openxiangda 1.0.89 → 1.0.90

package/packages/sdk/dist/runtime/index.cjs

@@ -827,6 +827,7 @@ __export(runtime_exports, {
   AuthClientError: () => AuthClientError,
   BuiltinRouteRenderer: () => BuiltinRouteRenderer,
   LoginPage: () => LoginPage,
+  OpenXiangdaPageProvider: () => OpenXiangdaPageProvider,
   OpenXiangdaProvider: () => OpenXiangdaProvider,
   PageProvider: () => PageProvider,
   PermissionBoundary: () => PermissionBoundary,
@@ -3622,1487 +3623,1610 @@ var usePageRoute = () => {
 init_cjs_shims();
 var import_react8 = require("react");
 
-// packages/sdk/src/runtime/react/auth.tsx
+// packages/sdk/src/runtime/host/browserHost.ts
 init_cjs_shims();
-var import_react7 = require("react");
-var import_antd2 = require("antd");
-var import_icons = require("@ant-design/icons");
-var import_jsx_runtime3 = require("react/jsx-runtime");
-var useAuth = (options = {}) => {
-  const runtime = useOpenXiangda();
-  const client = (0, import_react7.useMemo)(
-    () => createAuthClient({
-      appType: options.appType || runtime.appType,
-      servicePrefix: options.servicePrefix || runtime.servicePrefix,
-      fetchImpl: options.fetchImpl || runtime.fetchImpl
-    }),
-    [
-      options.appType,
-      options.fetchImpl,
-      options.servicePrefix,
-      runtime.appType,
-      runtime.fetchImpl,
-      runtime.servicePrefix
-    ]
-  );
-  return (0, import_react7.useMemo)(
-    () => ({
-      client,
-      getMethods: client.getMethods,
-      passwordLogin: client.passwordLogin,
-      dingtalkLogin: client.dingtalkLogin,
-      guestLogin: client.guestLogin,
-      sendPhoneCode: client.sendPhoneCode,
-      phoneCodeLogin: client.phoneCodeLogin,
-      registerWithPhoneCode: client.registerWithPhoneCode,
-      getSsoLoginUrl: client.getSsoLoginUrl,
-      refresh: client.refresh,
-      logout: client.logout,
-      resolveLoginUrl: client.resolveLoginUrl
-    }),
-    [client]
-  );
+var NAMESPACE_ROOT_CLASS2 = "sy-app-workspace";
+var defaultModuleLoader = (url2) => import(
+  /* @vite-ignore */
+  url2
+);
+var trimTrailingSlash = (value) => value.replace(/\/+$/, "");
+var getDefaultServicePrefix = () => typeof window !== "undefined" ? trimTrailingSlash(window.__OPENXIANGDA_SERVICE_PREFIX__ || "/service") : "/service";
+var joinServicePath = (servicePrefix, path) => {
+  if (/^https?:\/\//i.test(path)) return path;
+  const normalizedPrefix = trimTrailingSlash(servicePrefix || "/service");
+  if (path.startsWith(normalizedPrefix)) return path;
+  return `${normalizedPrefix}${path.startsWith("/") ? path : `/${path}`}`;
 };
-var useLoginMethods = (options = {}) => {
-  const auth = useAuth(options);
-  const [state, setState] = (0, import_react7.useState)({
-    data: null,
-    loading: true,
-    error: null
-  });
-  const reload = (0, import_react7.useCallback)(async () => {
-    setState((prev) => ({ ...prev, loading: true, error: null }));
-    try {
-      const data = await auth.getMethods();
-      setState({ data, loading: false, error: null });
-    } catch (error) {
-      setState({
-        data: null,
-        loading: false,
-        error: normalizeError(error)
-      });
+var appendQuery = (url2, query) => {
+  if (!query) return url2;
+  return `${url2}${url2.includes("?") ? "&" : "?"}${query}`;
+};
+var normalizeMethod2 = (method4) => {
+  const value = String(method4 || "get").toUpperCase();
+  return ["GET", "POST", "PUT", "DELETE", "PATCH"].includes(value) ? value : "GET";
+};
+var normalizeCssIsolation2 = (value) => {
+  if (value === "namespace" || value === "shadow" || value === "none") {
+    return value;
+  }
+  return "none";
+};
+var normalizeEnvelopeCode2 = (value, fallback) => {
+  if (value === void 0 || value === null || value === "") return fallback;
+  const normalized = Number(value);
+  return Number.isFinite(normalized) ? normalized : String(value);
+};
+var isSuccessCode4 = (value) => {
+  if (value === void 0 || value === null || value === "") return true;
+  const normalized = Number(value);
+  return Number.isFinite(normalized) ? normalized === 0 || normalized >= 200 && normalized < 300 : false;
+};
+var parseJsonResponse = async (response) => {
+  const payload = await response.json().catch(() => null);
+  if (!response.ok) {
+    const message7 = payload && typeof payload === "object" ? payload.message || payload.error || response.statusText : response.statusText;
+    throw new Error(message7 || "\u8BF7\u6C42\u5931\u8D25");
+  }
+  if (payload && typeof payload === "object" && "code" in payload) {
+    const code = normalizeEnvelopeCode2(payload.code, response.status);
+    return {
+      code,
+      success: payload.success !== false && isSuccessCode4(code),
+      message: payload.message,
+      result: payload.result ?? payload.data ?? null,
+      data: payload.data,
+      raw: payload
+    };
+  }
+  return {
+    code: response.status,
+    success: response.ok,
+    message: response.statusText,
+    result: payload,
+    data: payload,
+    raw: payload
+  };
+};
+var createBrowserPageBridge = (options = {}) => {
+  const servicePrefix = options.servicePrefix || getDefaultServicePrefix();
+  const fetchImpl = createBoundFetch(options.fetchImpl);
+  const request = async (payload) => {
+    if (!payload?.path) {
+      throw new Error("transport.request \u9700\u8981 path");
     }
-  }, [auth]);
-  (0, import_react7.useEffect)(() => {
-    let disposed = false;
-    const run = async () => {
-      setState((prev) => ({ ...prev, loading: true, error: null }));
-      try {
-        const data = await auth.getMethods();
-        if (!disposed) setState({ data, loading: false, error: null });
-      } catch (error) {
-        if (!disposed) {
-          setState({
-            data: null,
-            loading: false,
-            error: normalizeError(error)
-          });
-        }
+    const url2 = appendQuery(joinServicePath(servicePrefix, payload.path), payload.query);
+    const headers = new Headers(payload.headers);
+    let body;
+    if (payload.body !== void 0) {
+      if (payload.body instanceof FormData) {
+        body = payload.body;
+      } else {
+        headers.set("Content-Type", headers.get("Content-Type") || "application/json");
+        body = JSON.stringify(payload.body);
       }
+    }
+    const response = await fetchImpl(url2, {
+      method: normalizeMethod2(payload.method),
+      headers,
+      body,
+      credentials: "include"
+    });
+    return parseJsonResponse(response);
+  };
+  const download = async (payload) => {
+    if (!payload?.path) {
+      throw new Error("transport.download \u9700\u8981 path");
+    }
+    const url2 = appendQuery(joinServicePath(servicePrefix, payload.path), payload.query);
+    const headers = new Headers(payload.headers);
+    let body;
+    if (payload.body !== void 0) {
+      if (payload.body instanceof FormData) {
+        body = payload.body;
+      } else {
+        headers.set("Content-Type", headers.get("Content-Type") || "application/json");
+        body = JSON.stringify(payload.body);
+      }
+    }
+    const response = await fetchImpl(url2, {
+      method: normalizeMethod2(payload.method),
+      headers,
+      body,
+      credentials: "include"
+    });
+    if (!response.ok) {
+      throw new Error(response.statusText || "\u4E0B\u8F7D\u5931\u8D25");
+    }
+    return {
+      blob: await response.blob(),
+      contentType: response.headers.get("content-type") || void 0,
+      fileName: response.headers.get("content-disposition") || void 0,
+      headers: Object.fromEntries(response.headers.entries())
     };
-    void run();
-    return () => {
-      disposed = true;
-    };
-  }, [auth]);
+  };
   return {
-    ...state,
-    methods: state.data?.methods || [],
-    reload
+    invoke: async (method4, payload) => {
+      if (method4 === "transport.request") return await request(payload);
+      if (method4 === "transport.download") return await download(payload);
+      throw new Error(`\u4E0D\u652F\u6301\u7684 bridge \u65B9\u6CD5: ${method4}`);
+    }
   };
 };
-var LoginPage = ({
-  title,
-  subtitle,
-  className,
-  style: style2,
-  defaultMethod,
-  redirectUrl,
-  redirectOnSuccess = true,
-  onSuccess,
-  ...authOptions
-}) => {
-  const runtime = useOpenXiangda();
-  const auth = useAuth(authOptions);
-  const methodsState = useLoginMethods(authOptions);
-  const [passwordForm] = import_antd2.Form.useForm();
-  const [phoneForm] = import_antd2.Form.useForm();
-  const [activeMethod, setActiveMethod] = (0, import_react7.useState)(
-    defaultMethod || "password"
-  );
-  const [phonePurpose, setPhonePurpose] = (0, import_react7.useState)(
-    "login"
-  );
-  const [phoneChallengeId, setPhoneChallengeId] = (0, import_react7.useState)("");
-  const [submitting, setSubmitting] = (0, import_react7.useState)(false);
-  const [sendingCode, setSendingCode] = (0, import_react7.useState)(false);
-  const [error, setError] = (0, import_react7.useState)(null);
-  const methods = methodsState.methods.filter((method4) => method4.enabled !== false);
-  const passwordMethod = findMethod(methods, "password");
-  const phoneMethod = findMethod(methods, "phone_code");
-  const dingtalkMethod = findMethod(methods, "dingtalk");
-  const ssoMethod = findMethod(methods, "sso");
-  const guestMethod = findMethod(methods, "guest");
-  const allowRegister = methodsState.data?.registration?.mode !== "reject";
-  const tabItems = (0, import_react7.useMemo)(() => {
-    const items = [];
-    if (passwordMethod) {
-      items.push({
-        key: "password",
-        label: /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)(import_antd2.Space, { size: 6, children: [
-          /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_icons.UserOutlined, {}),
-          /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("span", { children: passwordMethod.label || "\u8D26\u53F7\u5BC6\u7801" })
-        ] }),
-        children: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
-          PasswordLoginForm,
-          {
-            form: passwordForm,
-            loading: submitting,
-            onFinish: async (values) => {
-              setSubmitting(true);
-              setError(null);
-              try {
-                await handleSuccess(
-                  await auth.passwordLogin({
-                    username: values.username,
-                    password: values.password
-                  })
-                );
-              } catch (loginError) {
-                setError(normalizeError(loginError).message);
-              } finally {
-                setSubmitting(false);
-              }
-            }
-          }
-        )
-      });
-    }
-    if (phoneMethod) {
-      items.push({
-        key: "phone_code",
-        label: /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)(import_antd2.Space, { size: 6, children: [
-          /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_icons.MobileOutlined, {}),
-          /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("span", { children: phoneMethod.label || "\u624B\u673A\u53F7" })
-        ] }),
-        children: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
-          PhoneCodeLoginForm,
-          {
-            allowRegister,
-            form: phoneForm,
-            loading: submitting,
-            phonePurpose,
-            sendingCode,
-            onPurposeChange: setPhonePurpose,
-            onSendCode: async () => {
-              const values = await phoneForm.validateFields(["phone"]);
-              setSendingCode(true);
-              setError(null);
-              try {
-                const result = await auth.sendPhoneCode({
-                  phone: values.phone,
-                  purpose: phonePurpose
-                });
-                setPhoneChallengeId(result.challengeId);
-              } catch (sendError) {
-                setError(normalizeError(sendError).message);
-              } finally {
-                setSendingCode(false);
-              }
-            },
-            onFinish: async (values) => {
-              setSubmitting(true);
-              setError(null);
-              try {
-                const data = phonePurpose === "register" ? await auth.registerWithPhoneCode({
-                  phone: values.phone,
-                  code: values.code,
-                  challengeId: phoneChallengeId
-                }) : await auth.phoneCodeLogin({
-                  phone: values.phone,
-                  code: values.code,
-                  challengeId: phoneChallengeId
-                });
-                await handleSuccess(data);
-              } catch (loginError) {
-                setError(normalizeError(loginError).message);
-              } finally {
-                setSubmitting(false);
-              }
-            }
-          }
-        )
-      });
-    }
-    return items;
-  }, [
-    allowRegister,
-    auth,
-    handleSuccess,
-    passwordForm,
-    passwordMethod,
-    phoneChallengeId,
-    phoneForm,
-    phoneMethod,
-    phonePurpose,
-    sendingCode,
-    submitting
-  ]);
-  (0, import_react7.useEffect)(() => {
-    const firstKey = tabItems[0]?.key;
-    if (firstKey && !tabItems.some((item) => item.key === activeMethod)) {
-      setActiveMethod(firstKey);
-    }
-  }, [activeMethod, tabItems]);
-  const handleDingTalkLogin = async () => {
-    setSubmitting(true);
-    setError(null);
-    try {
-      const code = await requestDingTalkCode(dingtalkMethod);
-      await handleSuccess(
-        await auth.dingtalkLogin({
-          code,
-          corpId: getString(dingtalkMethod, "corpId")
-        })
-      );
-    } catch (loginError) {
-      setError(normalizeError(loginError).message);
-    } finally {
-      setSubmitting(false);
-    }
+var createBrowserPageContext = (bootstrap, options = {}) => {
+  const route = {
+    pathname: options.route?.pathname || (typeof window !== "undefined" ? window.location.pathname : ""),
+    fullPath: options.route?.fullPath || (typeof window !== "undefined" ? `${window.location.pathname}${window.location.search}${window.location.hash}` : ""),
