default:0},{name:"position_y",type:"numeric",notNull:!0,default:0},{name:"width",type:"numeric"},{name:"height",type:"numeric"},{name:"style",type:"jsonb"},{name:"data",type:"jsonb"}],indexes:[{columns:["flow_id"]},{columns:["entity_name"]},{columns:["flow_id","node_id"],unique:!0},{columns:["entity_name","step_order"]}]},{table_name:"verificationEdges",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"edge_id",type:"varchar",length:100,notNull:!0},{name:"source_node_id",type:"varchar",length:100,notNull:!0},{name:"target_node_id",type:"varchar",length:100,notNull:!0},{name:"source_handle",type:"varchar",length:50},{name:"target_handle",type:"varchar",length:50},{name:"edge_type",type:"varchar",length:50,default:"default",enumValues:["default","conditional","success","failure"]},{name:"label",type:"varchar",length:255},{name:"condition",type:"jsonb"},{name:"style",type:"jsonb"},{name:"animated",type:"boolean",default:!1}],indexes:[{columns:["flow_id"]},{columns:["flow_id","edge_id"],unique:!0},{columns:["source_node_id"]},{columns:["target_node_id"]}]},{table_name:"verificationNotificationRules",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"trigger",type:"varchar",length:50,notNull:!0,enumValues:["on_flow_started","on_step_reached","on_approved","on_rejected","on_flow_completed"]},{name:"title_template",type:"varchar",length:255},{name:"body_template",type:"text"},{name:"starts_at",type:"timestamptz"},{name:"expires_at",type:"timestamptz"}],indexes:[{columns:["flow_id"]},{columns:["flow_id","node_id"],unique:!0},{columns:["trigger"]}]},{table_name:"verificationNotificationRecipients",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"rule_id",type:"uuid",notNull:!0,references:{table:"verificationNotificationRules",column:"id",onDelete:"cascade"}},{name:"recipient_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role","all_verifiers","step_verifier","entity_creator"]},{name:"recipient_user_id",type:"uuid"},{name:"recipient_role",type:"varchar",length:100}],indexes:[{columns:["rule_id"]},{columns:["recipient_type"]}]},{table_name:"verificationVerifierConfigs",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"verifier_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role"]},{name:"verifier_user_id",type:"uuid"},{name:"verifier_role",type:"varchar",length:100},{name:"require_signature",type:"boolean",notNull:!0,default:!1},{name:"all_must_approve",type:"boolean",notNull:!0,default:!1}],indexes:[{columns:["flow_id"]},{columns:["flow_id","node_id"],unique:!0},{columns:["verifier_type"]}]},{table_name:"verificationInstances",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"started_by",type:"uuid",references:{table:"users",column:"id"}},{name:"status",type:"varchar",length:30,notNull:!0,default:"active",enumValues:["active","completed","rejected","cancelled"]},{name:"current_step_order",type:"integer",notNull:!0,default:1},{name:"started_at",type:"timestamptz",notNull:!0,defaultRaw:"now()"},{name:"completed_at",type:"timestamptz"}],indexes:[{columns:["flow_id"]},{columns:["entity_name","entity_id"]},{columns:["entity_name","entity_id","status"]},{columns:["status"]},{columns:["started_by"]}]},{table_name:"verificationNotificationChannels",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"rule_id",type:"uuid",notNull:!0,references:{table:"verificationNotificationRules",column:"id",onDelete:"cascade"}},{name:"channel",type:"varchar",length:30,notNull:!0,enumValues:["portal","email","sms","telegram","webhook"]}],indexes:[{columns:["rule_id"]},{columns:["rule_id","channel"],unique:!0},{columns:["channel"]}]},{table_name:"user_cohorts",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"created_by",type:"uuid",references:{table:"users",column:"id",onDelete:"set null"}},{name:"expires_at",type:"timestamptz"},{name:"user_count",type:"integer",notNull:!0,default:0},{name:"metadata",type:"jsonb",default:"{}"}]},{table_name:"user_sessions",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"refresh_token_hash",type:"varchar",length:255},{name:"device_fingerprint",type:"varchar",length:255},{name:"device_name",type:"varchar",length:100},{name:"device_type",type:"varchar",length:50,enumValues:["desktop","mobile","tablet","unknown"]},{name:"browser_name",type:"varchar",length:50},{name:"browser_version",type:"varchar",length:20},{name:"os_name",type:"varchar",length:50},{name:"os_version",type:"varchar",length:20},{name:"ip_address",type:"varchar",length:45,notNull:!0},{name:"location_country",type:"varchar",length:100},{name:"location_city",type:"varchar",length:100},{name:"location_coordinates",type:"varchar",length:50},{name:"last_activity_at",type:"timestamptz",notNull:!0,defaultRaw:"now()"},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"revoked_at",type:"timestamptz"},{name:"revoked_reason",type:"varchar",length:100,enumValues:["user_logout","user_revoked","admin_revoked","security_concern","password_changed","expired","replaced"]},{name:"is_current",type:"boolean",notNull:!0,default:!1},{name:"login_method",type:"varchar",length:50,enumValues:["password","oauth_google","oauth_github","oauth_microsoft","magic_link","sso","api_key"]},{name:"remember_me",type:"boolean",notNull:!0,default:!1},{name:"trust_score",type:"integer",default:100},{name:"approval_status",type:"varchar",length:20,default:"approved",enumValues:["approved","pending","rejected"]},{name:"approval_token",type:"varchar",length:64},{name:"approval_requested_at",type:"timestamptz"},{name:"approval_responded_at",type:"timestamptz"}],indexes:[{columns:["user_id"]},{columns:["token_hash"],unique:!0},{columns:["refresh_token_hash"]},{columns:["user_id","is_active"]},{columns:["expires_at"]},{columns:["device_fingerprint"]},{columns:["ip_address"]},{columns:["last_activity_at"]},{columns:["approval_status"]},{columns:["approval_token"]}]},{table_name:"trusted_devices",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:64,notNull:!0},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending",enumValues:["pending","trusted","revoked"]},{name:"origin_session_id",type:"uuid"},{name:"label",type:"varchar",length:120},{name:"device_fingerprint",type:"varchar",length:255},{name:"first_seen_ip",type:"varchar",length:45},{name:"last_seen_ip",type:"varchar",length:45},{name:"last_seen_at",type:"timestamptz"},{name:"expires_at",type:"timestamptz"},{name:"revoked_at",type:"timestamptz"},{name:"revoked_reason",type:"varchar",length:30,enumValues:["user_revoked","password_reset","logout","admin_revoked","expired","replaced"]}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["user_id","status"]},{columns:["origin_session_id"]},{columns:["expires_at"]}]},{table_name:"password_reset_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",requires:["email"],available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["expires_at"]}]},{table_name:"magic_link_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",requires:["email"],available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"email",type:"varchar",length:255,notNull:!0},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["email"]},{columns:["expires_at"]}]},{table_name:"webauthn_credentials",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",requires:[],available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"credential_id",type:"text",notNull:!0},{name:"public_key",type:"text",notNull:!0},{name:"counter",type:"bigint",mode:"number",notNull:!0,defaultValue:0},{name:"transports",type:"jsonb"},{name:"device_type",type:"varchar",length:32},{name:"backed_up",type:"boolean",notNull:!0,defaultValue:!1},{name:"aaguid",type:"varchar",length:64},{name:"authenticator_attachment",type:"varchar",length:32},{name:"nickname",type:"varchar",length:128},{name:"last_used_at",type:"timestamptz"},{name:"revoked_at",type:"timestamptz"}],indexes:[{columns:["credential_id"],unique:!0},{columns:["user_id"]}]},{table_name:"webauthn_challenges",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",requires:[],available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE","GET"],columns:[{name:"user_id",type:"uuid",references:{table:"users",column:"id",onDelete:"cascade"}},{name:"challenge",type:"text",notNull:!0},{name:"challenge_type",type:"varchar",length:32,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"consumed_at",type:"timestamptz"}],indexes:[{columns:["challenge"],unique:!0},{columns:["user_id"]},{columns:["expires_at"]}]},{table_name:"audit_logs",feature_set:["audit"],add_base_columns:!1,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","DELETE","PATCH","TOGGLE","VERIFICATION"],columns:[{name:"id",type:"uuid",primaryKey:!0,defaultRaw:"gen_random_uuid()"},{name:"entity_id",type:"uuid"},{name:"entity_name",type:"text",notNull:!0},{name:"operation_type",type:"text",notNull:!0},{name:"user_id",type:"uuid"},{name:"ip_address",type:"text"},{name:"user_agent",type:"text"},{name:"summary",type:"text"},{name:"severity",type:"text",default:"info"},{name:"category",type:"text"},{name:"occurrence_count",type:"integer",default:1},{name:"last_occurrence_at",type:"timestamp"},{name:"old_values",type:"jsonb"},{name:"new_values",type:"jsonb"},{name:"created_at",type:"timestamp",notNull:!0,defaultRaw:"now()"},{name:"path",type:"text"},{name:"query",type:"text"}],indexes:[{columns:["entity_id"]},{columns:["entity_name"]},{columns:["user_id"]},{columns:["created_at"]},{columns:["severity"]},{columns:["category"]}]},{table_name:"monitoring_metrics",feature_set:["monitoring"],add_base_columns:!1,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","DELETE","PATCH","TOGGLE","VERIFICATION"],columns:[{name:"id",type:"uuid",primaryKey:!0,defaultRaw:"gen_random_uuid()"},{name:"metric_type",type:"text",notNull:!0},{name:"metric_name",type:"text",notNull:!0},{name:"value",type:"doublePrecision",notNull:!0},{name:"tags",type:"jsonb"},{name:"recorded_at",type:"timestamp",notNull:!0}],indexes:[{columns:["metric_type"]},{columns:["metric_name"]},{columns:["recorded_at"]}]},{table_name:"oauth_accounts",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!1,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:50,notNull:!0,enumValues:["google","github","microsoft","discord","facebook","twitter","apple","custom"]},{name:"provider_account_id",type:"varchar",length:255,notNull:!0},{name:"provider_email",type:"varchar",length:255},{name:"provider_name",type:"varchar",length:255},{name:"provider_avatar_url",type:"text"},{name:"access_token",type:"text"},{name:"refresh_token",type:"text"},{name:"token_expires_at",type:"timestamp"},{name:"scope",type:"text"},{name:"raw_profile",type:"jsonb"},{name:"is_primary",type:"boolean",notNull:!0,default:!1},{name:"last_used_at",type:"timestamp"}],indexes:[{columns:["user_id"]},{columns:["provider","provider_account_id"],unique:!0},{columns:["provider_email"]},{columns:["user_id","provider"]}],constraints:{unique:[{name:"unique_provider_account",columns:["provider","provider_account_id"]}]}},{table_name:"api_keys",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH"],bulk_endpoints_enabled:!1,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"key_hash",type:"varchar",length:255,notNull:!0},{name:"key_preview",type:"varchar",length:20,notNull:!0},{name:"owner_type",type:"varchar",length:30,notNull:!0,default:"personal",enumValues:["personal","application"]},{name:"application_name",type:"varchar",length:255},{name:"allowed_roles",type:"jsonb",notNull:!0,default:"[]"},{name:"allowed_claims",type:"jsonb",notNull:!0,default:"[]"},{name:"allowed_scopes",type:"jsonb",notNull:!0,default:"[]"},{name:"expires_at",type:"timestamptz"},{name:"last_used_at",type:"timestamptz"},{name:"last_used_ip",type:"varchar",length:45},{name:"usage_count",type:"integer",notNull:!0,default:0},{name:"revoked_at",type:"timestamptz"},{name:"revoked_reason",type:"varchar",length:255}],indexes:[{columns:["key_hash"],unique:!0},{columns:["user_id"]},{columns:["user_id","is_active"]},{columns:["owner_type"]},{columns:["expires_at"]},{columns:["last_used_at"]}]},{table_name:"backup_logs",feature_set:["backup"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main","all"],excluded_schemas:[],excluded_methods:["PUT","PATCH"],columns:[{name:"backup_name",type:"varchar",length:255,notNull:!0},{name:"file_name",type:"varchar",length:500,notNull:!0},{name:"schema_name",type:"varchar",length:100,notNull:!0},{name:"format",type:"varchar",length:20,notNull:!0,default:"json"},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending"},{name:"trigger",type:"varchar",length:20,notNull:!0,default:"manual"},{name:"size_bytes",type:"integer"},{name:"table_count",type:"integer"},{name:"row_count",type:"integer"},{name:"included_tables",type:"jsonb",default:"[]"},{name:"excluded_tables",type:"jsonb",default:"[]"},{name:"error_message",type:"text"},{name:"started_at",type:"timestamp"},{name:"completed_at",type:"timestamp"},{name:"performed_by",type:"varchar",length:255},{name:"cron_expression",type:"varchar",length:100},{name:"retention_days",type:"integer"}],indexes:[{columns:["schema_name"]},{columns:["status"]},{columns:["trigger"]},{columns:["created_at"]}]},{table_name:"payment_transactions",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["DELETE"],columns:[{name:"user_id",type:"uuid",references:{table:"users",column:"id"}},{name:"order_id",type:"varchar",length:255},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_transaction_id",type:"varchar",length:255},{name:"provider_payment_id",type:"varchar",length:255},{name:"payment_method",type:"varchar",length:50},{name:"amount",type:"numeric",precision:12,scale:2,notNull:!0,default:0},{name:"currency",type:"varchar",length:10,notNull:!0,default:"TRY"},{name:"status",type:"varchar",length:30,notNull:!0,default:"pending",enumValues:["pending","processing","completed","failed","refunded","partially_refunded","cancelled"]},{name:"status_code",type:"integer"},{name:"status_message",type:"text"},{name:"card_last_four",type:"varchar",length:4},{name:"card_type",type:"varchar",length:50},{name:"card_association",type:"varchar",length:50},{name:"installment",type:"integer",default:1},{name:"is_three_d_secure",type:"boolean",default:!1},{name:"provider_response",type:"jsonb",default:"{}"},{name:"metadata",type:"jsonb",default:"{}"},{name:"refunded_amount",type:"numeric",precision:12,scale:2,default:0},{name:"refunded_at",type:"timestamptz"},{name:"completed_at",type:"timestamptz"},{name:"failed_at",type:"timestamptz"},{name:"ip_address",type:"varchar",length:45}],indexes:[{columns:["user_id"]},{columns:["order_id"]},{columns:["provider"]},{columns:["provider_payment_id"]},{columns:["status"]},{columns:["user_id","status"]}]},{table_name:"payment_methods",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"type",type:"varchar",length:30,notNull:!0,default:"card",enumValues:["card","bank_account","wallet"]},{name:"alias",type:"varchar",length:100},{name:"card_last_four",type:"varchar",length:4},{name:"card_type",type:"varchar",length:50},{name:"card_association",type:"varchar",length:50},{name:"card_family",type:"varchar",length:100},{name:"card_bank_name",type:"varchar",length:100},{name:"provider_card_user_key",type:"varchar",length:255},{name:"provider_card_token",type:"varchar",length:255},{name:"bin_number",type:"varchar",length:8},{name:"is_default",type:"boolean",default:!1},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["user_id"]},{columns:["provider"]},{columns:["user_id","is_default"]},{columns:["provider_card_user_key"]}]},{table_name:"payment_webhook_logs",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["PUT","PATCH","DELETE"],columns:[{name:"provider",type:"varchar",length:50,notNull:!0},{name:"event_type",type:"varchar",length:100,notNull:!0},{name:"provider_payment_id",type:"varchar",length:255},{name:"raw_payload",type:"jsonb",notNull:!0},{name:"processed",type:"boolean",default:!1},{name:"processing_result",type:"jsonb"},{name:"error_message",type:"text"},{name:"ip_address",type:"varchar",length:45},{name:"idempotency_key",type:"varchar",length:255}],indexes:[{columns:["provider"]},{columns:["event_type"]},{columns:["provider_payment_id"]},{columns:["processed"]},{columns:["idempotency_key"],unique:!0}]},{table_name:"payment_sub_merchants",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",references:{table:"users",column:"id"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_sub_merchant_key",type:"varchar",length:255},{name:"external_id",type:"varchar",length:255},{name:"type",type:"varchar",length:50,notNull:!0,default:"personal",enumValues:["personal","private_company","limited_or_joint_stock_company"]},{name:"status",type:"varchar",length:30,notNull:!0,default:"pending",enumValues:["pending","active","suspended","rejected"]},{name:"name",type:"varchar",length:255,notNull:!0},{name:"email",type:"varchar",length:255,notNull:!0},{name:"gsm_number",type:"varchar",length:20},{name:"address",type:"text"},{name:"iban",type:"varchar",length:50},{name:"contact_name",type:"varchar",length:100},{name:"contact_surname",type:"varchar",length:100},{name:"identity_number",type:"varchar",length:20},{name:"tax_office",type:"varchar",length:100},{name:"tax_number",type:"varchar",length:20},{name:"legal_company_title",type:"varchar",length:255},{name:"currency",type:"varchar",length:10,default:"TRY"},{name:"commission_rate",type:"numeric",precision:5,scale:2,default:0},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["user_id"]},{columns:["provider"]},{columns:["provider_sub_merchant_key"]},{columns:["external_id"]},{columns:["status"]},{columns:["email"]}]},{table_name:"payment_commission_splits",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["DELETE"],columns:[{name:"transaction_id",type:"uuid",notNull:!0,references:{table:"payment_transactions",column:"id",onDelete:"cascade"}},{name:"sub_merchant_id",type:"uuid",notNull:!0,references:{table:"payment_sub_merchants",column:"id"}},{name:"basket_item_id",type:"varchar",length:255},{name:"item_price",type:"numeric",precision:12,scale:2,notNull:!0,default:0},{name:"sub_merchant_price",type:"numeric",precision:12,scale:2,notNull:!0,default:0},{name:"platform_commission",type:"numeric",precision:12,scale:2,notNull:!0,default:0},{name:"commission_rate",type:"numeric",precision:5,scale:2,default:0},{name:"provider_split_id",type:"varchar",length:255},{name:"currency",type:"varchar",length:10,notNull:!0,default:"TRY"},{name:"status",type:"varchar",length:30,notNull:!0,default:"pending",enumValues:["pending","approved","disapproved","refunded"]},{name:"approved_at",type:"timestamptz"},{name:"disapproved_at",type:"timestamptz"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["transaction_id"]},{columns:["sub_merchant_id"]},{columns:["status"]},{columns:["transaction_id","sub_merchant_id"]},{columns:["provider_split_id"]}]},{table_name:"payment_products",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_product_id",type:"varchar",length:255},{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"type",type:"varchar",length:30,default:"service",enumValues:["service","good"]},{name:"status",type:"varchar",length:30,notNull:!0,default:"active",enumValues:["active","archived","draft"]},{name:"images",type:"jsonb",default:"[]"},{name:"unit_label",type:"varchar",length:50},{name:"url",type:"varchar",length:500},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["provider"]},{columns:["provider_product_id"]},{columns:["name"]},{columns:["status"]},{columns:["type"]}]},{table_name:"payment_prices",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["DELETE"],columns:[{name:"product_id",type:"uuid",notNull:!0,references:{table:"payment_products",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_price_id",type:"varchar",length:255},{name:"currency",type:"varchar",length:10,notNull:!0,default:"USD"},{name:"unit_amount",type:"integer",notNull:!0,default:0},{name:"unit_amount_decimal",type:"varchar",length:30},{name:"type",type:"varchar",length:30,notNull:!0,default:"one_time",enumValues:["one_time","recurring"]},{name:"billing_scheme",type:"varchar",length:30,default:"per_unit",enumValues:["per_unit","tiered"]},{name:"nickname",type:"varchar",length:255},{name:"recurring_interval",type:"varchar",length:20,enumValues:["day","week","month","year"]},{name:"recurring_interval_count",type:"integer",default:1},{name:"recurring_usage_type",type:"varchar",length:20,default:"licensed",enumValues:["licensed","metered"]},{name:"recurring_aggregate_usage",type:"varchar",length:30,enumValues:["sum","last_during_period","last_ever","max"]},{name:"transform_quantity_divide_by",type:"integer"},{name:"transform_quantity_round",type:"varchar",length:10,enumValues:["up","down"]},{name:"status",type:"varchar",length:30,notNull:!0,default:"active",enumValues:["active","archived"]},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["product_id"]},{columns:["provider"]},{columns:["provider_price_id"]},{columns:["type"]},{columns:["currency"]},{columns:["status"]},{columns:["product_id","status"]}]},{table_name:"payment_customers",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",references:{table:"users",column:"id"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_customer_id",type:"varchar",length:255,notNull:!0},{name:"email",type:"varchar",length:255,notNull:!0},{name:"name",type:"varchar",length:255},{name:"phone",type:"varchar",length:50},{name:"description",type:"text"},{name:"address",type:"jsonb",default:"{}"},{name:"tax_id_type",type:"varchar",length:50},{name:"tax_id_value",type:"varchar",length:100},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["user_id"]},{columns:["provider"]},{columns:["provider_customer_id"]},{columns:["email"]},{columns:["user_id","provider"],unique:!0}]},{table_name:"payment_subscriptions",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["DELETE"],columns:[{name:"customer_id",type:"uuid",notNull:!0,references:{table:"payment_customers",column:"id"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_subscription_id",type:"varchar",length:255},{name:"status",type:"varchar",length:30,notNull:!0,default:"incomplete",enumValues:["active","past_due","unpaid","canceled","incomplete","incomplete_expired","trialing","paused"]},{name:"collection_method",type:"varchar",length:30,default:"charge_automatically",enumValues:["charge_automatically","send_invoice"]},{name:"current_period_start",type:"timestamptz"},{name:"current_period_end",type:"timestamptz"},{name:"cancel_at_period_end",type:"boolean",default:!1},{name:"canceled_at",type:"timestamptz"},{name:"trial_start",type:"timestamptz"},{name:"trial_end",type:"timestamptz"},{name:"items",type:"jsonb",default:"[]"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["customer_id"]},{columns:["provider"]},{columns:["provider_subscription_id"]},{columns:["status"]},{columns:["customer_id","status"]}]},{table_name:"payment_invoices",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["DELETE"],columns:[{name:"customer_id",type:"uuid",notNull:!0,references:{table:"payment_customers",column:"id"}},{name:"subscription_id",type:"uuid",references:{table:"payment_subscriptions",column:"id"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_invoice_id",type:"varchar",length:255},{name:"status",type:"varchar",length:30,notNull:!0,default:"draft",enumValues:["draft","open","paid","uncollectible","void"]},{name:"collection_method",type:"varchar",length:30,default:"charge_automatically",enumValues:["charge_automatically","send_invoice"]},{name:"currency",type:"varchar",length:10,notNull:!0,default:"USD"},{name:"amount_due",type:"integer",default:0},{name:"amount_paid",type:"integer",default:0},{name:"amount_remaining",type:"integer",default:0},{name:"description",type:"text"},{name:"hosted_invoice_url",type:"varchar",length:1000},{name:"invoice_pdf",type:"varchar",length:1000},{name:"due_date",type:"timestamptz"},{name:"days_until_due",type:"integer"},{name:"period_start",type:"timestamptz"},{name:"period_end",type:"timestamptz"},{name:"paid_at",type:"timestamptz"},{name:"voided_at",type:"timestamptz"},{name:"lines",type:"jsonb",default:"[]"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["customer_id"]},{columns:["subscription_id"]},{columns:["provider"]},{columns:["provider_invoice_id"]},{columns:["status"]},{columns:["customer_id","status"]}]},{table_name:"chat_conversations",feature_set:["authentication","chat"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"type",type:"varchar",length:20,notNull:!0,default:"direct",enumValues:["direct","group"]},{name:"title",type:"varchar",length:255},{name:"description",type:"text"},{name:"avatar_file_id",type:"uuid"},{name:"direct_key",type:"varchar",length:255},{name:"last_message_at",type:"timestamptz"},{name:"last_message_preview",type:"varchar",length:500},{name:"last_message_sender_id",type:"uuid",references:{table:"users",column:"id",onDelete:"set null"}}],indexes:[{columns:["direct_key"],unique:!0},{columns:["type"]},{columns:["last_message_at"]}]},{table_name:"chat_participants",feature_set:["authentication","chat"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"conversation_id",type:"uuid",notNull:!0,references:{table:"chat_conversations",column:"id",onDelete:"cascade"}},{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"role",type:"varchar",length:20,notNull:!0,default:"member",enumValues:["member","admin","owner"]},{name:"last_read_message_id",type:"uuid"},{name:"last_read_at",type:"timestamptz"},{name:"unread_count",type:"integer",notNull:!0,default:0},{name:"muted",type:"boolean",notNull:!0,default:!1},{name:"muted_until",type:"timestamptz"},{name:"notifications_enabled",type:"boolean",notNull:!0,default:!0},{name:"left_at",type:"timestamptz"}],indexes:[{columns:["user_id"]},{columns:["conversation_id"]}],constraints:{unique:[{name:"unique_conversation_participant",columns:["conversation_id","user_id"]}]}},{table_name:"chat_messages",feature_set:["authentication","chat"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"conversation_id",type:"uuid",notNull:!0,references:{table:"chat_conversations",column:"id",onDelete:"cascade"}},{name:"sender_id",type:"uuid",references:{table:"users",column:"id",onDelete:"set null"}},{name:"content",type:"text"},{name:"content_type",type:"varchar",length:20,notNull:!0,default:"text",enumValues:["text","image","file","video","audio","system"]},{name:"reply_to_id",type:"uuid",references:{table:"chat_messages",column:"id",onDelete:"set null"}},{name:"metadata",type:"jsonb",default:"{}"},{name:"client_message_id",type:"varchar",length:100},{name:"edited_at",type:"timestamptz"},{name:"deleted_at",type:"timestamptz"}],indexes:[{columns:["conversation_id","created_at"]},{columns:["sender_id"]},{columns:["reply_to_id"]}]},{table_name:"chat_message_attachments",feature_set:["authentication","chat","storage"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"message_id",type:"uuid",notNull:!0,references:{table:"chat_messages",column:"id",onDelete:"cascade"}},{name:"conversation_id",type:"uuid",notNull:!0,references:{table:"chat_conversations",column:"id",onDelete:"cascade"}},{name:"file_id",type:"uuid",notNull:!0,references:{table:"files",column:"id",onDelete:"cascade"}},{name:"kind",type:"varchar",length:20,notNull:!0,default:"file",enumValues:["image","video","audio","file"]},{name:"original_name",type:"varchar",length:255},{name:"mime_type",type:"varchar",length:100},{name:"size",type:"bigint",mode:"number"},{name:"width",type:"integer"},{name:"height",type:"integer"},{name:"duration",type:"integer"}],indexes:[{columns:["message_id"]},{columns:["conversation_id"]},{columns:["file_id"]}]},{table_name:"payment_splits",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Payments Marketplace",columns:[{name:"transaction_id",type:"uuid",references:{table:"paymentTransactions",column:"id",onDelete:"set null"}},{name:"recipient_owner_type",type:"varchar",length:20,notNull:!0,default:"seller",comment:"seller | platform | tenant | user"},{name:"recipient_owner_id",type:"uuid",notNull:!0},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"gross_amount",type:"bigint",mode:"number",notNull:!0,comment:"Minor units"},{name:"provider_fee_amount",type:"bigint",mode:"number",notNull:!0,default:0},{name:"platform_fee_amount",type:"bigint",mode:"number",notNull:!0,default:0},{name:"reserve_amount",type:"bigint",mode:"number",notNull:!0,default:0},{name:"net_payable_amount",type:"bigint",mode:"number",notNull:!0},{name:"currency",type:"varchar",length:10,notNull:!0},{name:"available_for_payout_at",type:"timestamptz"},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending",comment:"pending | available | payout_requested | paid | held | refunded | disputed | cancelled"},{name:"source_type",type:"varchar",length:50},{name:"source_id",type:"varchar",length:255},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["recipient_owner_type","recipient_owner_id"]},{columns:["status"]},{columns:["transaction_id"]}]},{table_name:"payment_ledger_entries",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Payments Marketplace",columns:[{name:"account",type:"varchar",length:40,notNull:!0,comment:"platform_revenue | provider_fee | seller_payable | reserve | refund_liability | dispute_liability | payout_in_transit | payout_completed"},{name:"owner_type",type:"varchar",length:20},{name:"owner_id",type:"uuid"},{name:"direction",type:"varchar",length:6,notNull:!0,comment:"debit | credit"},{name:"amount",type:"bigint",mode:"number",notNull:!0,comment:"Minor units"},{name:"currency",type:"varchar",length:10,notNull:!0},{name:"entry_type",type:"varchar",length:40,notNull:!0,comment:"split | refund | payout | reserve_hold | reserve_release | dispute | adjustment"},{name:"reference_type",type:"varchar",length:50},{name:"reference_id",type:"varchar",length:255},{name:"split_id",type:"uuid",references:{table:"paymentSplits",column:"id",onDelete:"set null"}},{name:"description",type:"text"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["account"]},{columns:["owner_type","owner_id"]},{columns:["entry_type"]},{columns:["reference_type","reference_id"]}]},{table_name:"payment_settlement_policies",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],group_name:"Payments Marketplace",columns:[{name:"owner_type",type:"varchar",length:20,notNull:!0,default:"tenant",comment:"tenant | seller"},{name:"owner_id",type:"uuid",notNull:!0},{name:"default_delay_days",type:"integer",notNull:!0,default:7},{name:"new_seller_delay_days",type:"integer",notNull:!0,default:14},{name:"reserve_rate",type:"numeric",precision:5,scale:4,notNull:!0,default:0,comment:"Fraction 0..1 held as reserve"},{name:"reserve_days",type:"integer",notNull:!0,default:0},{name:"minimum_payout_amount",type:"bigint",mode:"number",notNull:!0,default:0},{name:"currency",type:"varchar",length:10},{name:"early_payout_enabled",type:"boolean",notNull:!0,default:!1},{name:"status",type:"varchar",length:20,notNull:!0,default:"active"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["owner_type","owner_id"],unique:!0}]},{table_name:"payment_reserves",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Payments Marketplace",columns:[{name:"owner_type",type:"varchar",length:20,notNull:!0,default:"seller"},{name:"owner_id",type:"uuid",notNull:!0},{name:"split_id",type:"uuid",references:{table:"paymentSplits",column:"id",onDelete:"set null"}},{name:"amount",type:"bigint",mode:"number",notNull:!0},{name:"currency",type:"varchar",length:10,notNull:!0},{name:"reason",type:"varchar",length:30,notNull:!0,default:"refund_window",comment:"refund_window | chargeback_risk | new_seller | manual_hold | dispute | compliance_review"},{name:"status",type:"varchar",length:20,notNull:!0,default:"held",comment:"held | released | consumed | cancelled"},{name:"release_at",type:"timestamptz"},{name:"released_at",type:"timestamptz"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["owner_type","owner_id"]},{columns:["status"]},{columns:["release_at"]}]},{table_name:"payment_payout_requests",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["PUT"],group_name:"Payments Marketplace",columns:[{name:"recipient_owner_type",type:"varchar",length:20,notNull:!0,default:"seller"},{name:"recipient_owner_id",type:"uuid",notNull:!0},{name:"amount",type:"bigint",mode:"number",notNull:!0},{name:"currency",type:"varchar",length:10,notNull:!0},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending",comment:"pending | approved | rejected | processing | completed | failed | cancelled"},{name:"provider",type:"varchar",length:50},{name:"provider_payout_id",type:"varchar",length:255},{name:"provider_transfer_id",type:"varchar",length:255},{name:"destination",type:"varchar",length:255},{name:"requested_by",type:"uuid"},{name:"decided_by",type:"uuid"},{name:"decided_at",type:"timestamptz"},{name:"completed_at",type:"timestamptz"},{name:"failure_reason",type:"text"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["recipient_owner_type","recipient_owner_id"]},{columns:["status"]}]},{table_name:"payment_disputes",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["PUT"],group_name:"Payments Marketplace",columns:[{name:"transaction_id",type:"uuid",references:{table:"paymentTransactions",column:"id",onDelete:"set null"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_dispute_id",type:"varchar",length:255},{name:"owner_type",type:"varchar",length:20},{name:"owner_id",type:"uuid"},{name:"amount",type:"bigint",mode:"number"},{name:"currency",type:"varchar",length:10},{name:"reason",type:"varchar",length:100},{name:"status",type:"varchar",length:30,notNull:!0,default:"open",comment:"open | under_review | won | lost | accepted | cancelled"},{name:"evidence_due_at",type:"timestamptz"},{name:"resolved_at",type:"timestamptz"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["provider","provider_dispute_id"]},{columns:["status"]},{columns:["owner_type","owner_id"]},{columns:["transaction_id"]}]}];import{and as and9,desc as desc3,eq as eq15,inArray as inArray4}from"drizzle-orm";var DEFAULT_CHAT_CONFIG={enabled:!1,basePath:"/chat",groupsEnabled:!0,maxGroupParticipants:256,maxMessageLength:8000,editingEnabled:!0,deletionEnabled:!0,typingIndicators:!0,readReceipts:!0,presence:!0,realtimeTopicPrefix:"chat",messagePageSize:50,attachments:{enabled:!0,maxPerMessage:10,maxFileSizeBytes:null,allowedMimeTypes:[]}};function mergeChatConfig(input){let base=DEFAULT_CHAT_CONFIG;if(!input)return base;return{enabled:input.enabled??base.enabled,basePath:input.basePath??base.basePath,groupsEnabled:input.groupsEnabled??base.groupsEnabled,maxGroupParticipants:input.maxGroupParticipants??base.maxGroupParticipants,maxMessageLength:input.maxMessageLength??base.maxMessageLength,editingEnabled:input.editingEnabled??base.editingEnabled,deletionEnabled:input.deletionEnabled??base.deletionEnabled,typingIndicators:input.typingIndicators??base.typingIndicators,readReceipts:input.readReceipts??base.readReceipts,presence:input.presence??base.presence,realtimeTopicPrefix:input.realtimeTopicPrefix??base.realtimeTopicPrefix,messagePageSize:input.messagePageSize??base.messagePageSize,attachments:{enabled:input.attachments?.enabled??base.attachments.enabled,maxPerMessage:input.attachments?.maxPerMessage??base.attachments.maxPerMessage,maxFileSizeBytes:input.attachments?.maxFileSizeBytes??base.attachments.maxFileSizeBytes,allowedMimeTypes:input.attachments?.allowedMimeTypes??base.attachments.allowedMimeTypes}}}function getCol(table,col6){return table[col6]}function getTable(schemaTables,name2,logger2){return resolveSchemaTable(schemaTables,name2,logger2)}function computeDirectKey(userA,userB){return[userA,userB].sort().join(":")}function kindFromMime(mime){if(!mime)return"file";if(mime.startsWith("image/"))return"image";if(mime.startsWith("video/"))return"video";if(mime.startsWith("audio/"))return"audio";return"file"}function str3(value){return typeof value==="string"?value:null}function num2(value){return typeof value==="number"?value:null}function date(value){if(value instanceof Date)return value;if(typeof value==="string")return new Date(value);return null}function cdnUrl(cdnBasePath,fileId){if(!fileId)return null;return`${cdnBasePath}/${fileId}`}function mapConversation(row,cdnBasePath){let avatarFileId=str3(row.avatarFileId);return{id:String(row.id),type:str3(row.type)??"direct",title:str3(row.title),description:str3(row.description),avatarFileId,avatarUrl:cdnUrl(cdnBasePath,avatarFileId),directKey:str3(row.directKey),lastMessageAt:date(row.lastMessageAt),lastMessagePreview:str3(row.lastMessagePreview),lastMessageSenderId:str3(row.lastMessageSenderId),createdBy:str3(row.createdBy),createdAt:date(row.createdAt)??new Date(0),updatedAt:date(row.updatedAt)??new Date(0),isActive:row.isActive!==!1}}function mapParticipant(row){return{id:String(row.id),conversationId:String(row.conversationId),userId:String(row.userId),role:str3(row.role)??"member",lastReadMessageId:str3(row.lastReadMessageId),lastReadAt:date(row.lastReadAt),unreadCount:num2(row.unreadCount)??0,muted:row.muted===!0,mutedUntil:date(row.mutedUntil),notificationsEnabled:row.notificationsEnabled!==!1,leftAt:date(row.leftAt),joinedAt:date(row.createdAt)??new Date(0)}}function mapAttachment(row,cdnBasePath){let fileId=String(row.fileId);return{id:String(row.id),messageId:String(row.messageId),conversationId:String(row.conversationId),fileId,kind:str3(row.kind)??"file",originalName:str3(row.originalName),mimeType:str3(row.mimeType),size:num2(row.size),width:num2(row.width),height:num2(row.height),duration:num2(row.duration),url:`${cdnBasePath}/${fileId}`}}function mapMessage(row,attachments){let metadata=row.metadata;return{id:String(row.id),conversationId:String(row.conversationId),senderId:str3(row.senderId),content:str3(row.content),contentType:str3(row.contentType)??"text",replyToId:str3(row.replyToId),metadata:metadata&&typeof metadata==="object"?metadata:null,clientMessageId:str3(row.clientMessageId),editedAt:date(row.editedAt),deletedAt:date(row.deletedAt),createdAt:date(row.createdAt)??new Date(0),updatedAt:date(row.updatedAt)??new Date(0),attachments}}function buildPreview(content,contentType,attachmentCount){if(content&&content.trim().length>0){let trimmed=content.trim();return trimmed.length>280?`${trimmed.slice(0,277)}...`:trimmed}if(attachmentCount>0){if(contentType==="image")return attachmentCount>1?`${attachmentCount} photos`:"Photo";if(contentType==="video")return attachmentCount>1?`${attachmentCount} videos`:"Video";if(contentType==="audio")return"Audio";return attachmentCount>1?`${attachmentCount} files`:"File"}if(contentType==="system")return"System message";return""}import{and as and8,eq as eq14,inArray as inArray3}from"drizzle-orm";class ChatError extends Error{code;constructor(code,message){super(message);this.code=code,this.name="ChatError"}}function resolveChatTables(ctx){let conversations=getTable(ctx.schemaTables,"chat_conversations",ctx.logger),participants=getTable(ctx.schemaTables,"chat_participants",ctx.logger),messages=getTable(ctx.schemaTables,"chat_messages",ctx.logger);if(!conversations||!participants||!messages)throw new ChatError("disabled","Chat tables are not available in this schema");let attachments=getTable(ctx.schemaTables,"chat_message_attachments")??null,files=getTable(ctx.schemaTables,"files")??null;return{conversations,participants,messages,attachments,files}}function chatTopic(ctx){return ctx.config.realtimeTopicPrefix||"chat"}async function getConversationRow(ctx,tables,conversationId){return(await ctx.db.select().from(tables.conversations).where(eq14(getCol(tables.conversations,"id"),conversationId)).limit(1))[0]??null}async function getParticipant(ctx,tables,conversationId,userId){let row=(await ctx.db.select().from(tables.participants).where(and8(eq14(getCol(tables.participants,"conversationId"),conversationId),eq14(getCol(tables.participants,"userId"),userId))).limit(1))[0];return row?mapParticipant(row):null}async function requireActiveMembership(ctx,tables,conversationId,userId){let participant=await getParticipant(ctx,tables,conversationId,userId);if(!participant||participant.leftAt)throw new ChatError("forbidden","You are not a participant of this conversation");return participant}async function listParticipants(ctx,tables,conversationId,includeLeft=!1){let all=(await ctx.db.select().from(tables.participants).where(eq14(getCol(tables.participants,"conversationId"),conversationId))).map(mapParticipant);return includeLeft?all:all.filter((p)=>!p.leftAt)}async function assertUsersExist(ctx,userIds){let unique=[...new Set(userIds)];if(unique.length===0)return;let usersTable=getTable(ctx.schemaTables,"users",ctx.logger);if(!usersTable)throw new ChatError("disabled","Users table is not available in this schema");let rows=await ctx.db.select({id:getCol(usersTable,"id")}).from(usersTable).where(inArray3(getCol(usersTable,"id"),unique)),found=new Set(rows.map((r)=>r.id));for(let id of unique)if(!found.has(id))throw new ChatError("not_found",`User ${id} does not exist`)}function deliverToParticipants(ctx,participants,event,exceptUserId){if(!ctx.broadcaster)return;let topic=chatTopic(ctx);for(let participant of participants){if(participant.leftAt)continue;if(exceptUserId&&participant.userId===exceptUserId)continue;ctx.broadcaster.broadcastToUser(participant.userId,topic,event)}}async function buildSummary(ctx,tables,conversationRow,userId,participantsOverride){let conversation=mapConversation(conversationRow,ctx.cdnBasePath),participants=participantsOverride??await listParticipants(ctx,tables,conversation.id),myParticipant=participants.find((p)=>p.userId===userId)??null;return{...conversation,participants,myParticipant,unreadCount:myParticipant?.unreadCount??0}}async function getOrCreateDirect(ctx,params){let tables=resolveChatTables(ctx),{userId,targetUserId}=params;if(!targetUserId||targetUserId===userId)throw new ChatError("validation","A different target user is required");await assertUsersExist(ctx,[targetUserId]);let directKey=computeDirectKey(userId,targetUserId),existing=(await ctx.db.select().from(tables.conversations).where(eq15(getCol(tables.conversations,"directKey"),directKey)).limit(1))[0];if(existing)return await rejoinIfNeeded(ctx,tables,String(existing.id),[userId,targetUserId]),buildSummary(ctx,tables,existing,userId);let now=new Date,conversationRow;try{conversationRow=(await ctx.db.insert(tables.conversations).values({type:"direct",directKey,createdBy:userId,lastMessageAt:now,lastMessagePreview:""}).returning())[0]}catch(_err){let raced=(await ctx.db.select().from(tables.conversations).where(eq15(getCol(tables.conversations,"directKey"),directKey)).limit(1))[0];if(!raced)throw new ChatError("conflict","Failed to create direct conversation");return await rejoinIfNeeded(ctx,tables,String(raced.id),[userId,targetUserId]),buildSummary(ctx,tables,raced,userId)}let conversationId=String(conversationRow.id);await ctx.db.insert(tables.participants).values([{conversationId,userId,role:"member",createdBy:userId},{conversationId,userId:targetUserId,role:"member",createdBy:userId}]);let summary=await buildSummary(ctx,tables,conversationRow,userId);return deliverToParticipants(ctx,summary.participants,{type:"conversation.created",conversationId,conversation:summary},userId),summary}async function createGroup(ctx,params){if(!ctx.config.groupsEnabled)throw new ChatError("disabled","Group conversations are disabled");let tables=resolveChatTables(ctx),{creatorId,title}=params;if(!title||title.trim().length===0)throw new ChatError("validation","A group title is required");let memberIds=[...new Set([creatorId,...params.participantIds])];if(memberIds.length>ctx.config.maxGroupParticipants)throw new ChatError("validation",`A group cannot exceed ${ctx.config.maxGroupParticipants} participants`);if(await assertUsersExist(ctx,memberIds),params.avatarFileId){if(!tables.files)throw new ChatError("disabled","Avatar files require storage to be enabled");let avatarRow=(await ctx.db.select().from(tables.files).where(eq15(getCol(tables.files,"id"),params.avatarFileId)).limit(1))[0],owner=avatarRow?String(avatarRow.uploadedBy??avatarRow.createdBy??""):"";if(!avatarRow||owner!==creatorId)throw new ChatError("forbidden","Avatar file is not owned by the creator")}let now=new Date,conversationRow=(await ctx.db.insert(tables.conversations).values({type:"group",title:title.trim(),description:params.description??null,avatarFileId:params.avatarFileId??null,createdBy:creatorId,lastMessageAt:now,lastMessagePreview:""}).returning())[0],conversationId=String(conversationRow.id);await ctx.db.insert(tables.participants).values(memberIds.map((memberId)=>({conversationId,userId:memberId,role:memberId===creatorId?"owner":"member",createdBy:creatorId})));let summary=await buildSummary(ctx,tables,conversationRow,creatorId);return deliverToParticipants(ctx,summary.participants,{type:"conversation.created",conversationId,conversation:summary},creatorId),summary}async function listConversations(ctx,params){let tables=resolveChatTables(ctx),limit=Math.min(Math.max(params.limit??30,1),100),offset=Math.max(params.offset??0,0),myParticipants=(await ctx.db.select().from(tables.participants).where(eq15(getCol(tables.participants,"userId"),params.userId))).map(mapParticipant).filter((p)=>!p.leftAt);if(myParticipants.length===0)return[];let conversationIds=myParticipants.map((p)=>p.conversationId),pageRows=await ctx.db.select().from(tables.conversations).where(and9(inArray4(getCol(tables.conversations,"id"),conversationIds),eq15(getCol(tables.conversations,"isActive"),!0))).orderBy(desc3(getCol(tables.conversations,"lastMessageAt"))).limit(limit).offset(offset);if(pageRows.length===0)return[];let pageIds=pageRows.map((r)=>String(r.id)),participantRows=await ctx.db.select().from(tables.participants).where(inArray4(getCol(tables.participants,"conversationId"),pageIds)),byConversation=new Map;for(let row of participantRows){let mapped=mapParticipant(row);if(mapped.leftAt)continue;let list=byConversation.get(mapped.conversationId)??[];list.push(mapped),byConversation.set(mapped.conversationId,list)}let summaries=[];for(let row of pageRows){let id=String(row.id);summaries.push(await buildSummary(ctx,tables,row,params.userId,byConversation.get(id)??[]))}return summaries}async function getConversation(ctx,conversationId,userId){let tables=resolveChatTables(ctx);await requireActiveMembership(ctx,tables,conversationId,userId);let row=await getConversationRow(ctx,tables,conversationId);if(!row)throw new ChatError("not_found","Conversation not found");return buildSummary(ctx,tables,row,userId)}async function rejoinIfNeeded(ctx,tables,conversationId,userIds){for(let userId of userIds){let participant=await getParticipant(ctx,tables,conversationId,userId);if(!participant)await ctx.db.insert(tables.participants).values({conversationId,userId,role:"member",createdBy:userId});else if(participant.leftAt)await ctx.db.update(tables.participants).set({leftAt:null}).where(eq15(getCol(tables.participants,"id"),participant.id))}}function assertCanManage(actor){if(actor.role!=="owner"&&actor.role!=="admin")throw new ChatError("forbidden","Only group admins can manage participants")}async function addParticipants(ctx,conversationId,actorId,userIds){let tables=resolveChatTables(ctx),conversation=await getConversationRow(ctx,tables,conversationId);if(!conversation)throw new ChatError("not_found","Conversation not found");if(mapConversation(conversation,ctx.cdnBasePath).type!=="group")throw new ChatError("validation","Participants can only be managed in group conversations");let actor=await requireActiveMembership(ctx,tables,conversationId,actorId);assertCanManage(actor);let toAdd=[...new Set(userIds)];await assertUsersExist(ctx,toAdd);let current=await listParticipants(ctx,tables,conversationId,!0),activeCount=current.filter((p)=>!p.leftAt).length,newOnes=toAdd.filter((id)=>!current.some((p)=>p.userId===id&&!p.leftAt));if(activeCount+newOnes.length>ctx.config.maxGroupParticipants)throw new ChatError("validation","Group participant limit exceeded");for(let userId of toAdd)await rejoinIfNeeded(ctx,tables,conversationId,[userId]);let participants=await listParticipants(ctx,tables,conversationId);return deliverToParticipants(ctx,participants,{type:"participant.added",conversationId,userIds:toAdd,by:actorId}),participants}async function removeParticipant(ctx,conversationId,actorId,targetUserId){let tables=resolveChatTables(ctx),actor=await requireActiveMembership(ctx,tables,conversationId,actorId);if(actorId!==targetUserId)assertCanManage(actor);let target2=await getParticipant(ctx,tables,conversationId,targetUserId);if(!target2||target2.leftAt)throw new ChatError("not_found","Participant not found in conversation");await ctx.db.update(tables.participants).set({leftAt:new Date}).where(eq15(getCol(tables.participants,"id"),target2.id));let participants=await listParticipants(ctx,tables,conversationId),event={type:"participant.removed",conversationId,userId:targetUserId,by:actorId};if(deliverToParticipants(ctx,participants,event),ctx.broadcaster)ctx.broadcaster.broadcastToUser(targetUserId,ctx.config.realtimeTopicPrefix||"chat",event)}import{and as and10,desc as desc4,eq as eq16,inArray as inArray5,isNull,lt,ne,sql as sql5}from"drizzle-orm";async function loadAttachments(ctx,tables,messageIds){let grouped=new Map;if(!tables.attachments||messageIds.length===0)return grouped;let rows=await ctx.db.select().from(tables.attachments).where(inArray5(getCol(tables.attachments,"messageId"),messageIds));for(let row of rows){let attachment=mapAttachment(row,ctx.cdnBasePath),list=grouped.get(attachment.messageId)??[];list.push(attachment),grouped.set(attachment.messageId,list)}return grouped}function inferContentType(explicit,attachments){if(explicit)return explicit;if(attachments.length===0)return"text";let kind=attachments[0]?.kind;if(kind==="image")return"image";if(kind==="video")return"video";if(kind==="audio")return"audio";return"file"}async function persistAttachments(ctx,tables,conversationId,messageId,params){let inputs=params.attachments??[];if(inputs.length===0)return[];if(!ctx.attachmentsAvailable||!tables.attachments||!tables.files)throw new ChatError("disabled","File attachments require storage and CDN to be enabled");if(inputs.length>ctx.config.attachments.maxPerMessage)throw new ChatError("validation",`A message cannot have more than ${ctx.config.attachments.maxPerMessage} attachments`);let fileIds=inputs.map((a)=>a.fileId),fileRows=await ctx.db.select().from(tables.files).where(inArray5(getCol(tables.files,"id"),fileIds)),filesById=new Map;for(let row of fileRows)filesById.set(String(row.id),row);let payloads=inputs.map((input)=>{let fileRow=filesById.get(input.fileId);if(!fileRow)throw new ChatError("not_found",`Attachment file ${input.fileId} was not found`);if(String(fileRow.uploadedBy??fileRow.createdBy??"")!==params.senderId)throw new ChatError("forbidden",`Attachment file ${input.fileId} is not owned by the sender`);let mimeType=fileRow.mimeType??input.mimeType??null;return{conversationId,messageId,fileId:input.fileId,kind:input.kind??kindFromMime(mimeType),originalName:fileRow.originalName??input.originalName??null,mimeType,size:fileRow.size??input.size??null,width:input.width??null,height:input.height??null,duration:input.duration??null,createdBy:params.senderId}});return(await ctx.db.insert(tables.attachments).values(payloads).returning()).map((row)=>mapAttachment(row,ctx.cdnBasePath))}async function sendMessage(ctx,params){let tables=resolveChatTables(ctx);await requireActiveMembership(ctx,tables,params.conversationId,params.senderId);let content=params.content?.trim()?params.content:null,hasAttachments=(params.attachments?.length??0)>0;if(!content&&!hasAttachments)throw new ChatError("validation","A message must contain text or at least one attachment");if(content&&content.length>ctx.config.maxMessageLength)throw new ChatError("validation",`Message exceeds the maximum length of ${ctx.config.maxMessageLength} characters`);if(params.metadata!==void 0&&params.metadata!==null){if(JSON.stringify(params.metadata).length>4096)throw new ChatError("validation","Message metadata exceeds the maximum size of 4096 bytes")}let messageRow=(await ctx.db.insert(tables.messages).values({conversationId:params.conversationId,senderId:params.senderId,content,contentType:params.contentType??"text",replyToId:params.replyToId??null,clientMessageId:params.clientMessageId??null,metadata:params.metadata??{},createdBy:params.senderId}).returning())[0],messageId=String(messageRow.id),attachments=await persistAttachments(ctx,tables,params.conversationId,messageId,params),contentType=inferContentType(params.contentType,attachments);if(contentType!==messageRow.contentType)await ctx.db.update(tables.messages).set({contentType}).where(eq16(getCol(tables.messages,"id"),messageId)),messageRow.contentType=contentType;let message=mapMessage(messageRow,attachments),preview=buildPreview(message.content,message.contentType,attachments.length),now=message.createdAt;await ctx.db.update(tables.conversations).set({lastMessageAt:now,lastMessagePreview:preview,lastMessageSenderId:params.senderId,updatedAt:new Date}).where(eq16(getCol(tables.conversations,"id"),params.conversationId)),await ctx.db.update(tables.participants).set({unreadCount:sql5`${getCol(tables.participants,"unreadCount")} + 1`}).where(and10(eq16(getCol(tables.participants,"conversationId"),params.conversationId),ne(getCol(tables.participants,"userId"),params.senderId),isNull(getCol(tables.participants,"leftAt"))));let participants=await listParticipants(ctx,tables,params.conversationId);return deliverToParticipants(ctx,participants,{type:"message.created",conversationId:params.conversationId,message}),message}async function getMessages(ctx,params){let tables=resolveChatTables(ctx);await requireActiveMembership(ctx,tables,params.conversationId,params.userId);let limit=Math.min(Math.max(params.limit??ctx.config.messagePageSize,1),100),conditions=[eq16(getCol(tables.messages,"conversationId"),params.conversationId)];if(params.before){let cursor=(await ctx.db.select().from(tables.messages).where(eq16(getCol(tables.messages,"id"),params.before)).limit(1))[0];if(cursor?.createdAt)conditions.push(lt(getCol(tables.messages,"createdAt"),cursor.createdAt))}let rows=await ctx.db.select().from(tables.messages).where(and10(...conditions)).orderBy(desc4(getCol(tables.messages,"createdAt"))).limit(limit+1),pageRows=rows.slice(0,limit),hasMore=rows.length>limit,attachmentsByMessage=await loadAttachments(ctx,tables,pageRows.map((r)=>String(r.id)));return{messages:pageRows.map((row)=>mapMessage(row,attachmentsByMessage.get(String(row.id))??[])),hasMore}}async function markRead(ctx,conversationId,userId,messageId){let tables=resolveChatTables(ctx),participant=await requireActiveMembership(ctx,tables,conversationId,userId),targetMessageId=messageId??null;if(!targetMessageId){let latestRow=(await ctx.db.select().from(tables.messages).where(eq16(getCol(tables.messages,"conversationId"),conversationId)).orderBy(desc4(getCol(tables.messages,"createdAt"))).limit(1))[0];targetMessageId=latestRow?String(latestRow.id):null}let readAt=new Date;if(await ctx.db.update(tables.participants).set({lastReadMessageId:targetMessageId,lastReadAt:readAt,unreadCount:0}).where(eq16(getCol(tables.participants,"id"),participant.id)),ctx.config.readReceipts){let participants=await listParticipants(ctx,tables,conversationId);deliverToParticipants(ctx,participants,{type:"conversation.read",conversationId,userId,lastReadMessageId:targetMessageId,readAt:readAt.toISOString()},userId)}return{lastReadMessageId:targetMessageId,readAt}}async function editMessage(ctx,messageId,userId,content){if(!ctx.config.editingEnabled)throw new ChatError("disabled","Message editing is disabled");let tables=resolveChatTables(ctx),row=(await ctx.db.select().from(tables.messages).where(eq16(getCol(tables.messages,"id"),messageId)).limit(1))[0];if(!row||row.deletedAt)throw new ChatError("not_found","Message not found");if(String(row.senderId)!