@actuate-media/cms-core 0.13.0 → 0.14.0

package/dist/security/api-key-enhanced.d.ts

@@ -1,18 +1,45 @@
+/**
+ * API key generation and scope validation.
+ *
+ * Keys are formatted `act_sk_<64 hex chars>`. We store only a SHA-256 hash of
+ * the key in the database; the raw key is shown to the user exactly once at
+ * creation time. The first 15 chars (`act_sk_` + 8 hex) are stored as
+ * `keyPrefix` so the admin UI can display a human-recognizable token without
+ * leaking the secret half.
+ */
 export interface ApiKeyScope {
+    /**
+     * Collection slugs the key is allowed to act on. Use `'*'` for all
+     * collections. Omit/empty to deny collection access entirely.
+     */
     collections?: string[];
+    /**
+     * Actions allowed on the listed collections. Omit/empty to deny.
+     */
     actions?: ('read' | 'create' | 'update' | 'delete')[];
+    /**
+     * Global slugs the key is allowed to read or update. `'*'` for all.
+     */
     globals?: string[];
+    /** When true, the key can upload/manage media. */
     media?: boolean;
+    /**
+     * When true, the key can call AI page-builder endpoints (`/page-builder/*`).
+     * AI generation is expensive — issue this scope sparingly.
+     */
+    pageBuilder?: boolean;
+    /**
+     * When true, the key has full admin access (can manage users, settings,
+     * other API keys). Equivalent to a logged-in ADMIN session.
+     */
+    admin?: boolean;
 }
 export interface EnhancedApiKeyConfig {
+    /** Token prefix (always `act_sk` for live keys). */
     prefix: string;
     scopes: ApiKeyScope;
     ipRestrictions?: string[];
     expiresAt?: Date;
-    rateLimit?: {
-        maxRequests: number;
-        windowMs: number;
-    };
 }
 /** Generate a new API key with scoped permissions. */
 export declare function generateApiKey(config: EnhancedApiKeyConfig): Promise<{
@@ -20,6 +47,22 @@ export declare function generateApiKey(config: EnhancedApiKeyConfig): Promise<{
     keyHash: string;
     keyPrefix: string;
 }>;
-/** Validate an API key's scopes against a requested action. */
+/** SHA-256 hash a raw API key for lookup. */
+export declare function hashApiKey(rawKey: string): Promise<string>;
+/** True when the request's bearer token looks like an API key (vs a session JWT). */
+export declare function looksLikeApiKey(token: string): boolean;
+/**
+ * Validate an API key's scopes against a collection action. Returns true when
+ * the key is permitted to perform `action` on `collection`. Admin keys always
+ * pass.
+ */
 export declare function validateApiKeyScope(scopes: ApiKeyScope, collection: string, action: 'read' | 'create' | 'update' | 'delete'): boolean;
+/** Validate scope for a global action. */
+export declare function validateApiKeyGlobalScope(scopes: ApiKeyScope, slug: string): boolean;
+/** Validate scope for media uploads/management. */
+export declare function validateApiKeyMediaScope(scopes: ApiKeyScope): boolean;
+/** Validate scope for page-builder/AI endpoints. */
+export declare function validateApiKeyPageBuilderScope(scopes: ApiKeyScope): boolean;
+/** Validate IP restrictions against the request's client IP. */
+export declare function validateApiKeyIp(restrictions: string[] | null | undefined, ip: string): boolean;
 //# sourceMappingURL=api-key-enhanced.d.ts.map