+    params: options.route?.params || {},
+    query: options.route?.query || {},
+    hash: options.route?.hash || (typeof window !== "undefined" ? window.location.hash : "")
   };
-  const handleSsoLogin = async () => {
-    setSubmitting(true);
-    setError(null);
-    try {
-      const redirectUri = getCurrentHref3();
-      const result = await auth.getSsoLoginUrl({
-        protocol: getString(ssoMethod, "protocol") || "cas",
-        redirectUri
-      });
-      window.location.assign(result.loginUrl);
-    } catch (loginError) {
-      setError(normalizeError(loginError).message);
-      setSubmitting(false);
+  return {
+    protocolVersion: bootstrap.asset?.protocolVersion || "1.0",
+    app: bootstrap.app,
+    page: {
+      ...bootstrap.page,
+      version: bootstrap.asset?.version || bootstrap.page.version,
+      buildId: bootstrap.asset?.buildId || bootstrap.page.buildId
+    },
+    user: bootstrap.user,
+    route,
+    env: bootstrap.env || {},
+    permissions: {
+      canView: bootstrap.permissions?.canView !== false,
+      hasFullAccess: bootstrap.permissions?.hasFullAccess === true,
+      ...bootstrap.permissions || {}
+    },
+    capabilities: Array.from(
+      /* @__PURE__ */ new Set([
+        "navigation",
+        "ui.message",
+        "ui.modal",
+        "transport.request",
+        "transport.download",
+        ...bootstrap.sdk?.supportedBridgeMethods || []
+      ])
+    ),
+    ui: {
+      message: {
+        success: (text) => options.message?.success?.(text),
+        error: (text) => options.message?.error?.(text),
+        warning: (text) => options.message?.warning?.(text),
+        info: (text) => options.message?.info?.(text),
+        loading: (text) => options.message?.loading?.(text) || (() => void 0)
+      },
+      modal: {
+        confirm: (input) => options.modal?.confirm?.(input) || Promise.resolve(false)
+      }
+    },
+    navigation: {
+      pushPage: (pageKey, query) => options.navigation?.pushPage?.(pageKey, query),
+      replacePage: (pageKey, query) => options.navigation?.replacePage?.(pageKey, query),
+      pushRoute: (routeValue, query) => options.navigation?.pushRoute?.(routeValue, query),
+      replaceRoute: (routeValue, query) => options.navigation?.replaceRoute?.(routeValue, query),
+      updateQuery: (query) => options.navigation?.updateQuery?.(query),
+      setHash: (hash) => options.navigation?.setHash?.(hash),
+      back: () => options.navigation?.back?.()
+    },
+    bridge: createBrowserPageBridge(options),
+    sdk: {
+      ...bootstrap.sdk,
+      supportedBridgeMethods: ["transport.request", "transport.download"]
     }
   };
-  const handleGuestLogin = async () => {
-    setSubmitting(true);
-    setError(null);
-    try {
-      await handleSuccess(
-        await auth.guestLogin({
-          guestIdentifier: getOrCreateGuestIdentifier(auth.client),
-          domain: getCurrentHostname()
-        })
-      );
-    } catch (loginError) {
-      setError(normalizeError(loginError).message);
-    } finally {
-      setSubmitting(false);
-    }
+};
+var resolveRuntimeAssets = async (bootstrap, fetchImpl = fetch) => {
+  const boundFetch = createBoundFetch(fetchImpl);
+  const fallback = {
+    entryUrl: bootstrap.runtimeAssets?.entryUrl || bootstrap.asset?.entryUrl || "",
+    cssUrls: bootstrap.runtimeAssets?.cssUrls || bootstrap.asset?.cssAssets || [],
+    jsUrls: bootstrap.runtimeAssets?.jsUrls || bootstrap.asset?.jsAssets || [],
+    cssIsolation: normalizeCssIsolation2(
+      bootstrap.runtimeAssets?.cssIsolation || bootstrap.page.capabilities?.cssIsolation
+    )
   };
-  async function handleSuccess(data) {
-    await onSuccess?.(data);
-    await runtime.reload();
-    if (redirectOnSuccess && typeof window !== "undefined") {
-      window.location.replace(
-        redirectUrl || getCallbackUrl() || `/view/${auth.client.appType}`
-      );
-    }
+  if (bootstrap.runtimeAssets?.entryUrl || !bootstrap.asset?.manifestUrl) {
+    return fallback;
   }
-  return /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
-    "div",
+  try {
+    const response = await boundFetch(bootstrap.asset.manifestUrl, {
+      credentials: "omit"
+    });
+    if (!response.ok) return fallback;
+    const manifest = await response.json();
+    const base = bootstrap.asset.manifestUrl;
+    const resolveUrl = (value) => new URL(value, base).toString();
+    return {
+      entryUrl: manifest?.entry?.url ? resolveUrl(manifest.entry.url) : fallback.entryUrl,
+      cssUrls: Array.isArray(manifest?.assets?.css) ? manifest.assets.css.map(resolveUrl) : fallback.cssUrls,
+      jsUrls: Array.isArray(manifest?.assets?.js) ? manifest.assets.js.map(resolveUrl) : fallback.jsUrls,
+      cssIsolation: normalizeCssIsolation2(
+        manifest?.style?.isolation || fallback.cssIsolation
+      )
+    };
+  } catch {
+    return fallback;
+  }
+};
+var fetchBrowserRuntimeBootstrap = async ({
+  appType,
+  bootstrapPath,
+  fetchImpl = fetch,
+  pageKey,
+  servicePrefix
+}) => {
+  if (!appType) {
+    throw new Error("appType \u7F3A\u5931");
+  }
+  if (!pageKey) {
+    throw new Error("pageKey \u7F3A\u5931");
+  }
+  const path = bootstrapPath || `/openxiangda-api/v1/apps/${encodeURIComponent(
+    appType
+  )}/pages/${encodeURIComponent(pageKey)}/bootstrap`;
+  const boundFetch = createBoundFetch(fetchImpl);
+  const response = await boundFetch(
+    joinServicePath(servicePrefix || getDefaultServicePrefix(), path),
     {
-      className,
-      style: {
-        minHeight: "100vh",
-        display: "grid",
-        placeItems: "center",
-        padding: 24,
-        background: "#f6f8fb",
-        ...style2
-      },
-      children: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
-        import_antd2.Card,
-        {
-          style: {
-            width: "min(100%, 420px)",
-            borderRadius: 8,
-            boxShadow: "0 16px 48px rgba(15, 23, 42, 0.10)"
-          },
-          styles: { body: { padding: 28 } },
-          children: /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)(import_antd2.Space, { direction: "vertical", size: 20, style: { width: "100%" }, children: [
-            /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)("div", { children: [
-              /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Typography.Title, { level: 3, style: { margin: 0 }, children: title || "\u5E94\u7528\u767B\u5F55" }),
-              subtitle ? /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Typography.Text, { type: "secondary", children: subtitle }) : null
-            ] }),
-            methodsState.error ? /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
-              import_antd2.Alert,
-              {
-                showIcon: true,
-                type: "error",
-                message: methodsState.error.message
-              }
-            ) : null,
-            error ? /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Alert, { showIcon: true, type: "error", message: error }) : null,
-            methodsState.loading ? /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Button, { block: true, loading: true, children: "\u52A0\u8F7D\u4E2D" }) : tabItems.length > 0 ? /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
-              import_antd2.Tabs,
-              {
-                activeKey: activeMethod,
-                items: tabItems,
-                onChange: setActiveMethod
-              }
-            ) : /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Empty, { description: "\u672A\u542F\u7528\u767B\u5F55\u65B9\u5F0F" }),
-            /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)(import_antd2.Space, { direction: "vertical", size: 10, style: { width: "100%" }, children: [
-              dingtalkMethod ? /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
-                import_antd2.Button,
-                {
-                  block: true,
-                  icon: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_icons.QrcodeOutlined, {}),
-                  loading: submitting,
-                  onClick: handleDingTalkLogin,
-                  children: dingtalkMethod.label || "\u9489\u9489\u514D\u767B"
-                }
-              ) : null,
-              ssoMethod ? /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
-                import_antd2.Button,
-                {
-                  block: true,
-                  icon: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_icons.SafetyCertificateOutlined, {}),
-                  loading: submitting,
-                  onClick: handleSsoLogin,
-                  children: ssoMethod.label || "SSO \u767B\u5F55"
-                }
-              ) : null,
-              guestMethod ? /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
-                import_antd2.Button,
-                {
-                  block: true,
-                  icon: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_icons.LoginOutlined, {}),
-                  loading: submitting,
-                  onClick: handleGuestLogin,
-                  children: guestMethod.label || "\u8BBF\u5BA2\u8BBF\u95EE"
-                }
-              ) : null
-            ] })
-          ] })
-        }
-      )
+      method: "GET",
+      credentials: "include"
     }
   );
-};
-var PasswordLoginForm = ({ form, loading, onFinish }) => /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)(import_antd2.Form, { form, layout: "vertical", requiredMark: false, onFinish, children: [
-  /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
-    import_antd2.Form.Item,
-    {
-      label: "\u8D26\u53F7",
-      name: "username",
-      rules: [{ required: true, message: "\u8BF7\u8F93\u5165\u8D26\u53F7" }],
-      children: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Input, { autoComplete: "username" })
-    }
-  ),
-  /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
-    import_antd2.Form.Item,
-    {
-      label: "\u5BC6\u7801",
-      name: "password",
-      rules: [{ required: true, message: "\u8BF7\u8F93\u5165\u5BC6\u7801" }],
-      children: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Input.Password, { autoComplete: "current-password" })
-    }
-  ),
-  /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Button, { block: true, htmlType: "submit", icon: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_icons.LoginOutlined, {}), loading, type: "primary", children: "\u767B\u5F55" })
-] });
-var PhoneCodeLoginForm = ({
-  allowRegister,
-  form,
-  loading,
-  phonePurpose,
-  sendingCode,
-  onPurposeChange,
-  onSendCode,
-  onFinish
-}) => /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)(import_antd2.Form, { form, layout: "vertical", requiredMark: false, onFinish, children: [
-  allowRegister ? /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Form.Item, { style: { marginBottom: 12 }, children: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
-    import_antd2.Tabs,
-    {
-      activeKey: phonePurpose,
-      items: [
-        { key: "login", label: "\u767B\u5F55" },
-        { key: "register", label: "\u6CE8\u518C" }
-      ],
-      onChange: (key) => onPurposeChange(key === "register" ? "register" : "login"),
-      size: "small"
-    }
-  ) }) : null,
-  /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
-    import_antd2.Form.Item,
-    {
-      label: "\u624B\u673A\u53F7",
-      name: "phone",
-      rules: [{ required: true, message: "\u8BF7\u8F93\u5165\u624B\u673A\u53F7" }],
-      children: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Input, { autoComplete: "tel" })
-    }
-  ),
-  /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
-    import_antd2.Form.Item,
-    {
-      label: "\u9A8C\u8BC1\u7801",
-      name: "code",
-      rules: [{ required: true, message: "\u8BF7\u8F93\u5165\u9A8C\u8BC1\u7801" }],
-      children: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
-        import_antd2.Input,
-        {
-          addonAfter: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
-            import_antd2.Button,
-            {
-              loading: sendingCode,
-              onClick: onSendCode,
-              size: "small",
-              type: "link",
-              children: "\u53D1\u9001"
-            }
-          ),
-          autoComplete: "one-time-code"
-        }
-      )
-    }
-  ),
-  /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Button, { block: true, htmlType: "submit", icon: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_icons.MobileOutlined, {}), loading, type: "primary", children: phonePurpose === "register" ? "\u6CE8\u518C" : "\u767B\u5F55" })
-] });
-var findMethod = (methods, type4) => methods.find((method4) => method4.type === type4);
-var normalizeError = (error) => error instanceof Error ? error : new Error(String(error || "\u8BF7\u6C42\u5931\u8D25"));
-var getString = (value, key) => {
-  if (!value || typeof value !== "object") return void 0;
-  const result = value[key];
-  return typeof result === "string" ? result : void 0;
-};
-var requestDingTalkCode = (method4) => {
-  const dd = typeof window === "undefined" ? void 0 : window.dd;
-  const corpId = getString(method4, "corpId");
-  return new Promise((resolve, reject) => {
-    const requestAuthCode = dd?.runtime?.permission?.requestAuthCode || dd?.requestAuthCode;
-    if (!requestAuthCode) {
-      reject(new Error("\u5F53\u524D\u73AF\u5883\u4E0D\u652F\u6301\u9489\u9489\u514D\u767B"));
-      return;
+  const payload = await response.json().catch(() => null);
+  if (!response.ok) {
+    throw new Error(payload?.message || response.statusText || "\u83B7\u53D6\u9875\u9762\u8FD0\u884C\u65F6\u5931\u8D25");
+  }
+  if (payload && typeof payload === "object" && ("code" in payload || "success" in payload)) {
+    if (payload.success === false || payload.code && Number(payload.code) !== 200) {
+      throw new Error(payload.message || "\u83B7\u53D6\u9875\u9762\u8FD0\u884C\u65F6\u5931\u8D25");
