@actuate-media/cms-core 0.10.4 → 0.11.0

package/dist/security/secret-storage.js

@@ -0,0 +1,75 @@
+import { encryptField, decryptField } from './encrypted-fields.js';
+/**
+ * High-level helpers for storing per-user secrets (TOTP secret, OAuth tokens,
+ * webhook signing keys) at rest. Wraps the raw `encryptField`/`decryptField`
+ * primitives so callers don't have to plumb `CMS_ENCRYPTION_KEY` through every
+ * code path.
+ *
+ * Encrypted values are tagged with a version prefix so we can rotate keys or
+ * change the encoding without breaking existing rows. Plaintext values written
+ * before encryption was enabled are passed through unchanged on read so
+ * upgrades don't break existing data — call `migrateSecret()` when you want
+ * to opportunistically re-encrypt them on next access.
+ */
+const PREFIX = 'enc:v1:';
+function getKey() {
+    const key = process.env.CMS_ENCRYPTION_KEY;
+    if (!key)
+        return null;
+    // 32 bytes = 64 hex chars
+    if (key.length !== 64) {
+        console.warn('[actuate][crypto] CMS_ENCRYPTION_KEY must be 64 hex characters (32 bytes); got '
+            + key.length
+            + '. Falling back to plaintext storage. Generate with: '
+            + 'node -e "console.log(require(\'crypto\').randomBytes(32).toString(\'hex\'))"');
+        return null;
+    }
+    return key;
+}
+/**
+ * Encrypt a value for storage. Returns the original value unchanged when no
+ * encryption key is configured (development convenience). Production deployments
+ * MUST set `CMS_ENCRYPTION_KEY` — see `security.mdc`.
+ */
+export async function encryptSecret(plaintext) {
+    if (!plaintext)
+        return plaintext;
+    const key = getKey();
+    if (!key)
+        return plaintext;
+    const ciphertext = await encryptField(plaintext, key);
+    return PREFIX + ciphertext;
+}
+/**
+ * Decrypt a value that was stored via `encryptSecret`. Plaintext values
+ * (written before encryption was enabled, or written by a deployment without
+ * the key) are returned unchanged.
+ */
+export async function decryptSecret(stored) {
+    if (!stored)
+        return stored;
+    if (!stored.startsWith(PREFIX))
+        return stored;
+    const key = getKey();
+    if (!key) {
+        throw new Error('CMS_ENCRYPTION_KEY is required to decrypt this value but is not set. '
+            + 'Configure the same key used at write time.');
+    }
+    return decryptField(stored.slice(PREFIX.length), key);
+}
+/** True when the value is stored encrypted (and therefore needs decryption). */
+export function isEncrypted(value) {
+    return typeof value === 'string' && value.startsWith(PREFIX);
+}
+/**
+ * Encrypt each string element in an array. Returns the array unchanged when
+ * encryption is disabled. Used for things like TOTP backup codes.
+ */
+export async function encryptStringArray(values) {
+    return Promise.all(values.map((v) => encryptSecret(v)));
+}
+/** Decrypt each element in an array stored via `encryptStringArray`. */
+export async function decryptStringArray(values) {
+    return Promise.all(values.map((v) => decryptSecret(v)));
+}
+//# sourceMappingURL=secret-storage.js.map

package/dist/security/secret-storage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-storage.js","sourceRoot":"","sources":["../../src/security/secret-storage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAEnE;;;;;;;;;;;GAWG;AAEH,MAAM,MAAM,GAAG,SAAS,CAAC;AAEzB,SAAS,MAAM;IACb,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;IAC3C,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,0BAA0B;IAC1B,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,OAAO,CAAC,IAAI,CACV,iFAAiF;cAC7E,GAAG,CAAC,MAAM;cACV,sDAAsD;cACtD,8EAA8E,CACnF,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,SAAiB;IACnD,IAAI,CAAC,SAAS;QAAE,OAAO,SAAS,CAAC;IACjC,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC;IACrB,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;IACtD,OAAO,MAAM,GAAG,UAAU,CAAC;AAC7B,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,MAAc;IAChD,IAAI,CAAC,MAAM;QAAE,OAAO,MAAM,CAAC;IAC3B,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IAC9C,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC;IACrB,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CACb,uEAAuE;cACnE,4CAA4C,CACjD,CAAC;IACJ,CAAC;IACD,OAAO,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,CAAC,CAAC;AACxD,CAAC;AAED,gFAAgF;AAChF,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;AAC/D,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,MAAgB;IACvD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC1D,CAAC;AAED,wEAAwE;AACxE,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,MAAgB;IACvD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC1D,CAAC"}

package/dist/security/upload.d.ts

@@ -5,9 +5,28 @@ export interface FileValidationResult {
 }
 declare const ALLOWED_IMAGE_TYPES: Set<string>;
 declare const ALLOWED_DOCUMENT_TYPES: Set<string>;
-/** Validate a file's MIME type against an allowlist. */
-export declare function validateMimeType(mimeType: string, allowedTypes?: Set<string>): FileValidationResult;
-/** Check a file's magic bytes to detect its true MIME type. */
-export declare function checkMagicBytes(buffer: Uint8Array): string | undefined;
+/**
+ * Validate a file's declared MIME type against an allowlist.
+ *
+ * Accepts either an array (typical caller form) or a Set (legacy form).
+ * Returns a plain boolean to make call-sites read naturally:
+ *
+ *     if (!validateMimeType(file.type, ALLOWED)) return badRequest(...)
+ */
+export declare function validateMimeType(mimeType: string, allowedTypes?: ReadonlyArray<string> | ReadonlySet<string>): boolean;
+/**
+ * Check a file's magic bytes against the declared mime type. Returns
+ * `{ valid: true, detectedMimeType }` when the bytes match the declared type
+ * (or when we have no signature to check), and `{ valid: false, error }`
+ * otherwise.
+ *
+ * For container formats (WebP, AVIF) we additionally inspect the inner
+ * sub-type — a generic RIFF header would otherwise let `.wav` files masquerade
+ * as `.webp` and bypass image-only checks.
+ *
+ * For SVG (which is XML, not a binary signature) we look for `<svg` near the
+ * start of the file. A leading XML declaration or BOM is allowed.
+ */
+export declare function checkMagicBytes(input: ArrayBuffer | Uint8Array | Buffer, declaredMimeType: string): FileValidationResult;
 export { ALLOWED_IMAGE_TYPES, ALLOWED_DOCUMENT_TYPES };
 //# sourceMappingURL=upload.d.ts.map

