npm - @dyrected/core - Versions diffs - 1.0.9 → 2.1.0 - Mend

@dyrected/core 1.0.9 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/index.cjs CHANGED Viewed

@@ -1,7 +1,9 @@
 "use strict";
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -15,15 +17,25 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
+  createDyrectedApp: () => createDyrectedApp,
   defineCollection: () => defineCollection,
   defineConfig: () => defineConfig,
   defineGlobal: () => defineGlobal,
   generateAIPrompt: () => generateAIPrompt,
+  generateFreshSetupPrompt: () => generateFreshSetupPrompt,
   normalizeConfig: () => normalizeConfig
 });
 module.exports = __toCommonJS(index_exports);
@@ -36,41 +48,75 @@ function buildEnvironmentSection(frameworkLabel, isSelfHosted, config) {
 \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
 1. ENVIRONMENT
 \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
-- Framework : ${frameworkLabel}
+- Framework : ${frameworkLabel || "Detect it"}
 - Host Type : ${isSelfHosted ? "Self-Hosted (Local/Private Server)" : "Managed (Dyrected Cloud)"}
 - API Base  : ${config.baseUrl || "http://localhost:3000"}
 ${credentialLines}`;
 }
-function buildDiagnosticSection(existingSite) {
-  if (existingSite) {
-    return `
+function buildDiagnosticSection() {
+  return `
 \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
-2. PHASE 0 \u2014 DIAGNOSTIC (EXISTING SITE)
+2. PHASE 0 \u2014 DISCOVERY
 \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
-Before writing any code, scan the existing codebase and report:
-- All hardcoded text strings that should be CMS-managed
-- All repeated data structures that should become collections
-- All static pages that marketing will want to edit independently
-- Any existing fetch or API calls that overlap with Dyrected
+Before writing any code, you MUST ask the user these questions.
+Write them exactly as shown below \u2014 in plain language with examples.
+Wait for the user to answer ALL of them before proceeding.
-Then propose a backup plan: extract all current content into a
-migration/ folder as structured .md or .json files BEFORE
-modifying any code.
+\u2500\u2500\u2500 QUESTION 1 \u2500\u2500\u2500
+Ask:
+"Do you already have a website built, or are we starting fresh?
-Do NOT write any implementation code until you have reported
-your findings and the user has confirmed the content plan.`;
-  }
-  return `
-\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
-2. PHASE 0 \u2014 DISCOVERY (NEW SITE)
-\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
-This is a new project. Before designing the content model, ask:
-- "What are your core content types? (e.g. Services, Team, Blog, Projects)"
-- "Which pages should marketing manage independently with blocks?"
-- "Are there any pages that must remain static and never become CMS-managed?"
-- "What is the primary goal of the site \u2014 marketing, e-commerce, portfolio, SaaS?"
+  \u2192 Already built: share your project or describe what pages you have
+    (e.g. Home, About, Services, Contact)
+  \u2192 Starting fresh: just say 'new site' and describe what the site is for"
+\u2500\u2500\u2500 QUESTION 2 \u2500\u2500\u2500
+Ask:
+"What kind of content will your client need to update regularly?
+  Here are some examples to help you think:
+  \u2192 Blog posts or news articles
+  \u2192 Team member profiles (name, photo, bio)
+  \u2192 Services or product descriptions
+  \u2192 Testimonials or reviews
+  \u2192 Event listings
+  \u2192 FAQs
+  \u2192 Homepage text (headline, hero image, call-to-action button)
+  Just list the ones that apply. You can say things like:
+  'They need to update blog posts and team members'"
+\u2500\u2500\u2500 QUESTION 3 \u2500\u2500\u2500
+Ask:
+"Are there any pages on the site that should NEVER change \u2014 like a
+  custom-coded page you want to leave exactly as it is?
-Do NOT write any code until the user has answered these questions.`;
+  Example answer: 'The homepage has a custom animation, leave that alone.
+  Everything else can be managed from the CMS.'
+  If everything should be manageable, just say 'all pages'"
+\u2500\u2500\u2500 QUESTION 4 \u2500\u2500\u2500
+Ask:
+"What is this website for? Pick the closest description:
+  A) A business or agency marketing site (show services, get leads)
+  B) A blog or content site (publish articles regularly)
+  C) A SaaS or product site (landing page, pricing, features)
+  D) A portfolio (show work, case studies)
+  E) An e-commerce or product catalogue
+  F) Something else \u2014 describe it in one sentence"
+\u2500\u2500\u2500 IF EXISTING SITE \u2500\u2500\u2500
+If the user confirms they have an existing site, also:
+- Scan the codebase for all hardcoded text that should be CMS-managed
+- Identify repeated data structures that should become collections
+- Propose saving current content to a migration/ folder as .json files
+  BEFORE touching any code
+- Report your findings to the user and get confirmation before proceeding
+Do NOT write any implementation code until all questions are answered
+and the user has confirmed the content plan.`;
 }
 function buildConstraintsSection() {
   return `
@@ -100,7 +146,7 @@ function buildSchemaRulesSection() {
 - Never drop existing fields from the schema. Mark unused fields as deprecated only.
 - All new fields must have a defaultValue.
 - Never rename a field slug \u2014 add a new field and migrate data separately.
-- Run npx @dyrected/cli sync:schema after every config change.`;
+- For Cloud deployments, run npx @dyrected/cli sync:schema after every config change. Self-hosted deployments sync automatically on startup.`;
 }
 function buildDoNotSection() {
   return `
@@ -111,7 +157,7 @@ function buildDoNotSection() {
 - Do NOT add custom auth middleware to the admin route.
   Dyrected handles admin authentication internally. Do not wrap,
   protect, or redirect the admin route yourself.
-- Do NOT use renderAdminUI in a Nuxt project. Use the DyrectedAdmin
+- Do NOT use renderAdminUI in a Nuxt.js project. Use the DyrectedAdmin
   component which is auto-imported by @dyrected/nuxt.
 - Do NOT modify or overwrite existing pages without first preserving their data.
 - Do NOT drop, rename, or remove fields from an existing schema.
@@ -126,23 +172,26 @@ function buildTechnicalReferenceSection() {
 Use defineCollection, defineGlobal, and defineConfig from '@dyrected/core'.
 FIELD TYPES:
-- Primitive  : text | textarea | richText | number | boolean | date | email | url | json
+- Primitive  : text | textarea | richText | number | boolean | date | email | url | json | image
 - Choice     : select | multiSelect           (requires options: [{ label, value }])
 - Structural : array | object                 (requires nested fields: [...])
-- Relation   : relationship                   (requires collection: '<slug>')
+- Relation   : relationship                   (requires relationTo: '<slug>')
 - Media      : relationship to an upload collection (e.g. 'media')
 - Blocks     : blocks                         (requires blocks: [{ slug, labels, fields }])
 COLLECTION OPTIONS:
 - upload: true       \u2014 media library with file upload support
 - auth: true         \u2014 adds login/me endpoints; password field is auto-managed
+- audit: true        \u2014 enables activity logging
 - admin.useAsTitle   \u2014 field used as display title in admin list view
 - admin.group        \u2014 groups collection under a sidebar heading
 - admin.hidden       \u2014 hides collection from the sidebar (internal/system use)
 FIELD OPTIONS:
+- label              \u2014 user-friendly display name (REQUIRED for all fields)
 - required           \u2014 validation
 - unique             \u2014 database-level uniqueness constraint
+- hasMany            \u2014 allow multiple values (for relationship, select, image)
 - defaultValue       \u2014 fallback value (required on all new fields added to existing schemas)
 - admin.condition    \u2014 Jexl expression string to conditionally show/hide field
                        e.g. "status == \\"published\\""
@@ -164,14 +213,13 @@ Always include a default case in your switch for unknown block types.
 COMPLETE SCHEMA EXAMPLE:
 \`\`\`ts
 import { defineCollection, defineGlobal, defineConfig } from '@dyrected/core'
-import { MongoAdapter } from '@dyrected/db-mongodb'
-import { S3StorageAdapter } from '@dyrected/storage-s3'
+import { SqliteAdapter } from '@dyrected/db-sqlite'
 const media = defineCollection({
   slug: 'media',
   upload: true,
   fields: [
-    { name: 'alt', type: 'text', label: 'Alt Text' },
+    { name: 'alt', label: 'Alt Text', type: 'text' },
   ],
 })
@@ -179,44 +227,45 @@ const pages = defineCollection({
   slug: 'pages',
   admin: { useAsTitle: 'title', group: 'Content' },
   fields: [
-    { name: 'title', type: 'text', required: true },
-    { name: 'slug',  type: 'text', required: true, unique: true },
-    { name: 'seo', type: 'object', fields: [
-      { name: 'metaTitle',       type: 'text' },
-      { name: 'metaDescription', type: 'textarea' },
-      { name: 'ogImage',         type: 'relationship', collection: 'media' },
+    { name: 'title', label: 'Title', type: 'text', required: true },
+    { name: 'slug',  label: 'URL Slug', type: 'text', required: true, unique: true },
+    { name: 'seo', label: 'SEO Metadata', type: 'object', fields: [
+      { name: 'metaTitle',       label: 'Meta Title',       type: 'text' },
+      { name: 'metaDescription', label: 'Meta Description', type: 'textarea' },
+      { name: 'ogImage',         label: 'OG Image',         type: 'relationship', relationTo: 'media' },
     ]},
     {
       name: 'layout',
+      label: 'Page Layout',
       type: 'blocks',
       blocks: [
         {
           slug: 'hero',
           labels: { singular: 'Hero', plural: 'Heroes' },
           fields: [
-            { name: 'heading',    type: 'text',         required: true },
-            { name: 'subheading', type: 'textarea' },
-            { name: 'image',      type: 'relationship', collection: 'media' },
-            { name: 'ctaLabel',   type: 'text' },
-            { name: 'ctaLink',    type: 'url' },
+            { name: 'heading',    label: 'Heading',    type: 'text',         required: true },
+            { name: 'subheading', label: 'Subheading', type: 'textarea' },
+            { name: 'image',      label: 'Hero Image', type: 'relationship', relationTo: 'media' },
+            { name: 'ctaLabel',   label: 'Button Label', type: 'text' },
+            { name: 'ctaLink',    label: 'Button Link',  type: 'url' },
           ],
         },
         {
           slug: 'richContent',
           labels: { singular: 'Rich Content', plural: 'Rich Content Blocks' },
           fields: [
-            { name: 'content', type: 'richText', required: true },
+            { name: 'content', label: 'Content', type: 'richText', required: true },
           ],
         },
         {
           slug: 'callToAction',
           labels: { singular: 'Call to Action', plural: 'Calls to Action' },
           fields: [
-            { name: 'heading',     type: 'text', required: true },
-            { name: 'description', type: 'textarea' },
-            { name: 'buttonLabel', type: 'text' },
-            { name: 'buttonLink',  type: 'url' },
-            { name: 'theme', type: 'select', options: [
+            { name: 'heading',     label: 'Heading',     type: 'text', required: true },
+            { name: 'description', label: 'Description', type: 'textarea' },
+            { name: 'buttonLabel', label: 'Button Text', type: 'text' },
+            { name: 'buttonLink',  label: 'Button Link',  type: 'url' },
+            { name: 'theme', label: 'Theme', type: 'select', options: [
               { label: 'Primary',   value: 'primary' },
               { label: 'Secondary', value: 'secondary' },
               { label: 'Dark',      value: 'dark' },
@@ -232,28 +281,17 @@ const settings = defineGlobal({
   slug: 'settings',
   label: 'Site Settings',
   fields: [
-    { name: 'siteName',   type: 'text' },
-    { name: 'tagline',    type: 'text' },
-    { name: 'logo',       type: 'relationship', collection: 'media' },
-    { name: 'footerText', type: 'textarea' },
+    { name: 'siteName',   label: 'Site Name',    type: 'text' },
+    { name: 'tagline',    label: 'Site Tagline', type: 'text' },
+    { name: 'logo',       label: 'Site Logo',    type: 'relationship', relationTo: 'media' },
+    { name: 'footerText', label: 'Footer Text',  type: 'textarea' },
   ],
 })
 export default defineConfig({
   collections: [media, pages],
-  globals: [settings],
-  db: new MongoAdapter({
-    url: process.env.DATABASE_URL!,
-    dbName: 'dyrected_cms',
-  }),
-  storage: new S3StorageAdapter({
-    bucket: process.env.S3_BUCKET!,
-    region: process.env.S3_REGION!,
-    credentials: {
-      accessKeyId: process.env.S3_ACCESS_KEY_ID!,
-      secretAccessKey: process.env.S3_SECRET_ACCESS_KEY!,
-    },
-  }),
+  globals:     [settings],
+  db: new SqliteAdapter({ filename: './dyrected.db' }),
 })
 \`\`\``;
 }
@@ -272,7 +310,8 @@ Return your response in exactly this order. Do not combine steps. Do not skip st
 6. Migration/fallback strategy \u2014 numbered steps
 7. Schema sync command
-API Reference: https://docs.dyrected.com`;
+API Reference: https://docs.dyrected.com
+If you are unsure about any syntax or property, refer to the documentation above.`;
 }
 function buildFrameworkSection(activeTab, isSelfHosted, config) {
   const envPrefix = activeTab === "next" ? "NEXT_PUBLIC_" : activeTab === "nuxt" ? "NUXT_PUBLIC_" : "";
@@ -294,14 +333,14 @@ export const dyrected = createClient({
 })
 \`\`\`
-2. Admin Route (app/admin/[[...slug]]/page.tsx):
+2. Admin Route (app/cms/page.tsx):
 \`\`\`tsx
 import { DyrectedAdmin } from '@dyrected/next/admin'
 export default function AdminPage() {
   // DyrectedAdmin handles routing, auth, and CSS automatically.
