npm - @edgedev/create-edge-app - Versions diffs - 1.2.34 → 1.2.35 - Mend

@edgedev/create-edge-app 1.2.34 → 1.2.35

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/README.md +1 -0
package/agents.md +95 -2
package/deploy.sh +60 -1
package/edge/components/cms/block.vue +763 -301
package/edge/components/cms/blockEditor.vue +342 -29
package/edge/components/cms/blockPicker.vue +3 -3
package/edge/components/cms/blocksManager.vue +48 -13
package/edge/components/cms/htmlContent.vue +601 -10
package/edge/components/cms/init_blocks/contact_us.html +55 -47
package/edge/components/cms/init_blocks/newsletter.html +56 -96
package/edge/components/cms/menu.vue +92 -31
package/edge/components/cms/page.vue +165 -50
package/edge/components/cms/posts.vue +13 -4
package/edge/components/cms/site.vue +15 -4
package/edge/components/cms/siteSettingsForm.vue +19 -9
package/edge/components/cms/themeDefaultMenu.vue +20 -2
package/edge/composables/siteSettingsTemplate.js +2 -0
package/edge-pull.sh +16 -2
package/edge-push.sh +9 -1
package/edge-remote.sh +20 -0
package/edge-status.sh +9 -5
package/edge-update-all.sh +127 -0
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -38,6 +38,7 @@ Use the provided scripts instead of manual edits:
 ./edge-pull.sh
 ./edge-push.sh
 ```
+If the `edge-vue-components` remote is missing locally, these scripts auto-add it.
 ## Deep links (iOS)
 Add URL types to your `Info.plist` when configuring deep links:

package/agents.md CHANGED Viewed

@@ -68,15 +68,108 @@ Adjust props (search, filters, pagination, save overrides) using the existing co
 - shadcn components live under `components/ui` and Edge-wrapped variants under `edge/components/shad`. Prefer the Edge variants to keep styling consistent and take advantage of shared props/slots.
 - Styling: stick to Tailwind utility classes alongside the Edge components; when building new components, use Tailwind + `cn` for class composition instead of custom CSS where possible.
+## CMS Block System Contract
+- Treat the Block Editor help in `edge/components/cms/blockEditor.vue` as the source-of-truth for CMS block behavior.
+- A block is HTML plus special tags; tags with a `field` create editable inputs.
+- Only triple-brace tags create CMS inputs (for example `{{{#text ...}}}`); plain `{{...}}` placeholders do not.
+- Tag config must be valid JSON (double quotes, commas, and exact opening/closing tag format).
+- `field` is the stored key, `value` is the default, and `title` is the editor label.
+- Field order in the editor follows first appearance order in the template.
+- On edit, template meta and stored meta are merged; persisted filters/limits should be preserved.
+- If a field is removed from template markup, existing stored data remains and returns when the field is added back.
+### Block fields and rendering
+- Core field types used by CMS blocks: `text`, `textarea`, `richtext`, `number`, `image`, `array`.
+- `text` and `textarea` are HTML-escaped on render.
+- `richtext` renders as HTML.
+- Inline formatter output is HTML-escaped by default.
+- Image field values store URL strings; optional `tags` limits media picker scope.
+- Validation supports `required`, `min`, `max` (numeric bounds for numbers, length/count for text/arrays).
+- Preview behavior: empty fields use placeholders; empty arrays may show sample items.
+- The JSON Field Editor is line-driven in the code editor and is the preferred fix path for broken tag JSON.
+### Inline formatter support
+- Supported formatters: `date`, `datetime`, `money`, `lower`, `upper`, `trim`, `slug`, `title`, `deslug`, `default`.
+- Use inline formatters directly in placeholders (for example `{{ date(post.publishDate) }}`).
+- Existing schema/meta formatting behavior remains valid alongside inline formatters.
+### Array blocks
+- Manual arrays can use scalar values or object schemas; supported schema field types include `text`, `textarea`, `richtext`, `image`, `number`, `option`.
+- Manual array UI includes add, reorder, and delete controls; `limit` caps rendered item count.
+- Array loop aliases use `as` (for example `{{{#array {"field":"items","as":"card"}}}}`).
+- Use `subarray` for nested arrays and `entries` for object key/value iteration.
+- Use `renderBlocks` when an item contains nested CMS block content (for example post body content).
+### Array data loading (Firestore/API)
+- Firestore arrays use `collection` config with `path`, `uniqueKey`, `query`, `order`, `limit`.
+- `path` is org-scoped under `organizations/{orgId}`.
+- `uniqueKey` supports template tokens like `{orgId}` and `{siteId}`.
+- API arrays use `api`, optional `apiQuery`, and `apiField`.
+- `queryOptions` creates CMS filter controls; selected values are stored in `meta.queryItems`.
+- Loading state tokens are supported while async array data resolves: `{{loading}}` and `{{loaded}}`.
