opalserve 3.1.0 → 3.1.1

package/README.md

@@ -22,16 +22,16 @@
 
 ## Feature Highlights
 
-| | Feature | Description |
-|---|---|---|
-| :books: | **Team MCP Registry** | Admin registers servers once; every developer pulls them with `opalserve sync` |
-| :brain: | **Shared Knowledge Base** | Upload architecture docs, coding standards, and API specs -- AI tools query them automatically via MCP |
-| :bar_chart: | **Usage Analytics Dashboard** | React SPA showing tool calls, token usage, active users, and error rates in real time |
-| :lock: | **Auth & Access Control** | User accounts, JWT tokens, API keys, rate limits, and per-role tool permissions |
-| :electric_plug: | **GitHub + Slack Integrations** | Webhooks auto-update context; Slack slash commands for search and notifications |
-| :globe_with_meridians: | **MCP Gateway** | OpalServe itself is an MCP server -- connect any AI client to access every tool from one endpoint |
-| :art: | **Beautiful CLI** | Interactive setup wizard, gradient banners, color-coded tables, 20+ commands |
-| :seedling: | **100% Open Source** | MIT licensed, self-host for free, no vendor lock-in |
+| | Feature | Status | Description |
+|---|---|---|---|
+| :books: | **Team MCP Registry** | ✅ Stable | Admin registers servers once; every developer pulls them with `opalserve sync` |
+| :brain: | **Shared Knowledge Base** | ⚙️ Keyword search today; semantic graph (Graphiti) lands in v3.3 | Upload docs, search via the `opalserve_search` MCP tool from any connected client |
+| :bar_chart: | **Usage Analytics Dashboard** | 🚧 Dashboard ships; live event ingestion lands in v3.3 | React SPA renders the analytics surface; full event capture is the v3.3 milestone |
+| :lock: | **Auth & Access Control** | ✅ Stable (v3.1.1 hardened) | User accounts (scrypt-hashed), HMAC-secured API keys, per-IP/key rate limits. Per-role tool-permission enforcement targets v3.3 |
+| :electric_plug: | **GitHub + Slack Integrations** | ⚙️ Webhook handlers ship; signature verification lands in v3.2 | Webhooks accept events; Slack slash command returns search results |
+| :globe_with_meridians: | **MCP Gateway** | ✅ Stable (stdio); SSE/HTTP transports targeted for v3.3 | OpalServe is itself an MCP server — connect any MCP client over stdio today |
+| :art: | **Beautiful CLI** | ✅ Stable | Interactive setup wizard, gradient banners, color-coded tables, 20+ commands |
+| :seedling: | **100% Open Source** | ✅ Stable | MIT licensed, self-host for free, no vendor lock-in |
 
 ---
 
@@ -78,11 +78,11 @@
 
 ---
 
-## Quick Start
-
-```bash
-# 1. Install globally
-npm install -g opalserve
+## Quick Start
+
+```bash
+# 1. Install globally
+npm install -g opalserve
 
 # 2. Run the interactive setup wizard
 opalserve init
@@ -94,35 +94,43 @@ opalserve start
 opalserve server add --name files --stdio "npx -y @modelcontextprotocol/server-filesystem ."
 
 # 5. Discover available tools
-opalserve tools search "read file"
-```
-
-> **Tip:** OpalServe runs on port **3456** by default. The dashboard ships inside the npm package and is served from `http://localhost:3456/dashboard` after starting.
-
-## Trust Check
-
-OpalServe 3.1.0 is the trust-launch release: runtime versions, package metadata, docs, CI, and dashboard packaging are aligned so the install path matches the README.
-
-```bash
-opalserve --version
-# 3.1.0
-
-opalserve start
-# HTTP API  http://127.0.0.1:3456
-# Dashboard http://127.0.0.1:3456/dashboard
-```
-
-For source builds, the same release checks are used locally and in CI:
-
-```bash
-pnpm typecheck
-pnpm lint
-pnpm test
-pnpm build
-pnpm pack --dry-run
-```
-
----
+opalserve tools search "read file"
+```
+
+> **Tip:** OpalServe runs on port **3456** by default. The dashboard ships inside the npm package and is served from `http://localhost:3456/dashboard` after starting.
+
+## Trust Check
+
+OpalServe 3.1.1 — the **Trust Patch** — hardens the auth and HTTP surface:
+
+- **API keys** now use HMAC-SHA256 with a per-installation server secret (was unsalted SHA-256). Legacy keys are rehashed transparently on first use.
+- **Auth bypass** (env-var fallback that silently disabled auth in non-team mode) removed. The registry's mode is now the single source of truth.
+- **Zod validation** is enforced on every HTTP route. Raw `request.body as { ... }` casts are gone.
+- **Rate limiting** via `@fastify/rate-limit`: 200 req/min global per IP/key; 10 req/min on `/auth/register` and `/auth/login`.
+- **Helmet** wired into Fastify (not just the Vercel docs layer); CORS narrowed from wildcard ports to a strict regex with optional allowlist via `OPALSERVE_CORS_ORIGINS`.
+
+Disclosure policy: see [SECURITY.md](SECURITY.md).
+
+```bash
+opalserve --version
+# 3.1.0
+
+opalserve start
+# HTTP API  http://127.0.0.1:3456
+# Dashboard http://127.0.0.1:3456/dashboard
+```
+
+For source builds, the same release checks are used locally and in CI:
+
+```bash
+pnpm typecheck
+pnpm lint
+pnpm test
+pnpm build
+pnpm pack --dry-run
+```
+
+---
 
