npm - @claudelaw/taichu - Versions diffs - 0.6.0 - Mend

@claudelaw/taichu 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (93) hide show

package/.dockerignore +13 -0
package/Dockerfile +51 -0
package/LICENSE +21 -0
package/README.md +208 -0
package/docker-compose.yml +42 -0
package/docs/ROADMAP.md +101 -0
package/docs/api/README.md +102 -0
package/docs/architecture/001-zero-dependency-core.md +61 -0
package/docs/architecture/002-structured-content-model.md +70 -0
package/docs/architecture/003-hook-based-extension.md +82 -0
package/docs/architecture/004-api-first-architecture.md +122 -0
package/docs/architecture/README.md +24 -0
package/docs/logo.svg +40 -0
package/docs/research/ai-era-cms-user-research.md +247 -0
package/docs/zh/README.md +81 -0
package/docs/zh/guides/deploy.md +75 -0
package/docs/zh/guides/mcp.md +84 -0
package/docs/zh/guides/promotion.md +51 -0
package/marketplace.json +78 -0
package/package.json +60 -0
package/packages/core/src/auth.js +158 -0
package/packages/core/src/content-type.js +244 -0
package/packages/core/src/core.test.js +406 -0
package/packages/core/src/errors.js +60 -0
package/packages/core/src/hooks.js +104 -0
package/packages/core/src/index.js +16 -0
package/packages/core/src/server.test.js +149 -0
package/packages/core/src/sm-crypto.js +31 -0
package/packages/core/src/sqlite-store.js +354 -0
package/packages/core/src/store.js +174 -0
package/packages/core/src/tokenizer.js +89 -0
package/packages/core/src/vector-index.js +131 -0
package/packages/llm-providers/src/index.js +181 -0
package/packages/mcp/src/index.js +355 -0
package/packages/server/public/admin/assets/index-DApxOVTx.js +191 -0
package/packages/server/public/admin/assets/index-DtMvdQm9.css +1 -0
package/packages/server/public/admin/index.html +28 -0
package/packages/server/public/aurora/style.css +1173 -0
package/packages/server/public/favicon.svg +46 -0
package/packages/server/public/theme/index.html +288 -0
package/packages/server/public/theme/style.css +133 -0
package/packages/server/public/theme-minimal/index.html +223 -0
package/packages/server/public/theme-minimal/style.css +109 -0
package/packages/server/public/ws-test.html +106 -0
package/packages/server/src/activitypub.js +228 -0
package/packages/server/src/audit.js +104 -0
package/packages/server/src/auth-provider.js +76 -0
package/packages/server/src/body-parser.js +52 -0
package/packages/server/src/bootstrap.js +272 -0
package/packages/server/src/collab.js +154 -0
package/packages/server/src/config.js +136 -0
package/packages/server/src/context.js +86 -0
package/packages/server/src/email.js +317 -0
package/packages/server/src/index.js +195 -0
package/packages/server/src/logger.js +78 -0
package/packages/server/src/media-store.js +213 -0
package/packages/server/src/middleware/auth.js +203 -0
package/packages/server/src/middleware/cors.js +15 -0
package/packages/server/src/middleware/error-handler.js +49 -0
package/packages/server/src/middleware/rate-limit.js +118 -0
package/packages/server/src/multipart.js +150 -0
package/packages/server/src/notify.js +126 -0
package/packages/server/src/pipeline.js +206 -0
package/packages/server/src/plugin-installer.js +139 -0
package/packages/server/src/plugin-manager.js +165 -0
package/packages/server/src/relationships.js +217 -0
package/packages/server/src/revisions.js +114 -0
package/packages/server/src/router.js +194 -0
