pagecast 0.1.0 → 0.1.2

package/src/server.js

@@ -26,6 +26,17 @@ export const DEFAULT_CLOUDFLARE_LOGIN_TIMEOUT_MS = 5 * 60 * 1000;
 export const DEFAULT_CLOUDFLARE_LIST_TIMEOUT_MS = 60 * 1000;
 export const CLOUDFLARE_OAUTH_SCOPES = ["account:read", "user:read", "pages:write"];
 
+// Feedback provisioning deploys a Worker + KV, which the base publishing scopes
+// don't permit. These elevate the grant only when the user opts into feedback,
+// so publishing never has to request Workers/KV access up front.
+export const FEEDBACK_OAUTH_SCOPES = [
+  "account:read",
+  "user:read",
+  "pages:write",
+  "workers_scripts:write",
+  "workers_kv:write"
+];
+
 const MIME_TYPES = new Map([
   [".html", "text/html; charset=utf-8"],
   [".htm", "text/html; charset=utf-8"],
@@ -228,6 +239,62 @@ function cleanCommandOutput(output) {
     .trim();
 }
 
+// --- Feedback Worker provisioning: parse wrangler outputs --------------------
+
+// A KV namespace id is a 32-char hex string. `wrangler kv namespace create`
+// prints a TOML/JSON snippet containing `id = "<hex>"` / `"id": "<hex>"`.
+export function parseKvNamespaceId(output) {
+  const text = stripAnsi(output || "");
+  const match = text.match(/(?:id\s*=\s*|"id"\s*:\s*)"([0-9a-f]{32})"/i);
+  return match ? match[1].toLowerCase() : "";
+}
+
+// `wrangler kv namespace list` prints a JSON array of { id, title }. Reuse an
+// existing namespace by title so re-running setup is idempotent.
+export function findKvNamespaceId(output, title) {
+  const text = stripAnsi(output || "");
+  try {
+    const start = text.indexOf("[");
+    const end = text.lastIndexOf("]");
+    if (start >= 0 && end > start) {
+      const list = JSON.parse(text.slice(start, end + 1));
+      const hit = list.find((entry) => entry && entry.title === title);
+      if (hit && /^[0-9a-f]{32}$/i.test(hit.id || "")) {
+        return String(hit.id).toLowerCase();
+      }
+    }
+  } catch {
+    // Non-JSON or unexpected shape — treat as "not found" and create one.
+  }
+  return "";
+}
+
+// The deployed Worker's public origin, e.g. https://name.sub.workers.dev.
+export function parseWorkerDevUrl(output) {
+  const text = stripAnsi(output || "");
+  const match = text.match(/https:\/\/[a-z0-9-]+\.[a-z0-9-]+\.workers\.dev/i);
+  return match ? match[0].toLowerCase() : "";
+}
+
+// Normalize the persisted feedback (reactions + analytics) settings. Returns
+// null until the feedback Worker has been provisioned, so callers can treat the
+// whole feature as off by checking for a truthy `feedback`.
+function normalizeFeedback(feedback) {
+  if (!feedback || typeof feedback !== "object") {
+    return null;
+  }
+  const url = String(feedback.url || "").trim().replace(/\/+$/, "");
+  if (!/^https:\/\/[^\s/]+/i.test(url)) {
+    return null;
+  }
+  return {
+    url,
+    statsToken: String(feedback.statsToken || ""),
+    workerName: String(feedback.workerName || ""),
+    kvId: String(feedback.kvId || "")
+  };
+}
+
 function normalizeConfig(config = {}) {
   const projectName = normalizePagesProjectName(
     config.pages?.projectName || DEFAULT_PAGES_PROJECT_NAME
@@ -242,7 +309,8 @@ function normalizeConfig(config = {}) {
       accountName,
       branch: DEFAULT_PAGES_BRANCH,
       baseUrl: pagesBaseUrl(projectName)
-    }
+    },
+    feedback: normalizeFeedback(config.feedback)
   };
 }
 