 ## Team Mode Setup
 

package/dist/auth/api-keys.d.ts

@@ -1,7 +1,15 @@
+import type { Database } from '../storage/database.js';
 export declare function generateApiKey(): {
     key: string;
     keyHash: string;
     keyPrefix: string;
 };
 export declare function hashApiKey(key: string): string;
+export declare function safeEqualHex(a: string, b: string): boolean;
+export interface ApiKeyLookupResult {
+    id: string;
+    user_id: string;
+    expires_at: string | null;
+}
+export declare function lookupApiKey(db: Database, presentedKey: string): ApiKeyLookupResult | null;
 //# sourceMappingURL=api-keys.d.ts.map

package/dist/auth/api-keys.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"api-keys.d.ts","sourceRoot":"","sources":["../../src/auth/api-keys.ts"],"names":[],"mappings":"AAEA,wBAAgB,cAAc,IAAI;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAMpF;AAED,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE9C"}
+{"version":3,"file":"api-keys.d.ts","sourceRoot":"","sources":["../../src/auth/api-keys.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAkCvD,wBAAgB,cAAc,IAAI;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAMpF;AAED,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE9C;AAMD,wBAAgB,YAAY,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAO1D;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED,wBAAgB,YAAY,CAAC,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,GAAG,kBAAkB,GAAG,IAAI,CAkB1F"}

package/dist/auth/api-keys.js

@@ -1,12 +1,72 @@
-import { randomBytes, createHash } from 'node:crypto';
+import { randomBytes, createHash, createHmac, timingSafeEqual } from 'node:crypto';
+import { existsSync, readFileSync, writeFileSync, mkdirSync, chmodSync } from 'node:fs';
+import { dirname } from 'node:path';
+import { getApiKeySecretPath } from '../config/defaults.js';
+let cachedSecret = null;
+function getServerSecret() {
+    if (cachedSecret)
+        return cachedSecret;
+    const fromEnv = process.env.OPALSERVE_API_KEY_SECRET;
+    if (fromEnv) {
+        if (!/^[0-9a-f]{64}$/i.test(fromEnv)) {
+            throw new Error('OPALSERVE_API_KEY_SECRET must be a 64-character hex string (256 bits)');
+        }
+        cachedSecret = Buffer.from(fromEnv, 'hex');
+        return cachedSecret;
+    }
+    const path = getApiKeySecretPath();
+    if (existsSync(path)) {
+        const content = readFileSync(path, 'utf8').trim();
+        if (!/^[0-9a-f]{64}$/i.test(content)) {
+            throw new Error(`Invalid API key secret in ${path}; expected 64 hex chars`);
+        }
+        cachedSecret = Buffer.from(content, 'hex');
+        return cachedSecret;
+    }
+    const secret = randomBytes(32);
+    mkdirSync(dirname(path), { recursive: true });
+    writeFileSync(path, secret.toString('hex'), { mode: 0o600 });
+    try {
+        chmodSync(path, 0o600);
+    }
+    catch { /* Windows lacks chmod semantics */ }
+    cachedSecret = secret;
+    return cachedSecret;
+}
 export function generateApiKey() {
-    const random = randomBytes(16).toString('hex'); // 32 hex chars
+    const random = randomBytes(16).toString('hex');
     const key = `opal_${random}`;
     const keyHash = hashApiKey(key);
     const keyPrefix = key.slice(0, 8);
     return { key, keyHash, keyPrefix };
 }
 export function hashApiKey(key) {
+    return createHmac('sha256', getServerSecret()).update(key).digest('hex');
+}
+function legacyHashApiKey(key) {
     return createHash('sha256').update(key).digest('hex');
 }
+export function safeEqualHex(a, b) {
+    if (a.length !== b.length)
+        return false;
+    try {
+        return timingSafeEqual(Buffer.from(a, 'hex'), Buffer.from(b, 'hex'));
+    }
+    catch {
+        return false;
+    }
+}
+export function lookupApiKey(db, presentedKey) {
+    const newHash = hashApiKey(presentedKey);
+    let row = db.get('SELECT id, user_id, expires_at FROM api_keys WHERE key_hash = ?', [newHash]);
+    if (row)
+        return row;
+    const legacyHash = legacyHashApiKey(presentedKey);
+    row = db.get('SELECT id, user_id, expires_at FROM api_keys WHERE key_hash = ?', [legacyHash]);
+    if (row) {
+        db.run('UPDATE api_keys SET key_hash = ? WHERE id = ?', [newHash, row.id]);
+        return row;
+    }
+    return null;
+}
 //# sourceMappingURL=api-keys.js.map