package/dist/security/upload.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"upload.d.ts","sourceRoot":"","sources":["../../src/security/upload.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,QAAA,MAAM,mBAAmB,aAEvB,CAAC;AAEH,QAAA,MAAM,sBAAsB,aAI1B,CAAC;AAUH,wDAAwD;AACxD,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,YAAY,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,GACzB,oBAAoB,CAMtB;AAED,+DAA+D;AAC/D,wBAAgB,eAAe,CAC7B,MAAM,EAAE,UAAU,GACjB,MAAM,GAAG,SAAS,CAMpB;AAED,OAAO,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,CAAC"}
+{"version":3,"file":"upload.d.ts","sourceRoot":"","sources":["../../src/security/upload.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,QAAA,MAAM,mBAAmB,aAOvB,CAAC;AAEH,QAAA,MAAM,sBAAsB,aAM1B,CAAC;AAEH;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAChB,YAAY,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,GACzD,OAAO,CAKT;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,eAAe,CAC7B,KAAK,EAAE,WAAW,GAAG,UAAU,GAAG,MAAM,EACxC,gBAAgB,EAAE,MAAM,GACvB,oBAAoB,CA6BtB;AA2DD,OAAO,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,CAAC"}

package/dist/security/upload.js

@@ -1,34 +1,123 @@
 const ALLOWED_IMAGE_TYPES = new Set([
-    "image/jpeg", "image/png", "image/gif", "image/webp", "image/svg+xml", "image/avif",
+    "image/jpeg",
+    "image/png",
+    "image/gif",
+    "image/webp",
+    "image/svg+xml",
+    "image/avif",
 ]);
 const ALLOWED_DOCUMENT_TYPES = new Set([
-    "application/pdf", "text/plain", "text/csv",
+    "application/pdf",
+    "text/plain",
+    "text/csv",
     "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
     "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
 ]);
-const MAGIC_BYTES = [
-    { mime: "image/jpeg", bytes: [0xFF, 0xD8, 0xFF] },
-    { mime: "image/png", bytes: [0x89, 0x50, 0x4E, 0x47] },
-    { mime: "image/gif", bytes: [0x47, 0x49, 0x46] },
-    { mime: "image/webp", bytes: [0x52, 0x49, 0x46, 0x46] },
-    { mime: "application/pdf", bytes: [0x25, 0x50, 0x44, 0x46] },
-];
-/** Validate a file's MIME type against an allowlist. */
+/**
+ * Validate a file's declared MIME type against an allowlist.
+ *
+ * Accepts either an array (typical caller form) or a Set (legacy form).
+ * Returns a plain boolean to make call-sites read naturally:
+ *
+ *     if (!validateMimeType(file.type, ALLOWED)) return badRequest(...)
+ */
 export function validateMimeType(mimeType, allowedTypes) {
-    const allowed = allowedTypes ?? new Set([...ALLOWED_IMAGE_TYPES, ...ALLOWED_DOCUMENT_TYPES]);
-    if (!allowed.has(mimeType)) {
-        return { valid: false, error: `MIME type "${mimeType}" is not allowed` };
+    const allowed = allowedTypes
+        ? (allowedTypes instanceof Set ? allowedTypes : new Set(allowedTypes))
+        : new Set([...ALLOWED_IMAGE_TYPES, ...ALLOWED_DOCUMENT_TYPES]);
+    return allowed.has(mimeType);
+}
+/**
+ * Check a file's magic bytes against the declared mime type. Returns
+ * `{ valid: true, detectedMimeType }` when the bytes match the declared type
+ * (or when we have no signature to check), and `{ valid: false, error }`
+ * otherwise.
+ *
+ * For container formats (WebP, AVIF) we additionally inspect the inner
+ * sub-type — a generic RIFF header would otherwise let `.wav` files masquerade
+ * as `.webp` and bypass image-only checks.
+ *
+ * For SVG (which is XML, not a binary signature) we look for `<svg` near the
+ * start of the file. A leading XML declaration or BOM is allowed.
+ */
+export function checkMagicBytes(input, declaredMimeType) {
+    const bytes = toUint8(input);
+    const detected = detectMimeType(bytes);
+    // No signature for the declared type — accept (caller is expected to have
+    // already checked the allowlist).
+    if (detected === null) {
+        return { valid: true };
+    }
+    if (detected === declaredMimeType) {
+        return { valid: true, detectedMimeType: detected };
+    }
+    // Some legitimate aliases:
+    //   image/jpg ↔ image/jpeg
+    //   image/x-png ↔ image/png
+    if ((detected === 'image/jpeg' && declaredMimeType === 'image/jpg') ||
+        (detected === 'image/png' && declaredMimeType === 'image/x-png')) {
+        return { valid: true, detectedMimeType: detected };
     }
-    return { valid: true };
+    return {
+        valid: false,
+        error: `Declared "${declaredMimeType}" but content looks like "${detected}"`,
+        detectedMimeType: detected,
+    };
 }
-/** Check a file's magic bytes to detect its true MIME type. */
-export function checkMagicBytes(buffer) {
-    for (const entry of MAGIC_BYTES) {
-        const matches = entry.bytes.every((byte, i) => buffer[i] === byte);
-        if (matches)
-            return entry.mime;
+function toUint8(input) {
+    if (input instanceof Uint8Array)
+        return input;
+    return new Uint8Array(input);
+}
+/** Returns the detected mime type, or null when the bytes don't match a known signature. */
+function detectMimeType(b) {
+    if (b.length < 4)
+        return null;
+    if (b[0] === 0xFF && b[1] === 0xD8 && b[2] === 0xFF)
+        return 'image/jpeg';
+    if (b[0] === 0x89 && b[1] === 0x50 && b[2] === 0x4E && b[3] === 0x47)
+        return 'image/png';
+    // GIF: full 6-byte signature ("GIF87a" or "GIF89a"), not just "GIF".
+    if (b[0] === 0x47 && b[1] === 0x49 && b[2] === 0x46 && b[3] === 0x38 &&
+        (b[4] === 0x37 || b[4] === 0x39) && b[5] === 0x61)
+        return 'image/gif';
+    // RIFF + 4-byte size + format identifier ("WEBP" / "WAVE" / "AVI ").
+    if (b.length >= 12 && b[0] === 0x52 && b[1] === 0x49 && b[2] === 0x46 && b[3] === 0x46) {
+        if (b[8] === 0x57 && b[9] === 0x45 && b[10] === 0x42 && b[11] === 0x50)
+            return 'image/webp';
+        if (b[8] === 0x57 && b[9] === 0x41 && b[10] === 0x56 && b[11] === 0x45)
+            return 'audio/wav';
+    }
+    // AVIF / HEIC: ISO BMFF "ftyp" box at offset 4 with brand at offset 8.
+    if (b.length >= 12 && b[4] === 0x66 && b[5] === 0x74 && b[6] === 0x79 && b[7] === 0x70) {
+        const brand = String.fromCharCode(b[8] ?? 0, b[9] ?? 0, b[10] ?? 0, b[11] ?? 0);
+        if (brand === 'avif' || brand === 'avis')
+            return 'image/avif';
+        if (brand === 'mp42' || brand === 'isom' || brand === 'iso2')
+            return 'video/mp4';
+    }
+    // PDF
+    if (b[0] === 0x25 && b[1] === 0x50 && b[2] === 0x44 && b[3] === 0x46)
+        return 'application/pdf';
+    // OGG
+    if (b[0] === 0x4F && b[1] === 0x67 && b[2] === 0x67 && b[3] === 0x53)
+        return 'audio/ogg';
+    // MP3 — either "ID3" tag or a frame sync (0xFFE).
+    if (b[0] === 0x49 && b[1] === 0x44 && b[2] === 0x33)
+        return 'audio/mpeg';
+    if (b[0] === 0xFF && (b[1] & 0xE0) === 0xE0)
+        return 'audio/mpeg';
+    // WebM / Matroska EBML header
+    if (b[0] === 0x1A && b[1] === 0x45 && b[2] === 0xDF && b[3] === 0xA3)
+        return 'video/webm';
+    // SVG: scan the first 1024 bytes for a "<svg" tag. Accept optional XML
+    // declaration / BOM / whitespace / comments.
+    const head = new TextDecoder('utf-8', { fatal: false }).decode(b.slice(0, 1024)).trimStart();
+    if (head.toLowerCase().includes('<svg') ||
+        head.startsWith('<?xml') && head.toLowerCase().includes('<svg')) {
+        return 'image/svg+xml';
     }
-    return undefined;
+    return null;
 }
 export { ALLOWED_IMAGE_TYPES, ALLOWED_DOCUMENT_TYPES };
 //# sourceMappingURL=upload.js.map

