railspress-engine 1.2.0 → 1.3.0

data/app/views/railspress/admin/agent_bootstrap_keys/reveal.html.erb

@@ -0,0 +1,38 @@
+<% content_for :title, "Agent Bootstrap Key Created" %>
+
+<h1 class="rp-page-title rp-page-title--standalone">Agent Bootstrap Key Created</h1>
+
+<div class="rp-card rp-card--padded">
+  <div class="rp-form rp-form--spacious">
+    <p class="rp-hint">
+      Copy this bootstrap key now. It is one-time use and will not be shown again.
+    </p>
+
+    <%= render "railspress/admin/shared/copyable_textarea",
+        id: "rp-bootstrap-key-token",
+        label: "Bootstrap Token",
+        value: @plain_bootstrap_token,
+        rows: 4,
+        hint: "Use this once at #{exchange_api_v1_agent_keys_path} to mint a real API key.",
+        button_text: "Copy Bootstrap Token" %>
+
+    <%= render "railspress/admin/shared/copyable_textarea",
+        id: "rp-bootstrap-quick-start",
+        label: "Bootstrap Quick Start",
+        value: @bootstrap_quick_start,
+        rows: 6,
+        button_text: "Copy Quick Start" %>
+
+    <%= render "railspress/admin/shared/copyable_textarea",
+        id: "rp-bootstrap-instructions",
+        label: "Agent Setup Instructions",
+        value: @bootstrap_instructions,
+        rows: 15,
+        button_text: "Copy Instructions" %>
+
+    <div class="rp-form-actions">
+      <%= link_to "Create Another Bootstrap Key", new_admin_agent_bootstrap_key_path, class: "rp-btn rp-btn--primary" %>
+      <%= link_to "Back to Agents & API", admin_api_keys_path, class: "rp-btn rp-btn--secondary" %>
+    </div>
+  </div>
+</div>

data/app/views/railspress/admin/api_keys/_form.html.erb

@@ -0,0 +1,25 @@
+<%= form_with model: [:admin, api_key], class: "rp-form rp-form--narrow" do |form| %>
+  <%= rp_form_errors(api_key) %>
+
+  <%= rp_hint("API keys currently grant full access to API resources that are exposed in this version.") %>
+
+  <%= rp_string_field(
+        form,
+        :name,
+        primary: true,
+        required: true,
+        label: "API Key Name",
+        placeholder: "e.g., Production Sync Worker",
+        hint: "Use a descriptive name so you can identify this key later."
+      ) %>
+
+  <%= rp_datetime_field(
+        form,
+        :expires_at,
+        label: "Expiration",
+        hint: "Default is no expiration. Set a custom date/time if you want this key to expire.",
+        step: 60
+      ) %>
+
+  <%= rp_form_actions(form, admin_api_keys_path, submit_text: "Create API Key") %>
+<% end %>