==userId)throw new ChatError("forbidden","You can only edit your own messages");let trimmed=content.trim();if(!trimmed)throw new ChatError("validation","Message content cannot be empty");if(trimmed.length>ctx.config.maxMessageLength)throw new ChatError("validation","Message exceeds the maximum length");let editedAt=new Date,updated=await ctx.db.update(tables.messages).set({content:trimmed,editedAt,updatedAt:editedAt}).where(eq16(getCol(tables.messages,"id"),messageId)).returning(),attachments=await loadAttachments(ctx,tables,[messageId]),message=mapMessage(updated[0],attachments.get(messageId)??[]),participants=await listParticipants(ctx,tables,String(row.conversationId));return deliverToParticipants(ctx,participants,{type:"message.updated",conversationId:String(row.conversationId),message}),message}async function deleteMessage(ctx,messageId,userId){if(!ctx.config.deletionEnabled)throw new ChatError("disabled","Message deletion is disabled");let tables=resolveChatTables(ctx),row=(await ctx.db.select().from(tables.messages).where(eq16(getCol(tables.messages,"id"),messageId)).limit(1))[0];if(!row||row.deletedAt)throw new ChatError("not_found","Message not found");if(String(row.senderId)!==userId)throw new ChatError("forbidden","You can only delete your own messages");let deletedAt=new Date;await ctx.db.update(tables.messages).set({content:null,deletedAt,updatedAt:deletedAt}).where(eq16(getCol(tables.messages,"id"),messageId));let participants=await listParticipants(ctx,tables,String(row.conversationId));deliverToParticipants(ctx,participants,{type:"message.deleted",conversationId:String(row.conversationId),messageId})}async function setTyping(ctx,conversationId,userId,isTyping=!0){if(!ctx.config.typingIndicators)return;let tables=resolveChatTables(ctx),participants=await listParticipants(ctx,tables,conversationId);if(!participants.some((p)=>p.userId===userId))throw new ChatError("forbidden","You are not a participant of this conversation");deliverToParticipants(ctx,participants,{type:"typing",conversationId,userId,isTyping},userId)}class ChatService{ctx;constructor(init){this.ctx={db:init.db,schemaTables:init.schemaTables,config:init.config,logger:init.logger,broadcaster:init.broadcaster??null,cdnBasePath:init.cdnBasePath??"/cdn",attachmentsAvailable:init.attachmentsAvailable??!1}}get config(){return this.ctx.config}getOrCreateDirect(userId,targetUserId){return getOrCreateDirect(this.ctx,{userId,targetUserId})}createGroup(params){return createGroup(this.ctx,params)}listConversations(userId,opts){return listConversations(this.ctx,{userId,limit:opts?.limit,offset:opts?.offset})}getConversation(conversationId,userId){return getConversation(this.ctx,conversationId,userId)}addParticipants(conversationId,actorId,userIds){return addParticipants(this.ctx,conversationId,actorId,userIds)}removeParticipant(conversationId,actorId,targetUserId){return removeParticipant(this.ctx,conversationId,actorId,targetUserId)}sendMessage(params){return sendMessage(this.ctx,params)}getMessages(params){return getMessages(this.ctx,params)}markRead(conversationId,userId,messageId){return markRead(this.ctx,conversationId,userId,messageId)}editMessage(messageId,userId,content){return editMessage(this.ctx,messageId,userId,content)}deleteMessage(messageId,userId){return deleteMessage(this.ctx,messageId,userId)}setTyping(conversationId,userId,isTyping){return setTyping(this.ctx,conversationId,userId,isTyping)}}init_Logger2();var METHOD_MAP={GET:["GET"],POST:["POST"],PUT:["PUT"],DELETE:["DELETE"],PATCH:["PATCH"],TOGGLE:["PATCH"],VERIFICATION:["POST"]};function buildAuthPublicRoutes(config,basePath){let routes=[],auth=config.authentication;if(!auth)return routes;if(auth.login?.enabled&&auth.login?.isPublic)routes.push({path:auth.login.route||`${basePath}/auth/login`,method:"POST",source:"auth"});if(auth.register?.enabled&&auth.register?.isPublic)routes.push({path:auth.register.route||`${basePath}/auth/register`,method:"POST",source:"auth"});if(auth.logout?.enabled&&auth.logout?.isPublic)routes.push({path:auth.logout.route||`${basePath}/auth/logout`,method:"POST",source:"auth"});if(auth.refresh?.enabled&&auth.refresh?.isPublic)routes.push({path:auth.refresh.route||`${basePath}/auth/refresh`,method:"POST",source:"auth"});if(auth.passwordReset?.enabled&&auth.passwordReset?.isPublic){let baseRoute=auth.passwordReset.route||`${basePath}/auth/password-reset`;routes.push({path:`${baseRoute}/request`,method:"POST",source:"auth"},{path:`${baseRoute}/confirm`,method:"POST",source:"auth"})}if(auth.passwordChange?.enabled&&auth.passwordChange?.isPublic)routes.push({path:auth.passwordChange.route||`${basePath}/auth/password-change`,method:"POST",source:"auth"});if(auth.magicLink?.enabled&&auth.magicLink?.isPublic)routes.push({path:auth.magicLink.route||`${basePath}/auth/magic-link`,method:"POST",source:"auth"},{path:auth.magicLink.verifyRoute||`${basePath}/auth/magic-link/verify`,method:"GET",source:"auth"});if(auth.register?.enabled&&auth.register?.emailVerification?.enabled)routes.push({path:`${basePath}/verify-email`,method:"GET",source:"auth"},{path:`${basePath}/resend-verification`,method:"POST",source:"auth"});if(auth.invite?.enabled&&auth.invite?.isPublic)routes.push({path:auth.invite.route||`${basePath}/auth/invite`,method:"POST",source:"auth"});if(auth.invite?.enabled){let inviteRoute=auth.invite.route||`${basePath}/auth/invite`;routes.push({path:`${inviteRoute}/verify`,method:"POST",source:"auth"})}if(auth.passwordSet?.enabled)routes.push({path:auth.passwordSet.route||`${basePath}/auth/password-set`,method:"POST",source:"auth"});if(auth.webauthn?.enabled){let webauthnRoute=auth.webauthn.route||`${basePath}/auth/webauthn`;routes.push({path:`${webauthnRoute}/authenticate/options`,method:"POST",source:"auth"},{path:`${webauthnRoute}/authenticate/verify`,method:"POST",source:"auth"})}if(auth.captcha?.enabled&&auth.captcha?.isPublic){let baseRoute=auth.captcha.route||`${basePath}/auth/captcha`;routes.push({path:`${baseRoute}/generate`,method:"GET",source:"auth"},{path:`${baseRoute}/validate`,method:"POST",source:"auth"})}if(auth.sessions?.enabled){let sessionsRoute=auth.sessions.route||`${basePath}/auth/sessions`;routes.push({path:`${sessionsRoute}/approve`,method:"POST",source:"auth"},{path:`${sessionsRoute}/reject`,method:"POST",source:"auth"},{path:`${sessionsRoute}/approve-page`,method:"GET",source:"auth"},{path:`${sessionsRoute}/reject-page`,method:"GET",source:"auth"},{path:`${sessionsRoute}/approval-status`,method:"GET",source:"auth"})}if(auth.oauth?.enabled){let oauthBase=auth.oauth.basePath||`${basePath}/auth/oauth`,knownProviders=["google","github","microsoft","discord","facebook","twitter","apple","custom"];routes.push({path:`${oauthBase}/providers`,method:"GET",source:"auth"});for(let provider of knownProviders)routes.push({path:`${oauthBase}/${provider}`,method:"GET",source:"auth"},{path:`${oauthBase}/${provider}/callback`,method:"GET",source:"auth"})}return routes}function buildEntityPublicRoutes(entities,basePath,_schema){let routes=[];for(let entity of entities){if(!entity.is_public)continue;let camelName=entity.table_name.replace(/_([a-z])/g,(_,l)=>l.toUpperCase()),entityPath=`${basePath}/${camelName}`;for(let[nucleusMethod,isPublic]of Object.entries(entity.is_public)){if(!isPublic)continue;let httpMethods=METHOD_MAP[nucleusMethod];if(!httpMethods)continue;for(let method of httpMethods)if(method==="GET")routes.push({path:entityPath,method:"GET",source:"entity"}),routes.push({path:`${entityPath}/:id`,method:"GET",source:"entity"});else if(method==="POST")routes.push({path:entityPath,method:"POST",source:"entity"});else if(method==="PUT"||method==="PATCH")routes.push({path:`${entityPath}/:id`,method,source:"entity"});else if(method==="DELETE")routes.push({path:`${entityPath}/:id`,method:"DELETE",source:"entity"})}}return routes}function buildSystemTablePublicRoutes(systemTables2,basePath,schema){return buildEntityPublicRoutes(systemTables2,basePath,schema)}function buildPublicRoutes(config,systemTables2,basePath="",schema="public"){let authRoutes=buildAuthPublicRoutes(config,basePath),entityRoutes=buildEntityPublicRoutes(config.entities||[],basePath,schema),systemRoutes=buildSystemTablePublicRoutes(systemTables2,basePath,schema),pubsubRoutes=[];if(config.pubsub?.enabled){let pubsubBasePath=config.pubsub.basePath||"/subs",wsPath=config.pubsub.wsPath||"/api/events/subscribe";pubsubRoutes.push({path:`${pubsubBasePath}/:topic`,method:"POST",source:"system"},{path:wsPath,method:"GET",source:"system"})}let paymentRoutes=[];if(config.payment?.enabled){let paymentBasePath=config.payment.basePath||"/payment";paymentRoutes.push({path:`${paymentBasePath}/callback`,method:"POST",source:"system"},{path:`${paymentBasePath}/callback`,method:"OPTIONS",source:"system"},{path:`${paymentBasePath}/bin-query`,method:"POST",source:"system"},{path:`${paymentBasePath}/webhook`,method:"POST",source:"system"})}let discoveryRoutes=[];if(config.authorization?.endpointDiscovery?.enabled)discoveryRoutes.push({path:"/authorization/route-manifest",method:"GET",source:"system"},{path:"/authorization/route-manifest",method:"OPTIONS",source:"system"},{path:"/authorization/role-claims-manifest",method:"GET",source:"system"},{path:"/authorization/role-claims-manifest",method:"OPTIONS",source:"system"});let domainRoutes=[];if(config.domains?.enabled){let domainsBasePath=config.domains.basePath||"/domains";domainRoutes.push({path:`${basePath}${domainsBasePath}/resolve`,method:"GET",source:"system"})}let tenantRoutes=[];if(config.database?.isMultiTenant)tenantRoutes.push({path:`${basePath}/tenants`,method:"GET",source:"system"}),tenantRoutes.push({path:`${basePath}/tenants/check-subdomain/:subdomain`,method:"GET",source:"system"}),tenantRoutes.push({path:`${basePath}/tenants/self-signup`,method:"POST",source:"system"}),tenantRoutes.push({path:`${basePath}/tenants/refresh`,method:"POST",source:"system"});let customRoutes=[{path:"/nucleus-core",method:"GET",source:"custom"},{path:"/public",method:"GET",source:"custom"},{path:"/docs",method:"GET",source:"custom"},{path:"/docs/json",method:"GET",source:"custom"},{path:"/swagger",method:"GET",source:"custom"},{path:"/swagger/json",method:"GET",source:"custom"}],configPublicPaths=config.authorization?.publicPaths||[],ALL_PUBLIC_METHODS=["GET","POST","PUT","PATCH","DELETE","OPTIONS"],configPublicRoutes=configPublicPaths.flatMap((entry)=>{let trimmed=entry.trim(),qualified=trimmed.match(/^(GET|POST|PUT|PATCH|DELETE|OPTIONS)\s+(.+)$/i);if(qualified?.[1]&&qualified[2]){let method=qualified[1].toUpperCase(),path2=qualified[2].trim(),routes=[{path:path2,method,source:"custom"}];if(method!=="OPTIONS")routes.push({path:path2,method:"OPTIONS",source:"custom"});return routes}if(trimmed.startsWith("/auth/"))return ALL_PUBLIC_METHODS.map((method)=>({path:trimmed,method,source:"custom"}));return logger.warn(`[Security] publicPaths entry "${trimmed}" is unqualified \u2014 exposing GET + OPTIONS only. To make a write method public, use the explicit form, e.g. "POST ${trimmed}".`),[{path:trimmed,method:"GET",source:"custom"},{path:trimmed,method:"OPTIONS",source:"custom"}]});return[...authRoutes,...entityRoutes,...systemRoutes,...pubsubRoutes,...paymentRoutes,...discoveryRoutes,...domainRoutes,...tenantRoutes,...customRoutes,...configPublicRoutes]}function isPublicRoute(publicRoutes,path2,method){if(/\/\/|\\|%2f|%2e|%5c/i.test(path2))return!1;let normalizedPath=path2.replace(/\/$/,""),normalizedMethod=method.toUpperCase();for(let route of publicRoutes){if(route.method!==normalizedMethod)continue;if(matchPath(route.path,normalizedPath))return!0}return!1}function matchPath(pattern,path2){if(pattern===path2)return!0;let patternParts=pattern.split("/").filter(Boolean),pathParts=path2.split("/").filter(Boolean);if(patternParts.length!==pathParts.length)return!1;for(let i=0;i<patternParts.length;i++){let patternPart=patternParts[i],pathPart=pathParts[i];if(patternPart?.startsWith(":"))continue;if(patternPart!==pathPart)return!1}return!0}import{Elysia as Elysia2}from"elysia";import{eq as eq18}from"drizzle-orm";import{eq as eq17}from"drizzle-orm";var col6=(table,name2)=>{let tableRecord=table,snakeCase=name2.replace(/([A-Z])/g,"_$1").toLowerCase();return tableRecord[name2]||tableRecord[snakeCase]};async function requireGodmin(db,usersTable,userId){let user=(await db.select().from(usersTable).where(eq17(col6(usersTable,"id"),userId)).limit(1))[0];return Boolean(user?.isGod)}function validatePassword(pwd,policy){let errors2=[],minLen=policy?.minLength??8,maxLen=policy?.maxLength??128,needUpper=policy?.requireUppercase??!0,needLower=policy?.requireLowercase??!0,needDigit=policy?.requireNumber??!0,needSpecial=policy?.requireSpecialChar??!1;if(pwd.length<minLen)errors2.push(`Password must be at least ${minLen} characters`);if(pwd.length>maxLen)errors2.push(`Password must be at most ${maxLen} characters`);if(needUpper&&!/[A-Z]/.test(pwd))errors2.push("Password must contain uppercase letter");if(needLower&&!/[a-z]/.test(pwd))errors2.push("Password must contain lowercase letter");if(needDigit&&!/[0-9]/.test(pwd))errors2.push("Password must contain a number");if(needSpecial&&!/[!@#$%^&*()_+\-=[\]{};':"\\|,.<>/?]/.test(pwd))errors2.push("Password must contain a special character");return{valid:errors2.length===0,errors:errors2}}var handleActivateUsers=(db,usersTable,logger2)=>async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId||!await requireGodmin(db,usersTable,userId))return ctx.set.status=403,{success:!1,message:"Forbidden"};let result=await db.update(usersTable).set({isLocked:!1,lockedUntil:null,failedLoginAttempts:0,updatedAt:new Date}).where(eq18(col6(usersTable,"cohortId"),ctx.params.id)).returning();return logger2.audit({entityName:"user_cohorts",entityId:ctx.params.id,operation:"COHORT_ACTIVATE_USERS",userId,summary:`Activated ${result.length} users in cohort`}),{success:!0,data:{affected:result.length}}};init_assignDefaultRole();init_utils6();import{count,eq as eq20,inArray as inArray6}from"drizzle-orm";var handleBulkCreateUsers=(config,logger2)=>{let{db,usersTable,cohortsTable,rolesTable,userRolesTable,profilesTable}=config;return async(ctx)=>{if(!db||!usersTable||!cohortsTable)return ctx.set.status=500,{success:!1,message:"Server misconfigured"};let callerId=ctx.request.headers.get("x-user-id");if(!callerId||!await requireGodmin(db,usersTable,callerId))return ctx.set.status=403,{success:!1,message:"Forbidden"};let cohortId=ctx.params.id;if((await db.select().from(cohortsTable).where(eq20(col6(cohortsTable,"id"),cohortId)).limit(1)).length===0)return ctx.set.status=404,{success:!1,message:"Cohort not found"};let{users:explicitUsers,emailPrefix,emailDomain,sharedPassword,count:userCount,roleIds}=ctx.body,userList=[];if(explicitUsers&&explicitUsers.length>0)for(let u of explicitUsers)userList.push({email:u.email.toLowerCase().trim(),password:u.password,firstName:u.profile?.firstName,lastName:u.profile?.lastName});else if(emailPrefix&&emailDomain&&sharedPassword&&userCount){let padLen=String(userCount).length;for(let i=1;i<=userCount;i++){let paddedNum=String(i).padStart(padLen,"0");userList.push({email:`${emailPrefix}-${paddedNum}@${emailDomain}`.toLowerCase(),password:sharedPassword})}}else return ctx.set.status=400,{success:!1,message:'Provide either "users" array or "emailPrefix" + "emailDomain" + "sharedPassword" + "count"'};if(userList.length>500)return ctx.set.status=400,{success:!1,message:"Maximum 500 users per batch"};for(let entry of userList){let validation=validatePassword(entry.password,config.passwordPolicy);if(!validation.valid)return ctx.set.status=400,{success:!1,message:`Password too weak for ${entry.email}`,errors:validation.errors}}let emails=userList.map((u)=>u.email),existingRows=await db.select({email:col6(usersTable,"email")}).from(usersTable).where(inArray6(col6(usersTable,"email"),emails)),existingEmails=new Set(existingRows.map((r)=>String(r.email).toLowerCase())),created=[],skipped=[],now=new Date;for(let entry of userList){if(existingEmails.has(entry.email)){skipped.push(entry.email);continue}let hashedPw=await hashPassword(entry.password),newUser=(await db.insert(usersTable).values({email:entry.email,password:hashedPw,emailVerified:!0,verifiedAt:now,isLocked:!1,cohortId,createdAt:now,updatedAt:now}).returning())[0];if(!newUser)continue;let newUserId=String(newUser.id);if(created.push({id:newUserId,email:entry.email,password:entry.password}),roleIds&&roleIds.length>0&&rolesTable&&userRolesTable){let validIds=(await db.select({id:col6(rolesTable,"id")}).from(rolesTable).where(inArray6(col6(rolesTable,"id"),roleIds))).map((r)=>String(r.id));if(validIds.length>0)await db.insert(userRolesTable).values(validIds.map((roleId)=>({userId:newUserId,roleId})))}else if(config.defaultRole)await assignDefaultRole({db,userId:newUserId,roleName:config.defaultRole,rolesTable,userRolesTable,logger:logger2});if((entry.firstName||entry.lastName)&&profilesTable)await db.insert(profilesTable).values({userId:newUserId,firstName:entry.firstName??null,lastName:entry.lastName??null,createdAt:now,updatedAt:now}).catch((err)=>{logger2.warn("[Cohort] Failed to create profile for user",{userId:newUserId,error:err.message})})}let countResult=await db.select({count:count()}).from(usersTable).where(eq20(col6(usersTable,"cohortId"),cohortId)),totalUsers=Number(countResult[0]?.count)||0;return await db.update(cohortsTable).set({userCount:totalUsers,updatedAt:new Date}).where(eq20(col6(cohortsTable,"id"),cohortId)),logger2.audit({entityName:"user_cohorts",entityId:cohortId,operation:"COHORT_BULK_CREATE",userId:callerId,summary:`Bulk created ${created.length} users in cohort (${skipped.length} skipped)`}),{success:!0,data:{created:created.length,skipped:skipped.length,skippedEmails:skipped,users:created}}}};var handleCreateCohort=(db,usersTable,cohortsTable,logger2)=>async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId||!await requireGodmin(db,usersTable,userId))return ctx.set.status=403,{success:!1,message:"Forbidden"};let{name:name2,description,expiresAt,metadata}=ctx.body,now=new Date,inserted=await db.insert(cohortsTable).values({name:name2,description:description??null,createdBy:userId,expiresAt:expiresAt?new Date(expiresAt):null,userCount:0,metadata:metadata??{},createdAt:now,updatedAt:now}).returning();return logger2.audit({entityName:"user_cohorts",entityId:inserted[0]?.id,operation:"COHORT_CREATE",userId,summary:`Created cohort "${name2}"`}),{success:!0,data:inserted[0]}};import{eq as eq21}from"drizzle-orm";var handleDeactivateUsers=(db,usersTable,logger2)=>async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId||!await requireGodmin(db,usersTable,userId))return ctx.set.status=403,{success:!1,message:"Forbidden"};let result=await db.update(usersTable).set({isLocked:!0,updatedAt:new Date}).where(eq21(col6(usersTable,"cohortId"),ctx.params.id)).returning();return logger2.audit({entityName:"user_cohorts",entityId:ctx.params.id,operation:"COHORT_DEACTIVATE_USERS",userId,summary:`Deactivated ${result.length} users in cohort`}),{success:!0,data:{affected:result.length}}};import{eq as eq22,inArray as inArray7}from"drizzle-orm";var handleDeleteUsers=(db,usersTable,cohortsTable,userRolesTable,profilesTable,logger2)=>async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId||!await requireGodmin(db,usersTable,userId))return ctx.set.status=403,{success:!1,message:"Forbidden"};let userIds=(await db.select({id:col6(usersTable,"id")}).from(usersTable).where(eq22(col6(usersTable,"cohortId"),ctx.params.id))).map((u)=>String(u.id));if(userIds.length>0){if(userRolesTable)await db.delete(userRolesTable).where(inArray7(col6(userRolesTable,"userId"),userIds));if(profilesTable)await db.delete(profilesTable).where(inArray7(col6(profilesTable,"userId"),userIds));await db.delete(usersTable).where(inArray7(col6(usersTable,"id"),userIds))}return await db.update(cohortsTable).set({userCount:0,updatedAt:new Date}).where(eq22(col6(cohortsTable,"id"),ctx.params.id)),logger2.audit({entityName:"user_cohorts",entityId:ctx.params.id,operation:"COHORT_DELETE_USERS",userId,summary:`Deleted ${userIds.length} users from cohort`}),{success:!0,data:{deleted:userIds.length}}};import{eq as eq23}from"drizzle-orm";var handleGetCohort=(db,usersTable,cohortsTable)=>async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId||!await requireGodmin(db,usersTable,userId))return ctx.set.status=403,{success:!1,message:"Forbidden"};let rows=await db.select().from(cohortsTable).where(eq23(col6(cohortsTable,"id"),ctx.params.id)).limit(1);if(rows.length===0)return ctx.set.status=404,{success:!1,message:"Cohort not found"};let userRows=await db.select().from(usersTable).where(eq23(col6(usersTable,"cohortId"),ctx.params.id));return{success:!0,data:{...rows[0],users:userRows}}};import{eq as eq24}from"drizzle-orm";var csvCell=(value)=>{let s=value==null?"":String(value);if(/^[=+\-@\t\r]/.test(s))s=`'${s}`;if(/[",\n\r]/.test(s))s=`"${s.replace(/"/g,'""')}"`;return s},handleExportUsers=(db,usersTable)=>async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId||!await requireGodmin(db,usersTable,userId))return ctx.set.status=403,{success:!1,message:"Forbidden"};let userRows=await db.select().from(usersTable).where(eq24(col6(usersTable,"cohortId"),ctx.params.id)),lines=["email,status,locked,created_at"];for(let row of userRows){let u=row;lines.push([csvCell(u.email),csvCell(u.isActive?"active":"inactive"),csvCell(u.isLocked?"yes":"no"),csvCell(u.createdAt)].join(","))}return ctx.set.headers["content-type"]="text/csv",ctx.set.headers["content-disposition"]=`attachment; filename="cohort-${ctx.params.id}-users.csv"`,lines.join(`
527
+ `},createPaymentRoutes=(config)=>{let{provider,basePath,defaultCurrency,defaultLocale,successRedirectUrl,failedRedirectUrl,errorRedirectUrl,savedMethodsEnabled,threeDSecureEnabled,subMerchantsEnabled,transactionsTable,methodsTable,webhookLogsTable,subMerchantsTable,commissionSplitsTable,productsTable,pricesTable,customersTable,subscriptionsTable,invoicesTable,db,logger:logger2}=config,txTable=transactionsTable,pmTable=methodsTable,whTable=webhookLogsTable,smTable=subMerchantsTable,csTable=commissionSplitsTable,prodTable=productsTable,priceTable=pricesTable,cusTable=customersTable,subTable=subscriptionsTable,invTable=invoicesTable,database=db,app=new Elysia41({prefix:basePath}),customerBelongsToCaller=async(request,customerId)=>{if(hasGodminRole(request))return!0;let uid=request.headers.get("x-user-id");if(!uid||!customerId)return!1;let[c]=await database.select().from(cusTable).where(eq52(cusTable.id,String(customerId)));return!!c&&String(c.user_id)===String(uid)},callerCustomerIds=async(uid)=>{return(await database.select().from(cusTable).where(eq52(cusTable.user_id,uid))).map((r2)=>String(r2.id))};if(app.post("/initialize",async(ctx)=>{if(!threeDSecureEnabled)return ctx.set.status=400,{success:!1,error:"3D Secure is not enabled"};let userId=ctx.request.headers.get("x-user-id"),body=ctx.body;try{let[transaction]=await database.insert(txTable).values({userId:userId??null,orderId:body.orderId??body.conversationId??null,provider:provider.name,amount:Number(body.paidPrice??body.price??0),currency:body.currency??defaultCurrency,status:"pending",statusCode:1000,statusMessage:"3DS initialization started",isThreeDSecure:!0,installment:body.installment??1,ipAddress:ctx.request.headers.get("x-forwarded-for")??ctx.request.headers.get("x-real-ip")??null,metadata:body.metadata??{}}).returning(),result=await provider.initialize3DS({locale:body.locale??defaultLocale,conversationId:transaction.id,price:body.price,paidPrice:body.paidPrice,currency:body.currency??defaultCurrency,installment:body.installment,paymentChannel:body.paymentChannel,basketId:body.basketId,paymentGroup:body.paymentGroup,paymentCard:body.paymentCard,buyer:body.buyer,shippingAddress:body.shippingAddress,billingAddress:body.billingAddress,basketItems:body.basketItems,callbackUrl:body.callbackUrl??config.callbackUrl??`${basePath}/callback`});if(!result.success)return await database.update(txTable).set({status:"failed",statusCode:1003,statusMessage:result.errorMessage??"Initialization failed",providerResponse:result.rawResponse??{},failedAt:new Date}).where(eq52(txTable.id,transaction.id)),ctx.set.status=400,{success:!1,error:result.errorMessage??"Payment initialization failed",errorCode:result.errorCode};return await database.update(txTable).set({status:"processing",statusCode:1001,statusMessage:"3DS initialized, awaiting bank verification",providerPaymentId:result.paymentId,providerResponse:result.rawResponse??{}}).where(eq52(txTable.id,transaction.id)),{success:!0,transactionId:transaction.id,threeDSHtmlContent:result.threeDSHtmlContent,paymentId:result.paymentId}}catch(error3){return logger2.error("[Payment] initialize3DS error",{error:error3 instanceof Error?error3.message:String(error3)}),ctx.set.status=500,{success:!1,error:"Internal payment error"}}}),app.post("/callback",async(ctx)=>{let requestOrigin=new URL(ctx.request.url).origin,htmlHeaders={"Content-Type":"text/html; charset=utf-8","Access-Control-Allow-Origin":requestOrigin,"Access-Control-Allow-Methods":"POST, OPTIONS"};try{let formData=await ctx.request.formData(),rawData={};formData.forEach((value2,key2)=>{rawData[key2]=String(value2)});let parsed=provider.parseCallback(rawData);if(await database.insert(whTable).values({provider:provider.name,eventType:"three_ds_callback",providerPaymentId:parsed.paymentId,rawPayload:rawData,processed:!1,idempotencyKey:`${provider.name}:${parsed.paymentId}:${parsed.mdStatus}`,ipAddress:ctx.request.headers.get("x-forwarded-for")??ctx.request.headers.get("x-real-ip")??null}).onConflictDoNothing(),!parsed.success){if(logger2.warn("[Payment] 3DS callback failed",{mdStatus:parsed.mdStatus,paymentId:parsed.paymentId}),parsed.conversationId)await database.update(txTable).set({status:"failed",statusCode:1003,statusMessage:`3DS verification failed: mdStatus=${parsed.mdStatus}`,failedAt:new Date}).where(eq52(txTable.id,parsed.conversationId)).catch(()=>{});return new Response(generateRedirectHtml(`${requestOrigin}${failedRedirectUrl}`,"Payment Failed"),{headers:htmlHeaders})}let completion=await provider.complete3DS({locale:defaultLocale,conversationId:parsed.conversationId,paymentId:parsed.paymentId});if(!completion.success){if(logger2.error("[Payment] 3DS completion failed",{paymentId:parsed.paymentId,errorCode:completion.errorCode,errorMessage:completion.errorMessage}),parsed.conversationId)await database.update(txTable).set({status:"failed",statusCode:1003,statusMessage:`3DS completion failed: ${completion.errorMessage}`,providerResponse:completion.rawResponse??{},failedAt:new Date}).where(eq52(txTable.id,parsed.conversationId)).catch(()=>{});return new Response(generateRedirectHtml(`${requestOrigin}${failedRedirectUrl}`,"Payment Failed"),{headers:htmlHeaders})}if(parsed.conversationId)await database.update(txTable).set({status:"completed",statusCode:1001,statusMessage:"Payment completed successfully",providerPaymentId:completion.paymentId??parsed.paymentId,providerTransactionId:completion.signature,amount:completion.paidPrice??0,currency:completion.currency??defaultCurrency,paymentMethod:completion.cardAssociation,cardLastFour:completion.lastFourDigits,cardType:completion.cardType,cardAssociation:completion.cardAssociation,installment:completion.installment??1,providerResponse:completion.rawResponse??{},completedAt:new Date}).where(and17(eq52(txTable.id,parsed.conversationId),eq52(txTable.status,"pending"))).catch(()=>{});await database.update(whTable).set({processed:!0,processingResult:{completion}}).where(eq52(whTable.idempotencyKey,`${provider.name}:${parsed.paymentId}:${parsed.mdStatus}`)).catch(()=>{}),logger2.info("[Payment] 3DS payment completed",{paymentId:completion.paymentId,amount:completion.paidPrice,currency:completion.currency});let queryParams=new URLSearchParams;if(parsed.conversationId)queryParams.append("transactionId",parsed.conversationId);if(completion.paymentId)queryParams.append("paymentId",completion.paymentId);if(completion.paidPrice)queryParams.append("amount",String(completion.paidPrice));let redirectUrl=`${requestOrigin}${successRedirectUrl}?${queryParams.toString()}`;return new Response(generateRedirectHtml(redirectUrl,"Payment Successful"),{headers:htmlHeaders})}catch(error3){return logger2.error("[Payment] callback error",{error:error3 instanceof Error?error3.message:String(error3)}),new Response(generateRedirectHtml(`${requestOrigin}${errorRedirectUrl}`,"Payment Error"),{headers:htmlHeaders})}}),app.get("/transactions",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{return{success:!0,data:{items:await database.select().from(txTable).where(eq52(txTable.userId,userId)).orderBy(txTable.createdAt)}}}catch(error3){return logger2.error("[Payment] list transactions error",{error:error3 instanceof Error?error3.message:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to list transactions"}}}),app.get("/transactions/:id",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let[transaction]=await database.select().from(txTable).where(and17(eq52(txTable.id,ctx.params.id),eq52(txTable.userId,userId))).limit(1);if(!transaction)return ctx.set.status=404,{success:!1,error:"Transaction not found"};return{success:!0,data:transaction}}catch{return ctx.set.status=500,{success:!1,error:"Failed to get transaction"}}}),app.post("/bin-query",async(ctx)=>{let body=ctx.body,binNumber=body.binNumber??body.cardNumber;if(!binNumber||typeof binNumber!=="string")return ctx.set.status=400,{success:!1,error:"binNumber is required"};try{let result=await provider.queryBin({locale:body.locale??defaultLocale,binNumber,price:body.price});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"BIN query failed",errorCode:result.errorCode};return{success:!0,data:result}}catch{return ctx.set.status=500,{success:!1,error:"BIN query failed"}}}),app.post("/payment-detail",async(ctx)=>{let body=ctx.body;if(!body.paymentId)return ctx.set.status=400,{success:!1,error:"paymentId is required"};try{let result=await provider.getPaymentDetail({locale:body.locale??defaultLocale,paymentId:body.paymentId,conversationId:body.conversationId,paymentConversationId:body.paymentConversationId});return{success:result.success,data:result}}catch{return ctx.set.status=500,{success:!1,error:"Payment detail query failed"}}}),app.post("/refund",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};let body=ctx.body;if(!body.paymentTransactionId||!body.price)return ctx.set.status=400,{success:!1,error:"paymentTransactionId and price are required"};let refundAmt=validateAmount(body.price,"price");if(!refundAmt.ok)return ctx.set.status=400,{success:!1,error:refundAmt.error};if(!hasGodminRole(ctx.request)){if(!body.transactionId)return ctx.set.status=400,{success:!1,error:"transactionId is required"};let[tx]=await database.select().from(txTable).where(eq52(txTable.id,body.transactionId)).limit(1);if(!tx)return ctx.set.status=404,{success:!1,error:"Transaction not found"};if(String(tx.userId)!==String(userId))return ctx.set.status=403,{success:!1,error:"You can only refund your own transactions"};let ownedProviderId=tx.providerTransactionId??tx.providerPaymentId;if(ownedProviderId&&String(body.paymentTransactionId)!==String(ownedProviderId))return ctx.set.status=403,{success:!1,error:"paymentTransactionId does not match this transaction"};let refundable=Number(tx.amount??0)-Number(tx.refundedAmount??0);if(!(Number(body.price)>0)||Number(body.price)>refundable)return ctx.set.status=400,{success:!1,error:`Refund amount exceeds the refundable balance (${refundable})`}}try{let result=await provider.refund({locale:body.locale??defaultLocale,conversationId:body.conversationId,paymentTransactionId:body.paymentTransactionId,price:String(body.price),currency:body.currency??defaultCurrency,ip:ctx.request.headers.get("x-forwarded-for")??ctx.request.headers.get("x-real-ip")??void 0});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Refund failed",errorCode:result.errorCode};if(body.transactionId){let price=Number(body.price);await database.update(txTable).set({status:sql10`CASE WHEN COALESCE(${txTable.refundedAmount}, 0) + ${price} >= ${txTable.amount} THEN 'refunded' ELSE 'partially_refunded' END`,refundedAmount:sql10`COALESCE(${txTable.refundedAmount}, 0) + ${price}`,refundedAt:new Date,statusMessage:"Payment refunded"}).where(eq52(txTable.id,body.transactionId)).catch(()=>{})}return logger2.info("[Payment] Refund processed",{paymentId:result.paymentId,price:result.price}),{success:!0,data:result}}catch{return ctx.set.status=500,{success:!1,error:"Refund failed"}}}),savedMethodsEnabled)app.post("/cards/save",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};let body=ctx.body;if(!body.email||!body.card)return ctx.set.status=400,{success:!1,error:"email and card are required"};try{let result=await provider.saveCard({locale:body.locale??defaultLocale,email:body.email,externalId:userId,card:body.card});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Failed to save card",errorCode:result.errorCode};let[saved]=await database.insert(pmTable).values({userId,provider:provider.name,type:"card",alias:result.cardAlias??body.card.cardAlias,cardLastFour:result.lastFourDigits,cardType:result.cardType,cardAssociation:result.cardAssociation,cardFamily:result.cardFamily,cardBankName:result.cardBankName,providerCardUserKey:result.cardUserKey,providerCardToken:result.cardToken,binNumber:result.binNumber}).returning();return logger2.info("[Payment] Card saved",{userId,cardAlias:result.cardAlias}),{success:!0,data:saved}}catch{return ctx.set.status=500,{success:!1,error:"Failed to save card"}}}),app.get("/cards",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{return{success:!0,data:{items:await database.select().from(pmTable).where(and17(eq52(pmTable.userId,userId),eq52(pmTable.isActive,!0))).orderBy(pmTable.createdAt)}}}catch{return ctx.set.status=500,{success:!1,error:"Failed to list cards"}}}),app.delete("/cards/:id",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let[card]=await database.select().from(pmTable).where(and17(eq52(pmTable.id,ctx.params.id),eq52(pmTable.userId,userId))).limit(1);if(!card)return ctx.set.status=404,{success:!1,error:"Card not found"};if(card.providerCardUserKey&&card.providerCardToken){let deleteResult=await provider.deleteCard({locale:defaultLocale,cardUserKey:card.providerCardUserKey,cardToken:card.providerCardToken});if(!deleteResult.success)logger2.warn("[Payment] Provider card delete failed (proceeding with local delete)",{errorCode:deleteResult.errorCode,errorMessage:deleteResult.errorMessage})}return await database.update(pmTable).set({isActive:!1}).where(eq52(pmTable.id,ctx.params.id)),logger2.info("[Payment] Card deleted",{userId,cardId:ctx.params.id}),{success:!0}}catch{return ctx.set.status=500,{success:!1,error:"Failed to delete card"}}}),app.post("/cards/sync",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};let body=ctx.body,cardUserKey=body.cardUserKey;if(!cardUserKey)return ctx.set.status=400,{success:!1,error:"cardUserKey is required"};try{let result=await provider.listCards({locale:body.locale??defaultLocale,cardUserKey});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Failed to list cards from provider"};return{success:!0,data:{cardUserKey:result.cardUserKey,cards:result.cards}}}catch{return ctx.set.status=500,{success:!1,error:"Failed to sync cards"}}});if(app.post("/products",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};let body=ctx.body;if(!body.name)return ctx.set.status=400,{success:!1,error:"name is required"};try{let providerResult=await provider.createProduct({name:body.name,description:body.description,type:body.type,images:body.images,unitLabel:body.unitLabel,url:body.url,metadata:body.metadata});if(!providerResult.success)return ctx.set.status=400,{success:!1,error:providerResult.errorMessage??"Failed to create product at provider",errorCode:providerResult.errorCode};let[saved]=await database.insert(prodTable).values({provider:provider.name,providerProductId:providerResult.providerProductId,name:body.name,description:body.description??null,type:body.type??"service",status:"active",images:body.images?JSON.stringify(body.images):"[]",unitLabel:body.unitLabel??null,url:body.url??null,metadata:body.metadata?JSON.stringify(body.metadata):"{}"}).returning();return logger2.info("[Payment] Product created",{id:saved.id,providerProductId:providerResult.providerProductId}),{success:!0,data:saved}}catch(error3){return logger2.error("[Payment] create product error",{error:error3 instanceof Error?error3.message:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to create product"}}}),app.put("/products/:id",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};let body=ctx.body;try{let[existing]=await database.select().from(prodTable).where(eq52(prodTable.id,ctx.params.id)).limit(1);if(!existing)return ctx.set.status=404,{success:!1,error:"Product not found"};if(existing.providerProductId){let providerResult=await provider.updateProduct({providerProductId:existing.providerProductId,name:body.name,description:body.description,images:body.images,unitLabel:body.unitLabel,url:body.url,active:body.status==="active"?!0:body.status==="archived"?!1:void 0,metadata:body.metadata});if(!providerResult.success)logger2.warn("[Payment] Provider product update failed",{errorCode:providerResult.errorCode})}let updateData={};if(body.name)updateData.name=body.name;if(body.description!==void 0)updateData.description=body.description;if(body.type)updateData.type=body.type;if(body.status)updateData.status=body.status;if(body.images)updateData.images=JSON.stringify(body.images);if(body.unitLabel!==void 0)updateData.unitLabel=body.unitLabel;if(body.url!==void 0)updateData.url=body.url;if(body.metadata)updateData.metadata=JSON.stringify(body.metadata);let[updated]=await database.update(prodTable).set(updateData).where(eq52(prodTable.id,ctx.params.id)).returning();return{success:!0,data:updated}}catch{return ctx.set.status=500,{success:!1,error:"Failed to update product"}}}),app.get("/products",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let status=new URL(ctx.request.url).searchParams.get("status"),query=database.select().from(prodTable).where(eq52(prodTable.isActive,!0));if(status)query=database.select().from(prodTable).where(and17(eq52(prodTable.isActive,!0),eq52(prodTable.status,status)));return{success:!0,data:{items:await query.orderBy(prodTable.createdAt)}}}catch{return ctx.set.status=500,{success:!1,error:"Failed to list products"}}}),app.get("/products/:id",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let[item]=await database.select().from(prodTable).where(eq52(prodTable.id,ctx.params.id)).limit(1);if(!item)return ctx.set.status=404,{success:!1,error:"Product not found"};let prices=await database.select().from(priceTable).where(and17(eq52(priceTable.productId,ctx.params.id),eq52(priceTable.isActive,!0))).orderBy(priceTable.createdAt);return{success:!0,data:{...item,prices}}}catch{return ctx.set.status=500,{success:!1,error:"Failed to get product"}}}),app.delete("/products/:id",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};try{let[existing]=await database.select().from(prodTable).where(eq52(prodTable.id,ctx.params.id)).limit(1);if(!existing)return ctx.set.status=404,{success:!1,error:"Product not found"};if(existing.providerProductId)await provider.archiveProduct({providerProductId:existing.providerProductId});let[updated]=await database.update(prodTable).set({status:"archived"}).where(eq52(prodTable.id,ctx.params.id)).returning();return{success:!0,data:updated}}catch{return ctx.set.status=500,{success:!1,error:"Failed to archive product"}}}),app.post("/prices",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};let body=ctx.body;if(!body.productId||body.unitAmount===void 0||!body.currency)return ctx.set.status=400,{success:!1,error:"productId, unitAmount, and currency are required"};try{let[product]=await database.select().from(prodTable).where(eq52(prodTable.id,body.productId)).limit(1);if(!product)return ctx.set.status=404,{success:!1,error:"Product not found"};let providerResult=await provider.createPrice({providerProductId:product.providerProductId,currency:body.currency,unitAmount:body.unitAmount,type:body.type,billingScheme:body.billingScheme,nickname:body.nickname,recurring:body.recurring,transformQuantity:body.transformQuantity,unitAmountDecimal:body.unitAmountDecimal,metadata:body.metadata});if(!providerResult.success)return ctx.set.status=400,{success:!1,error:providerResult.errorMessage??"Failed to create price at provider",errorCode:providerResult.errorCode};let[saved]=await database.insert(priceTable).values({productId:body.productId,provider:provider.name,providerPriceId:providerResult.providerPriceId,currency:body.currency,unitAmount:body.unitAmount,unitAmountDecimal:body.unitAmountDecimal??null,type:body.type??"one_time",billingScheme:body.billingScheme??"per_unit",nickname:body.nickname??null,recurringInterval:body.recurring?.interval??null,recurringIntervalCount:body.recurring?.intervalCount??1,recurringUsageType:body.recurring?.usageType??"licensed",recurringAggregateUsage:body.recurring?.aggregateUsage??null,transformQuantityDivideBy:body.transformQuantity?.divideBy??null,transformQuantityRound:body.transformQuantity?.round??null,status:"active",metadata:body.metadata?JSON.stringify(body.metadata):"{}"}).returning();return logger2.info("[Payment] Price created",{id:saved.id,providerPriceId:providerResult.providerPriceId}),{success:!0,data:saved}}catch(error3){return logger2.error("[Payment] create price error",{error:error3 instanceof Error?error3.message:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to create price"}}}),app.put("/prices/:id",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};let body=ctx.body;try{let[existing]=await database.select().from(priceTable).where(eq52(priceTable.id,ctx.params.id)).limit(1);if(!existing)return ctx.set.status=404,{success:!1,error:"Price not found"};if(existing.providerPriceId){let providerResult=await provider.updatePrice({providerPriceId:existing.providerPriceId,nickname:body.nickname,active:body.status==="active"?!0:body.status==="archived"?!1:void 0,metadata:body.metadata});if(!providerResult.success)logger2.warn("[Payment] Provider price update failed",{errorCode:providerResult.errorCode})}let updateData={};if(body.nickname!==void 0)updateData.nickname=body.nickname;if(body.status)updateData.status=body.status;if(body.metadata)updateData.metadata=JSON.stringify(body.metadata);let[updated]=await database.update(priceTable).set(updateData).where(eq52(priceTable.id,ctx.params.id)).returning();return{success:!0,data:updated}}catch{return ctx.set.status=500,{success:!1,error:"Failed to update price"}}}),app.get("/prices",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let url=new URL(ctx.request.url),productId=url.searchParams.get("productId"),status=url.searchParams.get("status"),query=database.select().from(priceTable).where(eq52(priceTable.isActive,!0));if(productId&&status)query=database.select().from(priceTable).where(and17(eq52(priceTable.productId,productId),eq52(priceTable.status,status),eq52(priceTable.isActive,!0)));else if(productId)query=database.select().from(priceTable).where(and17(eq52(priceTable.productId,productId),eq52(priceTable.isActive,!0)));else if(status)query=database.select().from(priceTable).where(and17(eq52(priceTable.status,status),eq52(priceTable.isActive,!0)));return{success:!0,data:{items:await query.orderBy(priceTable.createdAt)}}}catch{return ctx.set.status=500,{success:!1,error:"Failed to list prices"}}}),app.get("/prices/:id",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let[item]=await database.select().from(priceTable).where(eq52(priceTable.id,ctx.params.id)).limit(1);if(!item)return ctx.set.status=404,{success:!1,error:"Price not found"};return{success:!0,data:item}}catch{return ctx.set.status=500,{success:!1,error:"Failed to get price"}}}),app.delete("/prices/:id",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};try{let[existing]=await database.select().from(priceTable).where(eq52(priceTable.id,ctx.params.id)).limit(1);if(!existing)return ctx.set.status=404,{success:!1,error:"Price not found"};if(existing.providerPriceId)await provider.archivePrice({providerPriceId:existing.providerPriceId});let[updated]=await database.update(priceTable).set({status:"archived"}).where(eq52(priceTable.id,ctx.params.id)).returning();return{success:!0,data:updated}}catch{return ctx.set.status=500,{success:!1,error:"Failed to archive price"}}}),app.post("/customers",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let body=ctx.body,result=await provider.createCustomer({email:body.email,name:body.name,phone:body.phone,description:body.description,metadata:body.metadata,address:body.address?{line1:body.address?.line1,line2:body.address?.line2,city:body.address?.city,state:body.address?.state,postalCode:body.address?.postalCode,country:body.address?.country}:void 0,taxId:body.taxId});if(!result.success)return ctx.set.status=400,result;let[row]=await database.insert(cusTable).values({user_id:userId,provider:provider.name,provider_customer_id:result.providerCustomerId,email:body.email,name:body.name??null,phone:body.phone??null,description:body.description??null,address:body.address??{},tax_id_type:body.taxId?.type??null,tax_id_value:body.taxId?.value??null,metadata:body.metadata??{}}).returning();return{success:!0,customer:row,providerCustomerId:result.providerCustomerId}}catch(error3){return logger2.error("[Payment] Create customer error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to create customer"}}}),app.put("/customers/:id",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,body=ctx.body,[existing]=await database.select().from(cusTable).where(eq52(cusTable.id,id));if(!existing)return ctx.set.status=404,{success:!1,error:"Customer not found"};if(String(existing.user_id)!==String(userId)&&!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden"};let result=await provider.updateCustomer({providerCustomerId:existing.provider_customer_id,email:body.email,name:body.name,phone:body.phone,description:body.description,metadata:body.metadata,address:body.address?{line1:body.address?.line1,line2:body.address?.line2,city:body.address?.city,state:body.address?.state,postalCode:body.address?.postalCode,country:body.address?.country}:void 0});if(!result.success)return ctx.set.status=400,result;let updates={};if(body.email)updates.email=body.email;if(body.name!==void 0)updates.name=body.name;if(body.phone!==void 0)updates.phone=body.phone;if(body.description!==void 0)updates.description=body.description;if(body.address)updates.address=body.address;if(body.metadata)updates.metadata=body.metadata;let[updated]=await database.update(cusTable).set(updates).where(eq52(cusTable.id,id)).returning();return{success:!0,customer:updated}}catch(error3){return logger2.error("[Payment] Update customer error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to update customer"}}}),app.get("/customers",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{return{success:!0,customers:await database.select().from(cusTable).where(eq52(cusTable.user_id,userId))}}catch(error3){return logger2.error("[Payment] List customers error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to list customers"}}}),app.get("/customers/:id",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,[customer]=await database.select().from(cusTable).where(eq52(cusTable.id,id));if(!customer)return ctx.set.status=404,{success:!1,error:"Customer not found"};if(String(customer.user_id)!==String(userId)&&!hasGodminRole(ctx.request))return ctx.set.status=404,{success:!1,error:"Customer not found"};return{success:!0,customer}}catch(error3){return logger2.error("[Payment] Get customer error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to get customer"}}}),app.delete("/customers/:id",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,[existing]=await database.select().from(cusTable).where(eq52(cusTable.id,id));if(!existing)return ctx.set.status=404,{success:!1,error:"Customer not found"};if(String(existing.user_id)!==String(userId)&&!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden"};return await provider.deleteCustomer({providerCustomerId:existing.provider_customer_id}),await database.delete(cusTable).where(eq52(cusTable.id,id)),{success:!0}}catch(error3){return logger2.error("[Payment] Delete customer error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to delete customer"}}}),app.post("/subscriptions",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let body=ctx.body,customerId=body.customerId,[customer]=await database.select().from(cusTable).where(eq52(cusTable.id,customerId));if(!customer)return ctx.set.status=404,{success:!1,error:"Customer not found"};if(String(customer.user_id)!==String(userId)&&!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden"};let items=body.items,result=await provider.createSubscription({providerCustomerId:customer.provider_customer_id,items,trialPeriodDays:body.trialPeriodDays,collectionMethod:body.collectionMethod,daysUntilDue:body.daysUntilDue,cancelAtPeriodEnd:body.cancelAtPeriodEnd,metadata:body.metadata,defaultPaymentMethod:body.defaultPaymentMethod});if(!result.success)return ctx.set.status=400,result;let[row]=await database.insert(subTable).values({customer_id:customerId,provider:provider.name,provider_subscription_id:result.providerSubscriptionId,status:result.status??"incomplete",collection_method:body.collectionMethod??"charge_automatically",current_period_start:result.currentPeriodStart?new Date(result.currentPeriodStart):null,current_period_end:result.currentPeriodEnd?new Date(result.currentPeriodEnd):null,cancel_at_period_end:body.cancelAtPeriodEnd??!1,items,metadata:body.metadata??{}}).returning();return{success:!0,subscription:row,clientSecret:result.clientSecret}}catch(error3){return logger2.error("[Payment] Create subscription error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to create subscription"}}}),app.put("/subscriptions/:id",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,body=ctx.body,[existing]=await database.select().from(subTable).where(eq52(subTable.id,id));if(!existing)return ctx.set.status=404,{success:!1,error:"Subscription not found"};if(!await customerBelongsToCaller(ctx.request,existing.customer_id))return ctx.set.status=403,{success:!1,error:"Forbidden"};let result=await provider.updateSubscription({providerSubscriptionId:existing.provider_subscription_id,items:body.items,cancelAtPeriodEnd:body.cancelAtPeriodEnd,metadata:body.metadata,collectionMethod:body.collectionMethod,daysUntilDue:body.daysUntilDue,defaultPaymentMethod:body.defaultPaymentMethod,prorationBehavior:body.prorationBehavior});if(!result.success)return ctx.set.status=400,result;let updates={};if(result.status)updates.status=result.status;if(body.cancelAtPeriodEnd!==void 0)updates.cancel_at_period_end=body.cancelAtPeriodEnd;if(body.items)updates.items=body.items;if(body.metadata)updates.metadata=body.metadata;if(body.collectionMethod)updates.collection_method=body.collectionMethod;let[updated]=await database.update(subTable).set(updates).where(eq52(subTable.id,id)).returning();return{success:!0,subscription:updated}}catch(error3){return logger2.error("[Payment] Update subscription error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to update subscription"}}}),app.post("/subscriptions/:id/cancel",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,body=ctx.body??{},[existing]=await database.select().from(subTable).where(eq52(subTable.id,id));if(!existing)return ctx.set.status=404,{success:!1,error:"Subscription not found"};if(!await customerBelongsToCaller(ctx.request,existing.customer_id))return ctx.set.status=403,{success:!1,error:"Forbidden"};let result=await provider.cancelSubscription({providerSubscriptionId:existing.provider_subscription_id,cancelAtPeriodEnd:body.cancelAtPeriodEnd,invoiceNow:body.invoiceNow,prorate:body.prorate});if(!result.success)return ctx.set.status=400,result;let updates={status:result.status??"canceled",canceled_at:new Date};if(body.cancelAtPeriodEnd)updates.cancel_at_period_end=!0;let[updated]=await database.update(subTable).set(updates).where(eq52(subTable.id,id)).returning();return{success:!0,subscription:updated}}catch(error3){return logger2.error("[Payment] Cancel subscription error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to cancel subscription"}}}),app.get("/subscriptions",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let query=ctx.query,conditions=[];if(query.customerId)conditions.push(eq52(subTable.customer_id,query.customerId));if(query.status)conditions.push(eq52(subTable.status,query.status));if(!hasGodminRole(ctx.request)){let ids=await callerCustomerIds(userId);if(ids.length===0)return{success:!0,subscriptions:[]};conditions.push(inArray12(subTable.customer_id,ids))}return{success:!0,subscriptions:conditions.length>0?await database.select().from(subTable).where(and17(...conditions)):await database.select().from(subTable)}}catch(error3){return logger2.error("[Payment] List subscriptions error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to list subscriptions"}}}),app.get("/subscriptions/:id",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,[subscription]=await database.select().from(subTable).where(eq52(subTable.id,id));if(!subscription)return ctx.set.status=404,{success:!1,error:"Subscription not found"};if(!await customerBelongsToCaller(ctx.request,subscription.customer_id))return ctx.set.status=403,{success:!1,error:"Forbidden"};return{success:!0,subscription}}catch(error3){return logger2.error("[Payment] Get subscription error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to get subscription"}}}),app.post("/usage-records",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let body=ctx.body,result=await provider.reportUsage({subscriptionItemId:body.subscriptionItemId,quantity:body.quantity,timestamp:body.timestamp,action:body.action});if(!result.success)return ctx.set.status=400,result;return{success:!0,usageRecord:result}}catch(error3){return logger2.error("[Payment] Report usage error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to report usage"}}}),app.get("/usage-records/:subscriptionItemId/summaries",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{subscriptionItemId}=ctx.params,query=ctx.query,result=await provider.listUsageRecordSummaries({subscriptionItemId,limit:query.limit?parseInt(query.limit,10):void 0,startingAfter:query.startingAfter});if(!result.success)return ctx.set.status=400,result;return{success:!0,summaries:result.summaries,hasMore:result.hasMore}}catch(error3){return logger2.error("[Payment] List usage summaries error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to list usage summaries"}}}),app.post("/invoices",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let body=ctx.body,customerId=body.customerId,[customer]=await database.select().from(cusTable).where(eq52(cusTable.id,customerId));if(!customer)return ctx.set.status=404,{success:!1,error:"Customer not found"};if(String(customer.user_id)!==String(userId)&&!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden"};let result=await provider.createInvoice({providerCustomerId:customer.provider_customer_id,collectionMethod:body.collectionMethod,daysUntilDue:body.daysUntilDue,description:body.description,metadata:body.metadata,autoAdvance:body.autoAdvance,items:body.items});if(!result.success)return ctx.set.status=400,result;let[row]=await database.insert(invTable).values({customer_id:customerId,subscription_id:body.subscriptionId??null,provider:provider.name,provider_invoice_id:result.providerInvoiceId,status:result.status??"draft",collection_method:body.collectionMethod??"charge_automatically",currency:body.currency??defaultCurrency,description:body.description??null,hosted_invoice_url:result.hostedInvoiceUrl??null,invoice_pdf:result.invoicePdf??null,days_until_due:body.daysUntilDue??null,lines:body.items??