package/dist/security/upload.js.map

@@ -1 +1 @@
-{"version":3,"file":"upload.js","sourceRoot":"","sources":["../../src/security/upload.ts"],"names":[],"mappings":"AAMA,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,YAAY,EAAE,eAAe,EAAE,YAAY;CACpF,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC;IACrC,iBAAiB,EAAE,YAAY,EAAE,UAAU;IAC3C,yEAAyE;IACzE,mEAAmE;CACpE,CAAC,CAAC;AAEH,MAAM,WAAW,GAA6C;IAC5D,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE;IACjD,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE;IACtD,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE;IAChD,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE;IACvD,EAAE,IAAI,EAAE,iBAAiB,EAAE,KAAK,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE;CAC7D,CAAC;AAEF,wDAAwD;AACxD,MAAM,UAAU,gBAAgB,CAC9B,QAAgB,EAChB,YAA0B;IAE1B,MAAM,OAAO,GAAG,YAAY,IAAI,IAAI,GAAG,CAAC,CAAC,GAAG,mBAAmB,EAAE,GAAG,sBAAsB,CAAC,CAAC,CAAC;IAC7F,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,QAAQ,kBAAkB,EAAE,CAAC;IAC3E,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,eAAe,CAC7B,MAAkB;IAElB,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;QAChC,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;QACnE,IAAI,OAAO;YAAE,OAAO,KAAK,CAAC,IAAI,CAAC;IACjC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,OAAO,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,CAAC"}
+{"version":3,"file":"upload.js","sourceRoot":"","sources":["../../src/security/upload.ts"],"names":[],"mappings":"AAMA,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC;IAClC,YAAY;IACZ,WAAW;IACX,WAAW;IACX,YAAY;IACZ,eAAe;IACf,YAAY;CACb,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC;IACrC,iBAAiB;IACjB,YAAY;IACZ,UAAU;IACV,yEAAyE;IACzE,mEAAmE;CACpE,CAAC,CAAC;AAEH;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAC9B,QAAgB,EAChB,YAA0D;IAE1D,MAAM,OAAO,GAAG,YAAY;QAC1B,CAAC,CAAC,CAAC,YAAY,YAAY,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;QACtE,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,mBAAmB,EAAE,GAAG,sBAAsB,CAAC,CAAC,CAAC;IACjE,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AAC/B,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,eAAe,CAC7B,KAAwC,EACxC,gBAAwB;IAExB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;IAC7B,MAAM,QAAQ,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAEvC,0EAA0E;IAC1E,kCAAkC;IAClC,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QACtB,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED,IAAI,QAAQ,KAAK,gBAAgB,EAAE,CAAC;QAClC,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,CAAC;IACrD,CAAC;IAED,2BAA2B;IAC3B,2BAA2B;IAC3B,4BAA4B;IAC5B,IACE,CAAC,QAAQ,KAAK,YAAY,IAAI,gBAAgB,KAAK,WAAW,CAAC;QAC/D,CAAC,QAAQ,KAAK,WAAW,IAAI,gBAAgB,KAAK,aAAa,CAAC,EAChE,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,CAAC;IACrD,CAAC;IAED,OAAO;QACL,KAAK,EAAE,KAAK;QACZ,KAAK,EAAE,aAAa,gBAAgB,6BAA6B,QAAQ,GAAG;QAC5E,gBAAgB,EAAE,QAAQ;KAC3B,CAAC;AACJ,CAAC;AAED,SAAS,OAAO,CAAC,KAAwC;IACvD,IAAI,KAAK,YAAY,UAAU;QAAE,OAAO,KAAK,CAAC;IAC9C,OAAO,IAAI,UAAU,CAAC,KAAoB,CAAC,CAAC;AAC9C,CAAC;AAED,4FAA4F;AAC5F,SAAS,cAAc,CAAC,CAAa;IACnC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAE9B,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI;QAAE,OAAO,YAAY,CAAC;IACzE,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI;QAAE,OAAO,WAAW,CAAC;IAEzF,qEAAqE;IACrE,IACE,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI;QAChE,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI;QACjD,OAAO,WAAW,CAAC;IAErB,qEAAqE;IACrE,IAAI,CAAC,CAAC,MAAM,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACvF,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,EAAE,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,EAAE,CAAC,KAAK,IAAI;YAAE,OAAO,YAAY,CAAC;QAC5F,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,EAAE,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,EAAE,CAAC,KAAK,IAAI;YAAE,OAAO,WAAW,CAAC;IAC7F,CAAC;IAED,uEAAuE;IACvE,IAAI,CAAC,CAAC,MAAM,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACvF,MAAM,KAAK,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;QAChF,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,MAAM;YAAE,OAAO,YAAY,CAAC;QAC9D,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,MAAM;YAAE,OAAO,WAAW,CAAC;IACnF,CAAC;IAED,MAAM;IACN,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI;QAAE,OAAO,iBAAiB,CAAC;IAE/F,MAAM;IACN,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI;QAAE,OAAO,WAAW,CAAC;IAEzF,kDAAkD;IAClD,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI;QAAE,OAAO,YAAY,CAAC;IACzE,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,CAAE,GAAG,IAAI,CAAC,KAAK,IAAI;QAAE,OAAO,YAAY,CAAC;IAElE,8BAA8B;IAC9B,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI;QAAE,OAAO,YAAY,CAAC;IAE1F,uEAAuE;IACvE,6CAA6C;IAC7C,MAAM,IAAI,GAAG,IAAI,WAAW,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC;IAC7F,IACE,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;QACnC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,EAC/D,CAAC;QACD,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,OAAO,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,CAAC"}