package/packages/server/src/routes/activitypub.js +140 -0
package/packages/server/src/routes/api.js +363 -0
package/packages/server/src/routes/audit.js +222 -0
package/packages/server/src/routes/auth.js +205 -0
package/packages/server/src/routes/collab.js +90 -0
package/packages/server/src/routes/export.js +77 -0
package/packages/server/src/routes/graphql.js +344 -0
package/packages/server/src/routes/media.js +169 -0
package/packages/server/src/routes/plugin-marketplace.js +171 -0
package/packages/server/src/routes/relationships.js +133 -0
package/packages/server/src/routes/rss.js +92 -0
package/packages/server/src/routes/sso.js +211 -0
package/packages/server/src/routes/theme.js +119 -0
package/packages/server/src/routes/webhook.js +94 -0
package/packages/server/src/routes/wechat.js +115 -0
package/packages/server/src/routes/workflow.js +157 -0
package/packages/server/src/scheduler.js +96 -0
package/packages/server/src/search.js +100 -0
package/packages/server/src/server.test.js +295 -0
package/packages/server/src/sso-analytics.js +78 -0
package/packages/server/src/static.js +70 -0
package/packages/server/src/theme-engine.js +119 -0
package/packages/server/src/webhook.js +192 -0
package/packages/server/src/websocket.js +308 -0
package/scripts/cli.js +90 -0

package/packages/server/src/audit.js ADDED Viewed

@@ -0,0 +1,104 @@
+/**
+ * AuditLog — 操作审计日志
+ *
+ * 满足等保要求：操作日志 ≥ 6 个月留存，append-only。
+ * 记录人/Agent 的所有内容操作。
+ */
+import { getStore } from './context.js';
+import { createLogger } from './logger.js';
+const log = createLogger('audit');
+const RETENTION_DAYS = parseInt(process.env.TAICHU_AUDIT_RETENTION_DAYS) || 180;
+/**
+ * @param {object} entry
+ * @param {string} entry.actorId — who (human id or agent key prefix)
+ * @param {string} entry.actorType — "human" | "agent"
+ * @param {string} entry.action — "create" | "update" | "delete" | "publish" | "archive" | "login" | "review"
+ * @param {string} entry.resourceType — content type name
+ * @param {string} entry.resourceId — document id
+ * @param {object} [entry.detail] — additional info
+ * @param {string} [entry.ip] — request IP
+ */
+export async function record(entry) {
+  try {
+    const store = getStore();
+    await store.create({
+      type: 'audit_log',
+      data: {
+        actorId: entry.actorId || 'system',
+        actorType: entry.actorType || 'system',
+        action: entry.action,
+        resourceType: entry.resourceType || '',
+        resourceId: entry.resourceId || '',
+        detail: entry.detail || {},
+        ip: entry.ip || ''
+      },
+      status: 'active'
+    });
+  } catch (err) {
+    log.error(`Failed to record audit log: ${err.message}`);
+  }
+}
+/**
+ * Clean up logs older than retention period.
+ * Called periodically (daily).
+ */
+export async function cleanupOldLogs() {
+  const store = getStore();
+  const cutoff = new Date(Date.now() - RETENTION_DAYS * 24 * 60 * 60 * 1000).toISOString();
+  try {
+    const docs = await store.list({ type: 'audit_log', limit: 1000 });
+    let deleted = 0;
+    for (const doc of docs) {
+      if (doc.createdAt < cutoff) {
+        await store.delete(doc.id);
+        deleted++;
+      }
+    }
+    if (deleted > 0) log.info(`Audit log cleanup: removed ${deleted} entries older than ${RETENTION_DAYS} days`);
+  } catch (err) {
+    log.error(`Audit log cleanup failed: ${err.message}`);
+  }
+}
+/**
+ * Query audit logs.