[],metadata:body.metadata??{}}).returning();return{success:!0,invoice:row,providerInvoiceId:result.providerInvoiceId}}catch(error3){return logger2.error("[Payment] Create invoice error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to create invoice"}}}),app.post("/invoices/:id/finalize",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,body=ctx.body??{},[existing]=await database.select().from(invTable).where(eq52(invTable.id,id));if(!existing)return ctx.set.status=404,{success:!1,error:"Invoice not found"};if(!await customerBelongsToCaller(ctx.request,existing.customer_id))return ctx.set.status=403,{success:!1,error:"Forbidden"};let result=await provider.finalizeInvoice({providerInvoiceId:existing.provider_invoice_id,autoAdvance:body.autoAdvance});if(!result.success)return ctx.set.status=400,result;let[updated]=await database.update(invTable).set({status:result.status??"open",hosted_invoice_url:result.hostedInvoiceUrl??existing.hosted_invoice_url,invoice_pdf:result.invoicePdf??existing.invoice_pdf}).where(eq52(invTable.id,id)).returning();return{success:!0,invoice:updated}}catch(error3){return logger2.error("[Payment] Finalize invoice error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to finalize invoice"}}}),app.post("/invoices/:id/send",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,[existing]=await database.select().from(invTable).where(eq52(invTable.id,id));if(!existing)return ctx.set.status=404,{success:!1,error:"Invoice not found"};if(!await customerBelongsToCaller(ctx.request,existing.customer_id))return ctx.set.status=403,{success:!1,error:"Forbidden"};let result=await provider.sendInvoice({providerInvoiceId:existing.provider_invoice_id});if(!result.success)return ctx.set.status=400,result;return{success:!0}}catch(error3){return logger2.error("[Payment] Send invoice error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to send invoice"}}}),app.post("/invoices/:id/void",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,[existing]=await database.select().from(invTable).where(eq52(invTable.id,id));if(!existing)return ctx.set.status=404,{success:!1,error:"Invoice not found"};if(!await customerBelongsToCaller(ctx.request,existing.customer_id))return ctx.set.status=403,{success:!1,error:"Forbidden"};let result=await provider.voidInvoice({providerInvoiceId:existing.provider_invoice_id});if(!result.success)return ctx.set.status=400,result;let[updated]=await database.update(invTable).set({status:"void",voided_at:new Date}).where(eq52(invTable.id,id)).returning();return{success:!0,invoice:updated}}catch(error3){return logger2.error("[Payment] Void invoice error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to void invoice"}}}),app.post("/invoices/:id/pay",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,body=ctx.body??{},[existing]=await database.select().from(invTable).where(eq52(invTable.id,id));if(!existing)return ctx.set.status=404,{success:!1,error:"Invoice not found"};if(!await customerBelongsToCaller(ctx.request,existing.customer_id))return ctx.set.status=403,{success:!1,error:"Forbidden"};let result=await provider.payInvoice({providerInvoiceId:existing.provider_invoice_id,paymentMethod:body.paymentMethod});if(!result.success)return ctx.set.status=400,result;let[updated]=await database.update(invTable).set({status:result.status??"paid",amount_paid:result.amountPaid??existing.amount_paid,amount_due:result.amountDue??existing.amount_due,paid_at:new Date}).where(eq52(invTable.id,id)).returning();return{success:!0,invoice:updated}}catch(error3){return logger2.error("[Payment] Pay invoice error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to pay invoice"}}}),app.get("/invoices",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let query=ctx.query,conditions=[];if(query.customerId)conditions.push(eq52(invTable.customer_id,query.customerId));if(query.subscriptionId)conditions.push(eq52(invTable.subscription_id,query.subscriptionId));if(query.status)conditions.push(eq52(invTable.status,query.status));if(!hasGodminRole(ctx.request)){let ids=await callerCustomerIds(userId);if(ids.length===0)return{success:!0,invoices:[]};conditions.push(inArray12(invTable.customer_id,ids))}return{success:!0,invoices:conditions.length>0?await database.select().from(invTable).where(and17(...conditions)):await database.select().from(invTable)}}catch(error3){return logger2.error("[Payment] List invoices error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to list invoices"}}}),app.get("/invoices/:id",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let{id}=ctx.params,[invoice]=await database.select().from(invTable).where(eq52(invTable.id,id));if(!invoice)return ctx.set.status=404,{success:!1,error:"Invoice not found"};if(!await customerBelongsToCaller(ctx.request,invoice.customer_id))return ctx.set.status=403,{success:!1,error:"Forbidden"};return{success:!0,invoice}}catch(error3){return logger2.error("[Payment] Get invoice error",{error:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to get invoice"}}}),subMerchantsEnabled)app.post("/sub-merchants",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};let body=ctx.body;if(!body.name||!body.email||!body.subMerchantType)return ctx.set.status=400,{success:!1,error:"name, email, and subMerchantType are required"};try{let externalId=body.externalId??`sm-${Date.now().toString(36)}`,result=await provider.registerSubMerchant({locale:body.locale??defaultLocale,subMerchantExternalId:externalId,subMerchantType:body.subMerchantType,name:body.name,email:body.email,gsmNumber:body.gsmNumber,address:body.address,iban:body.iban,contactName:body.contactName,contactSurname:body.contactSurname,identityNumber:body.identityNumber,taxOffice:body.taxOffice,taxNumber:body.taxNumber,legalCompanyTitle:body.legalCompanyTitle,currency:body.currency??defaultCurrency});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Failed to register sub-merchant",errorCode:result.errorCode};let[saved]=await database.insert(smTable).values({userId:hasGodminRole(ctx.request)?body.userId??userId:userId,provider:provider.name,providerSubMerchantKey:result.subMerchantKey,externalId,type:body.subMerchantType,status:"active",name:body.name,email:body.email,gsmNumber:body.gsmNumber??null,address:body.address??null,iban:body.iban??null,contactName:body.contactName??null,contactSurname:body.contactSurname??null,identityNumber:body.identityNumber??null,taxOffice:body.taxOffice??null,taxNumber:body.taxNumber??null,legalCompanyTitle:body.legalCompanyTitle??null,currency:body.currency??defaultCurrency,commissionRate:hasGodminRole(ctx.request)?body.commissionRate??0:0}).returning();return logger2.info("[Payment] Sub-merchant registered",{externalId,providerKey:result.subMerchantKey}),{success:!0,data:saved}}catch(error3){return logger2.error("[Payment] register sub-merchant error",{error:error3 instanceof Error?error3.message:String(error3)}),ctx.set.status=500,{success:!1,error:"Failed to register sub-merchant"}}}),app.put("/sub-merchants/:id",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};let body=ctx.body;try{let[existing]=await database.select().from(smTable).where(eq52(smTable.id,ctx.params.id)).limit(1);if(!existing)return ctx.set.status=404,{success:!1,error:"Sub-merchant not found"};let smIsGodmin=hasGodminRole(ctx.request);if(String(existing.userId)!==String(userId)&&!smIsGodmin)return ctx.set.status=403,{success:!1,error:"Forbidden"};if(existing.providerSubMerchantKey){let providerResult=await provider.updateSubMerchant({locale:body.locale??defaultLocale,subMerchantKey:existing.providerSubMerchantKey,name:body.name,email:body.email,gsmNumber:body.gsmNumber,address:body.address,iban:body.iban,contactName:body.contactName,contactSurname:body.contactSurname,identityNumber:body.identityNumber,taxOffice:body.taxOffice,taxNumber:body.taxNumber,legalCompanyTitle:body.legalCompanyTitle,currency:body.currency});if(!providerResult.success)logger2.warn("[Payment] Provider sub-merchant update failed",{errorCode:providerResult.errorCode})}let updateData={};if(body.name)updateData.name=body.name;if(body.email)updateData.email=body.email;if(body.gsmNumber!==void 0)updateData.gsmNumber=body.gsmNumber;if(body.address!==void 0)updateData.address=body.address;if(body.iban!==void 0)updateData.iban=body.iban;if(body.contactName!==void 0)updateData.contactName=body.contactName;if(body.contactSurname!==void 0)updateData.contactSurname=body.contactSurname;if(body.identityNumber!==void 0)updateData.identityNumber=body.identityNumber;if(body.taxOffice!==void 0)updateData.taxOffice=body.taxOffice;if(body.taxNumber!==void 0)updateData.taxNumber=body.taxNumber;if(body.legalCompanyTitle!==void 0)updateData.legalCompanyTitle=body.legalCompanyTitle;if(body.currency!==void 0)updateData.currency=body.currency;if(body.commissionRate!==void 0&&smIsGodmin)updateData.commissionRate=body.commissionRate;if(body.status!==void 0&&smIsGodmin)updateData.status=body.status;let[updated]=await database.update(smTable).set(updateData).where(eq52(smTable.id,ctx.params.id)).returning();return{success:!0,data:updated}}catch{return ctx.set.status=500,{success:!1,error:"Failed to update sub-merchant"}}}),app.get("/sub-merchants",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let smListGodmin=hasGodminRole(ctx.request);return{success:!0,data:{items:await database.select().from(smTable).where(smListGodmin?eq52(smTable.isActive,!0):and17(eq52(smTable.isActive,!0),eq52(smTable.userId,userId))).orderBy(smTable.createdAt)}}}catch{return ctx.set.status=500,{success:!1,error:"Failed to list sub-merchants"}}}),app.get("/sub-merchants/:id",async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId)return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let[item]=await database.select().from(smTable).where(eq52(smTable.id,ctx.params.id)).limit(1);if(!item)return ctx.set.status=404,{success:!1,error:"Sub-merchant not found"};if(String(item.userId)!==String(userId)&&!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden"};return{success:!0,data:item}}catch{return ctx.set.status=500,{success:!1,error:"Failed to get sub-merchant"}}}),app.post("/splits/:splitId/approve",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};try{let[split]=await database.select().from(csTable).where(eq52(csTable.id,ctx.params.splitId)).limit(1);if(!split)return ctx.set.status=404,{success:!1,error:"Split not found"};if(split.status!=="pending")return ctx.set.status=400,{success:!1,error:`Split already ${split.status}`};if(split.providerSplitId){let result=await provider.approveSplit({locale:defaultLocale,paymentTransactionId:split.providerSplitId});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Provider approval failed",errorCode:result.errorCode}}let[updated]=await database.update(csTable).set({status:"approved",approvedAt:new Date}).where(eq52(csTable.id,ctx.params.splitId)).returning();return logger2.info("[Payment] Split approved",{splitId:ctx.params.splitId}),{success:!0,data:updated}}catch{return ctx.set.status=500,{success:!1,error:"Failed to approve split"}}}),app.post("/splits/:splitId/disapprove",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};try{let[split]=await database.select().from(csTable).where(eq52(csTable.id,ctx.params.splitId)).limit(1);if(!split)return ctx.set.status=404,{success:!1,error:"Split not found"};if(split.status!=="pending")return ctx.set.status=400,{success:!1,error:`Split already ${split.status}`};if(split.providerSplitId){let result=await provider.disapproveSplit({locale:defaultLocale,paymentTransactionId:split.providerSplitId});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Provider disapproval failed",errorCode:result.errorCode}}let[updated]=await database.update(csTable).set({status:"disapproved",disapprovedAt:new Date}).where(eq52(csTable.id,ctx.params.splitId)).returning();return logger2.info("[Payment] Split disapproved",{splitId:ctx.params.splitId}),{success:!0,data:updated}}catch{return ctx.set.status=500,{success:!1,error:"Failed to disapprove split"}}}),app.get("/splits",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};try{let url=new URL(ctx.request.url),transactionId=url.searchParams.get("transactionId"),subMerchantId=url.searchParams.get("subMerchantId"),query=database.select().from(csTable);if(transactionId&&subMerchantId)query=query.where(and17(eq52(csTable.transactionId,transactionId),eq52(csTable.subMerchantId,subMerchantId)));else if(transactionId)query=query.where(eq52(csTable.transactionId,transactionId));else if(subMerchantId)query=query.where(eq52(csTable.subMerchantId,subMerchantId));return{success:!0,data:{items:await query.orderBy(csTable.createdAt)}}}catch{return ctx.set.status=500,{success:!1,error:"Failed to list splits"}}});return app.get("/balance",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let result=await provider.getBalance();if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Failed to get balance"};return{success:!0,data:{available:result.available,pending:result.pending,connectReserved:result.connectReserved}}}catch{return ctx.set.status=500,{success:!1,error:"Failed to get balance"}}}),app.post("/payouts",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};try{let body=ctx.body,payoutAmt=validateAmount(body.amount,"amount");if(!payoutAmt.ok)return ctx.set.status=400,{success:!1,error:payoutAmt.error};if(!isValidCurrency(body.currency))return ctx.set.status=400,{success:!1,error:"currency must be a 3-letter code"};let result=await provider.createPayout({amount:payoutAmt.value,currency:body.currency??defaultCurrency,destination:body.destination,description:body.description,metadata:body.metadata,method:body.method,sourceType:body.sourceType,statementDescriptor:body.statementDescriptor});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Failed to create payout"};return{success:!0,data:result}}catch{return ctx.set.status=500,{success:!1,error:"Failed to create payout"}}}),app.get("/payouts",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let url=new URL(ctx.request.url),result=await provider.listPayouts({status:url.searchParams.get("status")??void 0,destination:url.searchParams.get("destination")??void 0,limit:url.searchParams.get("limit")?Number(url.searchParams.get("limit")):void 0,startingAfter:url.searchParams.get("startingAfter")??void 0});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Failed to list payouts"};return{success:!0,data:{payouts:result.payouts,hasMore:result.hasMore}}}catch{return ctx.set.status=500,{success:!1,error:"Failed to list payouts"}}}),app.get("/payouts/:id",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let result=await provider.getPayout({providerPayoutId:ctx.params.id});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Failed to get payout"};return{success:!0,data:result}}catch{return ctx.set.status=500,{success:!1,error:"Failed to get payout"}}}),app.post("/payouts/:id/cancel",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};try{let result=await provider.cancelPayout({providerPayoutId:ctx.params.id});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Failed to cancel payout"};return{success:!0,data:result}}catch{return ctx.set.status=500,{success:!1,error:"Failed to cancel payout"}}}),app.post("/transfers",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};if(!hasGodminRole(ctx.request))return ctx.set.status=403,{success:!1,error:"Forbidden: operator privileges required"};try{let body=ctx.body,transferAmt=validateAmount(body.amount,"amount");if(!transferAmt.ok)return ctx.set.status=400,{success:!1,error:transferAmt.error};if(!isValidCurrency(body.currency))return ctx.set.status=400,{success:!1,error:"currency must be a 3-letter code"};let result=await provider.createTransfer({amount:transferAmt.value,currency:body.currency??defaultCurrency,destination:body.destination,description:body.description,metadata:body.metadata,sourceTransaction:body.sourceTransaction,transferGroup:body.transferGroup});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Failed to create transfer"};return{success:!0,data:result}}catch{return ctx.set.status=500,{success:!1,error:"Failed to create transfer"}}}),app.get("/transfers",async(ctx)=>{if(!ctx.request.headers.get("x-user-id"))return ctx.set.status=401,{success:!1,error:"Unauthorized"};try{let url=new URL(ctx.request.url),result=await provider.listTransfers({destination:url.searchParams.get("destination")??void 0,transferGroup:url.searchParams.get("transferGroup")??void 0,limit:url.searchParams.get("limit")?Number(url.searchParams.get("limit")):void 0,startingAfter:url.searchParams.get("startingAfter")??void 0});if(!result.success)return ctx.set.status=400,{success:!1,error:result.errorMessage??"Failed to list transfers"};return{success:!0,data:{transfers:result.transfers,hasMore:result.hasMore}}}catch{return ctx.set.status=500,{success:!1,error:"Failed to list transfers"}}}),app.options("/callback",()=>{return new Response(null,{headers:{"Access-Control-Allow-Origin":"*","Access-Control-Allow-Methods":"GET,POST,OPTIONS","Access-Control-Allow-Headers":"Content-Type"}})}),registerStripeWebhookRoute(app,{provider,webhookSecret:config.webhookSecret,db:database,webhookLogsTable:whTable,transactionsTable:txTable,getPayoutService:config.getPayoutService,logger:logger2}),app};var init_payment=__esm(()=>{init_adminGuard();init_webhook()});var requireUser=(ctx)=>ctx.request.headers.get("x-user-id"),isAdmin=(ctx)=>decodeHeaderList(ctx.request.headers.get("x-user-roles")).some((r2)=>isGodminRole(r2)),canReadOwnerLedger=(ctx,ownerType,ownerId)=>{if(isAdmin(ctx))return!0;let userId=ctx.request.headers.get("x-user-id");return!!userId&&ownerType==="user"&&!!ownerId&&ownerId===userId},failResponse=(ctx,status,message)=>{return ctx.set.status=status,{success:!1,message,data:null}};var init_types22=__esm(()=>{init_Authorization()});import{Elysia as Elysia42,t as t34}from"elysia";function createPayoutRoutes(config){let base=`${config.basePath}/marketplace`,app=new Elysia42;return app.post(`${base}/payout-requests`,async(ctx)=>{let svc=config.getPayoutService();if(!svc)return failResponse(ctx,503,"Marketplace not available");let userId=requireUser(ctx);if(!userId)return failResponse(ctx,401,"Authentication required");let body=ctx.body;if(!canReadOwnerLedger(ctx,body.recipientOwnerType,body.recipientOwnerId))return failResponse(ctx,403,"Forbidden: cannot request a payout for another owner's balance");try{return{success:!0,message:"Payout requested",data:await svc.requestPayout({...body,requestedBy:userId})}}catch(err){return failResponse(ctx,400,err instanceof Error?err.message:"Failed")}},{body:t34.Object({recipientOwnerId:t34.String(),recipientOwnerType:t34.Optional(t34.String()),amount:t34.Number(),currency:t34.Optional(t34.String()),destination:t34.Optional(t34.String()),requestedBy:t34.Optional(t34.String())}),detail:{tags:["Payments Marketplace"],summary:"Request a payout"}}),app.get(`${base}/payout-requests`,async(ctx)=>{let svc=config.getPayoutService();if(!svc)return failResponse(ctx,503,"Marketplace not available");let userId=requireUser(ctx);if(!userId)return failResponse(ctx,401,"Authentication required");let url=new URL(ctx.request.url),requestedOwnerId=url.searchParams.get("recipientOwnerId")??void 0,recipientOwnerId=isAdmin(ctx)?requestedOwnerId:userId,items=await svc.listPayoutRequests({recipientOwnerId,status:url.searchParams.get("status")??void 0});return{success:!0,message:`Found ${items.length} payout requests`,data:{items}}}),app.get(`${base}/payout-requests/:id`,async(ctx)=>{let svc=config.getPayoutService();if(!svc)return failResponse(ctx,503,"Marketplace not available");if(!requireUser(ctx))return failResponse(ctx,401,"Authentication required");let record3=await svc.getPayoutRequest(ctx.params.id);if(!record3)return failResponse(ctx,404,"Payout request not found");let r2=record3;if(!canReadOwnerLedger(ctx,r2.recipientOwnerType,r2.recipientOwnerId))return failResponse(ctx,404,"Payout request not found");return{success:!0,message:"Payout request",data:record3}}),app.post(`${base}/payout-requests/:id/approve`,async(ctx)=>{let svc=config.getPayoutService();if(!svc)return failResponse(ctx,503,"Marketplace not available");let userId=requireUser(ctx);if(!userId)return failResponse(ctx,401,"Authentication required");if(!isAdmin(ctx))return failResponse(ctx,403,"Forbidden: operator privileges required");try{let record3=await svc.approvePayout(ctx.params.id,{deciderId:userId});if(!record3)return failResponse(ctx,404,"Payout request not found");return{success:!0,message:"Payout approved",data:record3}}catch(err){return failResponse(ctx,400,err instanceof Error?err.message:"Failed")}}),app.post(`${base}/payout-requests/:id/reject`,async(ctx)=>{let svc=config.getPayoutService();if(!svc)return failResponse(ctx,503,"Marketplace not available");let userId=requireUser(ctx);if(!userId)return failResponse(ctx,401,"Authentication required");if(!isAdmin(ctx))return failResponse(ctx,403,"Forbidden: operator privileges required");let record3=await svc.rejectPayout(ctx.params.id,userId);if(!record3)return failResponse(ctx,404,"Payout request not found");return{success:!0,message:"Payout rejected",data:record3}}),app.post(`${base}/disputes`,async(ctx)=>{let svc=config.getPayoutService();if(!svc)return failResponse(ctx,503,"Marketplace not available");if(!requireUser(ctx))return failResponse(ctx,401,"Authentication required");if(!isAdmin(ctx))return failResponse(ctx,403,"Forbidden: operator privileges required");let body=ctx.body;return{success:!0,message:"Dispute opened",data:await svc.openDispute(body)}},{body:t34.Object({provider:t34.String(),transactionId:t34.Optional(t34.String()),providerDisputeId:t34.Optional(t34.String()),ownerType:t34.Optional(t34.String()),ownerId:t34.Optional(t34.String()),amount:t34.Optional(t34.Number()),currency:t34.Optional(t34.String()),reason:t34.Optional(t34.String())}),detail:{tags:["Payments Marketplace"],summary:"Open a dispute"}}),app.get(`${base}/disputes`,async(ctx)=>{let svc=config.getPayoutService();if(!svc)return failResponse(ctx,503,"Marketplace not available");let userId=requireUser(ctx);if(!userId)return failResponse(ctx,401,"Authentication required");let url=new URL(ctx.request.url),requestedOwnerId=url.searchParams.get("ownerId")??void 0,ownerId=isAdmin(ctx)?requestedOwnerId:userId,items=await svc.listDisputes({ownerId,status:url.searchParams.get("status")??void 0});return{success:!0,message:`Found ${items.length} disputes`,data:{items}}}),app.post(`${base}/disputes/:id/resolve`,async(ctx)=>{let svc=config.getPayoutService();if(!svc)return failResponse(ctx,503,"Marketplace not available");if(!requireUser(ctx))return failResponse(ctx,401,"Authentication required");if(!isAdmin(ctx))return failResponse(ctx,403,"Forbidden: operator privileges required");let body=ctx.body,record3=await svc.resolveDispute(ctx.params.id,body.outcome);if(!record3)return failResponse(ctx,404,"Dispute not found");return{success:!0,message:"Dispute resolved",data:record3}},{body:t34.Object({outcome:t34.Union([t34.Literal("won"),t34.Literal("lost"),t34.Literal("accepted"),t34.Literal("cancelled")])}),detail:{tags:["Payments Marketplace"],summary:"Resolve a dispute"}}),app}var init_payouts=__esm(()=>{init_types22()});import{Elysia as Elysia43,t as t35}from"elysia";function createSplitRoutes(config){let base=`${config.basePath}/marketplace`,app=new Elysia43;return app.post(`${base}/splits`,async(ctx)=>{let svc=config.getMarketplaceService();if(!svc)return failResponse(ctx,503,"Marketplace not available");if(!requireUser(ctx))return failResponse(ctx,401,"Authentication required");if(!isAdmin(ctx))return failResponse(ctx,403,"Forbidden: operator privileges required");let body=ctx.body;try{return{success:!0,message:"Split recorded",data:await svc.recordSplit(body)}}catch(err){return failResponse(ctx,400,err instanceof Error?err.message:"Failed")}},{body:t35.Object({recipientOwnerId:t35.String(),recipientOwnerType:t35.Optional(t35.String()),provider:t35.String(),grossAmount:t35.Number(),providerFeeAmount:t35.Optional(t35.Number()),platformFeeAmount:t35.Number(),currency:t35.Optional(t35.String()),transactionId:t35.Optional(t35.String()),sourceType:t35.Optional(t35.String()),sourceId:t35.Optional(t35.String()),settlementDelayDays:t35.Optional(t35.Number()),reserveRate:t35.Optional(t35.Number()),isNewSeller:t35.Optional(t35.Boolean())}),detail:{tags:["Payments Marketplace"],summary:"Record a payment split"}}),app.get(`${base}/splits`,async(ctx)=>{let svc=config.getMarketplaceService();if(!svc)return failResponse(ctx,503,"Marketplace not available");let userId=requireUser(ctx);if(!userId)return failResponse(ctx,401,"Authentication required");let url=new URL(ctx.request.url),requestedOwnerId=url.searchParams.get("recipientOwnerId")??void 0,recipientOwnerId=isAdmin(ctx)?requestedOwnerId:userId,items=await svc.listSplits({recipientOwnerId,status:url.searchParams.get("status")??void 0});return{success:!0,message:`Found ${items.length} splits`,data:{items}}}),app.get(`${base}/balance/:ownerId`,async(ctx)=>{let svc=config.getMarketplaceService();if(!svc)return failResponse(ctx,503,"Marketplace not available");if(!requireUser(ctx))return failResponse(ctx,401,"Authentication required");let url=new URL(ctx.request.url),ownerType=url.searchParams.get("ownerType")??"seller",ownerId=ctx.params.ownerId;if(!canReadOwnerLedger(ctx,ownerType,ownerId))return failResponse(ctx,403,"Forbidden: cannot read another owner's balance");return{success:!0,message:"Balance",data:await svc.getBalance(ownerType,ownerId,url.searchParams.get("currency")??void 0)}}),app.post(`${base}/reserves/:id/release`,async(ctx)=>{let svc=config.getMarketplaceService();if(!svc)return failResponse(ctx,503,"Marketplace not available");if(!requireUser(ctx))return failResponse(ctx,401,"Authentication required");if(!isAdmin(ctx))return failResponse(ctx,403,"Forbidden: operator privileges required");if(!await svc.releaseReserve(ctx.params.id))return failResponse(ctx,400,"Reserve not found or not held");return{success:!0,message:"Reserve released",data:{released:!0}}}),app.get(`${base}/settlement-policy`,async(ctx)=>{let svc=config.getMarketplaceService();if(!svc)return failResponse(ctx,503,"Marketplace not available");if(!requireUser(ctx))return failResponse(ctx,401,"Authentication required");let url=new URL(ctx.request.url),ownerType=url.searchParams.get("ownerType")??"tenant",ownerId=url.searchParams.get("ownerId")??"";if(!canReadOwnerLedger(ctx,ownerType,ownerId))return failResponse(ctx,403,"Forbidden: cannot read this settlement policy");return{success:!0,message:"Settlement policy",data:await svc.getSettlementPolicy(ownerType,ownerId)}}),app.post(`${base}/settlement-policy`,async(ctx)=>{let svc=config.getMarketplaceService();if(!svc)return failResponse(ctx,503,"Marketplace not available");if(!requireUser(ctx))return failResponse(ctx,401,"Authentication required");if(!isAdmin(ctx))return failResponse(ctx,403,"Forbidden: operator privileges required");let body=ctx.body;return{success:!0,message:"Settlement policy saved",data:await svc.upsertSettlementPolicy(body)}},{body:t35.Object({ownerType:t35.String(),ownerId:t35.String(),defaultDelayDays:t35.Optional(t35.Number()),newSellerDelayDays:t35.Optional(t35.Number()),reserveRate:t35.Optional(t35.Number()),reserveDays:t35.Optional(t35.Number()),minimumPayoutAmount:t35.Optional(t35.Number()),currency:t35.Optional(t35.String()),earlyPayoutEnabled:t35.Optional(t35.Boolean())}),detail:{tags:["Payments Marketplace"],summary:"Upsert settlement policy"}}),app}var init_splits=__esm(()=>{init_types22()});var exports_marketplace={};__export(exports_marketplace,{createMarketplaceRoutes:()=>createMarketplaceRoutes});function createMarketplaceRoutes(app,config){return app.use(createSplitRoutes(config)),app.use(createPayoutRoutes(config)),app}var init_marketplace=__esm(()=>{init_payouts();init_splits()});function normSegment(input){return input.toLowerCase().replace(/[^a-z0-9]+/g,"_").replace(/_+/g,"_").replace(/^_|_$/g,"")}function normPath(path4){return normSegment(path4.replace(/\{[^}]+\}/g,(m2)=>m2.slice(1,-1)))}function shortHash(input){let h=5381;for(let i=0;i<input.length;i++)h=(h*33^input.charCodeAt(i))>>>0;return h.toString(36)}function capAction(action,max=100){if(action.length<=max)return action;let suffix=`_${shortHash(action)}`;return action.slice(0,Math.max(1,max-suffix.length))+suffix}function resourceFromPath(path4){let segs=path4.split("/").filter(Boolean).filter((s)=>!s.startsWith("{"));for(let s of segs){if(s==="api"||/^v\d+$/i.test(s))continue;return normSegment(s)}return normSegment(segs[0]??"root")}function matchesExclude(path4,patterns3){if(!patterns3?.length)return!1;for(let raw of patterns3){let p=raw.trim();if(!p)continue;if(p.endsWith("/*")){let prefix=p.slice(0,-2);if(path4===prefix||path4.startsWith(`${prefix}/`))return!0}else if(p.endsWith("*")){if(path4.startsWith(p.slice(0,-1)))return!0}else if(path4===p)return!0}return!1}function parseOpenApiToClaims(serviceId,doc,opts={}){let sid=normSegment(serviceId);if(!sid)throw Error("endpointDiscovery: serviceId is empty after normalization");if(RESERVED_SERVICE_IDS.has(sid))throw Error(`endpointDiscovery: serviceId "${serviceId}" collides with an HTTP-method claim prefix; pick another id`);let specs=[],seen=new Set,paths=doc.paths??{};for(let[path4,ops]of Object.entries(paths)){if(!ops||matchesExclude(path4,opts.exclude))continue;for(let method of HTTP_METHODS2){let op=ops[method];if(!op)continue;let tag=(op.tags?.[0]?normSegment(op.tags[0]):"")||resourceFromPath(path4),opToken=(op.operationId?normSegment(op.operationId):"")||`${method}_${normPath(path4)}`,action=capAction(`${sid}.${tag||"root"}.${opToken||method}`);if(seen.has(action)){action=capAction(`${action}_${shortHash(`${method} ${path4}`)}`);while(seen.has(action))action=capAction(`${action}_${shortHash(action)}`)}seen.add(action),specs.push({action,path:path4,method:method.toUpperCase(),description:op.summary||op.description||`${method.toUpperCase()} ${path4}`})}}return specs}function diffClaims(existing,specs){let specByAction=new Map(specs.map((s)=>[s.action,s])),existByAction=new Map(existing.map((e)=>[e.action,e]));return{toInsert:specs.filter((s)=>!existByAction.has(s.action)),toReactivate:specs.filter((s)=>existByAction.get(s.action)?.isActive===!1),toDeactivate:existing.filter((e)=>e.isActive&&!specByAction.has(e.action)),unchanged:specs.filter((s)=>existByAction.get(s.action)?.isActive===!0)}}async function fetchOpenApi(baseUrl,openapiPath,fetchImpl=fetch){let url=`${baseUrl.replace(/\/$/,"")}${openapiPath.startsWith("/")?"":"/"}${openapiPath}`,res=await fetchImpl(url);if(!res.ok)throw Error(`endpointDiscovery: OpenAPI fetch failed ${res.status} for ${url}`);return await res.json()}var HTTP_METHODS2,RESERVED_SERVICE_IDS;var init_EndpointDiscovery=__esm(()=>{HTTP_METHODS2=["get","post","put","patch","delete"],RESERVED_SERVICE_IDS=new Set(["get","post","put","patch","delete","toggle","bulk"])});var exports_seed={};__export(exports_seed,{seedDiscoveredClaims:()=>seedDiscoveredClaims,runEndpointDiscovery:()=>runEndpointDiscovery,getRouteManifest:()=>getRouteManifest,getRoleClaimsManifest:()=>getRoleClaimsManifest});import{eq as eq53,like as like2}from"drizzle-orm";function col14(table,name2){return table[name2]}async function seedDiscoveredClaims(db,claimsTable,serviceId,specs,logger2){let actionCol=col14(claimsTable,"action"),prefix=specs[0]?.action.split(".")[0]??serviceId.toLowerCase(),existing=(await db.select().from(claimsTable).where(like2(actionCol,`${prefix}.%`))).map((r2)=>({action:String(r2.action),isActive:r2.isActive!==!1,path:String(r2.path??""),method:String(r2.method??""),description:String(r2.description??"")})),plan=diffClaims(existing,specs);for(let s of plan.toInsert)await db.insert(claimsTable).values({action:s.action,path:s.path,method:s.method,description:s.description});for(let s of plan.toReactivate)await db.update(claimsTable).set({isActive:!0,path:s.path,method:s.method,description:s.description}).where(eq53(actionCol,s.action));for(let e of plan.toDeactivate)await db.update(claimsTable).set({isActive:!1}).where(eq53(actionCol,e.action));let summary={added:plan.toInsert.length,reactivated:plan.toReactivate.length,deactivated:plan.toDeactivate.length,unchanged:plan.unchanged.length,total:specs.length};return logger2.info(`[Discovery] Reconciled "${serviceId}"`,summary),summary}async function runEndpointDiscovery(db,schemaTables,config,logger2,fetchImpl=fetch){let claimsTable=schemaTables.claims,services=config.services??[],results=[];if(!claimsTable)return logger2.warn("[Discovery] No claims table in schema; skipping endpoint discovery"),{services:[]};for(let svc of services)try{let doc=await fetchOpenApi(svc.baseUrl,svc.openapi??"/openapi.json",fetchImpl),specs=parseOpenApiToClaims(svc.id,doc,{exclude:svc.exclude}),summary=await seedDiscoveredClaims(db,claimsTable,svc.id,specs,logger2);results.push({id:svc.id,...summary})}catch(err){let message=err instanceof Error?err.message:String(err);logger2.error(`[Discovery] Service "${svc.id}" discovery failed`,{error:message}),results.push({id:svc.id,added:0,reactivated:0,deactivated:0,unchanged:0,total:0,error:message})}return{services:results}}async function getRouteManifest(db,claimsTable,serviceId){return(await db.select().from(claimsTable).where(like2(col14(claimsTable,"action"),`${serviceId.toLowerCase()}.%`))).filter((r2)=>r2.isActive!==!1).map((r2)=>({action:String(r2.action),path:String(r2.path??""),method:String(r2.method??"")}))}async function getRoleClaimsManifest(db,schemaTables,serviceId){let{roles:rolesTable,claims:claimsTable}=schemaTables,roleClaimsTable=schemaTables.roleClaims??schemaTables.role_claims;if(!rolesTable||!claimsTable||!roleClaimsTable)return{};let sid=serviceId.toLowerCase(),claimRows=await db.select().from(claimsTable),claimIdToAction=new Map;for(let c of claimRows){if(c.isActive===!1)continue;let action=String(c.action??"");if(action===sid||action.startsWith(`${sid}.`))claimIdToAction.set(String(c.id),action)}if(claimIdToAction.size===0)return{};let roleRows=await db.select().from(rolesTable),roleIdToName=new Map;for(let r2 of roleRows)roleIdToName.set(String(r2.id),String(r2.name??""));let rcRows=await db.select().from(roleClaimsTable),out={};for(let rc of rcRows){if(rc.isActive===!1)continue;let action=claimIdToAction.get(String(rc.claimId??rc.claim_id)),roleName=roleIdToName.get(String(rc.roleId??rc.role_id));if(!action||!roleName)continue;(out[roleName]??=[]).push(action)}return out}var init_seed=__esm(()=>{init_EndpointDiscovery()});var OPS_BY_TYPE;var init_types23=__esm(()=>{OPS_BY_TYPE={int:["gt","gte","lt","lte","eq","ne"],boolean:["eq","ne"],string:["eq","ne"]}});function isRecord(v){return typeof v==="object"&&v!==null}function guardActionFromName(name2){let brace=name2.indexOf("{");return(brace>=0?name2.slice(0,brace):name2).replace(/:$/,"")}function parseGuardCatalogEntry(entry){if(!isRecord(entry))return null;let name2=typeof entry.name==="string"?entry.name.trim():"";if(!name2)return null;let valueType=entry.value;if(typeof valueType!=="string"||!VALUE_TYPES.includes(valueType))return null;let action=guardActionFromName(name2);if(!action)return null;return{action,policy:{kind:"guard",keyTemplate:name2,valueType}}}function parseGuardPolicy(raw){if(!isRecord(raw)||raw.kind!=="guard")return null;if(typeof raw.keyTemplate!=="string"||!raw.keyTemplate)return null;let vt=raw.valueType;if(typeof vt!=="string"||!VALUE_TYPES.includes(vt))return null;return{kind:"guard",keyTemplate:raw.keyTemplate,valueType:vt}}function resolveGuardKey(keyTemplate,ctx){return keyTemplate.replaceAll("{userId}",ctx.userId).replaceAll("{tenant}",ctx.tenant??"default")}function coerceThreshold(value2,type4){if(type4==="int"){if(value2==null)return null;if(typeof value2==="boolean"||typeof value2==="symbol")return null;if(typeof value2==="string"&&value2.trim()==="")return null;if(typeof value2==="object")return null;let n2=Number(value2);return Number.isFinite(n2)?n2:null}if(type4==="boolean"){if(typeof value2==="boolean")return value2;if(value2==="true"||value2===1||value2==="1")return!0;if(value2==="false"||value2===0||value2==="0")return!1;return null}return value2==null?null:String(value2)}function parseGuardCondition(scope,valueType){let raw=scope;if(typeof scope==="string")try{raw=JSON.parse(scope)}catch{return null}if(!isRecord(raw))return null;let op=raw.op;if(typeof op!=="string"||!OPS_BY_TYPE[valueType].includes(op))return null;let value2=coerceThreshold(raw.value,valueType);if(value2===null)return null;let invalidates=Array.isArray(raw.invalidates)?raw.invalidates.filter((a12)=>typeof a12==="string"&&a12.length>0):[];return{op,value:value2,invalidates}}function coerceStateValue(raw,type4){if(raw==null)return null;let v=isRecord(raw)&&"data"in raw?raw.data:raw;if(v==null)return null;if(typeof v==="object")return null;if(type4==="int"&&typeof v==="string"&&v.trim()==="")return null;return coerceThreshold(v,type4)}function guardConditionHolds(rawValue,valueType,condition){let actual=coerceStateValue(rawValue,valueType);if(actual===null)return!1;let target2=condition.value;switch(condition.op){case"gt":return actual>target2;case"gte":return actual>=target2;case"lt":return actual<target2;case"lte":return actual<=target2;case"eq":return actual===target2;case"ne":return actual!==target2;default:return!1}}function parseClaimGuardCatalog(entries){if(!entries?.length)return[];let out=[],seen=new Set;for(let e of entries){let parsed=parseGuardCatalogEntry(e);if(parsed&&!seen.has(parsed.action))seen.add(parsed.action),out.push(parsed)}return out}var VALUE_TYPES;var init_evaluate=__esm(()=>{init_types23();VALUE_TYPES=["int","boolean","string"]});async function resolveClaimGuards(db,schemaTables,userId,read,ctx={}){let claimsTable=schemaTables.claims,roleClaimsTable=schemaTables.roleClaims??schemaTables.role_claims,userRolesTable=schemaTables.userRoles??schemaTables.user_roles;if(!claimsTable||!roleClaimsTable||!userRolesTable)return EMPTY;let claimRows=await db.select().from(claimsTable),guardByClaimId=new Map;for(let c of claimRows){if(c.isActive===!1)continue;let policy=parseGuardPolicy(c.policy);if(policy)guardByClaimId.set(String(c.id),{action:String(c.action??""),policy})}if(guardByClaimId.size===0)return EMPTY;let urRows=await db.select().from(userRolesTable),roleIds=new Set(urRows.filter((r2)=>r2.isActive!==!1&&String(r2.userId??r2.user_id)===userId).map((r2)=>String(r2.roleId??r2.role_id)));if(roleIds.size===0)return EMPTY;let rcRows=await db.select().from(roleClaimsTable),guards=[],suppressed=new Set,firedGuards=[],stateCache=new Map;for(let rc of rcRows){if(rc.isActive===!1)continue;if(!roleIds.has(String(rc.roleId??rc.role_id)))continue;let guard4=guardByClaimId.get(String(rc.claimId??rc.claim_id));if(!guard4)continue;let condition=parseGuardCondition(rc.scope,guard4.policy.valueType);if(!condition)continue;let key2=resolveGuardKey(guard4.policy.keyTemplate,{userId,tenant:ctx.tenant}),value2;if(stateCache.has(key2))value2=stateCache.get(key2);else value2=await read(key2).catch(()=>null),stateCache.set(key2,value2);let holds=guardConditionHolds(value2,guard4.policy.valueType,condition),current=normalizeCurrent(value2,guard4.policy.valueType);if(guards.push({action:guard4.action,key:key2,valueType:guard4.policy.valueType,op:condition.op,threshold:condition.value,current,invalidates:condition.invalidates,holds}),holds&&condition.invalidates.length>0){for(let a12 of condition.invalidates)suppressed.add(a12);firedGuards.push({action:guard4.action,key:key2,invalidates:condition.invalidates})}}return{guards,suppressedClaims:[...suppressed],firedGuards}}function normalizeCurrent(raw,type4){if(raw==null)return null;let v=typeof raw==="object"&&raw!==null&&"data"in raw?raw.data:raw;if(v==null)return null;if(type4==="int"){let n2=Number(v);return Number.isFinite(n2)?n2:null}if(type4==="boolean")return v===!0||v==="true"||v===1||v==="1";return String(v)}var EMPTY;var init_resolve=__esm(()=>{init_evaluate();EMPTY={guards:[],suppressedClaims:[],firedGuards:[]}});import{eq as eq54}from"drizzle-orm";async function seedClaimGuards(db,schemaTables,claimGuards,logger2){let claimsTable=schemaTables.claims;if(!claimsTable)return{created:0,updated:0,deactivated:0};let actionCol=claimsTable.action,desired=parseClaimGuardCatalog(claimGuards),desiredByAction=new Map(desired.map((d)=>[d.action,d.policy])),existing=await db.select().from(claimsTable),existingGuardActions=new Set,result={created:0,updated:0,deactivated:0};for(let row of existing){if(!parseGuardPolicy(row.policy))continue;let action=String(row.action??"");existingGuardActions.add(action);let want=desiredByAction.get(action);if(!want){if(row.isActive!==!1)await db.update(claimsTable).set({isActive:!1}).where(eq54(actionCol,action)),result.deactivated++;continue}let current=row.policy;if(JSON.stringify(current)!==JSON.stringify(want)||row.isActive===!1)await db.update(claimsTable).set({policy:want,isActive:!0,path:want.keyTemplate,method:"GUARD"}).where(eq54(actionCol,action)),result.updated++}for(let{action,policy}of desired){if(existingGuardActions.has(action))continue;await db.insert(claimsTable).values({action,description:`ClaimGuard [${policy.valueType}] key=${policy.keyTemplate}`,path:policy.keyTemplate,method:"GUARD",policy,isActive:!0}),result.created++}return logger2?.info?.(`[Authorization] ClaimGuards seeded (created=${result.created}, updated=${result.updated}, deactivated=${result.deactivated})`),result}var init_seed2=__esm(()=>{init_evaluate()});var exports_ClaimGuard={};__export(exports_ClaimGuard,{seedClaimGuards:()=>seedClaimGuards,resolveGuardKey:()=>resolveGuardKey,resolveClaimGuards:()=>resolveClaimGuards,parseGuardPolicy:()=>parseGuardPolicy,parseGuardCondition:()=>parseGuardCondition,parseGuardCatalogEntry:()=>parseGuardCatalogEntry,parseClaimGuardCatalog:()=>parseClaimGuardCatalog,guardConditionHolds:()=>guardConditionHolds,guardActionFromName:()=>guardActionFromName,OPS_BY_TYPE:()=>OPS_BY_TYPE});var init_ClaimGuard=__esm(()=>{init_evaluate();init_resolve();init_seed2();init_types23()});var exports_dbStorage={};__export(exports_dbStorage,{createDbWebAuthnStorage:()=>createDbWebAuthnStorage});import{and as and18,eq as eq55,isNull as isNull4}from"drizzle-orm";function rowToRecord(row){return{id:row.id,userId:row.userId,credentialId:row.credentialId,publicKey:row.publicKey,counter:typeof row.counter==="bigint"?Number(row.counter):Number(row.counter??0),transports:parseTransports(row.transports),deviceType:parseDeviceType(row.deviceType),backedUp:row.backedUp,aaguid:row.aaguid,authenticatorAttachment:row.authenticatorAttachment==="platform"||row.authenticatorAttachment==="cross-platform"?row.authenticatorAttachment:null,nickname:row.nickname,lastUsedAt:row.lastUsedAt,revokedAt:row.revokedAt,createdAt:row.createdAt}}function col15(table,key2){return table[key2]}function createDbWebAuthnStorage(deps){let{db,resolveTable}=deps,credentialsName="webauthnCredentials",challengesName="webauthnChallenges";return{storeChallenge:async(challenge,schemaName)=>{let table=resolveTable("webauthnChallenges",schemaName);if(!table)return;await db.insert(table).values({userId:challenge.userId??null,challenge:challenge.challenge,challengeType:challenge.challengeType,expiresAt:challenge.expiresAt})},consumeChallenge:async(challenge,challengeType,schemaName)=>{let table=resolveTable("webauthnChallenges",schemaName);if(!table)return null;let row=(await db.update(table).set({consumedAt:new Date}).where(and18(eq55(col15(table,"challenge"),challenge),eq55(col15(table,"challengeType"),challengeType),isNull4(col15(table,"consumedAt")))).returning())[0];if(!row)return null;return{challenge:row.challenge,challengeType:row.challengeType,userId:row.userId,expiresAt:row.expiresAt}},listCredentialsByUser:async(userId,schemaName)=>{let table=resolveTable("webauthnCredentials",schemaName);if(!table)return[];return(await db.select().from(table).where(eq55(col15(table,"userId"),userId))).map(rowToRecord)},findCredentialById:async(credentialId,schemaName)=>{let table=resolveTable("webauthnCredentials",schemaName);if(!table)return null;let rows=await db.select().from(table).where(eq55(col15(table,"credentialId"),credentialId)).limit(1);return rows[0]?rowToRecord(rows[0]):null},insertCredential:async(record3,schemaName)=>{let table=resolveTable("webauthnCredentials",schemaName);if(!table)throw Error("webauthn_credentials table not configured");let row=(await db.insert(table).values({userId:record3.userId,credentialId:record3.credentialId,publicKey:record3.publicKey,counter:record3.counter,transports:record3.transports??null,deviceType:record3.deviceType??null,backedUp:record3.backedUp,aaguid:record3.aaguid??null,authenticatorAttachment:record3.authenticatorAttachment??null,nickname:record3.nickname??null}).returning())[0];if(!row)throw Error("Failed to insert webauthn credential");return rowToRecord(row)},updateCredentialCounter:async(credentialId,counter,schemaName)=>{let table=resolveTable("webauthnCredentials",schemaName);if(!table)return;await db.update(table).set({counter,lastUsedAt:new Date}).where(eq55(col15(table,"credentialId"),credentialId))},revokeCredential:async(credentialId,userId,schemaName)=>{let table=resolveTable("webauthnCredentials",schemaName);if(!table)return!1;return(await db.update(table).set({revokedAt:new Date}).where(and18(eq55(col15(table,"credentialId"),credentialId),eq55(col15(table,"userId"),userId))).returning()).length>0},renameCredential:async(credentialId,userId,nickname,schemaName)=>{let table=resolveTable("webauthnCredentials",schemaName);if(!table)return!1;return(await db.update(table).set({nickname}).where(and18(eq55(col15(table,"credentialId"),credentialId),eq55(col15(table,"userId"),userId))).returning()).length>0}}}var init_dbStorage=()=>{};var exports_authorization={};__export(exports_authorization,{createAuthorizationDiscoveryRoutes:()=>createAuthorizationDiscoveryRoutes});import{timingSafeEqual as timingSafeEqual3}from"crypto";import{Elysia as Elysia44}from"elysia";function tokensMatch2(a12,b){let ba=Buffer.from(a12),bb=Buffer.from(b);if(ba.length!==bb.length)return!1;return timingSafeEqual3(ba,bb)}function createAuthorizationDiscoveryRoutes(cfg){let{db,schemaTables,logger:logger2,discovery,readState}=cfg,token=discovery.token||process.env.NUCLEUS_DISCOVERY_TOKEN,claimsTable=schemaTables.claims,manifestAuthorized=(request)=>{if(hasGodminRole(request))return!0;if(token){let presented=request.headers.get("x-discovery-token")??"";return tokensMatch2(presented,token)}return!1},routes=new Elysia44;routes.post("/authorization/discover",async({request,set:set2})=>{if(!hasGodminRole(request))return fail3(set2,403,"Forbidden: endpoint discovery requires godmin");if(!discovery.enabled)return fail3(set2,400,"endpointDiscovery is not enabled");return{success:!0,message:"Discovery completed",data:await runEndpointDiscovery(db,schemaTables,discovery,logger2)}}),routes.get("/authorization/route-manifest",async({request,query,set:set2})=>{if(!manifestAuthorized(request))return fail3(set2,403,"Forbidden: godmin or a valid x-discovery-token required");if(!claimsTable)return fail3(set2,503,"Claims table unavailable");let service=query.service;if(service){let rows=await getRouteManifest(db,claimsTable,service);return{success:!0,data:{service,routes:rows}}}let all={};for(let svc of discovery.services??[])all[svc.id]=await getRouteManifest(db,claimsTable,svc.id);return{success:!0,data:all}}),routes.get("/authorization/role-claims-manifest",async({request,query,set:set2})=>{if(!manifestAuthorized(request))return fail3(set2,403,"Forbidden: godmin or a valid x-discovery-token required");let service=query.service;if(!service)return fail3(set2,400,"service query param required");let map=await getRoleClaimsManifest(db,schemaTables,service);return{success:!0,data:{service,roleClaims:map}}});let authorizeGuardRead=(request,query,set2)=>{let callerId=request.headers.get("x-user-id")??"",isGodmin3=hasGodminRole(request),requested=query.userId;if(requested&&requested!==callerId&&!isGodmin3)return{error:fail3(set2,403,"Forbidden: only godmin can read another user's guards")};let targetUserId=requested&&isGodmin3?requested:callerId;if(!targetUserId)return{error:fail3(set2,401,"Unauthorized: no user context")};return{userId:targetUserId}},guardsHandler=async({request,query,set:set2})=>{let auth=authorizeGuardRead(request,query,set2);if("error"in auth)return auth.error;let tenant=request.headers.get("x-tenant-id")??void 0;if(!readState)return{success:!0,data:{userId:auth.userId,guards:[]}};let{guards}=await resolveClaimGuards(db,schemaTables,auth.userId,readState,{tenant});return{success:!0,data:{userId:auth.userId,guards}}};return routes.get("/authorization/guards",guardsHandler),routes.get("/authorization/quotas",guardsHandler),routes.get("/authorization/suppressed-claims",async({request,query,set:set2})=>{let auth=authorizeGuardRead(request,query,set2);if("error"in auth)return auth.error;if(!readState)return{success:!0,data:{userId:auth.userId,suppressedClaims:[],firedGuards:[]}};let tenant=request.headers.get("x-tenant-id")??void 0,{suppressedClaims,firedGuards}=await resolveClaimGuards(db,schemaTables,auth.userId,readState,{tenant});return{success:!0,data:{userId:auth.userId,suppressedClaims,firedGuards}}}),routes}var fail3=(set2,status,message)=>{return set2.status=status,{success:!1,message,data:null}};var init_authorization=__esm(()=>{init_seed();init_ClaimGuard();init_adminGuard()});var import_reflect_metadata2=__toESM(require_Reflect(),1);import{batch,createStore}from"h-state";import{useEffectEvent}from"react";function createInitialState(endpoints){let state={};for(let key of Object.keys(endpoints))state[key]={isPending:!1,data:null,error:null,code:null};return state}function createApiHook(endpoints,factory){let{useStore}=createStore(createInitialState(endpoints),{_callEndpoint:(store)=>async(endpointKey,options)=>{if(!store[endpointKey])return;batch(()=>{store[endpointKey].isPending=!0,store[endpointKey].error=null});try{let response=await factory(endpointKey,options.payload);if(batch(()=>{if(store[endpointKey].isPending=!1,store[endpointKey].code=response.code??null,response.isSuccess&&response.data!==void 0)store[endpointKey].data=response.data,store[endpointKey].error=null;else store[endpointKey].error=response.errors??null}),response.isSuccess)options.onAfterHandle?.(response.data??response);else options.onErrorHandle?.(response.errors??{message:"Request failed"},response.code)}catch(err){batch(()=>{store[endpointKey].isPending=!1,store[endpointKey].error={message:err instanceof Error?err.message:"Unknown error"}}),options.onErrorHandle?.