package/dist/server-site.d.ts

@@ -0,0 +1,54 @@
+import type { SiteClient, ResolvedMedia, MediaInput } from './site.js';
+/**
+ * Server-only Site client that reads from the database directly.
+ *
+ * Use this in Server Components, `generateMetadata`, route loaders, and
+ * anywhere else you would otherwise be tempted to call `createSiteClient()`
+ * with a relative URL (which throws under bare Node `fetch`).
+ *
+ *   import { PrismaClient } from '@/generated/prisma'
+ *   import { createServerSiteClient } from '@actuate-media/cms-core'
+ *   import config from '@/actuate.config'
+ *
+ *   const prisma = new PrismaClient()
+ *   const cms = createServerSiteClient(prisma, config)
+ *
+ *   const settings = await cms.getGlobal('settings')
+ *
+ * Benefits over the fetch-based client in Server Components:
+ *   - Zero self-fetch overhead (one DB roundtrip instead of HTTP).
+ *   - No `NEXT_PUBLIC_SITE_URL` plumbing required.
+ *   - Works under bare Node, Edge runtime with Prisma Accelerate, or any
+ *     Prisma-compatible client.
+ *   - Bypasses Next.js fetch caching pitfalls on Server Components.
+ */
+export interface CmsConfigLike {
+    /** Map of global slug → global definition. `access.read` is consulted before returning data. */
+    globals?: Record<string, {
+        access?: {
+            read?: (ctx: {
+                user: null;
+                doc: any;
+            }) => boolean | Promise<boolean>;
+        };
+    }>;
+    /** Map of collection slug → collection definition (used by `resolveDocument`). */
+    collections?: Record<string, {
+        slug?: string;
+        type?: string;
+        urlPrefix?: string;
+    }>;
+}
+export interface ServerSiteClient extends SiteClient {
+    /** Resolve any media-like value into a normalized shape, looking up by id from the DB when needed. */
+    resolveMedia(value: MediaInput): Promise<ResolvedMedia | null>;
+}
+/**
+ * Build the server-side Site client. The supplied `db` only needs a tiny
+ * subset of the Prisma surface (`document`, `media`) — that lets us accept
+ * generated PrismaClient instances from any consumer schema without forcing
+ * a hard type dependency.
+ */
+export declare function createServerSiteClient(db: any, config?: CmsConfigLike): ServerSiteClient;
+export { normalizeMedia, resolveMedia } from './site.js';
+//# sourceMappingURL=server-site.d.ts.map

package/dist/server-site.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-site.d.ts","sourceRoot":"","sources":["../src/server-site.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,UAAU,EAEV,aAAa,EACb,UAAU,EAEX,MAAM,WAAW,CAAC;AAGnB;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,MAAM,WAAW,aAAa;IAC5B,gGAAgG;IAChG,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,MAAM,CAAC,EAAE;YAAE,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE;gBAAE,IAAI,EAAE,IAAI,CAAC;gBAAC,GAAG,EAAE,GAAG,CAAA;aAAE,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;SAAE,CAAA;KAAE,CAAC,CAAC;IAChH,kFAAkF;IAClF,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACpF;AAED,MAAM,WAAW,gBAAiB,SAAQ,UAAU;IAClD,sGAAsG;IACtG,YAAY,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;CAChE;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CACpC,EAAE,EAAE,GAAG,EACP,MAAM,GAAE,aAAkB,GACzB,gBAAgB,CA+IlB;AAID,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC"}