package/dist/security/api-key-enhanced.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"api-key-enhanced.d.ts","sourceRoot":"","sources":["../../src/security/api-key-enhanced.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,WAAW;IAC1B,WAAW,CAAC,EAAE,MAAM,EAAE,CAAA;IACtB,OAAO,CAAC,EAAE,CAAC,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC,EAAE,CAAA;IACrD,OAAO,CAAC,EAAE,MAAM,EAAE,CAAA;IAClB,KAAK,CAAC,EAAE,OAAO,CAAA;CAChB;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,WAAW,CAAA;IACnB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;IACzB,SAAS,CAAC,EAAE,IAAI,CAAA;IAChB,SAAS,CAAC,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAA;CACtD;AAED,sDAAsD;AACtD,wBAAsB,cAAc,CAClC,MAAM,EAAE,oBAAoB,GAC3B,OAAO,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAc9D;AAED,+DAA+D;AAC/D,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,WAAW,EACnB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAC9C,OAAO,CAQT"}
+{"version":3,"file":"api-key-enhanced.d.ts","sourceRoot":"","sources":["../../src/security/api-key-enhanced.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAA;IACtB;;OAEG;IACH,OAAO,CAAC,EAAE,CAAC,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC,EAAE,CAAA;IACrD;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,EAAE,CAAA;IAClB,kDAAkD;IAClD,KAAK,CAAC,EAAE,OAAO,CAAA;IACf;;;OAGG;IACH,WAAW,CAAC,EAAE,OAAO,CAAA;IACrB;;;OAGG;IACH,KAAK,CAAC,EAAE,OAAO,CAAA;CAChB;AAED,MAAM,WAAW,oBAAoB;IACnC,oDAAoD;IACpD,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,WAAW,CAAA;IACnB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;IACzB,SAAS,CAAC,EAAE,IAAI,CAAA;CACjB;AAED,sDAAsD;AACtD,wBAAsB,cAAc,CAClC,MAAM,EAAE,oBAAoB,GAC3B,OAAO,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CAY9D;AAED,6CAA6C;AAC7C,wBAAsB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAKhE;AAED,qFAAqF;AACrF,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAEtD;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,WAAW,EACnB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAC9C,OAAO,CAMT;AAED,0CAA0C;AAC1C,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAKpF;AAED,mDAAmD;AACnD,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAErE;AAED,oDAAoD;AACpD,wBAAgB,8BAA8B,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAE3E;AAED,gEAAgE;AAChE,wBAAgB,gBAAgB,CAAC,YAAY,EAAE,MAAM,EAAE,GAAG,IAAI,GAAG,SAAS,EAAE,EAAE,EAAE,MAAM,GAAG,OAAO,CAI/F"}