package/dist/auth/api-keys.js.map

@@ -1 +1 @@
-{"version":3,"file":"api-keys.js","sourceRoot":"","sources":["../../src/auth/api-keys.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEtD,MAAM,UAAU,cAAc;IAC5B,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,eAAe;IAC/D,MAAM,GAAG,GAAG,QAAQ,MAAM,EAAE,CAAC;IAC7B,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IAChC,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAClC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACxD,CAAC"}
+{"version":3,"file":"api-keys.js","sourceRoot":"","sources":["../../src/auth/api-keys.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACnF,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACxF,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAG5D,IAAI,YAAY,GAAkB,IAAI,CAAC;AAEvC,SAAS,eAAe;IACtB,IAAI,YAAY;QAAE,OAAO,YAAY,CAAC;IAEtC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;IACrD,IAAI,OAAO,EAAE,CAAC;QACZ,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,uEAAuE,CAAC,CAAC;QAC3F,CAAC;QACD,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC3C,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,MAAM,IAAI,GAAG,mBAAmB,EAAE,CAAC;IACnC,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACrB,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QAClD,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,yBAAyB,CAAC,CAAC;QAC9E,CAAC;QACD,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC3C,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC/B,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,aAAa,CAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC7D,IAAI,CAAC;QAAC,SAAS,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,mCAAmC,CAAC,CAAC;IAC7E,YAAY,GAAG,MAAM,CAAC;IACtB,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,MAAM,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC/C,MAAM,GAAG,GAAG,QAAQ,MAAM,EAAE,CAAC;IAC7B,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IAChC,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAClC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,OAAO,UAAU,CAAC,QAAQ,EAAE,eAAe,EAAE,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC3E,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAW;IACnC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACxD,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,CAAS,EAAE,CAAS;IAC/C,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,CAAC;QACH,OAAO,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC;IACvE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAQD,MAAM,UAAU,YAAY,CAAC,EAAY,EAAE,YAAoB;IAC7D,MAAM,OAAO,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;IACzC,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CACd,iEAAiE,EACjE,CAAC,OAAO,CAAC,CACV,CAAC;IACF,IAAI,GAAG;QAAE,OAAO,GAAG,CAAC;IAEpB,MAAM,UAAU,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAC;IAClD,GAAG,GAAG,EAAE,CAAC,GAAG,CACV,iEAAiE,EACjE,CAAC,UAAU,CAAC,CACb,CAAC;IACF,IAAI,GAAG,EAAE,CAAC;QACR,EAAE,CAAC,GAAG,CAAC,+CAA+C,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3E,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/auth/index.d.ts

@@ -1,4 +1,4 @@
 export { hashPassword, verifyPassword } from './passwords.js';
-export { generateApiKey, hashApiKey } from './api-keys.js';
+export { generateApiKey, hashApiKey, lookupApiKey, safeEqualHex } from './api-keys.js';
 export { createAuthMiddleware, registerAuthDecorator } from './middleware.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AACvF,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/auth/index.js

@@ -1,4 +1,4 @@
 export { hashPassword, verifyPassword } from './passwords.js';
-export { generateApiKey, hashApiKey } from './api-keys.js';
+export { generateApiKey, hashApiKey, lookupApiKey, safeEqualHex } from './api-keys.js';
 export { createAuthMiddleware, registerAuthDecorator } from './middleware.js';
 //# sourceMappingURL=index.js.map

package/dist/auth/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AACvF,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/auth/middleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/auth/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAG9C,OAAO,QAAQ,SAAS,CAAC;IACvB,UAAU,cAAc;QACtB,IAAI,CAAC,EAAE,IAAI,CAAC;KACb;CACF;AAED,wBAAgB,oBAAoB,CAAC,EAAE,EAAE,QAAQ,IAChB,SAAS,cAAc,EAAE,OAAO,YAAY,KAAG,OAAO,CAAC,IAAI,CAAC,CAsD5F;AAED,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,eAAe,GAAG,IAAI,CAEhE"}
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/auth/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAG9C,OAAO,QAAQ,SAAS,CAAC;IACvB,UAAU,cAAc;QACtB,IAAI,CAAC,EAAE,IAAI,CAAC;KACb;CACF;AAED,wBAAgB,oBAAoB,CAAC,EAAE,EAAE,QAAQ,IAChB,SAAS,cAAc,EAAE,OAAO,YAAY,KAAG,OAAO,CAAC,IAAI,CAAC,CAyC5F;AAED,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,eAAe,GAAG,IAAI,CAEhE"}