   // Do NOT wrap this in custom auth middleware.
-  return <DyrectedAdmin basename="/admin" />
+  return <DyrectedAdmin basename="/cms" />
 }
 \`\`\`
@@ -326,9 +365,9 @@ export default async function CmsPage({ params }: { params: { slug: string[] } }
 \`\`\``,
     nuxt: `
 \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
-8. IMPLEMENTATION \u2014 Nuxt
+8. IMPLEMENTATION \u2014 Nuxt.js
 \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
-1. Nuxt Config (nuxt.config.ts):
+1. Nuxt.js Config (nuxt.config.ts):
 \`\`\`ts
 export default defineNuxtConfig({
   modules: ['@dyrected/nuxt'],
@@ -340,7 +379,7 @@ export default defineNuxtConfig({
 })
 \`\`\`
-2. Admin Route (pages/admin.vue):
+2. Admin Route (pages/cms/index.vue):
 \`\`\`vue
 <script setup lang="ts">
 // DyrectedAdmin is auto-imported by @dyrected/nuxt.
@@ -352,7 +391,7 @@ definePageMeta({ layout: false })
 <template>
   <ClientOnly>
-    <DyrectedAdmin basename="/admin" />
+    <DyrectedAdmin basename="/cms" />
   </ClientOnly>
 </template>
 \`\`\`
@@ -399,7 +438,7 @@ export const dyrected = createClient({
 })
 \`\`\`
-2. Admin Route (pages/admin.tsx):
+2. Admin Route (pages/cms.tsx):
 \`\`\`tsx
 import { AdminUI } from '@dyrected/admin'
 import '@dyrected/admin/styles'
@@ -431,7 +470,7 @@ export const dyrected = createClient({
 })
 \`\`\`
-2. Admin Route (pages/admin.vue):
+2. Admin Route (pages/cms.vue):
 \`\`\`vue
 <template>
   <div ref="container" style="height: 100vh" />
@@ -459,14 +498,350 @@ onUnmounted(() => cleanup?.())
   };
   return sections[activeTab] || sections.next;
 }
+function generateFreshSetupPrompt(activeTab, config) {
+  const frameworkLabel = activeTab === "next" ? "Next.js" : activeTab === "nuxt" ? "Nuxt.js" : activeTab ? activeTab.charAt(0).toUpperCase() + activeTab.slice(1) : "the project's detected framework";
+  const isSelfHosted = config.isSelfHosted === true || !config.apiKey && !config.siteId;
+  const frameworkSetup = {
+    nuxt: `
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+3. INSTALLATION STEPS \u2014 Run these in order
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+Tell the user to follow these steps exactly. Explain each one in plain
+language before showing the command. Do not skip any step.
+STEP 1 \u2014 Initialize Dyrected
+Tell the user:
+"Run this command in your terminal inside your Nuxt.js project folder.
+It will set everything up for you automatically."
+\`\`\`bash
+npx @dyrected/cli init
+\`\`\`
+When it asks questions, tell the user to:
+- Choose: Nuxt.js 3
+- Choose: SQLite (easiest option, no extra setup needed)
+The CLI will automatically:
+- Install all required packages
+- Create a dyrected.config.ts file
+- Mount the Admin UI at pages/cms/index.vue
+- Generate a .env.example file
+STEP 2 \u2014 Register the module
+Tell the user to open nuxt.config.ts and add '@dyrected/nuxt' to modules:
+\`\`\`ts
+export default defineNuxtConfig({
+  modules: ['@dyrected/nuxt'],
+})
+\`\`\`
+STEP 3 \u2014 Set up environment variables
+Tell the user:
+"Find the file called .env.example in your project.
+Make a copy of it and rename the copy to .env
+Then open .env and fill in the values."
+STEP 4 \u2014 Start the project
+\`\`\`bash
+pnpm dev
+\`\`\`
+STEP 5 \u2014 Open the dashboard
+Tell the user to open their browser and go to:
+http://localhost:3000/cms
+If they see the Dyrected admin dashboard, the installation worked.
+Tell them: "You are ready. Now let's set up your content."`,
+    next: `
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+3. INSTALLATION STEPS \u2014 Run these in order
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+Tell the user to follow these steps exactly. Explain each one in plain
+language before showing the command. Do not skip any step.
+STEP 1 \u2014 Initialize Dyrected
+Tell the user:
+"Run this command in your terminal inside your Next.js project folder."
+\`\`\`bash
+npx @dyrected/cli init
+\`\`\`
+When it asks questions, tell the user to:
+- Choose: Next.js
+- Choose: SQLite (easiest option, no extra setup needed)
+The CLI will automatically:
+- Install all required packages
+- Create a dyrected.config.ts file
+- Mount the Admin UI at app/cms/page.tsx
+- Generate a .env.example file
+STEP 2 \u2014 Set up environment variables
+Tell the user:
+"Find the file called .env.example in your project.
+Make a copy of it and rename the copy to .env.local
+Then open .env.local and fill in the values."
+STEP 3 \u2014 Start the project
+\`\`\`bash
+pnpm dev
+\`\`\`
+STEP 4 \u2014 Open the dashboard
+Tell the user to open their browser and go to:
+http://localhost:3000/cms
+If they see the Dyrected admin dashboard, the installation worked.
+Tell them: "You are ready. Now let's set up your content."`,
+    react: `
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+3. INSTALLATION STEPS \u2014 Run these in order
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+STEP 1 \u2014 Install the SDK and admin packages
+\`\`\`bash
+npm install @dyrected/sdk @dyrected/admin
+\`\`\`
+STEP 2 \u2014 Set up the client (lib/dyrected.ts):
+\`\`\`ts
+import { createClient } from '@dyrected/sdk'
+export const dyrected = createClient({
+  baseUrl: '${config.baseUrl || "https://api.dyrected.cloud"}',${isSelfHosted ? "" : `
+  apiKey:  '${config.apiKey}',
+  siteId:  '${config.siteId}',`}
+})
+\`\`\`
+STEP 3 \u2014 Mount the Admin UI (pages/cms.tsx):
+\`\`\`tsx
+import { AdminUI } from '@dyrected/admin'
+import '@dyrected/admin/styles'
+export default function AdminPage() {
+  return (
+    <div style={{ height: '100vh' }}>
+      <AdminUI
+        baseUrl="${config.baseUrl || "https://api.dyrected.cloud"}"${isSelfHosted ? "" : `
+        apiKey="${config.apiKey}"
+        siteId="${config.siteId}"`}
+      />
+    </div>
+  )
+}
+\`\`\``,
+    vue: `
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+3. INSTALLATION STEPS \u2014 Run these in order
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+STEP 1 \u2014 Install the SDK and admin packages
+\`\`\`bash
+npm install @dyrected/sdk @dyrected/admin
+\`\`\`
+STEP 2 \u2014 Set up the client (lib/dyrected.ts):
+\`\`\`ts
+import { createClient } from '@dyrected/sdk'
+export const dyrected = createClient({
+  baseUrl: '${config.baseUrl || "https://api.dyrected.cloud"}',${isSelfHosted ? "" : `
+  apiKey:  '${config.apiKey}',
+  siteId:  '${config.siteId}',`}
+})
+\`\`\`
+STEP 3 \u2014 Mount the Admin UI (pages/cms.vue):
+\`\`\`vue
+<template>
+  <div ref="container" style="height: 100vh" />
+</template>
+<script setup>
+import { ref, onMounted, onUnmounted } from 'vue'
+import { renderAdminUI } from '@dyrected/admin'
+import '@dyrected/admin/styles'
+const container = ref(null)
+let cleanup
+onMounted(() => {
+  cleanup = renderAdminUI(container.value, {
+    baseUrl: '${config.baseUrl || "https://api.dyrected.cloud"}',${isSelfHosted ? "" : `
+    apiKey: '${config.apiKey}',
+    siteId: '${config.siteId}',`}
+  })
+})
+onUnmounted(() => cleanup?.())
+</script>
+\`\`\``
+  };
+  return [
+    `You are a friendly technical assistant helping someone set up Dyrected CMS for the very first time in a ${frameworkLabel} project. They have NOT installed anything yet.