package/dist/server-site.js

@@ -0,0 +1,149 @@
+import { resolveMedia } from './site.js';
+/**
+ * Build the server-side Site client. The supplied `db` only needs a tiny
+ * subset of the Prisma surface (`document`, `media`) — that lets us accept
+ * generated PrismaClient instances from any consumer schema without forcing
+ * a hard type dependency.
+ */
+export function createServerSiteClient(db, config = {}) {
+    if (!db || typeof db !== 'object') {
+        throw new Error('createServerSiteClient: `db` must be a Prisma-compatible client');
+    }
+    async function getGlobal(slug) {
+        const globalConfig = config.globals?.[slug];
+        if (!db.document?.findFirst)
+            return null;
+        const doc = await db.document.findFirst({
+            where: { collection: slug, deletedAt: null },
+        });
+        if (!doc)
+            return null;
+        // Honor the same access policy the public REST endpoint enforces. When
+        // no policy is configured we default to "public" — globals routed through
+        // `getGlobal()` are by definition public site data; integrators that want
+        // gating should set `access.read` explicitly.
+        if (globalConfig?.access?.read) {
+            const allowed = await globalConfig.access.read({ user: null, doc });
+            if (!allowed)
+                return null;
+        }
+        return (doc.data && typeof doc.data === 'object'
+            ? doc.data
+            : {});
+    }
+    async function resolveDocument(path) {
+        const segments = path.replace(/^\/|\/$/g, '').split('/').filter(Boolean);
+        const collectionDefs = Object.values(config.collections ?? {});
+        let matchedCollection = null;
+        let docSlug = null;
+        if (segments.length === 0) {
+            const pageCol = collectionDefs.find((c) => c.type === 'page' && !((c.urlPrefix ?? '').replace(/^\/|\/$/g, '')));
+            matchedCollection = pageCol?.slug ?? 'pages';
+            docSlug = 'home';
+        }
+        else {
+            for (const col of collectionDefs) {
+                const prefix = (col.urlPrefix ?? col.slug ?? '').replace(/^\/|\/$/g, '');
+                if (prefix && segments.length >= 2) {
+                    const prefixParts = prefix.split('/');
+                    const pathPrefix = segments.slice(0, prefixParts.length).join('/');
+                    if (pathPrefix === prefix) {
+                        matchedCollection = col.slug ?? null;
+                        docSlug = segments.slice(prefixParts.length).join('/');
+                        break;
+                    }
+                }
+                else if (!prefix && col.type === 'page') {
+                    matchedCollection = col.slug ?? null;
+                    docSlug = segments.join('/');
+                }
+            }
+            if (!matchedCollection && segments.length === 1) {
+                matchedCollection = 'pages';
+                docSlug = segments[0];
+            }
+            if (!matchedCollection && segments.length >= 2) {
+                matchedCollection = segments[0];
+                docSlug = segments.slice(1).join('/');
+            }
+        }
+        if (!matchedCollection || !docSlug)
+            return null;
+        const isRootPath = segments.length === 0;
+        const doc = await db.document.findFirst({
+            where: {
+                collection: matchedCollection,
+                deletedAt: null,
+                status: 'PUBLISHED',
+                OR: isRootPath
+                    ? [
+                        { data: { path: ['slug'], equals: 'home' } },
+                        { data: { path: ['slug'], equals: 'index' } },
+                        { slug: 'home' },
+                        { slug: 'index' },
+                    ]
+                    : [
+                        { data: { path: ['slug'], equals: docSlug } },
+                        { slug: docSlug },
+                    ],
+            },
+        });
+        if (!doc)
+            return null;
+        const docData = (doc.data && typeof doc.data === 'object')
+            ? doc.data
+            : {};
+        // Strip CMS-internal keys (mirrors handler behavior for /resolve).
+        const layout = (docData._layout && typeof docData._layout === 'object')
+            ? docData._layout
+            : undefined;
+        const { _layout: _omit, ...cleanData } = docData;
+        return {
+            data: {
+                id: doc.id,
+                collection: doc.collection,
+                data: cleanData,
+                status: doc.status,
+                publishedAt: doc.publishedAt
+                    ? (doc.publishedAt instanceof Date ? doc.publishedAt.toISOString() : String(doc.publishedAt))
+                    : null,
+                structuredData: doc.structuredData,
+            },
+            ...(layout && Object.keys(layout).length > 0 ? { layout } : {}),
+        };
+    }
+    return {
+        getGlobal,
+        resolveDocument,
+        async resolveMedia(value) {
+            const options = {
+                resolveById: async (id) => {
+                    if (!db.media?.findUnique)
+                        return null;
+                    try {
+                        const row = await db.media.findUnique({ where: { id } });
+                        if (!row)
+                            return null;
+                        return {
+                            id: row.id,
+                            url: row.storageKey,
+                            alt: row.altText ?? null,
+                            title: row.title ?? null,
+                            width: row.width ?? null,
+                            height: row.height ?? null,
+                            storageKey: row.storageKey ?? null,
+                        };
+                    }
+                    catch {
+                        return null;
+                    }
+                },
+            };
+            return resolveMedia(value, options);
+        },
+    };
+}
+// Re-export the same helpers consumers were using before so a single import
+// site covers both the fetch and Prisma flavours.
+export { normalizeMedia, resolveMedia } from './site.js';
+//# sourceMappingURL=server-site.js.map