package/dist/auth/middleware.js

@@ -1,30 +1,22 @@
-import { hashApiKey } from './api-keys.js';
+import { lookupApiKey } from './api-keys.js';
 export function createAuthMiddleware(db) {
     return async function authHook(request, reply) {
-        // In local mode, skip auth entirely
-        const mode = process.env.OPALSERVE_MODE || 'local';
-        if (mode === 'local') {
-            return;
-        }
         const authHeader = request.headers.authorization;
         if (!authHeader || !authHeader.startsWith('Bearer ')) {
             reply.code(401).send({ ok: false, error: 'Missing or invalid Authorization header' });
             return;
         }
         const key = authHeader.slice(7);
-        const keyHash = hashApiKey(key);
-        const row = db.get('SELECT user_id, expires_at FROM api_keys WHERE key_hash = ?', [keyHash]);
+        const row = lookupApiKey(db, key);
         if (!row) {
             reply.code(401).send({ ok: false, error: 'Invalid API key' });
             return;
         }
-        // Check expiry
         if (row.expires_at && new Date(row.expires_at) < new Date()) {
             reply.code(401).send({ ok: false, error: 'API key has expired' });
             return;
         }
-        // Update last_used_at
-        db.run('UPDATE api_keys SET last_used_at = datetime("now") WHERE key_hash = ?', [keyHash]);
+        db.run('UPDATE api_keys SET last_used_at = datetime("now") WHERE id = ?', [row.id]);
         // Load user
         const user = db.get('SELECT id, email, display_name, created_at, updated_at FROM users WHERE id = ?', [row.user_id]);
         if (!user) {

package/dist/auth/middleware.js.map

@@ -1 +1 @@
-{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/auth/middleware.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAQ3C,MAAM,UAAU,oBAAoB,CAAC,EAAY;IAC/C,OAAO,KAAK,UAAU,QAAQ,CAAC,OAAuB,EAAE,KAAmB;QACzE,oCAAoC;QACpC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,OAAO,CAAC;QACnD,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;YACrB,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QACjD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACrD,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC,CAAC;YACtF,OAAO;QACT,CAAC;QAED,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAChC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;QAEhC,MAAM,GAAG,GAAG,EAAE,CAAC,GAAG,CAChB,6DAA6D,EAC7D,CAAC,OAAO,CAAC,CACV,CAAC;QAEF,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;YAC9D,OAAO;QACT,CAAC;QAED,eAAe;QACf,IAAI,GAAG,CAAC,UAAU,IAAI,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;YAClE,OAAO;QACT,CAAC;QAED,sBAAsB;QACtB,EAAE,CAAC,GAAG,CAAC,uEAAuE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;QAE3F,YAAY;QACZ,MAAM,IAAI,GAAG,EAAE,CAAC,GAAG,CACjB,gFAAgF,EAChF,CAAC,GAAG,CAAC,OAAO,CAAC,CACd,CAAC;QAEF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;YAC7D,OAAO;QACT,CAAC;QAED,OAAO,CAAC,IAAI,GAAG;YACb,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,SAAS,EAAE,IAAI,CAAC,UAAU;YAC1B,SAAS,EAAE,IAAI,CAAC,UAAU;SAC3B,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,GAAoB;IACxD,GAAG,CAAC,eAAe,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;AACzC,CAAC"}
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/auth/middleware.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAQ7C,MAAM,UAAU,oBAAoB,CAAC,EAAY;IAC/C,OAAO,KAAK,UAAU,QAAQ,CAAC,OAAuB,EAAE,KAAmB;QACzE,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;QACjD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACrD,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC,CAAC;YACtF,OAAO;QACT,CAAC;QAED,MAAM,GAAG,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAChC,MAAM,GAAG,GAAG,YAAY,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QAElC,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;YAC9D,OAAO;QACT,CAAC;QAED,IAAI,GAAG,CAAC,UAAU,IAAI,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;YAC5D,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;YAClE,OAAO;QACT,CAAC;QAED,EAAE,CAAC,GAAG,CAAC,iEAAiE,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;QAEpF,YAAY;QACZ,MAAM,IAAI,GAAG,EAAE,CAAC,GAAG,CACjB,gFAAgF,EAChF,CAAC,GAAG,CAAC,OAAO,CAAC,CACd,CAAC;QAEF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;YAC7D,OAAO;QACT,CAAC;QAED,OAAO,CAAC,IAAI,GAAG;YACb,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,SAAS,EAAE,IAAI,CAAC,UAAU;YAC1B,SAAS,EAAE,IAAI,CAAC,UAAU;SAC3B,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,GAAoB;IACxD,GAAG,CAAC,eAAe,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;AACzC,CAAC"}

package/dist/config/defaults.d.ts

@@ -1,5 +1,6 @@
 import type { OpalServeConfig } from '../types/index.js';
 export declare function getConfigDir(): string;
 export declare function getDefaultDbPath(): string;
+export declare function getApiKeySecretPath(): string;
 export declare function getDefaultConfig(): OpalServeConfig;
 //# sourceMappingURL=defaults.d.ts.map

package/dist/config/defaults.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"defaults.d.ts","sourceRoot":"","sources":["../../src/config/defaults.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAIzD,wBAAgB,YAAY,IAAI,MAAM,CAErC;AAED,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC;AAED,wBAAgB,gBAAgB,IAAI,eAAe,CASlD"}
+{"version":3,"file":"defaults.d.ts","sourceRoot":"","sources":["../../src/config/defaults.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAIzD,wBAAgB,YAAY,IAAI,MAAM,CAErC;AAED,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC;AAED,wBAAgB,mBAAmB,IAAI,MAAM,CAE5C;AAED,wBAAgB,gBAAgB,IAAI,eAAe,CASlD"}