data/app/views/railspress/admin/api_keys/index.html.erb

@@ -0,0 +1,142 @@
+<% content_for :title, "Agents & API" %>
+
+<%= rp_page_header "Agents & API",
+    "New Agent Key" => [new_admin_agent_bootstrap_key_path, class: "rp-btn rp-btn--secondary"],
+    "New API Key" => new_admin_api_key_path %>
+
+<div class="rp-card rp-card--padded rp-card--section">
+  <div class="rp-section">
+    <div class="rp-section-header">
+      <h2 class="rp-section-title">Agent Setup (Generic)</h2>
+    </div>
+
+    <div class="rp-form rp-form--spacious">
+      <p class="rp-hint">Use a short-lived bootstrap key in agent instructions. The agent exchanges it once for a real API key.</p>
+
+      <%= render "railspress/admin/shared/copyable_textarea",
+          id: "rp-generic-agent-quick-start",
+          label: "Bootstrap Quick Start",
+          value: @generic_agent_quick_start,
+          rows: 10,
+          button_text: "Copy Quick Start" %>
+
+      <%= render "railspress/admin/shared/copyable_textarea",
+          id: "rp-generic-agent-instructions",
+          label: "Agent Instructions",
+          value: @generic_agent_instructions,
+          rows: 10,
+          button_text: "Copy Instructions" %>
+    </div>
+  </div>
+</div>
+
+<div class="rp-card rp-card--padded rp-card--section">
+  <div class="rp-section">
+    <div class="rp-section-header">
+      <h2 class="rp-section-title">API Keys</h2>
+    </div>
+
+    <% if @api_keys.any? %>
+      <div class="rp-table--responsive">
+        <table class="rp-table">
+          <thead>
+            <tr>
+              <th><%= rp_table_header("Name") %></th>
+              <th><%= rp_table_header("Prefix") %></th>
+              <th><%= rp_table_header("Status") %></th>
+              <th><%= rp_table_header("Last Used") %></th>
+              <th><%= rp_table_header("Expires") %></th>
+              <th class="rp-table-actions"><%= rp_table_header("Actions") %></th>
+            </tr>
+          </thead>
+          <tbody>
+            <% @api_keys.each do |api_key| %>
+              <% api_status_type = case api_key.status
+                  when "active" then :published
+                  when "expired" then :draft
+                  else :failed
+                  end %>
+              <tr>
+                <td class="rp-table-primary"><%= api_key.name %></td>
+                <td class="rp-table-secondary"><code><%= api_key.token_prefix %></code></td>
+                <td><%= rp_status_badge(api_key.status, type: api_status_type) %></td>
+                <td><%= api_key.last_used_at ? l(api_key.last_used_at, format: :short) : "Never" %></td>
+                <td><%= api_key.expires_at ? l(api_key.expires_at, format: :short) : "Never" %></td>
+                <td class="rp-table-actions">
+                  <%= button_to "Rotate",
+                      rotate_admin_api_key_path(api_key),
+                      method: :post,
+                      class: "rp-btn rp-btn--secondary rp-btn--sm" %>
+                  <% unless api_key.revoked_at %>
+                    <%= button_to "Revoke",
+                        revoke_admin_api_key_path(api_key),
+                        method: :post,
+                        class: "rp-btn rp-btn--danger rp-btn--sm",
+                        data: { turbo_confirm: "Revoke this API key?" } %>
+                  <% end %>
+                </td>
+              </tr>
+            <% end %>
+          </tbody>
+        </table>
+      </div>
+    <% else %>
+      <%= rp_empty_state("No API keys yet.", link_text: "Create your first API key", link_path: new_admin_api_key_path) %>
+    <% end %>
+  </div>
+</div>
+
+<div class="rp-card rp-card--padded rp-card--section">
+  <div class="rp-section">
+    <div class="rp-section-header">
+      <h2 class="rp-section-title">Agent Bootstrap Keys</h2>
+    </div>
+
+    <% if @agent_bootstrap_keys.any? %>
+      <div class="rp-table--responsive">
+        <table class="rp-table">
+          <thead>
+            <tr>
+              <th><%= rp_table_header("Name") %></th>
+              <th><%= rp_table_header("Prefix") %></th>
+              <th><%= rp_table_header("Status") %></th>
+              <th><%= rp_table_header("Used") %></th>
+              <th><%= rp_table_header("Expires") %></th>
+              <th class="rp-table-actions"><%= rp_table_header("Actions") %></th>
+            </tr>
+          </thead>
+          <tbody>
+            <% @agent_bootstrap_keys.each do |bootstrap_key| %>
+              <% bootstrap_status_type = case bootstrap_key.status
+                  when "active" then :published
+                  when "used" then :completed
+                  when "expired" then :draft
+                  else :failed
+                  end %>
+              <tr>
+                <td class="rp-table-primary"><%= bootstrap_key.name %></td>
+                <td class="rp-table-secondary"><code><%= bootstrap_key.token_prefix %></code></td>
+                <td><%= rp_status_badge(bootstrap_key.status, type: bootstrap_status_type) %></td>
+                <td><%= bootstrap_key.used_at ? l(bootstrap_key.used_at, format: :short) : "No" %></td>
+                <td><%= l(bootstrap_key.expires_at, format: :short) %></td>
+                <td class="rp-table-actions">
+                  <% if bootstrap_key.active? %>
+                    <%= button_to "Revoke",
+                        revoke_admin_agent_bootstrap_key_path(bootstrap_key),
+                        method: :post,
+                        class: "rp-btn rp-btn--danger rp-btn--sm",
+                        data: { turbo_confirm: "Revoke this bootstrap key?" } %>
+                  <% else %>
+                    <span class="rp-hint">No actions</span>
+                  <% end %>
+                </td>
+              </tr>
+            <% end %>
+          </tbody>
+        </table>
+      </div>
+    <% else %>
+      <%= rp_empty_state("No bootstrap keys yet.", link_text: "Create your first bootstrap key", link_path: new_admin_agent_bootstrap_key_path) %>
+    <% end %>
+  </div>
+</div>