({message:err instanceof Error?err.message:"Unknown error"},null)}}});return function(){let store=useStore(),callEndpoint=useEffectEvent((endpointKey,options)=>{store._callEndpoint(endpointKey,options)}),actions={};for(let key of Object.keys(endpoints)){let startFn=(options)=>{callEndpoint(key,options)};actions[key]={state:store[key],start:startFn}}return actions}}var system_tables_default={$schema:"../schemas/nucleus.tables.schema.json",tables:[{table_name:"users",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"email",type:"varchar",length:255},{name:"password",type:"varchar",length:255},{name:"verified_at",type:"timestamp"},{name:"email_verification_token",type:"varchar",length:255},{name:"email_verification_token_expires_at",type:"timestamp"},{name:"email_verification_sent_at",type:"timestamp"},{name:"email_verification_attempts",type:"integer",default:0},{name:"last_login_at",type:"timestamp"},{name:"login_count",type:"integer",default:0},{name:"is_locked",type:"boolean",default:!1},{name:"locked_until",type:"timestamp"},{name:"failed_login_attempts",type:"integer",default:0},{name:"is_god",type:"boolean",default:!1},{name:"cohort_id",type:"uuid",references:{table:"user_cohorts",column:"id",onDelete:"set null"}},{name:"email_verified",type:"boolean",default:!1}],indexes:[{columns:["email"],unique:!0},{columns:["email","is_active"]},{columns:["last_login_at"]},{columns:["is_locked","locked_until"]}]},{table_name:"profiles",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"first_name",type:"varchar",length:100,notNull:!0},{name:"last_name",type:"varchar",length:100,notNull:!0}],indexes:[{columns:["user_id"],unique:!0},{columns:["first_name","last_name"]}]},{table_name:"roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500}],indexes:[{columns:["name"],unique:!0}]},{table_name:"claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"action",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500},{name:"path",type:"varchar",length:200,notNull:!0},{name:"method",type:"varchar",length:10,notNull:!0},{name:"policy",type:"jsonb"}],indexes:[{columns:["action"],unique:!0},{columns:["path","method"]}]},{table_name:"user_roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}}],indexes:[{columns:["user_id"]},{columns:["role_id"]}],constraints:{unique:[{name:"unique_user_role",columns:["user_id","role_id"]}]}},{table_name:"role_claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}},{name:"claim_id",type:"uuid",notNull:!0,references:{table:"claims",column:"id",onDelete:"cascade"}},{name:"scope",type:"text"}],indexes:[{columns:["role_id"]},{columns:["claim_id"]},{columns:["role_id","claim_id","scope"]}]},{table_name:"files",feature_set:["storage"],add_base_columns:!0,is_form_data:!0,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:255,notNull:!0},{name:"original_name",type:"varchar",length:255,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["image","document","video","audio","profile_picture"]},{name:"path",type:"varchar",length:500,notNull:!0},{name:"size",type:"bigint",mode:"number",notNull:!0},{name:"mime_type",type:"varchar",length:100,notNull:!0},{name:"extension",type:"varchar",length:10,notNull:!0},{name:"uploaded_by",type:"uuid",references:{table:"users",column:"id"}}],indexes:[{columns:["type"]},{columns:["uploaded_by"]},{columns:["size"]}]},{table_name:"addresses",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"street",type:"varchar",length:255},{name:"city",type:"varchar",length:100},{name:"state",type:"varchar",length:50},{name:"zip",type:"varchar",length:20},{name:"country",type:"varchar",length:50,default:"US"},{name:"latitude",type:"decimal",precision:10,scale:8},{name:"longitude",type:"decimal",precision:11,scale:8},{name:"neighborhood",type:"varchar",length:100},{name:"apartment",type:"varchar",length:50},{name:"province",type:"varchar",length:100},{name:"district",type:"varchar",length:100},{name:"type",type:"varchar",length:50}],indexes:[{columns:["city","state"]},{columns:["latitude","longitude"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"phones",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["mobile","office","fax"]},{name:"number",type:"varchar",length:20,notNull:!0},{name:"country_code",type:"varchar",length:10,notNull:!0,default:"+1"},{name:"extension",type:"varchar",length:10}],indexes:[{columns:["number"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"notifications",feature_set:["notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",notNull:!0},{name:"title",type:"varchar",length:255,notNull:!0},{name:"body",type:"varchar",length:1000},{name:"entity_name",type:"varchar",length:100},{name:"entity_id",type:"uuid"},{name:"type",type:"varchar",length:50,notNull:!0,default:"system",enumValues:["verification","system","custom"]},{name:"source",type:"varchar",length:100},{name:"is_seen",type:"boolean",notNull:!0,default:!1},{name:"seen_at",type:"timestamptz"}],indexes:[{columns:["user_id","created_at"]},{columns:["is_seen"]},{columns:["type"]},{columns:["user_id","type","is_seen"]}]},{table_name:"tenants",feature_set:["multi-tenant"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:[],columns:[{name:"subdomain",type:"varchar",length:100,notNull:!0,unique:!0},{name:"schema_name",type:"varchar",length:100,notNull:!0,unique:!0},{name:"company_id",type:"uuid",notNull:!0},{name:"company_name",type:"varchar",length:255},{name:"god_admin_email",type:"varchar",length:255,notNull:!0},{name:"status",type:"varchar",length:20,notNull:!0,default:"provisioning"},{name:"plan",type:"varchar",length:50,default:"free"},{name:"domain",type:"varchar",length:255},{name:"settings",type:"jsonb",default:"{}"},{name:"trusted_sources",type:"jsonb",default:"[]"},{name:"max_users",type:"integer"},{name:"provisioned_at",type:"timestamptz"},{name:"suspended_at",type:"timestamptz"},{name:"suspended_reason",type:"text"}],indexes:[{columns:["status"]}]},{table_name:"tenant_events",feature_set:["multi-tenant"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"tenant_id",type:"uuid",notNull:!0,references:{table:"tenants",column:"id",onDelete:"cascade"}},{name:"event_type",type:"varchar",length:50,notNull:!0},{name:"event_data",type:"jsonb",default:"{}"},{name:"performed_by",type:"varchar",length:255},{name:"ip_address",type:"varchar",length:45}],indexes:[{columns:["tenant_id"]},{columns:["event_type"]}]},{table_name:"tenant_features",feature_set:["multi-tenant"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:[],columns:[{name:"tenant_id",type:"uuid",notNull:!0,references:{table:"tenants",column:"id",onDelete:"cascade"}},{name:"feature_name",type:"varchar",length:100,notNull:!0},{name:"enabled",type:"boolean",notNull:!0,default:!0},{name:"config",type:"jsonb",default:"{}"}],indexes:[{columns:["tenant_id","feature_name"],unique:!0},{columns:["feature_name"]}]},{table_name:"domain_hostnames",feature_set:["domains"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["PUT"],group_name:"Domains",columns:[{name:"owner_type",type:"varchar",length:20,notNull:!0,default:"tenant",comment:"tenant | organization | user | external"},{name:"owner_id",type:"uuid",notNull:!0,comment:"Product-defined owner reference (e.g. band id, org id)"},{name:"tenant_id",type:"uuid",references:{table:"tenants",column:"id",onDelete:"cascade"},comment:"Tenant this hostname routes to; null for non-tenant owners"},{name:"schema_name",type:"varchar",length:100,comment:"Resolved tenant schema for routing"},{name:"hostname",type:"varchar",length:255,notNull:!0,comment:"Original hostname as entered by the user"},{name:"normalized_hostname",type:"varchar",length:255,notNull:!0,unique:!0,comment:"Lowercased, punycode, port-stripped hostname used for matching"},{name:"hostname_kind",type:"varchar",length:20,notNull:!0,default:"apex",comment:"platform_subdomain | apex | www | subdomain"},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending_verification",comment:"draft | pending_verification | verifying | active | failed | disabled | archived"},{name:"routing_status",type:"varchar",length:20,notNull:!0,default:"inactive",comment:"inactive | pending | active | failed"},{name:"certificate_status",type:"varchar",length:20,notNull:!0,default:"pending",comment:"not_required | pending | active | failed"},{name:"verification_status",type:"varchar",length:20,notNull:!0,default:"pending",comment:"pending | verified | failed | expired"},{name:"provider",type:"varchar",length:30,notNull:!0,default:"manual_dns",comment:"manual_dns | cloudflare_for_saas | cloudflare_registrar"},{name:"provider_hostname_id",type:"varchar",length:255},{name:"dns_target",type:"varchar",length:255,comment:"CNAME / A target the customer must point at"},{name:"is_primary",type:"boolean",notNull:!0,default:!1},{name:"redirect_to_hostname_id",type:"uuid",comment:"When set, this hostname 301-redirects to another hostname (e.g. apex to www)"},{name:"activated_at",type:"timestamptz"},{name:"disabled_at",type:"timestamptz"},{name:"failure_reason",type:"text"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["tenant_id"]},{columns:["schema_name"]},{columns:["status"]},{columns:["owner_type","owner_id"]},{columns:["provider","provider_hostname_id"]}]},{table_name:"domain_registrations",feature_set:["domains"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["PUT"],group_name:"Domains",columns:[{name:"owner_type",type:"varchar",length:20,notNull:!0,default:"tenant"},{name:"owner_id",type:"uuid",notNull:!0},{name:"tenant_id",type:"uuid",references:{table:"tenants",column:"id",onDelete:"set null"}},{name:"requested_domain",type:"varchar",length:255,notNull:!0},{name:"registered_domain",type:"varchar",length:255},{name:"provider",type:"varchar",length:30,notNull:!0,default:"cloudflare_registrar"},{name:"provider_registration_id",type:"varchar",length:255},{name:"registrant_owner_type",type:"varchar",length:20,notNull:!0,default:"customer",comment:"customer | platform"},{name:"registrant_contact_snapshot",type:"jsonb",default:"{}"},{name:"status",type:"varchar",length:30,notNull:!0,default:"draft",comment:"draft | availability_checked | awaiting_payment | registering | active | failed | transfer_requested | transferred_out | cancelled | expired"},{name:"price_amount",type:"numeric",precision:12,scale:2},{name:"currency",type:"varchar",length:10},{name:"renewal_date",type:"timestamptz"},{name:"auto_renew",type:"boolean",notNull:!0,default:!0},{name:"terms_version",type:"varchar",length:50},{name:"terms_accepted_at",type:"timestamptz"},{name:"failure_reason",type:"text"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["owner_type","owner_id"]},{columns:["tenant_id"]},{columns:["status"]}]},{table_name:"domain_verification_challenges",feature_set:["domains"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Domains",columns:[{name:"domain_hostname_id",type:"uuid",notNull:!0,references:{table:"domainHostnames",column:"id",onDelete:"cascade"}},{name:"challenge_type",type:"varchar",length:30,notNull:!0,default:"ownership_validation",comment:"hostname_validation | certificate_validation | ownership_validation"},{name:"record_type",type:"varchar",length:10,notNull:!0,default:"TXT",comment:"TXT | CNAME | A | AAAA | HTTP"},{name:"record_name",type:"varchar",length:255,notNull:!0},{name:"record_value",type:"text",notNull:!0},{name:"expected_target",type:"varchar",length:255},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending",comment:"pending | verified | failed | expired"},{name:"expires_at",type:"timestamptz"},{name:"verified_at",type:"timestamptz"},{name:"failure_reason",type:"text"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["domain_hostname_id"]},{columns:["status"]}]},{table_name:"domain_provider_records",feature_set:["domains"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Domains",columns:[{name:"domain_hostname_id",type:"uuid",notNull:!0,references:{table:"domainHostnames",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:30,notNull:!0},{name:"provider_resource_type",type:"varchar",length:30,notNull:!0,comment:"custom_hostname | certificate | validation | zone | dns_record | registration"},{name:"provider_resource_id",type:"varchar",length:255},{name:"provider_status",type:"varchar",length:50},{name:"last_synced_at",type:"timestamptz"},{name:"raw_status",type:"jsonb",default:"{}"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["domain_hostname_id"]},{columns:["provider","provider_resource_id"]}]},{table_name:"domain_events",feature_set:["domains"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Domains",columns:[{name:"domain_hostname_id",type:"uuid",references:{table:"domainHostnames",column:"id",onDelete:"cascade"}},{name:"domain_registration_id",type:"uuid",references:{table:"domainRegistrations",column:"id",onDelete:"cascade"}},{name:"event_type",type:"varchar",length:50,notNull:!0},{name:"actor_type",type:"varchar",length:20},{name:"actor_id",type:"varchar",length:255},{name:"message",type:"text"},{name:"ip_address",type:"varchar",length:45},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["domain_hostname_id"]},{columns:["event_type"]}]},{table_name:"verifications",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"instance_id",type:"uuid",notNull:!0,references:{table:"verificationInstances",column:"id",onDelete:"cascade"}},{name:"requirement_id",type:"uuid",notNull:!0,references:{table:"verificationRequirements",column:"id"}},{name:"verifier_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"signature_id",type:"uuid",references:{table:"files",column:"id"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"decision",type:"varchar",length:50,notNull:!0,default:"pending",enumValues:["approved","rejected","pending"]},{name:"reason",type:"text"},{name:"diff",type:"jsonb"}],indexes:[{columns:["instance_id"]},{columns:["requirement_id"]},{columns:["verifier_id"]},{columns:["entity_name","entity_id"]},{columns:["entity_name","entity_id","step_order"]},{columns:["decision"]}]},{table_name:"verificationRequirements",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"instance_id",type:"uuid",notNull:!0,references:{table:"verificationInstances",column:"id",onDelete:"cascade"}},{name:"step_node_id",type:"varchar",length:100,notNull:!0},{name:"verifier_node_id",type:"varchar",length:100,notNull:!0},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"verifier_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role"]},{name:"verifier_user_id",type:"uuid"},{name:"verifier_role",type:"varchar",length:100},{name:"require_signature",type:"boolean",notNull:!0,default:!1},{name:"all_must_approve",type:"boolean",notNull:!0,default:!1},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"status",type:"varchar",length:30,notNull:!0,default:"pending",enumValues:["pending","approved","rejected"]}],indexes:[{columns:["instance_id"]},{columns:["instance_id","step_order"]},{columns:["entity_name","entity_id"]},{columns:["verifier_user_id"]},{columns:["status"]}]},{table_name:"verificationFlows",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"trigger_on",type:"varchar",length:50,notNull:!0,default:"update",enumValues:["create","update","delete","manual"]},{name:"trigger_fields",type:"jsonb"},{name:"is_draft",type:"boolean",notNull:!0,default:!0},{name:"published_at",type:"timestamptz"},{name:"viewport",type:"jsonb"}],indexes:[{columns:["entity_name"]},{columns:["entity_name","trigger_on"]},{columns:["is_draft"]}]},{table_name:"verificationSteps",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"node_type",type:"varchar",length:50,notNull:!0,default:"step",enumValues:["step","verifier","notification"]},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"name",type:"varchar",length:255},{name:"description",type:"text"},{name:"position_x",type:"numeric",notNull:!0,default:0},{name:"position_y",type:"numeric",notNull:!0,default:0},{name:"width",type:"numeric"},{name:"height",type:"numeric"},{name:"style",type:"jsonb"},{name:"data",type:"jsonb"}],indexes:[{columns:["flow_id"]},{columns:["entity_name"]},{columns:["flow_id","node_id"],unique:!0},{columns:["entity_name","step_order"]}]},{table_name:"verificationEdges",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"edge_id",type:"varchar",length:100,notNull:!0},{name:"source_node_id",type:"varchar",length:100,notNull:!0},{name:"target_node_id",type:"varchar",length:100,notNull:!0},{name:"source_handle",type:"varchar",length:50},{name:"target_handle",type:"varchar",length:50},{name:"edge_type",type:"varchar",length:50,default:"default",enumValues:["default","conditional","success","failure"]},{name:"label",type:"varchar",length:255},{name:"condition",type:"jsonb"},{name:"style",type:"jsonb"},{name:"animated",type:"boolean",default:!1}],indexes:[{columns:["flow_id"]},{columns:["flow_id","edge_id"],unique:!0},{columns:["source_node_id"]},{columns:["target_node_id"]}]},{table_name:"verificationNotificationRules",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"trigger",type:"varchar",length:50,notNull:!0,enumValues:["on_flow_started","on_step_reached","on_approved","on_rejected","on_flow_completed"]},{name:"title_template",type:"varchar",length:255},{name:"body_template",type:"text"},{name:"starts_at",type:"timestamptz"},{name:"expires_at",type:"timestamptz"}],indexes:[{columns:["flow_id"]},{columns:["flow_id","node_id"],unique:!0},{columns:["trigger"]}]},{table_name:"verificationNotificationRecipients",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"rule_id",type:"uuid",notNull:!0,references:{table:"verificationNotificationRules",column:"id",onDelete:"cascade"}},{name:"recipient_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role","all_verifiers","step_verifier","entity_creator"]},{name:"recipient_user_id",type:"uuid"},{name:"recipient_role",type:"varchar",length:100}],indexes:[{columns:["rule_id"]},{columns:["recipient_type"]}]},{table_name:"verificationVerifierConfigs",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"verifier_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role"]},{name:"verifier_user_id",type:"uuid"},{name:"verifier_role",type:"varchar",length:100},{name:"require_signature",type:"boolean",notNull:!0,default:!1},{name:"all_must_approve",type:"boolean",notNull:!0,default:!1}],indexes:[{columns:["flow_id"]},{columns:["flow_id","node_id"],unique:!0},{columns:["verifier_type"]}]},{table_name:"verificationInstances",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"started_by",type:"uuid",references:{table:"users",column:"id"}},{name:"status",type:"varchar",length:30,notNull:!0,default:"active",enumValues:["active","completed","rejected","cancelled"]},{name:"current_step_order",type:"integer",notNull:!0,default:1},{name:"started_at",type:"timestamptz",notNull:!0,defaultRaw:"now()"},{name:"completed_at",type:"timestamptz"}],indexes:[{columns:["flow_id"]},{columns:["entity_name","entity_id"]},{columns:["entity_name","entity_id","status"]},{columns:["status"]},{columns:["started_by"]}]},{table_name:"verificationNotificationChannels",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"rule_id",type:"uuid",notNull:!0,references:{table:"verificationNotificationRules",column:"id",onDelete:"cascade"}},{name:"channel",type:"varchar",length:30,notNull:!0,enumValues:["portal","email","sms","telegram","webhook"]}],indexes:[{columns:["rule_id"]},{columns:["rule_id","channel"],unique:!0},{columns:["channel"]}]},{table_name:"user_cohorts",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"created_by",type:"uuid",references:{table:"users",column:"id",onDelete:"set null"}},{name:"expires_at",type:"timestamptz"},{name:"user_count",type:"integer",notNull:!0,default:0},{name:"metadata",type:"jsonb",default:"{}"}]},{table_name:"user_sessions",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"refresh_token_hash",type:"varchar",length:255},{name:"device_fingerprint",type:"varchar",length:255},{name:"device_name",type:"varchar",length:100},{name:"device_type",type:"varchar",length:50,enumValues:["desktop","mobile","tablet","unknown"]},{name:"browser_name",type:"varchar",length:50},{name:"browser_version",type:"varchar",length:20},{name:"os_name",type:"varchar",length:50},{name:"os_version",type:"varchar",length:20},{name:"ip_address",type:"varchar",length:45,notNull:!0},{name:"location_country",type:"varchar",length:100},{name:"location_city",type:"varchar",length:100},{name:"location_coordinates",type:"varchar",length:50},{name:"last_activity_at",type:"timestamptz",notNull:!0,defaultRaw:"now()"},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"revoked_at",type:"timestamptz"},{name:"revoked_reason",type:"varchar",length:100,enumValues:["user_logout","user_revoked","admin_revoked","security_concern","password_changed","expired","replaced"]},{name:"is_current",type:"boolean",notNull:!0,default:!1},{name:"login_method",type:"varchar",length:50,enumValues:["password","oauth_google","oauth_github","oauth_microsoft","magic_link","sso","api_key"]},{name:"remember_me",type:"boolean",notNull:!0,default:!1},{name:"trust_score",type:"integer",default:100},{name:"approval_status",type:"varchar",length:20,default:"approved",enumValues:["approved","pending","rejected"]},{name:"approval_token",type:"varchar",length:64},{name:"approval_requested_at",type:"timestamptz"},{name:"approval_responded_at",type:"timestamptz"}],indexes:[{columns:["user_id"]},{columns:["token_hash"],unique:!0},{columns:["refresh_token_hash"]},{columns:["user_id","is_active"]},{columns:["expires_at"]},{columns:["device_fingerprint"]},{columns:["ip_address"]},{columns:["last_activity_at"]},{columns:["approval_status"]},{columns:["approval_token"]}]},{table_name:"trusted_devices",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:64,notNull:!0},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending",enumValues:["pending","trusted","revoked"]},{name:"origin_session_id",type:"uuid"},{name:"label",type:"varchar",length:120},{name:"device_fingerprint",type:"varchar",length:255},{name:"first_seen_ip",type:"varchar",length:45},{name:"last_seen_ip",type:"varchar",length:45},{name:"last_seen_at",type:"timestamptz"},{name:"expires_at",type:"timestamptz"},{name:"revoked_at",type:"timestamptz"},{name:"revoked_reason",type:"varchar",length:30,enumValues:["user_revoked","password_reset","logout","admin_revoked","expired","replaced"]}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["user_id","status"]},{columns:["origin_session_id"]},{columns:["expires_at"]}]},{table_name:"password_reset_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",requires:["email"],available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["expires_at"]}]},{table_name:"magic_link_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",requires:["email"],available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"email",type:"varchar",length:255,notNull:!0},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["email"]},{columns:["expires_at"]}]},{table_name:"webauthn_credentials",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",requires:[],available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"credential_id",type:"text",notNull:!0},{name:"public_key",type:"text",notNull:!0},{name:"counter",type:"bigint",mode:"number",notNull:!0,defaultValue:0},{name:"transports",type:"jsonb"},{name:"device_type",type:"varchar",length:32},{name:"backed_up",type:"boolean",notNull:!0,defaultValue:!1},{name:"aaguid",type:"varchar",length:64},{name:"authenticator_attachment",type:"varchar",length:32},{name:"nickname",type:"varchar",length:128},{name:"last_used_at",type:"timestamptz"},{name:"revoked_at",type:"timestamptz"}],indexes:[{columns:["credential_id"],unique:!0},{columns:["user_id"]}]},{table_name:"webauthn_challenges",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",requires:[],available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE","GET"],columns:[{name:"user_id",type:"uuid",references:{table:"users",column:"id",onDelete:"cascade"}},{name:"challenge",type:"text",notNull:!0},{name:"challenge_type",type:"varchar",length:32,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"consumed_at",type:"timestamptz"}],indexes:[{columns:["challenge"],unique:!0},{columns:["user_id"]},{columns:["expires_at"]}]},{table_name:"audit_logs",feature_set:["audit"],add_base_columns:!1,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","DELETE","PATCH","TOGGLE","VERIFICATION"],columns:[{name:"id",type:"uuid",primaryKey:!0,defaultRaw:"gen_random_uuid()"},{name:"entity_id",type:"uuid"},{name:"entity_name",type:"text",notNull:!0},{name:"operation_type",type:"text",notNull:!0},{name:"user_id",type:"uuid"},{name:"ip_address",type:"text"},{name:"user_agent",type:"text"},{name:"summary",type:"text"},{name:"severity",type:"text",default:"info"},{name:"category",type:"text"},{name:"occurrence_count",type:"integer",default:1},{name:"last_occurrence_at",type:"timestamp"},{name:"old_values",type:"jsonb"},{name:"new_values",type:"jsonb"},{name:"created_at",type:"timestamp",notNull:!0,defaultRaw:"now()"},{name:"path",type:"text"},{name:"query",type:"text"}],indexes:[{columns:["entity_id"]},{columns:["entity_name"]},{columns:["user_id"]},{columns:["created_at"]},{columns:["severity"]},{columns:["category"]}]},{table_name:"monitoring_metrics",feature_set:["monitoring"],add_base_columns:!1,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","DELETE","PATCH","TOGGLE","VERIFICATION"],columns:[{name:"id",type:"uuid",primaryKey:!0,defaultRaw:"gen_random_uuid()"},{name:"metric_type",type:"text",notNull:!0},{name:"metric_name",type:"text",notNull:!0},{name:"value",type:"doublePrecision",notNull:!0},{name:"tags",type:"jsonb"},{name:"recorded_at",type:"timestamp",notNull:!0}],indexes:[{columns:["metric_type"]},{columns:["metric_name"]},{columns:["recorded_at"]}]},{table_name:"oauth_accounts",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!1,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:50,notNull:!0,enumValues:["google","github","microsoft","discord","facebook","twitter","apple","custom"]},{name:"provider_account_id",type:"varchar",length:255,notNull:!0},{name:"provider_email",type:"varchar",length:255},{name:"provider_name",type:"varchar",length:255},{name:"provider_avatar_url",type:"text"},{name:"access_token",type:"text"},{name:"refresh_token",type:"text"},{name:"token_expires_at",type:"timestamp"},{name:"scope",type:"text"},{name:"raw_profile",type:"jsonb"},{name:"is_primary",type:"boolean",notNull:!0,default:!1},{name:"last_used_at",type:"timestamp"}],indexes:[{columns:["user_id"]},{columns:["provider","provider_account_id"],unique:!0},{columns:["provider_email"]},{columns:["user_id","provider"]}],constraints:{unique:[{name:"unique_provider_account",columns:["provider","provider_account_id"]}]}},{table_name:"api_keys",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH"],bulk_endpoints_enabled:!1,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"key_hash",type:"varchar",length:255,notNull:!0},{name:"key_preview",type:"varchar",length:20,notNull:!0},{name:"owner_type",type:"varchar",length:30,notNull:!0,default:"personal",enumValues:["personal","application"]},{name:"application_name",type:"varchar",length:255},{name:"allowed_roles",type:"jsonb",notNull:!0,default:"[]"},{name:"allowed_claims",type:"jsonb",notNull:!0,default:"[]"},{name:"allowed_scopes",type:"jsonb",notNull:!0,default:"[]"},{name:"expires_at",type:"timestamptz"},{name:"last_used_at",type:"timestamptz"},{name:"last_used_ip",type:"varchar",length:45},{name:"usage_count",type:"integer",notNull:!0,default:0},{name:"revoked_at",type:"timestamptz"},{name:"revoked_reason",type:"varchar",length:255}],indexes:[{columns:["key_hash"],unique:!0},{columns:["user_id"]},{columns:["user_id","is_active"]},{columns:["owner_type"]},{columns:["expires_at"]},{columns:["last_used_at"]}]},{table_name:"backup_logs",feature_set:["backup"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main","all"],excluded_schemas:[],excluded_methods:["PUT","PATCH"],columns:[{name:"backup_name",type:"varchar",length:255,notNull:!0},{name:"file_name",type:"varchar",length:500,notNull:!0},{name:"schema_name",type:"varchar",length:100,notNull:!0},{name:"format",type:"varchar",length:20,notNull:!0,default:"json"},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending"},{name:"trigger",type:"varchar",length:20,notNull:!0,default:"manual"},{name:"size_bytes",type:"integer"},{name:"table_count",type:"integer"},{name:"row_count",type:"integer"},{name:"included_tables",type:"jsonb",default:"[]"},{name:"excluded_tables",type:"jsonb",default:"[]"},{name:"error_message",type:"text"},{name:"started_at",type:"timestamp"},{name:"completed_at",type:"timestamp"},{name:"performed_by",type:"varchar",length:255},{name:"cron_expression",type:"varchar",length:100},{name:"retention_days",type:"integer"}],indexes:[{columns:["schema_name"]},{columns:["status"]},{columns:["trigger"]},{columns:["created_at"]}]},{table_name:"payment_transactions",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["DELETE"],columns:[{name:"user_id",type:"uuid",references:{table:"users",column:"id"}},{name:"order_id",type:"varchar",length:255},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_transaction_id",type:"varchar",length:255},{name:"provider_payment_id",type:"varchar",length:255},{name:"payment_method",type:"varchar",length:50},{name:"amount",type:"numeric",precision:12,scale:2,notNull:!0,default:0},{name:"currency",type:"varchar",length:10,notNull:!0,default:"TRY"},{name:"status",type:"varchar",length:30,notNull:!0,default:"pending",enumValues:["pending","processing","completed","failed","refunded","partially_refunded","cancelled"]},{name:"status_code",type:"integer"},{name:"status_message",type:"text"},{name:"card_last_four",type:"varchar",length:4},{name:"card_type",type:"varchar",length:50},{name:"card_association",type:"varchar",length:50},{name:"installment",type:"integer",default:1},{name:"is_three_d_secure",type:"boolean",default:!1},{name:"provider_response",type:"jsonb",default:"{}"},{name:"metadata",type:"jsonb",default:"{}"},{name:"refunded_amount",type:"numeric",precision:12,scale:2,default:0},{name:"refunded_at",type:"timestamptz"},{name:"completed_at",type:"timestamptz"},{name:"failed_at",type:"timestamptz"},{name:"ip_address",type:"varchar",length:45}],indexes:[{columns:["user_id"]},{columns:["order_id"]},{columns:["provider"]},{columns:["provider_payment_id"]},{columns:["status"]},{columns:["user_id","status"]}]},{table_name:"payment_methods",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"type",type:"varchar",length:30,notNull:!0,default:"card",enumValues:["card","bank_account","wallet"]},{name:"alias",type:"varchar",length:100},{name:"card_last_four",type:"varchar",length:4},{name:"card_type",type:"varchar",length:50},{name:"card_association",type:"varchar",length:50},{name:"card_family",type:"varchar",length:100},{name:"card_bank_name",type:"varchar",length:100},{name:"provider_card_user_key",type:"varchar",length:255},{name:"provider_card_token",type:"varchar",length:255},{name:"bin_number",type:"varchar",length:8},{name:"is_default",type:"boolean",default:!1},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["user_id"]},{columns:["provider"]},{columns:["user_id","is_default"]},{columns:["provider_card_user_key"]}]},{table_name:"payment_webhook_logs",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["PUT","PATCH","DELETE"],columns:[{name:"provider",type:"varchar",length:50,notNull:!0},{name:"event_type",type:"varchar",length:100,notNull:!0},{name:"provider_payment_id",type:"varchar",length:255},{name:"raw_payload",type:"jsonb",notNull:!0},{name:"processed",type:"boolean",default:!1},{name:"processing_result",type:"jsonb"},{name:"error_message",type:"text"},{name:"ip_address",type:"varchar",length:45},{name:"idempotency_key",type:"varchar",length:255}],indexes:[{columns:["provider"]},{columns:["event_type"]},{columns:["provider_payment_id"]},{columns:["processed"]},{columns:["idempotency_key"],unique:!0}]},{table_name:"payment_sub_merchants",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",references:{table:"users",column:"id"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_sub_merchant_key",type:"varchar",length:255},{name:"external_id",type:"varchar",length:255},{name:"type",type:"varchar",length:50,notNull:!0,default:"personal",enumValues:["personal","private_company","limited_or_joint_stock_company"]},{name:"status",type:"varchar",length:30,notNull:!0,default:"pending",enumValues:["pending","active","suspended","rejected"]},{name:"name",type:"varchar",length:255,notNull:!0},{name:"email",type:"varchar",length:255,notNull:!0},{name:"gsm_number",type:"varchar",length:20},{name:"address",type:"text"},{name:"iban",type:"varchar",length:50},{name:"contact_name",type:"varchar",length:100},{name:"contact_surname",type:"varchar",length:100},{name:"identity_number",type:"varchar",length:20},{name:"tax_office",type:"varchar",length:100},{name:"tax_number",type:"varchar",length:20},{name:"legal_company_title",type:"varchar",length:255},{name:"currency",type:"varchar",length:10,default:"TRY"},{name:"commission_rate",type:"numeric",precision:5,scale:2,default:0},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["user_id"]},{columns:["provider"]},{columns:["provider_sub_merchant_key"]},{columns:["external_id"]},{columns:["status"]},{columns:["email"]}]},{table_name:"payment_commission_splits",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["DELETE"],columns:[{name:"transaction_id",type:"uuid",notNull:!0,references:{table:"payment_transactions",column:"id",onDelete:"cascade"}},{name:"sub_merchant_id",type:"uuid",notNull:!0,references:{table:"payment_sub_merchants",column:"id"}},{name:"basket_item_id",type:"varchar",length:255},{name:"item_price",type:"numeric",precision:12,scale:2,notNull:!0,default:0},{name:"sub_merchant_price",type:"numeric",precision:12,scale:2,notNull:!0,default:0},{name:"platform_commission",type:"numeric",precision:12,scale:2,notNull:!0,default:0},{name:"commission_rate",type:"numeric",precision:5,scale:2,default:0},{name:"provider_split_id",type:"varchar",length:255},{name:"currency",type:"varchar",length:10,notNull:!0,default:"TRY"},{name:"status",type:"varchar",length:30,notNull:!0,default:"pending",enumValues:["pending","approved","disapproved","refunded"]},{name:"approved_at",type:"timestamptz"},{name:"disapproved_at",type:"timestamptz"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["transaction_id"]},{columns:["sub_merchant_id"]},{columns:["status"]},{columns:["transaction_id","sub_merchant_id"]},{columns:["provider_split_id"]}]},{table_name:"payment_products",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_product_id",type:"varchar",length:255},{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"type",type:"varchar",length:30,default:"service",enumValues:["service","good"]},{name:"status",type:"varchar",length:30,notNull:!0,default:"active",enumValues:["active","archived","draft"]},{name:"images",type:"jsonb",default:"[]"},{name:"unit_label",type:"varchar",length:50},{name:"url",type:"varchar",length:500},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["provider"]},{columns:["provider_product_id"]},{columns:["name"]},{columns:["status"]},{columns:["type"]}]},{table_name:"payment_prices",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["DELETE"],columns:[{name:"product_id",type:"uuid",notNull:!0,references:{table:"payment_products",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_price_id",type:"varchar",length:255},{name:"currency",type:"varchar",length:10,notNull:!0,default:"USD"},{name:"unit_amount",type:"integer",notNull:!0,default:0},{name:"unit_amount_decimal",type:"varchar",length:30},{name:"type",type:"varchar",length:30,notNull:!0,default:"one_time",enumValues:["one_time","recurring"]},{name:"billing_scheme",type:"varchar",length:30,default:"per_unit",enumValues:["per_unit","tiered"]},{name:"nickname",type:"varchar",length:255},{name:"recurring_interval",type:"varchar",length:20,enumValues:["day","week","month","year"]},{name:"recurring_interval_count",type:"integer",default:1},{name:"recurring_usage_type",type:"varchar",length:20,default:"licensed",enumValues:["licensed","metered"]},{name:"recurring_aggregate_usage",type:"varchar",length:30,enumValues:["sum","last_during_period","last_ever","max"]},{name:"transform_quantity_divide_by",type:"integer"},{name:"transform_quantity_round",type:"varchar",length:10,enumValues:["up","down"]},{name:"status",type:"varchar",length:30,notNull:!0,default:"active",enumValues:["active","archived"]},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["product_id"]},{columns:["provider"]},{columns:["provider_price_id"]},{columns:["type"]},{columns:["currency"]},{columns:["status"]},{columns:["product_id","status"]}]},{table_name:"payment_customers",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",references:{table:"users",column:"id"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_customer_id",type:"varchar",length:255,notNull:!0},{name:"email",type:"varchar",length:255,notNull:!0},{name:"name",type:"varchar",length:255},{name:"phone",type:"varchar",length:50},{name:"description",type:"text"},{name:"address",type:"jsonb",default:"{}"},{name:"tax_id_type",type:"varchar",length:50},{name:"tax_id_value",type:"varchar",length:100},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["user_id"]},{columns:["provider"]},{columns:["provider_customer_id"]},{columns:["email"]},{columns:["user_id","provider"],unique:!0}]},{table_name:"payment_subscriptions",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["DELETE"],columns:[{name:"customer_id",type:"uuid",notNull:!0,references:{table:"payment_customers",column:"id"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_subscription_id",type:"varchar",length:255},{name:"status",type:"varchar",length:30,notNull:!0,default:"incomplete",enumValues:["active","past_due","unpaid","canceled","incomplete","incomplete_expired","trialing","paused"]},{name:"collection_method",type:"varchar",length:30,default:"charge_automatically",enumValues:["charge_automatically","send_invoice"]},{name:"current_period_start",type:"timestamptz"},{name:"current_period_end",type:"timestamptz"},{name:"cancel_at_period_end",type:"boolean",default:!1},{name:"canceled_at",type:"timestamptz"},{name:"trial_start",type:"timestamptz"},{name:"trial_end",type:"timestamptz"},{name:"items",type:"jsonb",default:"[]"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["customer_id"]},{columns:["provider"]},{columns:["provider_subscription_id"]},{columns:["status"]},{columns:["customer_id","status"]}]},{table_name:"payment_invoices",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["DELETE"],columns:[{name:"customer_id",type:"uuid",notNull:!0,references:{table:"payment_customers",column:"id"}},{name:"subscription_id",type:"uuid",references:{table:"payment_subscriptions",column:"id"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_invoice_id",type:"varchar",length:255},{name:"status",type:"varchar",length:30,notNull:!0,default:"draft",enumValues:["draft","open","paid","uncollectible","void"]},{name:"collection_method",type:"varchar",length:30,default:"charge_automatically",enumValues:["charge_automatically","send_invoice"]},{name:"currency",type:"varchar",length:10,notNull:!0,default:"USD"},{name:"amount_due",type:"integer",default:0},{name:"amount_paid",type:"integer",default:0},{name:"amount_remaining",type:"integer",default:0},{name:"description",type:"text"},{name:"hosted_invoice_url",type:"varchar",length:1000},{name:"invoice_pdf",type:"varchar",length:1000},{name:"due_date",type:"timestamptz"},{name:"days_until_due",type:"integer"},{name:"period_start",type:"timestamptz"},{name:"period_end",type:"timestamptz"},{name:"paid_at",type:"timestamptz"},{name:"voided_at",type:"timestamptz"},{name:"lines",type:"jsonb",default:"[]"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["customer_id"]},{columns:["subscription_id"]},{columns:["provider"]},{columns:["provider_invoice_id"]},{columns:["status"]},{columns:["customer_id","status"]}]},{table_name:"chat_conversations",feature_set:["authentication","chat"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"type",type:"varchar",length:20,notNull:!0,default:"direct",enumValues:["direct","group"]},{name:"title",type:"varchar",length:255},{name:"description",type:"text"},{name:"avatar_file_id",type:"uuid"},{name:"direct_key",type:"varchar",length:255},{name:"last_message_at",type:"timestamptz"},{name:"last_message_preview",type:"varchar",length:500},{name:"last_message_sender_id",type:"uuid",references:{table:"users",column:"id",onDelete:"set null"}}],indexes:[{columns:["direct_key"],unique:!0},{columns:["type"]},{columns:["last_message_at"]}]},{table_name:"chat_participants",feature_set:["authentication","chat"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"conversation_id",type:"uuid",notNull:!0,references:{table:"chat_conversations",column:"id",onDelete:"cascade"}},{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"role",type:"varchar",length:20,notNull:!0,default:"member",enumValues:["member","admin","owner"]},{name:"last_read_message_id",type:"uuid"},{name:"last_read_at",type:"timestamptz"},{name:"unread_count",type:"integer",notNull:!0,default:0},{name:"muted",type:"boolean",notNull:!0,default:!1},{name:"muted_until",type:"timestamptz"},{name:"notifications_enabled",type:"boolean",notNull:!0,default:!0},{name:"left_at",type:"timestamptz"}],indexes:[{columns:["user_id"]},{columns:["conversation_id"]}],constraints:{unique:[{name:"unique_conversation_participant",columns:["conversation_id","user_id"]}]}},{table_name:"chat_messages",feature_set:["authentication","chat"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"conversation_id",type:"uuid",notNull:!0,references:{table:"chat_conversations",column:"id",onDelete:"cascade"}},{name:"sender_id",type:"uuid",references:{table:"users",column:"id",onDelete:"set null"}},{name:"content",type:"text"},{name:"content_type",type:"varchar",length:20,notNull:!0,default:"text",enumValues:["text","image","file","video","audio","system"]},{name:"reply_to_id",type:"uuid",references:{table:"chat_messages",column:"id",onDelete:"set null"}},{name:"metadata",type:"jsonb",default:"{}"},{name:"client_message_id",type:"varchar",length:100},{name:"edited_at",type:"timestamptz"},{name:"deleted_at",type:"timestamptz"}],indexes:[{columns:["conversation_id","created_at"]},{columns:["sender_id"]},{columns:["reply_to_id"]}]},{table_name:"chat_message_attachments",feature_set:["authentication","chat","storage"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"message_id",type:"uuid",notNull:!0,references:{table:"chat_messages",column:"id",onDelete:"cascade"}},{name:"conversation_id",type:"uuid",notNull:!0,references:{table:"chat_conversations",column:"id",onDelete:"cascade"}},{name:"file_id",type:"uuid",notNull:!0,references:{table:"files",column:"id",onDelete:"cascade"}},{name:"kind",type:"varchar",length:20,notNull:!0,default:"file",enumValues:["image","video","audio","file"]},{name:"original_name",type:"varchar",length:255},{name:"mime_type",type:"varchar",length:100},{name:"size",type:"bigint",mode:"number"},{name:"width",type:"integer"},{name:"height",type:"integer"},{name:"duration",type:"integer"}],indexes:[{columns:["message_id"]},{columns:["conversation_id"]},{columns:["file_id"]}]},{table_name:"payment_splits",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Payments Marketplace",columns:[{name:"transaction_id",type:"uuid",references:{table:"paymentTransactions",column:"id",onDelete:"set null"}},{name:"recipient_owner_type",type:"varchar",length:20,notNull:!0,default:"seller",comment:"seller | platform | tenant | user"},{name:"recipient_owner_id",type:"uuid",notNull:!0},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"gross_amount",type:"bigint",mode:"number",notNull:!0,comment:"Minor units"},{name:"provider_fee_amount",type:"bigint",mode:"number",notNull:!0,default:0},{name:"platform_fee_amount",type:"bigint",mode:"number",notNull:!0,default:0},{name:"reserve_amount",type:"bigint",mode:"number",notNull:!0,default:0},{name:"net_payable_amount",type:"bigint",mode:"number",notNull:!0},{name:"currency",type:"varchar",length:10,notNull:!0},{name:"available_for_payout_at",type:"timestamptz"},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending",comment:"pending | available | payout_requested | paid | held | refunded | disputed | cancelled"},{name:"source_type",type:"varchar",length:50},{name:"source_id",type:"varchar",length:255},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["recipient_owner_type","recipient_owner_id"]},{columns:["status"]},{columns:["transaction_id"]}]},{table_name:"payment_ledger_entries",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Payments Marketplace",columns:[{name:"account",type:"varchar",length:40,notNull:!0,comment:"platform_revenue | provider_fee | seller_payable | reserve | refund_liability | dispute_liability | payout_in_transit | payout_completed"},{name:"owner_type",type:"varchar",length:20},{name:"owner_id",type:"uuid"},{name:"direction",type:"varchar",length:6,notNull:!0,comment:"debit | credit"},{name:"amount",type:"bigint",mode:"number",notNull:!0,comment:"Minor units"},{name:"currency",type:"varchar",length:10,notNull:!0},{name:"entry_type",type:"varchar",length:40,notNull:!0,comment:"split | refund | payout | reserve_hold | reserve_release | dispute | adjustment"},{name:"reference_type",type:"varchar",length:50},{name:"reference_id",type:"varchar",length:255},{name:"split_id",type:"uuid",references:{table:"paymentSplits",column:"id",onDelete:"set null"}},{name:"description",type:"text"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["account"]},{columns:["owner_type","owner_id"]},{columns:["entry_type"]},{columns:["reference_type","reference_id"]}]},{table_name:"payment_settlement_policies",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],group_name:"Payments Marketplace",columns:[{name:"owner_type",type:"varchar",length:20,notNull:!0,default:"tenant",comment:"tenant | seller"},{name:"owner_id",type:"uuid",notNull:!0},{name:"default_delay_days",type:"integer",notNull:!0,default:7},{name:"new_seller_delay_days",type:"integer",notNull:!0,default:14},{name:"reserve_rate",type:"numeric",precision:5,scale:4,notNull:!0,default:0,comment:"Fraction 0..1 held as reserve"},{name:"reserve_days",type:"integer",notNull:!0,default:0},{name:"minimum_payout_amount",type:"bigint",mode:"number",notNull:!0,default:0},{name:"currency",type:"varchar",length:10},{name:"early_payout_enabled",type:"boolean",notNull:!0,default:!1},{name:"status",type:"varchar",length:20,notNull:!0,default:"active"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["owner_type","owner_id"],unique:!0}]},{table_name:"payment_reserves",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Payments Marketplace",columns:[{name:"owner_type",type:"varchar",length:20,notNull:!0,default:"seller"},{name:"owner_id",type:"uuid",notNull:!0},{name:"split_id",type:"uuid",references:{table:"paymentSplits",column:"id",onDelete:"set null"}},{name:"amount",type:"bigint",mode:"number",notNull:!0},{name:"currency",type:"varchar",length:10,notNull:!0},{name:"reason",type:"varchar",length:30,notNull:!0,default:"refund_window",comment:"refund_window | chargeback_risk | new_seller | manual_hold | dispute | compliance_review"},{name:"status",type:"varchar",length:20,notNull:!0,default:"held",comment:"held | released | consumed | cancelled"},{name:"release_at",type:"timestamptz"},{name:"released_at",type:"timestamptz"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["owner_type","owner_id"]},{columns:["status"]},{columns:["release_at"]}]},{table_name:"payment_payout_requests",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["PUT"],group_name:"Payments Marketplace",columns:[{name:"recipient_owner_type",type:"varchar",length:20,notNull:!0,default:"seller"},{name:"recipient_owner_id",type:"uuid",notNull:!0},{name:"amount",type:"bigint",mode:"number",notNull:!0},{name:"currency",type:"varchar",length:10,notNull:!0},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending",comment:"pending | approved | rejected | processing | completed | failed | cancelled"},{name:"provider",type:"varchar",length:50},{name:"provider_payout_id",type:"varchar",length:255},{name:"provider_transfer_id",type:"varchar",length:255},{name:"destination",type:"varchar",length:255},{name:"requested_by",type:"uuid"},{name:"decided_by",type:"uuid"},{name:"decided_at",type:"timestamptz"},{name:"completed_at",type:"timestamptz"},{name:"failure_reason",type:"text"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["recipient_owner_type","recipient_owner_id"]},{columns:["status"]}]},{table_name:"payment_disputes",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["PUT"],group_name:"Payments Marketplace",columns:[{name:"transaction_id",type:"uuid",references:{table:"paymentTransactions",column:"id",onDelete:"set null"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_dispute_id",type:"varchar",length:255},{name:"owner_type",type:"varchar",length:20},{name:"owner_id",type:"uuid"},{name:"amount",type:"bigint",mode:"number"},{name:"currency",type:"varchar",length:10},{name:"reason",type:"varchar",length:100},{name:"status",type:"varchar",length:30,notNull:!0,default:"open",comment:"open | under_review | won | lost | accepted | cancelled"},{name:"evidence_due_at",type:"timestamptz"},{name:"resolved_at",type:"timestamptz"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["provider","provider_dispute_id"]},{columns:["status"]},{columns:["owner_type","owner_id"]},{columns:["transaction_id"]}]}]};var AUTH_ENDPOINT_CONFIGS={login:{key:"LOGIN",method:"POST",defaultRoute:"/auth/login",defaultIsPublic:!0,_payload:void 0,_success:void 0,_error:void 0},register:{key:"REGISTER",method:"POST",defaultRoute:"/auth/register",defaultIsPublic:!0,_payload:void 0,_success:void 0,_error:void 0},logout:{key:"LOGOUT",method:"POST",defaultRoute:"/auth/logout",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},refresh:{key:"REFRESH",method:"POST",defaultRoute:"/auth/refresh",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},me:{key:"ME",method:"GET",defaultRoute:"/auth/me",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},passwordChange:{key:"PASSWORD_CHANGE",method:"POST",defaultRoute:"/auth/password-change",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},passwordSet:{key:"PASSWORD_SET",method:"POST",defaultRoute:"/auth/password-set",defaultIsPublic:!1,_payload:void 0,_success:void 0,_error:void 0},passwordReset:{key:"PASSWORD_RESET_REQUEST",method:"POST",defaultRoute:"/auth/password-reset",defaultIsPublic:!0,subEndpoints:[{key:"PASSWORD_RESET_REQUEST",method:"POST",suffix:"/request",_payload:void 0,_success:void 0,_error:void 0},{key:"PASSWORD_RESET_CONFIRM",method:"POST",suffix:"/confirm",_payload:void 0,_success:void 0,_error:void 0}]},sessions:{key:"SESSIONS",method:"GET",defaultRoute:"/auth/sessions",defaultIsPublic:!1,subEndpoints:[{key:"SESSIONS",method:"GET",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_CURRENT",method:"GET",suffix:"/current",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_STATS",method:"GET",suffix:"/stats",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_PENDING",method:"GET",suffix:"/pending",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_REVOKE",method:"DELETE",suffix:"/:sessionId",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_REVOKE_ALL",method:"DELETE",suffix:"/all",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_APPROVE",method:"POST",suffix:"/approve",_payload:void 0,_success:void 0,_error:void 0},{key:"SESSIONS_REJECT",method:"POST",suffix:"/reject",_payload:void 0,_success:void 0,_error:void 0}]},magicLink:{key:"MAGIC_LINK",method:"POST",defaultRoute:"/auth/magic-link",defaultIsPublic:!0,subEndpoints:[{key:"MAGIC_LINK",method:"POST",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"MAGIC_LINK_VERIFY",method:"GET",suffix:"/verify",routeKey:"verifyRoute",_payload:void 0,_success:void 0,_error:void 0}]},invite:{key:"INVITE",method:"POST",defaultRoute:"/auth/invite",defaultIsPublic:!1,subEndpoints:[{key:"INVITE",method:"POST",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"INVITE_VERIFY",method:"POST",suffix:"/verify",_payload:void 0,_success:void 0,_error:void 0}]},emailVerification:{key:"VERIFY_EMAIL",method:"GET",defaultRoute:"/verify-email",defaultIsPublic:!0,subEndpoints:[{key:"VERIFY_EMAIL",method:"GET",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"RESEND_VERIFICATION",method:"POST",suffix:"",routeKey:"resendRoute",defaultRoute:"/resend-verification",_payload:void 0,_success:void 0,_error:void 0}]},captcha:{key:"CAPTCHA",method:"GET",defaultRoute:"/auth/captcha",defaultIsPublic:!0,subEndpoints:[{key:"CAPTCHA_GENERATE",method:"GET",suffix:"/generate",_payload:void 0,_success:void 0,_error:void 0},{key:"CAPTCHA_VALIDATE",method:"POST",suffix:"/validate",_payload:void 0,_success:void 0,_error:void 0}]},oauth:{key:"OAUTH_PROVIDERS",method:"GET",defaultRoute:"/auth/oauth/providers",defaultIsPublic:!0,subEndpoints:[{key:"OAUTH_PROVIDERS",method:"GET",suffix:"/providers",_payload:void 0,_success:void 0,_error:void 0},{key:"OAUTH_REDIRECT",method:"GET",suffix:"/:provider",_payload:void 0,_success:void 0,_error:void 0},{key:"OAUTH_ACCOUNTS",method:"GET",suffix:"/accounts",_payload:void 0,_success:void 0,_error:void 0},{key:"OAUTH_UNLINK",method:"DELETE",suffix:"/unlink/:provider",_payload:void 0,_success:void 0,_error:void 0}]},webauthn:{key:"WEBAUTHN",method:"POST",defaultRoute:"/auth/webauthn",defaultIsPublic:!1,subEndpoints:[{key:"WEBAUTHN_REGISTER_OPTIONS",method:"POST",suffix:"/register/options",_payload:void 0,_success:void 0,_error:void 0},{key:"WEBAUTHN_REGISTER_VERIFY",method:"POST",suffix:"/register/verify",_payload:void 0,_success:void 0,_error:void 0},{key:"WEBAUTHN_AUTH_OPTIONS",method:"POST",suffix:"/authenticate/options",_payload:void 0,_success:void 0,_error:void 0},{key:"WEBAUTHN_AUTH_VERIFY",method:"POST",suffix:"/authenticate/verify",_payload:void 0,_success:void 0,_error:void 0},{key:"WEBAUTHN_LIST",method:"GET",suffix:"/credentials",_payload:void 0,_success:void 0,_error:void 0},{key:"WEBAUTHN_REVOKE",method:"DELETE",suffix:"/credentials/:credentialId",_payload:void 0,_success:void 0,_error:void 0},{key:"WEBAUTHN_RENAME",method:"PATCH",suffix:"/credentials/:credentialId",_payload:void 0,_success:void 0,_error:void 0}]},apiKeys:{key:"API_KEYS",method:"GET",defaultRoute:"/auth/api-keys",defaultIsPublic:!1,subEndpoints:[{key:"API_KEYS_CREATE",method:"POST",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"API_KEYS_LIST",method:"GET",suffix:"",_payload:void 0,_success:void 0,_error:void 0},{key:"API_KEYS_DETAIL",method:"GET",suffix:"/:id",_payload:void 0,_success:void 0,_error:void 0},{key:"API_KEYS_UPDATE",method:"PATCH",suffix:"/:id",_payload:void 0,_success:void 0,_error:void 0},{key:"API_KEYS_REVOKE",method:"DELETE",suffix:"/:id",_payload:void 0,_success:void 0,_error:void 