@@ -889,7 +957,19 @@ export function createConfigStore({ dataDir = path.join(PROJECT_ROOT, ".pagecast
         projectName: projectName === undefined ? config.pages.projectName : projectName,
         accountId: nextAccountId,
         accountName: nextAccountName
-      }
+      },
+      // Preserve feedback config — a pages update (e.g. persisting the account on
+      // publish) must not wipe an already-provisioned feedback Worker.
+      feedback: config.feedback
+    });
+    await save();
+    return get();
+  }
+
+  async function updateFeedback(feedback) {
+    config = normalizeConfig({
+      pages: config.pages,
+      feedback: feedback === null ? null : { ...(config.feedback || {}), ...feedback }
     });
     await save();
     return get();
@@ -899,6 +979,7 @@ export function createConfigStore({ dataDir = path.join(PROJECT_ROOT, ".pagecast
     init,
     get,
     updatePages,
+    updateFeedback,
     configPath
   };
 }
@@ -923,11 +1004,41 @@ export function createDeployQueue() {
   return { enqueue };
 }
 
+// Insert the feedback widget into a published HTML document. The widget (served
+// by the user's feedback Worker) beacons a view and renders the reactions bar.
+// Injected just before </body> so it loads after page content. `url` is the
+// Worker origin and `slug` keys this page's stats. Returns the HTML unchanged
+// when feedback is not configured. Pure + exported for testing.
+export function injectFeedbackWidget(html, { url, slug } = {}) {
+  const baseUrl = String(url || "").trim().replace(/\/+$/, "");
+  const pageSlug = String(slug || "").trim();
+  if (!baseUrl || !pageSlug) {
+    return html;
+  }
+  const esc = (value) =>
+    String(value)
+      .replace(/&/g, "&amp;")
+      .replace(/"/g, "&quot;")
+      .replace(/</g, "&lt;")
+      .replace(/>/g, "&gt;");
+  const tag =
+    `<script src="${esc(`${baseUrl}/widget.js`)}" data-slug="${esc(pageSlug)}" defer></script>`;
+  // Avoid double-injecting if the document already carries the widget.
+  if (html.includes(`data-slug="${esc(pageSlug)}"`) && html.includes("/widget.js")) {
+    return html;
+  }
+  if (/<\/body>/i.test(html)) {
+    return html.replace(/<\/body>/i, `${tag}\n</body>`);
+  }
+  return `${html}\n${tag}\n`;
+}
+
 export function createCloudflarePagesPublisher({
   dataDir = path.join(PROJECT_ROOT, ".pagecast"),
   spawnImpl = spawn,
   timeoutMs = 180000,
-  getRedirects = () => []
+  getRedirects = () => [],
+  getFeedback = () => null
 } = {}) {
   const siteRoot = path.join(dataDir, "pages-site");
   const deployRoot = path.join(dataDir, "pages-deploy");
@@ -966,18 +1077,28 @@ export function createCloudflarePagesPublisher({
   }
 
   async function stagePublication(report, publication) {
-    const destinationRoot = publicationDir(publication.slug || publication.token);
+    const slug = publication.slug || publication.token;
+    const destinationRoot = publicationDir(slug);
     const sourceRoot = publishSourceFor(report);
     await copyPublicTree(sourceRoot, destinationRoot);
+
+    const indexPath = path.join(destinationRoot, "index.html");
+    let html;
     if (isMarkdownFileName(report.entryFile)) {
       // Render the raw markdown entry to real HTML so the published Cloudflare
       // site serves a proper document; sibling assets were copied above.
       const markdown = await fs.readFile(path.join(sourceRoot, report.entryFile), "utf8");
-      const html = markdownToHtml(markdown, { title: report.name });
-      await fs.writeFile(path.join(destinationRoot, "index.html"), html, "utf8");
+      html = markdownToHtml(markdown, { title: report.name });
     } else {
-      await fs.copyFile(path.join(sourceRoot, report.entryFile), path.join(destinationRoot, "index.html"));
+      html = await fs.readFile(path.join(sourceRoot, report.entryFile), "utf8");
     }
+
+    // Inject the reactions + analytics widget when feedback is provisioned.
+    const feedback = getFeedback();
+    if (feedback?.url) {
+      html = injectFeedbackWidget(html, { url: feedback.url, slug });
+    }
+    await fs.writeFile(indexPath, html, "utf8");
   }
 
   async function removePublication(slug) {
@@ -1258,8 +1379,8 @@ export function createCloudflareAuthManager({
   // connect/refresh time; the cache is invalidated whenever login state changes.
   let sessionCache = null;
 