+Your job is to:
+1. Understand who you are talking to before giving any instructions
+2. Ask simple questions about their project and content needs
+3. Walk them through setup in a way that matches their technical level
+4. Confirm each step worked before moving to the next
+5. Help them design their content so their client can manage it
+Speak in plain language at all times. Never assume technical knowledge.
+Never show more than one step at a time.
+Never mention the terminal, command line, or any commands until you have
+confirmed the user is comfortable running them.`,
+    `
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+1. ENVIRONMENT
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+- Framework : ${frameworkLabel}
+- Host Type : ${isSelfHosted ? "Self-Hosted" : "Dyrected Cloud"}
+- API Base  : ${config.baseUrl || "http://localhost:3000"}
+${isSelfHosted ? "" : `- Site ID  : ${config.siteId}
+- API Key  : ${config.apiKey}`}`.trim(),
+    `
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+2. PHASE 0 \u2014 UNDERSTAND THE USER FIRST
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+Ask these questions one at a time. Wait for each answer before asking the next.
+Never ask more than one question at a time.
+\u2500\u2500\u2500 QUESTION 1 \u2014 TECH LEVEL \u2500\u2500\u2500
+This is the most important question. Ask it first.
+Ask exactly this:
+"Before we dive in \u2014 how would you describe yourself?
+  A) I write code myself (I'm comfortable with the terminal and editing files)
+  B) I use tools like Lovable, Bolt, or v0 to build with AI \u2014 I don't write much code myself
+  C) I'm a designer or project manager \u2014 someone else usually handles the technical stuff
+  D) Something else \u2014 just describe how you work"
+Use their answer to decide how to guide them for the rest of the setup:
+- If A \u2192 they are TECHNICAL. You may show terminal commands and code directly.
+- If B \u2192 they are SEMI-TECHNICAL. Explain what each step does before showing
+          any code or commands. Ask before running anything in the terminal.
+          For Lovable users specifically: guide them to use the built-in
+          terminal or ask them to paste code into the right file in their editor.
+- If C \u2192 they are NON-TECHNICAL. Do not show terminal commands at all.
+          Generate all the code and config for them. Walk them through
+          copy-pasting into specific files by name. If a terminal step is
+          unavoidable, warn them first and offer to write the exact command
+          with a clear explanation of what it does and where to run it.
+- If D \u2192 ask one follow-up question to understand their workflow before
+          deciding which path above fits best.
+\u2500\u2500\u2500 QUESTION 2 \u2014 PROJECT STATUS \u2500\u2500\u2500
+Ask after Q1 is answered:
+"Do you already have a ${frameworkLabel} project open,
+or are we starting from scratch?
+  \u2192 Already have a project: tell me what the site is about or
+    share the folder name
+  \u2192 Starting fresh: just say 'new project' and I will help you
+    create one first"
+\u2500\u2500\u2500 QUESTION 3 \u2014 SITE PURPOSE \u2500\u2500\u2500
+Ask after Q2 is answered:
+"What kind of website is this?
+  A) A business or agency site (show services, get enquiries)
+  B) A blog or news site (publish articles regularly)
+  C) A SaaS or product landing page (features, pricing, sign up)
+  D) A portfolio (show work and past projects)
+  E) Something else \u2014 describe it in one sentence"
+\u2500\u2500\u2500 QUESTION 4 \u2014 CONTENT NEEDS \u2500\u2500\u2500
+Ask after Q3 is answered:
+"What will your client need to update themselves \u2014 without calling you?
+  Some examples to help you think:
+  \u2192 Blog posts or news articles
+  \u2192 Team member profiles (name, photo, bio)
+  \u2192 Services or product descriptions
+  \u2192 Homepage text (headline, buttons, images)
+  \u2192 Testimonials or reviews
+  \u2192 FAQs
+  \u2192 Event listings or announcements
+  Just list the ones that apply. Or say 'not sure yet'
+  and we will figure it out together."
+\u2500\u2500\u2500 AFTER ALL QUESTIONS \u2500\u2500\u2500
+Once all four questions are answered:
+1. Summarise what you understood in plain English
+2. Ask the user to confirm before touching any code
+3. Then move to the installation steps using the correct path
+   for their tech level from Question 1`,
+    frameworkSetup[activeTab] || frameworkSetup.nuxt,
+    `
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+4. AFTER INSTALLATION \u2014 CONTENT SETUP
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+Once the dashboard is confirmed working, help the user design their
+content model in dyrected.config.ts based on what they told you in
+Phase 0.
+RULES for this phase:
+- Use defineCollection and defineConfig from '@dyrected/core'
+- Use client.collection(slug) only \u2014 never client.collections
+- Always use initialData in all data fetches
+- Use a catch-all pages collection for marketing-managed pages
+- Use blocks for flexible page layouts
+- Use type: 'relationship', relationTo: 'collectionSlug' for relations
+- Never throw during render \u2014 fall back to initialData on errors
+- All relationship fields must handle null gracefully
+CONTENT SETUP DELIVERABLES \u2014 in this order:
+1. dyrected.config.ts \u2014 complete file based on their answers
+2. Catch-all page route for CMS-managed pages
+3. Block components list (names and fields only)
+4. One example fetch showing how to load content on a page
+After delivering the config, tell the user to sync their schema.
+For TECHNICAL users show the command directly:
+\`\`\`bash
+npx @dyrected/cli sync:schema
+\`\`\`
+For SEMI-TECHNICAL or NON-TECHNICAL users explain it first:
+"This next step tells Dyrected to read your content setup file
+and prepare the database. Here is the command to run:" then show it.
+Then ask: "Do you want me to help you connect this content to your
+frontend pages now?"
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+DO NOT
+\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501
+- Do NOT show terminal commands before confirming the user's tech level
+- Do NOT assume the user knows what a terminal, CLI, or package manager is
+- Do NOT show all steps at once \u2014 one step at a time always
+- Do NOT use client.collections \u2014 use client.collection(slug)
+- Do NOT add custom auth middleware to the admin route
+- Do NOT use renderAdminUI in a Nuxt.js project
+- Do NOT skip the confirmation after each installation step
+- Do NOT use jargon without explaining it in plain English first
+- Do NOT assume the installation worked \u2014 ask the user to confirm
+API Reference: https://docs.dyrected.com
+If you are unsure about any syntax, refer to the official documentation above.`
+  ].join("\n");
+}
 function generateAIPrompt(activeTab, config) {
-  const frameworkLabel = activeTab === "next" ? "Next.js" : activeTab === "nuxt" ? "Nuxt" : activeTab.charAt(0).toUpperCase() + activeTab.slice(1);
+  const frameworkLabel = activeTab === "next" ? "Next.js" : activeTab === "nuxt" ? "Nuxt.js" : activeTab ? activeTab.charAt(0).toUpperCase() + activeTab.slice(1) : "the project's detected framework";
   const isSelfHosted = config.isSelfHosted === true || !config.apiKey && !config.siteId;
   const existingSite = config.existingSite ?? false;
+  const missionText = existingSite ? `You are a Senior Content Architect. Your mission is to integrate Dyrected CMS into an EXISTING ${frameworkLabel} project. Your absolute priority is DATA PRESERVATION and MIGRATION of existing hardcoded content into a flexible, blocks-based schema that empowers marketing teams to move independently.` : `You are a Senior Content Architect. Your mission is to integrate Dyrected CMS into a NEW ${frameworkLabel} project. Your priority is DATA PRESERVATION and creating a CMS that empowers marketing teams to move independently without raising tickets to engineering.`;
   const sections = [
-    `You are a Senior Content Architect. Your mission is to integrate Dyrected CMS into a ${frameworkLabel} project. Your priority is DATA PRESERVATION and creating a CMS that empowers marketing teams to move independently without raising tickets to engineering.`,
+    missionText,
     buildEnvironmentSection(frameworkLabel, isSelfHosted, config),
-    buildDiagnosticSection(existingSite),
+    buildDiagnosticSection(),
     buildConstraintsSection(),
     buildSchemaRulesSection(),
     buildDoNotSection(),
@@ -540,6 +915,1719 @@ function normalizeConfig(config) {
   };
 }
+// src/app.ts
+var import_hono = require("hono");
+var import_cors = require("hono/cors");
+var import_request_id = require("hono/request-id");
+// src/services/population.service.ts
+var PopulationService = class {
+  db;
+  collections;
+  constructor(db, collections) {
+    this.db = db;
+    this.collections = collections;
+  }
+  /**
+   * Recursively populate relationship fields in a document or array of documents.
+   */
+  async populate(args) {
+    const { data, fields, currentDepth, maxDepth } = args;
+    if (currentDepth >= maxDepth || !data) {
+      return data;
+    }
+    if (Array.isArray(data)) {
+      return Promise.all(data.map((item) => this.populate({ ...args, data: item })));
+    }
+    const populatedDoc = { ...data };
+    for (const field of fields) {
+      const value = populatedDoc[field.name];
+      if (field.type === "relationship" && field.relationTo && value) {
+        const relatedCollection = this.collections.find((c) => c.slug === field.relationTo);
+        if (!relatedCollection) continue;
+        if (Array.isArray(value)) {
+          populatedDoc[field.name] = await Promise.all(
+            value.map(async (id) => {
+              if (!id) return id;
+              let doc = id;
+              if (typeof id === "string") {
+                doc = await this.db.findOne({ collection: field.relationTo, id });
+              }
+              if (!doc || typeof doc !== "object") return id;
+              return this.populate({
+                data: doc,
+                fields: relatedCollection.fields,
+                currentDepth: currentDepth + 1,
+                maxDepth
+              });
+            })
+          );
+        } else if (value) {
+          let doc = value;
+          if (typeof value === "string") {
+            doc = await this.db.findOne({ collection: field.relationTo, id: value });
+          }
+          if (doc && typeof doc === "object") {
+            populatedDoc[field.name] = await this.populate({
+              data: doc,
+              fields: relatedCollection.fields,
+              currentDepth: currentDepth + 1,
+              maxDepth
+            });
+          }
+        }
+      }
+      if ((field.type === "array" || field.type === "object") && field.fields && value) {
+        populatedDoc[field.name] = await this.populate({
+          data: value,
+          fields: field.fields,
+          currentDepth,
+          // Nested fields don't consume depth, only relationships do
+          maxDepth
+        });
+      }
+      if (field.type === "blocks" && field.blocks && Array.isArray(value)) {
+        populatedDoc[field.name] = await Promise.all(
+          value.map(async (blockData) => {
+            const blockConfig = field.blocks.find((b) => b.slug === blockData.blockType);
+            if (!blockConfig) return blockData;
+            return this.populate({
+              data: blockData,
+              fields: blockConfig.fields,
+              currentDepth,
+              maxDepth
+            });
+          })
+        );
+      }
+    }
+    return populatedDoc;
+  }
+  /**
+   * Helper to populate a PaginatedResult
+   */
+  async populateResult(result, fields, maxDepth) {
+    if (maxDepth <= 0) return result;
+    const populatedDocs = await this.populate({
+      data: result.docs,
+      fields,
+      currentDepth: 0,
+      maxDepth
+    });
+    return {
+      ...result,
+      docs: populatedDocs
+    };
+  }
+};
+// src/services/defaults.service.ts
+var DefaultsService = class {
+  /**
+   * Recursively apply default values to a data object based on field definitions.