data/app/views/railspress/admin/api_keys/new.html.erb

@@ -0,0 +1,7 @@
+<% content_for :title, "New API Key" %>
+
+<h1 class="rp-page-title rp-page-title--standalone">New API Key</h1>
+
+<div class="rp-card rp-card--padded">
+  <%= render "form", api_key: @api_key %>
+</div>

data/app/views/railspress/admin/api_keys/reveal.html.erb

@@ -0,0 +1,40 @@
+<% content_for :title, "API Key Created" %>
+
+<h1 class="rp-page-title rp-page-title--standalone">API Key Created</h1>
+
+<div class="rp-card rp-card--padded">
+  <div class="rp-form rp-form--spacious">
+    <p class="rp-hint">
+      Copy this key now. For security reasons it will not be shown again.
+    </p>
+
+    <%= render "railspress/admin/shared/copyable_textarea",
+        id: "rp-api-key-token",
+        label: "Bearer Token",
+        value: @plain_token,
+        rows: 4,
+        hint: "Use this as Authorization: Bearer <token> (or save it to ~/.railspress_token for reuse).",
+        button_text: "Copy Token" %>
+
+    <%= render "railspress/admin/shared/copyable_textarea",
+        id: "rp-api-key-quick-start",
+        label: "API Quick Start",
+        value: @api_key_quick_start,
+        rows: 3,
+        hint: "This verifies connectivity and capabilities via /api/v1/prime.",
+        button_text: "Copy Quick Start" %>
+
+    <%= render "railspress/admin/shared/copyable_textarea",
+        id: "rp-api-key-instructions",
+        label: "API Key Instructions",
+        value: @api_key_instructions,
+        rows: 14,
+        hint: "Draft is default; publishing is supported when explicitly requested.",
+        button_text: "Copy Instructions" %>
+
+    <div class="rp-form-actions">
+      <%= link_to "Create Another API Key", new_admin_api_key_path, class: "rp-btn rp-btn--primary" %>
+      <%= link_to "Back to Agents & API", admin_api_keys_path, class: "rp-btn rp-btn--secondary" %>
+    </div>
+  </div>
+</div>

data/app/views/railspress/admin/posts/_form.html.erb

@@ -159,7 +159,7 @@
         <% if authors_enabled? %>
           <div class="rp-form-group">
             <%= form.label :author_id, "Author", class: "rp-label" %>
-            <%= form.collection_select :author_id, available_authors, :id, Railspress.author_display_method,
+            <%= form.collection_select :author_id, available_authors, :id, ->(author) { rp_author_display(author) },
                 { prompt: "No author", selected: @post.author_id },
                 { class: "rp-select" } %>
           </div>

data/app/views/railspress/admin/posts/_post_row.html.erb

@@ -11,7 +11,7 @@
   </td>
   <td><%= post.category&.name || "—" %></td>
   <% if authors_enabled? %>
-    <td><%= post.author&.public_send(Railspress.author_display_method) || "—" %></td>
+    <td><%= post.author ? rp_author_display(post.author) : "—" %></td>
   <% end %>
   <td>
     <span class="rp-badge rp-badge--<%= post.display_status %>">

data/app/views/railspress/admin/posts/show.html.erb

@@ -2,7 +2,7 @@
   <div>
     <h1 class="rp-page-title"><%= @post.title %></h1>
     <% if authors_enabled? && @post.author %>
-      <p class="rp-byline">by <%= @post.author.public_send(Railspress.author_display_method) %></p>
+      <p class="rp-byline">by <%= rp_author_display(@post.author) %></p>
     <% end %>
   </div>
   <div class="rp-page-actions">

data/app/views/railspress/admin/shared/_copyable_textarea.html.erb

@@ -0,0 +1,17 @@
+<div class="rp-form-group">
+  <label class="rp-label"><%= label %></label>
+  <% textarea_classes = ["rp-input", "rp-input--mono", "rp-input--code", local_assigns[:textarea_class]].compact.join(" ") %>
+  <textarea id="<%= id %>"
+            class="<%= textarea_classes %>"
+            rows="<%= local_assigns.fetch(:rows, 4) %>"
+            readonly><%= value %></textarea>
+  <% if local_assigns[:hint].present? %>
+    <p class="rp-hint"><%= hint %></p>
+  <% end %>
+  <% button_variant = local_assigns.fetch(:button_class, "rp-btn--accent") %>
+  <button type="button"
+          class="rp-btn rp-btn--sm <%= button_variant %>"
+          data-copy-target="<%= id %>">
+    <%= local_assigns.fetch(:button_text, "Copy") %>
+  </button>
+</div>