-  async function login() {
-    const scopedArgs = CLOUDFLARE_OAUTH_SCOPES.flatMap((scope) => ["--scopes", scope]);
+  async function login(scopes = CLOUDFLARE_OAUTH_SCOPES) {
+    const scopedArgs = scopes.flatMap((scope) => ["--scopes", scope]);
     await runWrangler(["login", ...scopedArgs], loginTimeoutMs);
     sessionCache = null;
   }
@@ -1342,6 +1463,98 @@ export function createCloudflareAuthManager({
     return name;
   }
 
+  // Provision the feedback Worker: reuse-or-create a KV namespace, stage the
+  // worker + a generated wrangler.toml, and deploy it to the account's
+  // workers.dev. Returns { url, kvId, workerName, statsToken }. Side-effecting
+  // (creates real Cloudflare resources) — only run on explicit user action.
+  async function setupFeedback({
+    accountId = "",
+    workerName = "pagecast-feedback",
+    workerSource = "",
+    statsToken = "",
+    deployDir,
+    timeoutMs = 120000
+  } = {}) {
+    if (!workerSource) {
+      throw appError("Feedback Worker source was not found in the package.", 500);
+    }
+    if (!deployDir) {
+      throw appError("A deploy directory is required to set up feedback.", 500);
+    }
+    const env = accountId ? { CLOUDFLARE_ACCOUNT_ID: accountId } : {};
+    const kvTitle = `${workerName}-store`;
+
+    const provision = async () => {
+      // 1. Reuse or create the KV namespace.
+      let kvId = "";
+      try {
+        const listOut = await runWrangler(["kv", "namespace", "list"], timeoutMs, env);
+        kvId = findKvNamespaceId(listOut, kvTitle);
+      } catch {
+        // Listing isn't available/authorized — fall through to create.
+      }
+      if (!kvId) {
+        const createOut = await runWrangler(
+          ["kv", "namespace", "create", kvTitle],
+          timeoutMs,
+          env
+        );
+        kvId = parseKvNamespaceId(createOut);
+      }
+      if (!kvId) {
+        throw appError("Could not create the feedback KV namespace.", 502);
+      }
+
+      // 2. Stage worker.js + a generated wrangler.toml in a clean temp dir.
+      await fs.rm(deployDir, { recursive: true, force: true });
+      await fs.mkdir(deployDir, { recursive: true });
+      await fs.writeFile(path.join(deployDir, "worker.js"), workerSource, "utf8");
+      const toml = [
+        `name = "${workerName}"`,
+        `main = "worker.js"`,
+        `compatibility_date = "2024-09-01"`,
+        `workers_dev = true`,
+        ``,
+        `[[kv_namespaces]]`,
+        `binding = "PAGECAST_FEEDBACK"`,
+        `id = "${kvId}"`,
+        ``,
+        `[vars]`,
+        `PAGECAST_STATS_TOKEN = "${statsToken}"`,
+        ``
+      ].join("\n");
+      await fs.writeFile(path.join(deployDir, "wrangler.toml"), toml, "utf8");
+
+      // 3. Deploy. Wrangler resolves `main` relative to the config file's dir.
+      const deployOut = await runWrangler(
+        ["deploy", "--config", path.join(deployDir, "wrangler.toml")],
+        timeoutMs,
+        env
+      );
+      const url = parseWorkerDevUrl(deployOut);
+      if (!url) {
+        throw appError(
+          "Feedback Worker deployed but no workers.dev URL was returned. Enable a workers.dev subdomain in your Cloudflare dashboard, then retry.",
+          502
+        );
+      }
+      return { url, kvId, workerName, statsToken };
+    };
+
+    try {
+      return await provision();
+    } catch (error) {
+      // The base publishing OAuth lacks Workers/KV permission, surfacing as a
+      // Cloudflare "Authentication error [code: 10000]". Elevate the grant to the
+      // feedback scopes once, then retry. (No-op if a token is already broad.)
+      if (/code:\s*10000|authentication error/i.test(stripAnsi(error.message || ""))) {
+        await login(FEEDBACK_OAUTH_SCOPES);
+        return await provision();
+      }
+      throw error;
+    }
+  }
+
   function cachedSession() {
     return sessionCache ? sessionCache.value : { loggedIn: false, accounts: [] };
   }
@@ -1369,6 +1582,7 @@ export function createCloudflareAuthManager({
     loginAndListProjects,
     whoami,
     ensureProject,
+    setupFeedback,
     cachedSession,
     refreshSession,
     invalidateSession
@@ -2034,6 +2248,28 @@ export function createReportStore({
       return { statusCode: 404, message: "Report asset was not found." };
     }
 