package/dist/config/defaults.js

@@ -7,6 +7,9 @@ export function getConfigDir() {
 export function getDefaultDbPath() {
     return join(OPALSERVE_DIR, 'data.db');
 }
+export function getApiKeySecretPath() {
+    return join(OPALSERVE_DIR, 'api-key-secret');
+}
 export function getDefaultConfig() {
     return {
         mode: 'local',

package/dist/config/defaults.js.map

@@ -1 +1 @@
-{"version":3,"file":"defaults.js","sourceRoot":"","sources":["../../src/config/defaults.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAGjC,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,YAAY,CAAC,CAAC;AAEpD,MAAM,UAAU,YAAY;IAC1B,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,OAAO,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,OAAO;QACL,IAAI,EAAE,OAAO;QACb,OAAO,EAAE,EAAE;QACX,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE;QAC1C,OAAO,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;QACrB,OAAO,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE;QAC1B,IAAI,EAAE,EAAE;KACT,CAAC;AACJ,CAAC"}
+{"version":3,"file":"defaults.js","sourceRoot":"","sources":["../../src/config/defaults.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAGjC,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,YAAY,CAAC,CAAC;AAEpD,MAAM,UAAU,YAAY;IAC1B,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,OAAO,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,OAAO,IAAI,CAAC,aAAa,EAAE,gBAAgB,CAAC,CAAC;AAC/C,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,OAAO;QACL,IAAI,EAAE,OAAO;QACb,OAAO,EAAE,EAAE;QACX,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE;QAC1C,OAAO,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;QACrB,OAAO,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE;QAC1B,IAAI,EAAE,EAAE;KACT,CAAC;AACJ,CAAC"}

package/dist/constants.d.ts

@@ -1,4 +1,4 @@
-export declare const VERSION = "3.1.0";
+export declare const VERSION = "3.1.1";
 export declare const APP_NAME = "opalserve";
 export declare const DEFAULT_PORT = 3456;
 export declare const DEFAULT_HOST = "127.0.0.1";

package/dist/constants.js

@@ -1,4 +1,4 @@
-export const VERSION = '3.1.0';
+export const VERSION = '3.1.1';
 export const APP_NAME = 'opalserve';
 export const DEFAULT_PORT = 3456;
 export const DEFAULT_HOST = '127.0.0.1';

package/dist/server/app.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../../src/server/app.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,SAAS,CAAC;AAgB9B,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAI7D,wBAAsB,YAAY,CAAC,QAAQ,EAAE,iBAAiB,sSA8D7D;AAED,wBAAsB,WAAW,CAC/B,QAAQ,EAAE,iBAAiB,EAC3B,OAAO,CAAC,EAAE;IAAE,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,sSAW3C"}
+{"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../../src/server/app.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,SAAS,CAAC;AAkB9B,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAI7D,wBAAsB,YAAY,CAAC,QAAQ,EAAE,iBAAiB,sSA6F7D;AAED,wBAAsB,WAAW,CAC/B,QAAQ,EAAE,iBAAiB,EAC3B,OAAO,CAAC,EAAE;IAAE,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,sSAW3C"}

package/dist/server/app.js

@@ -1,5 +1,7 @@
 import Fastify from 'fastify';
 import cors from '@fastify/cors';
+import helmet from '@fastify/helmet';
+import rateLimit from '@fastify/rate-limit';
 import fastifyStatic from '@fastify/static';
 import { join, dirname } from 'node:path';
 import { fileURLToPath } from 'node:url';
@@ -19,8 +21,39 @@ export async function createServer(registry) {
     const app = Fastify({
         logger: false, // We use our own pino logger
     });
+    await app.register(helmet, {
+        contentSecurityPolicy: false,
+        crossOriginEmbedderPolicy: false,
+        crossOriginResourcePolicy: { policy: 'same-site' },
+    });
     await app.register(cors, {
-        origin: ['http://localhost:*', 'http://127.0.0.1:*'],
+        origin: (origin, cb) => {
+            if (!origin)
+                return cb(null, true);
+            if (/^https?:\/\/(localhost|127\.0\.0\.1)(:\d{1,5})?$/.test(origin)) {
+                return cb(null, true);
+            }
+            const extra = (process.env.OPALSERVE_CORS_ORIGINS ?? '')
+                .split(',')
+                .map(s => s.trim())
+                .filter(Boolean);
+            if (extra.includes(origin))
+                return cb(null, true);
+            return cb(new Error('Origin not allowed'), false);
+        },
+        credentials: false,
+    });
+    await app.register(rateLimit, {
+        global: true,
+        max: 200,
+        timeWindow: '1 minute',
+        skipOnError: true,
+        keyGenerator: (request) => {
+            const apiKey = request.headers.authorization?.startsWith('Bearer ')
+                ? request.headers.authorization.slice(7)
+                : null;
+            return apiKey ? `key:${apiKey.slice(0, 12)}` : `ip:${request.ip}`;
+        },
     });
     // Register the user decorator so request.user is available
     registerAuthDecorator(app);