data/app/views/railspress/admin/shared/_sidebar.html.erb

@@ -94,6 +94,20 @@
     <% end %>
 
     <div class="rp-nav-divider"></div>
+    <% if Railspress.api_enabled? %>
+      <%= link_to railspress.admin_api_keys_path,
+          class: "rp-nav-link #{controller_name == 'api_keys' ? 'rp-nav-link--active' : ''}" do %>
+        <svg class="rp-nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+          <path d="M12 3 13.6 6.9 17.5 8.5 13.6 10.1 12 14 10.4 10.1 6.5 8.5 10.4 6.9z"/>
+          <path d="M19 13 19.8 14.9 21.7 15.7 19.8 16.5 19 18.4 18.2 16.5 16.3 15.7 18.2 14.9z"/>
+          <path d="M5 15 5.8 16.9 7.7 17.7 5.8 18.5 5 20.4 4.2 18.5 2.3 17.7 4.2 16.9z"/>
+        </svg>
+        <span class="rp-nav-text">Agents &amp; API</span>
+      <% end %>
+
+      <div class="rp-nav-divider"></div>
+    <% end %>
+
     <%= link_to "/", class: "rp-nav-link" do %>
       <svg class="rp-nav-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
         <circle cx="12" cy="12" r="10"/>
@@ -103,4 +117,36 @@
       <span class="rp-nav-text">Main Site</span>
     <% end %>
   </nav>
+
+  <div class="rp-sidebar-footer">
+    <div class="rp-sidebar-version">v<%= Railspress::VERSION %></div>
+
+    <%= link_to "https://railspress.org/guide/", class: "rp-sidebar-footer-link", target: "_blank", rel: "noopener noreferrer", title: "Guide" do %>
+      <svg class="rp-sidebar-footer-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+        <path d="M4 19.5A2.5 2.5 0 0 1 6.5 17H20"/>
+        <path d="M6.5 2H20v20H6.5A2.5 2.5 0 0 1 4 19.5V4.5A2.5 2.5 0 0 1 6.5 2z"/>
+      </svg>
+      <span class="rp-sidebar-footer-text">Guide</span>
+    <% end %>
+
+    <%= link_to "https://railspress.org/docs/", class: "rp-sidebar-footer-link", target: "_blank", rel: "noopener noreferrer", title: "Docs" do %>
+      <svg class="rp-sidebar-footer-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+        <path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z"/>
+        <polyline points="14 2 14 8 20 8"/>
+      </svg>
+      <span class="rp-sidebar-footer-text">Docs</span>
+    <% end %>
+
+    <%= link_to "https://github.com/aviflombaum/railspress-engine", class: "rp-sidebar-footer-link", target: "_blank", rel: "noopener noreferrer", title: "GitHub" do %>
+      <svg class="rp-sidebar-footer-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+        <path d="M9 19c-5 1.5-5-2.5-7-3m14 6v-3.87a3.37 3.37 0 0 0-.94-2.61c3.14-.35 6.44-1.54 6.44-7A5.44 5.44 0 0 0 20 4.77 5.07 5.07 0 0 0 19.91 1S18.73.65 16 2.48a13.38 13.38 0 0 0-7 0C6.27.65 5.09 1 5.09 1A5.07 5.07 0 0 0 5 4.77a5.44 5.44 0 0 0-1.5 3.78c0 5.42 3.3 6.61 6.44 7A3.37 3.37 0 0 0 9 18.13V22"/>
+      </svg>
+      <span class="rp-sidebar-footer-text">GitHub</span>
+    <% end %>
+
+    <p class="rp-sidebar-credit">
+      Made with ❤️ by
+      <%= link_to "Avi.nyc", "https://avi.nyc", target: "_blank", rel: "noopener noreferrer", class: "rp-sidebar-credit-link" %>
+    </p>
+  </div>
 </div>

data/config/routes.rb

@@ -4,6 +4,17 @@ Railspress::Engine.routes.draw do
     root "dashboard#index"
     resources :categories, except: [ :show ]
     resources :tags, except: [ :show ]
+    resources :api_keys, only: [ :index, :new, :create ] do
+      member do
+        post :rotate
+        post :revoke
+      end
+    end
+    resources :agent_bootstrap_keys, only: [ :new, :create ] do
+      member do
+        post :revoke
+      end
+    end
 