+    // Symlink-escape guard for sibling assets. A symlink inside the report folder
+    // (e.g. leak.txt -> /etc/passwd) passes the lexical isPathInside check above,
+    // but fs.stat follows it, so without this a crafted symlink could serve files
+    // outside the report root. Resolve the real path and re-verify containment.
+    // (This mirrors the symlink rejection already enforced when staging snapshots
+    // for Cloudflare.) The entry file itself is exempt: a `path` report can point
+    // at a file the user deliberately chose, including a symlink.
+    if (relativeAssetPath !== "") {
+      try {
+        const realRoot = await fs.realpath(rootDir);
+        const realTarget = await fs.realpath(targetPath);
+        if (!isPathInside(realRoot, realTarget)) {
+          return { statusCode: 403, message: "Asset path is not allowed." };
+        }
+      } catch (error) {
+        if (error.code === "ENOENT") {
+          return { statusCode: 404, message: "Report asset was not found." };
+        }
+        throw error;
+      }
+    }
+
     // When the requested asset IS a markdown entry, render it to HTML in memory
     // so the local preview serves a real document. Sibling assets (images, css)
     // continue to resolve as files. Published snapshots are rendered on disk by
@@ -2960,6 +3196,46 @@ export function createPublicHandler({ store }) {
   };
 }
 
+// DNS-rebinding defense for the admin server. The admin API is unauthenticated
+// and can run shell (folder build commands), so it must only answer requests
+// addressed to a loopback host. A malicious web page that rebinds its own domain
+// to 127.0.0.1 still sends *its* Host header (e.g. "evil.example"), which fails
+// this check, while the real admin UI on 127.0.0.1/localhost passes.
+export function isLoopbackHostHeader(hostHeader, bindHost) {
+  if (!hostHeader) {
+    // No Host header (HTTP/1.0, some internal callers) — the request cannot have
+    // come from a rebound browser origin, so allow it.
+    return true;
+  }
+  let hostname = String(hostHeader);
+  const ipv6 = /^\[([^\]]+)\](?::\d+)?$/.exec(hostname);
+  if (ipv6) {
+    // Bracketed IPv6: "[::1]:4173" -> "::1".
+    hostname = ipv6[1];
+  } else if ((hostname.match(/:/g) || []).length <= 1) {
+    // "host:port" or bare "host" — strip a single trailing ":port" only. A value
+    // with more than one colon is a bare IPv6 literal (e.g. "::1") and is left
+    // intact rather than truncated at its first colon.
+    const colon = hostname.lastIndexOf(":");
+    if (colon > -1) {
+      hostname = hostname.slice(0, colon);
+    }
+  }
+  hostname = hostname.toLowerCase();
+  if (hostname === "localhost" || hostname === "::1") {
+    return true;
+  }
+  // The entire 127.0.0.0/8 block is loopback.
+  if (/^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.test(hostname)) {
+    return true;
+  }
+  // An explicitly configured non-default bind host is trusted by definition.
+  if (bindHost && hostname === String(bindHost).toLowerCase()) {
+    return true;
+  }
+  return false;
+}
+
 export function createAdminHandler({
   store,
   configStore,
@@ -2970,10 +3246,19 @@ export function createAdminHandler({
   getLocalPublicBaseUrl,
   tunnelManager,
   deployQueue,
-  watchManager
+  watchManager,
+  bindHost = DEFAULT_HOST
 }) {
   return async function adminHandler(req, res) {
     try {
+      if (!isLoopbackHostHeader(req.headers.host, bindHost)) {
+        sendText(
+          res,
+          403,
+          "Forbidden: the Pagecast admin server only accepts loopback (localhost) requests."
+        );
+        return;
+      }
       const url = new URL(req.url, `http://${req.headers.host || DEFAULT_HOST}`);
 