package/dist/server/app.js.map

@@ -1 +1 @@
-{"version":3,"file":"app.js","sourceRoot":"","sources":["../../src/server/app.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,IAAI,MAAM,eAAe,CAAC;AACjC,OAAO,aAAa,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,EAAE,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AACpE,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGlD,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;AAEjC,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,QAA2B;IAC5D,MAAM,GAAG,GAAG,OAAO,CAAC;QAClB,MAAM,EAAE,KAAK,EAAG,6BAA6B;KAC9C,CAAC,CAAC;IAEH,MAAM,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE;QACvB,MAAM,EAAE,CAAC,oBAAoB,EAAE,oBAAoB,CAAC;KACrD,CAAC,CAAC;IAEH,2DAA2D;IAC3D,qBAAqB,CAAC,GAAG,CAAC,CAAC;IAE3B,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QACzC,GAAG,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACjD,GAAG,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,UAAU,EAAE,EAAE,UAAU,CAAC,CAAC;IAChG,CAAC,CAAC,CAAC;IAEH,yEAAyE;IACzE,IAAI,QAAQ,CAAC,YAAY,EAAE,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,oBAAoB,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;QAC9D,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;YAChD,iCAAiC;YACjC,MAAM,WAAW,GAAG;gBAClB,gBAAgB;gBAChB,uBAAuB;gBACvB,oBAAoB;gBACpB,mBAAmB;gBACnB,gBAAgB;gBAChB,YAAY;aACb,CAAC;YACF,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;YAClE,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjD,MAAM,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YACjC,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,sBAAsB;IACtB,oBAAoB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACpC,oBAAoB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACpC,kBAAkB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAClC,kBAAkB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAClC,wBAAwB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACxC,qBAAqB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACrC,mBAAmB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACnC,qBAAqB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAErC,4CAA4C;IAC5C,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1D,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;IACzD,IAAI,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QAC9B,MAAM,GAAG,CAAC,QAAQ,CAAC,aAAa,EAAE;YAChC,IAAI,EAAE,aAAa;YACnB,MAAM,EAAE,aAAa;YACrB,aAAa,EAAE,KAAK;SACrB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,QAA2B,EAC3B,OAA0C;IAE1C,MAAM,IAAI,GAAG,OAAO,EAAE,IAAI,IAAI,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3D,MAAM,IAAI,GAAG,OAAO,EAAE,IAAI,IAAI,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC;IAE3D,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC;IAEzC,MAAM,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IACjC,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,oBAAoB,CAAC,CAAC;IAE/C,OAAO,GAAG,CAAC;AACb,CAAC"}
+{"version":3,"file":"app.js","sourceRoot":"","sources":["../../src/server/app.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,IAAI,MAAM,eAAe,CAAC;AACjC,OAAO,MAAM,MAAM,iBAAiB,CAAC;AACrC,OAAO,SAAS,MAAM,qBAAqB,CAAC;AAC5C,OAAO,aAAa,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,EAAE,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AACpE,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGlD,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;AAEjC,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,QAA2B;IAC5D,MAAM,GAAG,GAAG,OAAO,CAAC;QAClB,MAAM,EAAE,KAAK,EAAG,6BAA6B;KAC9C,CAAC,CAAC;IAEH,MAAM,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE;QACzB,qBAAqB,EAAE,KAAK;QAC5B,yBAAyB,EAAE,KAAK;QAChC,yBAAyB,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE;KACnD,CAAC,CAAC;IAEH,MAAM,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE;QACvB,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE;YACrB,IAAI,CAAC,MAAM;gBAAE,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YACnC,IAAI,kDAAkD,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBACpE,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YACxB,CAAC;YACD,MAAM,KAAK,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,EAAE,CAAC;iBACrD,KAAK,CAAC,GAAG,CAAC;iBACV,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;iBAClB,MAAM,CAAC,OAAO,CAAC,CAAC;YACnB,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAAE,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;YAClD,OAAO,EAAE,CAAC,IAAI,KAAK,CAAC,oBAAoB,CAAC,EAAE,KAAK,CAAC,CAAC;QACpD,CAAC;QACD,WAAW,EAAE,KAAK;KACnB,CAAC,CAAC;IAEH,MAAM,GAAG,CAAC,QAAQ,CAAC,SAAS,EAAE;QAC5B,MAAM,EAAE,IAAI;QACZ,GAAG,EAAE,GAAG;QACR,UAAU,EAAE,UAAU;QACtB,WAAW,EAAE,IAAI;QACjB,YAAY,EAAE,CAAC,OAAO,EAAE,EAAE;YACxB,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,EAAE,UAAU,CAAC,SAAS,CAAC;gBACjE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC;gBACxC,CAAC,CAAC,IAAI,CAAC;YACT,OAAO,MAAM,CAAC,CAAC,CAAC,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,EAAE,EAAE,CAAC;QACpE,CAAC;KACF,CAAC,CAAC;IAEH,2DAA2D;IAC3D,qBAAqB,CAAC,GAAG,CAAC,CAAC;IAE3B,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QACzC,GAAG,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACjD,GAAG,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,UAAU,EAAE,EAAE,UAAU,CAAC,CAAC;IAChG,CAAC,CAAC,CAAC;IAEH,yEAAyE;IACzE,IAAI,QAAQ,CAAC,YAAY,EAAE,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,oBAAoB,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;QAC9D,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;YAChD,iCAAiC;YACjC,MAAM,WAAW,GAAG;gBAClB,gBAAgB;gBAChB,uBAAuB;gBACvB,oBAAoB;gBACpB,mBAAmB;gBACnB,gBAAgB;gBAChB,YAAY;aACb,CAAC;YACF,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;YAClE,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjD,MAAM,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;YACjC,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,sBAAsB;IACtB,oBAAoB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACpC,oBAAoB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACpC,kBAAkB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAClC,kBAAkB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAClC,wBAAwB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACxC,qBAAqB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACrC,mBAAmB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IACnC,qBAAqB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAErC,4CAA4C;IAC5C,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1D,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;IACzD,IAAI,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QAC9B,MAAM,GAAG,CAAC,QAAQ,CAAC,aAAa,EAAE;YAChC,IAAI,EAAE,aAAa;YACnB,MAAM,EAAE,aAAa;YACrB,aAAa,EAAE,KAAK;SACrB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,QAA2B,EAC3B,OAA0C;IAE1C,MAAM,IAAI,GAAG,OAAO,EAAE,IAAI,IAAI,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3D,MAAM,IAAI,GAAG,OAAO,EAAE,IAAI,IAAI,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC;IAE3D,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC;IAEzC,MAAM,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IACjC,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,oBAAoB,CAAC,CAAC;IAE/C,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/server/routes/_schemas.d.ts