+ * @param {object} filters — { actorId, action, resourceType, resourceId, limit, offset }
+ */
+export async function query(filters = {}) {
+  const store = getStore();
+  const docs = await store.list({
+    type: 'audit_log',
+    limit: filters.limit || 50,
+    offset: filters.offset || 0,
+    orderBy: 'created_at',
+    order: 'desc'
+  });
+  return docs
+    .filter(d => {
+      if (filters.actorId && d.data.actorId !== filters.actorId) return false;
+      if (filters.action && d.data.action !== filters.action) return false;
+      if (filters.resourceType && d.data.resourceType !== filters.resourceType) return false;
+      return true;
+    })
+    .map(d => ({
+      id: d.id,
+      actorId: d.data.actorId,
+      actorType: d.data.actorType,
+      action: d.data.action,
+      resourceType: d.data.resourceType,
+      resourceId: d.data.resourceId,
+      detail: d.data.detail,
+      ip: d.data.ip,
+      createdAt: d.createdAt
+    }));
+}
+/** Run daily cleanup */
+setInterval(cleanupOldLogs, 24 * 60 * 60 * 1000).unref();

package/packages/server/src/auth-provider.js ADDED Viewed

@@ -0,0 +1,76 @@
+/**
+ * Auth Provider — 可插拔认证方式
+ *
+ * 内置：email/password（默认）、phone（短信验证码）、wechat（OAuth）
+ * 通过 @taichu/plugin-auth-providers 扩展。
+ *
+ * 使用：
+ *   import { registerProvider, getProvider } from './auth-provider.js';
+ *   registerProvider('phone', new PhoneAuthProvider({ smsService: 'aliyun' }));
+ */
+class BaseAuthProvider {
+  constructor(name, config = {}) {
+    this.name = name;
+    this.config = config;
+  }
+  /** @returns {string} provider name */
+  getName() { return this.name; }
+  /** Validate credentials, return user id or null */
+  async validate(credentials) { throw new Error('Not implemented'); }
+  /** Get user display name */
+  async getUserInfo(userId) { throw new Error('Not implemented'); }
+}
+class EmailAuthProvider extends BaseAuthProvider {
+  constructor() { super('email'); }
+  async validate({ email, password }) {
+    // Delegated to auth.js (core)
+    return null; // Core auth handles email/password natively
+  }
+}
+class PhoneAuthProvider extends BaseAuthProvider {
+  constructor(config) { super('phone', config); }
+  async validate({ phone, code }) {
+    // Verify SMS code via configured service (aliyun/tencent)
+    // This is a stub — real implementation in plugin
+    if (!code || code.length < 4) return null;
+    return phone; // Return phone as identifier
+  }
+}
+class WechatAuthProvider extends BaseAuthProvider {
+  constructor(config) { super('wechat', config); }
+  async validate({ code }) {
+    // WeChat OAuth 2.0 flow
+    // Exchange code for access_token, then get user info
+    // This is a stub — real implementation in plugin
+    return code; // Return openid after exchange
+  }
+}
+// ── Registry ───────────────────────────────────────────────
+const providers = new Map();
+providers.set('email', new EmailAuthProvider());
+export function registerProvider(name, provider) {
+  providers.set(name, provider);
+}
+export function getProvider(name) {
+  return providers.get(name);
+}
+export function listProviders() {
+  return Array.from(providers.keys());
+}
+export { EmailAuthProvider, PhoneAuthProvider, WechatAuthProvider, BaseAuthProvider };

package/packages/server/src/body-parser.js ADDED Viewed

@@ -0,0 +1,52 @@
+/**
+ * Body Parser — 零依赖的请求体解析
+ *
+ * 支持：
+ *   - application/json
+ *   - multipart/form-data（未来，目前只有文件引用的需求）
+ */
+export function parseBody(req) {
+  const MAX_BODY_SIZE = parseInt(process.env.TAICHU_MAX_BODY_SIZE) || 5 * 1024 * 1024; // default 5MB
+  return new Promise((resolve, reject) => {
+    const contentType = req.headers['content-type'] || '';
+    if (!contentType.includes('application/json')) {
+      resolve(null);
+      return;
+    }
+    let totalSize = 0;