       if (url.pathname.startsWith("/api/")) {
@@ -3094,6 +3379,60 @@ async function handleApi(
     return;
   }
 
+  // Provision (or re-provision) the feedback Worker + KV on the user's account.
+  // Creates real Cloudflare resources, so it only runs on this explicit action.
+  if (url.pathname === "/api/feedback/setup" && req.method === "POST") {
+    const body = await readJsonBody(req);
+    const pages = configStore.get().pages;
+    const accountId = normalizeAccountId(body.accountId || pages.accountId || "");
+    const workerPath = path.join(PROJECT_ROOT, "feedback", "worker.js");
+    let workerSource;
+    try {
+      workerSource = await fs.readFile(workerPath, "utf8");
+    } catch {
+      sendError(res, appError("Feedback Worker source not found in the package.", 500));
+      return;
+    }
+    const existing = configStore.get().feedback;
+    const statsToken = existing?.statsToken || randomBytes(24).toString("hex");
+    const dataDir = path.dirname(configStore.configPath);
+    try {
+      const result = await cloudflareAuth.setupFeedback({
+        accountId,
+        workerSource,
+        statsToken,
+        deployDir: path.join(dataDir, "feedback-deploy")
+      });
+      const config = await configStore.updateFeedback(result);
+      sendJson(res, 200, { config, feedback: config.feedback });
+    } catch (error) {
+      sendError(res, error);
+    }
+    return;
+  }
+
+  // Read aggregate stats for a published page back from the feedback Worker.
+  // Proxied through the local server so the stats token never reaches the UI.
+  if (url.pathname === "/api/feedback/stats" && req.method === "GET") {
+    const feedback = configStore.get().feedback;
+    if (!feedback?.url) {
+      sendJson(res, 200, { ok: true, configured: false, stats: null });
+      return;
+    }
+    const slug = url.searchParams.get("slug") || "";
+    const statsUrl =
+      `${feedback.url}/api/v1/stats?slug=${encodeURIComponent(slug)}` +
+      `&token=${encodeURIComponent(feedback.statsToken)}`;
+    try {
+      const response = await fetch(statsUrl);
+      const data = await response.json().catch(() => ({}));
+      sendJson(res, 200, { ok: response.ok, configured: true, ...data });
+    } catch {
+      sendError(res, appError("Could not reach the feedback service.", 502));
+    }
+    return;
+  }
+
   if (url.pathname === "/api/cloudflare/login" && req.method === "POST") {
     await readJsonBody(req);
     await cloudflareAuth.login();
@@ -3522,14 +3861,20 @@ export async function startServers({
     dataDir,
     spawnImpl: pagesDeploySpawnImpl,
     timeoutMs: pagesDeployTimeoutMs,
-    getRedirects: () => store.listRedirects()
+    getRedirects: () => store.listRedirects(),
+    getFeedback: () => configStore.get().feedback
   });
   const deployQueue = createDeployQueue();
   const watchManager = createWatchManager({
     store,
     pagesPublisher,
     configStore,
-    deployQueue
+    deployQueue,
+    // Auto-sync runs in the background; surface failures (e.g. expired Cloudflare
+    // auth) instead of swallowing them, so a silently-broken watch is visible.
+    onError: (error) => {
+      console.warn(`Pagecast auto-sync failed: ${error?.message || error}`);
+    }
   });
   for (const report of store.listAutoSyncReports()) {
     watchManager.register(report.id);
@@ -3557,7 +3902,8 @@ export async function startServers({
       getLocalPublicBaseUrl: () => localPublicBaseUrl,
       tunnelManager,
       deployQueue,
-      watchManager
+      watchManager,
+      bindHost: host
     })
   );
 