@@ -0,0 +1,116 @@
+import { z } from 'zod';
+export declare const EmailSchema: z.ZodString;
+export declare const PasswordSchema: z.ZodString;
+export declare const RegisterBody: z.ZodObject<{
+    email: z.ZodString;
+    password: z.ZodString;
+    displayName: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    email: string;
+    password: string;
+    displayName?: string | undefined;
+}, {
+    email: string;
+    password: string;
+    displayName?: string | undefined;
+}>;
+export declare const LoginBody: z.ZodObject<{
+    email: z.ZodString;
+    password: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    email: string;
+    password: string;
+}, {
+    email: string;
+    password: string;
+}>;
+export declare const ApiKeyCreateBody: z.ZodObject<{
+    name: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+}, {
+    name: string;
+}>;
+export declare const UuidParam: z.ZodObject<{
+    id: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    id: string;
+}, {
+    id: string;
+}>;
+export declare const NameParam: z.ZodObject<{
+    name: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+}, {
+    name: string;
+}>;
+export declare const ContextDocBody: z.ZodObject<{
+    title: z.ZodString;
+    content: z.ZodString;
+    contentType: z.ZodOptional<z.ZodString>;
+    source: z.ZodOptional<z.ZodString>;
+    tags: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+}, "strip", z.ZodTypeAny, {
+    title: string;
+    content: string;
+    tags?: string[] | undefined;
+    contentType?: string | undefined;
+    source?: string | undefined;
+}, {
+    title: string;
+    content: string;
+    tags?: string[] | undefined;
+    contentType?: string | undefined;
+    source?: string | undefined;
+}>;
+export declare const SearchQuery: z.ZodObject<{
+    q: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    q: string;
+}, {
+    q: string;
+}>;
+export declare const ToolsQuery: z.ZodObject<{
+    server: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    server?: string | undefined;
+}, {
+    server?: string | undefined;
+}>;
+export declare const ToolsSearchQuery: z.ZodObject<{
+    q: z.ZodString;
+    limit: z.ZodOptional<z.ZodNumber>;
+    server: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    q: string;
+    server?: string | undefined;
+    limit?: number | undefined;
+}, {
+    q: string;
+    server?: string | undefined;
+    limit?: number | undefined;
+}>;
+export declare const PeriodQuery: z.ZodObject<{
+    period: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    period?: string | undefined;
+}, {
+    period?: string | undefined;
+}>;
+export declare const ToolIdParam: z.ZodObject<{
+    id: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    id: string;
+}, {
+    id: string;
+}>;
+export interface ValidationFailureReply {
+    status(code: number): {
+        send(body: unknown): unknown;
+    };
+}
+export declare function sendValidationError(reply: ValidationFailureReply, message: string, zodError?: {
+    flatten: () => unknown;
+}): unknown;
+//# sourceMappingURL=_schemas.d.ts.map