     }
-    requestAuthCode({
-      corpId,
-      onSuccess: (result) => {
-        if (result?.code) resolve(result.code);
-        else reject(new Error("\u9489\u9489\u672A\u8FD4\u56DE\u514D\u767B\u7801"));
-      },
-      onFail: (error) => reject(normalizeError(error))
-    });
-  });
-};
-var getOrCreateGuestIdentifier = (client) => {
-  const key = `openxiangda:${client.appType}:guest_id`;
-  if (typeof window === "undefined") return createGuestIdentifier();
-  const current = window.localStorage.getItem(key);
-  if (current) return current;
-  const next = createGuestIdentifier();
-  window.localStorage.setItem(key, next);
-  return next;
-};
-var createGuestIdentifier = () => `guest_${Date.now()}_${Math.random().toString(36).slice(2, 10)}`;
-var getCurrentHref3 = () => typeof window === "undefined" ? "" : window.location.href;
-var getCurrentHostname = () => typeof window === "undefined" ? "" : window.location.hostname;
-var getCallbackUrl = () => {
-  if (typeof window === "undefined") return "";
-  const query = new URLSearchParams(window.location.search);
-  return query.get("callback") || query.get("redirectUri") || "";
-};
-
-// packages/sdk/src/runtime/react/openxiangdaProvider.tsx
-var import_jsx_runtime4 = require("react/jsx-runtime");
-var RuntimeHttpError = class extends Error {
-  constructor(snapshot) {
-    super(snapshot.message);
-    this.name = "RuntimeHttpError";
-    this.type = snapshot.type;
-    this.status = snapshot.status;
-    this.code = snapshot.code;
-    this.payload = snapshot.payload;
+    return payload.data || {};
   }
+  return payload || {};
 };
-var OpenXiangdaRuntimeContext = (0, import_react8.createContext)(null);
-var OpenXiangdaProvider = ({
+var resolveBrowserRuntimeRoute = async ({
   appType,
-  servicePrefix = "/service",
-  fetchImpl,
-  children
+  fetchImpl = fetch,
+  path,
+  resolvePath,
+  search,
+  servicePrefix
 }) => {
-  const resolvedFetch = (0, import_react8.useMemo)(() => createBoundFetch(fetchImpl), [fetchImpl]);
-  const resolvedAppType = (0, import_react8.useMemo)(
-    () => appType || resolveAppTypeFromLocation(),
-    [appType]
+  if (!appType) {
+    throw new Error("appType \u7F3A\u5931");
+  }
+  const currentPath = path || (typeof window !== "undefined" ? window.location.pathname : "/");
+  const currentSearch = search !== void 0 ? search : typeof window !== "undefined" ? window.location.search : "";
+  const endpoint = resolvePath || `/openxiangda-api/v1/apps/${encodeURIComponent(
+    appType
+  )}/runtime/routes/resolve`;
+  const boundFetch = createBoundFetch(fetchImpl);
+  const response = await boundFetch(
+    joinServicePath(servicePrefix || getDefaultServicePrefix(), endpoint),
+    {
+      method: "POST",
+      credentials: "include",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        path: currentPath,
+        search: currentSearch
+      })
+    }
   );
-  const [accessToken, setAccessTokenState] = (0, import_react8.useState)(null);
-  const setAccessToken = (0, import_react8.useCallback)(
-    (nextAccessToken) => {
-      setAccessTokenState(nextAccessToken || null);
-    },
-    []
+  const parsed = await parseJsonResponse(response);
+  if (!parsed.success || !parsed.result) {
+    throw new Error(parsed.message || "\u89E3\u6790\u8FD0\u884C\u65F6\u8DEF\u7531\u5931\u8D25");
+  }
+  return parsed.result;
+};
+var loadRuntimeScriptModules = async (jsUrls = [], moduleLoader = defaultModuleLoader) => {
+  const urls = Array.from(
+    new Set(jsUrls.map((url2) => String(url2 || "").trim()).filter(Boolean))
   );
-  const authorizedFetch = (0, import_react8.useMemo)(
-    () => createAuthorizedFetch(resolvedFetch, accessToken),
-    [accessToken, resolvedFetch]
+  for (const url2 of urls) {
+    await moduleLoader(url2);
+  }
+};
+var loadCustomPageModule = async (entryUrl, moduleLoader = defaultModuleLoader, jsUrls = []) => {
+  if (!entryUrl) {
+    throw new Error("\u4EE3\u7801\u9875\u9762\u7F3A\u5C11 entryUrl");
+  }
+  await loadRuntimeScriptModules(
+    jsUrls.filter((url2) => url2 && url2 !== entryUrl),
+    moduleLoader
   );
-  const [state, setState] = (0, import_react8.useState)({
+  const loaded = await moduleLoader(entryUrl);
+  return loaded?.default && (loaded.default.mount || loaded.default.unmount) ? { ...loaded.default, ...loaded } : loaded || {};
+};
+var mountCustomPageRuntime = async ({
+  assets,
+  container,
+  context,
+  module: module2
+}) => {
+  const cssIsolation = normalizeCssIsolation2(assets?.cssIsolation);
+  const mountedLinks = [];
+  container.innerHTML = "";
+  container.classList.toggle(NAMESPACE_ROOT_CLASS2, cssIsolation === "namespace");
+  (assets?.cssUrls || []).forEach((href) => {
+    const link = document.createElement("link");
+    link.rel = "stylesheet";
+    link.href = href;
+    link.setAttribute("data-openxiangda-runtime-style", href);
+    document.head.appendChild(link);
+    mountedLinks.push(link);
+  });
+  await module2.mount?.(container, context);
+  return async () => {
+    await module2.unmount?.(container, context);
+    mountedLinks.forEach((link) => link.remove());
+    container.classList.remove(NAMESPACE_ROOT_CLASS2);
+    container.innerHTML = "";
+  };
+};
+var mountBrowserPageRuntime = async (options) => {
+  const bootstrap = await fetchBrowserRuntimeBootstrap({
+    appType: options.appType,
+    pageKey: options.pageKey,
+    bootstrapPath: options.bootstrapPath,
+    fetchImpl: options.fetchImpl,
+    servicePrefix: options.servicePrefix
+  });
+  if (bootstrap.permissions?.canView === false) {
+    throw new Error(String(bootstrap.permissions.message || "\u60A8\u6CA1\u6709\u6743\u9650\u8BBF\u95EE\u8BE5\u9875\u9762"));
+  }
+  const assets = await resolveRuntimeAssets(bootstrap, options.fetchImpl || fetch);
+  if (!assets.entryUrl) {
+    throw new Error("\u4EE3\u7801\u9875\u9762\u7F3A\u5C11 entryUrl");
+  }
+  const context = createBrowserPageContext(bootstrap, options);
+  const module2 = await loadCustomPageModule(
+    assets.entryUrl,
+    options.moduleLoader,
+    assets.jsUrls
+  );
+  const cleanup2 = await mountCustomPageRuntime({
+    assets,
+    container: options.container,
+    context,
+    module: module2
+  });
+  return {
+    bootstrap,
+    assets,
+    context,
+    module: module2,
+    cleanup: cleanup2
+  };
+};
+
+// packages/sdk/src/runtime/react/auth.tsx
+init_cjs_shims();
+var import_react7 = require("react");
+var import_antd2 = require("antd");
+var import_icons = require("@ant-design/icons");
+var import_jsx_runtime3 = require("react/jsx-runtime");
+var useAuth = (options = {}) => {
+  const runtime = useOpenXiangda();
+  const client = (0, import_react7.useMemo)(
+    () => createAuthClient({
+      appType: options.appType || runtime.appType,
+      servicePrefix: options.servicePrefix || runtime.servicePrefix,
+      fetchImpl: options.fetchImpl || runtime.fetchImpl
+    }),
+    [
+      options.appType,
+      options.fetchImpl,
+      options.servicePrefix,
+      runtime.appType,
+      runtime.fetchImpl,
+      runtime.servicePrefix
+    ]
+  );
+  return (0, import_react7.useMemo)(
+    () => ({
+      client,
+      getMethods: client.getMethods,
+      passwordLogin: client.passwordLogin,
+      dingtalkLogin: client.dingtalkLogin,
+      guestLogin: client.guestLogin,
+      sendPhoneCode: client.sendPhoneCode,
+      phoneCodeLogin: client.phoneCodeLogin,
+      registerWithPhoneCode: client.registerWithPhoneCode,
+      getSsoLoginUrl: client.getSsoLoginUrl,
+      refresh: client.refresh,
+      logout: client.logout,
+      resolveLoginUrl: client.resolveLoginUrl
+    }),
+    [client]
+  );
+};
+var useLoginMethods = (options = {}) => {
+  const auth = useAuth(options);
+  const [state, setState] = (0, import_react7.useState)({
     data: null,
     loading: true,
     error: null
   });
-  const reload = (0, import_react8.useCallback)(async (options = {}) => {
-    if (!resolvedAppType) {
-      setState({
-        data: null,
-        loading: false,
-        error: createRuntimeError({
-          message: "appType \u4E0D\u80FD\u4E3A\u7A7A",
-          type: "unknown"
-        })
-      });
-      return;
-    }
+  const reload = (0, import_react7.useCallback)(async () => {
     setState((prev) => ({ ...prev, loading: true, error: null }));
-    const requestFetch = options.accessToken !== void 0 ? createAuthorizedFetch(resolvedFetch, options.accessToken || null) : authorizedFetch;
     try {
-      const response = await requestFetch(
-        buildServiceUrl3(
-          servicePrefix,
-          `/openxiangda-api/v1/apps/${encodeURIComponent(
-            resolvedAppType
-          )}/runtime/bootstrap`
-        ),
-        {
-          credentials: "include",
-          headers: { accept: "application/json" }
-        }
-      );
-      const payload = await readJsonPayload(response);
-      if (isRuntimeEnvelopeFailure(response, payload)) {
-        throw createRuntimeHttpError(
-          response,
-          payload,
-          payload?.message || `Runtime bootstrap failed: ${response.status}`
-        );
-      }
-      setState({
-        data: payload?.data || null,
-        loading: false,
-        error: null
-      });
+      const data = await auth.getMethods();
+      setState({ data, loading: false, error: null });
     } catch (error) {
       setState({
         data: null,
         loading: false,
-        error: normalizeRuntimeError(error)
+        error: normalizeError(error)
       });
     }
-  }, [authorizedFetch, resolvedAppType, resolvedFetch, servicePrefix]);
-  (0, import_react8.useEffect)(() => {
-    void reload();
-  }, [reload]);
-  const value = (0, import_react8.useMemo)(
-    () => ({
-      ...state,
-      appType: resolvedAppType,
-      servicePrefix,
-      fetchImpl: authorizedFetch,
-      reload,
-      setAccessToken
-    }),
-    [authorizedFetch, reload, resolvedAppType, servicePrefix, state]
-  );
-  return /* @__PURE__ */ (0, import_jsx_runtime4.jsx)(OpenXiangdaRuntimeContext.Provider, { value, children });
-};
-var useOpenXiangda = () => {
-  const context = (0, import_react8.useContext)(OpenXiangdaRuntimeContext);
-  if (!context) {
-    throw new Error("useOpenXiangda must be used inside OpenXiangdaProvider");
-  }
-  return context;
-};
-var useRuntimeBootstrap = () => useOpenXiangda();
-var useAppMenus = () => {
-  const runtime = useOpenXiangda();
-  return {
-    ...runtime,
-    data: runtime.data?.menus || []
-  };
-};
-var usePermission = () => {
-  const runtime = useOpenXiangda();
+  }, [auth]);
+  (0, import_react7.useEffect)(() => {
+    let disposed = false;
+    const run = async () => {
+      setState((prev) => ({ ...prev, loading: true, error: null }));
+      try {
+        const data = await auth.getMethods();
+        if (!disposed) setState({ data, loading: false, error: null });
+      } catch (error) {
+        if (!disposed) {
+          setState({
+            data: null,
+            loading: false,
+            error: normalizeError(error)
+          });
+        }
+      }
+    };
+    void run();
+    return () => {
+      disposed = true;
+    };
+  }, [auth]);
   return {
-    ...runtime,
-    data: runtime.data?.permissions || null
+    ...state,
+    methods: state.data?.methods || [],
+    reload
   };
 };
-var useCanAccessRoute = (input) => {
+var LoginPage = ({
+  title,
+  subtitle,
+  className,
+  style: style2,
+  defaultMethod,
+  redirectUrl,
+  redirectOnSuccess = true,
+  onSuccess,
+  ...authOptions
+}) => {
   const runtime = useOpenXiangda();
-  const [state, setState] = (0, import_react8.useState)({
-    data: null,
-    loading: true,
-    error: null
-  });
-  (0, import_react8.useEffect)(() => {
-    let disposed = false;
-    const check = async () => {
-      const permissions = runtime.data?.permissions;
-      if (!runtime.appType || runtime.loading) {
-        setState((prev) => ({ ...prev, loading: runtime.loading }));
-        return;
-      }
-      if (runtime.error && !runtime.data) {
-        const snapshot = toRuntimeErrorSnapshot(runtime.error);
-        setState({
-          data: {
-            appType: runtime.appType,
-            canAccess: false,
-            status: snapshot.status,
-            code: snapshot.code,
-            message: snapshot.message,
-            errorType: snapshot.type,
-            payload: snapshot.payload
-          },
-          loading: false,
-          error: runtime.error
-        });
-        return;
-      }
-      if (permissions?.hasFullAccess) {
-        setState({
-          data: { appType: runtime.appType, canAccess: true, permissions },
-          loading: false,
-          error: null
-        });
-        return;
-      }
-      setState((prev) => ({ ...prev, loading: true, error: null }));
-      try {
-        const response = await runtime.fetchImpl(
-          buildServiceUrl3(
-            runtime.servicePrefix,
-            `/openxiangda-api/v1/apps/${encodeURIComponent(
-              runtime.appType
-            )}/runtime/routes/check`
-          ),
+  const auth = useAuth(authOptions);
+  const methodsState = useLoginMethods(authOptions);
+  const [passwordForm] = import_antd2.Form.useForm();
+  const [phoneForm] = import_antd2.Form.useForm();
+  const [activeMethod, setActiveMethod] = (0, import_react7.useState)(
+    defaultMethod || "password"
+  );
+  const [phonePurpose, setPhonePurpose] = (0, import_react7.useState)(
+    "login"
+  );
+  const [phoneChallengeId, setPhoneChallengeId] = (0, import_react7.useState)("");
+  const [submitting, setSubmitting] = (0, import_react7.useState)(false);
+  const [sendingCode, setSendingCode] = (0, import_react7.useState)(false);
+  const [error, setError] = (0, import_react7.useState)(null);
+  const methods = methodsState.methods.filter((method4) => method4.enabled !== false);
+  const passwordMethod = findMethod(methods, "password");
+  const phoneMethod = findMethod(methods, "phone_code");
+  const dingtalkMethod = findMethod(methods, "dingtalk");
+  const ssoMethod = findMethod(methods, "sso");