@@ -3608,7 +3954,10 @@ async function createHeadlessCloudflareContext({
   const pagesPublisher = createCloudflarePagesPublisher({
     dataDir,
     spawnImpl: pagesDeploySpawnImpl,
-    timeoutMs: pagesDeployTimeoutMs
+    timeoutMs: pagesDeployTimeoutMs,
+    // Headless/CLI publishes (incl. the agent skill's `npx pagecast publish`)
+    // must inject the feedback widget too, not just the running app.
+    getFeedback: () => configStore.get().feedback
   });
   return { configStore, cloudflareAuth, pagesPublisher };
 }
@@ -3701,6 +4050,45 @@ export async function setupCloudflarePages({
   };
 }
 
+// Provision the feedback Worker + KV on the user's account and persist the
+// resulting config. Reuses an existing stats token/namespace on re-run.
+export async function setupCloudflareFeedback({
+  accountId,
+  dataDir = path.join(PROJECT_ROOT, ".pagecast"),
+  cloudflareAuthSpawnImpl = spawn,
+  cloudflareListTimeoutMs = DEFAULT_CLOUDFLARE_LIST_TIMEOUT_MS,
+  feedbackTimeoutMs = 120000
+} = {}) {
+  const { configStore, cloudflareAuth } = await createHeadlessCloudflareContext({
+    dataDir,
+    cloudflareAuthSpawnImpl,
+    cloudflareListTimeoutMs
+  });
+  const pages = configStore.get().pages;
+  const resolvedAccountId = normalizeAccountId(accountId || pages.accountId || "");
+
+  const workerPath = path.join(PROJECT_ROOT, "feedback", "worker.js");
+  let workerSource;
+  try {
+    workerSource = await fs.readFile(workerPath, "utf8");
+  } catch {
+    throw appError("Feedback Worker source not found in the package.", 500);
+  }
+
+  const existing = configStore.get().feedback;
+  const statsToken = existing?.statsToken || randomBytes(24).toString("hex");
+
+  const result = await cloudflareAuth.setupFeedback({
+    accountId: resolvedAccountId,
+    workerSource,
+    statsToken,
+    deployDir: path.join(dataDir, "feedback-deploy")
+  });
+
+  const config = await configStore.updateFeedback(result);
+  return { config, feedback: config.feedback };
+}
+
 export async function getCloudflarePagesStatus({
   dataDir = path.join(PROJECT_ROOT, ".pagecast"),
   cloudflareAuthSpawnImpl = spawn,