+   */
+  static apply(fields, data = {}) {
+    const result = { ...data || {} };
+    fields.forEach((field) => {
+      const value = result[field.name];
+      if (value === void 0 || value === null) {
+        if (field.defaultValue !== void 0) {
+          result[field.name] = field.defaultValue;
+        } else {
+          if (field.type === "boolean") result[field.name] = false;
+          else if (field.type === "array") result[field.name] = [];
+          else if (field.type === "multiSelect") result[field.name] = [];
+          else if (field.type === "object") {
+            result[field.name] = this.apply(field.fields || [], {});
+          }
+        }
+      } else if (field.type === "object" && field.fields) {
+        result[field.name] = this.apply(field.fields, value);
+      } else if (field.type === "array" && field.fields && Array.isArray(value)) {
+        result[field.name] = value.map((item) => this.apply(field.fields, item));
+      }
+    });
+    return result;
+  }
+};
+// src/services/audit.service.ts
+var AuditService = class {
+  /**
+   * Writes a single entry to the __audit collection.
+   * Called without await — runs asynchronously and never blocks the primary operation.
+   */
+  static async log(db, args) {
+    try {
+      await db.create({
+        collection: "__audit",
+        data: {
+          collection: args.collection,
+          documentId: args.documentId ?? null,
+          operation: args.operation,
+          user: args.user?.id ?? null,
+          timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+          changes: JSON.stringify({
+            before: args.before ?? null,
+            after: args.after ?? null
+          })
+        }
+      });
+    } catch (err) {
+      console.error("[dyrected/audit] Failed to write audit log:", err);
+    }
+  }
+};
+// src/controllers/collection.controller.ts
+var CollectionController = class {
+  collection;
+  constructor(collection) {
+    this.collection = collection;
+  }
+  async find(c) {
+    const config = c.get("config");
+    const db = config.db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const limit = Number(c.req.query("limit")) || 10;
+    const page = Number(c.req.query("page")) || 1;
+    const depth = c.req.query("depth") !== void 0 ? Number(c.req.query("depth")) : 1;
+    const sort = c.req.query("sort") || void 0;
+    let where = void 0;
+    const whereRaw = c.req.query("where");
+    if (whereRaw) {
+      try {
+        where = JSON.parse(decodeURIComponent(whereRaw));
+      } catch {
+      }
+    }
+    let result = await db.find({
+      collection: this.collection.slug,
+      limit,
+      page,
+      sort,
+      where
+    });
+    result.docs = result.docs.map((doc) => DefaultsService.apply(this.collection.fields, doc));
+    if (depth > 0) {
+      const populationService = new PopulationService(db, config.collections);
+      result = await populationService.populateResult(result, this.collection.fields, depth);
+    }
+    return c.json(result);
+  }
+  async findOne(c) {
+    const config = c.get("config");
+    const db = config.db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const id = c.req.param("id");
+    const depth = c.req.query("depth") !== void 0 ? Number(c.req.query("depth")) : 1;
+    if (!id) return c.json({ message: "Missing ID" }, 400);
+    const doc = await db.findOne({ collection: this.collection.slug, id });
+    if (!doc) return c.json({ message: "Not Found" }, 404);
+    const docWithDefaults = DefaultsService.apply(this.collection.fields, doc);
+    if (depth > 0 && docWithDefaults) {
+      const populationService = new PopulationService(db, config.collections);
+      const populatedDoc = await populationService.populate({
+        data: docWithDefaults,
+        fields: this.collection.fields,
+        currentDepth: 0,
+        maxDepth: depth
+      });
+      return c.json(populatedDoc);
+    }
+    return c.json(docWithDefaults);
+  }
+  async create(c) {
+    const config = c.get("config");
+    const db = config.db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const contentType = c.req.header("Content-Type") || "";
+    if (contentType.toLowerCase().includes("multipart/form-data")) {
+      return this.upload(c);
+    }
+    const body = await c.req.json();
+    const user = c.get("user");
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const data = {
+      ...body,
+      createdAt: now,
+      updatedAt: now,
+      createdBy: user?.sub ?? null,
+      updatedBy: user?.sub ?? null
+    };
+    const doc = await db.create({ collection: this.collection.slug, data });
+    if (this.collection.audit && db) {
+      AuditService.log(db, {
+        operation: "create",
+        collection: this.collection.slug,
+        documentId: doc.id,
+        user: user ? { id: user.sub, collection: user.collection, email: user.email } : void 0,
+        before: null,
+        after: doc
+      });
+    }
+    return c.json(doc, 201);
+  }
+  async upload(c) {
+    const config = c.get("config");
+    const storage = config.storage;
+    if (!storage) return c.json({ message: "Storage not configured" }, 500);
+    const formData = await c.req.formData();
+    const file = formData.get("file");
+    if (!file) return c.json({ message: "No file uploaded" }, 400);
+    const buffer = new Uint8Array(await file.arrayBuffer());
+    const siteId = c.get("siteId");
+    const workspaceId = c.get("workspaceId");
+    const prefix = workspaceId ? `${workspaceId}/${siteId}` : siteId;
+    const fileData = await storage.upload({
+      filename: file.name,
+      buffer,
+      mimeType: file.type,
+      prefix
+    });
+    const otherData = {};
+    formData.forEach((value, key) => {
+      if (key !== "file" && typeof value === "string") {
+        otherData[key] = value;
+      }
+    });
+    const user = c.get("user");
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const doc = await config.db.create({
+      collection: this.collection.slug,
+      data: {
+        ...otherData,
+        ...fileData,
+        createdAt: now,
+        updatedAt: now,
+        createdBy: user?.sub ?? null,
+        updatedBy: user?.sub ?? null
+      }
+    });
+    return c.json(doc, 201);
+  }
+  async update(c) {
+    const config = c.get("config");
+    const db = config.db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const id = c.req.param("id");
+    if (!id) return c.json({ message: "Missing ID" }, 400);
+    const body = await c.req.json();
+    const user = c.get("user");
+    const data = {
+      ...body,
+      updatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      updatedBy: user?.sub ?? null
+    };
+    let before = null;
+    if (this.collection.audit) {
+      before = await db.findOne({ collection: this.collection.slug, id });
+    }
+    const doc = await db.update({ collection: this.collection.slug, id, data });
+    if (this.collection.audit && db) {
+      AuditService.log(db, {
+        operation: "update",
+        collection: this.collection.slug,
+        documentId: id,
+        user: user ? { id: user.sub, collection: user.collection, email: user.email } : void 0,
+        before,
+        after: doc
+      });
+    }
+    return c.json(doc);
+  }
+  async delete(c) {
+    const config = c.get("config");
+    const db = config.db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const id = c.req.param("id");
+    if (!id) return c.json({ message: "Missing ID" }, 400);
+    const user = c.get("user");
+    let before = null;
+    if (this.collection.audit) {
+      before = await db.findOne({ collection: this.collection.slug, id });
+    }
+    await db.delete({ collection: this.collection.slug, id });
+    if (this.collection.audit && db) {
+      AuditService.log(db, {
+        operation: "delete",
+        collection: this.collection.slug,
+        documentId: id,
+        user: user ? { id: user.sub, collection: user.collection, email: user.email } : void 0,
+        before,
+        after: null
+      });
+    }
+    return c.json({ message: "Deleted" });
+  }
+  async seed(c) {
+    const config = c.get("config");
+    const db = config.db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const body = await c.req.json();
+    const initialData = body.data;
+    if (!initialData || !Array.isArray(initialData)) {
+      return c.json({ message: "Invalid initial data" }, 400);
+    }
+    const result = await db.find({ collection: this.collection.slug, limit: 1 });
+    if (result.total > 0) {
+      return c.json({ message: "Collection is not empty, skipping seed" });
+    }
+    console.log(`[dyrected/core] Auto-seeding collection: ${this.collection.slug}`);
+    const createdDocs = [];
+    for (const data of initialData) {
+      const doc = await db.create({ collection: this.collection.slug, data });
+      createdDocs.push(doc);
+    }
+    return c.json({ message: "Seed successful", count: createdDocs.length }, 201);
+  }
+};
+// src/controllers/global.controller.ts
+var GlobalController = class {
+  global;
+  constructor(global) {
+    this.global = global;
+  }
+  async get(c) {
+    const config = c.get("config");
+    const db = config.db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const depth = c.req.query("depth") !== void 0 ? Number(c.req.query("depth")) : 1;
+    const data = await db.getGlobal({ slug: this.global.slug });
+    const dataWithDefaults = DefaultsService.apply(this.global.fields, data);
+    if (depth > 0 && dataWithDefaults) {
+      const populationService = new PopulationService(db, config.collections);
+      const populatedData = await populationService.populate({
+        data: dataWithDefaults,
+        fields: this.global.fields,
+        currentDepth: 1,
+        maxDepth: depth
+      });
+      return c.json(populatedData);
+    }
+    return c.json(dataWithDefaults);
+  }
+  async update(c) {
+    const db = c.get("config").db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const body = await c.req.json();
+    const data = await db.updateGlobal({ slug: this.global.slug, data: body });
+    return c.json(data);
+  }
+  async seed(c) {
+    const config = c.get("config");
+    const db = config.db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const body = await c.req.json();
+    const initialData = body.data;
+    if (!initialData) {
+      return c.json({ message: "Invalid initial data" }, 400);
+    }
+    const existing = await db.getGlobal({ slug: this.global.slug });
+    if (existing && Object.keys(existing).length > 0) {
+      return c.json({ message: "Global is not empty, skipping seed" });
+    }
+    console.log(`[dyrected/core] Auto-seeding global: ${this.global.slug}`);
+    await db.updateGlobal({ slug: this.global.slug, data: initialData });
+    return c.json({ message: "Seed successful", data: initialData }, 201);
+  }
+};
+// src/controllers/media.controller.ts