+    const chunks = [];
+    req.on('data', chunk => {
+      totalSize += chunk.length;
+      if (totalSize > MAX_BODY_SIZE) {
+        reject(Object.assign(new Error('Request body too large'), {
+          code: 'PAYLOAD_TOO_LARGE',
+          status: 413,
+          maxSize: MAX_BODY_SIZE
+        }));
+        req.destroy();
+        return;
+      }
+      chunks.push(chunk);
+    });
+    req.on('end', () => {
+      const raw = Buffer.concat(chunks).toString('utf-8');
+      if (!raw.trim()) {
+        resolve(null);
+        return;
+      }
+      try {
+        resolve(JSON.parse(raw));
+      } catch (err) {
+        reject(Object.assign(new Error('Invalid JSON in request body'), {
+          code: 'INVALID_JSON',
+          status: 400
+        }));
+      }
+    });
+    req.on('error', reject);
+  });
+}

package/packages/server/src/bootstrap.js ADDED Viewed

@@ -0,0 +1,272 @@
+/**
+ * Bootstrap — 初始化内置内容类型
+ *
+ * Taichu 启动时自动注册内置内容类型。
+ * 第三方扩展/插件可以通过 hook 系统注册自定义类型。
+ */
+import { createContentType } from '../../core/src/content-type.js';
+import { registerContentType } from './routes/api.js';
+export function bootstrap() {
+  // Article — 博客文章
+  registerContentType(createContentType('article', {
+    label: '文章',
+    description: '博客文章类型，支持标题、正文、摘要、标签、分类等',
+    schemaOrg: 'Article',
+    fields: {
+      title:       { type: 'string',  required: true,  maxLength: 200, semantic: 'headline' },
+      slug:        { type: 'string',  required: true,  semantic: 'identifier' },
+      body:        { type: 'json',    required: true,  semantic: 'articleBody' },
+      excerpt:     { type: 'string',  maxLength: 500,  semantic: 'description' },
+      featuredImage: { type: 'media', semantic: 'image' },
+      tags:        { type: 'array',   items: { type: 'string' }, semantic: 'keywords' },
+      category:    { type: 'relation', target: 'category' },
+      status:      { type: 'enum',    values: ['draft', 'scheduled', 'published', 'archived'] },
+      publishedAt: { type: 'datetime' }
+    }
+  }));
+  // Page — 静态页面
+  registerContentType(createContentType('page', {
+    label: '页面',
+    description: '静态页面，如关于、联系、隐私政策',
+    schemaOrg: 'WebPage',
+    fields: {
+      title:  { type: 'string', required: true, maxLength: 200 },
+      slug:   { type: 'string', required: true },
+      body:   { type: 'json',   required: true },
+      status: { type: 'enum',   values: ['draft', 'scheduled', 'published', 'archived'] },
+      order:  { type: 'number' }
+    }
+  }));
+  // Category — 分类
+  registerContentType(createContentType('category', {
+    label: '分类',
+    description: '内容分类（关联文章等）',
+    fields: {
+      name:        { type: 'string', required: true, maxLength: 100 },
+      slug:        { type: 'string', required: true },
+      description: { type: 'string', maxLength: 500 },
+      parent:      { type: 'relation', target: 'category' }
+    }
+  }));
+  // Media — 媒体文件元数据
+  registerContentType(createContentType('media', {
+    label: '媒体',
+    description: '上传文件的元数据记录',
+    schemaOrg: 'MediaObject',
+    fields: {
+      filename:    { type: 'string', required: true },
+      mimeType:    { type: 'string', required: true },
+      size:        { type: 'number' },
+      url:         { type: 'string', required: true },
+      width:       { type: 'number' },
+      height:      { type: 'number' },
+      altText:     { type: 'string' },
+      caption:     { type: 'string' },
+      uploadedBy:  { type: 'string' }
+    }
+  }));
+  // Author — 作者/贡献者（未来支持 Agent 作者）
+  registerContentType(createContentType('author', {
+    label: '作者',
+    description: '内容作者——可以是人类也可以是 AI Agent',
+    schemaOrg: 'Person',
+    fields: {
+      name:     { type: 'string', required: true },
+      slug:     { type: 'string', required: true },