package/public/assets/dnd-vendor-BtfBOykZ.js

@@ -1 +0,0 @@
-import{r as O,g as S}from"./motion-vendor-CDgKLzlB.js";var d={exports:{}},n={};var l;function R(){if(l)return n;l=1;var u=O();function g(e){var r="https://react.dev/errors/"+e;if(1<arguments.length){r+="?args[]="+encodeURIComponent(arguments[1]);for(var t=2;t<arguments.length;t++)r+="&args[]="+encodeURIComponent(arguments[t])}return"Minified React error #"+e+"; visit "+r+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings."}function a(){}var i={d:{f:a,r:function(){throw Error(g(522))},D:a,C:a,L:a,m:a,X:a,S:a,M:a},p:0,findDOMNode:null},m=Symbol.for("react.portal");function v(e,r,t){var c=3<arguments.length&&arguments[3]!==void 0?arguments[3]:null;return{$$typeof:m,key:c==null?null:""+c,children:e,containerInfo:r,implementation:t}}var f=u.__CLIENT_INTERNALS_DO_NOT_USE_OR_WARN_USERS_THEY_CANNOT_UPGRADE;function s(e,r){if(e==="font")return"";if(typeof r=="string")return r==="use-credentials"?r:""}return n.__DOM_INTERNALS_DO_NOT_USE_OR_WARN_USERS_THEY_CANNOT_UPGRADE=i,n.createPortal=function(e,r){var t=2<arguments.length&&arguments[2]!==void 0?arguments[2]:null;if(!r||r.nodeType!==1&&r.nodeType!==9&&r.nodeType!==11)throw Error(g(299));return v(e,r,null,t)},n.flushSync=function(e){var r=f.T,t=i.p;try{if(f.T=null,i.p=2,e)return e()}finally{f.T=r,i.p=t,i.d.f()}},n.preconnect=function(e,r){typeof e=="string"&&(r?(r=r.crossOrigin,r=typeof r=="string"?r==="use-credentials"?r:"":void 0):r=null,i.d.C(e,r))},n.prefetchDNS=function(e){typeof e=="string"&&i.d.D(e)},n.preinit=function(e,r){if(typeof e=="string"&&r&&typeof r.as=="string"){var t=r.as,c=s(t,r.crossOrigin),y=typeof r.integrity=="string"?r.integrity:void 0,o=typeof r.fetchPriority=="string"?r.fetchPriority:void 0;t==="style"?i.d.S(e,typeof r.precedence=="string"?r.precedence:void 0,{crossOrigin:c,integrity:y,fetchPriority:o}):t==="script"&&i.d.X(e,{crossOrigin:c,integrity:y,fetchPriority:o,nonce:typeof r.nonce=="string"?r.nonce:void 0})}},n.preinitModule=function(e,r){if(typeof e=="string")if(typeof r=="object"&&r!==null){if(r.as==null||r.as==="script"){var t=s(r.as,r.crossOrigin);i.d.M(e,{crossOrigin:t,integrity:typeof r.integrity=="string"?r.integrity:void 0,nonce:typeof r.nonce=="string"?r.nonce:void 0})}}else r==null&&i.d.M(e)},n.preload=function(e,r){if(typeof e=="string"&&typeof r=="object"&&r!==null&&typeof r.as=="string"){var t=r.as,c=s(t,r.crossOrigin);i.d.L(e,t,{crossOrigin:c,integrity:typeof r.integrity=="string"?r.integrity:void 0,nonce:typeof r.nonce=="string"?r.nonce:void 0,type:typeof r.type=="string"?r.type:void 0,fetchPriority:typeof r.fetchPriority=="string"?r.fetchPriority:void 0,referrerPolicy:typeof r.referrerPolicy=="string"?r.referrerPolicy:void 0,imageSrcSet:typeof r.imageSrcSet=="string"?r.imageSrcSet:void 0,imageSizes:typeof r.imageSizes=="string"?r.imageSizes:void 0,media:typeof r.media=="string"?r.media:void 0})}},n.preloadModule=function(e,r){if(typeof e=="string")if(r){var t=s(r.as,r.crossOrigin);i.d.m(e,{as:typeof r.as=="string"&&r.as!=="script"?r.as:void 0,crossOrigin:t,integrity:typeof r.integrity=="string"?r.integrity:void 0})}else i.d.m(e)},n.requestFormReset=function(e){i.d.r(e)},n.unstable_batchedUpdates=function(e,r){return e(r)},n.useFormState=function(e,r,t){return f.H.useFormState(e,r,t)},n.useFormStatus=function(){return f.H.useHostTransitionStatus()},n.version="19.2.6",n}var _;function E(){if(_)return d.exports;_=1;function u(){if(!(typeof __REACT_DEVTOOLS_GLOBAL_HOOK__>"u"||typeof __REACT_DEVTOOLS_GLOBAL_HOOK__.checkDCE!="function"))try{__REACT_DEVTOOLS_GLOBAL_HOOK__.checkDCE(u)}catch(g){console.error(g)}}return u(),d.exports=R(),d.exports}var T=E();const h=S(T);export{h as R,T as a,E as r};