+var MediaController = class {
+  collection;
+  constructor(collection = "media") {
+    this.collection = collection;
+  }
+  async upload(c) {
+    const config = c.get("config");
+    const storage = config.storage;
+    const imageService = config.image;
+    if (!storage) {
+      return c.json({ message: "Storage not configured" }, 500);
+    }
+    const body = await c.req.parseBody();
+    const file = body["file"];
+    const focalPointStr = body["focalPoint"];
+    const focalPoint = focalPointStr ? JSON.parse(focalPointStr) : void 0;
+    if (!file) {
+      return c.json({ message: "No file uploaded" }, 400);
+    }
+    const buffer = new Uint8Array(await file.arrayBuffer());
+    const siteId = c.get("siteId");
+    const workspaceId = c.get("workspaceId");
+    const prefix = workspaceId ? `${workspaceId}/${siteId}` : siteId || "default";
+    let imageMetadata = {};
+    let imageSizes = {};
+    if (imageService && file.type.startsWith("image/")) {
+      let colConfig = config.collections.find((col) => col.slug === this.collection);
+      if (!colConfig && config.onSchemaFetch && siteId) {
+        const dynamic = await config.onSchemaFetch(siteId);
+        colConfig = dynamic.collections?.find((col) => col.slug === this.collection);
+      }
+      try {
+        const processed = await imageService.process({
+          buffer,
+          mimeType: file.type,
+          config: colConfig?.upload,
+          focalPoint
+        });
+        imageMetadata = processed.metadata;
+        imageSizes = processed.sizes;
+      } catch (err) {
+        console.error("[MediaController] Image processing failed:", err);
+      }
+    }
+    const fileData = await storage.upload({
+      filename: file.name,
+      buffer,
+      mimeType: file.type,
+      prefix
+    });
+    const finalFileData = {
+      ...fileData,
+      ...imageMetadata,
+      focalPoint,
+      sizes: {}
+    };
+    if (imageSizes) {
+      for (const [sizeName, sizeData] of Object.entries(imageSizes)) {
+        const ext = file.name.split(".").pop();
+        const baseName = file.name.substring(0, file.name.lastIndexOf("."));
+        const sizeFilename = `${baseName}-${sizeName}.${ext}`;
+        try {
+          const sizeFileData = await storage.upload({
+            filename: sizeFilename,
+            buffer: sizeData.buffer,
+            mimeType: file.type,
+            prefix
+          });
+          finalFileData.sizes[sizeName] = {
+            ...sizeFileData,
+            width: sizeData.width,
+            height: sizeData.height
+          };
+        } catch (err) {
+          console.error(`[MediaController] Failed to upload size ${sizeName}:`, err);
+        }
+      }
+    }
+    const db = config.db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const doc = await db.create({
+      collection: this.collection,
+      data: finalFileData
+    });
+    return c.json(doc, 201);
+  }
+  async find(c) {
+    const db = c.get("config").db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const limit = Number(c.req.query("limit")) || 10;
+    const page = Number(c.req.query("page")) || 1;
+    const result = await db.find({
+      collection: this.collection,
+      limit,
+      page
+    });
+    return c.json(result);
+  }
+  async delete(c) {
+    const config = c.get("config");
+    const storage = config.storage;
+    const db = config.db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const id = c.req.param("id");
+    if (!id) return c.json({ message: "Missing ID" }, 400);
+    const doc = await db.findOne({ collection: this.collection, id });
+    if (!doc) return c.json({ message: "Not Found" }, 404);
+    if (storage) {
+      await storage.delete({ filename: doc.filename });
+      if (doc.sizes) {
+        for (const size of Object.values(doc.sizes)) {
+          if (size.filename) {
+            await storage.delete({ filename: size.filename });
+          }
+        }
+      }
+    }
+    await db.delete({ collection: this.collection, id });
+    return c.json({ message: "Deleted" });
+  }
+  async serve(c) {
+    const config = c.get("config");
+    const storage = config.storage;
+    if (!storage || !storage.resolve) {
+      return c.json({ message: "Storage not configured for serving" }, 404);
+    }
+    const filename = c.req.param("filename");
+    if (!filename) return c.json({ message: "Missing filename" }, 400);
+    let res = await storage.resolve({ filename });
+    if (!res && !filename.includes("/")) {
+      res = await storage.resolve({ filename: `default/${filename}` });
+    }
+    if (!res) return c.json({ message: "Not Found" }, 404);
+    c.header("Content-Type", res.mimeType);
+    return c.body(res.buffer);
+  }
+};
+// src/auth/password.ts
+var import_node_util = require("util");
+var import_node_crypto = require("crypto");
+var scryptAsync = (0, import_node_util.promisify)(import_node_crypto.scrypt);
+var SALT_LEN = 16;
+var KEY_LEN = 64;
+async function hashPassword(plain) {
+  const salt = (0, import_node_crypto.randomBytes)(SALT_LEN).toString("hex");
+  const derivedKey = await scryptAsync(plain, salt, KEY_LEN);
+  return `${salt}:${derivedKey.toString("hex")}`;
+}
+async function verifyPassword(plain, stored) {
+  const [salt, storedHash] = stored.split(":");
+  if (!salt || !storedHash) return false;
+  const derivedKey = await scryptAsync(plain, salt, KEY_LEN);
+  const storedBuffer = Buffer.from(storedHash, "hex");
+  if (derivedKey.length !== storedBuffer.length) return false;
+  return (0, import_node_crypto.timingSafeEqual)(derivedKey, storedBuffer);
+}
+// src/auth/token.ts
+var import_jose = require("jose");
+var import_node_util2 = require("util");
+function getSecret() {
+  const secret = process.env.DYRECTED_JWT_SECRET || process.env.JWT_SECRET;
+  if (!secret) {
+    throw new Error(
+      "[dyrected/core] DYRECTED_JWT_SECRET is not set. Add it to your environment variables to enable auth collections."
+    );
+  }
+  return new import_node_util2.TextEncoder().encode(secret);
+}
+var DEFAULT_EXPIRY = "7d";
+async function signCollectionToken(payload, expiresIn = DEFAULT_EXPIRY) {
+  return new import_jose.SignJWT({ ...payload }).setProtectedHeader({ alg: "HS256" }).setIssuedAt().setExpirationTime(expiresIn).sign(getSecret());
+}
+async function verifyCollectionToken(token) {
+  const { payload } = await (0, import_jose.jwtVerify)(token, getSecret());
+  return payload;
+}
+// src/services/email.service.ts
+var _devSend = null;
+var _devSendPromise = null;
+async function getDevSend() {
+  if (_devSend) return _devSend;
+  if (_devSendPromise) return _devSendPromise;
+  _devSendPromise = (async () => {
+    try {
+      const nodemailer = await import("nodemailer");
+      const account = await nodemailer.default.createTestAccount();
+      const transport = nodemailer.default.createTransport({
+        host: "smtp.ethereal.email",
+        port: 587,
+        auth: { user: account.user, pass: account.pass }
+      });
+      console.log("[dyrected/core] No email config \u2014 using Ethereal for dev email preview.");
+      console.log(`[dyrected/core] Ethereal login: https://ethereal.email  user: ${account.user}  pass: ${account.pass}`);
+      _devSend = async ({ to, subject, html }) => {
+        const info = await transport.sendMail({ from: '"Dyrected Dev" <dev@dyrected.local>', to, subject, html });
+        console.log(`[dyrected/core] Email preview URL: ${nodemailer.default.getTestMessageUrl(info)}`);
+      };
+      return _devSend;
+    } catch {
+      console.warn("[dyrected/core] nodemailer not available \u2014 emails will not be sent in dev.");
+      return null;
+    }
+  })();
+  return _devSendPromise;
+}
+async function sendEmail(config, payload) {
+  if (config.email) {
+    await config.email.send(payload);
+    return;
+  }
+  if (process.env.NODE_ENV !== "production") {
+    const devSend = await getDevSend();
+    await devSend?.(payload);
+  }
+}
+function buildWelcomeEmail(config, args) {
+  const custom = config.email?.templates?.welcome?.(args);
+  return {
+    subject: custom?.subject ?? "Welcome \u2014 your account is ready",
+    html: custom?.html ?? `
+      <div style="font-family:sans-serif;max-width:600px;margin:0 auto">
+        <h2>Welcome!</h2>
+        <p>Your account has been created. You can now log in with:</p>
+        <p><strong>${args.email}</strong></p>
+      </div>`
+  };
+}
+function buildInviteEmail(config, args) {
+  const custom = config.email?.templates?.invite?.(args);
+  return {
+    subject: custom?.subject ?? "You've been invited",
+    html: custom?.html ?? `
+      <div style="font-family:sans-serif;max-width:600px;margin:0 auto">
+        <h2>You've been invited</h2>
+        ${args.invitedByEmail ? `<p>Invited by <strong>${args.invitedByEmail}</strong>.</p>` : ""}
+        <p>Use the token below to accept your invitation. It expires in 7 days.</p>
+        <pre style="background:#f4f4f4;padding:12px;border-radius:4px;word-break:break-all">${args.token}</pre>
+      </div>`
+  };
+}
+function buildResetPasswordEmail(config, args) {
+  const custom = config.email?.templates?.resetPassword?.(args);
+  return {
+    subject: custom?.subject ?? "Reset your password",
+    html: custom?.html ?? `
+      <div style="font-family:sans-serif;max-width:600px;margin:0 auto">
+        <h2>Reset your password</h2>
+        <p>Use the token below to reset your password. It expires in 1 hour.</p>
+        <pre style="background:#f4f4f4;padding:12px;border-radius:4px;word-break:break-all">${args.token}</pre>
+      </div>`
+  };
+}
+function buildPasswordChangedEmail(config, args) {
+  const custom = config.email?.templates?.passwordChanged?.(args);
+  return {
+    subject: custom?.subject ?? "Your password has been changed",
+    html: custom?.html ?? `
+      <div style="font-family:sans-serif;max-width:600px;margin:0 auto">
+        <h2>Password changed</h2>
+        <p>The password for <strong>${args.email}</strong> was just changed.</p>
+        <p>If you did not make this change, please contact support immediately.</p>
+      </div>`
+  };
+}
+// src/controllers/auth.controller.ts
+var AuthController = class {
+  collection;
+  constructor(collection) {
+    this.collection = collection;
+  }
+  // ---------------------------------------------------------------------------
+  // GET /init
+  // Checks if the first user needs to be created.
+  // ---------------------------------------------------------------------------
+  async init(c) {
+    const db = c.get("config").db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const result = await db.find({
+      collection: this.collection.slug,
+      limit: 1
+    });
+    return c.json({
+      initialized: result.total > 0
+    });
+  }
+  // ---------------------------------------------------------------------------
+  // POST /first-user
+  // Creates the first user if none exist.