+      bio:      { type: 'string', maxLength: 1000 },
+      avatar:   { type: 'media' },
+      website:  { type: 'string' },
+      email:    { type: 'string' },
+      type:     { type: 'enum', values: ['human', 'agent'], default: 'human' }
+    }
+  }));
+  // User — 系统用户（人类管理员/作者）
+  registerContentType(createContentType('user', {
+    label: '用户',
+    description: '系统用户——人类作者、编辑、管理员',
+    fields: {
+      username: { type: 'string', required: true, maxLength: 50 },
+      email:    { type: 'string' },
+      password: { type: 'string', required: true }, // 只存哈希
+      role:     { type: 'enum', values: ['admin', 'editor', 'author'], default: 'author' }
+    }
+  }));
+  // API Key — Agent 认证密钥
+  registerContentType(createContentType('api_key', {
+    label: 'API Key',
+    description: 'AI Agent 认证密钥（用于 Agent 访问 API）',
+    fields: {
+      prefix:  { type: 'string', required: true },
+      hash:    { type: 'string', required: true },
+      label:   { type: 'string' },
+      ownerId: { type: 'string', required: true },
+      scopes:  { type: 'array', items: { type: 'string' } }
+    }
+  }));
+  // Webhook — 内容变更事件推送
+  registerContentType(createContentType('webhook', {
+    label: 'Webhook',
+    description: '内容变更事件的外部推送端点',
+    fields: {
+      url:    { type: 'string', required: true },
+      events: { type: 'array', items: { type: 'string' } },
+      types:  { type: 'array', items: { type: 'string' } },
+      secret: { type: 'string', required: true },
+      label:  { type: 'string' },
+      active: { type: 'boolean' },
+      stats:  { type: 'json' }
+    }
+  }));
+  // AuditLog — 操作审计日志（append-only，≥180天）
+  registerContentType(createContentType('audit_log', {
+    label: '审计日志',
+    description: '操作审计日志，满足等保合规要求，保留≥180天',
+    fields: {
+      actorId:      { type: 'string', required: true },
+      actorType:    { type: 'string', required: true },
+      action:       { type: 'string', required: true },
+      resourceType: { type: 'string' },
+      resourceId:   { type: 'string' },
+      detail:       { type: 'json' },
+      ip:           { type: 'string' }
+    }
+  }));
+  // SiteSettings — 站点全局配置
+  registerContentType(createContentType('site_settings', {
+    label: '站点配置',
+    description: '全局站点配置：站点信息、Hero区块、作者、备案等',
+    fields: {
+      siteName:        { type: 'string' },
+      siteDescription: { type: 'string' },
+      icpNumber:       { type: 'string' },
+      gonganNumber:    { type: 'string' },
+      analyticsId:     { type: 'string' },
+      language:        { type: 'string' },
+      timezone:        { type: 'string' },
+      seoTitle:        { type: 'string' },
+      seoDescription:  { type: 'string' },
+      seoKeywords:     { type: 'array', items: { type: 'string' } },
+      authorName:      { type: 'string' },
+      authorTitle:     { type: 'string' },
+      authorBio:       { type: 'string' },
+      authorAvatar:    { type: 'media' },
+      hero_style:      { type: 'string' },
+      hero_video_url:  { type: 'string' },
+      hero_video_poster: { type: 'string' },
+      hero_image_url:  { type: 'string' },
+      hero_headline:   { type: 'string' },
+      hero_subtitle:   { type: 'string' },
+      hero_cta_text:   { type: 'string' },
+      hero_cta_link:   { type: 'string' },
+      hero_overlay_opacity: { type: 'number' },
+      theme:           { type: 'json' }
+    }
+  }));
+  // ReviewPolicy — Agent 内容审核策略
+  registerContentType(createContentType('review_policy', {
+    label: '审核策略',
+    description: 'Agent 生成内容的自动审核策略配置',
+    fields: {
+      name:          { type: 'string', required: true },
+      rules:         { type: 'json' },
+      requireHuman:  { type: 'boolean' },
+      blockedTerms:  { type: 'array', items: { type: 'string' } },
+      active:        { type: 'boolean' }