0}]}},AUTH_ENDPOINTS={LOGIN:{method:"POST",path:"/auth/login",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},REGISTER:{method:"POST",path:"/auth/register",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},LOGOUT:{method:"POST",path:"/auth/logout",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},REFRESH:{method:"POST",path:"/auth/refresh",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},ME:{method:"GET",path:"/auth/me",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PASSWORD_CHANGE:{method:"POST",path:"/auth/password/change",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PASSWORD_SET:{method:"POST",path:"/auth/password/set",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PASSWORD_RESET_REQUEST:{method:"POST",path:"/auth/password/reset-request",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},PASSWORD_RESET_CONFIRM:{method:"POST",path:"/auth/password/reset-confirm",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},SESSIONS:{method:"GET",path:"/auth/sessions",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},SESSIONS_CURRENT:{method:"GET",path:"/auth/sessions/current",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},SESSIONS_STATS:{method:"GET",path:"/auth/sessions/stats",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},SESSIONS_PENDING:{method:"GET",path:"/auth/sessions/pending",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},SESSIONS_REVOKE:{method:"POST",path:"/auth/sessions/revoke",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},SESSIONS_REVOKE_ALL:{method:"POST",path:"/auth/sessions/revoke-all",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},SESSIONS_APPROVE:{method:"POST",path:"/auth/sessions/approve",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},SESSIONS_REJECT:{method:"POST",path:"/auth/sessions/reject",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},MAGIC_LINK:{method:"POST",path:"/auth/magic-link",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},MAGIC_LINK_VERIFY:{method:"POST",path:"/auth/magic-link/verify",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},INVITE:{method:"POST",path:"/auth/invite",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},INVITE_VERIFY:{method:"POST",path:"/auth/invite/verify",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},VERIFY_EMAIL:{method:"POST",path:"/auth/verify-email",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},RESEND_VERIFICATION:{method:"POST",path:"/auth/resend-verification",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},CAPTCHA_GENERATE:{method:"POST",path:"/auth/captcha/generate",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},CAPTCHA_VALIDATE:{method:"POST",path:"/auth/captcha/validate",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},WEBAUTHN_REGISTER_OPTIONS:{method:"POST",path:"/auth/webauthn/register/options",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},WEBAUTHN_REGISTER_VERIFY:{method:"POST",path:"/auth/webauthn/register/verify",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},WEBAUTHN_AUTH_OPTIONS:{method:"POST",path:"/auth/webauthn/authenticate/options",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},WEBAUTHN_AUTH_VERIFY:{method:"POST",path:"/auth/webauthn/authenticate/verify",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},WEBAUTHN_LIST:{method:"GET",path:"/auth/webauthn/credentials",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},WEBAUTHN_REVOKE:{method:"DELETE",path:"/auth/webauthn/credentials/:credentialId",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},WEBAUTHN_RENAME:{method:"PATCH",path:"/auth/webauthn/credentials/:credentialId",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_IMPERSONATE:{method:"POST",path:"/auth/admin/impersonate",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_IMPERSONATE_STOP:{method:"POST",path:"/auth/admin/impersonate/stop",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_CHANGE_USER_ID:{method:"POST",path:"/auth/admin/change-user-id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_CREATE_USER:{method:"POST",path:"/auth/admin/create-user",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_HARD_DELETE_USER:{method:"DELETE",path:"/auth/admin/hard-delete/:userId",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},API_KEYS_CREATE:{method:"POST",path:"/auth/api-keys",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},API_KEYS_LIST:{method:"GET",path:"/auth/api-keys",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},API_KEYS_DETAIL:{method:"GET",path:"/auth/api-keys/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},API_KEYS_UPDATE:{method:"PUT",path:"/auth/api-keys/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},API_KEYS_REVOKE:{method:"DELETE",path:"/auth/api-keys/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}},CONFIG_ENDPOINTS={CONFIG_GET:{method:"GET",path:"/nucleus/config",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CONFIG_SECTIONS:{method:"GET",path:"/nucleus/config/sections",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CONFIG_SECTION_GET:{method:"GET",path:"/nucleus/config/:section",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CONFIG_SECTION_UPDATE:{method:"PATCH",path:"/nucleus/config/:section",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CONFIG_ENV:{method:"GET",path:"/nucleus/config/env",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CONFIG_OVERRIDES_GET:{method:"GET",path:"/nucleus/config/overrides",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CONFIG_OVERRIDES_CLEAR:{method:"DELETE",path:"/nucleus/config/overrides",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CONFIG_RESTART:{method:"POST",path:"/nucleus/config/restart",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}},VERIFICATION_ENDPOINTS={VERIFICATION_STATUS:{method:"GET",path:"/verification/status/:entity_name/:entity_id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},VERIFICATION_DECIDE:{method:"POST",path:"/verification/decide/:entity_name/:entity_id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},VERIFICATION_PENDING:{method:"GET",path:"/verification/pending",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},VERIFICATION_HISTORY:{method:"GET",path:"/verification/history/:entity_name/:entity_id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},VERIFICATION_START:{method:"POST",path:"/verification/start",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},VERIFICATION_START_FOR_ENTITY:{method:"POST",path:"/verification/start-for-entity",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},VERIFICATION_ENTITY_STATUSES:{method:"GET",path:"/verification/entity-statuses/:entity_name",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},FLOW_LIST:{method:"GET",path:"/verification/flows",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},FLOW_GET:{method:"GET",path:"/verification/flows/:flow_id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},FLOW_SAVE:{method:"POST",path:"/verification/flows",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},FLOW_PUBLISH:{method:"POST",path:"/verification/flows/:flow_id/publish",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},FLOW_DELETE:{method:"DELETE",path:"/verification/flows/:flow_id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},NOTIFICATION_LIST:{method:"GET",path:"/notifications",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},NOTIFICATION_UNSEEN_COUNT:{method:"GET",path:"/notifications/unseen-count",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},NOTIFICATION_MARK_SEEN:{method:"POST",path:"/notifications/:notification_id/seen",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},NOTIFICATION_MARK_ALL_SEEN:{method:"POST",path:"/notifications/seen-all",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}},CHAT_ENDPOINTS={CHAT_LIST_CONVERSATIONS:{method:"GET",path:"/chat/conversations",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CHAT_CREATE_CONVERSATION:{method:"POST",path:"/chat/conversations",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CHAT_GET_CONVERSATION:{method:"GET",path:"/chat/conversations/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CHAT_GET_MESSAGES:{method:"GET",path:"/chat/conversations/:id/messages",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CHAT_SEND_MESSAGE:{method:"POST",path:"/chat/conversations/:id/messages",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CHAT_MARK_READ:{method:"POST",path:"/chat/conversations/:id/read",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CHAT_TYPING:{method:"POST",path:"/chat/conversations/:id/typing",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CHAT_ADD_PARTICIPANTS:{method:"POST",path:"/chat/conversations/:id/participants",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CHAT_REMOVE_PARTICIPANT:{method:"DELETE",path:"/chat/conversations/:id/participants/:userId",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CHAT_EDIT_MESSAGE:{method:"PATCH",path:"/chat/messages/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},CHAT_DELETE_MESSAGE:{method:"DELETE",path:"/chat/messages/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}},MONITORING_ENDPOINTS={MONITORING_HEALTH_CHECK:{method:"GET",path:"/monitoring/health",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},MONITORING_GET_SETTINGS:{method:"GET",path:"/monitoring/settings",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},MONITORING_CHANGE_SETTINGS:{method:"PATCH",path:"/monitoring/settings",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},MONITORING_GET_LOGS:{method:"GET",path:"/monitoring/logs",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}},PAYMENT_ENDPOINTS={PAYMENT_INITIALIZE:{method:"POST",path:"/payments/initialize",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_TRANSACTIONS:{method:"GET",path:"/payments/transactions",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_TRANSACTION_DETAIL:{method:"GET",path:"/payments/transactions/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_BIN_QUERY:{method:"POST",path:"/payments/bin-query",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_DETAIL:{method:"POST",path:"/payments/payment-detail",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_REFUND:{method:"POST",path:"/payments/refund",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_SAVE_CARD:{method:"POST",path:"/payments/cards/save",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_CARDS:{method:"GET",path:"/payments/cards",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_DELETE_CARD:{method:"DELETE",path:"/payments/cards/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_SYNC_CARDS:{method:"POST",path:"/payments/cards/sync",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_REGISTER_SUB_MERCHANT:{method:"POST",path:"/payments/sub-merchants",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_UPDATE_SUB_MERCHANT:{method:"PUT",path:"/payments/sub-merchants/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_SUB_MERCHANTS:{method:"GET",path:"/payments/sub-merchants",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_GET_SUB_MERCHANT:{method:"GET",path:"/payments/sub-merchants/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_SPLITS:{method:"GET",path:"/payments/splits",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_APPROVE_SPLIT:{method:"POST",path:"/payments/splits/:splitId/approve",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_DISAPPROVE_SPLIT:{method:"POST",path:"/payments/splits/:splitId/disapprove",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_CREATE_PRODUCT:{method:"POST",path:"/payments/products",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_UPDATE_PRODUCT:{method:"PUT",path:"/payments/products/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_PRODUCTS:{method:"GET",path:"/payments/products",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_GET_PRODUCT:{method:"GET",path:"/payments/products/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_ARCHIVE_PRODUCT:{method:"DELETE",path:"/payments/products/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_CREATE_PRICE:{method:"POST",path:"/payments/prices",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_UPDATE_PRICE:{method:"PUT",path:"/payments/prices/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_PRICES:{method:"GET",path:"/payments/prices",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_GET_PRICE:{method:"GET",path:"/payments/prices/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_ARCHIVE_PRICE:{method:"DELETE",path:"/payments/prices/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_CREATE_CUSTOMER:{method:"POST",path:"/payments/customers",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_UPDATE_CUSTOMER:{method:"PUT",path:"/payments/customers/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_CUSTOMERS:{method:"GET",path:"/payments/customers",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_GET_CUSTOMER:{method:"GET",path:"/payments/customers/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_DELETE_CUSTOMER:{method:"DELETE",path:"/payments/customers/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_CREATE_SUBSCRIPTION:{method:"POST",path:"/payments/subscriptions",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_UPDATE_SUBSCRIPTION:{method:"PUT",path:"/payments/subscriptions/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_CANCEL_SUBSCRIPTION:{method:"POST",path:"/payments/subscriptions/:id/cancel",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_SUBSCRIPTIONS:{method:"GET",path:"/payments/subscriptions",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_GET_SUBSCRIPTION:{method:"GET",path:"/payments/subscriptions/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_REPORT_USAGE:{method:"POST",path:"/payments/usage-records",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_USAGE_SUMMARIES:{method:"GET",path:"/payments/usage-records/:subscriptionItemId/summaries",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_CREATE_INVOICE:{method:"POST",path:"/payments/invoices",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_FINALIZE_INVOICE:{method:"POST",path:"/payments/invoices/:id/finalize",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_SEND_INVOICE:{method:"POST",path:"/payments/invoices/:id/send",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_VOID_INVOICE:{method:"POST",path:"/payments/invoices/:id/void",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_PAY_INVOICE:{method:"POST",path:"/payments/invoices/:id/pay",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_INVOICES:{method:"GET",path:"/payments/invoices",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_GET_INVOICE:{method:"GET",path:"/payments/invoices/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_GET_BALANCE:{method:"GET",path:"/payments/balance",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_CREATE_PAYOUT:{method:"POST",path:"/payments/payouts",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_PAYOUTS:{method:"GET",path:"/payments/payouts",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_GET_PAYOUT:{method:"GET",path:"/payments/payouts/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_CANCEL_PAYOUT:{method:"POST",path:"/payments/payouts/:id/cancel",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_CREATE_TRANSFER:{method:"POST",path:"/payments/transfers",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_LIST_TRANSFERS:{method:"GET",path:"/payments/transfers",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}},TENANT_ENDPOINTS={TENANT_CHECK_SUBDOMAIN:{method:"GET",path:"/tenants/check-subdomain/:subdomain",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},TENANT_PROVISION:{method:"POST",path:"/tenants/provision",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},TENANT_LIST:{method:"GET",path:"/tenants",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},TENANT_DETAIL:{method:"GET",path:"/tenants/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},TENANT_SUSPEND:{method:"POST",path:"/tenants/:id/suspend",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},TENANT_REACTIVATE:{method:"POST",path:"/tenants/:id/reactivate",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},TENANT_SELF_SIGNUP:{method:"POST",path:"/tenants/self-signup",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0}},DOMAIN_ENDPOINTS={DOMAIN_RESOLVE:{method:"GET",path:"/domains/resolve",isPublic:!0,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_CREATE_HOSTNAME:{method:"POST",path:"/domains/hostnames",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_LIST_HOSTNAMES:{method:"GET",path:"/domains/hostnames",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_GET_HOSTNAME:{method:"GET",path:"/domains/hostnames/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_HOSTNAME_INSTRUCTIONS:{method:"GET",path:"/domains/hostnames/:id/instructions",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_VERIFY_HOSTNAME:{method:"POST",path:"/domains/hostnames/:id/verify",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_ACTIVATE_HOSTNAME:{method:"POST",path:"/domains/hostnames/:id/activate",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_DISABLE_HOSTNAME:{method:"POST",path:"/domains/hostnames/:id/disable",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_MAKE_PRIMARY:{method:"POST",path:"/domains/hostnames/:id/make-primary",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_REFRESH_HOSTNAME:{method:"POST",path:"/domains/hostnames/:id/refresh-status",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_CREATE_REGISTRATION:{method:"POST",path:"/domains/registrations",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_LIST_REGISTRATIONS:{method:"GET",path:"/domains/registrations",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_GET_REGISTRATION:{method:"GET",path:"/domains/registrations/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_CANCEL_REGISTRATION:{method:"POST",path:"/domains/registrations/:id/cancel",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},DOMAIN_TRANSFER_OUT:{method:"POST",path:"/domains/registrations/:id/transfer-out",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}},MARKETPLACE_ENDPOINTS={PAYMENT_MARKETPLACE_RECORD_SPLIT:{method:"POST",path:"/payment/marketplace/splits",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_LIST_SPLITS:{method:"GET",path:"/payment/marketplace/splits",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_BALANCE:{method:"GET",path:"/payment/marketplace/balance/:ownerId",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_RELEASE_RESERVE:{method:"POST",path:"/payment/marketplace/reserves/:id/release",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_GET_SETTLEMENT_POLICY:{method:"GET",path:"/payment/marketplace/settlement-policy",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_UPSERT_SETTLEMENT_POLICY:{method:"POST",path:"/payment/marketplace/settlement-policy",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_REQUEST_PAYOUT:{method:"POST",path:"/payment/marketplace/payout-requests",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_LIST_PAYOUTS:{method:"GET",path:"/payment/marketplace/payout-requests",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_GET_PAYOUT:{method:"GET",path:"/payment/marketplace/payout-requests/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_APPROVE_PAYOUT:{method:"POST",path:"/payment/marketplace/payout-requests/:id/approve",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_REJECT_PAYOUT:{method:"POST",path:"/payment/marketplace/payout-requests/:id/reject",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_OPEN_DISPUTE:{method:"POST",path:"/payment/marketplace/disputes",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_LIST_DISPUTES:{method:"GET",path:"/payment/marketplace/disputes",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},PAYMENT_MARKETPLACE_RESOLVE_DISPUTE:{method:"POST",path:"/payment/marketplace/disputes/:id/resolve",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}},COHORT_ENDPOINTS={ADMIN_LIST_COHORTS:{method:"GET",path:"/auth/admin/cohorts",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_GET_COHORT:{method:"GET",path:"/auth/admin/cohorts/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_CREATE_COHORT:{method:"POST",path:"/auth/admin/cohorts",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_UPDATE_COHORT:{method:"PATCH",path:"/auth/admin/cohorts/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_DELETE_COHORT:{method:"DELETE",path:"/auth/admin/cohorts/:id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_COHORT_BULK_CREATE:{method:"POST",path:"/auth/admin/cohorts/:id/bulk-create",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_COHORT_DEACTIVATE:{method:"POST",path:"/auth/admin/cohorts/:id/deactivate-users",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_COHORT_ACTIVATE:{method:"POST",path:"/auth/admin/cohorts/:id/activate-users",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_COHORT_DELETE_USERS:{method:"POST",path:"/auth/admin/cohorts/:id/delete-users",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},ADMIN_COHORT_EXPORT:{method:"GET",path:"/auth/admin/cohorts/:id/export",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}};var SYSTEM_TABLE_NAMES=["profiles","addresses","phones","files","users","roles","claims","user_roles","role_claims","audit_logs","monitoring_metrics"],systemTables=system_tables_default.tables.filter((t)=>SYSTEM_TABLE_NAMES.includes(t.table_name));function toUpperSnakeCase(str){return str.replace(/([a-z])([A-Z])/g,"$1_$2").replace(/[\s-]+/g,"_").toUpperCase()}function snakeToCamelCase(str){return str.replace(/_([a-z])/g,(_,letter)=>letter.toUpperCase())}function singularize(str){if(str.endsWith("ies"))return`${str.slice(0,-3)}y`;if(str.endsWith("ses"))return`${str.slice(0,-2)}`;if(str.endsWith("s"))return str.slice(0,-1);return str}function generateEntityEndpointKey(tableName,method){let upperName=toUpperSnakeCase(tableName),singularName=toUpperSnakeCase(singularize(tableName));switch(method){case"GET":return`GET_${upperName}`;case"POST":return`ADD_${singularName}`;case"PUT":return`UPDATE_${singularName}`;case"PATCH":return`PATCH_${singularName}`;case"DELETE":return`DELETE_${singularName}`}}function generateBulkEndpointKey(tableName,method){let upperName=toUpperSnakeCase(tableName);switch(method){case"POST":return`BULK_ADD_${upperName}`;case"PUT":return`BULK_UPDATE_${upperName}`;case"DELETE":return`BULK_DELETE_${upperName}`}}function isMethodExcluded(table,method){if(!table.excluded_methods)return!1;let methodMap={GET:"GET",POST:"POST",PUT:"PUT",PATCH:"PATCH",DELETE:"DELETE"};return table.excluded_methods.includes(methodMap[method])}function generateEndpointsFromConfig(config){let endpoints={};for(let table of config.entities){let tableName=table.table_name,basePath=`/${snakeToCamelCase(tableName)}`,sid=table.serviceId;if(!isMethodExcluded(table,"GET")){endpoints[generateEntityEndpointKey(tableName,"GET")]={method:"GET",path:basePath,isPublic:table.is_public?.GET??!1,serviceId:sid,_payload:void 0,_success:void 0,_error:void 0};let singularName=toUpperSnakeCase(singularize(tableName));endpoints[`GET_${singularName}_BY_ID`]={method:"GET",path:`${basePath}/:id`,isPublic:table.is_public?.GET??!1,serviceId:sid,_payload:void 0,_success:void 0,_error:void 0},endpoints[`GET_${toUpperSnakeCase(tableName)}_DISTINCT`]={method:"GET",path:`${basePath}/distinct/:field`,isPublic:table.is_public?.GET??!1,serviceId:sid,_payload:void 0,_success:void 0,_error:void 0}}if(!isMethodExcluded(table,"POST"))endpoints[generateEntityEndpointKey(tableName,"POST")]={method:"POST",path:basePath,isPublic:table.is_public?.POST??!1,isFormData:table.is_form_data,serviceId:sid,_payload:void 0,_success:void 0,_error:void 0};if(!isMethodExcluded(table,"PUT"))endpoints[generateEntityEndpointKey(tableName,"PUT")]={method:"PUT",path:`${basePath}/:id`,isPublic:table.is_public?.PUT??!1,isFormData:table.is_form_data,serviceId:sid,_payload:void 0,_success:void 0,_error:void 0};if(!isMethodExcluded(table,"PATCH"))endpoints[generateEntityEndpointKey(tableName,"PATCH")]={method:"PATCH",path:`${basePath}/:id`,isPublic:table.is_public?.PATCH??!1,serviceId:sid,_payload:void 0,_success:void 0,_error:void 0};if(!isMethodExcluded(table,"DELETE"))endpoints[generateEntityEndpointKey(tableName,"DELETE")]={method:"DELETE",path:`${basePath}/:id`,isPublic:table.is_public?.DELETE??!1,serviceId:sid,_payload:void 0,_success:void 0,_error:void 0};if(table.bulk_endpoints_enabled){if(!isMethodExcluded(table,"POST"))endpoints[generateBulkEndpointKey(tableName,"POST")]={method:"POST",path:`${basePath}/bulk`,isPublic:table.is_public?.POST??!1,serviceId:sid,_payload:void 0,_success:void 0,_error:void 0};if(!isMethodExcluded(table,"PUT"))endpoints[generateBulkEndpointKey(tableName,"PUT")]={method:"PUT",path:`${basePath}/bulk`,isPublic:table.is_public?.PUT??!1,serviceId:sid,_payload:void 0,_success:void 0,_error:void 0};if(!isMethodExcluded(table,"DELETE"))endpoints[generateBulkEndpointKey(tableName,"DELETE")]={method:"DELETE",path:`${basePath}/bulk`,isPublic:table.is_public?.DELETE??!1,serviceId:sid,_payload:void 0,_success:void 0,_error:void 0}}}return endpoints}function generateAuthEndpoints(config){let endpoints={},auth=config.authentication;if(!auth?.enabled)return endpoints;for(let[featureKey,endpointConfig]of Object.entries(AUTH_ENDPOINT_CONFIGS)){let feature=auth[featureKey];if(!feature?.enabled)continue;let feat=feature,baseRoute=feat.route||endpointConfig.defaultRoute,isPublic=feat.isPublic??endpointConfig.defaultIsPublic;if("subEndpoints"in endpointConfig&&endpointConfig.subEndpoints)for(let sub of endpointConfig.subEndpoints){let subRoute="routeKey"in sub&&sub.routeKey&&feature[sub.routeKey]?String(feature[sub.routeKey]):("defaultRoute"in sub)&&sub.defaultRoute?String(sub.defaultRoute):`${baseRoute}${sub.suffix}`;endpoints[sub.key]={method:sub.method,path:subRoute,isPublic:sub.key==="MAGIC_LINK_VERIFY"?!0:isPublic,_payload:sub._payload,_success:sub._success,_error:sub._error}}else if("_payload"in endpointConfig)endpoints[endpointConfig.key]={method:endpointConfig.method,path:baseRoute,isPublic,_payload:endpointConfig._payload,_success:endpointConfig._success,_error:endpointConfig._error}}return endpoints}function generateSystemTableEndpoints(){let endpoints={};for(let table of systemTables){let tableName=table.table_name,basePath=`/${snakeToCamelCase(tableName)}`,isFormData=tableName==="files";endpoints[generateEntityEndpointKey(tableName,"GET")]={method:"GET",path:basePath,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0};let singularName=toUpperSnakeCase(singularize(tableName));if(endpoints[`GET_${singularName}_BY_ID`]={method:"GET",path:`${basePath}/:id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints[generateEntityEndpointKey(tableName,"POST")]={method:"POST",path:basePath,isPublic:!1,isFormData,_payload:void 0,_success:void 0,_error:void 0},endpoints[generateEntityEndpointKey(tableName,"PUT")]={method:"PUT",path:`${basePath}/:id`,isPublic:!1,isFormData,_payload:void 0,_success:void 0,_error:void 0},endpoints[generateEntityEndpointKey(tableName,"PATCH")]={method:"PATCH",path:`${basePath}/:id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints[generateEntityEndpointKey(tableName,"DELETE")]={method:"DELETE",path:`${basePath}/:id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},table.bulk_endpoints_enabled)endpoints[generateBulkEndpointKey(tableName,"POST")]={method:"POST",path:`${basePath}/bulk`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints[generateBulkEndpointKey(tableName,"PUT")]={method:"PUT",path:`${basePath}/bulk`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints[generateBulkEndpointKey(tableName,"DELETE")]={method:"DELETE",path:`${basePath}/bulk`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0}}return endpoints}function generateMonitoringEndpoints(config){if(!config.liveMonitoring?.enabled)return{};return{...MONITORING_ENDPOINTS}}function generateAdminEndpoints(config){let endpoints={};if(!config.authentication?.enabled)return endpoints;return endpoints.ADMIN_IMPERSONATE={method:"POST",path:"/auth/admin/impersonate",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.ADMIN_IMPERSONATE_STOP={method:"POST",path:"/auth/admin/impersonate/stop",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.ADMIN_CHANGE_USER_ID={method:"POST",path:"/auth/admin/change-user-id",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.ADMIN_CREATE_USER={method:"POST",path:"/auth/admin/create-user",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.ADMIN_HARD_DELETE_USER={method:"DELETE",path:"/auth/admin/hard-delete/:userId",isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints}function generateCohortEndpoints(config){let auth=config.authentication;if(!auth?.enabled||!auth.cohorts?.enabled)return{};return{...COHORT_ENDPOINTS}}function generateVerificationEndpoints(config){let endpoints={},verification=config.verification,notification=config.notification;if(!verification?.enabled)return endpoints;let basePath=verification.endpoints?.basePath||"/verifications",flowBasePath=verification.flowEndpoints?.basePath||"/verification-flows",notifBasePath=notification?.endpoints?.basePath||"/notifications";if(endpoints.VERIFICATION_STATUS={method:"GET",path:`${basePath}/status/:entity_name/:entity_id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.VERIFICATION_DECIDE={method:"POST",path:`${basePath}/:entity_name/:entity_id/decide`,isPublic:!1,skipCamelCase:!0,_payload:void 0,_success:void 0,_error:void 0},endpoints.VERIFICATION_PENDING={method:"GET",path:`${basePath}/pending`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.VERIFICATION_HISTORY={method:"GET",path:`${basePath}/history/:entity_name/:entity_id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.VERIFICATION_START={method:"POST",path:`${basePath}/start`,isPublic:!1,skipCamelCase:!0,_payload:void 0,_success:void 0,_error:void 0},endpoints.VERIFICATION_START_FOR_ENTITY={method:"POST",path:`${basePath}/start-for-entity`,isPublic:!1,skipCamelCase:!0,_payload:void 0,_success:void 0,_error:void 0},endpoints.VERIFICATION_ENTITY_STATUSES={method:"GET",path:`${basePath}/statuses/:entity_name`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},verification.flowEndpoints?.enabled)endpoints.FLOW_LIST={method:"GET",path:flowBasePath,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.FLOW_GET={method:"GET",path:`${flowBasePath}/:flow_id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.FLOW_SAVE={method:"POST",path:flowBasePath,isPublic:!1,skipCamelCase:!0,_payload:void 0,_success:void 0,_error:void 0},endpoints.FLOW_PUBLISH={method:"POST",path:`${flowBasePath}/:flow_id/publish`,isPublic:!1,skipCamelCase:!0,_payload:void 0,_success:void 0,_error:void 0},endpoints.FLOW_DELETE={method:"DELETE",path:`${flowBasePath}/:flow_id`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0};if(notification?.enabled&&notification.endpoints?.enabled)endpoints.NOTIFICATION_LIST={method:"GET",path:notifBasePath,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.NOTIFICATION_UNSEEN_COUNT={method:"GET",path:`${notifBasePath}/unseen-count`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.NOTIFICATION_MARK_SEEN={method:"POST",path:`${notifBasePath}/:notification_id/seen`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0},endpoints.NOTIFICATION_MARK_ALL_SEEN={method:"POST",path:`${notifBasePath}/seen-all`,isPublic:!1,_payload:void 0,_success:void 0,_error:void 0};return endpoints}function generateTenantEndpoints(config){if(!config.database?.isMultiTenant)return{};return{...TENANT_ENDPOINTS}}function generateChatEndpoints(config){if(!config.chat?.enabled)return{};return{...CHAT_ENDPOINTS}}function generateDomainEndpoints(config){if(!config.domains?.enabled)return{};return{...DOMAIN_ENDPOINTS}}function generateMarketplaceEndpoints(config){let payment=config.payment;if(!payment?.enabled||!payment.marketplace?.enabled)return{};return{...MARKETPLACE_ENDPOINTS}}function generateAllEndpoints(config,extraEndpoints){let entityEndpoints=generateEndpointsFromConfig(config),authEndpoints=generateAuthEndpoints(config),adminEndpoints=generateAdminEndpoints(config),cohortEndpoints=generateCohortEndpoints(config),systemEndpoints=generateSystemTableEndpoints(),monitoringEndpoints=generateMonitoringEndpoints(config),verificationEndpoints=generateVerificationEndpoints(config),chatEndpoints=generateChatEndpoints(config),tenantEndpoints=generateTenantEndpoints(config),domainEndpoints=generateDomainEndpoints(config),marketplaceEndpoints=generateMarketplaceEndpoints(config);return{...entityEndpoints,...authEndpoints,...adminEndpoints,...cohortEndpoints,...systemEndpoints,...monitoringEndpoints,...verificationEndpoints,...chatEndpoints,...tenantEndpoints,...domainEndpoints,...marketplaceEndpoints,...extraEndpoints??{}}}init_Logger();import{randomUUID as randomUUID2}from"crypto";var DEFAULT_CONFIG2={timeout:30000,retries:0,retryDelay:1000,debug:!1};class ServerFetch{config;logger;constructor(config={}){this.config={...DEFAULT_CONFIG2,...config},this.logger=new Logger({service:"ServerFetch",prettyPrint:this.config.debug,colorize:this.config.debug,auditEnabled:!1})}buildUrl(url){if(url.startsWith("http://")||url.startsWith("https://"))return url;return this.config.baseUrl?`${this.config.baseUrl}${url}`:url}buildHeaders(customHeaders){let headers=new Headers;if(this.config.defaultHeaders)for(let[key,value]of Object.entries(this.config.defaultHeaders))headers.set(key,value);if(customHeaders)if(customHeaders instanceof Headers)customHeaders.forEach((value,key)=>{headers.set(key,value)});else if(Array.isArray(customHeaders))for(let[key,value]of customHeaders)headers.set(key,value);else for(let[key,value]of Object.entries(customHeaders))headers.set(key,value);return headers}parseResponseHeaders(headers){let result={};if(headers.forEach((value,key)=>{if(key.toLowerCase()==="set-cookie"){let existing=result[key];result[key]=existing?`${existing}, ${value}`:value}else result[key]=value}),typeof headers.getSetCookie==="function"){let setCookies=headers.getSetCookie();if(setCookies.length>0)result["set-cookie"]=setCookies.join(", ")}return result}async executeWithTimeout(promise,timeoutMs,_requestId){let controller=new AbortController,timeoutId=setTimeout(()=>controller.abort(),timeoutMs);try{return await Promise.race([promise,new Promise((_,reject)=>{controller.signal.addEventListener("abort",()=>{reject(Error(`Request timeout after ${timeoutMs}ms`))})})])}finally{clearTimeout(timeoutId)}}async fetch(options){let requestId=randomUUID2(),startTime=performance.now(),url=this.buildUrl(options.url),headers=this.buildHeaders(options.headers),timeout=options.timeout??this.config.timeout??30000,retries=options.retries??this.config.retries??0,retryDelay=options.retryDelay??this.config.retryDelay??1000,body;if(options.body)if(typeof options.body==="object"&&!(options.body instanceof FormData)&&!(options.body instanceof URLSearchParams)&&!(options.body instanceof Blob)&&!(options.body instanceof ArrayBuffer)){if(body=JSON.stringify(options.body),!headers.has("content-type"))headers.set("content-type","application/json")}else body=options.body;this.logger.debug(`[${requestId}] ${options.method} ${url}`,{method:options.method,url,hasBody:!!body});let lastError=null,attempt=0;while(attempt<=retries)try{let response=await this.executeWithTimeout(fetch(url,{method:options.method,headers,body}),timeout,requestId),durationMs2=performance.now()-startTime,responseHeaders=this.parseResponseHeaders(response.headers),rawSetCookies=typeof response.headers.getSetCookie==="function"?response.headers.getSetCookie():[],responseData,errorData,rawText=await response.text();if(rawText)try{let json=JSON.parse(rawText);if(response.ok)responseData=json;else errorData=json}catch{if(!response.ok)errorData={message:rawText||response.statusText}}else if(!response.ok)errorData={message:response.statusText};let result={isSuccess:response.ok,response:responseData,errors:errorData,code:response.status,headers:responseHeaders,rawSetCookies,durationMs:durationMs2,requestId,createdAt:new Date};if(response.ok)this.logger.info(`[${requestId}] ${options.method} ${url} ${response.status}`,{method:options.method,url,statusCode:response.status,durationMs:Math.round(durationMs2)});else this.logger.warn(`[${requestId}] ${options.method} ${url} ${response.status}`,{method:options.method,url,statusCode:response.status,durationMs:Math.round(durationMs2),error:errorData});return result}catch(error){if(lastError=error instanceof Error?error:Error(String(error)),attempt++,attempt<=retries)this.logger.warn(`[${requestId}] Retry ${attempt}/${retries} after error`,{method:options.method,url,error:lastError.message,attempt,retries}),await new Promise((resolve)=>setTimeout(resolve,retryDelay))}let durationMs=performance.now()-startTime;return this.logger.error(`[${requestId}] ${options.method} ${url} failed`,lastError,{method:options.method,url,durationMs:Math.round(durationMs),attempts:attempt}),{isSuccess:!1,response:void 0,errors:{message:lastError?.message||"Unknown error"},code:null,headers:{},rawSetCookies:[],durationMs,requestId,createdAt:new Date}}async get(url,options){return this.fetch({...options,url,method:"GET"})}async post(url,body,options){return this.fetch({...options,url,method:"POST",body})}async put(url,body,options){return this.fetch({...options,url,method:"PUT",body})}async patch(url,body,options){return this.fetch({...options,url,method:"PATCH",body})}async delete(url,options){return this.fetch({...options,url,method:"DELETE"})}}var serverFetch=new ServerFetch;var DEFAULT_TOKEN_NAMES={accessToken:"access_token",refreshToken:"refresh_token",sessionToken:"session_token"};function splitSetCookieHeader(header){let cookies=[],current="";for(let i=0;i<header.length;i++){let char=header[i];if(char===","){let next=header.slice(i+1).trimStart();if(/^[a-zA-Z0-9_-]+=/.test(next)){cookies.push(current.trim()),current="";continue}}current+=char}if(current.trim())cookies.push(current.trim());return cookies}function buildRequestHeaders(headersStore,tokenNames){let headers={},forwardHeaders=["x-forwarded-for","x-real-ip","user-agent","accept-language","x-request-id","x-client-ip","cf-connecting-ip","true-client-ip","x-tenant-id","x-app-origin"];for(let header of forwardHeaders){let value=headersStore.get(header);if(value)headers[header]=value}if(!headers["user-agent"])headers["user-agent"]="Nucleus-ServerAction/1.0";let accessToken=headersStore.get(`x-${tokenNames.accessToken}`),refreshToken=headersStore.get(`x-${tokenNames.refreshToken}`),sessionToken=headersStore.get(`x-${tokenNames.sessionToken}`);if(accessToken)headers[`x-${tokenNames.accessToken}`]=accessToken;if(refreshToken)headers[`x-${tokenNames.refreshToken}`]=refreshToken;if(sessionToken)headers[`x-${tokenNames.sessionToken}`]=sessionToken;let cookieHeader=headersStore.get("cookie");if(cookieHeader)headers.cookie=cookieHeader;return headers}function toCamelCase(str){return str.replace(/_([a-z])/g,(_,c)=>c.toUpperCase())}function convertKeysToCamelCase(obj){let result={};for(let[key,value]of Object.entries(obj)){let camelKey=key.startsWith("_")?key:toCamelCase(key);if(value instanceof Date)result[camelKey]=value.toISOString();else if(value&&typeof value==="object"&&!Array.isArray(value))result[camelKey]=convertKeysToCamelCase(value);else result[camelKey]=value}return result}var JSON_STRINGIFY_KEYS=new Set(["filters","sort","with","searchFields","select","distinctOn"]);function appendQueryParams(url,params){let searchParams=new URLSearchParams;for(let[key,value]of Object.entries(params)){if(value===void 0||value===null)continue;if(JSON_STRINGIFY_KEYS.has(key)&&typeof value==="object"){searchParams.append(key,JSON.stringify(value));continue}if(value instanceof Date)searchParams.append(key,value.toISOString());else if(Array.isArray(value))searchParams.append(key,value.filter((v)=>v!=null).map(String).join(","));else if(typeof value==="object")searchParams.append(key,JSON.stringify(value));else searchParams.append(key,String(value))}let queryString=searchParams.toString();if(!queryString)return url;return url.includes("?")?`${url}&${queryString}`:`${url}?${queryString}`}function createServerFactory(endpoints,config,getCookies,getHeaders){let tokenNames={...DEFAULT_TOKEN_NAMES,...config.tokenNames},serverFetch2=new ServerFetch({baseUrl:config.baseUrl,debug:config.debug,timeout:30000,retries:0});return async function(endpointKey,payload){let endpoint=endpoints[endpointKey];if(!endpoint)return{isSuccess:!1,errors:{message:`Endpoint "${endpointKey}" not found`},code:404};let cookieStore=await getCookies(),headersStore=await getHeaders(),allHeaders={};if(headersStore.forEach((value,key)=>{allHeaders[key]=value}),(endpoint.path.includes("/auth/login")||endpoint.path.includes("/auth/oauth"))&&endpoint.method==="POST")try{cookieStore.delete(tokenNames.accessToken),cookieStore.delete(tokenNames.refreshToken),cookieStore.delete(tokenNames.sessionToken)}catch(_){}let headers=buildRequestHeaders(headersStore,tokenNames),url=endpoint.path,body,pathParamNames=new Set,pathParamRegex=/:([a-zA-Z_][a-zA-Z0-9_]*)/g,paramMatch=pathParamRegex.exec(url);while(paramMatch!==null){if(paramMatch[1])pathParamNames.add(paramMatch[1]);paramMatch=pathParamRegex.exec(url)}if(payload&&typeof payload==="object"&&!(payload instanceof FormData)){let payloadObj=payload;for(let[key,value]of Object.entries(payloadObj))if(value!=null){if(pathParamNames.has(key))url=url.replace(`:${key}`,String(value));else if(key.startsWith("_")&&pathParamNames.has(key.substring(1)))url=url.replace(`:${key.substring(1)}`,String(value));else if(key==="id"&&pathParamNames.has("id"))url=url.replace(":id",String(value))}}if(endpoint.method==="GET"&&payload&&typeof payload==="object"){let queryPayload={...payload};for(let paramName of pathParamNames)delete queryPayload[paramName],delete queryPayload[`_${paramName}`];url=appendQueryParams(url,queryPayload)}else if(payload!==void 0){if(endpoint.isFormData&&payload instanceof FormData)body=payload;else if(Array.isArray(payload)){if(body=payload.map((item)=>item&&typeof item==="object"?convertKeysToCamelCase(item):item),!headers["content-type"])headers["content-type"]="application/json"}else if(body=endpoint.skipCamelCase?payload:convertKeysToCamelCase(payload),!headers["content-type"])headers["content-type"]="application/json"}let response=await serverFetch2.fetch({url,method:endpoint.method,headers,body}),setCookiesToProcess=response.rawSetCookies.length>0?response.rawSetCookies:response.headers["set-cookie"]?splitSetCookieHeader(response.headers["set-cookie"]):[];if(setCookiesToProcess.length>0)try{for(let cookie of setCookiesToProcess){let[nameValue,...options]=cookie.split(";");if(!nameValue)continue;let eqIdx=nameValue.indexOf("=");if(eqIdx===-1)continue;let name=nameValue.substring(0,eqIdx).trim(),value=nameValue.substring(eqIdx+1).trim();if(name&&value){let cookieOptions={};for(let opt of options){let trimmed=opt.trim(),optEqIdx=trimmed.indexOf("="),optName=optEqIdx===-1?trimmed:trimmed.substring(0,optEqIdx),optValue=optEqIdx===-1?void 0:trimmed.substring(optEqIdx+1);if(!optName)continue;let optNameLower=optName.toLowerCase();if(optNameLower==="path")cookieOptions.path=optValue;else if(optNameLower==="domain")cookieOptions.domain=optValue;else if(optNameLower==="max-age")cookieOptions.maxAge=Number(optValue);else if(optNameLower==="expires"&&optValue)cookieOptions.expires=new Date(optValue);else if(optNameLower==="httponly")cookieOptions.httpOnly=!0;else if(optNameLower==="secure")cookieOptions.secure=!0;else if(optNameLower==="samesite")cookieOptions.sameSite=optValue}cookieStore.set(name,value,cookieOptions)}}}catch(cookieError){console.warn("[ServerFactory] Failed to process Set-Cookie headers:",cookieError instanceof Error?cookieError.message:String(cookieError))}let normalizedResponse=response.response;if(response.isSuccess&&normalizedResponse&&typeof normalizedResponse==="object"&&!Array.isArray(normalizedResponse)){let raw=normalizedResponse;if("success"in raw&&!("data"in raw)){let{success,message,error,...rest}=raw;normalizedResponse={success,...message!==void 0?{message}:{},...error!==void 0?{error}:{},...Object.keys(rest).length>0?{data:rest}:{}}}}return{isSuccess:response.isSuccess,data:normalizedResponse,errors:response.errors,code:response.code,message:response.isSuccess?void 0:response.errors?.message}}}import{batch as batch2,createStore as createStore2}from"h-state";var initialState={connection:{status:"disconnected",clientId:null,subscribedTopics:[],error:null,reconnectAttempt:0},events:[],maxEvents:100},{useStore:usePubSubStore}=createStore2(initialState,{setConnectionStatus:(store)=>(status)=>{store.connection.status=status},setClientId:(store)=>(clientId)=>{store.connection.clientId=clientId},setSubscribedTopics:(store)=>(topics)=>{store.connection.subscribedTopics=topics},setError:(store)=>(error)=>{store.connection.error=error},setReconnectAttempt:(store)=>(attempt)=>{store.connection.reconnectAttempt=attempt},addEvent:(store)=>(event)=>{let updated=[event,...store.events];store.events=updated.slice(0,store.maxEvents)},clearEvents:(store)=>()=>{store.events=[]},reset:(store)=>()=>{batch2(()=>{store.connection.status="disconnected",store.connection.clientId=null,store.connection.subscribedTopics=[],store.connection.error=null,store.connection.reconnectAttempt=0,store.events=[]})}});import{useEffect}from"react";function buildWsUrl(config){let path=config.wsPath||"/api/events/subscribe",topics=(config.topics||["*"]).join(","),query=`?userId=${encodeURIComponent(config.userId)}&topics=${encodeURIComponent(topics)}`;if(config.wsUrl)return`${config.wsUrl.replace(/\/$/,"")}${path}${query}`;if(typeof window>"u")return"";return`${window.location.protocol==="https:"?"wss:":"ws:"}//${window.location.host}${path}${query}`}var connections=new Map,eventIdCounter=0;function log(conn,...args){if(conn.options.debug)console.log("[usePubSub]",...args)}function clearTimers(conn){if(conn.heartbeat)clearInterval(conn.heartbeat),conn.heartbeat=null;if(conn.reconnectTimeout)clearTimeout(conn.reconnectTimeout),conn.reconnectTimeout=null}function detachSocket(conn){let ws=conn.ws;if(!ws)return;if(ws.onopen=null,ws.onmessage=null,ws.onerror=null,ws.onclose=null,ws.readyState===WebSocket.OPEN||ws.readyState===WebSocket.CONNECTING)ws.close();conn.ws=null}function startHeartbeat(conn){if(conn.heartbeat)clearInterval(conn.heartbeat);conn.heartbeat=setInterval(()=>{if(conn.ws?.readyState===WebSocket.OPEN)conn.ws.send(JSON.stringify({type:"ping"}))},conn.options.heartbeatInterval)}function scheduleReconnect(conn){if(!conn.options.autoReconnect)return;if(connections.get(conn.url)!==conn)return;if(conn.reconnectAttempt>=conn.options.maxReconnectAttempts){conn.dispatch.setConnectionStatus("disconnected"),conn.dispatch.setError(Error("Max reconnection attempts reached")),log(conn,"Max reconnect attempts reached");return}let delay=Math.min(conn.options.reconnectBaseDelay*2**conn.reconnectAttempt,conn.options.reconnectMaxDelay);if(conn.reconnectAttempt+=1,conn.dispatch.setConnectionStatus("reconnecting"),conn.dispatch.setReconnectAttempt(conn.reconnectAttempt),log(conn,`Reconnecting in ${delay}ms (attempt ${conn.reconnectAttempt})`),conn.reconnectTimeout)clearTimeout(conn.reconnectTimeout);conn.reconnectTimeout=setTimeout(()=>{if(connections.get(conn.url)===conn)openSocket(conn)},delay)}function handleMessage(conn,raw){let message;try{message=JSON.parse(raw)}catch{log(conn,"Failed to parse message");return}switch(message.type){case"connected":conn.reconnectAttempt=0,conn.dispatch.setConnectionStatus("connected"),conn.dispatch.setClientId(message.clientId),conn.dispatch.setSubscribedTopics(message.subscribedTopics),conn.dispatch.setReconnectAttempt(0),conn.dispatch.setError(null),log(conn,"Connected, clientId:",message.clientId);break;case"subscribed":conn.dispatch.setSubscribedTopics(message.topics),log(conn,"Subscribed to:",message.topics);break;case"event":{if(conn.dispatch.addEvent({id:`evt_${Date.now()}_${eventIdCounter++}`,topic:message.topic,data:message.data,timestamp:message.timestamp,receivedAt:Date.now(),messageId:message.messageId,isRedelivery:message.isRedelivery}),message.messageId&&conn.ws?.readyState===WebSocket.OPEN)conn.ws.send(JSON.stringify({type:"ack",messageId:message.messageId}));break}case"pong":break;case"error":conn.dispatch.setError(Error(message.error)),log(conn,"Server error:",message.error);break}}function openSocket(conn){if(conn.ws?.readyState===WebSocket.OPEN||conn.ws?.readyState===WebSocket.CONNECTING)return;detachSocket(conn),conn.dispatch.setConnectionStatus("connecting"),conn.dispatch.setError(null),log(conn,"Connecting to:",conn.url);let ws=new WebSocket(conn.url);conn.ws=ws,ws.onopen=()=>{log(conn,"WebSocket opened"),startHeartbeat(conn)},ws.onmessage=(event)=>handleMessage(conn,event.data),ws.onerror=()=>{log(conn,"WebSocket error"),conn.dispatch.setError(Error("WebSocket connection error"))},ws.onclose=(event)=>{if(log(conn,"WebSocket closed",event.code,event.reason),conn.heartbeat)clearInterval(conn.heartbeat),conn.heartbeat=null;if(conn.dispatch.setConnectionStatus("disconnected"),conn.dispatch.setClientId(null),connections.get(conn.url)===conn&&event.code!==4001)scheduleReconnect(conn)}}function acquire(url,dispatch,options){let conn=connections.get(url);if(!conn)conn={url,ws:null,refCount:0,reconnectAttempt:0,heartbeat:null,reconnectTimeout:null,dispatch,options},connections.set(url,conn);else conn.dispatch=dispatch,conn.options=options;conn.refCount+=1,openSocket(conn)}function release(url){let conn=connections.get(url);if(!conn)return;if(conn.refCount-=1,conn.refCount>0)return;connections.delete(url),clearTimers(conn),detachSocket(conn),conn.dispatch.setConnectionStatus("disconnected"),conn.dispatch.setClientId(null)}function send(url,payload){let ws=connections.get(url)?.ws;if(ws?.readyState===WebSocket.OPEN)ws.send(JSON.stringify(payload))}function usePubSub(config){let store=usePubSubStore(),url=config.userId?buildWsUrl(config):"";return useEffect(()=>{if(!url)return;let dispatch={setConnectionStatus:store.setConnectionStatus,setClientId:store.setClientId,setSubscribedTopics:store.setSubscribedTopics,setError:store.setError,setReconnectAttempt:store.setReconnectAttempt,addEvent:store.addEvent},options={autoReconnect:config.autoReconnect??!0,maxReconnectAttempts:config.maxReconnectAttempts??10,reconnectBaseDelay:config.reconnectBaseDelay??1000,reconnectMaxDelay:config.reconnectMaxDelay??30000,heartbeatInterval:config.heartbeatInterval??30000,debug:config.debug??!1};return acquire(url,dispatch,options),()=>release(url)},[url]),{isConnected:store.connection.status==="connected",isConnecting:store.connection.status==="connecting"||store.connection.status==="reconnecting",clientId:store.connection.clientId,subscribedTopics:store.connection.subscribedTopics,events:store.events,error:store.connection.error,reconnectAttempt:store.connection.reconnectAttempt,connect:()=>{let conn=connections.get(url);if(conn)openSocket(conn)},disconnect:()=>release(url),subscribe:(topics)=>send(url,{type:"subscribe",topics}),unsubscribe:(topics)=>send(url,{type:"unsubscribe",topics}),clearEvents:store.clearEvents,getEventsByTopic:(topic)=>store.events.filter((e)=>e.topic===topic)}}import{createHash as createHash3,randomUUID as randomUUID6}from"crypto";var import_fast_decode_uri_component=__toESM(require_fast_decode_uri_component(),1);import{Elysia,NotFoundError}from"elysia";var fs,path,isBun=typeof Bun<"u"&&!!Bun.file;function getBuiltinModule(){if(fs||(fs=process.getBuiltinModule("fs/promises")),path||(path=process.getBuiltinModule("path")),!path){console.warn("@elysiajs/static require path to be available.");return}return[fs,path]}async function listHTMLFiles(dir){if(fs||getBuiltinModule(),isBun){let glob=new Bun.Glob("**/*.html"),files=[];for await(let file of glob.scan(dir))files.push(path.join(dir,file));return files}return[]}async function listFiles(dir){if(fs||getBuiltinModule(),isBun){let glob=new Bun.Glob("**/*"),files2=[];for await(let file of glob.scan(dir))files2.push(path.join(dir,file));return files2}let files=await fs.readdir(dir).catch(()=>[]);return(await Promise.all(files.map(async(name)=>{let file=dir+path.sep+name,stats=await fs.stat(file).catch(()=>null);return stats?stats.isDirectory()?await listFiles(file):[path.resolve(dir,file)]:[]}))).flat()}function fileExists(path2){return fs||getBuiltinModule(),fs.stat(path2).then(()=>!0,()=>!1)}class LRUCache{constructor(max=250,ttl=10800){this.max=max,this.ttl=ttl,this.map=new Map}get(key){let entry=this.map.get(key);if(entry)return entry[1]<=Date.now()?void this.delete(key):(this.map.delete(key),this.map.set(key,entry),entry[0])}set(key,value){if(this.interval||(this.interval=setInterval(()=>{let now=Date.now();for(let[key2,entry]of this.map)entry[1]<=now&&this.map.delete(key2)},this.ttl)),this.map.has(key))this.map.delete(key);else if(this.map.size>=this.max){let oldestKey=this.map.keys().next().value;oldestKey!==void 0&&this.delete(oldestKey)}this.map.set(key,[value,Date.now()+this.ttl*1000])}delete(key){this.map.get(key)&&this.map.delete(key)}clear(){this.map.clear()}size(){return this.map.size}[Symbol.dispose](){this.interval&&clearInterval(this.interval)}}function isCached(headers,etag,filePath){if(headers["cache-control"]&&/no-cache|no-store/.test(headers["cache-control"]))return!1;if("if-none-match"in headers){let ifNoneMatch=headers["if-none-match"];return ifNoneMatch==="*"?!0:ifNoneMatch===null||typeof etag!="string"?!1:ifNoneMatch===etag}if(headers["if-modified-since"]){let ifModifiedSince=headers["if-modified-since"];try{return fs.stat(filePath).then((stat)=>{if(stat.mtime!==void 0&&stat.mtime.getTime()<=Date.parse(ifModifiedSince))return!0})}catch{}}return!1}var Crypto;function getFile(path2){return isBun?Bun.file(path2):(fs||getBuiltinModule(),fs.readFile(path2))}async function generateETag(file){return isBun?new Bun.CryptoHasher("md5").update(await file.arrayBuffer()).digest("base64"):(Crypto||(Crypto=process.getBuiltinModule("crypto")),Crypto?Crypto.createHash("md5").update(file).digest("base64"):void console.warn("[@elysiajs/static] crypto is required to generate etag."))}var isNotEmpty=(obj)=>{if(!obj)return!1;for(let _ in obj)return!0;return!1};async function staticPlugin({assets="public",prefix="/public",staticLimit=1024,alwaysStatic=!1,ignorePatterns=[".DS_Store",".git",".env"],headers:initialHeaders,maxAge=86400,directive="public",etag:useETag=!0,extension=!0,indexHTML=!0,decodeURI,silent}={}){if(typeof process>"u"||typeof process.getBuiltinModule>"u")return silent||console.warn("[@elysiajs/static] require process.getBuiltinModule. Static plugin is disabled"),new Elysia;let builtinModule=getBuiltinModule();if(!builtinModule)return new Elysia;let[fs2,path2]=builtinModule,normalizePath=path2.sep!=="/"?(p)=>p.replace(/\\/g,"/"):(p)=>p,fileCache=new LRUCache;prefix===path2.sep&&(prefix="");let assetsDir=path2.resolve(assets),shouldIgnore=ignorePatterns.length?(file)=>ignorePatterns.find((pattern)=>typeof pattern=="string"?pattern.includes(file):pattern.test(file)):()=>!1,app=new Elysia({name:"static",seed:prefix});if(alwaysStatic){let files=await listFiles(path2.resolve(assets));if(files.length<=staticLimit)for(let absolutePath of files){let handleCache2=function({headers:requestHeaders}){if(etag){let cached=isCached(requestHeaders,etag,absolutePath);if(cached===!0)return new Response(null,{status:304,headers:isNotEmpty(initialHeaders)?initialHeaders:void 0});if(cached!==!1){let cache2=fileCache.get(pathName);return cache2?cache2.clone():cached.then((cached2)=>{if(cached2)return new Response(null,{status:304,headers:initialHeaders||void 0});let response2=new Response(file,{headers:Object.assign({"Cache-Control":maxAge?`${directive}, max-age=${maxAge}`:directive},initialHeaders,etag?{Etag:etag}:{})});return fileCache.set(prefix,response2),response2.clone()})}}let cache=fileCache.get(pathName);if(cache)return cache.clone();let response=new Response(file,{headers:Object.assign({"Cache-Control":maxAge?`${directive}, max-age=${maxAge}`:directive},initialHeaders,etag?{Etag:etag}:{})});return fileCache.set(pathName,response),response.clone()};var handleCache=handleCache2;if(!absolutePath||shouldIgnore(absolutePath))continue;let relativePath=absolutePath.replace(assetsDir,"");decodeURI&&(relativePath=import_fast_decode_uri_component.default(relativePath)??relativePath);let pathName=normalizePath(path2.join(prefix,relativePath));if(isBun&&absolutePath.endsWith(".html")){let htmlBundle=await import(absolutePath);app.get(pathName,htmlBundle.default),indexHTML&&pathName.endsWith("/index.html")&&app.get(pathName.replace("/index.html",""),htmlBundle.default);continue}extension||(pathName=normalizePath(pathName.slice(0,pathName.lastIndexOf("."))));let file=isBun?getFile(absolutePath):await getFile(absolutePath);if(!file)return silent||console.warn(`[@elysiajs/static] Failed to load file: ${absolutePath}`),new Elysia;let etag=await generateETag(file);app.get(pathName,useETag?handleCache2:new Response(file,isNotEmpty(initialHeaders)?{headers:initialHeaders}:void 0)),indexHTML&&pathName.endsWith("/index.html")&&app.get(pathName.replace("/index.html",""),useETag?handleCache2:new Response(file,isNotEmpty(initialHeaders)?{headers:initialHeaders}:void 0))}return app}if(!(`GET_${prefix}/*`in app.routeTree)){if(isBun){let htmls=await listHTMLFiles(path2.resolve(assets));for(let absolutePath of htmls){if(!absolutePath||shouldIgnore(absolutePath))continue;let relativePath=absolutePath.replace(assetsDir,""),pathName=normalizePath(path2.join(prefix,relativePath)),htmlBundle=await import(absolutePath);app.get(pathName,htmlBundle.default),indexHTML&&pathName.endsWith("/index.html")&&app.get(pathName.replace("/index.html",""),htmlBundle.default)}}app.onError(()=>{}).get(`${prefix.endsWith("/")?prefix.slice(0,-1):prefix}/*`,async({params,headers:requestHeaders})=>{let pathName=normalizePath(path2.join(assets,decodeURI?import_fast_decode_uri_component.default(params["*"])??params["*"]:params["*"]));if(shouldIgnore(pathName))throw new NotFoundError;let cache=fileCache.get(pathName);if(cache)return cache.clone();try{let fileStat=await fs2.stat(pathName).catch(()=>null);if(!fileStat)throw new NotFoundError;if(!indexHTML&&fileStat.isDirectory())throw new NotFoundError;let file;if(!isBun&&indexHTML){let htmlPath=path2.join(pathName,"index.html"),cache2=fileCache.get(htmlPath);if(cache2)return cache2.clone();await fileExists(htmlPath)&&(file=await getFile(htmlPath))}if(!file&&!fileStat.isDirectory()&&await fileExists(pathName))file=await getFile(pathName);else throw new NotFoundError;if(!useETag)return new Response(file,isNotEmpty(initialHeaders)?{headers:initialHeaders}:void 0);let etag=await generateETag(file);if(etag&&await isCached(requestHeaders,etag,pathName))return new Response(null,{status:304});let response=new Response(file,{headers:Object.assign({"Cache-Control":maxAge?`${directive}, max-age=${maxAge}`:directive},initialHeaders,etag?