package/dist/server-site.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-site.js","sourceRoot":"","sources":["../src/server-site.ts"],"names":[],"mappings":"AAOA,OAAO,EAAkB,YAAY,EAAE,MAAM,WAAW,CAAC;AAsCzD;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CACpC,EAAO,EACP,SAAwB,EAAE;IAE1B,IAAI,CAAC,EAAE,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;IACrF,CAAC;IAED,KAAK,UAAU,SAAS,CAA8B,IAAY;QAChE,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC;QAE5C,IAAI,CAAC,EAAE,CAAC,QAAQ,EAAE,SAAS;YAAE,OAAO,IAAI,CAAC;QAEzC,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;YACtC,KAAK,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE;SAC7C,CAAC,CAAC;QACH,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QAEtB,uEAAuE;QACvE,0EAA0E;QAC1E,0EAA0E;QAC1E,8CAA8C;QAC9C,IAAI,YAAY,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;YACpE,IAAI,CAAC,OAAO;gBAAE,OAAO,IAAI,CAAC;QAC5B,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ;YAC9C,CAAC,CAAC,GAAG,CAAC,IAAI;YACV,CAAC,CAAC,EAAE,CAAM,CAAC;IACf,CAAC;IAED,KAAK,UAAU,eAAe,CAA8B,IAAY;QACtE,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACzE,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;QAC/D,IAAI,iBAAiB,GAAkB,IAAI,CAAC;QAC5C,IAAI,OAAO,GAAkB,IAAI,CAAC;QAElC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,CACjC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAC3E,CAAC;YACF,iBAAiB,GAAG,OAAO,EAAE,IAAI,IAAI,OAAO,CAAC;YAC7C,OAAO,GAAG,MAAM,CAAC;QACnB,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;gBACjC,MAAM,MAAM,GAAG,CAAC,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;gBACzE,IAAI,MAAM,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;oBACnC,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBACtC,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBACnE,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;wBAC1B,iBAAiB,GAAG,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC;wBACrC,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;wBACvD,MAAM;oBACR,CAAC;gBACH,CAAC;qBAAM,IAAI,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;oBAC1C,iBAAiB,GAAG,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC;oBACrC,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC/B,CAAC;YACH,CAAC;YACD,IAAI,CAAC,iBAAiB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAChD,iBAAiB,GAAG,OAAO,CAAC;gBAC5B,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAE,CAAC;YACzB,CAAC;YACD,IAAI,CAAC,iBAAiB,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;gBAC/C,iBAAiB,GAAG,QAAQ,CAAC,CAAC,CAAE,CAAC;gBACjC,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACxC,CAAC;QACH,CAAC;QAED,IAAI,CAAC,iBAAiB,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAEhD,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC;QACzC,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;YACtC,KAAK,EAAE;gBACL,UAAU,EAAE,iBAAiB;gBAC7B,SAAS,EAAE,IAAI;gBACf,MAAM,EAAE,WAAW;gBACnB,EAAE,EAAE,UAAU;oBACZ,CAAC,CAAC;wBACE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;wBAC5C,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE;wBAC7C,EAAE,IAAI,EAAE,MAAM,EAAE;wBAChB,EAAE,IAAI,EAAE,OAAO,EAAE;qBAClB;oBACH,CAAC,CAAC;wBACE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE;wBAC7C,EAAE,IAAI,EAAE,OAAO,EAAE;qBAClB;aACN;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QAEtB,MAAM,OAAO,GAA4B,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,CAAC;YACjF,CAAC,CAAE,GAAG,CAAC,IAAgC;YACvC,CAAC,CAAC,EAAE,CAAC;QAEP,mEAAmE;QACnE,MAAM,MAAM,GAAG,CAAC,OAAO,CAAC,OAAO,IAAI,OAAO,OAAO,CAAC,OAAO,KAAK,QAAQ,CAAC;YACrE,CAAC,CAAE,OAAO,CAAC,OAA+B;YAC1C,CAAC,CAAC,SAAS,CAAC;QACd,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,SAAS,EAAE,GAAG,OAAO,CAAC;QAEjD,OAAO;YACL,IAAI,EAAE;gBACJ,EAAE,EAAE,GAAG,CAAC,EAAE;gBACV,UAAU,EAAE,GAAG,CAAC,UAAU;gBAC1B,IAAI,EAAE,SAAc;gBACpB,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,WAAW,EAAE,GAAG,CAAC,WAAW;oBAC1B,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,YAAY,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;oBAC7F,CAAC,CAAC,IAAI;gBACR,cAAc,EAAE,GAAG,CAAC,cAAc;aACnC;YACD,GAAG,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAChE,CAAC;IACJ,CAAC;IAED,OAAO;QACL,SAAS;QACT,eAAe;QACf,KAAK,CAAC,YAAY,CAAC,KAAiB;YAClC,MAAM,OAAO,GAAwB;gBACnC,WAAW,EAAE,KAAK,EAAE,EAAU,EAAE,EAAE;oBAChC,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU;wBAAE,OAAO,IAAI,CAAC;oBACvC,IAAI,CAAC;wBACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;wBACzD,IAAI,CAAC,GAAG;4BAAE,OAAO,IAAI,CAAC;wBACtB,OAAO;4BACL,EAAE,EAAE,GAAG,CAAC,EAAE;4BACV,GAAG,EAAE,GAAG,CAAC,UAAU;4BACnB,GAAG,EAAE,GAAG,CAAC,OAAO,IAAI,IAAI;4BACxB,KAAK,EAAE,GAAG,CAAC,KAAK,IAAI,IAAI;4BACxB,KAAK,EAAE,GAAG,CAAC,KAAK,IAAI,IAAI;4BACxB,MAAM,EAAE,GAAG,CAAC,MAAM,IAAI,IAAI;4BAC1B,UAAU,EAAE,GAAG,CAAC,UAAU,IAAI,IAAI;yBACnC,CAAC;oBACJ,CAAC;oBAAC,MAAM,CAAC;wBACP,OAAO,IAAI,CAAC;oBACd,CAAC;gBACH,CAAC;aACF,CAAC;YACF,OAAO,YAAY,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACtC,CAAC;KACF,CAAC;AACJ,CAAC;AAED,4EAA4E;AAC5E,kDAAkD;AAClD,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC"}

package/dist/site.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"site.d.ts","sourceRoot":"","sources":["../src/site.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,iBAAiB;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;CACtB;AAED,MAAM,WAAW,aAAa,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IACxD,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,CAAC,CAAC;CACT;AAED,MAAM,WAAW,aAAa,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IACxD,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM,CAAC;QACX,UAAU,EAAE,MAAM,CAAC;QACnB,IAAI,EAAE,CAAC,CAAC;QACR,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC5B,cAAc,CAAC,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED,MAAM,MAAM,UAAU,GAClB,MAAM,GACN;IACE,EAAE,CAAC,EAAE,OAAO,CAAC;IACb,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB,GACD,IAAI,GACJ,SAAS,CAAC;AAEd,MAAM,WAAW,mBAAmB;IAClC,WAAW,CAAC,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC;CACnD;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IACxE,eAAe,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;CAC9F;AA+BD,wBAAgB,gBAAgB,CAAC,OAAO,GAAE,iBAAsB,GAAG,UAAU,CA0B5E;AAkBD,wBAAgB,cAAc,CAAC,KAAK,EAAE,UAAU,GAAG,aAAa,GAAG,IAAI,CA4BtE;AAED,wBAAsB,YAAY,CAChC,KAAK,EAAE,UAAU,EACjB,OAAO,GAAE,mBAAwB,GAChC,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAU/B"}
+{"version":3,"file":"site.d.ts","sourceRoot":"","sources":["../src/site.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,iBAAiB;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;CACtB;AAED,MAAM,WAAW,aAAa,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IACxD,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,CAAC,CAAC;CACT;AAED,MAAM,WAAW,aAAa,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IACxD,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM,CAAC;QACX,UAAU,EAAE,MAAM,CAAC;QACnB,IAAI,EAAE,CAAC,CAAC;QACR,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC5B,cAAc,CAAC,EAAE,OAAO,CAAC;KAC1B,CAAC;IACF,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED,MAAM,MAAM,UAAU,GAClB,MAAM,GACN;IACE,EAAE,CAAC,EAAE,OAAO,CAAC;IACb,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB,GACD,IAAI,GACJ,SAAS,CAAC;AAEd,MAAM,WAAW,mBAAmB;IAClC,WAAW,CAAC,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC;CACnD;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IACxE,eAAe,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;CAC9F;AA+CD,wBAAgB,gBAAgB,CAAC,OAAO,GAAE,iBAAsB,GAAG,UAAU,CA0B5E;AAkBD,wBAAgB,cAAc,CAAC,KAAK,EAAE,UAAU,GAAG,aAAa,GAAG,IAAI,CA4BtE;AAED,wBAAsB,YAAY,CAChC,KAAK,EAAE,UAAU,EACjB,OAAO,GAAE,mBAAwB,GAChC,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAU/B"}