package/dist/security/api-key-enhanced.js

@@ -1,3 +1,12 @@
+/**
+ * API key generation and scope validation.
+ *
+ * Keys are formatted `act_sk_<64 hex chars>`. We store only a SHA-256 hash of
+ * the key in the database; the raw key is shown to the user exactly once at
+ * creation time. The first 15 chars (`act_sk_` + 8 hex) are stored as
+ * `keyPrefix` so the admin UI can display a human-recognizable token without
+ * leaking the secret half.
+ */
 /** Generate a new API key with scoped permissions. */
 export async function generateApiKey(config) {
     const rawBytes = crypto.getRandomValues(new Uint8Array(32));
@@ -5,21 +14,63 @@ export async function generateApiKey(config) {
         .map((b) => b.toString(16).padStart(2, '0'))
         .join('');
     const key = `${config.prefix}_${rawKey}`;
+    // First 8 hex chars after the underscore are safe to display (the remaining
+    // 56 hex chars provide >224 bits of entropy).
     const keyPrefix = key.slice(0, config.prefix.length + 9);
-    const hashBuffer = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(key));
-    const keyHash = Array.from(new Uint8Array(hashBuffer))
+    const keyHash = await hashApiKey(key);
+    return { key, keyHash, keyPrefix };
+}
+/** SHA-256 hash a raw API key for lookup. */
+export async function hashApiKey(rawKey) {
+    const hashBuffer = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(rawKey));
+    return Array.from(new Uint8Array(hashBuffer))
         .map((b) => b.toString(16).padStart(2, '0'))
         .join('');
-    return { key, keyHash, keyPrefix };
 }
-/** Validate an API key's scopes against a requested action. */
+/** True when the request's bearer token looks like an API key (vs a session JWT). */
+export function looksLikeApiKey(token) {
+    return /^act_sk_[a-f0-9]{32,}$/i.test(token);
+}
+/**
+ * Validate an API key's scopes against a collection action. Returns true when
+ * the key is permitted to perform `action` on `collection`. Admin keys always
+ * pass.
+ */
 export function validateApiKeyScope(scopes, collection, action) {
-    if (scopes.collections && !scopes.collections.includes(collection)) {
+    if (scopes.admin)
+        return true;
+    if (!scopes.collections || scopes.collections.length === 0)
+        return false;
+    if (!scopes.actions || !scopes.actions.includes(action))
         return false;
-    }
-    if (scopes.actions && !scopes.actions.includes(action)) {
+    if (scopes.collections.includes('*'))
+        return true;
+    return scopes.collections.includes(collection);
+}
+/** Validate scope for a global action. */
+export function validateApiKeyGlobalScope(scopes, slug) {
+    if (scopes.admin)
+        return true;
+    if (!scopes.globals || scopes.globals.length === 0)
+        return false;
+    if (scopes.globals.includes('*'))
+        return true;
+    return scopes.globals.includes(slug);
+}
+/** Validate scope for media uploads/management. */
+export function validateApiKeyMediaScope(scopes) {
+    return scopes.admin === true || scopes.media === true;
+}
+/** Validate scope for page-builder/AI endpoints. */
+export function validateApiKeyPageBuilderScope(scopes) {
+    return scopes.admin === true || scopes.pageBuilder === true;
+}
+/** Validate IP restrictions against the request's client IP. */
+export function validateApiKeyIp(restrictions, ip) {
+    if (!restrictions || restrictions.length === 0)
+        return true;
+    if (!ip || ip === 'unknown')
         return false;
-    }
-    return true;
+    return restrictions.includes(ip);
 }
 //# sourceMappingURL=api-key-enhanced.js.map

package/dist/security/api-key-enhanced.js.map

@@ -1 +1 @@
-{"version":3,"file":"api-key-enhanced.js","sourceRoot":"","sources":["../../src/security/api-key-enhanced.ts"],"names":[],"mappings":"AAeA,sDAAsD;AACtD,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAA4B;IAE5B,MAAM,QAAQ,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAA;IAC3D,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC;SAChC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAA;IACX,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,EAAE,CAAA;IACxC,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;IAExD,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAA;IACvF,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;SACnD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAA;IAEX,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,CAAA;AACpC,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,mBAAmB,CACjC,MAAmB,EACnB,UAAkB,EAClB,MAA+C;IAE/C,IAAI,MAAM,CAAC,WAAW,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACnE,OAAO,KAAK,CAAA;IACd,CAAC;IACD,IAAI,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACvD,OAAO,KAAK,CAAA;IACd,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC"}
+{"version":3,"file":"api-key-enhanced.js","sourceRoot":"","sources":["../../src/security/api-key-enhanced.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAsCH,sDAAsD;AACtD,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAA4B;IAE5B,MAAM,QAAQ,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAA;IAC3D,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC;SAChC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAA;IACX,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,EAAE,CAAA;IACxC,4EAA4E;IAC5E,8CAA8C;IAC9C,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;IACxD,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,GAAG,CAAC,CAAA;IAErC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,SAAS,EAAE,CAAA;AACpC,CAAC;AAED,6CAA6C;AAC7C,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,MAAc;IAC7C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAA;IAC1F,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;SAC1C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAA;AACb,CAAC;AAED,qFAAqF;AACrF,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,OAAO,yBAAyB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;AAC9C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CACjC,MAAmB,EACnB,UAAkB,EAClB,MAA+C;IAE/C,IAAI,MAAM,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IAC7B,IAAI,CAAC,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAA;IACxE,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAA;IACrE,IAAI,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IACjD,OAAO,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;AAChD,CAAC;AAED,0CAA0C;AAC1C,MAAM,UAAU,yBAAyB,CAAC,MAAmB,EAAE,IAAY;IACzE,IAAI,MAAM,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IAC7B,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAA;IAChE,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAA;IAC7C,OAAO,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;AACtC,CAAC;AAED,mDAAmD;AACnD,MAAM,UAAU,wBAAwB,CAAC,MAAmB;IAC1D,OAAO,MAAM,CAAC,KAAK,KAAK,IAAI,IAAI,MAAM,CAAC,KAAK,KAAK,IAAI,CAAA;AACvD,CAAC;AAED,oDAAoD;AACpD,MAAM,UAAU,8BAA8B,CAAC,MAAmB;IAChE,OAAO,MAAM,CAAC,KAAK,KAAK,IAAI,IAAI,MAAM,CAAC,WAAW,KAAK,IAAI,CAAA;AAC7D,CAAC;AAED,gEAAgE;AAChE,MAAM,UAAU,gBAAgB,CAAC,YAAyC,EAAE,EAAU;IACpF,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAC3D,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,SAAS;QAAE,OAAO,KAAK,CAAA;IACzC,OAAO,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;AAClC,CAAC"}