     # Content Element CMS (opt-in via config.enable_cms)
     if Railspress.cms_enabled?
@@ -67,4 +78,26 @@ Railspress::Engine.routes.draw do
       end
     end
   end
+
+  namespace :api do
+    namespace :v1 do
+      resource :prime, only: [ :show ], controller: "prime"
+      resources :agent_keys, only: [] do
+        collection do
+          post :exchange, to: "agent_key_exchanges#create"
+        end
+      end
+      resources :post_imports, path: "posts/imports", only: [ :create, :show ]
+      resources :posts, only: [ :index, :show, :create, :update, :destroy ] do
+        resource :header_image, only: [ :show, :update, :destroy ], controller: "post_header_images" do
+          resource :focal_point, only: [ :show, :update ], controller: "post_header_image_focal_points"
+          resources :contexts, only: [ :index, :show, :update, :destroy ],
+                               controller: "post_header_image_contexts",
+                               param: :context
+        end
+      end
+      resources :categories, only: [ :index, :show, :create, :update, :destroy ]
+      resources :tags, only: [ :index, :show, :create, :update, :destroy ]
+    end
+  end
 end

data/db/migrate/20260415000001_create_railspress_api_keys.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+class CreateRailspressApiKeys < ActiveRecord::Migration[8.0]
+  def change
+    create_table :railspress_api_keys do |t|
+      t.string :name, null: false
+      t.string :global_uuid, null: false
+      t.string :token_prefix, null: false
+      t.string :token_digest, null: false
+      t.text :secret_ciphertext, null: false
+      t.datetime :expires_at
+      t.datetime :last_used_at
+      t.string :last_used_ip
+      t.datetime :revoked_at
+      t.string :revoke_reason
+      t.integer :rotated_from_id
+
+      t.string :owner_type
+      t.bigint :owner_id
+
+      t.string :created_by_type
+      t.bigint :created_by_id
+      t.string :rotated_by_type
+      t.bigint :rotated_by_id
+      t.string :revoked_by_type
+      t.bigint :revoked_by_id
+
+      t.timestamps
+    end
+
+    add_index :railspress_api_keys, :global_uuid, unique: true
+    add_index :railspress_api_keys, :token_prefix
+    add_index :railspress_api_keys, :token_digest, unique: true
+    add_index :railspress_api_keys, :rotated_from_id
+    add_index :railspress_api_keys, [ :owner_type, :owner_id ]
+    add_index :railspress_api_keys, [ :created_by_type, :created_by_id ]
+    add_index :railspress_api_keys, [ :rotated_by_type, :rotated_by_id ]
+    add_index :railspress_api_keys, [ :revoked_by_type, :revoked_by_id ]
+  end
+end

data/db/migrate/20260415000002_create_railspress_agent_bootstrap_keys.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+class CreateRailspressAgentBootstrapKeys < ActiveRecord::Migration[8.0]
+  def change
+    create_table :railspress_agent_bootstrap_keys do |t|
+      t.string :name, null: false
+      t.string :global_uuid, null: false
+      t.string :token_prefix, null: false
+      t.string :token_digest, null: false
+      t.text :secret_ciphertext, null: false
+      t.datetime :expires_at, null: false
+      t.datetime :used_at
+      t.string :used_ip
+      t.datetime :revoked_at
+      t.string :revoke_reason
+      t.bigint :exchanged_api_key_id
+
+      t.string :owner_type
+      t.bigint :owner_id
+
+      t.string :created_by_type
+      t.bigint :created_by_id
+      t.string :revoked_by_type
+      t.bigint :revoked_by_id
+
+      t.timestamps
+    end
+
+    add_index :railspress_agent_bootstrap_keys, :global_uuid, unique: true
+    add_index :railspress_agent_bootstrap_keys, :token_prefix
+    add_index :railspress_agent_bootstrap_keys, :token_digest, unique: true
+    add_index :railspress_agent_bootstrap_keys, :exchanged_api_key_id
+    add_index :railspress_agent_bootstrap_keys, [ :owner_type, :owner_id ], name: "idx_rp_agent_bootstrap_keys_owner"
+    add_index :railspress_agent_bootstrap_keys, [ :created_by_type, :created_by_id ], name: "idx_rp_agent_bootstrap_keys_created_by"
+    add_index :railspress_agent_bootstrap_keys, [ :revoked_by_type, :revoked_by_id ], name: "idx_rp_agent_bootstrap_keys_revoked_by"
+  end
+end