+    }
+  }));
+  // Revision — 内容版本快照
+  registerContentType(createContentType('revision', {
+    label: '版本历史',
+    description: '文档的版本快照，用于版本管理和回滚',
+    fields: {
+      docId:      { type: 'string', required: true },
+      docType:    { type: 'string' },
+      data:       { type: 'json', required: true },
+      status:     { type: 'string' },
+      meta:       { type: 'json' },
+      author:     { type: 'string' },
+      authorType: { type: 'string' },
+      timestamp:  { type: 'string' }
+    }
+  }));
+  // Navigation — 站点导航菜单
+  registerContentType(createContentType('navigation', {
+    label: '导航菜单',
+    description: '站点前台导航菜单项',
+    fields: {
+      title:  { type: 'string', required: true },
+      url:    { type: 'string', required: true },
+      order:  { type: 'number' },
+      target: { type: 'string' }
+    }
+  }));
+  // Comment — 文章评论（支持嵌套回复）
+  registerContentType(createContentType('comment', {
+    label: '评论',
+    description: '文章评论，支持审核和嵌套回复',
+    schemaOrg: 'Comment',
+    fields: {
+      postId:   { type: 'relation', target: 'article', required: true },
+      author:   { type: 'string', required: true, maxLength: 100 },
+      email:    { type: 'string' },
+      body:     { type: 'string', required: true, maxLength: 5000 },
+      status:   { type: 'enum', values: ['pending', 'approved', 'spam'], default: 'pending' },
+      parentId: { type: 'relation', target: 'comment' }
+    }
+  }));
+  // App — 应用/工具展示
+  registerContentType(createContentType('app', {
+    label: '应用',
+    description: '应用或工具展示（Market页面）',
+    schemaOrg: 'SoftwareApplication',
+    fields: {
+      name:        { type: 'string', required: true, maxLength: 100 },
+      slug:        { type: 'string', required: true },
+      description: { type: 'string', maxLength: 1000 },
+      icon:        { type: 'media' },
+      cover:       { type: 'media' },
+      category:    { type: 'string' },
+      url:         { type: 'string' },
+      status:      { type: 'enum', values: ['live', 'dev', 'archived'], default: 'live' },
+      featured:    { type: 'boolean', default: false },
+      order:       { type: 'number' }
+    }
+  }));
+  // Agent — AI Agent/Skill 展示
+  registerContentType(createContentType('agent', {
+    label: 'Agent',
+    description: 'AI Agent 或 Skill 展示',
+    fields: {
+      name:        { type: 'string', required: true, maxLength: 100 },
+      slug:        { type: 'string', required: true },
+      description: { type: 'string', maxLength: 1000 },
+      icon:        { type: 'media' },
+      cover:       { type: 'media' },
+      category:    { type: 'string' },
+      type:        { type: 'string' },
+      package_url: { type: 'string' },
+      status:      { type: 'enum', values: ['live', 'dev', 'archived'], default: 'live' },
+      featured:    { type: 'boolean', default: false },
+      order:       { type: 'number' }
+    }
+  }));
+  console.log(`  Bootstrap: 16 content types registered`);
+}

package/packages/server/src/collab.js ADDED Viewed

@@ -0,0 +1,154 @@
+/**
+ * Collaboration Engine — 多 Agent 协作控制
+ *
+ * 提供乐观锁（Optimistic Locking）和内容冲突检测。
+ *
+ * 乐观锁机制：
+ *   - 每个文档有一个 `_version` 字段（单调递增整数）
+ *   - 更新时必须传入 `_version`，服务端比对
+ *   - 版本不匹配 → 409 Conflict，返回当前版本
+ *   - 客户端拿到最新版本后可重试
+ *
+ * 协作会话：
+ *   - Agent 可以声明"I'm editing this"（acquire session）
+ *   - 会话有过期时间（默认 5 分钟）
+ *   - 其他 Agent 可以看到当前编辑者
+ */
+const SESSION_TTL = 5 * 60 * 1000; // 5 minutes
+class CollaborationEngine {
+  constructor() {
+    /** @type {Map<string, { actorId: string, actorType: string, label: string, startedAt: number, expiresAt: number }>} */
+    this.sessions = new Map();
+    this._cleanupTimer = setInterval(() => this._cleanup(), 60000);
+  }
+  /**
+   * Acquire an editing session for a document.