package/dist/site.js

@@ -6,8 +6,26 @@ function normalizeApiPath(apiPath) {
     const path = apiPath.startsWith('/') ? apiPath : `/${apiPath}`;
     return trimTrailingSlash(path);
 }
+/**
+ * Resolve a base URL, in order of preference:
+ *   1. explicit `baseUrl` option
+ *   2. `NEXT_PUBLIC_SITE_URL`
+ *   3. `VERCEL_URL` (with `https://` prefix; Vercel only sets the host)
+ *   4. empty string (relative URL — only safe in browsers and Next.js
+ *      route handlers; will throw under bare Node `fetch`)
+ */
+function resolveBaseUrl(baseUrl) {
+    if (baseUrl)
+        return trimTrailingSlash(baseUrl);
+    const env = process.env;
+    if (env.NEXT_PUBLIC_SITE_URL)
+        return trimTrailingSlash(env.NEXT_PUBLIC_SITE_URL);
+    if (env.VERCEL_URL)
+        return `https://${env.VERCEL_URL}`;
+    return '';
+}
 function buildBaseUrl(baseUrl, apiPath) {
-    const origin = trimTrailingSlash(baseUrl ?? '');
+    const origin = resolveBaseUrl(baseUrl);
     return `${origin}${normalizeApiPath(apiPath ?? DEFAULT_API_PATH)}`;
 }
 async function readApiData(response) {

package/dist/site.js.map

@@ -1 +1 @@
-{"version":3,"file":"site.js","sourceRoot":"","sources":["../src/site.ts"],"names":[],"mappings":"AA0DA,MAAM,gBAAgB,GAAG,UAAU,CAAC;AAEpC,SAAS,iBAAiB,CAAC,KAAa;IACtC,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,EAAE,CAAC;IAC/D,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,YAAY,CAAC,OAA2B,EAAE,OAA2B;IAC5E,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;IAChD,OAAO,GAAG,MAAM,GAAG,gBAAgB,CAAC,OAAO,IAAI,gBAAgB,CAAC,EAAE,CAAC;AACrE,CAAC;AAED,KAAK,UAAU,WAAW,CAAI,QAAkB;IAC9C,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACzC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IACtF,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAsB,CAAC;IACvD,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC;QACvD,OAAQ,IAAqB,CAAC,IAAI,IAAI,IAAI,CAAC;IAC7C,CAAC;IACD,OAAO,IAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,UAA6B,EAAE;IAC9D,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,IAAI,KAAK,CAAC;IACzC,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,OAAO,GAA2B;QACtC,cAAc,EAAE,kBAAkB;KACnC,CAAC;IAEF,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,OAAO,CAAC,aAAa,GAAG,UAAU,OAAO,CAAC,MAAM,EAAE,CAAC;IACrD,CAAC;IAED,OAAO;QACL,KAAK,CAAC,SAAS,CAA8B,IAAY;YACvD,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,GAAG,OAAO,mBAAmB,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;YACvG,OAAO,WAAW,CAAI,QAAQ,CAAC,CAAC;QAClC,CAAC;QAED,KAAK,CAAC,eAAe,CAA8B,IAAY;YAC7D,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,GAAG,OAAO,iBAAiB,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;YACrG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;gBAAE,OAAO,IAAI,CAAC;YACzC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;YACtF,CAAC;YACD,OAAO,QAAQ,CAAC,IAAI,EAA+B,CAAC;QACtD,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC9B,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AAC3E,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAc;IACtC,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AAClD,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAc;IACtC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AAC5E,CAAC;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,OAAO,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;AAC3F,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,KAAiB;IAC9C,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACtC,OAAO;YACL,GAAG,EAAE,KAAK;YACV,GAAG,EAAE,IAAI;YACT,KAAK,EAAE,IAAI;YACX,KAAK,EAAE,IAAI;YACX,MAAM,EAAE,IAAI;YACZ,UAAU,EAAE,IAAI;SACjB,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAChC,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAEtB,MAAM,EAAE,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC9B,OAAO;QACL,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrB,GAAG;QACH,GAAG,EAAE,gBAAgB,CAAC,KAAK,CAAC,GAAG,CAAC;QAChC,KAAK,EAAE,gBAAgB,CAAC,KAAK,CAAC,KAAK,CAAC;QACpC,KAAK,EAAE,gBAAgB,CAAC,KAAK,CAAC,KAAK,CAAC;QACpC,MAAM,EAAE,gBAAgB,CAAC,KAAK,CAAC,MAAM,CAAC;QACtC,UAAU,EAAE,gBAAgB,CAAC,KAAK,CAAC,UAAU,CAAC;KAC/C,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,KAAiB,EACjB,UAA+B,EAAE;IAEjC,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IACzC,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAElC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACrD,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAClD,OAAO,cAAc,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}
+{"version":3,"file":"site.js","sourceRoot":"","sources":["../src/site.ts"],"names":[],"mappings":"AA0DA,MAAM,gBAAgB,GAAG,UAAU,CAAC;AAEpC,SAAS,iBAAiB,CAAC,KAAa;IACtC,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,EAAE,CAAC;IAC/D,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC;AACjC,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,cAAc,CAAC,OAA2B;IACjD,IAAI,OAAO;QAAE,OAAO,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IACxB,IAAI,GAAG,CAAC,oBAAoB;QAAE,OAAO,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;IACjF,IAAI,GAAG,CAAC,UAAU;QAAE,OAAO,WAAW,GAAG,CAAC,UAAU,EAAE,CAAC;IACvD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,YAAY,CAAC,OAA2B,EAAE,OAA2B;IAC5E,MAAM,MAAM,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IACvC,OAAO,GAAG,MAAM,GAAG,gBAAgB,CAAC,OAAO,IAAI,gBAAgB,CAAC,EAAE,CAAC;AACrE,CAAC;AAED,KAAK,UAAU,WAAW,CAAI,QAAkB;IAC9C,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACzC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IACtF,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAsB,CAAC;IACvD,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC;QACvD,OAAQ,IAAqB,CAAC,IAAI,IAAI,IAAI,CAAC;IAC7C,CAAC;IACD,OAAO,IAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,UAA6B,EAAE;IAC9D,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,IAAI,KAAK,CAAC;IACzC,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;IAC/D,MAAM,OAAO,GAA2B;QACtC,cAAc,EAAE,kBAAkB;KACnC,CAAC;IAEF,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,OAAO,CAAC,aAAa,GAAG,UAAU,OAAO,CAAC,MAAM,EAAE,CAAC;IACrD,CAAC;IAED,OAAO;QACL,KAAK,CAAC,SAAS,CAA8B,IAAY;YACvD,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,GAAG,OAAO,mBAAmB,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;YACvG,OAAO,WAAW,CAAI,QAAQ,CAAC,CAAC;QAClC,CAAC;QAED,KAAK,CAAC,eAAe,CAA8B,IAAY;YAC7D,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,GAAG,OAAO,iBAAiB,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;YACrG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;gBAAE,OAAO,IAAI,CAAC;YACzC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;YACtF,CAAC;YACD,OAAO,QAAQ,CAAC,IAAI,EAA+B,CAAC;QACtD,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC9B,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AAC3E,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAc;IACtC,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AAClD,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAc;IACtC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AAC5E,CAAC;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,OAAO,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;AAC3F,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,KAAiB;IAC9C,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACtC,OAAO;YACL,GAAG,EAAE,KAAK;YACV,GAAG,EAAE,IAAI;YACT,KAAK,EAAE,IAAI;YACX,KAAK,EAAE,IAAI;YACX,MAAM,EAAE,IAAI;YACZ,UAAU,EAAE,IAAI;SACjB,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAChC,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAEtB,MAAM,EAAE,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC9B,OAAO;QACL,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrB,GAAG;QACH,GAAG,EAAE,gBAAgB,CAAC,KAAK,CAAC,GAAG,CAAC;QAChC,KAAK,EAAE,gBAAgB,CAAC,KAAK,CAAC,KAAK,CAAC;QACpC,KAAK,EAAE,gBAAgB,CAAC,KAAK,CAAC,KAAK,CAAC;QACpC,MAAM,EAAE,gBAAgB,CAAC,KAAK,CAAC,MAAM,CAAC;QACtC,UAAU,EAAE,gBAAgB,CAAC,KAAK,CAAC,UAAU,CAAC;KAC/C,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,KAAiB,EACjB,UAA+B,EAAE;IAEjC,MAAM,UAAU,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IACzC,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAElC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACrD,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAClD,OAAO,cAAc,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/storage/index.d.ts