+  const guestMethod = findMethod(methods, "guest");
+  const allowRegister = methodsState.data?.registration?.mode !== "reject";
+  const tabItems = (0, import_react7.useMemo)(() => {
+    const items = [];
+    if (passwordMethod) {
+      items.push({
+        key: "password",
+        label: /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)(import_antd2.Space, { size: 6, children: [
+          /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_icons.UserOutlined, {}),
+          /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("span", { children: passwordMethod.label || "\u8D26\u53F7\u5BC6\u7801" })
+        ] }),
+        children: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
+          PasswordLoginForm,
           {
-            method: "POST",
-            credentials: "include",
-            headers: {
-              accept: "application/json",
-              "content-type": "application/json"
+            form: passwordForm,
+            loading: submitting,
+            onFinish: async (values) => {
+              setSubmitting(true);
+              setError(null);
+              try {
+                await handleSuccess(
+                  await auth.passwordLogin({
+                    username: values.username,
+                    password: values.password
+                  })
+                );
+              } catch (loginError) {
+                setError(normalizeError(loginError).message);
+              } finally {
+                setSubmitting(false);
+              }
+            }
+          }
+        )
+      });
+    }
+    if (phoneMethod) {
+      items.push({
+        key: "phone_code",
+        label: /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)(import_antd2.Space, { size: 6, children: [
+          /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_icons.MobileOutlined, {}),
+          /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("span", { children: phoneMethod.label || "\u624B\u673A\u53F7" })
+        ] }),
+        children: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
+          PhoneCodeLoginForm,
+          {
+            allowRegister,
+            form: phoneForm,
+            loading: submitting,
+            phonePurpose,
+            sendingCode,
+            onPurposeChange: setPhonePurpose,
+            onSendCode: async () => {
+              const values = await phoneForm.validateFields(["phone"]);
+              setSendingCode(true);
+              setError(null);
+              try {
+                const result = await auth.sendPhoneCode({
+                  phone: values.phone,
+                  purpose: phonePurpose
+                });
+                setPhoneChallengeId(result.challengeId);
+              } catch (sendError) {
+                setError(normalizeError(sendError).message);
+              } finally {
+                setSendingCode(false);
+              }
             },
-            body: JSON.stringify(input)
+            onFinish: async (values) => {
+              setSubmitting(true);
+              setError(null);
+              try {
+                const data = phonePurpose === "register" ? await auth.registerWithPhoneCode({
+                  phone: values.phone,
+                  code: values.code,
+                  challengeId: phoneChallengeId
+                }) : await auth.phoneCodeLogin({
+                  phone: values.phone,
+                  code: values.code,
+                  challengeId: phoneChallengeId
+                });
+                await handleSuccess(data);
+              } catch (loginError) {
+                setError(normalizeError(loginError).message);
+              } finally {
+                setSubmitting(false);
+              }
+            }
           }
-        );
-        const payload = await readJsonPayload(response);
-        const code = payload?.code ?? response.status;
-        const canAccess = Boolean(payload?.data?.canAccess);
-        const errorType = canAccess ? void 0 : classifyRuntimeError(response.status, code);
-        const data = {
-          ...payload?.data || {
-            appType: runtime.appType,
-            canAccess: false
-          },
-          appType: payload?.data?.appType || runtime.appType,
-          canAccess,
-          status: response.status,
-          code,
-          message: payload?.message,
-          errorType,
-          payload
-        };
-        if (!disposed) {
-          const shouldTreatAsError = !response.ok || isServerErrorCode(code);
-          setState({
-            data,
-            loading: false,
-            error: shouldTreatAsError ? createRuntimeHttpError(
-              response,
-              payload,
-              payload?.message || `Route check failed: ${response.status}`
-            ) : null
-          });
-        }
-      } catch (error) {
-        if (!disposed) {
-          setState({
-            data: null,
-            loading: false,
-            error: normalizeRuntimeError(error)
-          });
-        }
-      }
-    };
-    void check();
-    return () => {
-      disposed = true;
-    };
+        )
+      });
+    }
+    return items;
   }, [
-    input.menuCode,
-    input.path,
-    input.routeCode,
-    runtime.appType,
-    runtime.data?.permissions,
-    runtime.fetchImpl,
-    runtime.loading,
-    runtime.servicePrefix
+    allowRegister,
+    auth,
+    handleSuccess,
+    passwordForm,
+    passwordMethod,
+    phoneChallengeId,
+    phoneForm,
+    phoneMethod,
+    phonePurpose,
+    sendingCode,
+    submitting
   ]);
-  return {
-    ...state,
-    canAccess: Boolean(state.data?.canAccess)
+  (0, import_react7.useEffect)(() => {
+    const firstKey = tabItems[0]?.key;
+    if (firstKey && !tabItems.some((item) => item.key === activeMethod)) {
+      setActiveMethod(firstKey);
+    }
+  }, [activeMethod, tabItems]);
+  const handleDingTalkLogin = async () => {
+    setSubmitting(true);
+    setError(null);
+    try {
+      const code = await requestDingTalkCode(dingtalkMethod);
+      await handleSuccess(
+        await auth.dingtalkLogin({
+          code,
+          corpId: getString(dingtalkMethod, "corpId")
+        })
+      );
+    } catch (loginError) {
+      setError(normalizeError(loginError).message);
+    } finally {
+      setSubmitting(false);
+    }
   };
-};
-var PermissionBoundary = ({
-  children,
-  fallback = null,
-  loadingFallback = null,
-  routeCode,
-  menuCode,
-  path
-}) => {
-  const runtime = useOpenXiangda();
-  const access = useCanAccessRoute({ routeCode, menuCode, path });
-  const fallbackState = createPermissionFallbackState(access, runtime);
-  if (access.loading) {
-    return /* @__PURE__ */ (0, import_jsx_runtime4.jsx)(import_jsx_runtime4.Fragment, { children: renderBoundaryFallback(loadingFallback, fallbackState) });
-  }
-  if (!access.canAccess) {
-    return /* @__PURE__ */ (0, import_jsx_runtime4.jsx)(import_jsx_runtime4.Fragment, { children: renderBoundaryFallback(fallback, fallbackState) });
+  const handleSsoLogin = async () => {
+    setSubmitting(true);
+    setError(null);
+    try {
+      const redirectUri = getCurrentHref3();
+      const result = await auth.getSsoLoginUrl({
+        protocol: getString(ssoMethod, "protocol") || "cas",
+        redirectUri
+      });
+      window.location.assign(result.loginUrl);
+    } catch (loginError) {
+      setError(normalizeError(loginError).message);
+      setSubmitting(false);
+    }
+  };
+  const handleGuestLogin = async () => {
+    setSubmitting(true);
+    setError(null);
+    try {
+      await handleSuccess(
+        await auth.guestLogin({
+          guestIdentifier: getOrCreateGuestIdentifier(auth.client),
+          domain: getCurrentHostname()
+        })
+      );
+    } catch (loginError) {
+      setError(normalizeError(loginError).message);
+    } finally {
+      setSubmitting(false);
+    }
+  };
+  async function handleSuccess(data) {
+    await onSuccess?.(data);
+    await runtime.reload();
+    if (redirectOnSuccess && typeof window !== "undefined") {
+      window.location.replace(
+        redirectUrl || getCallbackUrl() || `/view/${auth.client.appType}`
+      );
+    }
   }
-  return /* @__PURE__ */ (0, import_jsx_runtime4.jsx)(import_jsx_runtime4.Fragment, { children });
+  return /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
+    "div",
+    {
+      className,
+      style: {
+        minHeight: "100vh",
+        display: "grid",
+        placeItems: "center",
+        padding: 24,
+        background: "#f6f8fb",
+        ...style2
+      },
+      children: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
+        import_antd2.Card,
+        {
+          style: {
+            width: "min(100%, 420px)",
+            borderRadius: 8,
+            boxShadow: "0 16px 48px rgba(15, 23, 42, 0.10)"
+          },
+          styles: { body: { padding: 28 } },
+          children: /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)(import_antd2.Space, { direction: "vertical", size: 20, style: { width: "100%" }, children: [
+            /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)("div", { children: [
+              /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Typography.Title, { level: 3, style: { margin: 0 }, children: title || "\u5E94\u7528\u767B\u5F55" }),
+              subtitle ? /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Typography.Text, { type: "secondary", children: subtitle }) : null
+            ] }),
+            methodsState.error ? /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
+              import_antd2.Alert,
+              {
+                showIcon: true,
+                type: "error",
+                message: methodsState.error.message
+              }
+            ) : null,
+            error ? /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Alert, { showIcon: true, type: "error", message: error }) : null,
+            methodsState.loading ? /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Button, { block: true, loading: true, children: "\u52A0\u8F7D\u4E2D" }) : tabItems.length > 0 ? /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
+              import_antd2.Tabs,
+              {
+                activeKey: activeMethod,
+                items: tabItems,
+                onChange: setActiveMethod
+              }
+            ) : /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Empty, { description: "\u672A\u542F\u7528\u767B\u5F55\u65B9\u5F0F" }),
+            /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)(import_antd2.Space, { direction: "vertical", size: 10, style: { width: "100%" }, children: [
+              dingtalkMethod ? /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
+                import_antd2.Button,
+                {
+                  block: true,
+                  icon: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_icons.QrcodeOutlined, {}),
+                  loading: submitting,
+                  onClick: handleDingTalkLogin,
+                  children: dingtalkMethod.label || "\u9489\u9489\u514D\u767B"
+                }
+              ) : null,
+              ssoMethod ? /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
+                import_antd2.Button,
+                {
+                  block: true,
+                  icon: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_icons.SafetyCertificateOutlined, {}),
+                  loading: submitting,
+                  onClick: handleSsoLogin,
+                  children: ssoMethod.label || "SSO \u767B\u5F55"
+                }
+              ) : null,
+              guestMethod ? /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
+                import_antd2.Button,
+                {
+                  block: true,
+                  icon: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_icons.LoginOutlined, {}),
+                  loading: submitting,
+                  onClick: handleGuestLogin,
+                  children: guestMethod.label || "\u8BBF\u5BA2\u8BBF\u95EE"
+                }
+              ) : null
+            ] })
+          ] })
+        }
+      )
+    }
+  );
 };
-var useRuntimeAuth = () => {
-  const runtime = useOpenXiangda();
-  const resolveLoginUrl2 = (0, import_react8.useCallback)(
-    async (options = {}) => {
-      const redirectUri = options.redirectUri || getCurrentHref4();
-      const domain = options.domain || getCurrentHostname2();
-      const appTenantId = getRecordString(runtime.data?.app, "tenantId");
-      try {
-        const statusUrl = withQuery(
-          buildServiceUrl3(runtime.servicePrefix, "/api/sso/status"),
-          { domain }
-        );
-        const statusResponse = await runtime.fetchImpl(statusUrl, {
-          credentials: "include",
-          headers: { accept: "application/json" }
-        });
-        const statusPayload = await readJsonPayload(statusResponse);
-        const sso = statusPayload?.data || {};
-        const enabled = Boolean(sso.enabled);
-        const shouldUseSso = Boolean(
-          enabled && (sso.forceLogin ?? sso.autoRedirect ?? true)
-        );
-        if (shouldUseSso) {
-          const loginUrlResponse = await runtime.fetchImpl(
-            withQuery(buildServiceUrl3(runtime.servicePrefix, "/api/sso/login-url"), {
-              domain,
-              redirectUri,
-              ...sso.tenantId || appTenantId ? { tenantId: String(sso.tenantId || appTenantId) } : {},
-              ...sso.protocol ? { protocol: String(sso.protocol) } : {}
-            }),
+var PasswordLoginForm = ({ form, loading, onFinish }) => /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)(import_antd2.Form, { form, layout: "vertical", requiredMark: false, onFinish, children: [
+  /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
+    import_antd2.Form.Item,
+    {
+      label: "\u8D26\u53F7",
+      name: "username",
+      rules: [{ required: true, message: "\u8BF7\u8F93\u5165\u8D26\u53F7" }],
+      children: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Input, { autoComplete: "username" })