data/lib/generators/railspress/install/templates/initializer.rb

@@ -26,4 +26,15 @@ Railspress.configure do |config|
   # config.inline_editing_check = ->(context) {
   #   context.controller.current_user&.admin?
   # }
+
+  # === API (opt-in) ===
+  # Enables API endpoints under /railspress/api/v1 and admin API key management.
+  # Requires Active Record Encryption keys in your host app config.
+  # Uncomment to enable:
+  # config.enable_api
+  # config.current_api_actor_method = :current_user
+  # config.current_api_actor_proc = -> { Current.user }
+  # Optional: force a canonical public base URL in generated API instructions.
+  # Falls back to Rails.application.routes.default_url_options, then request host.
+  # config.public_base_url = "https://blog.example.com"
 end

data/lib/railspress/version.rb

@@ -1,3 +1,3 @@
 module Railspress
-  VERSION = "1.2.0"
+  VERSION = "1.3.0"
 end

data/lib/railspress.rb

@@ -10,6 +10,9 @@ module Railspress
     attr_accessor :author_class_name,
                   :current_author_method,
                   :current_author_proc,
+                  :current_api_actor_method,
+                  :current_api_actor_proc,
+                  :public_base_url,
                   :author_scope,
                   :author_display_method,
                   :words_per_minute,
@@ -18,19 +21,23 @@ module Railspress
                   :post_image_variants,
                   :inline_editing_check
 
-    attr_reader :authors_enabled, :post_images_enabled, :focal_points_enabled, :cms_enabled, :image_contexts
+    attr_reader :authors_enabled, :post_images_enabled, :focal_points_enabled, :cms_enabled, :api_enabled, :image_contexts
 
     def initialize
       @authors_enabled = false
       @post_images_enabled = false
       @focal_points_enabled = false
       @cms_enabled = false
+      @api_enabled = false
       @image_contexts = default_image_contexts
       @post_image_variants = {}
       @inline_editing_check = nil
       @author_class_name = "User"
       @current_author_method = :current_user
       @current_author_proc = nil
+      @current_api_actor_method = :current_user
+      @current_api_actor_proc = nil
+      @public_base_url = nil
       @author_scope = nil
       @author_display_method = :name
       @words_per_minute = 200
@@ -58,6 +65,11 @@ module Railspress
       @cms_enabled = true
     end
 
+    # Declarative setter: config.enable_api
+    def enable_api
+      @api_enabled = true
+    end
+
     # Validate configuration after the configure block completes.
     # This keeps the configure block order-independent.
     def validate!
@@ -212,6 +224,10 @@ module Railspress
       configuration.image_contexts
     end
 
+    def api_enabled?
+      configuration.api_enabled
+    end
+
     def author_class
       configuration.author_class_name.constantize
     end
@@ -231,6 +247,26 @@ module Railspress
       configuration.author_display_method
     end
 
+    # Returns a safe display string for an author record.
+    # Falls back through common attribute names when the configured display
+    # method is missing on the model.
+    def author_display_for(author)
+      return nil unless author
+
+      configured_method = author_display_method
+      if configured_method.present? && author.respond_to?(configured_method)
+        value = author.public_send(configured_method)
+        return value if value.present?
+      end
+
+      fallback_method = [ :name, :full_name, :display_name, :email, :email_address ]
+        .find { |method| author.respond_to?(method) && author.public_send(method).present? }
+
+      return author.public_send(fallback_method) if fallback_method
+
+      "Author ##{author.id || "unknown"}"
+    end
+
     def current_author_method
       configuration.current_author_method
     end
@@ -239,6 +275,18 @@ module Railspress
       configuration.current_author_proc
     end
 
+    def current_api_actor_method
+      configuration.current_api_actor_method
+    end
+
+    def current_api_actor_proc
+      configuration.current_api_actor_proc
+    end
+
+    def public_base_url
+      configuration.public_base_url
+    end
+
     def words_per_minute
       configuration.words_per_minute
     end