{Etag:etag}:{})});return fileCache.set(pathName,response),response.clone()}catch(error){throw error instanceof NotFoundError?error:(silent||console.error("[@elysiajs/static]",error),new NotFoundError)}})}return app}import{pushSchema}from"drizzle-kit/api";import{and as and19,eq as eq56,lt as lt3,sql as sql11}from"drizzle-orm";import{drizzle as drizzle2}from"drizzle-orm/node-postgres";import{pgSchema as pgSchema2}from"drizzle-orm/pg-core";import Elysia45 from"elysia";function resolveAuthType(pathname,auth){let at=(route)=>pathname===route||pathname.endsWith(route);if(at(auth?.login?.route||"/auth/login"))return"login";if(at(auth?.register?.route||"/auth/register"))return"register";if(at(auth?.passwordReset?.route||"/auth/password-reset"))return"passwordReset";if(at(auth?.magicLink?.route||"/auth/magic-link"))return"magicLink";if(at(auth?.invite?.route||"/auth/invite"))return"other";if(at("/sessions/approve")||at("/sessions/reject"))return"login";return}init_Services();init_ApiKey();init_Captcha();init_Domain();init_Middleware();var SYSTEM_TABLES=[{table_name:"users",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"email",type:"varchar",length:255},{name:"password",type:"varchar",length:255},{name:"verified_at",type:"timestamp"},{name:"email_verification_token",type:"varchar",length:255},{name:"email_verification_token_expires_at",type:"timestamp"},{name:"email_verification_sent_at",type:"timestamp"},{name:"email_verification_attempts",type:"integer",default:0},{name:"last_login_at",type:"timestamp"},{name:"login_count",type:"integer",default:0},{name:"is_locked",type:"boolean",default:!1},{name:"locked_until",type:"timestamp"},{name:"failed_login_attempts",type:"integer",default:0},{name:"is_god",type:"boolean",default:!1},{name:"cohort_id",type:"uuid",references:{table:"user_cohorts",column:"id",onDelete:"set null"}},{name:"email_verified",type:"boolean",default:!1}],indexes:[{columns:["email"],unique:!0},{columns:["email","is_active"]},{columns:["last_login_at"]},{columns:["is_locked","locked_until"]}]},{table_name:"profiles",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"first_name",type:"varchar",length:100,notNull:!0},{name:"last_name",type:"varchar",length:100,notNull:!0}],indexes:[{columns:["user_id"],unique:!0},{columns:["first_name","last_name"]}]},{table_name:"roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500}],indexes:[{columns:["name"],unique:!0}]},{table_name:"claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"action",type:"varchar",length:100,notNull:!0},{name:"description",type:"varchar",length:500},{name:"path",type:"varchar",length:200,notNull:!0},{name:"method",type:"varchar",length:10,notNull:!0},{name:"policy",type:"jsonb"}],indexes:[{columns:["action"],unique:!0},{columns:["path","method"]}]},{table_name:"user_roles",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}}],indexes:[{columns:["user_id"]},{columns:["role_id"]}],constraints:{unique:[{name:"unique_user_role",columns:["user_id","role_id"]}]}},{table_name:"role_claims",feature_set:["authentication","authorization"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"role_id",type:"uuid",notNull:!0,references:{table:"roles",column:"id",onDelete:"cascade"}},{name:"claim_id",type:"uuid",notNull:!0,references:{table:"claims",column:"id",onDelete:"cascade"}},{name:"scope",type:"text"}],indexes:[{columns:["role_id"]},{columns:["claim_id"]},{columns:["role_id","claim_id","scope"]}]},{table_name:"files",feature_set:["storage"],add_base_columns:!0,is_form_data:!0,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"name",type:"varchar",length:255,notNull:!0},{name:"original_name",type:"varchar",length:255,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["image","document","video","audio","profile_picture"]},{name:"path",type:"varchar",length:500,notNull:!0},{name:"size",type:"bigint",mode:"number",notNull:!0},{name:"mime_type",type:"varchar",length:100,notNull:!0},{name:"extension",type:"varchar",length:10,notNull:!0},{name:"uploaded_by",type:"uuid",references:{table:"users",column:"id"}}],indexes:[{columns:["type"]},{columns:["uploaded_by"]},{columns:["size"]}]},{table_name:"addresses",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"street",type:"varchar",length:255},{name:"city",type:"varchar",length:100},{name:"state",type:"varchar",length:50},{name:"zip",type:"varchar",length:20},{name:"country",type:"varchar",length:50,default:"US"},{name:"latitude",type:"decimal",precision:10,scale:8},{name:"longitude",type:"decimal",precision:11,scale:8},{name:"neighborhood",type:"varchar",length:100},{name:"apartment",type:"varchar",length:50},{name:"province",type:"varchar",length:100},{name:"district",type:"varchar",length:100},{name:"type",type:"varchar",length:50}],indexes:[{columns:["city","state"]},{columns:["latitude","longitude"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"phones",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!0,columns:[{name:"owner_type",type:"varchar",length:50,notNull:!0,enumValues:["user","company","contact"]},{name:"owner_id",type:"uuid",notNull:!0},{name:"name",type:"varchar",length:100,notNull:!0},{name:"type",type:"varchar",length:50,enumValues:["mobile","office","fax"]},{name:"number",type:"varchar",length:20,notNull:!0},{name:"country_code",type:"varchar",length:10,notNull:!0,default:"+1"},{name:"extension",type:"varchar",length:10}],indexes:[{columns:["number"]},{columns:["type"]},{columns:["owner_type","owner_id"]}]},{table_name:"notifications",feature_set:["notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",notNull:!0},{name:"title",type:"varchar",length:255,notNull:!0},{name:"body",type:"varchar",length:1000},{name:"entity_name",type:"varchar",length:100},{name:"entity_id",type:"uuid"},{name:"type",type:"varchar",length:50,notNull:!0,default:"system",enumValues:["verification","system","custom"]},{name:"source",type:"varchar",length:100},{name:"is_seen",type:"boolean",notNull:!0,default:!1},{name:"seen_at",type:"timestamptz"}],indexes:[{columns:["user_id","created_at"]},{columns:["is_seen"]},{columns:["type"]},{columns:["user_id","type","is_seen"]}]},{table_name:"tenants",feature_set:["multi-tenant"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:[],columns:[{name:"subdomain",type:"varchar",length:100,notNull:!0,unique:!0},{name:"schema_name",type:"varchar",length:100,notNull:!0,unique:!0},{name:"company_id",type:"uuid",notNull:!0},{name:"company_name",type:"varchar",length:255},{name:"god_admin_email",type:"varchar",length:255,notNull:!0},{name:"status",type:"varchar",length:20,notNull:!0,default:"provisioning"},{name:"plan",type:"varchar",length:50,default:"free"},{name:"domain",type:"varchar",length:255},{name:"settings",type:"jsonb",default:"{}"},{name:"trusted_sources",type:"jsonb",default:"[]"},{name:"max_users",type:"integer"},{name:"provisioned_at",type:"timestamptz"},{name:"suspended_at",type:"timestamptz"},{name:"suspended_reason",type:"text"}],indexes:[{columns:["status"]}]},{table_name:"tenant_events",feature_set:["multi-tenant"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"tenant_id",type:"uuid",notNull:!0,references:{table:"tenants",column:"id",onDelete:"cascade"}},{name:"event_type",type:"varchar",length:50,notNull:!0},{name:"event_data",type:"jsonb",default:"{}"},{name:"performed_by",type:"varchar",length:255},{name:"ip_address",type:"varchar",length:45}],indexes:[{columns:["tenant_id"]},{columns:["event_type"]}]},{table_name:"tenant_features",feature_set:["multi-tenant"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:[],columns:[{name:"tenant_id",type:"uuid",notNull:!0,references:{table:"tenants",column:"id",onDelete:"cascade"}},{name:"feature_name",type:"varchar",length:100,notNull:!0},{name:"enabled",type:"boolean",notNull:!0,default:!0},{name:"config",type:"jsonb",default:"{}"}],indexes:[{columns:["tenant_id","feature_name"],unique:!0},{columns:["feature_name"]}]},{table_name:"domain_hostnames",feature_set:["domains"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["PUT"],group_name:"Domains",columns:[{name:"owner_type",type:"varchar",length:20,notNull:!0,default:"tenant",comment:"tenant | organization | user | external"},{name:"owner_id",type:"uuid",notNull:!0,comment:"Product-defined owner reference (e.g. band id, org id)"},{name:"tenant_id",type:"uuid",references:{table:"tenants",column:"id",onDelete:"cascade"},comment:"Tenant this hostname routes to; null for non-tenant owners"},{name:"schema_name",type:"varchar",length:100,comment:"Resolved tenant schema for routing"},{name:"hostname",type:"varchar",length:255,notNull:!0,comment:"Original hostname as entered by the user"},{name:"normalized_hostname",type:"varchar",length:255,notNull:!0,unique:!0,comment:"Lowercased, punycode, port-stripped hostname used for matching"},{name:"hostname_kind",type:"varchar",length:20,notNull:!0,default:"apex",comment:"platform_subdomain | apex | www | subdomain"},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending_verification",comment:"draft | pending_verification | verifying | active | failed | disabled | archived"},{name:"routing_status",type:"varchar",length:20,notNull:!0,default:"inactive",comment:"inactive | pending | active | failed"},{name:"certificate_status",type:"varchar",length:20,notNull:!0,default:"pending",comment:"not_required | pending | active | failed"},{name:"verification_status",type:"varchar",length:20,notNull:!0,default:"pending",comment:"pending | verified | failed | expired"},{name:"provider",type:"varchar",length:30,notNull:!0,default:"manual_dns",comment:"manual_dns | cloudflare_for_saas | cloudflare_registrar"},{name:"provider_hostname_id",type:"varchar",length:255},{name:"dns_target",type:"varchar",length:255,comment:"CNAME / A target the customer must point at"},{name:"is_primary",type:"boolean",notNull:!0,default:!1},{name:"redirect_to_hostname_id",type:"uuid",comment:"When set, this hostname 301-redirects to another hostname (e.g. apex to www)"},{name:"activated_at",type:"timestamptz"},{name:"disabled_at",type:"timestamptz"},{name:"failure_reason",type:"text"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["tenant_id"]},{columns:["schema_name"]},{columns:["status"]},{columns:["owner_type","owner_id"]},{columns:["provider","provider_hostname_id"]}]},{table_name:"domain_registrations",feature_set:["domains"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["PUT"],group_name:"Domains",columns:[{name:"owner_type",type:"varchar",length:20,notNull:!0,default:"tenant"},{name:"owner_id",type:"uuid",notNull:!0},{name:"tenant_id",type:"uuid",references:{table:"tenants",column:"id",onDelete:"set null"}},{name:"requested_domain",type:"varchar",length:255,notNull:!0},{name:"registered_domain",type:"varchar",length:255},{name:"provider",type:"varchar",length:30,notNull:!0,default:"cloudflare_registrar"},{name:"provider_registration_id",type:"varchar",length:255},{name:"registrant_owner_type",type:"varchar",length:20,notNull:!0,default:"customer",comment:"customer | platform"},{name:"registrant_contact_snapshot",type:"jsonb",default:"{}"},{name:"status",type:"varchar",length:30,notNull:!0,default:"draft",comment:"draft | availability_checked | awaiting_payment | registering | active | failed | transfer_requested | transferred_out | cancelled | expired"},{name:"price_amount",type:"numeric",precision:12,scale:2},{name:"currency",type:"varchar",length:10},{name:"renewal_date",type:"timestamptz"},{name:"auto_renew",type:"boolean",notNull:!0,default:!0},{name:"terms_version",type:"varchar",length:50},{name:"terms_accepted_at",type:"timestamptz"},{name:"failure_reason",type:"text"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["owner_type","owner_id"]},{columns:["tenant_id"]},{columns:["status"]}]},{table_name:"domain_verification_challenges",feature_set:["domains"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Domains",columns:[{name:"domain_hostname_id",type:"uuid",notNull:!0,references:{table:"domainHostnames",column:"id",onDelete:"cascade"}},{name:"challenge_type",type:"varchar",length:30,notNull:!0,default:"ownership_validation",comment:"hostname_validation | certificate_validation | ownership_validation"},{name:"record_type",type:"varchar",length:10,notNull:!0,default:"TXT",comment:"TXT | CNAME | A | AAAA | HTTP"},{name:"record_name",type:"varchar",length:255,notNull:!0},{name:"record_value",type:"text",notNull:!0},{name:"expected_target",type:"varchar",length:255},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending",comment:"pending | verified | failed | expired"},{name:"expires_at",type:"timestamptz"},{name:"verified_at",type:"timestamptz"},{name:"failure_reason",type:"text"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["domain_hostname_id"]},{columns:["status"]}]},{table_name:"domain_provider_records",feature_set:["domains"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Domains",columns:[{name:"domain_hostname_id",type:"uuid",notNull:!0,references:{table:"domainHostnames",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:30,notNull:!0},{name:"provider_resource_type",type:"varchar",length:30,notNull:!0,comment:"custom_hostname | certificate | validation | zone | dns_record | registration"},{name:"provider_resource_id",type:"varchar",length:255},{name:"provider_status",type:"varchar",length:50},{name:"last_synced_at",type:"timestamptz"},{name:"raw_status",type:"jsonb",default:"{}"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["domain_hostname_id"]},{columns:["provider","provider_resource_id"]}]},{table_name:"domain_events",feature_set:["domains"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Domains",columns:[{name:"domain_hostname_id",type:"uuid",references:{table:"domainHostnames",column:"id",onDelete:"cascade"}},{name:"domain_registration_id",type:"uuid",references:{table:"domainRegistrations",column:"id",onDelete:"cascade"}},{name:"event_type",type:"varchar",length:50,notNull:!0},{name:"actor_type",type:"varchar",length:20},{name:"actor_id",type:"varchar",length:255},{name:"message",type:"text"},{name:"ip_address",type:"varchar",length:45},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["domain_hostname_id"]},{columns:["event_type"]}]},{table_name:"verifications",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"instance_id",type:"uuid",notNull:!0,references:{table:"verificationInstances",column:"id",onDelete:"cascade"}},{name:"requirement_id",type:"uuid",notNull:!0,references:{table:"verificationRequirements",column:"id"}},{name:"verifier_id",type:"uuid",notNull:!0,references:{table:"users",column:"id"}},{name:"signature_id",type:"uuid",references:{table:"files",column:"id"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"decision",type:"varchar",length:50,notNull:!0,default:"pending",enumValues:["approved","rejected","pending"]},{name:"reason",type:"text"},{name:"diff",type:"jsonb"}],indexes:[{columns:["instance_id"]},{columns:["requirement_id"]},{columns:["verifier_id"]},{columns:["entity_name","entity_id"]},{columns:["entity_name","entity_id","step_order"]},{columns:["decision"]}]},{table_name:"verificationRequirements",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"instance_id",type:"uuid",notNull:!0,references:{table:"verificationInstances",column:"id",onDelete:"cascade"}},{name:"step_node_id",type:"varchar",length:100,notNull:!0},{name:"verifier_node_id",type:"varchar",length:100,notNull:!0},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"verifier_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role"]},{name:"verifier_user_id",type:"uuid"},{name:"verifier_role",type:"varchar",length:100},{name:"require_signature",type:"boolean",notNull:!0,default:!1},{name:"all_must_approve",type:"boolean",notNull:!0,default:!1},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"status",type:"varchar",length:30,notNull:!0,default:"pending",enumValues:["pending","approved","rejected"]}],indexes:[{columns:["instance_id"]},{columns:["instance_id","step_order"]},{columns:["entity_name","entity_id"]},{columns:["verifier_user_id"]},{columns:["status"]}]},{table_name:"verificationFlows",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"trigger_on",type:"varchar",length:50,notNull:!0,default:"update",enumValues:["create","update","delete","manual"]},{name:"trigger_fields",type:"jsonb"},{name:"is_draft",type:"boolean",notNull:!0,default:!0},{name:"published_at",type:"timestamptz"},{name:"viewport",type:"jsonb"}],indexes:[{columns:["entity_name"]},{columns:["entity_name","trigger_on"]},{columns:["is_draft"]}]},{table_name:"verificationSteps",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"node_type",type:"varchar",length:50,notNull:!0,default:"step",enumValues:["step","verifier","notification"]},{name:"step_order",type:"integer",notNull:!0,default:1},{name:"name",type:"varchar",length:255},{name:"description",type:"text"},{name:"position_x",type:"numeric",notNull:!0,default:0},{name:"position_y",type:"numeric",notNull:!0,default:0},{name:"width",type:"numeric"},{name:"height",type:"numeric"},{name:"style",type:"jsonb"},{name:"data",type:"jsonb"}],indexes:[{columns:["flow_id"]},{columns:["entity_name"]},{columns:["flow_id","node_id"],unique:!0},{columns:["entity_name","step_order"]}]},{table_name:"verificationEdges",feature_set:["authentication","verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"edge_id",type:"varchar",length:100,notNull:!0},{name:"source_node_id",type:"varchar",length:100,notNull:!0},{name:"target_node_id",type:"varchar",length:100,notNull:!0},{name:"source_handle",type:"varchar",length:50},{name:"target_handle",type:"varchar",length:50},{name:"edge_type",type:"varchar",length:50,default:"default",enumValues:["default","conditional","success","failure"]},{name:"label",type:"varchar",length:255},{name:"condition",type:"jsonb"},{name:"style",type:"jsonb"},{name:"animated",type:"boolean",default:!1}],indexes:[{columns:["flow_id"]},{columns:["flow_id","edge_id"],unique:!0},{columns:["source_node_id"]},{columns:["target_node_id"]}]},{table_name:"verificationNotificationRules",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"trigger",type:"varchar",length:50,notNull:!0,enumValues:["on_flow_started","on_step_reached","on_approved","on_rejected","on_flow_completed"]},{name:"title_template",type:"varchar",length:255},{name:"body_template",type:"text"},{name:"starts_at",type:"timestamptz"},{name:"expires_at",type:"timestamptz"}],indexes:[{columns:["flow_id"]},{columns:["flow_id","node_id"],unique:!0},{columns:["trigger"]}]},{table_name:"verificationNotificationRecipients",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"rule_id",type:"uuid",notNull:!0,references:{table:"verificationNotificationRules",column:"id",onDelete:"cascade"}},{name:"recipient_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role","all_verifiers","step_verifier","entity_creator"]},{name:"recipient_user_id",type:"uuid"},{name:"recipient_role",type:"varchar",length:100}],indexes:[{columns:["rule_id"]},{columns:["recipient_type"]}]},{table_name:"verificationVerifierConfigs",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id",onDelete:"cascade"}},{name:"node_id",type:"varchar",length:100,notNull:!0},{name:"verifier_type",type:"varchar",length:30,notNull:!0,enumValues:["user","role"]},{name:"verifier_user_id",type:"uuid"},{name:"verifier_role",type:"varchar",length:100},{name:"require_signature",type:"boolean",notNull:!0,default:!1},{name:"all_must_approve",type:"boolean",notNull:!0,default:!1}],indexes:[{columns:["flow_id"]},{columns:["flow_id","node_id"],unique:!0},{columns:["verifier_type"]}]},{table_name:"verificationInstances",feature_set:["verification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"flow_id",type:"uuid",notNull:!0,references:{table:"verificationFlows",column:"id"}},{name:"entity_name",type:"varchar",length:100,notNull:!0},{name:"entity_id",type:"uuid",notNull:!0},{name:"started_by",type:"uuid",references:{table:"users",column:"id"}},{name:"status",type:"varchar",length:30,notNull:!0,default:"active",enumValues:["active","completed","rejected","cancelled"]},{name:"current_step_order",type:"integer",notNull:!0,default:1},{name:"started_at",type:"timestamptz",notNull:!0,defaultRaw:"now()"},{name:"completed_at",type:"timestamptz"}],indexes:[{columns:["flow_id"]},{columns:["entity_name","entity_id"]},{columns:["entity_name","entity_id","status"]},{columns:["status"]},{columns:["started_by"]}]},{table_name:"verificationNotificationChannels",feature_set:["verification","notification"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"rule_id",type:"uuid",notNull:!0,references:{table:"verificationNotificationRules",column:"id",onDelete:"cascade"}},{name:"channel",type:"varchar",length:30,notNull:!0,enumValues:["portal","email","sms","telegram","webhook"]}],indexes:[{columns:["rule_id"]},{columns:["rule_id","channel"],unique:!0},{columns:["channel"]}]},{table_name:"user_cohorts",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"created_by",type:"uuid",references:{table:"users",column:"id",onDelete:"set null"}},{name:"expires_at",type:"timestamptz"},{name:"user_count",type:"integer",notNull:!0,default:0},{name:"metadata",type:"jsonb",default:"{}"}]},{table_name:"user_sessions",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"refresh_token_hash",type:"varchar",length:255},{name:"device_fingerprint",type:"varchar",length:255},{name:"device_name",type:"varchar",length:100},{name:"device_type",type:"varchar",length:50,enumValues:["desktop","mobile","tablet","unknown"]},{name:"browser_name",type:"varchar",length:50},{name:"browser_version",type:"varchar",length:20},{name:"os_name",type:"varchar",length:50},{name:"os_version",type:"varchar",length:20},{name:"ip_address",type:"varchar",length:45,notNull:!0},{name:"location_country",type:"varchar",length:100},{name:"location_city",type:"varchar",length:100},{name:"location_coordinates",type:"varchar",length:50},{name:"last_activity_at",type:"timestamptz",notNull:!0,defaultRaw:"now()"},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"revoked_at",type:"timestamptz"},{name:"revoked_reason",type:"varchar",length:100,enumValues:["user_logout","user_revoked","admin_revoked","security_concern","password_changed","expired","replaced"]},{name:"is_current",type:"boolean",notNull:!0,default:!1},{name:"login_method",type:"varchar",length:50,enumValues:["password","oauth_google","oauth_github","oauth_microsoft","magic_link","sso","api_key"]},{name:"remember_me",type:"boolean",notNull:!0,default:!1},{name:"trust_score",type:"integer",default:100},{name:"approval_status",type:"varchar",length:20,default:"approved",enumValues:["approved","pending","rejected"]},{name:"approval_token",type:"varchar",length:64},{name:"approval_requested_at",type:"timestamptz"},{name:"approval_responded_at",type:"timestamptz"}],indexes:[{columns:["user_id"]},{columns:["token_hash"],unique:!0},{columns:["refresh_token_hash"]},{columns:["user_id","is_active"]},{columns:["expires_at"]},{columns:["device_fingerprint"]},{columns:["ip_address"]},{columns:["last_activity_at"]},{columns:["approval_status"]},{columns:["approval_token"]}]},{table_name:"trusted_devices",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:64,notNull:!0},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending",enumValues:["pending","trusted","revoked"]},{name:"origin_session_id",type:"uuid"},{name:"label",type:"varchar",length:120},{name:"device_fingerprint",type:"varchar",length:255},{name:"first_seen_ip",type:"varchar",length:45},{name:"last_seen_ip",type:"varchar",length:45},{name:"last_seen_at",type:"timestamptz"},{name:"expires_at",type:"timestamptz"},{name:"revoked_at",type:"timestamptz"},{name:"revoked_reason",type:"varchar",length:30,enumValues:["user_revoked","password_reset","logout","admin_revoked","expired","replaced"]}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["user_id","status"]},{columns:["origin_session_id"]},{columns:["expires_at"]}]},{table_name:"password_reset_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",requires:["email"],available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["expires_at"]}]},{table_name:"magic_link_tokens",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",requires:["email"],available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"email",type:"varchar",length:255,notNull:!0},{name:"token_hash",type:"varchar",length:255,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"used_at",type:"timestamptz"}],indexes:[{columns:["token_hash"],unique:!0},{columns:["user_id"]},{columns:["email"]},{columns:["expires_at"]}]},{table_name:"webauthn_credentials",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",requires:[],available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"credential_id",type:"text",notNull:!0},{name:"public_key",type:"text",notNull:!0},{name:"counter",type:"bigint",mode:"number",notNull:!0,defaultValue:0},{name:"transports",type:"jsonb"},{name:"device_type",type:"varchar",length:32},{name:"backed_up",type:"boolean",notNull:!0,defaultValue:!1},{name:"aaguid",type:"varchar",length:64},{name:"authenticator_attachment",type:"varchar",length:32},{name:"nickname",type:"varchar",length:128},{name:"last_used_at",type:"timestamptz"},{name:"revoked_at",type:"timestamptz"}],indexes:[{columns:["credential_id"],unique:!0},{columns:["user_id"]}]},{table_name:"webauthn_challenges",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,group_name:"Authentication",requires:[],available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE","GET"],columns:[{name:"user_id",type:"uuid",references:{table:"users",column:"id",onDelete:"cascade"}},{name:"challenge",type:"text",notNull:!0},{name:"challenge_type",type:"varchar",length:32,notNull:!0},{name:"expires_at",type:"timestamptz",notNull:!0},{name:"consumed_at",type:"timestamptz"}],indexes:[{columns:["challenge"],unique:!0},{columns:["user_id"]},{columns:["expires_at"]}]},{table_name:"audit_logs",feature_set:["audit"],add_base_columns:!1,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","DELETE","PATCH","TOGGLE","VERIFICATION"],columns:[{name:"id",type:"uuid",primaryKey:!0,defaultRaw:"gen_random_uuid()"},{name:"entity_id",type:"uuid"},{name:"entity_name",type:"text",notNull:!0},{name:"operation_type",type:"text",notNull:!0},{name:"user_id",type:"uuid"},{name:"ip_address",type:"text"},{name:"user_agent",type:"text"},{name:"summary",type:"text"},{name:"severity",type:"text",default:"info"},{name:"category",type:"text"},{name:"occurrence_count",type:"integer",default:1},{name:"last_occurrence_at",type:"timestamp"},{name:"old_values",type:"jsonb"},{name:"new_values",type:"jsonb"},{name:"created_at",type:"timestamp",notNull:!0,defaultRaw:"now()"},{name:"path",type:"text"},{name:"query",type:"text"}],indexes:[{columns:["entity_id"]},{columns:["entity_name"]},{columns:["user_id"]},{columns:["created_at"]},{columns:["severity"]},{columns:["category"]}]},{table_name:"monitoring_metrics",feature_set:["monitoring"],add_base_columns:!1,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","DELETE","PATCH","TOGGLE","VERIFICATION"],columns:[{name:"id",type:"uuid",primaryKey:!0,defaultRaw:"gen_random_uuid()"},{name:"metric_type",type:"text",notNull:!0},{name:"metric_name",type:"text",notNull:!0},{name:"value",type:"doublePrecision",notNull:!0},{name:"tags",type:"jsonb"},{name:"recorded_at",type:"timestamp",notNull:!0}],indexes:[{columns:["metric_type"]},{columns:["metric_name"]},{columns:["recorded_at"]}]},{table_name:"oauth_accounts",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],bulk_endpoints_enabled:!1,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:50,notNull:!0,enumValues:["google","github","microsoft","discord","facebook","twitter","apple","custom"]},{name:"provider_account_id",type:"varchar",length:255,notNull:!0},{name:"provider_email",type:"varchar",length:255},{name:"provider_name",type:"varchar",length:255},{name:"provider_avatar_url",type:"text"},{name:"access_token",type:"text"},{name:"refresh_token",type:"text"},{name:"token_expires_at",type:"timestamp"},{name:"scope",type:"text"},{name:"raw_profile",type:"jsonb"},{name:"is_primary",type:"boolean",notNull:!0,default:!1},{name:"last_used_at",type:"timestamp"}],indexes:[{columns:["user_id"]},{columns:["provider","provider_account_id"],unique:!0},{columns:["provider_email"]},{columns:["user_id","provider"]}],constraints:{unique:[{name:"unique_provider_account",columns:["provider","provider_account_id"]}]}},{table_name:"api_keys",feature_set:["authentication"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH"],bulk_endpoints_enabled:!1,columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"key_hash",type:"varchar",length:255,notNull:!0},{name:"key_preview",type:"varchar",length:20,notNull:!0},{name:"owner_type",type:"varchar",length:30,notNull:!0,default:"personal",enumValues:["personal","application"]},{name:"application_name",type:"varchar",length:255},{name:"allowed_roles",type:"jsonb",notNull:!0,default:"[]"},{name:"allowed_claims",type:"jsonb",notNull:!0,default:"[]"},{name:"allowed_scopes",type:"jsonb",notNull:!0,default:"[]"},{name:"expires_at",type:"timestamptz"},{name:"last_used_at",type:"timestamptz"},{name:"last_used_ip",type:"varchar",length:45},{name:"usage_count",type:"integer",notNull:!0,default:0},{name:"revoked_at",type:"timestamptz"},{name:"revoked_reason",type:"varchar",length:255}],indexes:[{columns:["key_hash"],unique:!0},{columns:["user_id"]},{columns:["user_id","is_active"]},{columns:["owner_type"]},{columns:["expires_at"]},{columns:["last_used_at"]}]},{table_name:"backup_logs",feature_set:["backup"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["main","all"],excluded_schemas:[],excluded_methods:["PUT","PATCH"],columns:[{name:"backup_name",type:"varchar",length:255,notNull:!0},{name:"file_name",type:"varchar",length:500,notNull:!0},{name:"schema_name",type:"varchar",length:100,notNull:!0},{name:"format",type:"varchar",length:20,notNull:!0,default:"json"},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending"},{name:"trigger",type:"varchar",length:20,notNull:!0,default:"manual"},{name:"size_bytes",type:"integer"},{name:"table_count",type:"integer"},{name:"row_count",type:"integer"},{name:"included_tables",type:"jsonb",default:"[]"},{name:"excluded_tables",type:"jsonb",default:"[]"},{name:"error_message",type:"text"},{name:"started_at",type:"timestamp"},{name:"completed_at",type:"timestamp"},{name:"performed_by",type:"varchar",length:255},{name:"cron_expression",type:"varchar",length:100},{name:"retention_days",type:"integer"}],indexes:[{columns:["schema_name"]},{columns:["status"]},{columns:["trigger"]},{columns:["created_at"]}]},{table_name:"payment_transactions",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["DELETE"],columns:[{name:"user_id",type:"uuid",references:{table:"users",column:"id"}},{name:"order_id",type:"varchar",length:255},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_transaction_id",type:"varchar",length:255},{name:"provider_payment_id",type:"varchar",length:255},{name:"payment_method",type:"varchar",length:50},{name:"amount",type:"numeric",precision:12,scale:2,notNull:!0,default:0},{name:"currency",type:"varchar",length:10,notNull:!0,default:"TRY"},{name:"status",type:"varchar",length:30,notNull:!0,default:"pending",enumValues:["pending","processing","completed","failed","refunded","partially_refunded","cancelled"]},{name:"status_code",type:"integer"},{name:"status_message",type:"text"},{name:"card_last_four",type:"varchar",length:4},{name:"card_type",type:"varchar",length:50},{name:"card_association",type:"varchar",length:50},{name:"installment",type:"integer",default:1},{name:"is_three_d_secure",type:"boolean",default:!1},{name:"provider_response",type:"jsonb",default:"{}"},{name:"metadata",type:"jsonb",default:"{}"},{name:"refunded_amount",type:"numeric",precision:12,scale:2,default:0},{name:"refunded_at",type:"timestamptz"},{name:"completed_at",type:"timestamptz"},{name:"failed_at",type:"timestamptz"},{name:"ip_address",type:"varchar",length:45}],indexes:[{columns:["user_id"]},{columns:["order_id"]},{columns:["provider"]},{columns:["provider_payment_id"]},{columns:["status"]},{columns:["user_id","status"]}]},{table_name:"payment_methods",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"type",type:"varchar",length:30,notNull:!0,default:"card",enumValues:["card","bank_account","wallet"]},{name:"alias",type:"varchar",length:100},{name:"card_last_four",type:"varchar",length:4},{name:"card_type",type:"varchar",length:50},{name:"card_association",type:"varchar",length:50},{name:"card_family",type:"varchar",length:100},{name:"card_bank_name",type:"varchar",length:100},{name:"provider_card_user_key",type:"varchar",length:255},{name:"provider_card_token",type:"varchar",length:255},{name:"bin_number",type:"varchar",length:8},{name:"is_default",type:"boolean",default:!1},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["user_id"]},{columns:["provider"]},{columns:["user_id","is_default"]},{columns:["provider_card_user_key"]}]},{table_name:"payment_webhook_logs",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["PUT","PATCH","DELETE"],columns:[{name:"provider",type:"varchar",length:50,notNull:!0},{name:"event_type",type:"varchar",length:100,notNull:!0},{name:"provider_payment_id",type:"varchar",length:255},{name:"raw_payload",type:"jsonb",notNull:!0},{name:"processed",type:"boolean",default:!1},{name:"processing_result",type:"jsonb"},{name:"error_message",type:"text"},{name:"ip_address",type:"varchar",length:45},{name:"idempotency_key",type:"varchar",length:255}],indexes:[{columns:["provider"]},{columns:["event_type"]},{columns:["provider_payment_id"]},{columns:["processed"]},{columns:["idempotency_key"],unique:!0}]},{table_name:"payment_sub_merchants",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",references:{table:"users",column:"id"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_sub_merchant_key",type:"varchar",length:255},{name:"external_id",type:"varchar",length:255},{name:"type",type:"varchar",length:50,notNull:!0,default:"personal",enumValues:["personal","private_company","limited_or_joint_stock_company"]},{name:"status",type:"varchar",length:30,notNull:!0,default:"pending",enumValues:["pending","active","suspended","rejected"]},{name:"name",type:"varchar",length:255,notNull:!0},{name:"email",type:"varchar",length:255,notNull:!0},{name:"gsm_number",type:"varchar",length:20},{name:"address",type:"text"},{name:"iban",type:"varchar",length:50},{name:"contact_name",type:"varchar",length:100},{name:"contact_surname",type:"varchar",length:100},{name:"identity_number",type:"varchar",length:20},{name:"tax_office",type:"varchar",length:100},{name:"tax_number",type:"varchar",length:20},{name:"legal_company_title",type:"varchar",length:255},{name:"currency",type:"varchar",length:10,default:"TRY"},{name:"commission_rate",type:"numeric",precision:5,scale:2,default:0},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["user_id"]},{columns:["provider"]},{columns:["provider_sub_merchant_key"]},{columns:["external_id"]},{columns:["status"]},{columns:["email"]}]},{table_name:"payment_commission_splits",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["DELETE"],columns:[{name:"transaction_id",type:"uuid",notNull:!0,references:{table:"payment_transactions",column:"id",onDelete:"cascade"}},{name:"sub_merchant_id",type:"uuid",notNull:!0,references:{table:"payment_sub_merchants",column:"id"}},{name:"basket_item_id",type:"varchar",length:255},{name:"item_price",type:"numeric",precision:12,scale:2,notNull:!0,default:0},{name:"sub_merchant_price",type:"numeric",precision:12,scale:2,notNull:!0,default:0},{name:"platform_commission",type:"numeric",precision:12,scale:2,notNull:!0,default:0},{name:"commission_rate",type:"numeric",precision:5,scale:2,default:0},{name:"provider_split_id",type:"varchar",length:255},{name:"currency",type:"varchar",length:10,notNull:!0,default:"TRY"},{name:"status",type:"varchar",length:30,notNull:!0,default:"pending",enumValues:["pending","approved","disapproved","refunded"]},{name:"approved_at",type:"timestamptz"},{name:"disapproved_at",type:"timestamptz"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["transaction_id"]},{columns:["sub_merchant_id"]},{columns:["status"]},{columns:["transaction_id","sub_merchant_id"]},{columns:["provider_split_id"]}]},{table_name:"payment_products",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_product_id",type:"varchar",length:255},{name:"name",type:"varchar",length:255,notNull:!0},{name:"description",type:"text"},{name:"type",type:"varchar",length:30,default:"service",enumValues:["service","good"]},{name:"status",type:"varchar",length:30,notNull:!0,default:"active",enumValues:["active","archived","draft"]},{name:"images",type:"jsonb",default:"[]"},{name:"unit_label",type:"varchar",length:50},{name:"url",type:"varchar",length:500},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["provider"]},{columns:["provider_product_id"]},{columns:["name"]},{columns:["status"]},{columns:["type"]}]},{table_name:"payment_prices",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["DELETE"],columns:[{name:"product_id",type:"uuid",notNull:!0,references:{table:"payment_products",column:"id",onDelete:"cascade"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_price_id",type:"varchar",length:255},{name:"currency",type:"varchar",length:10,notNull:!0,default:"USD"},{name:"unit_amount",type:"integer",notNull:!0,default:0},{name:"unit_amount_decimal",type:"varchar",length:30},{name:"type",type:"varchar",length:30,notNull:!0,default:"one_time",enumValues:["one_time","recurring"]},{name:"billing_scheme",type:"varchar",length:30,default:"per_unit",enumValues:["per_unit","tiered"]},{name:"nickname",type:"varchar",length:255},{name:"recurring_interval",type:"varchar",length:20,enumValues:["day","week","month","year"]},{name:"recurring_interval_count",type:"integer",default:1},{name:"recurring_usage_type",type:"varchar",length:20,default:"licensed",enumValues:["licensed","metered"]},{name:"recurring_aggregate_usage",type:"varchar",length:30,enumValues:["sum","last_during_period","last_ever","max"]},{name:"transform_quantity_divide_by",type:"integer"},{name:"transform_quantity_round",type:"varchar",length:10,enumValues:["up","down"]},{name:"status",type:"varchar",length:30,notNull:!0,default:"active",enumValues:["active","archived"]},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["product_id"]},{columns:["provider"]},{columns:["provider_price_id"]},{columns:["type"]},{columns:["currency"]},{columns:["status"]},{columns:["product_id","status"]}]},{table_name:"payment_customers",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"user_id",type:"uuid",references:{table:"users",column:"id"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_customer_id",type:"varchar",length:255,notNull:!0},{name:"email",type:"varchar",length:255,notNull:!0},{name:"name",type:"varchar",length:255},{name:"phone",type:"varchar",length:50},{name:"description",type:"text"},{name:"address",type:"jsonb",default:"{}"},{name:"tax_id_type",type:"varchar",length:50},{name:"tax_id_value",type:"varchar",length:100},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["user_id"]},{columns:["provider"]},{columns:["provider_customer_id"]},{columns:["email"]},{columns:["user_id","provider"],unique:!0}]},{table_name:"payment_subscriptions",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["DELETE"],columns:[{name:"customer_id",type:"uuid",notNull:!0,references:{table:"payment_customers",column:"id"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_subscription_id",type:"varchar",length:255},{name:"status",type:"varchar",length:30,notNull:!0,default:"incomplete",enumValues:["active","past_due","unpaid","canceled","incomplete","incomplete_expired","trialing","paused"]},{name:"collection_method",type:"varchar",length:30,default:"charge_automatically",enumValues:["charge_automatically","send_invoice"]},{name:"current_period_start",type:"timestamptz"},{name:"current_period_end",type:"timestamptz"},{name:"cancel_at_period_end",type:"boolean",default:!1},{name:"canceled_at",type:"timestamptz"},{name:"trial_start",type:"timestamptz"},{name:"trial_end",type:"timestamptz"},{name:"items",type:"jsonb",default:"[]"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["customer_id"]},{columns:["provider"]},{columns:["provider_subscription_id"]},{columns:["status"]},{columns:["customer_id","status"]}]},{table_name:"payment_invoices",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["DELETE"],columns:[{name:"customer_id",type:"uuid",notNull:!0,references:{table:"payment_customers",column:"id"}},{name:"subscription_id",type:"uuid",references:{table:"payment_subscriptions",column:"id"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_invoice_id",type:"varchar",length:255},{name:"status",type:"varchar",length:30,notNull:!0,default:"draft",enumValues:["draft","open","paid","uncollectible","void"]},{name:"collection_method",type:"varchar",length:30,default:"charge_automatically",enumValues:["charge_automatically","send_invoice"]},{name:"currency",type:"varchar",length:10,notNull:!0,default:"USD"},{name:"amount_due",type:"integer",default:0},{name:"amount_paid",type:"integer",default:0},{name:"amount_remaining",type:"integer",default:0},{name:"description",type:"text"},{name:"hosted_invoice_url",type:"varchar",length:1000},{name:"invoice_pdf",type:"varchar",length:1000},{name:"due_date",type:"timestamptz"},{name:"days_until_due",type:"integer"},{name:"period_start",type:"timestamptz"},{name:"period_end",type:"timestamptz"},{name:"paid_at",type:"timestamptz"},{name:"voided_at",type:"timestamptz"},{name:"lines",type:"jsonb",default:"[]"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["customer_id"]},{columns:["subscription_id"]},{columns:["provider"]},{columns:["provider_invoice_id"]},{columns:["status"]},{columns:["customer_id","status"]}]},{table_name:"chat_conversations",feature_set:["authentication","chat"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"type",type:"varchar",length:20,notNull:!0,default:"direct",enumValues:["direct","group"]},{name:"title",type:"varchar",length:255},{name:"description",type:"text"},{name:"avatar_file_id",type:"uuid"},{name:"direct_key",type:"varchar",length:255},{name:"last_message_at",type:"timestamptz"},{name:"last_message_preview",type:"varchar",length:500},{name:"last_message_sender_id",type:"uuid",references:{table:"users",column:"id",onDelete:"set null"}}],indexes:[{columns:["direct_key"],unique:!0},{columns:["type"]},{columns:["last_message_at"]}]},{table_name:"chat_participants",feature_set:["authentication","chat"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"conversation_id",type:"uuid",notNull:!0,references:{table:"chat_conversations",column:"id",onDelete:"cascade"}},{name:"user_id",type:"uuid",notNull:!0,references:{table:"users",column:"id",onDelete:"cascade"}},{name:"role",type:"varchar",length:20,notNull:!0,default:"member",enumValues:["member","admin","owner"]},{name:"last_read_message_id",type:"uuid"},{name:"last_read_at",type:"timestamptz"},{name:"unread_count",type:"integer",notNull:!0,default:0},{name:"muted",type:"boolean",notNull:!0,default:!1},{name:"muted_until",type:"timestamptz"},{name:"notifications_enabled",type:"boolean",notNull:!0,default:!0},{name:"left_at",type:"timestamptz"}],indexes:[{columns:["user_id"]},{columns:["conversation_id"]}],constraints:{unique:[{name:"unique_conversation_participant",columns:["conversation_id","user_id"]}]}},{table_name:"chat_messages",feature_set:["authentication","chat"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"conversation_id",type:"uuid",notNull:!0,references:{table:"chat_conversations",column:"id",onDelete:"cascade"}},{name:"sender_id",type:"uuid",references:{table:"users",column:"id",onDelete:"set null"}},{name:"content",type:"text"},{name:"content_type",type:"varchar",length:20,notNull:!0,default:"text",enumValues:["text","image","file","video","audio","system"]},{name:"reply_to_id",type:"uuid",references:{table:"chat_messages",column:"id",onDelete:"set null"}},{name:"metadata",type:"jsonb",default:"{}"},{name:"client_message_id",type:"varchar",length:100},{name:"edited_at",type:"timestamptz"},{name:"deleted_at",type:"timestamptz"}],indexes:[{columns:["conversation_id","created_at"]},{columns:["sender_id"]},{columns:["reply_to_id"]}]},{table_name:"chat_message_attachments",feature_set:["authentication","chat","storage"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],columns:[{name:"message_id",type:"uuid",notNull:!0,references:{table:"chat_messages",column:"id",onDelete:"cascade"}},{name:"conversation_id",type:"uuid",notNull:!0,references:{table:"chat_conversations",column:"id",onDelete:"cascade"}},{name:"file_id",type:"uuid",notNull:!0,references:{table:"files",column:"id",onDelete:"cascade"}},{name:"kind",type:"varchar",length:20,notNull:!0,default:"file",enumValues:["image","video","audio","file"]},{name:"original_name",type:"varchar",length:255},{name:"mime_type",type:"varchar",length:100},{name:"size",type:"bigint",mode:"number"},{name:"width",type:"integer"},{name:"height",type:"integer"},{name:"duration",type:"integer"}],indexes:[{columns:["message_id"]},{columns:["conversation_id"]},{columns:["file_id"]}]},{table_name:"payment_splits",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Payments Marketplace",columns:[{name:"transaction_id",type:"uuid",references:{table:"paymentTransactions",column:"id",onDelete:"set null"}},{name:"recipient_owner_type",type:"varchar",length:20,notNull:!0,default:"seller",comment:"seller | platform | tenant | user"},{name:"recipient_owner_id",type:"uuid",notNull:!0},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"gross_amount",type:"bigint",mode:"number",notNull:!0,comment:"Minor units"},{name:"provider_fee_amount",type:"bigint",mode:"number",notNull:!0,default:0},{name:"platform_fee_amount",type:"bigint",mode:"number",notNull:!0,default:0},{name:"reserve_amount",type:"bigint",mode:"number",notNull:!0,default:0},{name:"net_payable_amount",type:"bigint",mode:"number",notNull:!0},{name:"currency",type:"varchar",length:10,notNull:!0},{name:"available_for_payout_at",type:"timestamptz"},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending",comment:"pending | available | payout_requested | paid | held | refunded | disputed | cancelled"},{name:"source_type",type:"varchar",length:50},{name:"source_id",type:"varchar",length:255},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["recipient_owner_type","recipient_owner_id"]},{columns:["status"]},{columns:["transaction_id"]}]},{table_name:"payment_ledger_entries",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Payments Marketplace",columns:[{name:"account",type:"varchar",length:40,notNull:!0,comment:"platform_revenue | provider_fee | seller_payable | reserve | refund_liability | dispute_liability | payout_in_transit | payout_completed"},{name:"owner_type",type:"varchar",length:20},{name:"owner_id",type:"uuid"},{name:"direction",type:"varchar",length:6,notNull:!0,comment:"debit | credit"},{name:"amount",type:"bigint",mode:"number",notNull:!0,comment:"Minor units"},{name:"currency",type:"varchar",length:10,notNull:!0},{name:"entry_type",type:"varchar",length:40,notNull:!0,comment:"split | refund | payout | reserve_hold | reserve_release | dispute | adjustment"},{name:"reference_type",type:"varchar",length:50},{name:"reference_id",type:"varchar",length:255},{name:"split_id",type:"uuid",references:{table:"paymentSplits",column:"id",onDelete:"set null"}},{name:"description",type:"text"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["account"]},{columns:["owner_type","owner_id"]},{columns:["entry_type"]},{columns:["reference_type","reference_id"]}]},{table_name:"payment_settlement_policies",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:[],group_name:"Payments Marketplace",columns:[{name:"owner_type",type:"varchar",length:20,notNull:!0,default:"tenant",comment:"tenant | seller"},{name:"owner_id",type:"uuid",notNull:!0},{name:"default_delay_days",type:"integer",notNull:!0,default:7},{name:"new_seller_delay_days",type:"integer",notNull:!0,default:14},{name:"reserve_rate",type:"numeric",precision:5,scale:4,notNull:!0,default:0,comment:"Fraction 0..1 held as reserve"},{name:"reserve_days",type:"integer",notNull:!0,default:0},{name:"minimum_payout_amount",type:"bigint",mode:"number",notNull:!0,default:0},{name:"currency",type:"varchar",length:10},{name:"early_payout_enabled",type:"boolean",notNull:!0,default:!1},{name:"status",type:"varchar",length:20,notNull:!0,default:"active"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["owner_type","owner_id"],unique:!0}]},{table_name:"payment_reserves",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["POST","PUT","PATCH","DELETE"],group_name:"Payments Marketplace",columns:[{name:"owner_type",type:"varchar",length:20,notNull:!0,default:"seller"},{name:"owner_id",type:"uuid",notNull:!0},{name:"split_id",type:"uuid",references:{table:"paymentSplits",column:"id",onDelete:"set null"}},{name:"amount",type:"bigint",mode:"number",notNull:!0},{name:"currency",type:"varchar",length:10,notNull:!0},{name:"reason",type:"varchar",length:30,notNull:!0,default:"refund_window",comment:"refund_window | chargeback_risk | new_seller | manual_hold | dispute | compliance_review"},{name:"status",type:"varchar",length:20,notNull:!0,default:"held",comment:"held | released | consumed | cancelled"},{name:"release_at",type:"timestamptz"},{name:"released_at",type:"timestamptz"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["owner_type","owner_id"]},{columns:["status"]},{columns:["release_at"]}]},{table_name:"payment_payout_requests",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["PUT"],group_name:"Payments Marketplace",columns:[{name:"recipient_owner_type",type:"varchar",length:20,notNull:!0,default:"seller"},{name:"recipient_owner_id",type:"uuid",notNull:!0},{name:"amount",type:"bigint",mode:"number",notNull:!0},{name:"currency",type:"varchar",length:10,notNull:!0},{name:"status",type:"varchar",length:20,notNull:!0,default:"pending",comment:"pending | approved | rejected | processing | completed | failed | cancelled"},{name:"provider",type:"varchar",length:50},{name:"provider_payout_id",type:"varchar",length:255},{name:"provider_transfer_id",type:"varchar",length:255},{name:"destination",type:"varchar",length:255},{name:"requested_by",type:"uuid"},{name:"decided_by",type:"uuid"},{name:"decided_at",type:"timestamptz"},{name:"completed_at",type:"timestamptz"},{name:"failure_reason",type:"text"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["recipient_owner_type","recipient_owner_id"]},{columns:["status"]}]},{table_name:"payment_disputes",feature_set:["payment"],add_base_columns:!0,is_form_data:!1,available_app_ids:["default_be"],available_schemas:["*"],excluded_schemas:[],excluded_methods:["PUT"],group_name:"Payments Marketplace",columns:[{name:"transaction_id",type:"uuid",references:{table:"paymentTransactions",column:"id",onDelete:"set null"}},{name:"provider",type:"varchar",length:50,notNull:!0},{name:"provider_dispute_id",type:"varchar",length:255},{name:"owner_type",type:"varchar",length:20},{name:"owner_id",type:"uuid"},{name:"amount",type:"bigint",mode:"number"},{name:"currency",type:"varchar",length:10},{name:"reason",type:"varchar",length:100},{name:"status",type:"varchar",length:30,notNull:!0,default:"open",comment:"open | under_review | won | lost | accepted | cancelled"},{name:"evidence_due_at",type:"timestamptz"},{name:"resolved_at",type:"timestamptz"},{name:"metadata",type:"jsonb",default:"{}"}],indexes:[{columns:["provider","provider_dispute_id"]},{columns:["status"]},{columns:["owner_type","owner_id"]},{columns:["transaction_id"]}]}];import{and as and9,desc as desc3,eq as eq15,inArray as inArray4}from"drizzle-orm";var DEFAULT_CHAT_CONFIG={enabled:!1,basePath:"/chat",groupsEnabled:!0,maxGroupParticipants:256,maxMessageLength:8000,editingEnabled:!0,deletionEnabled:!0,typingIndicators:!0,readReceipts:!0,presence:!0,realtimeTopicPrefix:"chat",messagePageSize:50,attachments:{enabled:!0,maxPerMessage:10,maxFileSizeBytes:null,allowedMimeTypes:[]}};function mergeChatConfig(input){let base=DEFAULT_CHAT_CONFIG;if(!input)return base;return{enabled:input.enabled??base.enabled,basePath:input.basePath??base.basePath,groupsEnabled:input.groupsEnabled??base.groupsEnabled,maxGroupParticipants:input.maxGroupParticipants??base.maxGroupParticipants,maxMessageLength:input.maxMessageLength??base.maxMessageLength,editingEnabled:input.editingEnabled??base.editingEnabled,deletionEnabled:input.deletionEnabled??base.deletionEnabled,typingIndicators:input.typingIndicators??base.typingIndicators,readReceipts:input.readReceipts??base.readReceipts,presence:input.presence??base.presence,realtimeTopicPrefix:input.realtimeTopicPrefix??base.realtimeTopicPrefix,messagePageSize:input.messagePageSize??base.messagePageSize,attachments:{enabled:input.attachments?.enabled??base.attachments.enabled,maxPerMessage:input.attachments?.maxPerMessage??base.attachments.maxPerMessage,maxFileSizeBytes:input.attachments?.maxFileSizeBytes??base.attachments.maxFileSizeBytes,allowedMimeTypes:input.attachments?.allowedMimeTypes??base.attachments.allowedMimeTypes}}}function getCol(table,col6){return table[col6]}function getTable(schemaTables,name2,logger2){return resolveSchemaTable(schemaTables,name2,logger2)}function computeDirectKey(userA,userB){return[userA,userB].sort().join(":")}function kindFromMime(mime){if(!mime)return"file";if(mime.startsWith("image/"))return"image";if(mime.startsWith("video/"))return"video";if(mime.startsWith("audio/"))return"audio";return"file"}function str3(value){return typeof value==="string"?value:null}function num2(value){return typeof value==="number"?value:null}function date(value){if(value instanceof Date)return value;if(typeof value==="string")return new Date(value);return null}function cdnUrl(cdnBasePath,fileId){if(!fileId)return null;return`${cdnBasePath}/${fileId}`}function mapConversation(row,cdnBasePath){let avatarFileId=str3(row.avatarFileId);return{id:String(row.id),type:str3(row.type)??"direct",title:str3(row.title),description:str3(row.description),avatarFileId,avatarUrl:cdnUrl(cdnBasePath,avatarFileId),directKey:str3(row.directKey),lastMessageAt:date(row.lastMessageAt),lastMessagePreview:str3(row.lastMessagePreview),lastMessageSenderId:str3(row.lastMessageSenderId),createdBy:str3(row.createdBy),createdAt:date(row.createdAt)??new Date(0),updatedAt:date(row.updatedAt)??new Date(0),isActive:row.isActive!==!1}}function mapParticipant(row){return{id:String(row.id),conversationId:String(row.conversationId),userId:String(row.userId),role:str3(row.role)??"member",lastReadMessageId:str3(row.lastReadMessageId),lastReadAt:date(row.lastReadAt),unreadCount:num2(row.unreadCount)??0,muted:row.muted===!0,mutedUntil:date(row.mutedUntil),notificationsEnabled:row.notificationsEnabled!==!1,leftAt:date(row.leftAt),joinedAt:date(row.createdAt)??new Date(0)}}function mapAttachment(row,cdnBasePath){let fileId=String(row.fileId);return{id:String(row.id),messageId:String(row.messageId),conversationId:String(row.conversationId),fileId,kind:str3(row.kind)??"file",originalName:str3(row.originalName),mimeType:str3(row.mimeType),size:num2(row.size),width:num2(row.width),height:num2(row.height),duration:num2(row.duration),url:`${cdnBasePath}/${fileId}`}}function mapMessage(row,attachments){let metadata=row.metadata;return{id:String(row.id),conversationId:String(row.conversationId),senderId:str3(row.senderId),content:str3(row.content),contentType:str3(row.contentType)??"text",replyToId:str3(row.replyToId),metadata:metadata&&typeof metadata==="object"?metadata:null,clientMessageId:str3(row.clientMessageId),editedAt:date(row.editedAt),deletedAt:date(row.deletedAt),createdAt:date(row.createdAt)??new Date(0),updatedAt:date(row.updatedAt)??new Date(0),attachments}}function buildPreview(content,contentType,attachmentCount){if(content&&content.trim().length>0){let trimmed=content.trim();return trimmed.length>280?`${trimmed.slice(0,277)}...`:trimmed}if(attachmentCount>0){if(contentType==="image")return attachmentCount>1?`${attachmentCount} photos`:"Photo";if(contentType==="video")return attachmentCount>1?`${attachmentCount} videos`:"Video";if(contentType==="audio")return"Audio";return attachmentCount>1?