+    }
+  ),
+  /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
+    import_antd2.Form.Item,
+    {
+      label: "\u5BC6\u7801",
+      name: "password",
+      rules: [{ required: true, message: "\u8BF7\u8F93\u5165\u5BC6\u7801" }],
+      children: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Input.Password, { autoComplete: "current-password" })
+    }
+  ),
+  /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Button, { block: true, htmlType: "submit", icon: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_icons.LoginOutlined, {}), loading, type: "primary", children: "\u767B\u5F55" })
+] });
+var PhoneCodeLoginForm = ({
+  allowRegister,
+  form,
+  loading,
+  phonePurpose,
+  sendingCode,
+  onPurposeChange,
+  onSendCode,
+  onFinish
+}) => /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)(import_antd2.Form, { form, layout: "vertical", requiredMark: false, onFinish, children: [
+  allowRegister ? /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Form.Item, { style: { marginBottom: 12 }, children: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
+    import_antd2.Tabs,
+    {
+      activeKey: phonePurpose,
+      items: [
+        { key: "login", label: "\u767B\u5F55" },
+        { key: "register", label: "\u6CE8\u518C" }
+      ],
+      onChange: (key) => onPurposeChange(key === "register" ? "register" : "login"),
+      size: "small"
+    }
+  ) }) : null,
+  /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
+    import_antd2.Form.Item,
+    {
+      label: "\u624B\u673A\u53F7",
+      name: "phone",
+      rules: [{ required: true, message: "\u8BF7\u8F93\u5165\u624B\u673A\u53F7" }],
+      children: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Input, { autoComplete: "tel" })
+    }
+  ),
+  /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
+    import_antd2.Form.Item,
+    {
+      label: "\u9A8C\u8BC1\u7801",
+      name: "code",
+      rules: [{ required: true, message: "\u8BF7\u8F93\u5165\u9A8C\u8BC1\u7801" }],
+      children: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
+        import_antd2.Input,
+        {
+          addonAfter: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
+            import_antd2.Button,
             {
-              credentials: "include",
-              headers: { accept: "application/json" }
+              loading: sendingCode,
+              onClick: onSendCode,
+              size: "small",
+              type: "link",
+              children: "\u53D1\u9001"
             }
-          );
-          const loginUrlPayload = await readJsonPayload(loginUrlResponse);
-          const loginUrl = loginUrlPayload?.data?.loginUrl || loginUrlPayload?.data?.url || loginUrlPayload?.loginUrl || loginUrlPayload?.url;
-          if (loginUrl) return String(loginUrl);
-        }
-      } catch {
-      }
-      const configuredLoginUrl = options.loginUrl || getRuntimeEnv("OPENXIANGDA_LOGIN_URL") || getRuntimeEnv("VITE_OPENXIANGDA_LOGIN_URL") || getRuntimeEnv("APP_LOGIN_URL") || getRuntimeEnv("VITE_APP_LOGIN_URL") || getRuntimeEnv("VITE_BATH_AUTH_URL") || getRuntimeEnv("BATH_AUTH_URL");
-      if (configuredLoginUrl) {
-        return attachCallback(configuredLoginUrl, redirectUri);
-      }
-      return attachCallback("/platform/login", redirectUri);
-    },
-    [runtime.data?.app, runtime.fetchImpl, runtime.servicePrefix]
-  );
-  const redirectToLogin = (0, import_react8.useCallback)(
-    async (options = {}) => {
-      const loginUrl = await resolveLoginUrl2(options);
-      if (typeof window !== "undefined") {
-        if (options.replace === false) {
-          window.location.assign(loginUrl);
-        } else {
-          window.location.replace(loginUrl);
+          ),
+          autoComplete: "one-time-code"
         }
-      }
-      return loginUrl;
-    },
-    [resolveLoginUrl2]
-  );
-  const logout = (0, import_react8.useCallback)(async () => {
-    const response = await runtime.fetchImpl(
-      buildServiceUrl3(runtime.servicePrefix, "/api/auth/logout"),
-      {
-        method: "POST",
-        credentials: "include",
-        headers: { accept: "application/json" }
-      }
-    );
-    const payload = await readJsonPayload(response);
-    if (isRuntimeEnvelopeFailure(response, payload)) {
-      throw createRuntimeHttpError(
-        response,
-        payload,
-        payload?.message || `Logout failed: ${response.status}`
-      );
+      )
     }
-    return payload;
-  }, [runtime.fetchImpl, runtime.servicePrefix]);
-  const logoutAndRedirect = (0, import_react8.useCallback)(
-    async (options = {}) => {
-      try {
-        await logout();
-      } catch (error) {
-        if (options.continueOnError === false) throw error;
-      }
-      return redirectToLogin(options);
-    },
-    [logout, redirectToLogin]
-  );
-  return {
-    logout,
-    logoutAndRedirect,
-    redirectToLogin,
-    resolveLoginUrl: resolveLoginUrl2
-  };
-};
-var buildServiceUrl3 = (servicePrefix, path) => {
-  const prefix2 = servicePrefix.endsWith("/") ? servicePrefix.slice(0, -1) : servicePrefix;
-  const suffix = path.startsWith("/") ? path : `/${path}`;
-  return `${prefix2}${suffix}`;
+  ),
+  /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_antd2.Button, { block: true, htmlType: "submit", icon: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(import_icons.MobileOutlined, {}), loading, type: "primary", children: phonePurpose === "register" ? "\u6CE8\u518C" : "\u767B\u5F55" })
+] });
+var findMethod = (methods, type4) => methods.find((method4) => method4.type === type4);
+var normalizeError = (error) => error instanceof Error ? error : new Error(String(error || "\u8BF7\u6C42\u5931\u8D25"));
+var getString = (value, key) => {
+  if (!value || typeof value !== "object") return void 0;
+  const result = value[key];
+  return typeof result === "string" ? result : void 0;
 };
-var createAuthorizedFetch = (baseFetch, accessToken) => {
-  if (!accessToken) return baseFetch;
-  return ((input, init = {}) => {
-    const headers = new Headers(init.headers || {});
-    if (!headers.has("authorization")) {
-      headers.set("authorization", `Bearer ${accessToken}`);
+var requestDingTalkCode = (method4) => {
+  const dd = typeof window === "undefined" ? void 0 : window.dd;
+  const corpId = getString(method4, "corpId");
+  return new Promise((resolve, reject) => {
+    const requestAuthCode = dd?.runtime?.permission?.requestAuthCode || dd?.requestAuthCode;
+    if (!requestAuthCode) {
+      reject(new Error("\u5F53\u524D\u73AF\u5883\u4E0D\u652F\u6301\u9489\u9489\u514D\u767B"));
+      return;
     }
-    return baseFetch(input, {
-      ...init,
-      headers
+    requestAuthCode({
+      corpId,
+      onSuccess: (result) => {
+        if (result?.code) resolve(result.code);
+        else reject(new Error("\u9489\u9489\u672A\u8FD4\u56DE\u514D\u767B\u7801"));
+      },
+      onFail: (error) => reject(normalizeError(error))
     });
   });
 };
-var readJsonPayload = async (response) => {
-  try {
-    return await response.json();
-  } catch {
-    return null;
-  }
+var getOrCreateGuestIdentifier = (client) => {
+  const key = `openxiangda:${client.appType}:guest_id`;
+  if (typeof window === "undefined") return createGuestIdentifier();
+  const current = window.localStorage.getItem(key);
+  if (current) return current;
+  const next = createGuestIdentifier();
+  window.localStorage.setItem(key, next);
+  return next;
 };
-var createRuntimeHttpError = (response, payload, fallbackMessage) => createRuntimeError({
-  type: classifyRuntimeError(
-    response.status,
-    getRecordValue3(payload, "code")
-  ),
-  status: response.status,
-  code: getRecordValue3(payload, "code"),
-  message: getRecordValue3(payload, "message") || fallbackMessage,
-  payload
-});
-var createRuntimeError = (snapshot) => new RuntimeHttpError({
-  ...snapshot,
-  type: snapshot.type || "unknown",
-  message: snapshot.message || "Runtime request failed"
-});
-var normalizeRuntimeError = (error) => {
-  if (error instanceof RuntimeHttpError) return error;
-  if (error instanceof Error) {
-    const runtimeError = error;
-    runtimeError.type = runtimeError.type || classifyRuntimeError(runtimeError.status, runtimeError.code);
-    return runtimeError;
-  }
-  return createRuntimeError({
-    type: "unknown",
-    message: String(error)
-  });
+var createGuestIdentifier = () => `guest_${Date.now()}_${Math.random().toString(36).slice(2, 10)}`;
+var getCurrentHref3 = () => typeof window === "undefined" ? "" : window.location.href;
+var getCurrentHostname = () => typeof window === "undefined" ? "" : window.location.hostname;
+var getCallbackUrl = () => {
+  if (typeof window === "undefined") return "";
+  const query = new URLSearchParams(window.location.search);
+  return query.get("callback") || query.get("redirectUri") || "";
 };
-var toRuntimeErrorSnapshot = (error) => ({
-  type: error.type || classifyRuntimeError(error.status, error.code),
-  status: error.status,
-  code: error.code,
-  message: error.message || "Runtime request failed",
-  payload: error.payload
-});
-var classifyRuntimeError = (status, code) => {
-  const normalizedCode = typeof code === "string" ? Number(code) : code;
-  if (status === 401 || normalizedCode === 401) return "unauthenticated";
-  if (status === 403 || normalizedCode === 403) return "forbidden";
-  if (typeof code === "string") {
-    const normalizedText = code.toUpperCase();
-    if (normalizedText.includes("DENIED") || normalizedText.includes("FORBIDDEN")) {
-      return "forbidden";
-    }
-    if (normalizedText.includes("UNAUTH") || normalizedText.includes("LOGIN")) {
-      return "unauthenticated";
-    }
+
+// packages/sdk/src/runtime/react/openxiangdaProvider.tsx
+var import_jsx_runtime4 = require("react/jsx-runtime");
+var RuntimeHttpError = class extends Error {
+  constructor(snapshot) {
+    super(snapshot.message);
+    this.name = "RuntimeHttpError";
+    this.type = snapshot.type;
+    this.status = snapshot.status;
+    this.code = snapshot.code;
+    this.payload = snapshot.payload;
   }
-  if (!status && !normalizedCode) return "network";
-  return "unknown";
-};
-var createPermissionFallbackState = (access, runtime) => {
-  const error = access.error || runtime.error;
-  const accessData = access.data;
-  const errorType = accessData?.errorType || error?.type || (!access.canAccess ? "forbidden" : "unknown");
-  return {
-    access,
-    runtime,
-    error,
-    errorType,
-    status: accessData?.status || error?.status,
-    code: accessData?.code || error?.code,
-    message: accessData?.message || error?.message || (errorType === "unauthenticated" ? "\u5F53\u524D\u8D26\u53F7\u5C1A\u672A\u767B\u5F55" : "\u5F53\u524D\u8D26\u53F7\u6CA1\u6709\u8BBF\u95EE\u6743\u9650")
-  };
 };
-var renderBoundaryFallback = (fallback, state) => typeof fallback === "function" ? fallback(state) : fallback;
-var withQuery = (url2, params) => {
-  const query = new URLSearchParams();
-  Object.entries(params).forEach(([key, value]) => {
-    if (value === void 0 || value === "") return;
-    query.set(key, String(value));
+var OpenXiangdaRuntimeContext = (0, import_react8.createContext)(null);
+var OpenXiangdaProvider = ({
+  appType,
+  servicePrefix = "/service",
+  fetchImpl,
+  children
+}) => {
+  const resolvedFetch = (0, import_react8.useMemo)(() => createBoundFetch(fetchImpl), [fetchImpl]);
+  const resolvedAppType = (0, import_react8.useMemo)(
+    () => appType || resolveAppTypeFromLocation(),
+    [appType]
+  );
+  const [accessToken, setAccessTokenState] = (0, import_react8.useState)(null);
+  const setAccessToken = (0, import_react8.useCallback)(
+    (nextAccessToken) => {
+      setAccessTokenState(nextAccessToken || null);
+    },
+    []
+  );
+  const authorizedFetch = (0, import_react8.useMemo)(
+    () => createAuthorizedFetch(resolvedFetch, accessToken),
+    [accessToken, resolvedFetch]
+  );
+  const [state, setState] = (0, import_react8.useState)({
+    data: null,
+    loading: true,
+    error: null
   });
-  const serialized = query.toString();
-  if (!serialized) return url2;
-  return `${url2}${url2.includes("?") ? "&" : "?"}${serialized}`;
-};
-var attachCallback = (loginUrl, callback) => {
-  if (!callback) return loginUrl;
-  try {
-    const base = typeof window !== "undefined" ? window.location.origin : "http://localhost";
-    const parsed = new URL(loginUrl, base);
-    if (!parsed.searchParams.has("callback") && !parsed.searchParams.has("redirectUri")) {
-      parsed.searchParams.set("callback", callback);
+  const reload = (0, import_react8.useCallback)(async (options = {}) => {
+    if (!resolvedAppType) {
+      setState({
+        data: null,
+        loading: false,
+        error: createRuntimeError({
+          message: "appType \u4E0D\u80FD\u4E3A\u7A7A",
+          type: "unknown"
+        })
+      });
+      return;
     }
-    if (loginUrl.startsWith("http://") || loginUrl.startsWith("https://")) {
-      return parsed.toString();
+    setState((prev) => ({ ...prev, loading: true, error: null }));
+    const requestFetch = options.accessToken !== void 0 ? createAuthorizedFetch(resolvedFetch, options.accessToken || null) : authorizedFetch;
+    try {
+      const response = await requestFetch(
+        buildServiceUrl3(
+          servicePrefix,
+          `/openxiangda-api/v1/apps/${encodeURIComponent(
+            resolvedAppType
+          )}/runtime/bootstrap`
+        ),
+        {
+          credentials: "include",
+          headers: { accept: "application/json" }
+        }
+      );
+      const payload = await readJsonPayload(response);
+      if (isRuntimeEnvelopeFailure(response, payload)) {
+        throw createRuntimeHttpError(
+          response,
+          payload,
+          payload?.message || `Runtime bootstrap failed: ${response.status}`
+        );
+      }
+      setState({
+        data: payload?.data || null,
+        loading: false,
+        error: null
+      });
+    } catch (error) {
+      setState({
+        data: null,