+  // ---------------------------------------------------------------------------
+  async registerFirstUser(c) {
+    const config = c.get("config");
+    const db = config.db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const check = await db.find({
+      collection: this.collection.slug,
+      limit: 1
+    });
+    if (check.total > 0) {
+      return c.json({ error: true, message: "Initial user already exists." }, 403);
+    }
+    const body = await c.req.json().catch(() => null);
+    if (!body?.email || !body?.password) {
+      return c.json({ error: true, message: "email and password are required." }, 400);
+    }
+    const hashedPassword = await hashPassword(body.password);
+    const user = await db.create({
+      collection: this.collection.slug,
+      data: {
+        ...body,
+        password: hashedPassword,
+        roles: ["admin"]
+        // Default first user to admin
+      }
+    });
+    const token = await signCollectionToken({
+      sub: user.id,
+      email: user.email,
+      collection: this.collection.slug
+    });
+    const { subject, html } = buildWelcomeEmail(config, { email: body.email });
+    sendEmail(config, { to: body.email, subject, html }).catch(
+      (err) => console.error("[dyrected/core] Failed to send welcome email:", err)
+    );
+    const { password: _, ...safeUser } = user;
+    return c.json({ token, user: safeUser });
+  }
+  // ---------------------------------------------------------------------------
+  // POST /login
+  // ---------------------------------------------------------------------------
+  async login(c) {
+    const db = c.get("config").db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const body = await c.req.json().catch(() => null);
+    if (!body?.email || !body?.password) {
+      return c.json({ error: true, message: "email and password are required." }, 400);
+    }
+    const result = await db.find({
+      collection: this.collection.slug,
+      where: { email: body.email },
+      limit: 1
+    });
+    const user = result.docs[0];
+    if (!user) {
+      return c.json({ error: true, message: "Invalid email or password." }, 401);
+    }
+    const valid = await verifyPassword(body.password, user.password);
+    if (!valid) {
+      return c.json({ error: true, message: "Invalid email or password." }, 401);
+    }
+    const token = await signCollectionToken({
+      sub: user.id,
+      email: user.email,
+      collection: this.collection.slug
+    });
+    const { password: _, ...safeUser } = user;
+    return c.json({ token, user: safeUser });
+  }
+  // ---------------------------------------------------------------------------
+  // POST /logout
+  // Auth collections use stateless JWTs — logout is handled client-side.
+  // This endpoint exists so clients have a consistent API surface.
+  // ---------------------------------------------------------------------------
+  async logout(c) {
+    return c.json({ success: true, message: "Logged out. Discard your token." });
+  }
+  // ---------------------------------------------------------------------------
+  // GET /me
+  // ---------------------------------------------------------------------------
+  async me(c) {
+    const db = c.get("config").db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const requestUser = c.get("user");
+    if (!requestUser) {
+      return c.json({ error: true, message: "Authentication required." }, 401);
+    }
+    const user = await db.findOne({ collection: this.collection.slug, id: requestUser.sub });
+    if (!user) {
+      return c.json({ error: true, message: "User not found." }, 404);
+    }
+    const { password: _, ...safeUser } = user;
+    return c.json(safeUser);
+  }
+  // ---------------------------------------------------------------------------
+  // POST /refresh-token
+  // ---------------------------------------------------------------------------
+  async refreshToken(c) {
+    const requestUser = c.get("user");
+    if (!requestUser) {
+      return c.json({ error: true, message: "Authentication required." }, 401);
+    }
+    const token = await signCollectionToken({
+      sub: requestUser.sub,
+      email: requestUser.email,
+      collection: this.collection.slug
+    });
+    return c.json({ token });
+  }
+  // ---------------------------------------------------------------------------
+  // POST /forgot-password
+  // Requires config.email to be set. Silently succeeds if email not found
+  // to prevent email enumeration.
+  // ---------------------------------------------------------------------------
+  async forgotPassword(c) {
+    const config = c.get("config");
+    const db = config.db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const body = await c.req.json().catch(() => null);
+    if (!body?.email) {
+      return c.json({ error: true, message: "email is required." }, 400);
+    }
+    const result = await db.find({
+      collection: this.collection.slug,
+      where: { email: body.email },
+      limit: 1
+    });
+    const user = result.docs[0];
+    if (user) {
+      const resetToken = await signCollectionToken(
+        { sub: user.id, email: user.email, collection: this.collection.slug, purpose: "reset" },
+        "1h"
+      );
+      try {
+        const { subject, html } = buildResetPasswordEmail(config, { token: resetToken });
+        await sendEmail(config, { to: user.email, subject, html });
+      } catch (err) {
+        console.error("[dyrected/core] Failed to send password reset email:", err);
+      }
+    }
+    return c.json({
+      success: true,
+      message: "If an account with that email exists, a reset link has been sent."
+    });
+  }
+  // ---------------------------------------------------------------------------
+  // POST /reset-password
+  // Expects { token: string, password: string } in body.
+  // The token is the reset JWT issued by /forgot-password.
+  // ---------------------------------------------------------------------------
+  async resetPassword(c) {
+    const config = c.get("config");
+    const db = config.db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const body = await c.req.json().catch(() => null);
+    if (!body?.token || !body?.password) {
+      return c.json({ error: true, message: "token and password are required." }, 400);
+    }
+    let payload;
+    try {
+      payload = await verifyCollectionToken(body.token);
+    } catch {
+      return c.json({ error: true, message: "Reset token is invalid or has expired." }, 400);
+    }
+    if (payload.collection !== this.collection.slug || payload.purpose !== "reset") {
+      return c.json({ error: true, message: "Reset token is invalid or has expired." }, 400);
+    }
+    const hashedPassword = await hashPassword(body.password);
+    await db.update({
+      collection: this.collection.slug,
+      id: payload.sub,
+      data: { password: hashedPassword }
+    });
+    const { subject, html } = buildPasswordChangedEmail(config, { email: payload.email });
+    sendEmail(config, { to: payload.email, subject, html }).catch(
+      (err) => console.error("[dyrected/core] Failed to send password-changed email:", err)
+    );
+    return c.json({ success: true, message: "Password has been reset. You can now log in." });
+  }
+  // ---------------------------------------------------------------------------
+  // POST /invite
+  // Requires auth. Issues a signed invite token and emails it to the invitee.
+  // ---------------------------------------------------------------------------
+  async invite(c) {
+    const config = c.get("config");
+    const db = config.db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const requestUser = c.get("user");
+    if (!requestUser) {
+      return c.json({ error: true, message: "Authentication required." }, 401);
+    }
+    const body = await c.req.json().catch(() => null);
+    if (!body?.email) {
+      return c.json({ error: true, message: "email is required." }, 400);
+    }
+    const existing = await db.find({
+      collection: this.collection.slug,
+      where: { email: body.email },
+      limit: 1
+    });
+    if (existing.total > 0) {
+      return c.json({ error: true, message: "An account with that email already exists." }, 409);
+    }
+    const inviteToken = await signCollectionToken(
+      { sub: body.email, email: body.email, collection: this.collection.slug, purpose: "invite" },
+      "7d"
+    );
+    try {
+      const { subject, html } = buildInviteEmail(config, {
+        token: inviteToken,
+        invitedByEmail: requestUser.email
+      });
+      await sendEmail(config, { to: body.email, subject, html });
+    } catch (err) {
+      console.error("[dyrected/core] Failed to send invite email:", err);
+    }
+    return c.json({ success: true, message: `Invite sent to ${body.email}.` });
+  }
+  // ---------------------------------------------------------------------------
+  // POST /accept-invite
+  // Public. Validates the invite token and creates the user account.
+  // Body: { token, password, ...extraFields }
+  // ---------------------------------------------------------------------------
+  async acceptInvite(c) {
+    const config = c.get("config");
+    const db = config.db;
+    if (!db) return c.json({ message: "Database not configured" }, 500);
+    const body = await c.req.json().catch(() => null);
+    if (!body?.token || !body?.password) {
+      return c.json({ error: true, message: "token and password are required." }, 400);
+    }
+    let payload;
+    try {
+      payload = await verifyCollectionToken(body.token);
+    } catch {
+      return c.json({ error: true, message: "Invite token is invalid or has expired." }, 400);
+    }
+    if (payload.collection !== this.collection.slug || payload.purpose !== "invite") {
+      return c.json({ error: true, message: "Invite token is invalid or has expired." }, 400);
+    }
+    const inviteeEmail = payload.sub;
+    const existing = await db.find({
+      collection: this.collection.slug,
+      where: { email: inviteeEmail },
+      limit: 1
+    });
+    if (existing.total > 0) {
+      return c.json({ error: true, message: "An account with that email already exists." }, 409);
+    }
+    const { token: _t, password: _p, ...extraFields } = body;
+    const hashedPassword = await hashPassword(body.password);
+    const user = await db.create({
+      collection: this.collection.slug,
+      data: { ...extraFields, email: inviteeEmail, password: hashedPassword }
+    });
+    const sessionToken = await signCollectionToken({
+      sub: user.id,
+      email: inviteeEmail,
+      collection: this.collection.slug
+    });
+    const { subject, html } = buildWelcomeEmail(config, { email: inviteeEmail });
+    sendEmail(config, { to: inviteeEmail, subject, html }).catch(
+      (err) => console.error("[dyrected/core] Failed to send welcome email:", err)
+    );
+    const { password: _, ...safeUser } = user;
+    return c.json({ token: sessionToken, user: safeUser }, 201);
+  }
+};
+// src/controllers/preview.controller.ts
+var import_jose2 = require("jose");
+var import_node_util3 = require("util");
+var PreviewController = class {
+  getSecret() {
+    const secret = process.env.DYRECTED_JWT_SECRET || process.env.JWT_SECRET || "dyrected-preview-secret-change-me";
+    return new import_node_util3.TextEncoder().encode(secret);
+  }
+  /**
+   * POST /api/preview-token
+   * Generates a short-lived token for previewing unsaved data.
+   */
+  async createToken(c) {
+    const body = await c.req.json().catch(() => null);
+    if (!body?.collectionSlug || !body?.data) {
+      return c.json({ error: true, message: "collectionSlug and data are required." }, 400);
+    }
+    const token = await new import_jose2.SignJWT({
+      collectionSlug: body.collectionSlug,
+      documentId: body.documentId,
+      data: body.data
+    }).setProtectedHeader({ alg: "HS256" }).setIssuedAt().setExpirationTime("15m").sign(this.getSecret());
+    const expiresAt = new Date(Date.now() + 15 * 60 * 1e3).toISOString();
+    return c.json({ token, expiresAt });
+  }
+  /**
+   * GET /api/preview-data?token=<jwt>
+   * Returns the data stored in the preview token.
+   */
+  async getData(c) {
+    const token = c.req.query("token");
+    if (!token) {
+      return c.json({ error: true, message: "token query parameter is required." }, 400);
+    }
+    try {
+      const { payload } = await (0, import_jose2.jwtVerify)(token, this.getSecret());
+      return c.json(payload);
+    } catch (err) {
+      return c.json({ error: true, message: "Invalid or expired preview token." }, 401);
+    }
+  }
+};
+// src/middleware/auth.ts
+function requireAuth() {
+  return async (c, next) => {
+    const authHeader = c.req.header("Authorization");
+    const token = authHeader?.replace(/^Bearer\s+/i, "");
+    if (!token) {
+      return c.json({ error: true, message: "Authentication required." }, 401);
+    }
+    try {
+      const user = await verifyCollectionToken(token);
+      c.set("user", user);
+      await next();
+    } catch {
+      return c.json({ error: true, message: "Invalid or expired token." }, 401);
+    }
+  };
+}
+function optionalAuth() {
+  return async (c, next) => {
+    const authHeader = c.req.header("Authorization");
+    const token = authHeader?.replace(/^Bearer\s+/i, "");
+    if (token) {
+      try {
+        const user = await verifyCollectionToken(token);
+        c.set("user", user);
+      } catch {
+      }
+    }
+    await next();
+  };
+}
+// src/utils/openapi.ts
+function generateOpenApi(config) {
+  const spec = {
+    openapi: "3.0.0",
+    info: {
+      title: "Dyrected API",
+      version: "1.0.0",
+      description: "Automatically generated OpenAPI specification for the Dyrected project."