package/generated/browser.ts

@@ -0,0 +1,109 @@
+
+/* !!! This is code generated by Prisma. Do not edit directly. !!! */
+/* eslint-disable */
+// biome-ignore-all lint: generated file
+// @ts-nocheck 
+/*
+ * This file should be your main import to use Prisma-related types and utilities in a browser. 
+ * Use it to get access to models, enums, and input types.
+ * 
+ * This file does not contain a `PrismaClient` class, nor several other helpers that are intended as server-side only.
+ * See `client.ts` for the standard, server-side entry point.
+ *
+ * 🟢 You can import this file directly.
+ */
+
+import * as Prisma from './internal/prismaNamespaceBrowser'
+export { Prisma }
+export * as $Enums from './enums'
+export * from './enums';
+/**
+ * Model User
+ * 
+ */
+export type User = Prisma.UserModel
+/**
+ * Model OAuthAccount
+ * 
+ */
+export type OAuthAccount = Prisma.OAuthAccountModel
+/**
+ * Model Session
+ * 
+ */
+export type Session = Prisma.SessionModel
+/**
+ * Model ApiKey
+ * 
+ */
+export type ApiKey = Prisma.ApiKeyModel
+/**
+ * Model AuditLog
+ * 
+ */
+export type AuditLog = Prisma.AuditLogModel
+/**
+ * Model Folder
+ * 
+ */
+export type Folder = Prisma.FolderModel
+/**
+ * Model Document
+ * 
+ */
+export type Document = Prisma.DocumentModel
+/**
+ * Model Version
+ * 
+ */
+export type Version = Prisma.VersionModel
+/**
+ * Model Media
+ * 
+ */
+export type Media = Prisma.MediaModel
+/**
+ * Model MediaUsage
+ * 
+ */
+export type MediaUsage = Prisma.MediaUsageModel
+/**
+ * Model ContentLock
+ * 
+ */
+export type ContentLock = Prisma.ContentLockModel
+/**
+ * Model InAppNotification
+ * 
+ */
+export type InAppNotification = Prisma.InAppNotificationModel
+/**
+ * Model ContentTemplate
+ * 
+ */
+export type ContentTemplate = Prisma.ContentTemplateModel
+/**
+ * Model Site
+ * 
+ */
+export type Site = Prisma.SiteModel
+/**
+ * Model WorkflowState
+ * 
+ */
+export type WorkflowState = Prisma.WorkflowStateModel
+/**
+ * Model Redirect
+ * 
+ */
+export type Redirect = Prisma.RedirectModel
+/**
+ * Model FormSubmission
+ * 
+ */
+export type FormSubmission = Prisma.FormSubmissionModel
+/**
+ * Model BackupRecord
+ * 
+ */
+export type BackupRecord = Prisma.BackupRecordModel