+        loading: false,
+        error: normalizeRuntimeError(error)
+      });
     }
-    return `${parsed.pathname}${parsed.search}${parsed.hash}`;
-  } catch {
-    const separator = loginUrl.includes("?") ? "&" : "?";
-    return `${loginUrl}${separator}callback=${encodeURIComponent(callback)}`;
-  }
-};
-var getCurrentHref4 = () => typeof window === "undefined" ? "" : window.location.href;
-var getCurrentHostname2 = () => typeof window === "undefined" ? "" : window.location.hostname;
-var getRuntimeEnv = (key) => {
-  const env = typeof process !== "undefined" ? process.env : void 0;
-  return env?.[key];
-};
-var getRecordValue3 = (value, key) => {
-  if (!value || typeof value !== "object") return void 0;
-  return value[key];
-};
-var isSuccessCode4 = (code) => {
-  if (code === void 0 || code === null || code === "") return true;
-  const normalized = Number(code);
-  return Number.isFinite(normalized) ? normalized === 0 || normalized >= 200 && normalized < 300 : false;
+  }, [authorizedFetch, resolvedAppType, resolvedFetch, servicePrefix]);
+  (0, import_react8.useEffect)(() => {
+    void reload();
+  }, [reload]);
+  const value = (0, import_react8.useMemo)(
+    () => ({
+      ...state,
+      appType: resolvedAppType,
+      servicePrefix,
+      fetchImpl: authorizedFetch,
+      reload,
+      setAccessToken
+    }),
+    [authorizedFetch, reload, resolvedAppType, servicePrefix, state]
+  );
+  return /* @__PURE__ */ (0, import_jsx_runtime4.jsx)(OpenXiangdaRuntimeContext.Provider, { value, children });
 };
-var isRuntimeEnvelopeFailure = (response, payload) => {
-  const code = getRecordValue3(payload, "code");
-  const success = getRecordValue3(payload, "success");
-  return !response.ok || success === false || !isSuccessCode4(code);
+var useOpenXiangda = () => {
+  const context = (0, import_react8.useContext)(OpenXiangdaRuntimeContext);
+  if (!context) {
+    throw new Error("useOpenXiangda must be used inside OpenXiangdaProvider");
+  }
+  return context;
 };
-var isServerErrorCode = (code) => {
-  const normalized = Number(code);
-  return Number.isFinite(normalized) && normalized >= 500;
+var useRuntimeBootstrap = () => useOpenXiangda();
+var OpenXiangdaPageProvider = ({
+  children,
+  page,
+  route,
+  env,
+  message: message7,
+  modal,
+  navigation
+}) => {
+  const runtime = useOpenXiangda();
+  const context = (0, import_react8.useMemo)(() => {
+    const bootstrap = runtime.data;
+    const app = toRuntimeRecord(bootstrap?.app);
+    const user = toRuntimeRecord(bootstrap?.user);
+    const permissions = bootstrap?.permissions;
+    const tenantId = toStringValue(getRecordValue3(app, "tenantId")) || toStringValue(getRecordValue3(user, "tenantId")) || toStringValue(getRecordValue3(app, "tenantCode")) || "";
+    const appType = runtime.appType || bootstrap?.appType || toStringValue(getRecordValue3(app, "appType"));
+    const routeInfo = buildBrowserRouteInfo(route);
+    return createBrowserPageContext(
+      {
+        app: {
+          ...app,
+          appType,
+          tenantId
+        },
+        page: {
+          id: routeInfo.pathname || "react-spa",
+          code: routeInfo.pathname || "react-spa",
+          name: "OpenXiangda React SPA",
+          type: "react-spa",
+          rendererType: "react-spa",
+          routeKey: routeInfo.pathname || "react-spa",
+          status: "ACTIVE",
+          props: {},
+          route: {},
+          dataSources: [],
+          capabilities: {},
+          buildId: toStringValue(
+            getRecordValue3(bootstrap?.runtime, "activeBuildId")
+          ),
+          ...page
+        },
+        user: {
+          ...user,
+          id: toStringValue(getRecordValue3(user, "id")) || (user.isGuest ? "guest" : "current"),
+          username: toStringValue(getRecordValue3(user, "username")) || toStringValue(getRecordValue3(user, "name")) || (user.isGuest ? "guest" : "current"),
+          tenantId,
+          isGuest: user.isGuest === true || user.userType === "guest" || Boolean(getRecordValue3(user, "publicAccess")),
+          userType: user.userType === "guest" || user.isGuest === true ? "guest" : "normal"
+        },
+        env: {
+          appType,
+          servicePrefix: runtime.servicePrefix,
+          runtimeMode: bootstrap?.runtime?.mode || "react-spa",
+          ...env || {}
+        },
+        permissions: {
+          canView: runtime.error?.type !== "forbidden",
+          hasFullAccess: permissions?.hasFullAccess === true,
+          ...permissions || {}
+        },
+        sdk: {
+          packageName: "openxiangda",
+          supportedBridgeMethods: ["transport.request", "transport.download"]
+        }
+      },
+      {
+        servicePrefix: runtime.servicePrefix,
+        fetchImpl: runtime.fetchImpl,
+        route: routeInfo,
+        message: message7,
+        modal,
+        navigation
+      }
+    );
+  }, [
+    env,
+    message7,
+    modal,
+    navigation,
+    page,
+    route,
+    runtime.appType,
+    runtime.data,
+    runtime.error?.type,
+    runtime.fetchImpl,
+    runtime.servicePrefix
+  ]);
+  return /* @__PURE__ */ (0, import_jsx_runtime4.jsx)(PageProvider, { context, children });
 };
-var getRecordString = (value, key) => {
-  const result = getRecordValue3(value, key);
-  return typeof result === "string" ? result : void 0;
+var useAppMenus = () => {
+  const runtime = useOpenXiangda();
+  return {
+    ...runtime,
+    data: runtime.data?.menus || []
+  };
 };
-var resolveAppTypeFromLocation = () => {
-  if (typeof window === "undefined") return "";
-  const segments = window.location.pathname.split("/").filter(Boolean);
-  const viewIndex = segments[0] === "view" ? 1 : 0;
-  if (segments[viewIndex] === "submit") return segments[viewIndex + 1] || "";
-  if (segments[viewIndex] === "preview") return segments[viewIndex + 1] || "";
-  return segments[viewIndex] || "";
+var usePermission = () => {
+  const runtime = useOpenXiangda();
+  return {
+    ...runtime,
+    data: runtime.data?.permissions || null
+  };
 };
-
-// packages/sdk/src/runtime/react/publicAccess.tsx
-init_cjs_shims();
-var import_react9 = require("react");
-var import_jsx_runtime5 = require("react/jsx-runtime");
-var usePublicAccess = (options = {}) => {
+var useCanAccessRoute = (input) => {
   const runtime = useOpenXiangda();
-  const {
-    appType: runtimeAppType,
-    servicePrefix: runtimeServicePrefix,
-    fetchImpl: runtimeFetchImpl,
-    reload: reloadRuntime,
-    setAccessToken
-  } = runtime;
-  const {
-    appType = runtimeAppType,
-    servicePrefix = runtimeServicePrefix,
-    fetchImpl = runtimeFetchImpl,
-    autoStart = true,
-    ...sessionInput
-  } = options;
-  const [session, setSession] = (0, import_react9.useState)(null);
-  const [error, setError] = (0, import_react9.useState)(null);
-  const [loading, setLoading] = (0, import_react9.useState)(Boolean(autoStart));
-  const sessionInputKey = JSON.stringify(sessionInput);
-  const stableSessionInput = (0, import_react9.useMemo)(() => sessionInput, [sessionInputKey]);
-  const client = (0, import_react9.useMemo)(
-    () => createPublicAccessClient({
-      appType,
-      servicePrefix,
-      fetchImpl
-    }),
-    [appType, fetchImpl, servicePrefix]
-  );
-  const startSession = (0, import_react9.useCallback)(
-    async (input = {}) => {
-      setLoading(true);
-      setError(null);
-      try {
-        const data = await client.startSession({
-          ...stableSessionInput,
-          ...input,
-          ticket: input.ticket || stableSessionInput.ticket || readTicketFromLocation(),
-          path: input.path || stableSessionInput.path || readPathFromLocation()
+  const [state, setState] = (0, import_react8.useState)({
+    data: null,
+    loading: true,
+    error: null
+  });
+  (0, import_react8.useEffect)(() => {
+    let disposed = false;
+    const check = async () => {
+      const permissions = runtime.data?.permissions;
+      if (!runtime.appType || runtime.loading) {
+        setState((prev) => ({ ...prev, loading: runtime.loading }));
+        return;
+      }
+      if (runtime.error && !runtime.data) {
+        const snapshot = toRuntimeErrorSnapshot(runtime.error);
+        setState({
+          data: {
+            appType: runtime.appType,
+            canAccess: false,
+            status: snapshot.status,
+            code: snapshot.code,
+            message: snapshot.message,
+            errorType: snapshot.type,
+            payload: snapshot.payload
+          },
+          loading: false,
+          error: runtime.error
         });
-        setSession(data);
-        setAccessToken(data.accessToken);
-        await reloadRuntime({ accessToken: data.accessToken });
-        setLoading(false);
-        return data;
-      } catch (caught) {
-        const nextError = caught instanceof PublicAccessClientError ? caught : new PublicAccessClientError(
-          caught instanceof Error ? caught.message : "\u516C\u5F00\u8BBF\u95EE\u4F1A\u8BDD\u521B\u5EFA\u5931\u8D25",
-          { payload: caught }
+        return;
+      }
+      if (permissions?.hasFullAccess) {
+        setState({
+          data: { appType: runtime.appType, canAccess: true, permissions },
+          loading: false,
+          error: null
+        });
+        return;
+      }
+      setState((prev) => ({ ...prev, loading: true, error: null }));
+      try {
+        const response = await runtime.fetchImpl(
+          buildServiceUrl3(
+            runtime.servicePrefix,
+            `/openxiangda-api/v1/apps/${encodeURIComponent(
+              runtime.appType
+            )}/runtime/routes/check`
+          ),
+          {
+            method: "POST",
+            credentials: "include",
+            headers: {
+              accept: "application/json",
+              "content-type": "application/json"
+            },
+            body: JSON.stringify(input)
+          }
         );
-        setError(nextError);
-        setLoading(false);
-        throw nextError;
+        const payload = await readJsonPayload(response);
+        const code = payload?.code ?? response.status;
+        const canAccess = Boolean(payload?.data?.canAccess);
+        const errorType = canAccess ? void 0 : classifyRuntimeError(response.status, code);
+        const data = {
+          ...payload?.data || {
+            appType: runtime.appType,
+            canAccess: false
+          },
+          appType: payload?.data?.appType || runtime.appType,
+          canAccess,
+          status: response.status,
+          code,
+          message: payload?.message,
+          errorType,
+          payload
+        };
+        if (!disposed) {
+          const shouldTreatAsError = !response.ok || isServerErrorCode(code);
+          setState({
+            data,
+            loading: false,
+            error: shouldTreatAsError ? createRuntimeHttpError(
+              response,
+              payload,
+              payload?.message || `Route check failed: ${response.status}`
+            ) : null
+          });
+        }
+      } catch (error) {
+        if (!disposed) {
+          setState({
+            data: null,
+            loading: false,
+            error: normalizeRuntimeError(error)
+          });
+        }
       }
-    },
-    [client, reloadRuntime, setAccessToken, stableSessionInput]
-  );
-  (0, import_react9.useEffect)(() => {
-    if (!autoStart) return;
-    void startSession().catch(() => void 0);
-  }, [autoStart, startSession]);
+    };
+    void check();
+    return () => {
+      disposed = true;
+    };
+  }, [
+    input.menuCode,
+    input.path,
+    input.routeCode,
+    runtime.appType,
+    runtime.data?.permissions,
+    runtime.fetchImpl,
+    runtime.loading,
+    runtime.servicePrefix
+  ]);
   return {
-    loading,
-    error,
-    session,
-    publicAccess: session?.publicAccess || null,
-    startSession
+    ...state,
+    canAccess: Boolean(state.data?.canAccess)
   };
 };
-var PublicAccessGate = ({
+var PermissionBoundary = ({
   children,
   fallback = null,
-  errorFallback = null,
-  ...options
+  loadingFallback = null,
+  routeCode,
+  menuCode,
+  path
 }) => {
-  const state = usePublicAccess(options);
-  if (state.loading) return /* @__PURE__ */ (0, import_jsx_runtime5.jsx)(import_jsx_runtime5.Fragment, { children: fallback });
-  if (state.error) {
-    return /* @__PURE__ */ (0, import_jsx_runtime5.jsx)(import_jsx_runtime5.Fragment, { children: typeof errorFallback === "function" ? errorFallback(state.error) : errorFallback });
-  }
-  return /* @__PURE__ */ (0, import_jsx_runtime5.jsx)(import_jsx_runtime5.Fragment, { children });
-};
-var readTicketFromLocation = () => {
-  if (typeof window === "undefined") return void 0;
-  return new URLSearchParams(window.location.search).get("ticket") || void 0;
-};
-var readPathFromLocation = () => typeof window === "undefined" ? void 0 : window.location.pathname;
-
-// packages/sdk/src/runtime/host/index.ts
-init_cjs_shims();
-
-// packages/sdk/src/runtime/host/browserHost.ts
-init_cjs_shims();
-var NAMESPACE_ROOT_CLASS2 = "sy-app-workspace";
-var defaultModuleLoader = (url2) => import(
-  /* @vite-ignore */
-  url2
-);
-var trimTrailingSlash = (value) => value.replace(/\/+$/, "");
-var getDefaultServicePrefix = () => typeof window !== "undefined" ? trimTrailingSlash(window.__OPENXIANGDA_SERVICE_PREFIX__ || "/service") : "/service";
-var joinServicePath = (servicePrefix, path) => {
-  if (/^https?:\/\//i.test(path)) return path;
-  const normalizedPrefix = trimTrailingSlash(servicePrefix || "/service");
-  if (path.startsWith(normalizedPrefix)) return path;
-  return `${normalizedPrefix}${path.startsWith("/") ? path : `/${path}`}`;
-};
-var appendQuery = (url2, query) => {
-  if (!query) return url2;
-  return `${url2}${url2.includes("?") ? "&" : "?"}${query}`;
-};
-var normalizeMethod2 = (method4) => {
-  const value = String(method4 || "get").toUpperCase();
-  return ["GET", "POST", "PUT", "DELETE", "PATCH"].includes(value) ? value : "GET";
-};
-var normalizeCssIsolation2 = (value) => {