+   * @param {string} docId
+   * @param {object} actor — { id, type, username/label }
+   * @returns {{ acquired: boolean, currentEditor?: object, message?: string }}
+   */
+  acquire(docId, actor) {
+    const existing = this.sessions.get(docId);
+    if (existing && existing.expiresAt > Date.now()) {
+      // Still active — someone is editing
+      if (existing.actorId === actor.id) {
+        // Same actor refreshing their session
+        existing.expiresAt = Date.now() + SESSION_TTL;
+        return { acquired: true };
+      }
+      return {
+        acquired: false,
+        currentEditor: {
+          id: existing.actorId,
+          type: existing.actorType,
+          label: existing.label
+        },
+        message: `Document is being edited by ${existing.label || existing.actorId}`
+      };
+    }
+    this.sessions.set(docId, {
+      actorId: actor.id,
+      actorType: actor.type || 'agent',
+      label: actor.username || actor.label || actor.id,
+      startedAt: Date.now(),
+      expiresAt: Date.now() + SESSION_TTL
+    });
+    return { acquired: true };
+  }
+  /**
+   * Release an editing session.
+   */
+  release(docId, actorId) {
+    const existing = this.sessions.get(docId);
+    if (existing && existing.actorId === actorId) {
+      this.sessions.delete(docId);
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Check if a document has an active editing session.
+   */
+  getSession(docId) {
+    const existing = this.sessions.get(docId);
+    if (existing && existing.expiresAt > Date.now()) {
+      return {
+        editorId: existing.actorId,
+        editorType: existing.actorType,
+        label: existing.label,
+        startedAt: new Date(existing.startedAt).toISOString()
+      };
+    }
+    return null;
+  }
+  /**
+   * Optimistic lock check for document updates.
+   * @param {object} doc — current document from store
+   * @param {number} expectedVersion — version from client
+   * @returns {{ ok: boolean, currentVersion?: number, error?: string }}
+   */
+  checkVersion(doc, expectedVersion) {
+    const currentVersion = doc._version || doc.meta?.version || 0;
+    if (expectedVersion !== undefined && expectedVersion !== currentVersion) {
+      return {
+        ok: false,
+        currentVersion,
+        error: `Version conflict: expected v${expectedVersion}, current v${currentVersion}. Re-fetch and retry.`
+      };
+    }
+    return { ok: true };
+  }
+  /**
+   * List all active sessions.
+   */
+  listSessions() {
+    const active = [];
+    for (const [docId, session] of this.sessions) {
+      if (session.expiresAt > Date.now()) {
+        active.push({
+          docId,
+          editorId: session.actorId,
+          editorType: session.actorType,
+          label: session.label,
+          remainingSeconds: Math.floor((session.expiresAt - Date.now()) / 1000)
+        });
+      }
+    }
+    return active;
+  }
+  _cleanup() {
+    const now = Date.now();
+    for (const [docId, session] of this.sessions) {
+      if (session.expiresAt <= now) {
+        this.sessions.delete(docId);
+      }
+    }
+  }
+  destroy() {
+    if (this._cleanupTimer) clearInterval(this._cleanupTimer);
+    this.sessions.clear();
+  }
+}
+// ── Singleton ──────────────────────────────────────────────
+let _collab = null;
+export function getCollab() {
+  if (!_collab) _collab = new CollaborationEngine();
+  return _collab;
+}