+    },
+    components: {
+      schemas: {},
+      securitySchemes: {
+        ApiKeyAuth: {
+          type: "apiKey",
+          in: "header",
+          name: "x-api-key"
+        }
+      }
+    },
+    paths: {},
+    security: [{ ApiKeyAuth: [] }]
+  };
+  for (const collection of config.collections) {
+    spec.components.schemas[collection.slug] = collectionToSchema(collection);
+  }
+  for (const global of config.globals) {
+    spec.components.schemas[global.slug] = globalToSchema(global);
+  }
+  for (const collection of config.collections) {
+    const slug = collection.slug;
+    const path = `/api/collections/${slug}`;
+    const labels = collection.labels || { singular: slug, plural: `${slug}s` };
+    spec.paths[path] = {
+      get: {
+        tags: ["Collections"],
+        summary: `Find ${labels.plural}`,
+        parameters: [
+          { name: "limit", in: "query", schema: { type: "integer", default: 10 } },
+          { name: "page", in: "query", schema: { type: "integer", default: 1 } },
+          { name: "where", in: "query", schema: { type: "string" }, description: "JSON filter" },
+          { name: "sort", in: "query", schema: { type: "string" }, description: "Sort field (e.g. -createdAt)" }
+        ],
+        responses: {
+          200: {
+            description: "Success",
+            content: {
+              "application/json": {
+                schema: {
+                  type: "object",
+                  properties: {
+                    docs: { type: "array", items: { $ref: `#/components/schemas/${slug}` } },
+                    total: { type: "integer" },
+                    limit: { type: "integer" },
+                    page: { type: "integer" }
+                  }
+                }
+              }
+            }
+          }
+        }
+      },
+      post: {
+        tags: ["Collections"],
+        summary: `Create ${labels.singular}`,
+        requestBody: {
+          required: true,
+          content: {
+            "application/json": {
+              schema: { $ref: `#/components/schemas/${slug}` }
+            }
+          }
+        },
+        responses: {
+          201: {
+            description: "Created",
+            content: {
+              "application/json": {
+                schema: { $ref: `#/components/schemas/${slug}` }
+              }
+            }
+          }
+        }
+      }
+    };
+    spec.paths[`${path}/{id}`] = {
+      get: {
+        tags: ["Collections"],
+        summary: `Get a single ${labels.singular}`,
+        parameters: [{ name: "id", in: "path", required: true, schema: { type: "string" } }],
+        responses: {
+          200: {
+            description: "Success",
+            content: {
+              "application/json": {
+                schema: { $ref: `#/components/schemas/${slug}` }
+              }
+            }
+          }
+        }
+      },
+      patch: {
+        tags: ["Collections"],
+        summary: `Update ${labels.singular}`,
+        parameters: [{ name: "id", in: "path", required: true, schema: { type: "string" } }],
+        requestBody: {
+          required: true,
+          content: {
+            "application/json": {
+              schema: { $ref: `#/components/schemas/${slug}` }
+            }
+          }
+        },
+        responses: {
+          200: {
+            description: "Updated",
+            content: {
+              "application/json": {
+                schema: { $ref: `#/components/schemas/${slug}` }
+              }
+            }
+          }
+        }
+      },
+      delete: {
+        tags: ["Collections"],
+        summary: `Delete ${labels.singular}`,
+        parameters: [{ name: "id", in: "path", required: true, schema: { type: "string" } }],
+        responses: {
+          204: { description: "Deleted" }
+        }
+      }
+    };
+  }
+  for (const global of config.globals) {
+    const slug = global.slug;
+    const path = `/api/globals/${slug}`;
+    spec.paths[path] = {
+      get: {
+        tags: ["Globals"],
+        summary: `Get ${global.label || slug}`,
+        responses: {
+          200: {
+            description: "Success",
+            content: {
+              "application/json": {
+                schema: { $ref: `#/components/schemas/${slug}` }
+              }
+            }
+          }
+        }
+      },
+      patch: {
+        tags: ["Globals"],
+        summary: `Update ${global.label || slug}`,
+        requestBody: {
+          required: true,
+          content: {
+            "application/json": {
+              schema: { $ref: `#/components/schemas/${slug}` }
+            }
+          }
+        },
+        responses: {
+          200: {
+            description: "Updated",
+            content: {
+              "application/json": {
+                schema: { $ref: `#/components/schemas/${slug}` }
+              }
+            }
+          }
+        }
+      }
+    };
+  }
+  if (config.storage) {
+    spec.paths["/api/media"] = {
+      get: {
+        tags: ["Media"],
+        summary: "List Media",
+        responses: {
+          200: {
+            description: "Success",
+            content: {
+              "application/json": {
+                schema: {
+                  type: "object",
+                  properties: {
+                    docs: { type: "array", items: { type: "object", additionalProperties: true } }
+                  }
+                }
+              }
+            }
+          }
+        }
+      },
+      post: {
+        tags: ["Media"],
+        summary: "Upload Media",
+        requestBody: {
+          content: {
+            "multipart/form-data": {
+              schema: {
+                type: "object",
+                properties: {
+                  file: { type: "string", format: "binary" }
+                }
+              }
+            }
+          }
+        },
+        responses: {
+          201: { description: "Uploaded" }
+        }
+      }
+    };
+  }
+  return spec;
+}
+function collectionToSchema(collection) {
+  const { properties, required } = fieldsToProperties(collection.fields);
+  return {
+    type: "object",
+    properties: {
+      id: { type: "string" },
+      createdAt: { type: "string", format: "date-time" },
+      updatedAt: { type: "string", format: "date-time" },
+      ...properties
+    },
+    required: ["id", ...required]
+  };
+}
+function globalToSchema(global) {
+  const { properties, required } = fieldsToProperties(global.fields);
+  return {
+    type: "object",
+    properties,
+    required
+  };
+}
+function fieldsToProperties(fields) {
+  const props = {};
+  const required = [];
+  for (const field of fields) {
+    props[field.name] = fieldToSchema(field);
+    if (field.required) {
+      required.push(field.name);
+    }
+  }
+  return { properties: props, required };
+}
+function fieldToSchema(field) {
+  let schema = {};
+  switch (field.type) {
+    case "text":
+    case "textarea":
+    case "email":
+    case "url":
+      schema = { type: "string" };
+      break;
+    case "number":
+      schema = { type: "number" };
+      break;
+    case "boolean":
+      schema = { type: "boolean" };
+      break;
+    case "date":
+      schema = { type: "string", format: "date-time" };
+      break;
+    case "select":
+      schema = { type: "string", enum: field.options?.map((o) => typeof o === "string" ? o : o.value) };
+      break;
+    case "multiSelect":
+      schema = {
+        type: "array",
+        items: { type: "string", enum: field.options?.map((o) => typeof o === "string" ? o : o.value) }
+      };
+      break;
+    case "relationship":
+      schema = { type: "string", description: `ID of a ${field.relationTo} record` };
+      break;
+    case "object": {
+      const { properties, required } = fieldsToProperties(field.fields || []);
+      schema = { type: "object", properties, required };
+      break;
+    }
+    case "array": {
+      const { properties, required } = fieldsToProperties(field.fields || []);
+      schema = { type: "array", items: { type: "object", properties, required } };
+      break;
+    }
+    case "json":
+    case "richText":
+      schema = { type: "object", additionalProperties: true };
+      break;
+    case "blocks":
+      schema = {
+        type: "array",
+        items: {
+          oneOf: field.blocks?.map((block) => {
+            const { properties, required } = fieldsToProperties(block.fields);
+            return {
+              type: "object",
+              properties: {
+                blockType: { type: "string", enum: [block.slug] },
+                ...properties
+              },
+              required: ["blockType", ...required]
+            };
+          })
+        }
+      };
+      break;
+    default:
+      schema = { type: "string" };
+  }
+  if (field.label) schema.description = field.label;
+  return schema;
+}
+// src/utils/swagger.ts
+function getSwaggerHtml(specUrl = "/api/openapi.json") {
+  return `
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <meta name="description" content="SwaggerUI" />
+  <title>Dyrected API Documentation</title>
+  <link rel="stylesheet" href="https://unpkg.com/swagger-ui-dist@5.11.0/swagger-ui.css" />
+</head>
+<body>
+<div id="swagger-ui"></div>
+<script src="https://unpkg.com/swagger-ui-dist@5.11.0/swagger-ui-bundle.js" charset="UTF-8"></script>
+<script src="https://unpkg.com/swagger-ui-dist@5.11.0/swagger-ui-standalone-preset.js" charset="UTF-8"></script>
+<script>
+  window.onload = () => {
+    // Forward the apikey query param when loading the spec and making API calls
+    const params = new URLSearchParams(window.location.search);
+    const apiKey = params.get('apikey');
+    const specUrlWithKey = apiKey ? '${specUrl}?apikey=' + encodeURIComponent(apiKey) : '${specUrl}';
+    window.ui = SwaggerUIBundle({
+      url: specUrlWithKey,
+      dom_id: '#swagger-ui',
+      presets: [
+        SwaggerUIBundle.presets.apis,
+        SwaggerUIStandalonePreset
+      ],
+      layout: "BaseLayout",
+      deepLinking: true,
+      showExtensions: true,
+      showCommonExtensions: true,
+      // Inject x-api-key header on every request made from the Swagger UI
+      requestInterceptor: (request) => {
+        if (apiKey) {
+          request.headers['x-api-key'] = apiKey;
+        }
+        return request;
+      }
+    });
+  };
+</script>
+</body>
+</html>
+  `;
+}
+// src/auth/jexl.ts
+var import_jexl = __toESM(require("jexl"), 1);
+async function evaluateAccess(expression, context) {
+  if (expression === void 0 || expression === null) return false;
+  if (typeof expression === "boolean") return expression;
+  try {
+    const result = await import_jexl.default.eval(expression, context);
+    return !!result;
+  } catch (err) {
+    console.error("[dyrected/core] Jexl evaluation failed:", err);
+    return false;
+  }
+}
+// src/router.ts
+function accessGate(target, action) {
+  return async (c, next) => {
+    const user = c.get("user");
+    const accessExpr = target.access?.[action];
+    if (accessExpr === void 0 || accessExpr === null) {
+      return await next();
+    }
+    const accessArgs = { user, req: c.req, doc: null };
+    const allowed = await evaluateAccess(accessExpr, accessArgs);
+    if (!allowed) {
+      return c.json({ error: true, message: `Access denied: ${action} on ${target.slug}` }, 403);
+    }
+    await next();