`${attachmentCount} files`:"File"}if(contentType==="system")return"System message";return""}import{and as and8,eq as eq14,inArray as inArray3}from"drizzle-orm";class ChatError extends Error{code;constructor(code,message){super(message);this.code=code,this.name="ChatError"}}function resolveChatTables(ctx){let conversations=getTable(ctx.schemaTables,"chat_conversations",ctx.logger),participants=getTable(ctx.schemaTables,"chat_participants",ctx.logger),messages=getTable(ctx.schemaTables,"chat_messages",ctx.logger);if(!conversations||!participants||!messages)throw new ChatError("disabled","Chat tables are not available in this schema");let attachments=getTable(ctx.schemaTables,"chat_message_attachments")??null,files=getTable(ctx.schemaTables,"files")??null;return{conversations,participants,messages,attachments,files}}function chatTopic(ctx){return ctx.config.realtimeTopicPrefix||"chat"}async function getConversationRow(ctx,tables,conversationId){return(await ctx.db.select().from(tables.conversations).where(eq14(getCol(tables.conversations,"id"),conversationId)).limit(1))[0]??null}async function getParticipant(ctx,tables,conversationId,userId){let row=(await ctx.db.select().from(tables.participants).where(and8(eq14(getCol(tables.participants,"conversationId"),conversationId),eq14(getCol(tables.participants,"userId"),userId))).limit(1))[0];return row?mapParticipant(row):null}async function requireActiveMembership(ctx,tables,conversationId,userId){let participant=await getParticipant(ctx,tables,conversationId,userId);if(!participant||participant.leftAt)throw new ChatError("forbidden","You are not a participant of this conversation");return participant}async function listParticipants(ctx,tables,conversationId,includeLeft=!1){let all=(await ctx.db.select().from(tables.participants).where(eq14(getCol(tables.participants,"conversationId"),conversationId))).map(mapParticipant);return includeLeft?all:all.filter((p)=>!p.leftAt)}async function assertUsersExist(ctx,userIds){let unique=[...new Set(userIds)];if(unique.length===0)return;let usersTable=getTable(ctx.schemaTables,"users",ctx.logger);if(!usersTable)throw new ChatError("disabled","Users table is not available in this schema");let rows=await ctx.db.select({id:getCol(usersTable,"id")}).from(usersTable).where(inArray3(getCol(usersTable,"id"),unique)),found=new Set(rows.map((r)=>r.id));for(let id of unique)if(!found.has(id))throw new ChatError("not_found",`User ${id} does not exist`)}function deliverToParticipants(ctx,participants,event,exceptUserId){if(!ctx.broadcaster)return;let topic=chatTopic(ctx);for(let participant of participants){if(participant.leftAt)continue;if(exceptUserId&&participant.userId===exceptUserId)continue;ctx.broadcaster.broadcastToUser(participant.userId,topic,event)}}async function buildSummary(ctx,tables,conversationRow,userId,participantsOverride){let conversation=mapConversation(conversationRow,ctx.cdnBasePath),participants=participantsOverride??await listParticipants(ctx,tables,conversation.id),myParticipant=participants.find((p)=>p.userId===userId)??null;return{...conversation,participants,myParticipant,unreadCount:myParticipant?.unreadCount??0}}async function getOrCreateDirect(ctx,params){let tables=resolveChatTables(ctx),{userId,targetUserId}=params;if(!targetUserId||targetUserId===userId)throw new ChatError("validation","A different target user is required");await assertUsersExist(ctx,[targetUserId]);let directKey=computeDirectKey(userId,targetUserId),existing=(await ctx.db.select().from(tables.conversations).where(eq15(getCol(tables.conversations,"directKey"),directKey)).limit(1))[0];if(existing)return await rejoinIfNeeded(ctx,tables,String(existing.id),[userId,targetUserId]),buildSummary(ctx,tables,existing,userId);let now=new Date,conversationRow;try{conversationRow=(await ctx.db.insert(tables.conversations).values({type:"direct",directKey,createdBy:userId,lastMessageAt:now,lastMessagePreview:""}).returning())[0]}catch(_err){let raced=(await ctx.db.select().from(tables.conversations).where(eq15(getCol(tables.conversations,"directKey"),directKey)).limit(1))[0];if(!raced)throw new ChatError("conflict","Failed to create direct conversation");return await rejoinIfNeeded(ctx,tables,String(raced.id),[userId,targetUserId]),buildSummary(ctx,tables,raced,userId)}let conversationId=String(conversationRow.id);await ctx.db.insert(tables.participants).values([{conversationId,userId,role:"member",createdBy:userId},{conversationId,userId:targetUserId,role:"member",createdBy:userId}]);let summary=await buildSummary(ctx,tables,conversationRow,userId);return deliverToParticipants(ctx,summary.participants,{type:"conversation.created",conversationId,conversation:summary},userId),summary}async function createGroup(ctx,params){if(!ctx.config.groupsEnabled)throw new ChatError("disabled","Group conversations are disabled");let tables=resolveChatTables(ctx),{creatorId,title}=params;if(!title||title.trim().length===0)throw new ChatError("validation","A group title is required");let memberIds=[...new Set([creatorId,...params.participantIds])];if(memberIds.length>ctx.config.maxGroupParticipants)throw new ChatError("validation",`A group cannot exceed ${ctx.config.maxGroupParticipants} participants`);if(await assertUsersExist(ctx,memberIds),params.avatarFileId){if(!tables.files)throw new ChatError("disabled","Avatar files require storage to be enabled");let avatarRow=(await ctx.db.select().from(tables.files).where(eq15(getCol(tables.files,"id"),params.avatarFileId)).limit(1))[0],owner=avatarRow?String(avatarRow.uploadedBy??avatarRow.createdBy??""):"";if(!avatarRow||owner!==creatorId)throw new ChatError("forbidden","Avatar file is not owned by the creator")}let now=new Date,conversationRow=(await ctx.db.insert(tables.conversations).values({type:"group",title:title.trim(),description:params.description??null,avatarFileId:params.avatarFileId??null,createdBy:creatorId,lastMessageAt:now,lastMessagePreview:""}).returning())[0],conversationId=String(conversationRow.id);await ctx.db.insert(tables.participants).values(memberIds.map((memberId)=>({conversationId,userId:memberId,role:memberId===creatorId?"owner":"member",createdBy:creatorId})));let summary=await buildSummary(ctx,tables,conversationRow,creatorId);return deliverToParticipants(ctx,summary.participants,{type:"conversation.created",conversationId,conversation:summary},creatorId),summary}async function listConversations(ctx,params){let tables=resolveChatTables(ctx),limit=Math.min(Math.max(params.limit??30,1),100),offset=Math.max(params.offset??0,0),myParticipants=(await ctx.db.select().from(tables.participants).where(eq15(getCol(tables.participants,"userId"),params.userId))).map(mapParticipant).filter((p)=>!p.leftAt);if(myParticipants.length===0)return[];let conversationIds=myParticipants.map((p)=>p.conversationId),pageRows=await ctx.db.select().from(tables.conversations).where(and9(inArray4(getCol(tables.conversations,"id"),conversationIds),eq15(getCol(tables.conversations,"isActive"),!0))).orderBy(desc3(getCol(tables.conversations,"lastMessageAt"))).limit(limit).offset(offset);if(pageRows.length===0)return[];let pageIds=pageRows.map((r)=>String(r.id)),participantRows=await ctx.db.select().from(tables.participants).where(inArray4(getCol(tables.participants,"conversationId"),pageIds)),byConversation=new Map;for(let row of participantRows){let mapped=mapParticipant(row);if(mapped.leftAt)continue;let list=byConversation.get(mapped.conversationId)??[];list.push(mapped),byConversation.set(mapped.conversationId,list)}let summaries=[];for(let row of pageRows){let id=String(row.id);summaries.push(await buildSummary(ctx,tables,row,params.userId,byConversation.get(id)??[]))}return summaries}async function getConversation(ctx,conversationId,userId){let tables=resolveChatTables(ctx);await requireActiveMembership(ctx,tables,conversationId,userId);let row=await getConversationRow(ctx,tables,conversationId);if(!row)throw new ChatError("not_found","Conversation not found");return buildSummary(ctx,tables,row,userId)}async function rejoinIfNeeded(ctx,tables,conversationId,userIds){for(let userId of userIds){let participant=await getParticipant(ctx,tables,conversationId,userId);if(!participant)await ctx.db.insert(tables.participants).values({conversationId,userId,role:"member",createdBy:userId});else if(participant.leftAt)await ctx.db.update(tables.participants).set({leftAt:null}).where(eq15(getCol(tables.participants,"id"),participant.id))}}function assertCanManage(actor){if(actor.role!=="owner"&&actor.role!=="admin")throw new ChatError("forbidden","Only group admins can manage participants")}async function addParticipants(ctx,conversationId,actorId,userIds){let tables=resolveChatTables(ctx),conversation=await getConversationRow(ctx,tables,conversationId);if(!conversation)throw new ChatError("not_found","Conversation not found");if(mapConversation(conversation,ctx.cdnBasePath).type!=="group")throw new ChatError("validation","Participants can only be managed in group conversations");let actor=await requireActiveMembership(ctx,tables,conversationId,actorId);assertCanManage(actor);let toAdd=[...new Set(userIds)];await assertUsersExist(ctx,toAdd);let current=await listParticipants(ctx,tables,conversationId,!0),activeCount=current.filter((p)=>!p.leftAt).length,newOnes=toAdd.filter((id)=>!current.some((p)=>p.userId===id&&!p.leftAt));if(activeCount+newOnes.length>ctx.config.maxGroupParticipants)throw new ChatError("validation","Group participant limit exceeded");for(let userId of toAdd)await rejoinIfNeeded(ctx,tables,conversationId,[userId]);let participants=await listParticipants(ctx,tables,conversationId);return deliverToParticipants(ctx,participants,{type:"participant.added",conversationId,userIds:toAdd,by:actorId}),participants}async function removeParticipant(ctx,conversationId,actorId,targetUserId){let tables=resolveChatTables(ctx),actor=await requireActiveMembership(ctx,tables,conversationId,actorId);if(actorId!==targetUserId)assertCanManage(actor);let target2=await getParticipant(ctx,tables,conversationId,targetUserId);if(!target2||target2.leftAt)throw new ChatError("not_found","Participant not found in conversation");await ctx.db.update(tables.participants).set({leftAt:new Date}).where(eq15(getCol(tables.participants,"id"),target2.id));let participants=await listParticipants(ctx,tables,conversationId),event={type:"participant.removed",conversationId,userId:targetUserId,by:actorId};if(deliverToParticipants(ctx,participants,event),ctx.broadcaster)ctx.broadcaster.broadcastToUser(targetUserId,ctx.config.realtimeTopicPrefix||"chat",event)}import{and as and10,desc as desc4,eq as eq16,inArray as inArray5,isNull,lt,ne,sql as sql5}from"drizzle-orm";async function loadAttachments(ctx,tables,messageIds){let grouped=new Map;if(!tables.attachments||messageIds.length===0)return grouped;let rows=await ctx.db.select().from(tables.attachments).where(inArray5(getCol(tables.attachments,"messageId"),messageIds));for(let row of rows){let attachment=mapAttachment(row,ctx.cdnBasePath),list=grouped.get(attachment.messageId)??[];list.push(attachment),grouped.set(attachment.messageId,list)}return grouped}function inferContentType(explicit,attachments){if(explicit)return explicit;if(attachments.length===0)return"text";let kind=attachments[0]?.kind;if(kind==="image")return"image";if(kind==="video")return"video";if(kind==="audio")return"audio";return"file"}async function persistAttachments(ctx,tables,conversationId,messageId,params){let inputs=params.attachments??[];if(inputs.length===0)return[];if(!ctx.attachmentsAvailable||!tables.attachments||!tables.files)throw new ChatError("disabled","File attachments require storage and CDN to be enabled");if(inputs.length>ctx.config.attachments.maxPerMessage)throw new ChatError("validation",`A message cannot have more than ${ctx.config.attachments.maxPerMessage} attachments`);let fileIds=inputs.map((a)=>a.fileId),fileRows=await ctx.db.select().from(tables.files).where(inArray5(getCol(tables.files,"id"),fileIds)),filesById=new Map;for(let row of fileRows)filesById.set(String(row.id),row);let payloads=inputs.map((input)=>{let fileRow=filesById.get(input.fileId);if(!fileRow)throw new ChatError("not_found",`Attachment file ${input.fileId} was not found`);if(String(fileRow.uploadedBy??fileRow.createdBy??"")!==params.senderId)throw new ChatError("forbidden",`Attachment file ${input.fileId} is not owned by the sender`);let mimeType=fileRow.mimeType??input.mimeType??null;return{conversationId,messageId,fileId:input.fileId,kind:input.kind??kindFromMime(mimeType),originalName:fileRow.originalName??input.originalName??null,mimeType,size:fileRow.size??input.size??null,width:input.width??null,height:input.height??null,duration:input.duration??null,createdBy:params.senderId}});return(await ctx.db.insert(tables.attachments).values(payloads).returning()).map((row)=>mapAttachment(row,ctx.cdnBasePath))}async function sendMessage(ctx,params){let tables=resolveChatTables(ctx);await requireActiveMembership(ctx,tables,params.conversationId,params.senderId);let content=params.content?.trim()?params.content:null,hasAttachments=(params.attachments?.length??0)>0;if(!content&&!hasAttachments)throw new ChatError("validation","A message must contain text or at least one attachment");if(content&&content.length>ctx.config.maxMessageLength)throw new ChatError("validation",`Message exceeds the maximum length of ${ctx.config.maxMessageLength} characters`);if(params.metadata!==void 0&&params.metadata!==null){if(JSON.stringify(params.metadata).length>4096)throw new ChatError("validation","Message metadata exceeds the maximum size of 4096 bytes")}let messageRow=(await ctx.db.insert(tables.messages).values({conversationId:params.conversationId,senderId:params.senderId,content,contentType:params.contentType??"text",replyToId:params.replyToId??null,clientMessageId:params.clientMessageId??null,metadata:params.metadata??{},createdBy:params.senderId}).returning())[0],messageId=String(messageRow.id),attachments=await persistAttachments(ctx,tables,params.conversationId,messageId,params),contentType=inferContentType(params.contentType,attachments);if(contentType!==messageRow.contentType)await ctx.db.update(tables.messages).set({contentType}).where(eq16(getCol(tables.messages,"id"),messageId)),messageRow.contentType=contentType;let message=mapMessage(messageRow,attachments),preview=buildPreview(message.content,message.contentType,attachments.length),now=message.createdAt;await ctx.db.update(tables.conversations).set({lastMessageAt:now,lastMessagePreview:preview,lastMessageSenderId:params.senderId,updatedAt:new Date}).where(eq16(getCol(tables.conversations,"id"),params.conversationId)),await ctx.db.update(tables.participants).set({unreadCount:sql5`${getCol(tables.participants,"unreadCount")} + 1`}).where(and10(eq16(getCol(tables.participants,"conversationId"),params.conversationId),ne(getCol(tables.participants,"userId"),params.senderId),isNull(getCol(tables.participants,"leftAt"))));let participants=await listParticipants(ctx,tables,params.conversationId);return deliverToParticipants(ctx,participants,{type:"message.created",conversationId:params.conversationId,message}),message}async function getMessages(ctx,params){let tables=resolveChatTables(ctx);await requireActiveMembership(ctx,tables,params.conversationId,params.userId);let limit=Math.min(Math.max(params.limit??ctx.config.messagePageSize,1),100),conditions=[eq16(getCol(tables.messages,"conversationId"),params.conversationId)];if(params.before){let cursor=(await ctx.db.select().from(tables.messages).where(eq16(getCol(tables.messages,"id"),params.before)).limit(1))[0];if(cursor?.createdAt)conditions.push(lt(getCol(tables.messages,"createdAt"),cursor.createdAt))}let rows=await ctx.db.select().from(tables.messages).where(and10(...conditions)).orderBy(desc4(getCol(tables.messages,"createdAt"))).limit(limit+1),pageRows=rows.slice(0,limit),hasMore=rows.length>limit,attachmentsByMessage=await loadAttachments(ctx,tables,pageRows.map((r)=>String(r.id)));return{messages:pageRows.map((row)=>mapMessage(row,attachmentsByMessage.get(String(row.id))??[])),hasMore}}async function markRead(ctx,conversationId,userId,messageId){let tables=resolveChatTables(ctx),participant=await requireActiveMembership(ctx,tables,conversationId,userId),targetMessageId=messageId??null;if(!targetMessageId){let latestRow=(await ctx.db.select().from(tables.messages).where(eq16(getCol(tables.messages,"conversationId"),conversationId)).orderBy(desc4(getCol(tables.messages,"createdAt"))).limit(1))[0];targetMessageId=latestRow?String(latestRow.id):null}let readAt=new Date;if(await ctx.db.update(tables.participants).set({lastReadMessageId:targetMessageId,lastReadAt:readAt,unreadCount:0}).where(eq16(getCol(tables.participants,"id"),participant.id)),ctx.config.readReceipts){let participants=await listParticipants(ctx,tables,conversationId);deliverToParticipants(ctx,participants,{type:"conversation.read",conversationId,userId,lastReadMessageId:targetMessageId,readAt:readAt.toISOString()},userId)}return{lastReadMessageId:targetMessageId,readAt}}async function editMessage(ctx,messageId,userId,content){if(!ctx.config.editingEnabled)throw new ChatError("disabled","Message editing is disabled");let tables=resolveChatTables(ctx),row=(await ctx.db.select().from(tables.messages).where(eq16(getCol(tables.messages,"id"),messageId)).limit(1))[0];if(!row||row.deletedAt)throw new ChatError("not_found","Message not found");if(String(row.senderId)!==userId)throw new ChatError("forbidden","You can only edit your own messages");let trimmed=content.trim();if(!trimmed)throw new ChatError("validation","Message content cannot be empty");if(trimmed.length>ctx.config.maxMessageLength)throw new ChatError("validation","Message exceeds the maximum length");let editedAt=new Date,updated=await ctx.db.update(tables.messages).set({content:trimmed,editedAt,updatedAt:editedAt}).where(eq16(getCol(tables.messages,"id"),messageId)).returning(),attachments=await loadAttachments(ctx,tables,[messageId]),message=mapMessage(updated[0],attachments.get(messageId)??[]),participants=await listParticipants(ctx,tables,String(row.conversationId));return deliverToParticipants(ctx,participants,{type:"message.updated",conversationId:String(row.conversationId),message}),message}async function deleteMessage(ctx,messageId,userId){if(!ctx.config.deletionEnabled)throw new ChatError("disabled","Message deletion is disabled");let tables=resolveChatTables(ctx),row=(await ctx.db.select().from(tables.messages).where(eq16(getCol(tables.messages,"id"),messageId)).limit(1))[0];if(!row||row.deletedAt)throw new ChatError("not_found","Message not found");if(String(row.senderId)!==userId)throw new ChatError("forbidden","You can only delete your own messages");let deletedAt=new Date;await ctx.db.update(tables.messages).set({content:null,deletedAt,updatedAt:deletedAt}).where(eq16(getCol(tables.messages,"id"),messageId));let participants=await listParticipants(ctx,tables,String(row.conversationId));deliverToParticipants(ctx,participants,{type:"message.deleted",conversationId:String(row.conversationId),messageId})}async function setTyping(ctx,conversationId,userId,isTyping=!0){if(!ctx.config.typingIndicators)return;let tables=resolveChatTables(ctx),participants=await listParticipants(ctx,tables,conversationId);if(!participants.some((p)=>p.userId===userId))throw new ChatError("forbidden","You are not a participant of this conversation");deliverToParticipants(ctx,participants,{type:"typing",conversationId,userId,isTyping},userId)}class ChatService{ctx;constructor(init){this.ctx={db:init.db,schemaTables:init.schemaTables,config:init.config,logger:init.logger,broadcaster:init.broadcaster??null,cdnBasePath:init.cdnBasePath??"/cdn",attachmentsAvailable:init.attachmentsAvailable??!1}}get config(){return this.ctx.config}getOrCreateDirect(userId,targetUserId){return getOrCreateDirect(this.ctx,{userId,targetUserId})}createGroup(params){return createGroup(this.ctx,params)}listConversations(userId,opts){return listConversations(this.ctx,{userId,limit:opts?.limit,offset:opts?.offset})}getConversation(conversationId,userId){return getConversation(this.ctx,conversationId,userId)}addParticipants(conversationId,actorId,userIds){return addParticipants(this.ctx,conversationId,actorId,userIds)}removeParticipant(conversationId,actorId,targetUserId){return removeParticipant(this.ctx,conversationId,actorId,targetUserId)}sendMessage(params){return sendMessage(this.ctx,params)}getMessages(params){return getMessages(this.ctx,params)}markRead(conversationId,userId,messageId){return markRead(this.ctx,conversationId,userId,messageId)}editMessage(messageId,userId,content){return editMessage(this.ctx,messageId,userId,content)}deleteMessage(messageId,userId){return deleteMessage(this.ctx,messageId,userId)}setTyping(conversationId,userId,isTyping){return setTyping(this.ctx,conversationId,userId,isTyping)}}init_Logger2();var METHOD_MAP={GET:["GET"],POST:["POST"],PUT:["PUT"],DELETE:["DELETE"],PATCH:["PATCH"],TOGGLE:["PATCH"],VERIFICATION:["POST"]};function buildAuthPublicRoutes(config,basePath){let routes=[],auth=config.authentication;if(!auth)return routes;if(auth.login?.enabled&&auth.login?.isPublic)routes.push({path:auth.login.route||`${basePath}/auth/login`,method:"POST",source:"auth"});if(auth.register?.enabled&&auth.register?.isPublic)routes.push({path:auth.register.route||`${basePath}/auth/register`,method:"POST",source:"auth"});if(auth.logout?.enabled&&auth.logout?.isPublic)routes.push({path:auth.logout.route||`${basePath}/auth/logout`,method:"POST",source:"auth"});if(auth.refresh?.enabled&&auth.refresh?.isPublic)routes.push({path:auth.refresh.route||`${basePath}/auth/refresh`,method:"POST",source:"auth"});if(auth.passwordReset?.enabled&&auth.passwordReset?.isPublic){let baseRoute=auth.passwordReset.route||`${basePath}/auth/password-reset`;routes.push({path:`${baseRoute}/request`,method:"POST",source:"auth"},{path:`${baseRoute}/confirm`,method:"POST",source:"auth"})}if(auth.passwordChange?.enabled&&auth.passwordChange?.isPublic)routes.push({path:auth.passwordChange.route||`${basePath}/auth/password-change`,method:"POST",source:"auth"});if(auth.magicLink?.enabled&&auth.magicLink?.isPublic)routes.push({path:auth.magicLink.route||`${basePath}/auth/magic-link`,method:"POST",source:"auth"},{path:auth.magicLink.verifyRoute||`${basePath}/auth/magic-link/verify`,method:"GET",source:"auth"});if(auth.register?.enabled&&auth.register?.emailVerification?.enabled)routes.push({path:`${basePath}/verify-email`,method:"GET",source:"auth"},{path:`${basePath}/resend-verification`,method:"POST",source:"auth"});if(auth.invite?.enabled&&auth.invite?.isPublic)routes.push({path:auth.invite.route||`${basePath}/auth/invite`,method:"POST",source:"auth"});if(auth.invite?.enabled){let inviteRoute=auth.invite.route||`${basePath}/auth/invite`;routes.push({path:`${inviteRoute}/verify`,method:"POST",source:"auth"})}if(auth.passwordSet?.enabled)routes.push({path:auth.passwordSet.route||`${basePath}/auth/password-set`,method:"POST",source:"auth"});if(auth.webauthn?.enabled){let webauthnRoute=auth.webauthn.route||`${basePath}/auth/webauthn`;routes.push({path:`${webauthnRoute}/authenticate/options`,method:"POST",source:"auth"},{path:`${webauthnRoute}/authenticate/verify`,method:"POST",source:"auth"})}if(auth.captcha?.enabled&&auth.captcha?.isPublic){let baseRoute=auth.captcha.route||`${basePath}/auth/captcha`;routes.push({path:`${baseRoute}/generate`,method:"GET",source:"auth"},{path:`${baseRoute}/validate`,method:"POST",source:"auth"})}if(auth.sessions?.enabled){let sessionsRoute=auth.sessions.route||`${basePath}/auth/sessions`;routes.push({path:`${sessionsRoute}/approve`,method:"POST",source:"auth"},{path:`${sessionsRoute}/reject`,method:"POST",source:"auth"},{path:`${sessionsRoute}/approve-page`,method:"GET",source:"auth"},{path:`${sessionsRoute}/reject-page`,method:"GET",source:"auth"},{path:`${sessionsRoute}/approval-status`,method:"GET",source:"auth"})}if(auth.oauth?.enabled){let oauthBase=auth.oauth.basePath||`${basePath}/auth/oauth`,knownProviders=["google","github","microsoft","discord","facebook","twitter","apple","custom"];routes.push({path:`${oauthBase}/providers`,method:"GET",source:"auth"});for(let provider of knownProviders)routes.push({path:`${oauthBase}/${provider}`,method:"GET",source:"auth"},{path:`${oauthBase}/${provider}/callback`,method:"GET",source:"auth"})}return routes}function buildEntityPublicRoutes(entities,basePath,_schema){let routes=[];for(let entity of entities){if(!entity.is_public)continue;let camelName=entity.table_name.replace(/_([a-z])/g,(_,l)=>l.toUpperCase()),entityPath=`${basePath}/${camelName}`;for(let[nucleusMethod,isPublic]of Object.entries(entity.is_public)){if(!isPublic)continue;let httpMethods=METHOD_MAP[nucleusMethod];if(!httpMethods)continue;for(let method of httpMethods)if(method==="GET")routes.push({path:entityPath,method:"GET",source:"entity"}),routes.push({path:`${entityPath}/:id`,method:"GET",source:"entity"});else if(method==="POST")routes.push({path:entityPath,method:"POST",source:"entity"});else if(method==="PUT"||method==="PATCH")routes.push({path:`${entityPath}/:id`,method,source:"entity"});else if(method==="DELETE")routes.push({path:`${entityPath}/:id`,method:"DELETE",source:"entity"})}}return routes}function buildSystemTablePublicRoutes(systemTables2,basePath,schema){return buildEntityPublicRoutes(systemTables2,basePath,schema)}function buildPublicRoutes(config,systemTables2,basePath="",schema="public"){let authRoutes=buildAuthPublicRoutes(config,basePath),entityRoutes=buildEntityPublicRoutes(config.entities||[],basePath,schema),systemRoutes=buildSystemTablePublicRoutes(systemTables2,basePath,schema),pubsubRoutes=[];if(config.pubsub?.enabled){let pubsubBasePath=config.pubsub.basePath||"/subs",wsPath=config.pubsub.wsPath||"/api/events/subscribe";pubsubRoutes.push({path:`${pubsubBasePath}/:topic`,method:"POST",source:"system"},{path:wsPath,method:"GET",source:"system"})}let paymentRoutes=[];if(config.payment?.enabled){let paymentBasePath=config.payment.basePath||"/payment";paymentRoutes.push({path:`${paymentBasePath}/callback`,method:"POST",source:"system"},{path:`${paymentBasePath}/callback`,method:"OPTIONS",source:"system"},{path:`${paymentBasePath}/bin-query`,method:"POST",source:"system"},{path:`${paymentBasePath}/webhook`,method:"POST",source:"system"})}let discoveryRoutes=[];if(config.authorization?.endpointDiscovery?.enabled)discoveryRoutes.push({path:"/authorization/route-manifest",method:"GET",source:"system"},{path:"/authorization/route-manifest",method:"OPTIONS",source:"system"},{path:"/authorization/role-claims-manifest",method:"GET",source:"system"},{path:"/authorization/role-claims-manifest",method:"OPTIONS",source:"system"});let domainRoutes=[];if(config.domains?.enabled){let domainsBasePath=config.domains.basePath||"/domains";domainRoutes.push({path:`${basePath}${domainsBasePath}/resolve`,method:"GET",source:"system"})}let tenantRoutes=[];if(config.database?.isMultiTenant)tenantRoutes.push({path:`${basePath}/tenants`,method:"GET",source:"system"}),tenantRoutes.push({path:`${basePath}/tenants/check-subdomain/:subdomain`,method:"GET",source:"system"}),tenantRoutes.push({path:`${basePath}/tenants/self-signup`,method:"POST",source:"system"}),tenantRoutes.push({path:`${basePath}/tenants/refresh`,method:"POST",source:"system"});let customRoutes=[{path:"/nucleus-core",method:"GET",source:"custom"},{path:"/public",method:"GET",source:"custom"},{path:"/docs",method:"GET",source:"custom"},{path:"/docs/json",method:"GET",source:"custom"},{path:"/swagger",method:"GET",source:"custom"},{path:"/swagger/json",method:"GET",source:"custom"}],configPublicPaths=config.authorization?.publicPaths||[],ALL_PUBLIC_METHODS=["GET","POST","PUT","PATCH","DELETE","OPTIONS"],configPublicRoutes=configPublicPaths.flatMap((entry)=>{let trimmed=entry.trim(),qualified=trimmed.match(/^(GET|POST|PUT|PATCH|DELETE|OPTIONS)\s+(.+)$/i);if(qualified?.[1]&&qualified[2]){let method=qualified[1].toUpperCase(),path2=qualified[2].trim(),routes=[{path:path2,method,source:"custom"}];if(method!=="OPTIONS")routes.push({path:path2,method:"OPTIONS",source:"custom"});return routes}if(trimmed.startsWith("/auth/"))return ALL_PUBLIC_METHODS.map((method)=>({path:trimmed,method,source:"custom"}));return logger.warn(`[Security] publicPaths entry "${trimmed}" is unqualified \u2014 exposing GET + OPTIONS only. To make a write method public, use the explicit form, e.g. "POST ${trimmed}".`),[{path:trimmed,method:"GET",source:"custom"},{path:trimmed,method:"OPTIONS",source:"custom"}]});return[...authRoutes,...entityRoutes,...systemRoutes,...pubsubRoutes,...paymentRoutes,...discoveryRoutes,...domainRoutes,...tenantRoutes,...customRoutes,...configPublicRoutes]}function isPublicRoute(publicRoutes,path2,method){if(/\/\/|\\|%2f|%2e|%5c/i.test(path2))return!1;let normalizedPath=path2.replace(/\/$/,""),normalizedMethod=method.toUpperCase();for(let route of publicRoutes){if(route.method!==normalizedMethod)continue;if(matchPath(route.path,normalizedPath))return!0}return!1}function matchPath(pattern,path2){if(pattern===path2)return!0;let patternParts=pattern.split("/").filter(Boolean),pathParts=path2.split("/").filter(Boolean);if(patternParts.length!==pathParts.length)return!1;for(let i=0;i<patternParts.length;i++){let patternPart=patternParts[i],pathPart=pathParts[i];if(patternPart?.startsWith(":"))continue;if(patternPart!==pathPart)return!1}return!0}import{Elysia as Elysia2}from"elysia";import{eq as eq18}from"drizzle-orm";import{eq as eq17}from"drizzle-orm";var col6=(table,name2)=>{let tableRecord=table,snakeCase=name2.replace(/([A-Z])/g,"_$1").toLowerCase();return tableRecord[name2]||tableRecord[snakeCase]};async function requireGodmin(db,usersTable,userId){let user=(await db.select().from(usersTable).where(eq17(col6(usersTable,"id"),userId)).limit(1))[0];return Boolean(user?.isGod)}function validatePassword(pwd,policy){let errors2=[],minLen=policy?.minLength??8,maxLen=policy?.maxLength??128,needUpper=policy?.requireUppercase??!0,needLower=policy?.requireLowercase??!0,needDigit=policy?.requireNumber??!0,needSpecial=policy?.requireSpecialChar??!1;if(pwd.length<minLen)errors2.push(`Password must be at least ${minLen} characters`);if(pwd.length>maxLen)errors2.push(`Password must be at most ${maxLen} characters`);if(needUpper&&!/[A-Z]/.test(pwd))errors2.push("Password must contain uppercase letter");if(needLower&&!/[a-z]/.test(pwd))errors2.push("Password must contain lowercase letter");if(needDigit&&!/[0-9]/.test(pwd))errors2.push("Password must contain a number");if(needSpecial&&!/[!@#$%^&*()_+\-=[\]{};':"\\|,.<>/?]/.test(pwd))errors2.push("Password must contain a special character");return{valid:errors2.length===0,errors:errors2}}var handleActivateUsers=(db,usersTable,logger2)=>async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId||!await requireGodmin(db,usersTable,userId))return ctx.set.status=403,{success:!1,message:"Forbidden"};let result=await db.update(usersTable).set({isLocked:!1,lockedUntil:null,failedLoginAttempts:0,updatedAt:new Date}).where(eq18(col6(usersTable,"cohortId"),ctx.params.id)).returning();return logger2.audit({entityName:"user_cohorts",entityId:ctx.params.id,operation:"COHORT_ACTIVATE_USERS",userId,summary:`Activated ${result.length} users in cohort`}),{success:!0,data:{affected:result.length}}};init_assignDefaultRole();init_utils6();import{count,eq as eq20,inArray as inArray6}from"drizzle-orm";var handleBulkCreateUsers=(config,logger2)=>{let{db,usersTable,cohortsTable,rolesTable,userRolesTable,profilesTable}=config;return async(ctx)=>{if(!db||!usersTable||!cohortsTable)return ctx.set.status=500,{success:!1,message:"Server misconfigured"};let callerId=ctx.request.headers.get("x-user-id");if(!callerId||!await requireGodmin(db,usersTable,callerId))return ctx.set.status=403,{success:!1,message:"Forbidden"};let cohortId=ctx.params.id;if((await db.select().from(cohortsTable).where(eq20(col6(cohortsTable,"id"),cohortId)).limit(1)).length===0)return ctx.set.status=404,{success:!1,message:"Cohort not found"};let{users:explicitUsers,emailPrefix,emailDomain,sharedPassword,count:userCount,roleIds}=ctx.body,userList=[];if(explicitUsers&&explicitUsers.length>0)for(let u of explicitUsers)userList.push({email:u.email.toLowerCase().trim(),password:u.password,firstName:u.profile?.firstName,lastName:u.profile?.lastName});else if(emailPrefix&&emailDomain&&sharedPassword&&userCount){let padLen=String(userCount).length;for(let i=1;i<=userCount;i++){let paddedNum=String(i).padStart(padLen,"0");userList.push({email:`${emailPrefix}-${paddedNum}@${emailDomain}`.toLowerCase(),password:sharedPassword})}}else return ctx.set.status=400,{success:!1,message:'Provide either "users" array or "emailPrefix" + "emailDomain" + "sharedPassword" + "count"'};if(userList.length>500)return ctx.set.status=400,{success:!1,message:"Maximum 500 users per batch"};for(let entry of userList){let validation=validatePassword(entry.password,config.passwordPolicy);if(!validation.valid)return ctx.set.status=400,{success:!1,message:`Password too weak for ${entry.email}`,errors:validation.errors}}let emails=userList.map((u)=>u.email),existingRows=await db.select({email:col6(usersTable,"email")}).from(usersTable).where(inArray6(col6(usersTable,"email"),emails)),existingEmails=new Set(existingRows.map((r)=>String(r.email).toLowerCase())),created=[],skipped=[],now=new Date;for(let entry of userList){if(existingEmails.has(entry.email)){skipped.push(entry.email);continue}let hashedPw=await hashPassword(entry.password),newUser=(await db.insert(usersTable).values({email:entry.email,password:hashedPw,emailVerified:!0,verifiedAt:now,isLocked:!1,cohortId,createdAt:now,updatedAt:now}).returning())[0];if(!newUser)continue;let newUserId=String(newUser.id);if(created.push({id:newUserId,email:entry.email,password:entry.password}),roleIds&&roleIds.length>0&&rolesTable&&userRolesTable){let validIds=(await db.select({id:col6(rolesTable,"id")}).from(rolesTable).where(inArray6(col6(rolesTable,"id"),roleIds))).map((r)=>String(r.id));if(validIds.length>0)await db.insert(userRolesTable).values(validIds.map((roleId)=>({userId:newUserId,roleId})))}else if(config.defaultRole)await assignDefaultRole({db,userId:newUserId,roleName:config.defaultRole,rolesTable,userRolesTable,logger:logger2});if((entry.firstName||entry.lastName)&&profilesTable)await db.insert(profilesTable).values({userId:newUserId,firstName:entry.firstName??null,lastName:entry.lastName??null,createdAt:now,updatedAt:now}).catch((err)=>{logger2.warn("[Cohort] Failed to create profile for user",{userId:newUserId,error:err.message})})}let countResult=await db.select({count:count()}).from(usersTable).where(eq20(col6(usersTable,"cohortId"),cohortId)),totalUsers=Number(countResult[0]?.count)||0;return await db.update(cohortsTable).set({userCount:totalUsers,updatedAt:new Date}).where(eq20(col6(cohortsTable,"id"),cohortId)),logger2.audit({entityName:"user_cohorts",entityId:cohortId,operation:"COHORT_BULK_CREATE",userId:callerId,summary:`Bulk created ${created.length} users in cohort (${skipped.length} skipped)`}),{success:!0,data:{created:created.length,skipped:skipped.length,skippedEmails:skipped,users:created}}}};var handleCreateCohort=(db,usersTable,cohortsTable,logger2)=>async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId||!await requireGodmin(db,usersTable,userId))return ctx.set.status=403,{success:!1,message:"Forbidden"};let{name:name2,description,expiresAt,metadata}=ctx.body,now=new Date,inserted=await db.insert(cohortsTable).values({name:name2,description:description??null,createdBy:userId,expiresAt:expiresAt?new Date(expiresAt):null,userCount:0,metadata:metadata??{},createdAt:now,updatedAt:now}).returning();return logger2.audit({entityName:"user_cohorts",entityId:inserted[0]?.id,operation:"COHORT_CREATE",userId,summary:`Created cohort "${name2}"`}),{success:!0,data:inserted[0]}};import{eq as eq21}from"drizzle-orm";var handleDeactivateUsers=(db,usersTable,logger2)=>async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId||!await requireGodmin(db,usersTable,userId))return ctx.set.status=403,{success:!1,message:"Forbidden"};let result=await db.update(usersTable).set({isLocked:!0,updatedAt:new Date}).where(eq21(col6(usersTable,"cohortId"),ctx.params.id)).returning();return logger2.audit({entityName:"user_cohorts",entityId:ctx.params.id,operation:"COHORT_DEACTIVATE_USERS",userId,summary:`Deactivated ${result.length} users in cohort`}),{success:!0,data:{affected:result.length}}};import{eq as eq22,inArray as inArray7}from"drizzle-orm";var handleDeleteUsers=(db,usersTable,cohortsTable,userRolesTable,profilesTable,logger2)=>async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId||!await requireGodmin(db,usersTable,userId))return ctx.set.status=403,{success:!1,message:"Forbidden"};let userIds=(await db.select({id:col6(usersTable,"id")}).from(usersTable).where(eq22(col6(usersTable,"cohortId"),ctx.params.id))).map((u)=>String(u.id));if(userIds.length>0){if(userRolesTable)await db.delete(userRolesTable).where(inArray7(col6(userRolesTable,"userId"),userIds));if(profilesTable)await db.delete(profilesTable).where(inArray7(col6(profilesTable,"userId"),userIds));await db.delete(usersTable).where(inArray7(col6(usersTable,"id"),userIds))}return await db.update(cohortsTable).set({userCount:0,updatedAt:new Date}).where(eq22(col6(cohortsTable,"id"),ctx.params.id)),logger2.audit({entityName:"user_cohorts",entityId:ctx.params.id,operation:"COHORT_DELETE_USERS",userId,summary:`Deleted ${userIds.length} users from cohort`}),{success:!0,data:{deleted:userIds.length}}};import{eq as eq23}from"drizzle-orm";var handleGetCohort=(db,usersTable,cohortsTable)=>async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId||!await requireGodmin(db,usersTable,userId))return ctx.set.status=403,{success:!1,message:"Forbidden"};let rows=await db.select().from(cohortsTable).where(eq23(col6(cohortsTable,"id"),ctx.params.id)).limit(1);if(rows.length===0)return ctx.set.status=404,{success:!1,message:"Cohort not found"};let userRows=await db.select().from(usersTable).where(eq23(col6(usersTable,"cohortId"),ctx.params.id));return{success:!0,data:{...rows[0],users:userRows}}};import{eq as eq24}from"drizzle-orm";var csvCell=(value)=>{let s=value==null?"":String(value);if(/^[=+\-@\t\r]/.test(s))s=`'${s}`;if(/[",\n\r]/.test(s))s=`"${s.replace(/"/g,'""')}"`;return s},handleExportUsers=(db,usersTable)=>async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId||!await requireGodmin(db,usersTable,userId))return ctx.set.status=403,{success:!1,message:"Forbidden"};let userRows=await db.select().from(usersTable).where(eq24(col6(usersTable,"cohortId"),ctx.params.id)),lines=["email,status,locked,created_at"];for(let row of userRows){let u=row;lines.push([csvCell(u.email),csvCell(u.isActive?"active":"inactive"),csvCell(u.isLocked?"yes":"no"),csvCell(u.createdAt)].join(","))}return ctx.set.headers["content-type"]="text/csv",ctx.set.headers["content-disposition"]=`attachment; filename="cohort-${ctx.params.id}-users.csv"`,lines.join(`
528
528
  `)};var handleListCohorts=(db,usersTable,cohortsTable)=>async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId||!await requireGodmin(db,usersTable,userId))return ctx.set.status=403,{success:!1,message:"Forbidden"};let rows=await db.select().from(cohortsTable);return{success:!0,data:{items:rows,meta:{totalItems:rows.length}}}};import{eq as eq25}from"drizzle-orm";var handleDeleteCohort=(db,usersTable,cohortsTable,logger2)=>async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId||!await requireGodmin(db,usersTable,userId))return ctx.set.status=403,{success:!1,message:"Forbidden"};return await db.update(usersTable).set({cohortId:null,updatedAt:new Date}).where(eq25(col6(usersTable,"cohortId"),ctx.params.id)),await db.delete(cohortsTable).where(eq25(col6(cohortsTable,"id"),ctx.params.id)),logger2.audit({entityName:"user_cohorts",entityId:ctx.params.id,operation:"COHORT_DELETE",userId,summary:`Deleted cohort ${ctx.params.id}`}),{success:!0,data:null}};import{eq as eq26}from"drizzle-orm";var handleUpdateCohort=(db,usersTable,cohortsTable)=>async(ctx)=>{let userId=ctx.request.headers.get("x-user-id");if(!userId||!await requireGodmin(db,usersTable,userId))return ctx.set.status=403,{success:!1,message:"Forbidden"};let updates={updatedAt:new Date};if(ctx.body.name!==void 0)updates.name=ctx.body.name;if(ctx.body.description!==void 0)updates.description=ctx.body.description;if(ctx.body.expiresAt!==void 0)updates.expiresAt=ctx.body.expiresAt?new Date(ctx.body.expiresAt):null;if(ctx.body.metadata!==void 0)updates.metadata=ctx.body.metadata;if(ctx.body.isActive!==void 0)updates.isActive=ctx.body.isActive;let updated=await db.update(cohortsTable).set(updates).where(eq26(col6(cohortsTable,"id"),ctx.params.id)).returning();if(updated.length===0)return ctx.set.status=404,{success:!1,message:"Cohort not found"};return{success:!0,data:updated[0]}};import{t}from"elysia";var CohortBodySchema=t.Object({name:t.String({minLength:1,maxLength:255}),description:t.Optional(t.String()),expiresAt:t.Optional(t.String()),metadata:t.Optional(t.Record(t.String(),t.Unknown()))}),CohortUpdateSchema=t.Object({name:t.Optional(t.String({minLength:1,maxLength:255})),description:t.Optional(t.String()),expiresAt:t.Optional(t.Union([t.String(),t.Null()])),metadata:t.Optional(t.Record(t.String(),t.Unknown())),isActive:t.Optional(t.Boolean())}),BulkCreateUserItem=t.Object({email:t.String({format:"email"}),password:t.String({minLength:8}),profile:t.Optional(t.Object({firstName:t.Optional(t.String()),lastName:t.Optional(t.String())}))}),BulkCreateSchema=t.Object({users:t.Optional(t.Array(BulkCreateUserItem)),emailPrefix:t.Optional(t.String()),emailDomain:t.Optional(t.String()),sharedPassword:t.Optional(t.String({minLength:8})),count:t.Optional(t.Integer({minimum:1,maximum:500})),roleIds:t.Optional(t.Array(t.String()))});function createCohortRoutes(config){let{db,logger:logger2,cohortsTable,usersTable,userRolesTable,profilesTable,basePath}=config,routes=new Elysia2;if(!db||!cohortsTable||!usersTable)return logger2.warn("[Cohort] Skipped \u2014 missing tables",{hasDb:!!db,hasCohortsTable:!!cohortsTable,hasUsersTable:!!usersTable}),routes;return routes.get(basePath,handleListCohorts(db,usersTable,cohortsTable)),routes.get(`${basePath}/:id`,handleGetCohort(db,usersTable,cohortsTable)),routes.post(basePath,handleCreateCohort(db,usersTable,cohortsTable,logger2),{body:CohortBodySchema}),routes.patch(`${basePath}/:id`,handleUpdateCohort(db,usersTable,cohortsTable),{body:CohortUpdateSchema}),routes.delete(`${basePath}/:id`,handleDeleteCohort(db,usersTable,cohortsTable,logger2)),routes.post(`${basePath}/:id/bulk-create`,handleBulkCreateUsers(config,logger2),{body:BulkCreateSchema}),routes.post(`${basePath}/:id/deactivate-users`,handleDeactivateUsers(db,usersTable,logger2)),routes.post(`${basePath}/:id/activate-users`,handleActivateUsers(db,usersTable,logger2)),routes.post(`${basePath}/:id/delete-users`,handleDeleteUsers(db,usersTable,cohortsTable,userRolesTable,profilesTable,logger2)),routes.get(`${basePath}/:id/export`,handleExportUsers(db,usersTable)),routes}init_deviceInfo();import{Elysia as Elysia6}from"elysia";import{Elysia as Elysia3,t as t2}from"elysia";function getUserId(request){return request.headers.get("x-user-id")}function chatErrorStatus(code){switch(code){case"forbidden":return 403;case"not_found":return 404;case"validation":return 400;case"conflict":return 409;case"disabled":return 409;default:return 400}}async function guard(set,logger2,fn){try{return{success:!0,data:await fn()}}catch(err){if(err instanceof ChatError)return set.status=chatErrorStatus(err.code),{success:!1,message:err.message};return logger2.error("[Chat] Unhandled route error",{error:err instanceof Error?err.message:String(err)}),set.status=500,{success:!1,message:"Internal server error"}}}function unauthorized(set){return set.status=401,{success:!1,message:"Authentication required"}}function createConversationRoutes(deps){let{logger:logger2,getService}=deps,app=new Elysia3({prefix:deps.config.basePath});return app.get("/conversations",({request,query,set})=>{let userId=getUserId(request);if(!userId)return unauthorized(set);let{service}=getService(request);return guard(set,logger2,()=>service.listConversations(userId,{limit:query.limit?Number(query.limit):void 0,offset:query.offset?Number(query.offset):void 0}))},{query:t2.Object({limit:t2.Optional(t2.String()),offset:t2.Optional(t2.String())}),detail:{tags:["Chat"],summary:"List my conversations"}}),app.post("/conversations",({request,body,set})=>{let userId=getUserId(request);if(!userId)return unauthorized(set);let{service}=getService(request),input=body;return guard(set,logger2,()=>{if(input.type==="group"){if(!input.title)throw new ChatError("validation","A group title is required");return service.createGroup({creatorId:userId,title:input.title,description:input.description,avatarFileId:input.avatarFileId,participantIds:input.participantIds??[]})}if(!input.targetUserId)throw new ChatError("validation","targetUserId is required for a direct conversation");return service.getOrCreateDirect(userId,input.targetUserId)})},{body:t2.Object({type:t2.Optional(t2.Union([t2.Literal("direct"),t2.Literal("group")])),targetUserId:t2.Optional(t2.String()),title:t2.Optional(t2.String()),description:t2.Optional(t2.String()),avatarFileId:t2.Optional(t2.String()),participantIds:t2.Optional(t2.Array(t2.String()))}),detail:{tags:["Chat"],summary:"Create or open a conversation"}}),app.get("/conversations/:id",({request,params,set})=>{let userId=getUserId(request);if(!userId)return unauthorized(set);let{service}=getService(request);return guard(set,logger2,()=>service.getConversation(params.id,userId))},{params:t2.Object({id:t2.String()}),detail:{tags:["Chat"],summary:"Get a conversation"}}),app.post("/conversations/:id/participants",({request,params,body,set})=>{let userId=getUserId(request);if(!userId)return unauthorized(set);let{service}=getService(request),{userIds}=body;return guard(set,logger2,()=>service.addParticipants(params.id,userId,userIds))},{params:t2.Object({id:t2.String()}),body:t2.Object({userIds:t2.Array(t2.String())}),detail:{tags:["Chat"],summary:"Add group participants"}}),app.delete("/conversations/:id/participants/:userId",({request,params,set})=>{let userId=getUserId(request);if(!userId)return unauthorized(set);let{service}=getService(request);return guard(set,logger2,async()=>{return await service.removeParticipant(params.id,userId,params.userId),{removed:params.userId}})},{params:t2.Object({id:t2.String(),userId:t2.String()}),detail:{tags:["Chat"],summary:"Remove a participant / leave group"}}),app}import{Elysia as Elysia5,t as t4}from"elysia";init_storage2();var CONTENT_TYPE_SCHEMA=t4.Optional(t4.Union([t4.Literal("text"),t4.Literal("image"),t4.Literal("file"),t4.Literal("video"),t4.Literal("audio")]));function createMessageRoutes(deps){let{logger:logger2,getService}=deps,app=new Elysia5({prefix:deps.config.basePath});return app.get("/conversations/:id/messages",({request,params,query,set})=>{let userId=getUserId(request);if(!userId)return unauthorized(set);let{service}=getService(request);return guard(set,logger2,()=>service.getMessages({conversationId:params.id,userId,limit:query.limit?Number(query.limit):void 0,before:query.before||void 0}))},{params:t4.Object({id:t4.String()}),query:t4.Object({limit:t4.Optional(t4.String()),before:t4.Optional(t4.String())}),detail:{tags:["Chat"],summary:"Get conversation messages (newest first)"}}),app.post("/conversations/:id/messages",({request,params,body,set})=>{let userId=getUserId(request);if(!userId)return unauthorized(set);let{service}=getService(request),input=body;return guard(set,logger2,()=>service.sendMessage({conversationId:params.id,senderId:userId,content:input.content,contentType:input.contentType,replyToId:input.replyToId,clientMessageId:input.clientMessageId,attachments:input.attachmentIds?.map((fileId)=>({fileId})),metadata:input.metadata}))},{params:t4.Object({id:t4.String()}),body:t4.Object({content:t4.Optional(t4.String()),contentType:CONTENT_TYPE_SCHEMA,replyToId:t4.Optional(t4.String()),clientMessageId:t4.Optional(t4.String()),attachmentIds:t4.Optional(t4.Array(t4.String())),metadata:t4.Optional(t4.Any())}),detail:{tags:["Chat"],summary:"Send a message (link pre-uploaded attachments)"}}),app.post("/conversations/:id/messages/upload",({request,params,body,set})=>{let userId=getUserId(request);if(!userId)return unauthorized(set);if(!deps.attachmentsAvailable)return set.status=409,{success:!1,message:"File attachments require storage and CDN to be enabled"};let{service,schemaTables}=getService(request);return guard(set,logger2,async()=>{let filesTable=resolveSchemaTable(schemaTables,"files",logger2);if(!filesTable)throw new ChatError("disabled","Files table unavailable in this schema");let{data,files}=parseFormDataBody(body,deps.storageConfig);if(files.length===0)throw new ChatError("validation","At least one file is required");let{records,failed}=await persistUploadedFiles({db:deps.db,filesTable,files,storageConfig:deps.storageConfig,subFolder:"chat",userId});if(records.length===0)throw new ChatError("validation",failed[0]?.error??"File upload failed");let content=typeof data.content==="string"?data.content:void 0,replyToId=typeof data.replyToId==="string"?data.replyToId:void 0,clientMessageId=typeof data.clientMessageId==="string"?data.clientMessageId:void 0;return service.sendMessage({conversationId:params.id,senderId:userId,content,replyToId,clientMessageId,attachments:records.map((record)=>({fileId:record.id,originalName:record.originalName,mimeType:record.mimeType,size:record.size}))})})},{type:"formdata",params:t4.Object({id:t4.String()}),body:t4.Object({[deps.storageConfig.formData.dataField]:t4.Optional(t4.Union([t4.String(),t4.Any()])),[deps.storageConfig.formData.filesField]:t4.Optional(t4.Union([t4.File(),t4.Array(t4.File())]))}),detail:{tags:["Chat"],summary:"Send a message with uploaded file attachments"}}),app.post("/conversations/:id/read",({request,params,body,set})=>{let userId=getUserId(request);if(!userId)return unauthorized(set);let{service}=getService(request),{messageId}=body;return guard(set,logger2,()=>service.markRead(params.id,userId,messageId))},{params:t4.Object({id:t4.String()}),body:t4.Object({messageId:t4.Optional(t4.String())}),detail:{tags:["Chat"],summary:"Mark a conversation as read"}}),app.post("/conversations/:id/typing",({request,params,body,set})=>{let userId=getUserId(request);if(!userId)return unauthorized(set);let{service}=getService(request),{isTyping}=body;return guard(set,logger2,async()=>{return await service.setTyping(params.id,userId,isTyping??!0),{ok:!0}})},{params:t4.Object({id:t4.String()}),body:t4.Object({isTyping:t4.Optional(t4.Boolean())}),detail:{tags:["Chat"],summary:"Broadcast a typing indicator"}}),app.patch("/messages/:id",({request,params,body,set})=>{let userId=getUserId(request);if(!userId)return unauthorized(set);let{service}=getService(request),{content}=body;return guard(set,logger2,()=>service.editMessage(params.id,userId,content))},{params:t4.Object({id:t4.String()}),body:t4.Object({content:t4.String()}),detail:{tags:["Chat"],summary:"Edit a message"}}),app.delete("/messages/:id",({request,params,set})=>{let userId=getUserId(request);if(!userId)return unauthorized(set);let{service}=getService(request);return guard(set,logger2,async()=>{return await service.deleteMessage(params.id,userId),{deleted:params.id}})},{params:t4.Object({id:t4.String()}),detail:{tags:["Chat"],summary:"Delete a message"}}),app}function createChatRoutes(routeConfig){let{db,schemaTables,config,logger:logger2,broadcaster,tenantRegistry,storageConfig,attachmentsAvailable,cdnBasePath}=routeConfig,buildService=(tables)=>new ChatService({db,schemaTables:tables,config,logger:logger2,broadcaster,cdnBasePath,attachmentsAvailable}),defaultService=buildService(schemaTables),deps={db,config,logger:logger2,storageConfig,attachmentsAvailable,getService:(request)=>{if(!tenantRegistry)return{service:defaultService,schemaTables};let schemaName=request.headers.get("x-tenant-schema");if(!schemaName)return{service:defaultService,schemaTables};let ctx=tenantRegistry.getSchemaContext(schemaName);if(!ctx)return{service:defaultService,schemaTables};return{service:buildService(ctx.schemaTables),schemaTables:ctx.schemaTables}}},routes=new Elysia6;return routes.use(createConversationRoutes(deps)),routes.use(createMessageRoutes(deps)),logger2.info(`[Chat] Routes registered at ${config.basePath}`,{attachmentsAvailable,groupsEnabled:config.groupsEnabled}),{routes,chatService:defaultService}}init_Authorization();init_helpers3();import Elysia7,{t as t5}from"elysia";function createConfigRoutes(routeConfig){let{logger:logger2,resolvedOptions,configFilePath,basePath,onConfigUpdate,db,schemaTables,getRedis}=routeConfig,plugin=new Elysia7({prefix:basePath});return plugin.onBeforeHandle(async({request,set})=>{if(decodeHeaderList(request.headers.get("x-user-roles")).includes(GODMIN_ROLE_NAME))return;let userId=request.headers.get("x-user-id");if(userId&&db&&schemaTables.users)try{let{eq:eq27}=await import("drizzle-orm"),usersTable=schemaTables.users;if((await db.select().from(usersTable).where(eq27(usersTable.id,userId)).limit(1))[0]?.isGod===!0)return}catch(err){logger2.warn("[ConfigManagement] Failed to check isGod from DB",{error:err instanceof Error?err.message:String(err)})}return set.status=403,Response.json({isSuccess:!1,message:"Only godmin users can access config management",data:null})}),plugin.get("/",()=>{let configCopy=JSON.parse(JSON.stringify(resolvedOptions));return{isSuccess:!0,message:"Current running configuration",data:{config:maskSensitiveFields(configCopy),configFilePath,sections:buildSectionsMeta(resolvedOptions)}}},{detail:{tags:["Config Management"],summary:"Get full running configuration",description:"Returns the full running configuration with sensitive fields masked."}}),plugin.get("/sections",()=>({isSuccess:!0,message:"Config section metadata",data:{sections:buildSectionsMeta(resolvedOptions)}}),{detail:{tags:["Config Management"],summary:"List all config sections with metadata",description:"Section list is derived at runtime from the config object \u2014 no hardcoding."}}),plugin.get("/env",()=>{let configCopy=JSON.parse(JSON.stringify(resolvedOptions)),entries=scanEnvVars(configCopy),resolvedCount=entries.filter((e)=>e.resolved).length,missingCount=entries.length-resolvedCount;return{isSuccess:!0,message:`Found ${entries.length} env var references (${resolvedCount} resolved, ${missingCount} missing)`,data:{entries,totalCount:entries.length,resolvedCount,missingCount}}},{detail:{tags:["Config Management"],summary:"Get resolved environment variables",description:"Scans the config tree for UPPER_SNAKE_CASE string values (env var references) and resolves them. Sensitive values are masked."}}),plugin.get("/overrides",async()=>{let redis=getRedis();if(!redis)return{isSuccess:!0,message:"Redis not available \u2014 no overrides stored",data:{overrides:null,sectionCount:0,sections:[]}};let overrides=await readOverridesFromRedis(redis,resolvedOptions.appId||"nucleus"),sections=overrides?Object.keys(overrides).filter((k)=>{let v=overrides[k];return v!==void 0&&v!==null&&(typeof v!=="object"||Object.keys(v).length>0)}):[];return{isSuccess:!0,message:sections.length>0?`${sections.length} section override(s) stored in Redis`:"No overrides in Redis",data:{overrides:overrides?maskSensitiveFields(overrides):null,sectionCount:sections.length,sections}}},{detail:{tags:["Config Management"],summary:"View Redis config overrides",description:"Returns overrides stored in Redis that will be merged on next restart."}}),plugin.delete("/overrides",async()=>{let redis=getRedis();if(!redis)return{isSuccess:!1,message:"Redis not available",data:null};let existing=await readOverridesFromRedis(redis,resolvedOptions.appId||"nucleus"),clearedSections=existing?Object.keys(existing):[];return await clearOverridesFromRedis(redis,resolvedOptions.appId||"nucleus"),logger2.info("[ConfigManagement] Redis overrides cleared",{clearedSections}),{isSuccess:!0,message:clearedSections.length>0?`Cleared ${clearedSections.length} override(s) from Redis. Restart to revert to config.json defaults.`:"No overrides to clear.",data:{message:"Redis overrides cleared",clearedSections}}},{detail:{tags:["Config Management"],summary:"Clear all Redis config overrides",description:"Removes all stored overrides from Redis. Restart to revert to config.json defaults."}}),plugin.get("/:section",({params})=>{let{section}=params;if(!hasSection(resolvedOptions,section))return{isSuccess:!1,message:`Unknown config section: ${section}`,data:null};let sectionValue=extractSection(resolvedOptions,section),restart=isRestartRequired(section),maskedValue=sectionValue;if(typeof sectionValue==="object"&&sectionValue!==null&&!Array.isArray(sectionValue))maskedValue=maskSensitiveFields({[section]:sectionValue})[section];return{isSuccess:!0,message:`Config section: ${section}`,data:{section,config:maskedValue??null,restartRequired:restart}}},{params:t5.Object({section:t5.String()}),detail:{tags:["Config Management"],summary:"Get a specific config section",description:"Returns a specific config section with sensitive fields masked."}}),plugin.patch("/:section",async({params,body})=>{let{section}=params,payload=body;if(!hasSection(resolvedOptions,section))return{isSuccess:!1,message:`Unknown config section: ${section}`,data:null};if(!payload.config||typeof payload.config!=="object")return{isSuccess:!1,message:'Request body must contain a "config" object',data:null};let restart=isRestartRequired(section),currentValue=extractSection(resolvedOptions,section),newValue;if(Array.isArray(currentValue))newValue=payload.config.value!==void 0?payload.config.value:payload.config;else if(typeof currentValue==="object"&&currentValue!==null)newValue=deepMerge(currentValue,payload.config);else if(currentValue===void 0||typeof currentValue==="string"||typeof currentValue==="number"||typeof currentValue==="boolean")newValue=payload.config.value!