package/generated/client.ts

@@ -0,0 +1,133 @@
+
+/* !!! This is code generated by Prisma. Do not edit directly. !!! */
+/* eslint-disable */
+// biome-ignore-all lint: generated file
+// @ts-nocheck 
+/*
+ * This file should be your main import to use Prisma. Through it you get access to all the models, enums, and input types.
+ * If you're looking for something you can import in the client-side of your application, please refer to the `browser.ts` file instead.
+ *
+ * 🟢 You can import this file directly.
+ */
+
+import * as process from 'node:process'
+import * as path from 'node:path'
+import { fileURLToPath } from 'node:url'
+globalThis['__dirname'] = path.dirname(fileURLToPath(import.meta.url))
+
+import * as runtime from "@prisma/client/runtime/client"
+import * as $Enums from "./enums"
+import * as $Class from "./internal/class"
+import * as Prisma from "./internal/prismaNamespace"
+
+export * as $Enums from './enums'
+export * from "./enums"
+/**
+ * ## Prisma Client
+ * 
+ * Type-safe database client for TypeScript
+ * @example
+ * ```
+ * const prisma = new PrismaClient({
+ *   adapter: new PrismaPg({ connectionString: process.env.DATABASE_URL })
+ * })
+ * // Fetch zero or more Users
+ * const users = await prisma.user.findMany()
+ * ```
+ * 
+ * Read more in our [docs](https://pris.ly/d/client).
+ */
+export const PrismaClient = $Class.getPrismaClientClass()
+export type PrismaClient<LogOpts extends Prisma.LogLevel = never, OmitOpts extends Prisma.PrismaClientOptions["omit"] = Prisma.PrismaClientOptions["omit"], ExtArgs extends runtime.Types.Extensions.InternalArgs = runtime.Types.Extensions.DefaultArgs> = $Class.PrismaClient<LogOpts, OmitOpts, ExtArgs>
+export { Prisma }
+
+/**
+ * Model User
+ * 
+ */
+export type User = Prisma.UserModel
+/**
+ * Model OAuthAccount
+ * 
+ */
+export type OAuthAccount = Prisma.OAuthAccountModel
+/**
+ * Model Session
+ * 
+ */
+export type Session = Prisma.SessionModel
+/**
+ * Model ApiKey
+ * 
+ */
+export type ApiKey = Prisma.ApiKeyModel
+/**
+ * Model AuditLog
+ * 
+ */
+export type AuditLog = Prisma.AuditLogModel
+/**
+ * Model Folder
+ * 
+ */
+export type Folder = Prisma.FolderModel
+/**
+ * Model Document
+ * 
+ */
+export type Document = Prisma.DocumentModel
+/**
+ * Model Version
+ * 
+ */
+export type Version = Prisma.VersionModel
+/**
+ * Model Media
+ * 
+ */
+export type Media = Prisma.MediaModel
+/**
+ * Model MediaUsage
+ * 
+ */
+export type MediaUsage = Prisma.MediaUsageModel
+/**
+ * Model ContentLock
+ * 
+ */
+export type ContentLock = Prisma.ContentLockModel
+/**
+ * Model InAppNotification
+ * 
+ */
+export type InAppNotification = Prisma.InAppNotificationModel
+/**
+ * Model ContentTemplate
+ * 
+ */
+export type ContentTemplate = Prisma.ContentTemplateModel
+/**
+ * Model Site
+ * 
+ */
+export type Site = Prisma.SiteModel
+/**
+ * Model WorkflowState
+ * 
+ */
+export type WorkflowState = Prisma.WorkflowStateModel
+/**
+ * Model Redirect
+ * 
+ */
+export type Redirect = Prisma.RedirectModel
+/**
+ * Model FormSubmission
+ * 
+ */
+export type FormSubmission = Prisma.FormSubmissionModel
+/**
+ * Model BackupRecord
+ * 
+ */
+export type BackupRecord = Prisma.BackupRecordModel