-  if (value === "namespace" || value === "shadow" || value === "none") {
-    return value;
-  }
-  return "none";
-};
-var normalizeEnvelopeCode2 = (value, fallback) => {
-  if (value === void 0 || value === null || value === "") return fallback;
-  const normalized = Number(value);
-  return Number.isFinite(normalized) ? normalized : String(value);
-};
-var isSuccessCode5 = (value) => {
-  if (value === void 0 || value === null || value === "") return true;
-  const normalized = Number(value);
-  return Number.isFinite(normalized) ? normalized === 0 || normalized >= 200 && normalized < 300 : false;
-};
-var parseJsonResponse = async (response) => {
-  const payload = await response.json().catch(() => null);
-  if (!response.ok) {
-    const message7 = payload && typeof payload === "object" ? payload.message || payload.error || response.statusText : response.statusText;
-    throw new Error(message7 || "\u8BF7\u6C42\u5931\u8D25");
+  const runtime = useOpenXiangda();
+  const access = useCanAccessRoute({ routeCode, menuCode, path });
+  const fallbackState = createPermissionFallbackState(access, runtime);
+  if (access.loading) {
+    return /* @__PURE__ */ (0, import_jsx_runtime4.jsx)(import_jsx_runtime4.Fragment, { children: renderBoundaryFallback(loadingFallback, fallbackState) });
   }
-  if (payload && typeof payload === "object" && "code" in payload) {
-    const code = normalizeEnvelopeCode2(payload.code, response.status);
-    return {
-      code,
-      success: payload.success !== false && isSuccessCode5(code),
-      message: payload.message,
-      result: payload.result ?? payload.data ?? null,
-      data: payload.data,
-      raw: payload
-    };
+  if (!access.canAccess) {
+    return /* @__PURE__ */ (0, import_jsx_runtime4.jsx)(import_jsx_runtime4.Fragment, { children: renderBoundaryFallback(fallback, fallbackState) });
   }
-  return {
-    code: response.status,
-    success: response.ok,
-    message: response.statusText,
-    result: payload,
-    data: payload,
-    raw: payload
-  };
+  return /* @__PURE__ */ (0, import_jsx_runtime4.jsx)(import_jsx_runtime4.Fragment, { children });
 };
-var createBrowserPageBridge = (options = {}) => {
-  const servicePrefix = options.servicePrefix || getDefaultServicePrefix();
-  const fetchImpl = createBoundFetch(options.fetchImpl);
-  const request = async (payload) => {
-    if (!payload?.path) {
-      throw new Error("transport.request \u9700\u8981 path");
-    }
-    const url2 = appendQuery(joinServicePath(servicePrefix, payload.path), payload.query);
-    const headers = new Headers(payload.headers);
-    let body;
-    if (payload.body !== void 0) {
-      if (payload.body instanceof FormData) {
-        body = payload.body;
-      } else {
-        headers.set("Content-Type", headers.get("Content-Type") || "application/json");
-        body = JSON.stringify(payload.body);
+var useRuntimeAuth = () => {
+  const runtime = useOpenXiangda();
+  const resolveLoginUrl2 = (0, import_react8.useCallback)(
+    async (options = {}) => {
+      const redirectUri = options.redirectUri || getCurrentHref4();
+      const domain = options.domain || getCurrentHostname2();
+      const appTenantId = getRecordString(runtime.data?.app, "tenantId");
+      try {
+        const statusUrl = withQuery(
+          buildServiceUrl3(runtime.servicePrefix, "/api/sso/status"),
+          { domain }
+        );
+        const statusResponse = await runtime.fetchImpl(statusUrl, {
+          credentials: "include",
+          headers: { accept: "application/json" }
+        });
+        const statusPayload = await readJsonPayload(statusResponse);
+        const sso = statusPayload?.data || {};
+        const enabled = Boolean(sso.enabled);
+        const shouldUseSso = Boolean(
+          enabled && (sso.forceLogin ?? sso.autoRedirect ?? true)
+        );
+        if (shouldUseSso) {
+          const loginUrlResponse = await runtime.fetchImpl(
+            withQuery(buildServiceUrl3(runtime.servicePrefix, "/api/sso/login-url"), {
+              domain,
+              redirectUri,
+              ...sso.tenantId || appTenantId ? { tenantId: String(sso.tenantId || appTenantId) } : {},
+              ...sso.protocol ? { protocol: String(sso.protocol) } : {}
+            }),
+            {
+              credentials: "include",
+              headers: { accept: "application/json" }
+            }
+          );
+          const loginUrlPayload = await readJsonPayload(loginUrlResponse);
+          const loginUrl = loginUrlPayload?.data?.loginUrl || loginUrlPayload?.data?.url || loginUrlPayload?.loginUrl || loginUrlPayload?.url;
+          if (loginUrl) return String(loginUrl);
+        }
+      } catch {
       }
-    }
-    const response = await fetchImpl(url2, {
-      method: normalizeMethod2(payload.method),
-      headers,
-      body,
-      credentials: "include"
-    });
-    return parseJsonResponse(response);
-  };
-  const download = async (payload) => {
-    if (!payload?.path) {
-      throw new Error("transport.download \u9700\u8981 path");
-    }
-    const url2 = appendQuery(joinServicePath(servicePrefix, payload.path), payload.query);
-    const headers = new Headers(payload.headers);
-    let body;
-    if (payload.body !== void 0) {
-      if (payload.body instanceof FormData) {
-        body = payload.body;
-      } else {
-        headers.set("Content-Type", headers.get("Content-Type") || "application/json");
-        body = JSON.stringify(payload.body);
+      const configuredLoginUrl = options.loginUrl || getRuntimeEnv("OPENXIANGDA_LOGIN_URL") || getRuntimeEnv("VITE_OPENXIANGDA_LOGIN_URL") || getRuntimeEnv("APP_LOGIN_URL") || getRuntimeEnv("VITE_APP_LOGIN_URL") || getRuntimeEnv("VITE_BATH_AUTH_URL") || getRuntimeEnv("BATH_AUTH_URL");
+      if (configuredLoginUrl) {
+        return attachCallback(configuredLoginUrl, redirectUri);
+      }
+      return attachCallback("/platform/login", redirectUri);
+    },
+    [runtime.data?.app, runtime.fetchImpl, runtime.servicePrefix]
+  );
+  const redirectToLogin = (0, import_react8.useCallback)(
+    async (options = {}) => {
+      const loginUrl = await resolveLoginUrl2(options);
+      if (typeof window !== "undefined") {
+        if (options.replace === false) {
+          window.location.assign(loginUrl);
+        } else {
+          window.location.replace(loginUrl);
+        }
+      }
+      return loginUrl;
+    },
+    [resolveLoginUrl2]
+  );
+  const logout = (0, import_react8.useCallback)(async () => {
+    const response = await runtime.fetchImpl(
+      buildServiceUrl3(runtime.servicePrefix, "/api/auth/logout"),
+      {
+        method: "POST",
+        credentials: "include",
+        headers: { accept: "application/json" }
       }
+    );
+    const payload = await readJsonPayload(response);
+    if (isRuntimeEnvelopeFailure(response, payload)) {
+      throw createRuntimeHttpError(
+        response,
+        payload,
+        payload?.message || `Logout failed: ${response.status}`
+      );
     }
-    const response = await fetchImpl(url2, {
-      method: normalizeMethod2(payload.method),
-      headers,
-      body,
-      credentials: "include"
-    });
-    if (!response.ok) {
-      throw new Error(response.statusText || "\u4E0B\u8F7D\u5931\u8D25");
-    }
-    return {
-      blob: await response.blob(),
-      contentType: response.headers.get("content-type") || void 0,
-      fileName: response.headers.get("content-disposition") || void 0,
-      headers: Object.fromEntries(response.headers.entries())
-    };
-  };
+    return payload;
+  }, [runtime.fetchImpl, runtime.servicePrefix]);
+  const logoutAndRedirect = (0, import_react8.useCallback)(
+    async (options = {}) => {
+      try {
+        await logout();
+      } catch (error) {
+        if (options.continueOnError === false) throw error;
+      }
+      return redirectToLogin(options);
+    },
+    [logout, redirectToLogin]
+  );
   return {
-    invoke: async (method4, payload) => {
-      if (method4 === "transport.request") return await request(payload);
-      if (method4 === "transport.download") return await download(payload);
-      throw new Error(`\u4E0D\u652F\u6301\u7684 bridge \u65B9\u6CD5: ${method4}`);
-    }
+    logout,
+    logoutAndRedirect,
+    redirectToLogin,
+    resolveLoginUrl: resolveLoginUrl2
   };
 };
-var createBrowserPageContext = (bootstrap, options = {}) => {
-  const route = {
-    pathname: options.route?.pathname || (typeof window !== "undefined" ? window.location.pathname : ""),
-    fullPath: options.route?.fullPath || (typeof window !== "undefined" ? `${window.location.pathname}${window.location.search}${window.location.hash}` : ""),
-    params: options.route?.params || {},
-    query: options.route?.query || {},
-    hash: options.route?.hash || (typeof window !== "undefined" ? window.location.hash : "")
-  };
-  return {
-    protocolVersion: bootstrap.asset?.protocolVersion || "1.0",
-    app: bootstrap.app,
-    page: {
-      ...bootstrap.page,
-      version: bootstrap.asset?.version || bootstrap.page.version,
-      buildId: bootstrap.asset?.buildId || bootstrap.page.buildId
-    },
-    user: bootstrap.user,
-    route,
-    env: bootstrap.env || {},
-    permissions: {
-      canView: bootstrap.permissions?.canView !== false,
-      hasFullAccess: bootstrap.permissions?.hasFullAccess === true,
-      ...bootstrap.permissions || {}
-    },
-    capabilities: Array.from(
-      /* @__PURE__ */ new Set([
-        "navigation",
-        "ui.message",
-        "ui.modal",
-        "transport.request",
-        "transport.download",
-        ...bootstrap.sdk?.supportedBridgeMethods || []
-      ])
-    ),
-    ui: {
-      message: {
-        success: (text) => options.message?.success?.(text),
-        error: (text) => options.message?.error?.(text),
-        warning: (text) => options.message?.warning?.(text),
-        info: (text) => options.message?.info?.(text),
-        loading: (text) => options.message?.loading?.(text) || (() => void 0)
-      },
-      modal: {
-        confirm: (input) => options.modal?.confirm?.(input) || Promise.resolve(false)
-      }
-    },
-    navigation: {
-      pushPage: (pageKey, query) => options.navigation?.pushPage?.(pageKey, query),
-      replacePage: (pageKey, query) => options.navigation?.replacePage?.(pageKey, query),
-      pushRoute: (routeValue, query) => options.navigation?.pushRoute?.(routeValue, query),
-      replaceRoute: (routeValue, query) => options.navigation?.replaceRoute?.(routeValue, query),
-      updateQuery: (query) => options.navigation?.updateQuery?.(query),
-      setHash: (hash) => options.navigation?.setHash?.(hash),
-      back: () => options.navigation?.back?.()
-    },
-    bridge: createBrowserPageBridge(options),
-    sdk: {
-      ...bootstrap.sdk,
-      supportedBridgeMethods: ["transport.request", "transport.download"]
+var buildServiceUrl3 = (servicePrefix, path) => {
+  const prefix2 = servicePrefix.endsWith("/") ? servicePrefix.slice(0, -1) : servicePrefix;
+  const suffix = path.startsWith("/") ? path : `/${path}`;
+  return `${prefix2}${suffix}`;
+};
+var createAuthorizedFetch = (baseFetch, accessToken) => {
+  if (!accessToken) return baseFetch;
+  return ((input, init = {}) => {
+    const headers = new Headers(init.headers || {});
+    if (!headers.has("authorization")) {
+      headers.set("authorization", `Bearer ${accessToken}`);
     }
-  };
+    return baseFetch(input, {
+      ...init,
+      headers
+    });
+  });
 };
-var resolveRuntimeAssets = async (bootstrap, fetchImpl = fetch) => {
-  const boundFetch = createBoundFetch(fetchImpl);
-  const fallback = {
-    entryUrl: bootstrap.runtimeAssets?.entryUrl || bootstrap.asset?.entryUrl || "",
-    cssUrls: bootstrap.runtimeAssets?.cssUrls || bootstrap.asset?.cssAssets || [],
-    jsUrls: bootstrap.runtimeAssets?.jsUrls || bootstrap.asset?.jsAssets || [],
-    cssIsolation: normalizeCssIsolation2(
-      bootstrap.runtimeAssets?.cssIsolation || bootstrap.page.capabilities?.cssIsolation
-    )
-  };
-  if (bootstrap.runtimeAssets?.entryUrl || !bootstrap.asset?.manifestUrl) {
-    return fallback;
-  }
+var readJsonPayload = async (response) => {
   try {
-    const response = await boundFetch(bootstrap.asset.manifestUrl, {
-      credentials: "omit"
-    });
-    if (!response.ok) return fallback;
-    const manifest = await response.json();
-    const base = bootstrap.asset.manifestUrl;
-    const resolveUrl = (value) => new URL(value, base).toString();
-    return {
-      entryUrl: manifest?.entry?.url ? resolveUrl(manifest.entry.url) : fallback.entryUrl,
-      cssUrls: Array.isArray(manifest?.assets?.css) ? manifest.assets.css.map(resolveUrl) : fallback.cssUrls,
-      jsUrls: Array.isArray(manifest?.assets?.js) ? manifest.assets.js.map(resolveUrl) : fallback.jsUrls,
-      cssIsolation: normalizeCssIsolation2(
-        manifest?.style?.isolation || fallback.cssIsolation
-      )
-    };
+    return await response.json();
   } catch {
-    return fallback;
+    return null;
   }
 };
-var fetchBrowserRuntimeBootstrap = async ({
-  appType,
-  bootstrapPath,
-  fetchImpl = fetch,
-  pageKey,
-  servicePrefix
-}) => {
-  if (!appType) {
-    throw new Error("appType \u7F3A\u5931");
+var createRuntimeHttpError = (response, payload, fallbackMessage) => createRuntimeError({
+  type: classifyRuntimeError(
+    response.status,
+    getRecordValue3(payload, "code")
+  ),
+  status: response.status,
+  code: getRecordValue3(payload, "code"),
+  message: getRecordValue3(payload, "message") || fallbackMessage,
+  payload
+});
+var createRuntimeError = (snapshot) => new RuntimeHttpError({
+  ...snapshot,
+  type: snapshot.type || "unknown",
+  message: snapshot.message || "Runtime request failed"
+});
+var normalizeRuntimeError = (error) => {
+  if (error instanceof RuntimeHttpError) return error;
+  if (error instanceof Error) {
+    const runtimeError = error;
+    runtimeError.type = runtimeError.type || classifyRuntimeError(runtimeError.status, runtimeError.code);
+    return runtimeError;
   }