==void 0?payload.config.value:payload.config;else newValue=payload.config;if(applySectionUpdate(resolvedOptions,section,newValue),!restart)onConfigUpdate(section,newValue);let persistMethod="memory-only",persistWarning=null;if(configFilePath)try{await persistConfigToDisk(configFilePath,resolvedOptions),persistMethod="disk",logger2.info(`[ConfigManagement] Section "${section}" persisted to disk`)}catch(diskErr){let diskMsg=diskErr instanceof Error?diskErr.message:String(diskErr);logger2.warn(`[ConfigManagement] Disk persist failed: ${diskMsg}`);let redis=getRedis();if(redis)try{await persistSectionToRedis(redis,resolvedOptions.appId||"nucleus",section,newValue),persistMethod="redis",logger2.info(`[ConfigManagement] Section "${section}" persisted to Redis (disk unavailable)`)}catch(redisErr){let redisMsg=redisErr instanceof Error?redisErr.message:String(redisErr);logger2.error(`[ConfigManagement] Redis persist also failed: ${redisMsg}`),persistWarning=`Disk: ${diskMsg}. Redis: ${redisMsg}. Changes are in-memory only and will be lost on restart.`}else persistWarning=`Disk: ${diskMsg}. Redis not available. Changes are in-memory only and will be lost on restart.`}logger2.info(`[ConfigManagement] Section "${section}" updated (persist: ${persistMethod}, restart-required: ${restart})`);let updatedValue=extractSection(resolvedOptions,section),maskedUpdated=updatedValue;if(typeof updatedValue==="object"&&updatedValue!==null&&!Array.isArray(updatedValue))maskedUpdated=maskSensitiveFields({[section]:updatedValue})[section];let baseMsg=restart?`Config section "${section}" saved (${persistMethod}). Restart required for changes to take effect.`:`Config section "${section}" updated and applied (${persistMethod}).`;return{isSuccess:!0,message:persistWarning?`${baseMsg} Warning: ${persistWarning}`:baseMsg,data:{section,applied:!restart,restartRequired:restart,config:maskedUpdated}}},{params:t5.Object({section:t5.String()}),body:t5.Object({config:t5.Record(t5.String(),t5.Unknown())}),detail:{tags:["Config Management"],summary:"Update a config section",description:"Deep-merges the payload into the section. Hot-reloadable sections apply immediately. Restart-required sections are saved to disk only."}}),plugin.post("/restart",({body})=>{let delayMs=body.delayMs??1000;logger2.info(`[ConfigManagement] Restart scheduled in ${delayMs}ms`);let scheduledAt=new Date().toISOString();return setTimeout(()=>{logger2.info("[ConfigManagement] Restarting process..."),process.exit(0)},delayMs),{isSuccess:!0,message:`Server restart scheduled in ${delayMs}ms`,data:{message:`Process will exit in ${delayMs}ms. Orchestrator (K8s/PM2/systemd) will restart it.`,scheduledAt}}},{body:t5.Optional(t5.Object({delayMs:t5.Optional(t5.Number())})),detail:{tags:["Config Management"],summary:"Restart the server process",description:"Triggers a graceful process exit after a configurable delay. The orchestrator (K8s, PM2, systemd) is expected to restart the process automatically."}}),logger2.info(`[ConfigManagement] Routes enabled at ${basePath}`),plugin}init_adminGuard();import{Elysia as Elysia8,t as t6}from"elysia";var requireAuth=(ctx)=>ctx.request.headers.get("x-user-id"),fail=(ctx,status,message)=>{return ctx.set.status=status,{success:!1,message,data:null}},callerSchemaOf=(ctx)=>ctx.request.headers.get("x-tenant-schema"),isGodmin=(ctx)=>hasGodminRole(ctx.request),ownsHostname=(ctx,record)=>{if(isGodmin(ctx))return!0;let caller=callerSchemaOf(ctx);return record.schemaName!=null&&record.schemaName===caller};function createHostnameRoutes(config){let base=config.basePath,app=new Elysia8,svc=(ctx)=>{let s=config.getDomainService();if(!s)return ctx.set.status=503,null;return s};app.post(`${base}/hostnames`,async(ctx)=>{let service=svc(ctx);if(!service)return{success:!1,message:"Domains not available",data:null};if(!requireAuth(ctx))return fail(ctx,401,"Authentication required");let body=ctx.body,callerSchema=callerSchemaOf(ctx),schemaName=body.schemaName??null,tenantId=body.tenantId??null;if(!hasGodminRole(ctx.request)){if(schemaName&&schemaName!==callerSchema)return fail(ctx,403,"Cannot bind a hostname to another tenant's schema");schemaName=callerSchema;let ownTenantId=config.resolveTenantIdForSchema?.(callerSchema)??null;if(tenantId&&tenantId!==ownTenantId)return fail(ctx,403,"Cannot bind a hostname to another tenant");tenantId=ownTenantId}try{let result=await service.createHostname({hostname:body.hostname,ownerId:body.ownerId,ownerType:body.ownerType,tenantId,schemaName,isPrimary:body.isPrimary});return{success:!0,message:"Custom hostname created",data:{hostname:result.hostname,instructions:result.instructions}}}catch(err){return fail(ctx,400,err instanceof Error?err.message:"Failed to create hostname")}},{body:t6.Object({hostname:t6.String(),ownerId:t6.String(),ownerType:t6.Optional(t6.Union([t6.Literal("tenant"),t6.Literal("organization"),t6.Literal("user"),t6.Literal("external")])),tenantId:t6.Optional(t6.String()),schemaName:t6.Optional(t6.String()),isPrimary:t6.Optional(t6.Boolean())}),detail:{tags:["Domains"],summary:"Create custom hostname"}}),app.get(`${base}/hostnames`,async(ctx)=>{let service=svc(ctx);if(!service)return{success:!1,message:"Domains not available",data:null};if(!requireAuth(ctx))return fail(ctx,401,"Authentication required");let url=new URL(ctx.request.url),items;if(isGodmin(ctx))items=await service.listHostnames({ownerId:url.searchParams.get("ownerId")??void 0,tenantId:url.searchParams.get("tenantId")??void 0});else{let ownTenantId=config.resolveTenantIdForSchema?.(callerSchemaOf(ctx))??null;items=ownTenantId?await service.listHostnames({tenantId:ownTenantId}):[]}return{success:!0,message:`Found ${items.length} hostnames`,data:{items}}}),app.get(`${base}/hostnames/:id`,async(ctx)=>{let service=svc(ctx);if(!service)return{success:!1,message:"Domains not available",data:null};if(!requireAuth(ctx))return fail(ctx,401,"Authentication required");let record=await service.getHostname(ctx.params.id);if(!record||!ownsHostname(ctx,record))return fail(ctx,404,"Hostname not found");return{success:!0,message:"Hostname found",data:record}}),app.get(`${base}/hostnames/:id/instructions`,async(ctx)=>{let service=svc(ctx);if(!service)return{success:!1,message:"Domains not available",data:null};if(!requireAuth(ctx))return fail(ctx,401,"Authentication required");let id=ctx.params.id,record=await service.getHostname(id);if(!record||!ownsHostname(ctx,record))return fail(ctx,404,"Hostname not found");return{success:!0,message:"DNS instructions",data:{instructions:await service.getInstructions(id)}}});let lifecycle=(suffix,run,summary)=>{app.post(`${base}/hostnames/:id/${suffix}`,async(ctx)=>{let service=svc(ctx);if(!service)return{success:!1,message:"Domains not available",data:null};if(!requireAuth(ctx))return fail(ctx,401,"Authentication required");let id=ctx.params.id,record=await service.getHostname(id);if(!record||!ownsHostname(ctx,record))return fail(ctx,404,"Hostname not found");try{let data=await run(service,id);if(!data)return fail(ctx,404,"Hostname not found");return{success:!0,message:summary,data}}catch(err){return fail(ctx,400,err instanceof Error?err.message:summary)}})};return lifecycle("verify",(s,id)=>s.verifyHostname(id),"Verification processed"),lifecycle("activate",(s,id)=>s.activateHostname(id),"Hostname activated"),lifecycle("disable",(s,id)=>s.disableHostname(id),"Hostname disabled"),lifecycle("make-primary",(s,id)=>s.makePrimary(id),"Primary hostname set"),lifecycle("refresh-status",(s,id)=>s.refreshStatus(id),"Status refreshed"),app}init_adminGuard();import{Elysia as Elysia9,t as t7}from"elysia";var requireAuth2=(ctx)=>ctx.request.headers.get("x-user-id"),fail2=(ctx,status,message)=>{return ctx.set.status=status,{success:!1,message,data:null}},callerSchemaOf2=(ctx)=>ctx.request.headers.get("x-tenant-schema"),isGodmin2=(ctx)=>hasGodminRole(ctx.request);function createRegistrationRoutes(config){let base=config.basePath,app=new Elysia9,svc=(ctx)=>{let s=config.getRegistrationService();if(!s)return ctx.set.status=503,null;return s},ownTenantId=(ctx)=>config.resolveTenantIdForSchema?.(callerSchemaOf2(ctx))??null,ownsRegistration=(ctx,record)=>{if(isGodmin2(ctx))return!0;let own=ownTenantId(ctx);return record.tenantId!=null&&own!=null&&record.tenantId===own};return app.post(`${base}/registrations`,async(ctx)=>{let service=svc(ctx);if(!service)return{success:!1,message:"Domains not available",data:null};if(!requireAuth2(ctx))return fail2(ctx,401,"Authentication required");let body=ctx.body,tenantId=body.tenantId??null,registrantOwnerType=body.registrantOwnerType;if(!isGodmin2(ctx)){let own=ownTenantId(ctx);if(tenantId&&tenantId!==own)return fail2(ctx,403,"Cannot register a domain for another tenant");if(tenantId=own,registrantOwnerType==="platform")return fail2(ctx,403,"Only a platform admin may register as 'platform'");registrantOwnerType="customer"}try{return{success:!0,message:"Registration requested",data:await service.createRequest({requestedDomain:body.requestedDomain,ownerId:body.ownerId,ownerType:body.ownerType,tenantId,registrantOwnerType,termsVersion:body.termsVersion,termsAccepted:body.termsAccepted,autoRenew:body.autoRenew})}}catch(err){return fail2(ctx,400,err instanceof Error?err.message:"Failed to request registration")}},{body:t7.Object({requestedDomain:t7.String(),ownerId:t7.String(),ownerType:t7.Optional(t7.Union([t7.Literal("tenant"),t7.Literal("organization"),t7.Literal("user"),t7.Literal("external")])),tenantId:t7.Optional(t7.String()),registrantOwnerType:t7.Optional(t7.Union([t7.Literal("customer"),t7.Literal("platform")])),termsVersion:t7.String(),termsAccepted:t7.Boolean(),autoRenew:t7.Optional(t7.Boolean())}),detail:{tags:["Domains"],summary:"Request managed domain registration"}}),app.get(`${base}/registrations`,async(ctx)=>{let service=svc(ctx);if(!service)return{success:!1,message:"Domains not available",data:null};if(!requireAuth2(ctx))return fail2(ctx,401,"Authentication required");let url=new URL(ctx.request.url),items;if(isGodmin2(ctx))items=await service.listRegistrations({ownerId:url.searchParams.get("ownerId")??void 0,tenantId:url.searchParams.get("tenantId")??void 0});else{let own=ownTenantId(ctx);items=own?await service.listRegistrations({tenantId:own}):[]}return{success:!0,message:`Found ${items.length} registrations`,data:{items}}}),app.get(`${base}/registrations/:id`,async(ctx)=>{let service=svc(ctx);if(!service)return{success:!1,message:"Domains not available",data:null};if(!requireAuth2(ctx))return fail2(ctx,401,"Authentication required");let record=await service.getRegistration(ctx.params.id);if(!record||!ownsRegistration(ctx,record))return fail2(ctx,404,"Registration not found");return{success:!0,message:"Registration found",data:record}}),app.post(`${base}/registrations/:id/cancel`,async(ctx)=>{let service=svc(ctx);if(!service)return{success:!1,message:"Domains not available",data:null};if(!requireAuth2(ctx))return fail2(ctx,401,"Authentication required");let id=ctx.params.id,record=await service.getRegistration(id);if(!record||!ownsRegistration(ctx,record))return fail2(ctx,404,"Registration not found");let cancelled=await service.cancel(id);if(!cancelled)return fail2(ctx,404,"Registration not found");return{success:!0,message:"Registration cancelled",data:cancelled}}),app.post(`${base}/registrations/:id/transfer-out`,async(ctx)=>{let service=svc(ctx);if(!service)return{success:!1,message:"Domains not available",data:null};if(!requireAuth2(ctx))return fail2(ctx,401,"Authentication required");let id=ctx.params.id,record=await service.getRegistration(id);if(!record||!ownsRegistration(ctx,record))return fail2(ctx,404,"Registration not found");let out=await service.requestTransferOut(id);if(!out)return fail2(ctx,404,"Registration not found");return{success:!0,message:"Transfer-out requested",data:out}}),app}import{Elysia as Elysia10}from"elysia";function createResolveRoute(config){let base=config.basePath,app=new Elysia10;return app.get(`${base}/resolve`,async(ctx)=>{let service=config.getDomainService();if(!service)return ctx.set.status=503,{success:!1,message:"Domains not available",data:null};let hostname=new URL(ctx.request.url).searchParams.get("hostname")||ctx.request.headers.get("host")||"";if(!hostname)return ctx.set.status=400,{success:!1,message:"hostname is required",data:null};let match=await service.resolveHostname(hostname);if(!match)return ctx.set.status=404,{success:!1,message:"No active hostname matched",data:null};return{success:!0,message:"Resolved",data:match}},{detail:{tags:["Domains"],summary:"Resolve hostname to tenant",description:"Public."}}),app}function createDomainRoutes(app,config){return app.use(createResolveRoute(config)),app.use(createHostnameRoutes(config)),app.use(createRegistrationRoutes(config)),app}import{and as and12,arrayContains,arrayOverlaps,asc,createTableRelationsHelpers,desc as desc5,eq as eq27,getTableName,gt,gte,ilike,inArray as inArray8,isNotNull,isNull as isNull2,like,lt as lt2,lte,ne as ne2,notInArray,or as or2,sql as sql6}from"drizzle-orm";import{drizzle}from"drizzle-orm/node-postgres";import{Elysia as Elysia11,t as t9}from"elysia";init_Authorization();init_utils5();init_adminGuard();var snakeToCamel2=(s)=>s.replace(/_([a-z])/g,(_,l)=>l.toUpperCase()),SENSITIVE_SYSTEM_TABLE_SNAKE=["domain_hostnames","domain_registrations","domain_provider_records","domain_verification_challenges","domain_events","payment_sub_merchants","payment_invoices","payment_subscriptions","payment_customers","payment_transactions","payment_methods","payment_products","payment_prices","payment_commission_splits","payment_splits","payment_reserves","payment_ledger_entries","payment_payout_requests","payment_settlement_policies","payment_disputes","payment_webhook_logs","verifications","api_keys","magic_link_tokens","user_sessions","trusted_devices"],SENSITIVE_SYSTEM_TABLES=new Set(SENSITIVE_SYSTEM_TABLE_SNAKE.flatMap((name2)=>[name2,snakeToCamel2(name2)]));function isSensitiveSystemTable(tableName){return SENSITIVE_SYSTEM_TABLES.has(tableName)}var snakeToCamel3=(s)=>s.replace(/_([a-z])/g,(_,l)=>l.toUpperCase());function forceCreateScope(payload,authResult,resolveColumn){let scopeFilters=authResult?.scopeFilters;if(!scopeFilters)return{ok:!0};for(let[field,value]of Object.entries(scopeFilters)){if(!resolveColumn(field))return{ok:!1,field};payload[snakeToCamel3(field)]=value}return{ok:!0}}init_storage2();function decideRelationExpansion(params){let{authEnabled,targetTable,relAuth,isTargetPublicGet}=params;if(!authEnabled||!targetTable)return{expand:!0};if(relAuth===null)return isTargetPublicGet?{expand:!0}:{expand:!1};if(!relAuth.authorized)return{expand:!1};let scope=relAuth.scopeFilters;if(scope&&Object.keys(scope).length>0)return{expand:!0,scope};return{expand:!0}}function resolveRelationScopeColumn(fields,key2,toCamel3){if(Object.hasOwn(fields,key2))return fields[key2];let camel=toCamel3(key2);return Object.hasOwn(fields,camel)?fields[camel]:void 0}import{t as t8}from"elysia";function buildBodySchemaFromEntityColumns(entityColumns){let properties={};if(!entityColumns||entityColumns.length===0)return t8.Object({},{additionalProperties:!0});for(let col7 of entityColumns)switch(col7.type?.toLowerCase()||"string"){case"integer":case"int":case"serial":case"bigserial":case"numeric":case"decimal":properties[col7.name]=col7.notNull?t8.Number():t8.Optional(t8.Number());break;case"boolean":properties[col7.name]=col7.notNull?t8.Boolean():t8.Optional(t8.Boolean());break;case"timestamp":case"timestamptz":case"date":properties[col7.name]=col7.notNull?t8.String({format:"date-time"}):t8.Optional(t8.String({format:"date-time"}));break;case"json":case"jsonb":properties[col7.name]=t8.Optional(t8.Unknown());break;case"uuid":properties[col7.name]=col7.notNull?t8.String({format:"uuid"}):t8.Optional(t8.String({format:"uuid"}));break;default:properties[col7.name]=col7.notNull?t8.String():t8.Optional(t8.String())}return t8.Object(properties,{additionalProperties:!0})}function createBulkUpdateSchema(entityColumns){return t8.Array(t8.Object({id:t8.String(),data:buildBodySchemaFromEntityColumns(entityColumns)}))}var MAX_BULK_ITEMS=500;function collectFilterFields(filter,out=[]){if(filter.operator==="or"||filter.operator==="and"){let group=Array.isArray(filter.value)?filter.value:[];for(let f of group)collectFilterFields(f,out)}else if(filter.field)out.push(String(filter.field));return out}function buildFilterCondition(filter,resolveCol){if(filter.operator==="or"||filter.operator==="and"){let subs=(Array.isArray(filter.value)?filter.value:[]).map((f)=>buildFilterCondition(f,resolveCol)).filter((c)=>c!==null);if(subs.length===0)return null;return(filter.operator==="or"?or2(...subs):and12(...subs))??null}if(!filter.field)return null;let col7=resolveCol(filter.field);if(!col7)return null;let sqlCol=col7,dataType=col7.dataType,coerce=(v)=>dataType==="date"&&(typeof v==="string"||typeof v==="number")?new Date(v):v;switch(filter.operator){case"eq":return eq27(sqlCol,coerce(filter.value));case"neq":return ne2(sqlCol,coerce(filter.value));case"gt":return gt(sqlCol,coerce(filter.value));case"gte":return gte(sqlCol,coerce(filter.value));case"lt":return lt2(sqlCol,coerce(filter.value));case"lte":return lte(sqlCol,coerce(filter.value));case"like":return like(sqlCol,filter.value);case"ilike":return ilike(sqlCol,filter.value);case"in":return inArray8(sqlCol,filter.value);case"notIn":return notInArray(sqlCol,filter.value);case"arrayOverlaps":return arrayOverlaps(sqlCol,filter.value??[]);case"arrayContains":return arrayContains(sqlCol,filter.value??[]);case"arrayEmpty":return sql6`cardinality(${sqlCol}) = 0`;case"isNull":return isNull2(sqlCol);case"isNotNull":return isNotNull(sqlCol);default:return null}}function createEntityRoutes(app,config){let{db,schemaTables,schemaRelations,entities,logger:logger2,dbPool,storage,authorization,authMode,idpUrl}=config,getRegistry=()=>config.getTenantRegistry?config.getTenantRegistry():config.tenantRegistry??null,getReqSchema=(request)=>{let tenantRegistry=getRegistry();if(!tenantRegistry)return{tables:schemaTables,relations:schemaRelations};let schemaName=request.headers.get("x-tenant-schema");if(!schemaName)return{tables:schemaTables,relations:schemaRelations};let ctx=tenantRegistry.getSchemaContext(schemaName);return ctx?{tables:ctx.schemaTables,relations:ctx.schemaRelations}:{tables:schemaTables,relations:schemaRelations}},storageConfig=mergeStorageConfig(storage),authEnabled=authorization?.enabled??!1,enforceFieldWrites=authEnabled&&authorization?.enforceFieldWriteClaims!==!1,isConsumerMode=authMode==="consumer",filterWritePayload=(payload,authResult)=>{if(!enforceFieldWrites||!authResult?.allowedFields)return payload;return filterResponseFields(payload,authResult.allowedFields)};if(!db)return app;function snakeToCamel4(s){return s.replace(/_([a-z])/g,(_,l)=>l.toUpperCase())}let allTables=Object.keys(schemaTables),entityTableNames=entities.map((e)=>snakeToCamel4(e.table_name)),systemTableNames=allTables.filter((tbl)=>!entityTableNames.includes(tbl)),systemTableDefMap=new Map(SYSTEM_TABLES.map((t10)=>[snakeToCamel4(t10.table_name),t10])),asMeta=(def)=>def??void 0,hasUnmetRequirement=(def)=>{let requires=def?.requires;if(!requires||requires.length===0)return null;for(let req of requires)if(req==="email"&&!config.emailServiceAvailable)return"email";return null},deriveGroupName=(def,fallback)=>{if(def?.group_name)return def.group_name;let primaryFeature=def?.feature_set?.[0];if(!primaryFeature)return fallback;return primaryFeature.charAt(0).toUpperCase()+primaryFeature.slice(1)},systemTables2=systemTableNames.filter((name2)=>{let unmet=hasUnmetRequirement(asMeta(systemTableDefMap.get(name2)));if(unmet)return logger2.info(`Skipping ${name2} routes - missing required dependency: ${unmet}`),!1;return!0}).map((name2)=>{let def=systemTableDefMap.get(name2),meta=asMeta(def);return{table_name:def?.table_name??name2,group_name:deriveGroupName(meta,name2),is_form_data:def?.is_form_data===!0,bulk_endpoints_enabled:def?.bulk_endpoints_enabled??!1,excluded_methods:def?.excluded_methods?[...def.excluded_methods]:[],columns:def?.columns?[...def.columns]:void 0}}),allEntities=[...entities,...systemTables2],publicGetEntities=new Set;for(let e of allEntities)if(e.is_public?.GET===!0)publicGetEntities.add(e.table_name),publicGetEntities.add(snakeToCamel4(e.table_name));logger2.info(`All entities: ${allEntities.map((e)=>e.table_name).join(", ")}`);for(let table of allEntities){let rawTableName=table.table_name,tableName=snakeToCamel4(rawTableName),swaggerTag=table.group_name||rawTableName,writeFields=enforceFieldWrites?table.columns?.map((c)=>c.name):void 0,defaultDrizzleTable=schemaTables[tableName];if(!defaultDrizzleTable)continue;let tableRelations=schemaRelations[`${tableName}Relations`];logger2.info(`Creating routes for table: ${tableName}`);let relationTargetTable={};{let rels=tableRelations;if(rels?.table&&typeof rels?.config==="function")try{let built=rels.config(createTableRelationsHelpers(rels.table));for(let[relName,rel]of Object.entries(built))if(rel?.referencedTable)relationTargetTable[relName]=getTableName(rel.referencedTable)}catch(err){logger2.warn(`[Authorization] Could not map relations for ${tableName}`,{error:err instanceof Error?err.message:String(err)})}}let defaultTableColumns=defaultDrizzleTable,defaultIdCol=defaultTableColumns.id,database=db,drizzleTable=defaultDrizzleTable,tableColumns=defaultTableColumns,idCol=defaultIdCol,resolveCol=(field)=>{if(Object.hasOwn(tableColumns,field))return tableColumns[field];let camel=snakeToCamel4(field);return Object.hasOwn(tableColumns,camel)?tableColumns[camel]:void 0},getTableForRequest=(request)=>{if(!getRegistry())return{drizzleTable,tableColumns,idCol,resolveCol,schemaTables,schemaRelations};let reqSchema=getReqSchema(request),reqTable=reqSchema.tables[tableName]||drizzleTable,reqCols=reqTable,reqIdCol=reqCols.id;return{drizzleTable:reqTable,tableColumns:reqCols,idCol:reqIdCol,resolveCol:(field)=>{if(Object.hasOwn(reqCols,field))return reqCols[field];let camel=snakeToCamel4(field);return Object.hasOwn(reqCols,camel)?reqCols[camel]:void 0},schemaTables:reqSchema.tables,schemaRelations:reqSchema.relations}},bulkUpdateSchema=createBulkUpdateSchema(table.columns),bulkDeleteSchema=t9.Array(t9.String()),authzLog=logger2.scoped("authorization.check"),performAuthCheck=async(request,method,reqFields,reqRelations)=>{let result=await runAuthCheck(request,method,reqFields,reqRelations);if(result){let userId=request.headers.get("x-user-id"),requestId=request.headers.get("x-request-id")||void 0;if(!result.authorized)authzLog.warn(`Denied ${method} ${table.table_name}`,{requestId,userId,entity:table.table_name,method,reason:result.reason||"no reason provided",mode:isConsumerMode?idpUrl?"idp":"jwt":"local"});else if(result.scopeFilters||result.allowedFields||result.allowedRelations)authzLog.debug(`Allowed ${method} ${table.table_name} (restricted)`,{requestId,userId,entity:table.table_name,method,scopeFilters:result.scopeFilters,allowedFieldCount:result.allowedFields?.length,allowedRelations:result.allowedRelations})}return result},scopeConditionsFor=(authResult,resolveColumn)=>{if(!authEnabled||!authResult?.scopeFilters)return[];let{conditions,unresolvedFields}=buildScopeConditions(authResult.scopeFilters,resolveColumn);if(unresolvedFields.length>0)authzLog.error(`Scope references unknown column(s) on ${table.table_name}; failing closed (0 rows)`,{entity:table.table_name,unresolvedFields});return conditions},runAuthCheck=async(request,method,reqFields,reqRelations,entityName=table.table_name)=>{let userId=request.headers.get("x-user-id");if(!authEnabled||!userId)return null;if(isConsumerMode){let userClaims=decodeHeaderList(request.headers.get("x-user-claims")),userRoles=decodeHeaderList(request.headers.get("x-user-roles")),userClaimScopes=decodeClaimScopesHeader(request.headers.get("x-user-claim-scopes"));if(idpUrl&&authorization?.jwtClaimsMode==="resolve"){let accessToken=request.headers.get("x-access-token")||(request.headers.get("cookie")||"").match(/access_token=([^;]+)/)?.[1]||"";return checkAuthorizationViaIDP({idpUrl,accessToken,method,entity:entityName,requestedFields:reqFields,requestedRelations:reqRelations,logger:logger2})}return checkAuthorizationFromJWT({userClaims,userRoles,method,entity:entityName,requestedFields:reqFields,requestedRelations:reqRelations,logger:logger2,requireClaimSpecificity:authorization?.requireClaimSpecificity,claimScopes:userClaimScopes})}let reqCtx=getTableForRequest(request);return checkAuthorization({userId,method,entity:entityName,requestedFields:reqFields,requestedRelations:reqRelations,db:database,schemaTables:reqCtx.schemaTables,logger:logger2,requireClaimSpecificity:authorization?.requireClaimSpecificity,getUserData:async()=>{if(!database)return;let usersTbl=reqCtx.schemaTables[AUTHORIZATION_TABLE_KEYS.users];if(!usersTbl)return;let idCol2=usersTbl.id;if(!idCol2)return;return(await database.select().from(usersTbl).where(eq27(idCol2,userId)).limit(1))[0]}})},entityRoutes=new Elysia11({prefix:`/${tableName}`}),listLog=logger2.scoped("entity.list"),isRbacTable=tableName===AUTHORIZATION_TABLE_KEYS.roles||tableName===AUTHORIZATION_TABLE_KEYS.claims||tableName===AUTHORIZATION_TABLE_KEYS.userRoles||tableName===AUTHORIZATION_TABLE_KEYS.roleClaims;if(isRbacTable||isSensitiveSystemTable(tableName)){let denyMessage=isRbacTable?"Forbidden: managing roles and claims requires godmin privileges":`Forbidden: writing to '${tableName}' via the generic entity API requires godmin privileges \u2014 use the dedicated route`;entityRoutes.onBeforeHandle(async({request,set})=>{let method=request.method.toUpperCase();if(method==="GET"||method==="HEAD"||method==="OPTIONS")return;if(hasGodminRole(request))return;if(await userHasGodminRoleInDb(db,schemaTables,request.headers.get("x-user-id"),logger2))return;return set.status=403,{success:!1,message:denyMessage}})}if(!table.excluded_methods?.includes("GET"))entityRoutes.get("/",async(ctx)=>{if(!database)return{success:!1,message:"DB not initialized"};let{drizzleTable:drizzleTable2,resolveCol:resolveCol2,schemaRelations:schemaRelations2}=getTableForRequest(ctx.request),requestedFields=table.columns?.map((c)=>c.name),requestedRelations=Object.keys(schemaRelations2).filter((k)=>k.startsWith(`${tableName}Relations`)).map((k)=>k.replace("Relations","")),authResult=await performAuthCheck(ctx.request,"GET",requestedFields,requestedRelations);if(authResult&&!authResult.authorized)return ctx.set.status=403,{success:!1,message:authResult.reason||"Forbidden"};let fieldQueryable=(field)=>{if(isSensitiveOutputKey(field))return!1;if(authEnabled&&authResult?.allowedFields&&!authResult.allowedFields.includes(field))return!1;return!0},q=parseQueryParams(ctx.query),conditions=[];if(conditions.push(...scopeConditionsFor(authResult,resolveCol2)),q.search&&q.searchFields){for(let f of q.searchFields)if(!fieldQueryable(f.trim()))return ctx.set.status=403,{success:!1,message:`Cannot search on field: ${f.trim()}`};let searchConditions=q.searchFields.map((f)=>{let trimmed=f.trim(),col7=resolveCol2(trimmed);return col7?ilike(col7,`%${q.search}%`):null}).filter((c)=>c!==null);if(searchConditions.length>0){let orCondition=or2(...searchConditions);if(orCondition)conditions.push(orCondition)}}if(Array.isArray(q.filters))for(let filter of q.filters){for(let f of collectFilterFields(filter))if(!fieldQueryable(f))return ctx.set.status=403,{success:!1,message:`Cannot filter on field: ${f}`};let cond=buildFilterCondition(filter,resolveCol2);if(cond)conditions.push(cond)}let baseQuery=database.select().from(drizzleTable2);if(conditions.length>0){let combined=and12(...conditions);if(combined)baseQuery=baseQuery.where(combined)}if(q.sort&&q.sort.length>0){for(let s of q.sort)if(!fieldQueryable(s.field))return ctx.set.status=403,{success:!1,message:`Cannot sort on field: ${s.field}`};let orderClauses=q.sort.map((s)=>{let col7=resolveCol2(s.field);if(!col7)return null;return s.direction==="desc"?desc5(col7):asc(col7)}).filter((o)=>o!==null);if(orderClauses.length>0)baseQuery=baseQuery.orderBy(...orderClauses)}let page=q.page??1,limit=q.limit??20,offset=q.offset??(page-1)*limit,queryStart=performance.now(),combinedCount=conditions.length>0?and12(...conditions):void 0,countResult=await database.select({n:sql6`count(*)::int`}).from(drizzleTable2).where(combinedCount),totalItems=Number(countResult[0]?.n??0);baseQuery=baseQuery.limit(limit).offset(offset);let items=await baseQuery,meta=buildPaginationMeta(page,limit,offset,totalItems);if(listLog.debug(`List ${rawTableName}: ${items.length}/${totalItems} rows`,{requestId:ctx.request.headers.get("x-request-id")||void 0,table:rawTableName,page,limit,totalItems,returned:items.length,conditionCount:conditions.length,search:q.search||void 0,sort:Array.isArray(q.sort)?q.sort.map((s)=>`${s.field}:${s.direction}`):void 0,queryMs:Math.round(performance.now()-queryStart)}),authEnabled&&authResult?.allowedFields)items=filterResponseFields(items,authResult.allowedFields);return{success:!0,data:{items:items.map((r)=>redactSensitiveOutput(r)),meta}}},{detail:{tags:[swaggerTag],summary:`List ${tableName}`,description:`Get paginated list of ${tableName} records with filtering, sorting, and search`}}),entityRoutes.get("/:id",async(ctx)=>{let{drizzleTable:drizzleTable2,idCol:idCol2,schemaTables:schemaTables2,schemaRelations:schemaRelations2,resolveCol:resolveCol2}=getTableForRequest(ctx.request);if(!database||!idCol2)return{success:!1,message:"No id column or DB"};let params=ctx.params,q=parseQueryParams(ctx.query),requestedFields=table.columns?.map((c)=>c.name),requestedRelations=q.with?.map((w)=>w.name),authResult=await performAuthCheck(ctx.request,"GET",requestedFields,requestedRelations);if(authResult&&!authResult.authorized)return ctx.set.status=403,{success:!1,message:authResult.reason||"Forbidden"};let getScope=scopeConditionsFor(authResult,resolveCol2),getWhere=getScope.length>0?and12(eq27(idCol2,params.id),...getScope):eq27(idCol2,params.id);if(q.with&&q.with.length>0&&tableRelations&&dbPool){let allowedWith=authEnabled&&authResult?.allowedRelations?q.with.filter((w)=>authResult.allowedRelations?.includes(w.name)??!1):q.with,dbWithRelations=drizzle(dbPool,{schema:{...schemaTables2,...schemaRelations2}}),withClause={};for(let rel of allowedWith){let targetTable=relationTargetTable[rel.name],relAuth=authEnabled&&targetTable?await runAuthCheck(ctx.request,"GET",void 0,void 0,targetTable):null,decision=decideRelationExpansion({authEnabled,targetTable,relAuth,isTargetPublicGet:targetTable?publicGetEntities.has(targetTable):!1});if(!decision.expand)continue;let relScope=decision.scope;if(relScope&&Object.keys(relScope).length>0)withClause[rel.name]={...rel.limit?{limit:rel.limit}:{},where:(fields,ops)=>{let preds=[],unresolved=!1;for(let[k,v]of Object.entries(relScope)){let col7=resolveRelationScopeColumn(fields,k,snakeToCamel4);if(col7)preds.push(ops.eq(col7,v));else unresolved=!0}if(unresolved)return sql6`1 = 0`;return preds.length>0?ops.and(...preds):void 0}};else withClause[rel.name]=rel.limit?{limit:rel.limit}:!0}let result2=await dbWithRelations.query[tableName]?.findFirst({where:getWhere,with:withClause});if(authEnabled&&authResult?.allowedFields&&result2)result2=filterResponseFields(result2,[...authResult.allowedFields,...authResult.allowedRelations??[]]);if(authEnabled&&authResult?.allowedRelations&&result2)result2=filterResponseRelations(result2,authResult.allowedRelations);return{success:!0,data:redactSensitiveOutput(result2||null)}}let result=(await database.select().from(drizzleTable2).where(getWhere))[0]||null;if(authEnabled&&authResult?.allowedFields&&result)result=filterResponseFields(result,authResult.allowedFields);return{success:!0,data:redactSensitiveOutput(result)}},{detail:{tags:[swaggerTag],summary:`Get ${tableName} by ID`,description:`Get a single ${tableName} record by its ID with optional relations`}}),entityRoutes.get("/distinct/:field",async(ctx)=>{let{drizzleTable:drizzleTable2,resolveCol:resolveCol2}=getTableForRequest(ctx.request);if(!database)return{success:!1,message:"DB not initialized"};let params=ctx.params,authResult=await performAuthCheck(ctx.request,"GET",[params.field],[]);if(authResult&&!authResult.authorized)return ctx.set.status=403,{success:!1,message:authResult.reason||"Forbidden"};if(authEnabled&&authResult?.allowedFields&&!authResult.allowedFields.includes(params.field))return ctx.set.status=403,{success:!1,message:"Forbidden: field not permitted"};if(isSensitiveOutputKey(params.field))return ctx.set.status=403,{success:!1,message:"Forbidden: field not permitted"};let col7=resolveCol2(params.field);if(!col7)return{success:!1,message:"Field not found"};let distinctScope=scopeConditionsFor(authResult,resolveCol2),distinctQuery=database.selectDistinct({value:col7}).from(drizzleTable2);return{success:!0,data:distinctScope.length>0?await distinctQuery.where(and12(...distinctScope)):await distinctQuery}},{detail:{tags:[swaggerTag],summary:`Get distinct ${tableName} values`,description:`Get distinct values for a specific field in ${tableName}`}});if(!table.excluded_methods?.includes("POST"))if(table.is_form_data&&storageConfig.enabled)entityRoutes.post("/",async(ctx)=>{let{drizzleTable:drizzleTable2,resolveCol:resolveCol2}=getTableForRequest(ctx.request);if(!database)return{success:!1,message:"DB not initialized"};let userId=ctx.request.headers.get("x-user-id"),postFormAuthResult=await performAuthCheck(ctx.request,"POST",writeFields);if(postFormAuthResult&&!postFormAuthResult.authorized)return ctx.set.status=403,{success:!1,message:postFormAuthResult.reason||"Forbidden"};let{data,files}=parseFormDataBody(ctx.body,storageConfig),payload=data,uploadedFiles=null;if(files.length>0){if(uploadedFiles=await uploadFiles(files,storageConfig,table.table_name),uploadedFiles.failed.length>0&&uploadedFiles.success.length===0)return{success:!1,message:"File upload failed",errors:uploadedFiles.failed}}let mergeUploadedMetadata=()=>{let firstFile=uploadedFiles?.success[0];if(firstFile)payload={...payload,...buildFileRecordPayload(firstFile,userId)}};if(table.columns)payload=sanitizePayload(payload,table.columns,{isFormData:table.is_form_data===!0}),payload=filterWritePayload(payload,postFormAuthResult),mergeUploadedMetadata();else mergeUploadedMetadata();let scopedForm=forceCreateScope(payload,postFormAuthResult,resolveCol2);if(!scopedForm.ok)return ctx.set.status=403,{success:!1,message:`Forbidden: ownership scope references a column '${scopedForm.field}' this entity does not have`};if(table.columns){let validation=validatePayload(payload,table.columns,!1);if(!validation.valid)return{success:!1,message:"Validation failed",errors:validation.errors}}if(userId)payload.createdBy=userId;let result=await database.insert(drizzleTable2).values(payload).returning();{let reqUrl=new URL(ctx.request.url);logger2.audit({entityName:table.table_name,entityId:String(result[0]?.id??""),operation:"CREATE",userId:userId||void 0,summary:`Created ${table.table_name}`,newValues:result[0],ipAddress:ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||ctx.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:ctx.request.headers.get("user-agent")||"unknown",path:reqUrl.pathname,query:reqUrl.search})}return{success:!0,data:redactSensitiveOutput(result[0])}},{type:"formdata",body:t9.Object({[storageConfig.formData.dataField]:t9.Optional(t9.Union([t9.String(),t9.Any()])),[storageConfig.formData.filesField]:t9.Optional(t9.Union([t9.File(),t9.Array(t9.File())]))}),detail:{tags:[swaggerTag],summary:`Create ${tableName} with files`,description:`Create a new ${tableName} record with file upload support`}});else entityRoutes.post("/",async(ctx)=>{let{drizzleTable:drizzleTable2,schemaTables:schemaTables2,resolveCol:resolveCol2}=getTableForRequest(ctx.request);if(!database)return{success:!1,message:"DB not initialized"};let payload=ctx.body,userId=ctx.request.headers.get("x-user-id"),postAuthResult=await performAuthCheck(ctx.request,"POST",writeFields);if(postAuthResult&&!postAuthResult.authorized)return ctx.set.status=403,{success:!1,message:postAuthResult.reason||"Forbidden"};if(table.columns)payload=sanitizePayload(payload,table.columns,{isFormData:table.is_form_data===!0}),payload=filterWritePayload(payload,postAuthResult);let scoped2=forceCreateScope(payload,postAuthResult,resolveCol2);if(!scoped2.ok)return ctx.set.status=403,{success:!1,message:`Forbidden: ownership scope references a column '${scoped2.field}' this entity does not have`};if(table.columns){let validation=validatePayload(payload,table.columns,!1);if(!validation.valid)return{success:!1,message:"Validation failed",errors:validation.errors}}if(userId)payload.createdBy=userId;if(tableName===AUTHORIZATION_TABLE_KEYS.userRoles&&payload.userId&&payload.roleId){let cols=drizzleTable2,existing=await database.select().from(drizzleTable2).where(and12(eq27(cols.userId,payload.userId),eq27(cols.roleId,payload.roleId))).limit(1);if(existing.length>0)return{success:!0,data:existing[0]}}let result=await database.insert(drizzleTable2).values(payload).returning();if(tableName===AUTHORIZATION_TABLE_KEYS.roleClaims&&config.claimsCache)config.claimsCache.invalidate().catch(()=>{});if(tableName===AUTHORIZATION_TABLE_KEYS.userRoles&&payload.roleId&&payload.userId)try{let rolesTable=schemaTables2[AUTHORIZATION_TABLE_KEYS.roles],usersTable=schemaTables2[AUTHORIZATION_TABLE_KEYS.users];if(rolesTable&&usersTable){if((await database.select().from(rolesTable).where(eq27(rolesTable.id,payload.roleId)).limit(1))[0]?.name===GODMIN_ROLE_NAME)await database.update(usersTable).set({isGod:!0}).where(eq27(usersTable.id,payload.userId))}}catch(_e){logger2.warn("[Entity] Failed to sync is_god flag on userRole create")}{let reqUrl=new URL(ctx.request.url);logger2.audit({entityName:table.table_name,entityId:String(result[0]?.id??""),operation:"CREATE",userId:userId||void 0,summary:`Created ${table.table_name}`,newValues:result[0],ipAddress:ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||ctx.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:ctx.request.headers.get("user-agent")||"unknown",path:reqUrl.pathname,query:reqUrl.search})}return{success:!0,data:redactSensitiveOutput(result[0])}},{body:t9.Object({},{additionalProperties:!0}),detail:{tags:[swaggerTag],summary:`Create ${tableName}`,description:`Create a new ${tableName} record`}});if(!table.excluded_methods?.includes("PUT"))if(table.is_form_data&&storageConfig.enabled)entityRoutes.put("/:id",async(ctx)=>{let{drizzleTable:drizzleTable2,idCol:idCol2,resolveCol:resolveCol2}=getTableForRequest(ctx.request);if(!database||!idCol2)return{success:!1,message:"No id column or DB"};let params=ctx.params,userId=ctx.request.headers.get("x-user-id"),putFormAuthResult=await performAuthCheck(ctx.request,"PUT",writeFields);if(putFormAuthResult&&!putFormAuthResult.authorized)return ctx.set.status=403,{success:!1,message:putFormAuthResult.reason||"Forbidden"};let putFormScope=scopeConditionsFor(putFormAuthResult,resolveCol2),putFormWhere=putFormScope.length>0?and12(eq27(idCol2,params.id),...putFormScope):eq27(idCol2,params.id),{data,files}=parseFormDataBody(ctx.body,storageConfig),payload=data,oldRecord=await database.select().from(drizzleTable2).where(putFormWhere).limit(1);if(putFormScope.length>0&&oldRecord.length===0)return ctx.set.status=403,{success:!1,message:"Forbidden"};if(table.columns){payload=sanitizePayload(payload,table.columns,{isFormData:table.is_form_data===!0}),payload=filterWritePayload(payload,putFormAuthResult);let validation=validatePayload(payload,table.columns,!1);if(!validation.valid)return{success:!1,message:"Validation failed",errors:validation.errors}}let uploadedFiles=null;if(files.length>0)uploadedFiles=await uploadFiles(files,storageConfig,table.table_name);let result=await database.update(drizzleTable2).set(payload).where(putFormWhere).returning();{let reqUrl=new URL(ctx.request.url);logger2.audit({entityName:table.table_name,entityId:params.id,operation:"UPDATE",userId:userId||void 0,summary:`Updated ${table.table_name} (${params.id})`,oldValues:oldRecord[0],newValues:result[0],ipAddress:ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||ctx.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:ctx.request.headers.get("user-agent")||"unknown",path:reqUrl.pathname,query:reqUrl.search})}return{success:!0,data:{record:result[0],files:uploadedFiles?.success||[],fileErrors:uploadedFiles?.failed||[]}}},{type:"formdata",body:t9.Object({[storageConfig.formData.dataField]:t9.Optional(t9.Union([t9.String(),t9.Any()])),[storageConfig.formData.filesField]:t9.Optional(t9.Union([t9.File(),t9.Array(t9.File())]))}),detail:{tags:[swaggerTag],summary:`Update ${tableName} with files`,description:`Full update of ${tableName} record with file upload support`}});else entityRoutes.put("/:id",async(ctx)=>{let{drizzleTable:drizzleTable2,idCol:idCol2,resolveCol:resolveCol2}=getTableForRequest(ctx.request);if(!database||!idCol2)return{success:!1,message:"No id column or DB"};let{params,body:payload}=ctx,userId=ctx.request.headers.get("x-user-id"),putAuthResult=await performAuthCheck(ctx.request,"PUT",writeFields);if(putAuthResult&&!putAuthResult.authorized)return ctx.set.status=403,{success:!1,message:putAuthResult.reason||"Forbidden"};let putScope=scopeConditionsFor(putAuthResult,resolveCol2),putWhere=putScope.length>0?and12(eq27(idCol2,params.id),...putScope):eq27(idCol2,params.id),oldRecord=await database.select().from(drizzleTable2).where(putWhere).limit(1);if(putScope.length>0&&oldRecord.length===0)return ctx.set.status=403,{success:!1,message:"Forbidden"};if(table.columns){payload=sanitizePayload(payload,table.columns,{isFormData:table.is_form_data===!0}),payload=filterWritePayload(payload,putAuthResult);let validation=validatePayload(payload,table.columns,!1);if(!validation.valid)return{success:!1,message:"Validation failed",errors:validation.errors}}if(payload.updatedAt=new Date,userId)payload.updatedBy=userId;let result=await database.update(drizzleTable2).set(payload).where(putWhere).returning();{let reqUrl=new URL(ctx.request.url);logger2.audit({entityName:table.table_name,entityId:params.id,operation:"UPDATE",userId:userId||void 0,summary:`Updated ${table.table_name} (${params.id})`,oldValues:oldRecord[0],newValues:result[0],ipAddress:ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||ctx.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:ctx.request.headers.get("user-agent")||"unknown",path:reqUrl.pathname,query:reqUrl.search})}return{success:!0,data:redactSensitiveOutput(result[0])}},{body:t9.Object({},{additionalProperties:!0}),detail:{tags:[swaggerTag],summary:`Update ${tableName}`,description:`Full update of ${tableName} record`}});if(!table.excluded_methods?.includes("PATCH"))entityRoutes.patch("/:id",async(ctx)=>{let{drizzleTable:drizzleTable2,idCol:idCol2,resolveCol:resolveCol2}=getTableForRequest(ctx.request);if(!database||!idCol2)return{success:!1,message:"No id column or DB"};let{params,body:payload}=ctx,userId=ctx.request.headers.get("x-user-id"),patchAuthResult=await performAuthCheck(ctx.request,"PATCH",writeFields);if(patchAuthResult&&!patchAuthResult.authorized)return ctx.set.status=403,{success:!1,message:patchAuthResult.reason||"Forbidden"};let patchScope=scopeConditionsFor(patchAuthResult,resolveCol2),patchWhere=patchScope.length>0?and12(eq27(idCol2,params.id),...patchScope):eq27(idCol2,params.id),oldRecord=await database.select().from(drizzleTable2).where(patchWhere).limit(1);if(patchScope.length>0&&oldRecord.length===0)return ctx.set.status=403,{success:!1,message:"Forbidden"};if(table.columns){payload=sanitizePayload(payload,table.columns,{isFormData:table.is_form_data===!0}),payload=filterWritePayload(payload,patchAuthResult);let validation=validatePayload(payload,table.columns,!0);if(!validation.valid)return{success:!1,message:"Validation failed",errors:validation.errors}}if(payload.updatedAt=new Date,userId)payload.updatedBy=userId;let result=await database.update(drizzleTable2).set(payload).where(patchWhere).returning();{let reqUrl=new URL(ctx.request.url);logger2.audit({entityName:table.table_name,entityId:params.id,operation:"PATCH",userId:userId||void 0,summary:`Patched ${table.table_name} (${params.id})`,oldValues:oldRecord[0],newValues:result[0],ipAddress:ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||ctx.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:ctx.request.headers.get("user-agent")||"unknown",path:reqUrl.pathname,query:reqUrl.search})}return{success:!0,data:redactSensitiveOutput(result[0])}},{body:t9.Object({},{additionalProperties:!0}),detail:{tags:[swaggerTag],summary:`Patch ${tableName}`,description:`Partial update of ${tableName} record`}});if(!table.excluded_methods?.includes("DELETE"))entityRoutes.delete("/:id",async(ctx)=>{let{drizzleTable:drizzleTable2,idCol:idCol2,schemaTables:schemaTables2,resolveCol:resolveCol2}=getTableForRequest(ctx.request);if(!database||!idCol2)return{success:!1,message:"No id column or DB"};let params=ctx.params,userId=ctx.request.headers.get("x-user-id"),deleteAuthResult=await performAuthCheck(ctx.request,"DELETE");if(deleteAuthResult&&!deleteAuthResult.authorized)return ctx.set.status=403,{success:!1,message:deleteAuthResult.reason||"Forbidden"};let deleteScope=scopeConditionsFor(deleteAuthResult,resolveCol2),deleteWhere=deleteScope.length>0?and12(eq27(idCol2,params.id),...deleteScope):eq27(idCol2,params.id),oldRecord=await database.select().from(drizzleTable2).where(deleteWhere).limit(1);if(deleteScope.length>0&&oldRecord.length===0)return ctx.set.status=403,{success:!1,message:"Forbidden"};if(await database.delete(drizzleTable2).where(deleteWhere),table.is_form_data&&storageConfig.enabled&&oldRecord[0]){let rec=oldRecord[0],filePath=rec.path,fileName=rec.name;if(typeof filePath==="string"&&typeof fileName==="string"){if(!await deleteFile(filePath,fileName,storageConfig.basePath))logger2.warn(`[Entity] Blob cleanup failed for ${table.table_name} (${params.id})`)}}if(tableName===AUTHORIZATION_TABLE_KEYS.roleClaims&&config.claimsCache)config.claimsCache.invalidate().catch(()=>{});if(tableName===AUTHORIZATION_TABLE_KEYS.userRoles&&oldRecord[0])try{let deletedUserRole=oldRecord[0],rolesTable=schemaTables2[AUTHORIZATION_TABLE_KEYS.roles],usersTable=schemaTables2[AUTHORIZATION_TABLE_KEYS.users];if(rolesTable&&usersTable&&deletedUserRole.roleId&&deletedUserRole.userId){if((await database.select().from(rolesTable).where(eq27(rolesTable.id,deletedUserRole.roleId)).limit(1))[0]?.name===GODMIN_ROLE_NAME)await database.update(usersTable).set({isGod:!1}).where(eq27(usersTable.id,deletedUserRole.userId))}}catch(_e){logger2.warn("[Entity] Failed to sync is_god flag on userRole delete")}{let reqUrl=new URL(ctx.request.url);logger2.audit({entityName:table.table_name,entityId:params.id,operation:"DELETE",userId:userId||void 0,summary:`Deleted ${table.table_name} (${params.id})`,oldValues:oldRecord[0],ipAddress:ctx.request.headers.get("x-forwarded-for")?.split(",")[0]?.trim()||ctx.request.headers.get("x-real-ip")?.trim()||"unknown",userAgent:ctx.request.headers.get("user-agent")||"unknown",path:reqUrl.pathname,query:reqUrl.search})}return{success:!0,data:null}},{detail:{tags:[swaggerTag],summary:`Delete ${tableName}`,description:`Delete a ${tableName} record`}});if(table.bulk_endpoints_enabled){if(!table.excluded_methods?.includes("POST"))entityRoutes.post("/bulk",async(ctx)=>{let{drizzleTable:drizzleTable2,resolveCol:resolveCol2}=getTableForRequest(ctx.request);if(!database)return{success:!1,message:"DB not initialized"};let items=ctx.body;if(!Array.isArray(items))return{success:!1,message:"Body must be an array"};if(items.length>MAX_BULK_ITEMS)return ctx.set.status=400,{success:!1,message:`Bulk request exceeds ${MAX_BULK_ITEMS} items`};let userId=ctx.request.headers.get("x-user-id"),bulkPostAuth=await performAuthCheck(ctx.request,"POST",writeFields);if(bulkPostAuth&&!bulkPostAuth.authorized)return ctx.set.status=403,{success:!1,message:bulkPostAuth.reason||"Forbidden"};try{let sanitizedItems=[];for(let raw of items){let payload=raw;if(table.columns)payload=sanitizePayload(payload,table.columns,{isFormData:table.is_form_data===!0}),payload=filterWritePayload(payload,bulkPostAuth);let scopedItem=forceCreateScope(payload,bulkPostAuth,resolveCol2);if(!scopedItem.ok)return ctx.set.status=403,{success:!1,message:`Forbidden: ownership scope references a column '${scopedItem.field}' this entity does not have`};if(table.columns){let validation=validatePayload(payload,table.columns,!1);if(!validation.valid)return{success:!1,message:"Validation failed",errors:validation.errors}}if(userId)payload.createdBy=userId;sanitizedItems.push(payload)}return{success:!0,data:await database.transaction(async(tx)=>{let results=[];for(let payload of sanitizedItems){let result=await tx.insert(drizzleTable2).values(payload).returning();results.push(result[0])}return results})}}catch(error){return{success:!1,message:error instanceof Error?error.message:"Transaction failed"}}},{body:t9.Array(t9.Object({},{additionalProperties:!0})),detail:{tags:[swaggerTag],summary:`Bulk create ${tableName}`,description:`Create multiple ${tableName} records`}});if(!table.excluded_methods?.includes("PUT"))entityRoutes.put("/bulk",async(ctx)=>{let{drizzleTable:drizzleTable2,idCol:idCol2,resolveCol:resolveCol2}=getTableForRequest(ctx.request);if(!database||!idCol2)return{success:!1,message:"No id column or DB"};let items=ctx.body;if(!Array.isArray(items))return{success:!1,message:"Body must be an array"};if(items.length>MAX_BULK_ITEMS)return ctx.set.status=400,{success:!1,message:`Bulk request exceeds ${MAX_BULK_ITEMS} items`};let userId=ctx.request.headers.get("x-user-id"),bulkPutAuth=await performAuthCheck(ctx.request,"PUT",writeFields);if(bulkPutAuth&&!bulkPutAuth.authorized)return ctx.set.status=403,{success:!1,message:bulkPutAuth.reason||"Forbidden"};let bulkPutScope=scopeConditionsFor(bulkPutAuth,resolveCol2);try{return{success:!0,data:await database.transaction(async(tx)=>{let results=[];for(let item of items){let payload=item.data;if(table.columns){payload=sanitizePayload(payload,table.columns,{isFormData:table.is_form_data===!0}),payload=filterWritePayload(payload,bulkPutAuth);let validation=validatePayload(payload,table.columns,!0);if(!validation.valid)return{success:!1,message:"Validation failed",errors:validation.errors}}if(payload.updatedAt=new Date,userId)payload.updatedBy=userId;let result=await tx.update(drizzleTable2).set(payload).where(bulkPutScope.length>0?and12(eq27(idCol2,item.id),...bulkPutScope):eq27(idCol2,item.id)).returning();if(result[0])results.push(result[0])}return results})}}catch(error){return{success:!1,message:error instanceof Error?error.message:"Transaction failed"}}},{body:bulkUpdateSchema,detail:{tags:[swaggerTag],summary:`Bulk update ${tableName}`,description:`Update multiple ${tableName} records`}});if(!table.excluded_methods?.includes("DELETE"))entityRoutes.delete("/bulk",async(ctx)=>{let{drizzleTable:drizzleTable2,idCol:idCol2,resolveCol:resolveCol2}=getTableForRequest(ctx.request);if(!database||!idCol2)return{success:!1,message:"No id column or DB"};let ids=ctx.body;if(!Array.isArray(ids))return{success:!1,message:"Body must be an array of ids"};if(ids.length>MAX_BULK_ITEMS)return ctx.set.status=400,{success:!1,message:`Bulk request exceeds ${MAX_BULK_ITEMS} items`};let bulkDeleteAuth=await performAuthCheck(ctx.request,"DELETE");if(bulkDeleteAuth&&!bulkDeleteAuth.authorized)return ctx.set.status=403,{success:!1,message:bulkDeleteAuth.reason||"Forbidden"};let bulkDeleteScope=scopeConditionsFor(bulkDeleteAuth,resolveCol2);try{let deleted=0;return await database.transaction(async(tx)=>{for(let id of ids){let r=await tx.delete(drizzleTable2).where(bulkDeleteScope.length>0?and12(eq27(idCol2,id),...bulkDeleteScope):eq27(idCol2,id)).returning();deleted+=r.length}}),{success:!0,data:{deleted}}}catch(error){return{success:!1,message:error instanceof Error?error.message:"Transaction failed"}}},{body:bulkDeleteSchema,detail:{tags:[swaggerTag],summary:`Bulk delete ${tableName}`,description:`Delete multiple ${tableName} records`}})}app.use(entityRoutes)}return app}init_adminGuard();import Elysia12,{t as t10}from"elysia";function parseTimeToMs2(time2){let match=time2.match(/^(\d+)(ms|s|m|h)$/);if(!match||!match[1]||!match[2])return 5000;let value=parseInt(match[1],10);switch(match[2]){case"ms":return value;case"s":return value*1000;case"m":return value*60*1000;case"h":return value*60*60*1000;default:return 5000}}function createMonitoringRoutes(config){let{monitoringService,logger:logger2,endpoints,db,schemaTables}=config,plugin=new Elysia12({prefix:endpoints.basePath});if(plugin.onBeforeHandle(createGodminGuard({db:db??null,schemaTables:schemaTables??{},logger:logger2},"monitoring")),!endpoints.enabled)return plugin;if(endpoints.stream.enabled)plugin.get(endpoints.stream.path,async function*({request}){logger2.info("[Monitoring] SSE stream connected");let intervalMs=parseTimeToMs2(endpoints.stream.interval),isConnected=!0;request.signal.addEventListener("abort",()=>{isConnected=!1,logger2.info("[Monitoring] SSE stream disconnected")});let initialSnapshot=await monitoringService.getLatestSnapshot();if(initialSnapshot)yield{event:"snapshot",data:JSON.stringify(initialSnapshot)};while(isConnected){if(await new Promise((resolve2)=>setTimeout(resolve2,intervalMs)),!isConnected)break;let snapshot=await monitoringService.getLatestSnapshot();if(snapshot)yield{event:"snapshot",data:JSON.stringify(snapshot)};let alerts=monitoringService.getActiveAlerts();if(alerts.length>0)yield{event:"alerts",data:JSON.stringify(alerts)}}},{detail:{tags:["Monitoring"],summary:"Stream real-time monitoring data",description:"Server-Sent Events stream for real-time monitoring metrics"}});if(endpoints.snapshot.enabled)plugin.get(endpoints.snapshot.path,async()=>{let snapshot=await monitoringService.getLatestSnapshot();if(!snapshot)return{isSuccess:!1,message:"No monitoring data available",data:null};return{isSuccess:!0,message:"Current monitoring snapshot",data:snapshot}},{detail:{tags:["Monitoring"],summary:"Get current monitoring snapshot",description:"Returns the latest monitoring metrics snapshot"}});if(endpoints.history.enabled)plugin.get(endpoints.history.path,async({query})=>{let minutes=Math.min(query.minutes?parseInt(String(query.minutes),10):60,endpoints.history.maxMinutes),history=await monitoringService.getHistory(minutes);return{isSuccess:!0,message:`Monitoring history for last ${minutes} minutes`,data:{minutes,count:history.length,snapshots:history}}},{query:t10.Object({minutes:t10.Optional(t10.Numeric())}),detail:{tags:["Monitoring"],summary:"Get monitoring history",description:"Returns historical monitoring data for the specified time range"}});if(endpoints.alerts.enabled)plugin.get(endpoints.alerts.path,()=>{let alerts=monitoringService.getActiveAlerts();return{isSuccess:!0,message:"Active alerts",data:{count:alerts.length,alerts}}},{detail:{tags:["Monitoring"],summary:"Get active alerts",description:"Returns all currently active monitoring alerts"}}),plugin.post(`${endpoints.alerts.path}/:alertId/acknowledge`,({params})=>{if(!monitoringService.acknowledgeAlert(params.alertId))return{isSuccess:!1,message:"Alert not found",data:null};return{isSuccess:!0,message:"Alert acknowledged",data:{alertId:params.alertId}}},{params:t10.Object({alertId:t10.String()}),detail:{tags:["Monitoring"],summary:"Acknowledge an alert",description:"Mark an alert as acknowledged"}});return logger2.info(`[Monitoring] Routes enabled at ${endpoints.basePath} (stream: ${endpoints.stream.enabled}, snapshot: ${endpoints.snapshot.enabled}, history: ${endpoints.history.enabled}, alerts: ${endpoints.alerts.enabled})`),plugin}init_adminGuard();import Elysia13,{t as t11}from"elysia";var STREAM_HEADERS={"Content-Type":"text/event-stream; charset=utf-8","Cache-Control":"no-cache, no-transform",Connection:"keep-alive"},textEncoder=new TextEncoder,encodeEvent=(event,data)=>{let payload=typeof data==="string"?data:JSON.stringify(data);return textEncoder.encode(`event: ${event}
529
529
  data: ${payload}
530
530