+  };
+}
+function registerRoutes(app, config) {
+  app.get("/api/schemas", optionalAuth(), async (c) => {
+    const siteId = c.req.header("X-Site-Id");
+    let collections = [...config.collections];
+    let globals = [...config.globals];
+    if (siteId && config.onSchemaFetch) {
+      const dynamic = await config.onSchemaFetch(siteId);
+      if (dynamic.collections) collections = [...collections, ...dynamic.collections];
+      if (dynamic.globals) globals = [...globals, ...dynamic.globals];
+      if (dynamic.admin) {
+        config.admin = { ...config.admin, ...dynamic.admin };
+      }
+    }
+    const user = c.get("user");
+    const accessArgs = { user, req: c.req, doc: null };
+    const resolveAccess = async (access) => {
+      if (access === void 0 || access === null) return true;
+      if (typeof access === "function") {
+        try {
+          const result = await access(accessArgs);
+          return typeof result === "boolean" ? result : !!result;
+        } catch (err) {
+          console.error("[dyrected/core] Functional access check failed:", err);
+          return false;
+        }
+      }
+      if (typeof access === "string" || typeof access === "boolean") {
+        return evaluateAccess(access, accessArgs);
+      }
+      return true;
+    };
+    const filteredCollections = await Promise.all(collections.filter((col) => !siteId || col.shared || !col.siteId || col.siteId === siteId).map(async (col) => ({
+      slug: col.slug,
+      labels: col.labels,
+      access: {
+        read: await resolveAccess(col.access?.read),
+        create: await resolveAccess(col.access?.create),
+        update: await resolveAccess(col.access?.update),
+        delete: await resolveAccess(col.access?.delete)
+      },
+      fields: await Promise.all(col.fields.map(async (f) => ({
+        name: f.name,
+        type: f.type,
+        label: f.label,
+        required: f.required,
+        defaultValue: f.defaultValue,
+        options: f.options,
+        relationTo: f.relationTo,
+        hasMany: f.hasMany,
+        fields: f.fields,
+        blocks: f.blocks,
+        admin: f.admin,
+        access: {
+          read: await resolveAccess(f.access?.read),
+          update: await resolveAccess(f.access?.update)
+        }
+      }))),
+      upload: !!col.upload,
+      auth: !!col.auth,
+      admin: col.admin
+    })));
+    const filteredGlobals = await Promise.all(globals.filter((glb) => !siteId || glb.shared || !glb.siteId || glb.siteId === siteId).map(async (glb) => ({
+      slug: glb.slug,
+      label: glb.label,
+      access: {
+        read: await resolveAccess(glb.access?.read),
+        update: await resolveAccess(glb.access?.update)
+      },
+      fields: await Promise.all(glb.fields.map(async (f) => ({
+        name: f.name,
+        type: f.type,
+        label: f.label,
+        required: f.required,
+        defaultValue: f.defaultValue,
+        options: f.options,
+        relationTo: f.relationTo,
+        hasMany: f.hasMany,
+        fields: f.fields,
+        blocks: f.blocks,
+        admin: f.admin,
+        access: {
+          read: await resolveAccess(f.access?.read),
+          update: await resolveAccess(f.access?.update)
+        }
+      }))),
+      admin: glb.admin
+    })));
+    return c.json({
+      collections: filteredCollections,
+      globals: filteredGlobals,
+      admin: config.admin || {}
+    });
+  });
+  app.get("/api/openapi.json", (c) => {
+    return c.json(generateOpenApi(config));
+  });
+  app.get("/api/docs", (c) => {
+    return c.html(getSwaggerHtml());
+  });
+  app.get("/api/media/:filename{.+$}", async (c) => {
+    const mediaController = new MediaController("media");
+    return mediaController.serve(c);
+  });
+  app.get("/media/:filename{.+$}", async (c) => {
+    const mediaController = new MediaController("media");
+    return mediaController.serve(c);
+  });
+  if (config.storage) {
+    const uploadCollections = config.collections.filter((c) => c.upload);
+    for (const col of uploadCollections) {
+      const mediaController = new MediaController(col.slug);
+      const prefix = `/api/collections/${col.slug}`;
+      app.get(`${prefix}/media`, accessGate(col, "read"), (c) => mediaController.find(c));
+      app.get(`${prefix}/media/:filename{.+$}`, (c) => mediaController.serve(c));
+      app.post(`${prefix}/media`, accessGate(col, "create"), (c) => mediaController.upload(c));
+      app.delete(`${prefix}/media/:id`, accessGate(col, "delete"), (c) => mediaController.delete(c));
+    }
+  }
+  for (const collection of config.collections) {
+    if (!collection.auth) continue;
+    const path = `/api/collections/${collection.slug}`;
+    const authController = new AuthController(collection);
+    app.post(`${path}/login`, (c) => authController.login(c));
+    app.post(`${path}/logout`, (c) => authController.logout(c));
+    app.get(`${path}/init`, (c) => authController.init(c));
+    app.post(`${path}/first-user`, (c) => authController.registerFirstUser(c));
+    app.get(`${path}/me`, requireAuth(), (c) => authController.me(c));
+    app.post(`${path}/refresh-token`, requireAuth(), (c) => authController.refreshToken(c));
+    app.post(`${path}/forgot-password`, (c) => authController.forgotPassword(c));
+    app.post(`${path}/reset-password`, (c) => authController.resetPassword(c));
+    app.post(`${path}/invite`, requireAuth(), (c) => authController.invite(c));
+    app.post(`${path}/accept-invite`, (c) => authController.acceptInvite(c));
+  }
+  for (const collection of config.collections) {
+    const path = `/api/collections/${collection.slug}`;
+    const controller = new CollectionController(collection);
+    app.get(path, accessGate(collection, "read"), (c) => controller.find(c));
+    app.post(path, accessGate(collection, "create"), (c) => controller.create(c));
+    app.post(`${path}/media`, accessGate(collection, "create"), (c) => controller.create(c));
+    app.get(`${path}/:id`, accessGate(collection, "read"), (c) => controller.findOne(c));
+    app.patch(`${path}/:id`, accessGate(collection, "update"), (c) => controller.update(c));
+    app.delete(`${path}/:id`, accessGate(collection, "delete"), (c) => controller.delete(c));
+    app.post(`${path}/seed`, (c) => controller.seed(c));
+  }
+  for (const global of config.globals) {
+    const path = `/api/globals/${global.slug}`;
+    const controller = new GlobalController(global);
+    app.get(path, accessGate(global, "read"), (c) => controller.get(c));
+    app.patch(path, accessGate(global, "update"), (c) => controller.update(c));
+    app.post(`${path}/seed`, (c) => controller.seed(c));
+  }
+  const previewController = new PreviewController();
+  app.post("/api/preview-token", requireAuth(), (c) => previewController.createToken(c));
+  app.get("/api/preview-data", (c) => previewController.getData(c));
+  app.all("/api/collections/:slug/:id?", async (c) => {
+    const slug = c.req.param("slug");
+    const id = c.req.param("id");
+    const siteId = c.req.header("X-Site-Id") || c.get("siteId");
+    const config2 = c.get("config");
+    if (config2.collections.some((col) => col.slug === slug)) {
+      return c.json({ message: "Method Not Allowed" }, 405);
+    }
+    if (config2.onSchemaFetch && siteId) {
+      const dynamic = await config2.onSchemaFetch(siteId);
+      let collection = dynamic.collections?.find((col) => col.slug === slug);
+      if (!collection && slug === "media") {
+        collection = {
+          slug: "media",
+          labels: { singular: "Media", plural: "Media" },
+          upload: true,
+          fields: []
+        };
+      }
+      if (collection) {
+        if (collection.auth && id) {
+          const authController = new AuthController(collection);
+          const method2 = c.req.method;
+          if (method2 === "POST" && id === "login") return authController.login(c);
+          if (method2 === "POST" && id === "logout") return authController.logout(c);
+          if (method2 === "GET" && id === "me") return authController.me(c);
+          if (method2 === "POST" && id === "refresh-token") return authController.refreshToken(c);
+          if (method2 === "POST" && id === "forgot-password") return authController.forgotPassword(c);
+          if (method2 === "POST" && id === "reset-password") return authController.resetPassword(c);
+        }
+        const controller = new CollectionController(collection);
+        const method = c.req.method;
+        if (id) {
+          if (method === "GET") return controller.findOne(c);
+          if (method === "PATCH") return controller.update(c);
+          if (method === "DELETE") return controller.delete(c);
+          if (method === "POST" && id === "media") return controller.create(c);
+        } else {
+          if (method === "GET") return controller.find(c);
+          if (method === "POST") return controller.create(c);
+        }
+      }
+    }
+    return c.json({ message: `Collection "${slug}" not found` }, 404);
+  });
+  app.all("/api/globals/:slug", async (c) => {
+    const slug = c.req.param("slug");
+    const siteId = c.req.header("X-Site-Id") || c.get("siteId");
+    const config2 = c.get("config");
+    if (config2.globals.some((glb) => glb.slug === slug)) {
+      return c.json({ message: "Method Not Allowed" }, 405);
+    }
+    if (config2.onSchemaFetch && siteId) {
+      const dynamic = await config2.onSchemaFetch(siteId);
+      const global = dynamic.globals?.find((glb) => glb.slug === slug);
+      if (global) {
+        const controller = new GlobalController(global);
+        if (c.req.method === "GET") return controller.get(c);
+        if (c.req.method === "PATCH") return controller.update(c);
+      }
+    }
+    return c.json({ message: `Global "${slug}" not found` }, 404);
+  });
+}
+// src/app.ts
+async function createDyrectedApp(rawConfig) {
+  const config = normalizeConfig(rawConfig);
+  const app = new import_hono.Hono();
+  if (config.db?.sync) {
+    await config.db.sync(config.collections, config.globals);
+  }
+  app.use("*", (0, import_request_id.requestId)());
+  app.use("*", optionalAuth());
+  app.use("*", async (c, next) => {
+    const start = Date.now();
+    await next();
+    const ms = Date.now() - start;
+    console.log(`[dyrected/api] ${c.req.method} ${c.req.path} ${c.res.status} - ${ms}ms`);
+  });
+  app.use("*", (0, import_cors.cors)());
+  app.use("*", async (c, next) => {
+    c.set("config", config);
+    if (!c.get("siteId")) {
+      c.set("siteId", "default");
+    }
+    await next();
+  });
+  app.get("/health", (c) => c.json({ status: "ok", version: "0.0.1" }));
+  app.get("/routes", (c) => {
+    const routes = app.routes.map((r) => ({ method: r.method, path: r.path }));
+    return c.json({ routes });
+  });
+  app.onError((err, c) => {
+    console.error(`[dyrected/core] Uncaught Error:`, err);
+    return c.json({
+      message: err.message || "Internal Server Error",
+      stack: process.env.NODE_ENV === "development" ? err.stack : void 0
+    }, 500);
+  });
+  registerRoutes(app, config);
+  return app;
+}
 // src/index.ts
 function defineCollection(config) {
   return config;
@@ -552,9 +2640,11 @@ function defineConfig(config) {
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  createDyrectedApp,
   defineCollection,
   defineConfig,
   defineGlobal,
   generateAIPrompt,
+  generateFreshSetupPrompt,
   normalizeConfig
 });