-  if (!pageKey) {
-    throw new Error("pageKey \u7F3A\u5931");
+  return createRuntimeError({
+    type: "unknown",
+    message: String(error)
+  });
+};
+var toRuntimeErrorSnapshot = (error) => ({
+  type: error.type || classifyRuntimeError(error.status, error.code),
+  status: error.status,
+  code: error.code,
+  message: error.message || "Runtime request failed",
+  payload: error.payload
+});
+var classifyRuntimeError = (status, code) => {
+  const normalizedCode = typeof code === "string" ? Number(code) : code;
+  if (status === 401 || normalizedCode === 401) return "unauthenticated";
+  if (status === 403 || normalizedCode === 403) return "forbidden";
+  if (typeof code === "string") {
+    const normalizedText = code.toUpperCase();
+    if (normalizedText.includes("DENIED") || normalizedText.includes("FORBIDDEN")) {
+      return "forbidden";
+    }
+    if (normalizedText.includes("UNAUTH") || normalizedText.includes("LOGIN")) {
+      return "unauthenticated";
+    }
   }
-  const path = bootstrapPath || `/openxiangda-api/v1/apps/${encodeURIComponent(
-    appType
-  )}/pages/${encodeURIComponent(pageKey)}/bootstrap`;
-  const boundFetch = createBoundFetch(fetchImpl);
-  const response = await boundFetch(
-    joinServicePath(servicePrefix || getDefaultServicePrefix(), path),
-    {
-      method: "GET",
-      credentials: "include"
+  if (!status && !normalizedCode) return "network";
+  return "unknown";
+};
+var createPermissionFallbackState = (access, runtime) => {
+  const error = access.error || runtime.error;
+  const accessData = access.data;
+  const errorType = accessData?.errorType || error?.type || (!access.canAccess ? "forbidden" : "unknown");
+  return {
+    access,
+    runtime,
+    error,
+    errorType,
+    status: accessData?.status || error?.status,
+    code: accessData?.code || error?.code,
+    message: accessData?.message || error?.message || (errorType === "unauthenticated" ? "\u5F53\u524D\u8D26\u53F7\u5C1A\u672A\u767B\u5F55" : "\u5F53\u524D\u8D26\u53F7\u6CA1\u6709\u8BBF\u95EE\u6743\u9650")
+  };
+};
+var renderBoundaryFallback = (fallback, state) => typeof fallback === "function" ? fallback(state) : fallback;
+var withQuery = (url2, params) => {
+  const query = new URLSearchParams();
+  Object.entries(params).forEach(([key, value]) => {
+    if (value === void 0 || value === "") return;
+    query.set(key, String(value));
+  });
+  const serialized = query.toString();
+  if (!serialized) return url2;
+  return `${url2}${url2.includes("?") ? "&" : "?"}${serialized}`;
+};
+var attachCallback = (loginUrl, callback) => {
+  if (!callback) return loginUrl;
+  try {
+    const base = typeof window !== "undefined" ? window.location.origin : "http://localhost";
+    const parsed = new URL(loginUrl, base);
+    if (!parsed.searchParams.has("callback") && !parsed.searchParams.has("redirectUri")) {
+      parsed.searchParams.set("callback", callback);
     }
-  );
-  const payload = await response.json().catch(() => null);
-  if (!response.ok) {
-    throw new Error(payload?.message || response.statusText || "\u83B7\u53D6\u9875\u9762\u8FD0\u884C\u65F6\u5931\u8D25");
-  }
-  if (payload && typeof payload === "object" && ("code" in payload || "success" in payload)) {
-    if (payload.success === false || payload.code && Number(payload.code) !== 200) {
-      throw new Error(payload.message || "\u83B7\u53D6\u9875\u9762\u8FD0\u884C\u65F6\u5931\u8D25");
+    if (loginUrl.startsWith("http://") || loginUrl.startsWith("https://")) {
+      return parsed.toString();
     }
-    return payload.data || {};
+    return `${parsed.pathname}${parsed.search}${parsed.hash}`;
+  } catch {
+    const separator = loginUrl.includes("?") ? "&" : "?";
+    return `${loginUrl}${separator}callback=${encodeURIComponent(callback)}`;
   }
-  return payload || {};
 };
-var resolveBrowserRuntimeRoute = async ({
-  appType,
-  fetchImpl = fetch,
-  path,
-  resolvePath,
-  search,
-  servicePrefix
-}) => {
-  if (!appType) {
-    throw new Error("appType \u7F3A\u5931");
-  }
-  const currentPath = path || (typeof window !== "undefined" ? window.location.pathname : "/");
-  const currentSearch = search !== void 0 ? search : typeof window !== "undefined" ? window.location.search : "";
-  const endpoint = resolvePath || `/openxiangda-api/v1/apps/${encodeURIComponent(
-    appType
-  )}/runtime/routes/resolve`;
-  const boundFetch = createBoundFetch(fetchImpl);
-  const response = await boundFetch(
-    joinServicePath(servicePrefix || getDefaultServicePrefix(), endpoint),
-    {
-      method: "POST",
-      credentials: "include",
-      headers: {
-        "Content-Type": "application/json"
-      },
-      body: JSON.stringify({
-        path: currentPath,
-        search: currentSearch
-      })
-    }
-  );
-  const parsed = await parseJsonResponse(response);
-  if (!parsed.success || !parsed.result) {
-    throw new Error(parsed.message || "\u89E3\u6790\u8FD0\u884C\u65F6\u8DEF\u7531\u5931\u8D25");
-  }
-  return parsed.result;
+var getCurrentHref4 = () => typeof window === "undefined" ? "" : window.location.href;
+var getCurrentHostname2 = () => typeof window === "undefined" ? "" : window.location.hostname;
+var getRuntimeEnv = (key) => {
+  const env = typeof process !== "undefined" ? process.env : void 0;
+  return env?.[key];
 };
-var loadRuntimeScriptModules = async (jsUrls = [], moduleLoader = defaultModuleLoader) => {
-  const urls = Array.from(
-    new Set(jsUrls.map((url2) => String(url2 || "").trim()).filter(Boolean))
-  );
-  for (const url2 of urls) {
-    await moduleLoader(url2);
-  }
+var getRecordValue3 = (value, key) => {
+  if (!value || typeof value !== "object") return void 0;
+  return value[key];
 };
-var loadCustomPageModule = async (entryUrl, moduleLoader = defaultModuleLoader, jsUrls = []) => {
-  if (!entryUrl) {
-    throw new Error("\u4EE3\u7801\u9875\u9762\u7F3A\u5C11 entryUrl");
-  }
-  await loadRuntimeScriptModules(
-    jsUrls.filter((url2) => url2 && url2 !== entryUrl),
-    moduleLoader
-  );
-  const loaded = await moduleLoader(entryUrl);
-  return loaded?.default && (loaded.default.mount || loaded.default.unmount) ? { ...loaded.default, ...loaded } : loaded || {};
+var toRuntimeRecord = (value) => {
+  return value && typeof value === "object" ? { ...value } : {};
 };
-var mountCustomPageRuntime = async ({
-  assets,
-  container,
-  context,
-  module: module2
-}) => {
-  const cssIsolation = normalizeCssIsolation2(assets?.cssIsolation);
-  const mountedLinks = [];
-  container.innerHTML = "";
-  container.classList.toggle(NAMESPACE_ROOT_CLASS2, cssIsolation === "namespace");
-  (assets?.cssUrls || []).forEach((href) => {
-    const link = document.createElement("link");
-    link.rel = "stylesheet";
-    link.href = href;
-    link.setAttribute("data-openxiangda-runtime-style", href);
-    document.head.appendChild(link);
-    mountedLinks.push(link);
+var toStringValue = (value) => {
+  if (value === void 0 || value === null) return "";
+  return String(value);
+};
+var parseBrowserQuery = () => {
+  if (typeof window === "undefined") return {};
+  const query = {};
+  const params = new URLSearchParams(window.location.search);
+  params.forEach((value, key) => {
+    const currentValue = query[key];
+    if (currentValue === void 0) {
+      query[key] = value;
+      return;
+    }
+    query[key] = Array.isArray(currentValue) ? [...currentValue, value] : [currentValue, value];
   });
-  await module2.mount?.(container, context);
-  return async () => {
-    await module2.unmount?.(container, context);
-    mountedLinks.forEach((link) => link.remove());
-    container.classList.remove(NAMESPACE_ROOT_CLASS2);
-    container.innerHTML = "";
+  return query;
+};
+var buildBrowserRouteInfo = (route) => {
+  const pathname = route?.pathname || (typeof window !== "undefined" ? window.location.pathname : "");
+  const search = typeof window !== "undefined" ? window.location.search : "";
+  const hash = route?.hash || (typeof window !== "undefined" ? window.location.hash : "");
+  return {
+    pathname,
+    fullPath: route?.fullPath || (typeof window !== "undefined" ? `${pathname}${search}${hash}` : pathname),
+    params: route?.params || {},
+    query: route?.query || parseBrowserQuery(),
+    hash
   };
 };
-var mountBrowserPageRuntime = async (options) => {
-  const bootstrap = await fetchBrowserRuntimeBootstrap({
-    appType: options.appType,
-    pageKey: options.pageKey,
-    bootstrapPath: options.bootstrapPath,
-    fetchImpl: options.fetchImpl,
-    servicePrefix: options.servicePrefix
-  });
-  if (bootstrap.permissions?.canView === false) {
-    throw new Error(String(bootstrap.permissions.message || "\u60A8\u6CA1\u6709\u6743\u9650\u8BBF\u95EE\u8BE5\u9875\u9762"));
-  }
-  const assets = await resolveRuntimeAssets(bootstrap, options.fetchImpl || fetch);
-  if (!assets.entryUrl) {
-    throw new Error("\u4EE3\u7801\u9875\u9762\u7F3A\u5C11 entryUrl");
-  }
-  const context = createBrowserPageContext(bootstrap, options);
-  const module2 = await loadCustomPageModule(
-    assets.entryUrl,
-    options.moduleLoader,
-    assets.jsUrls
+var isSuccessCode5 = (code) => {
+  if (code === void 0 || code === null || code === "") return true;
+  const normalized = Number(code);
+  return Number.isFinite(normalized) ? normalized === 0 || normalized >= 200 && normalized < 300 : false;
+};
+var isRuntimeEnvelopeFailure = (response, payload) => {
+  const code = getRecordValue3(payload, "code");
+  const success = getRecordValue3(payload, "success");
+  return !response.ok || success === false || !isSuccessCode5(code);
+};
+var isServerErrorCode = (code) => {
+  const normalized = Number(code);
+  return Number.isFinite(normalized) && normalized >= 500;
+};
+var getRecordString = (value, key) => {
+  const result = getRecordValue3(value, key);
+  return typeof result === "string" ? result : void 0;
+};
+var resolveAppTypeFromLocation = () => {
+  if (typeof window === "undefined") return "";
+  const segments = window.location.pathname.split("/").filter(Boolean);
+  const viewIndex = segments[0] === "view" ? 1 : 0;
+  if (segments[viewIndex] === "submit") return segments[viewIndex + 1] || "";
+  if (segments[viewIndex] === "preview") return segments[viewIndex + 1] || "";
+  return segments[viewIndex] || "";
+};
+
+// packages/sdk/src/runtime/react/publicAccess.tsx
+init_cjs_shims();
+var import_react9 = require("react");
+var import_jsx_runtime5 = require("react/jsx-runtime");
+var usePublicAccess = (options = {}) => {
+  const runtime = useOpenXiangda();
+  const {
+    appType: runtimeAppType,
+    servicePrefix: runtimeServicePrefix,
+    fetchImpl: runtimeFetchImpl,
+    reload: reloadRuntime,
+    setAccessToken
+  } = runtime;
+  const {
+    appType = runtimeAppType,
+    servicePrefix = runtimeServicePrefix,
+    fetchImpl = runtimeFetchImpl,
+    autoStart = true,
+    ...sessionInput
+  } = options;
+  const [session, setSession] = (0, import_react9.useState)(null);
+  const [error, setError] = (0, import_react9.useState)(null);
+  const [loading, setLoading] = (0, import_react9.useState)(Boolean(autoStart));
+  const sessionInputKey = JSON.stringify(sessionInput);
+  const stableSessionInput = (0, import_react9.useMemo)(() => sessionInput, [sessionInputKey]);
+  const client = (0, import_react9.useMemo)(
+    () => createPublicAccessClient({
+      appType,
+      servicePrefix,
+      fetchImpl
+    }),
+    [appType, fetchImpl, servicePrefix]
   );
-  const cleanup2 = await mountCustomPageRuntime({
-    assets,
-    container: options.container,
-    context,
-    module: module2
-  });
+  const startSession = (0, import_react9.useCallback)(
+    async (input = {}) => {
+      setLoading(true);
+      setError(null);
+      try {
+        const data = await client.startSession({
+          ...stableSessionInput,
+          ...input,
+          ticket: input.ticket || stableSessionInput.ticket || readTicketFromLocation(),
+          path: input.path || stableSessionInput.path || readPathFromLocation()
+        });
+        setSession(data);
+        setAccessToken(data.accessToken);
+        await reloadRuntime({ accessToken: data.accessToken });
+        setLoading(false);
+        return data;
+      } catch (caught) {
+        const nextError = caught instanceof PublicAccessClientError ? caught : new PublicAccessClientError(
+          caught instanceof Error ? caught.message : "\u516C\u5F00\u8BBF\u95EE\u4F1A\u8BDD\u521B\u5EFA\u5931\u8D25",
+          { payload: caught }
+        );
+        setError(nextError);
+        setLoading(false);
+        throw nextError;
+      }
+    },
+    [client, reloadRuntime, setAccessToken, stableSessionInput]
+  );
+  (0, import_react9.useEffect)(() => {
+    if (!autoStart) return;
+    void startSession().catch(() => void 0);
+  }, [autoStart, startSession]);
   return {
-    bootstrap,
-    assets,
-    context,
-    module: module2,
-    cleanup: cleanup2
+    loading,
+    error,
+    session,
+    publicAccess: session?.publicAccess || null,
+    startSession
   };
 };
+var PublicAccessGate = ({
+  children,
+  fallback = null,
+  errorFallback = null,
+  ...options
+}) => {
+  const state = usePublicAccess(options);
+  if (state.loading) return /* @__PURE__ */ (0, import_jsx_runtime5.jsx)(import_jsx_runtime5.Fragment, { children: fallback });
+  if (state.error) {
+    return /* @__PURE__ */ (0, import_jsx_runtime5.jsx)(import_jsx_runtime5.Fragment, { children: typeof errorFallback === "function" ? errorFallback(state.error) : errorFallback });
+  }
+  return /* @__PURE__ */ (0, import_jsx_runtime5.jsx)(import_jsx_runtime5.Fragment, { children });
+};
+var readTicketFromLocation = () => {
+  if (typeof window === "undefined") return void 0;
+  return new URLSearchParams(window.location.search).get("ticket") || void 0;
+};
+var readPathFromLocation = () => typeof window === "undefined" ? void 0 : window.location.pathname;
+
+// packages/sdk/src/runtime/host/index.ts
+init_cjs_shims();
 
 // packages/sdk/src/runtime/host/builtinRouteRenderer.tsx
 init_cjs_shims();