@@ -1,11 +1,21 @@
-export interface StorageAdapter {
-    generateUploadUrl(filename: string, contentType: string): Promise<{
-        uploadUrl: string;
-        publicUrl: string;
-        storageKey: string;
-    }>;
-    deleteFile(storageKey: string): Promise<void>;
-}
-export declare function setStorageAdapter(adapter: StorageAdapter): void;
-export declare function getStorageAdapter(): StorageAdapter;
+import type { StorageAdapter as ConfigStorageAdapter } from '../config/types.js';
+/**
+ * Re-exports the canonical {@link StorageAdapter} shape used by platform
+ * adapters (see `packages/platform-vercel/src/storage.ts`,
+ * `packages/platform-aws/src/storage.ts`).
+ *
+ * Historically there were two divergent `StorageAdapter` interfaces in the
+ * codebase — a presign-style one here and an upload/download one in
+ * `config/types.ts`. Platform packages implemented the latter, so nothing
+ * actually wired the storage adapter into the API. This re-export
+ * unifies them so the registry and the platform packages speak the same
+ * contract.
+ */
+export type StorageAdapter = ConfigStorageAdapter;
+/** Register a storage adapter for the running CMS instance. Idempotent. */
+export declare function setStorageAdapter(adapter: StorageAdapter | null): void;
+/** Returns the registered storage adapter, or `null` if none is configured. */
+export declare function getStorageAdapter(): StorageAdapter | null;
+/** True when a storage adapter has been registered. */
+export declare function hasStorageAdapter(): boolean;
 //# sourceMappingURL=index.d.ts.map

package/dist/storage/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/storage/index.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;QAChE,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;QAClB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC,CAAC;IACH,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC/C;AAID,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,cAAc,GAAG,IAAI,CAE/D;AAED,wBAAgB,iBAAiB,IAAI,cAAc,CAOlD"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/storage/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,IAAI,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAEjF;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,cAAc,GAAG,oBAAoB,CAAC;AAIlD,2EAA2E;AAC3E,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,cAAc,GAAG,IAAI,GAAG,IAAI,CAEtE;AAED,+EAA+E;AAC/E,wBAAgB,iBAAiB,IAAI,cAAc,GAAG,IAAI,CAEzD;AAED,uDAAuD;AACvD,wBAAgB,iBAAiB,IAAI,OAAO,CAE3C"}

package/dist/storage/index.js

@@ -1,11 +1,14 @@
 let _adapter = null;
+/** Register a storage adapter for the running CMS instance. Idempotent. */
 export function setStorageAdapter(adapter) {
     _adapter = adapter;
 }
+/** Returns the registered storage adapter, or `null` if none is configured. */
 export function getStorageAdapter() {
-    if (!_adapter) {
-        throw new Error('No storage adapter configured. Call setStorageAdapter() with a Vercel Blob or S3 adapter.');
-    }
     return _adapter;
 }
+/** True when a storage adapter has been registered. */
+export function hasStorageAdapter() {
+    return _adapter !== null;
+}
 //# sourceMappingURL=index.js.map

package/dist/storage/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/storage/index.ts"],"names":[],"mappings":"AASA,IAAI,QAAQ,GAA0B,IAAI,CAAC;AAE3C,MAAM,UAAU,iBAAiB,CAAC,OAAuB;IACvD,QAAQ,GAAG,OAAO,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;IACJ,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/storage/index.ts"],"names":[],"mappings":"AAgBA,IAAI,QAAQ,GAA0B,IAAI,CAAC;AAE3C,2EAA2E;AAC3E,MAAM,UAAU,iBAAiB,CAAC,OAA8B;IAC9D,QAAQ,GAAG,OAAO,CAAC;AACrB,CAAC;AAED,+EAA+E;AAC/E,MAAM,UAAU,iBAAiB;IAC/B,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,uDAAuD;AACvD,MAAM,UAAU,iBAAiB;IAC/B,OAAO,QAAQ,KAAK,IAAI,CAAC;AAC3B,CAAC"}