package/dist/server/routes/_schemas.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"_schemas.d.ts","sourceRoot":"","sources":["../../../src/server/routes/_schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,WAAW,aAA8B,CAAC;AACvD,eAAO,MAAM,cAAc,aAA6B,CAAC;AAEzD,eAAO,MAAM,YAAY;;;;;;;;;;;;EAIvB,CAAC;AAEH,eAAO,MAAM,SAAS;;;;;;;;;EAGpB,CAAC;AAEH,eAAO,MAAM,gBAAgB;;;;;;EAE3B,CAAC;AAEH,eAAO,MAAM,SAAS;;;;;;EAEpB,CAAC;AAEH,eAAO,MAAM,SAAS;;;;;;EAEpB,CAAC;AAEH,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;EAMzB,CAAC;AAEH,eAAO,MAAM,WAAW;;;;;;EAEtB,CAAC;AAEH,eAAO,MAAM,UAAU;;;;;;EAErB,CAAC;AAEH,eAAO,MAAM,gBAAgB;;;;;;;;;;;;EAI3B,CAAC;AAEH,eAAO,MAAM,WAAW;;;;;;EAEtB,CAAC;AAEH,eAAO,MAAM,WAAW;;;;;;EAEtB,CAAC;AAEH,MAAM,WAAW,sBAAsB;IACrC,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG;QAAE,IAAI,CAAC,IAAI,EAAE,OAAO,GAAG,OAAO,CAAA;KAAE,CAAC;CACxD;AAED,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,sBAAsB,EAC7B,OAAO,EAAE,MAAM,EACf,QAAQ,CAAC,EAAE;IAAE,OAAO,EAAE,MAAM,OAAO,CAAA;CAAE,GACpC,OAAO,CAMT"}

package/dist/server/routes/_schemas.js

@@ -0,0 +1,53 @@
+import { z } from 'zod';
+export const EmailSchema = z.string().email().max(254);
+export const PasswordSchema = z.string().min(8).max(256);
+export const RegisterBody = z.object({
+    email: EmailSchema,
+    password: PasswordSchema,
+    displayName: z.string().min(1).max(100).optional(),
+});
+export const LoginBody = z.object({
+    email: EmailSchema,
+    password: z.string().min(1).max(256),
+});
+export const ApiKeyCreateBody = z.object({
+    name: z.string().min(1).max(100),
+});
+export const UuidParam = z.object({
+    id: z.string().uuid(),
+});
+export const NameParam = z.object({
+    name: z.string().min(1).max(200).regex(/^[a-zA-Z0-9_\-.]+$/, 'Invalid name'),
+});
+export const ContextDocBody = z.object({
+    title: z.string().min(1).max(500),
+    content: z.string().min(1).max(1_000_000),
+    contentType: z.string().max(100).optional(),
+    source: z.string().max(2048).optional(),
+    tags: z.array(z.string().max(100)).max(50).optional(),
+});
+export const SearchQuery = z.object({
+    q: z.string().min(1).max(500),
+});
+export const ToolsQuery = z.object({
+    server: z.string().max(500).optional(),
+});
+export const ToolsSearchQuery = z.object({
+    q: z.string().min(1).max(500),
+    limit: z.coerce.number().int().min(1).max(100).optional(),
+    server: z.string().max(500).optional(),
+});
+export const PeriodQuery = z.object({
+    period: z.string().regex(/^\d+(h|d|w|m)$/, 'Period must look like 24h, 7d, 4w, 3m').optional(),
+});
+export const ToolIdParam = z.object({
+    id: z.string().min(1).max(500),
+});
+export function sendValidationError(reply, message, zodError) {
+    return reply.status(400).send({
+        ok: false,
+        error: message,
+        details: zodError?.flatten(),
+    });
+}
+//# sourceMappingURL=_schemas.js.map

package/dist/server/routes/_schemas.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"_schemas.js","sourceRoot":"","sources":["../../../src/server/routes/_schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AACvD,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AAEzD,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IACnC,KAAK,EAAE,WAAW;IAClB,QAAQ,EAAE,cAAc;IACxB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;CACnD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,KAAK,EAAE,WAAW;IAClB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;CACrC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE;CACtB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,oBAAoB,EAAE,cAAc,CAAC;CAC7E,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IACjC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC;IACzC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IAC3C,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;IACvC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;CAC9B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;CACvC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IAC7B,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;IACzD,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE;CACvC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,gBAAgB,EAAE,uCAAuC,CAAC,CAAC,QAAQ,EAAE;CAC/F,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;CAC/B,CAAC,CAAC;AAMH,MAAM,UAAU,mBAAmB,CACjC,KAA6B,EAC7B,OAAe,EACf,QAAqC;IAErC,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;QAC5B,EAAE,EAAE,KAAK;QACT,KAAK,EAAE,OAAO;QACd,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE;KAC7B,CAAC,CAAC;AACL,CAAC"}

package/dist/server/routes/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/server/routes/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAE/C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAKhE,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,eAAe,EAAE,QAAQ,EAAE,iBAAiB,GAAG,IAAI,CA+J1F"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/server/routes/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAE/C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAYhE,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,eAAe,EAAE,QAAQ,EAAE,iBAAiB,GAAG,IAAI,CAsK1F"}