+### Array query execution model (critical)
+- Each `queryItems` entry performs its own KV index lookup via `kvClient.queryIndex`.
+- Query keys only work if the field is present in KV mirror config: include keys in `indexKeys`, and also in `metadataKeys` when needed for rendering/sorting.
+- Multiple `queryItems` are unioned first (OR behavior at lookup stage).
+- Candidate duplicates are removed by canonical key.
+- `collection.query` then runs in JavaScript as final filtering (AND behavior across rules).
+- `collection.order` sorts the filtered result set.
+- Final output is written to `values[field]`.
+- If load fails, runtime falls back to inline `value` or `[]` when no fallback value exists.
+### Firestore index + KV mirror requirements
+- Any Firestore compound query used by blocks (for example array contains + order) requires matching composite indexes in `firestore.indexes.json`.
+- Fast CMS filtering requires KV mirroring in Functions with both index and metadata coverage.
+- Mirror pattern example:
+```js
+exports.onListingWritten = createKvMirrorHandlerFromFields({
+  documentPath: 'organizations/{orgId}/listings',
+  uniqueKey: '{orgId}',
+  indexKeys: ['name', 'city', 'state', 'status'],
+  metadataKeys: ['name', 'city', 'state', 'status', 'price', 'doc_created_at'],
+})
+```
+### Conditional/template logic
+- `if/else` conditionals are supported in templates with `cond`.
+- Array/subarray conditionals can reference `item.*` and alias objects.
+- Supported conditional operators: `==`, `!=`, `>`, `<`, `>=`, `<=`.
+### CMS interactive helper systems
+- Carousel blocks: runtime auto-inits Embla from `[data-carousel]` markup, with `[data-carousel-track]` and slide basis classes required.
+- Carousel options are class/data-attribute driven (`data-carousel-autoplay`, interval, loop, fade, responsive `slides-to-scroll`).
+- Carousel behavior details: when loop is off use trim snaps behavior, dot count is snap-based, controls/dots are rebuilt on `reInit`, and initialized roots are tagged (`data-embla="true"`).
+- Nav blocks: runtime helper classes (`cms-nav-root`, `cms-nav-toggle`, `cms-nav-panel`) drive interactive menu behavior in preview/runtime.
+- Nav helper classes also support folder dropdowns, sticky behavior, hide-on-scroll behavior, and left/right/center positioning.
+- Nav class contract to remember: `cms-nav-root` + `cms-nav-toggle` + `cms-nav-panel` are required; `cms-nav-overlay`, `cms-nav-close`, `cms-nav-link`, `cms-nav-folder*`, `cms-nav-main`, `cms-nav-layout`, `cms-nav-logo`, `cms-nav-desktop` are optional hooks.
+- Nav root attributes supported by runtime include: open state/class, close-on-link, position, scrolled/top class pairs, row class pairs, scroll threshold (default 10), hide-on-down toggles/thresholds/delta (defaults 80/6), and hidden/visible/transition class overrides.
+- Form helpers: `form.cms-form` or `[data-cms-form]` submits to `/api/contact` with anti-bot checks and history tracking.
+- Form helper hooks include required markers, submit trigger, and message containers; context IDs are inherited automatically from block wrapper.
+- Form helper defaults: endpoint defaults to `/api/contact`; success/error/required copy and state classes are configurable through `data-cms-*` attributes; Block Editor preview is structure/UX only, not delivery verification.
+- Scroll reveal helpers use class contracts (`sr`, `sr-group`, `sr-item`) plus utility classes for direction, duration, distance, stagger, viewport trigger, reset/cleanup, device targeting, easing, and optional callbacks.
+- Scroll reveal defaults to remember: `origin: bottom`, `distance: 24px`, `duration: 700`, `viewFactor: 0.15`, `reset: false`, `cleanup: false`, `mobile: true`, `desktop: true`; callback hook classes map to `window.__srCallbacks`.
 ## Do/Don't
 - Do reuse Edge components (`dashboard`, `editor`, `cms` blocks, auth widgets) before adding new ones.
 - Do keep Firestore paths, queries, and role checks consistent with `edgeGlobal` helpers (`isAdminGlobal`, `getRoleName`, etc.).
 - Do use the `edge-*.sh` scripts (like `edge-pull.sh` and `edge-components-update.sh`) to sync/update the `edge` subtree instead of manual edits.
 - Don’t introduce TypeScript, Options API, raw Firebase SDK calls, or ad-hoc forms/tables when an Edge component exists.
-- Don’t edit code inside the `edge` folder unless absolutely required; it is a shared repo. If a change is unavoidable, keep it generic (no project-specific hacks) and call out the suggestion instead of making the edit when possible.
+- Don’t edit code inside the `edge` folder (including `edge/components/cms/*`) unless absolutely required and you have asked for and received user permission for that specific edit every time; it is a shared repo.
+- If an `edge/*` change is unavoidable, keep it generic (no project-specific hacks) and call out the suggestion instead of making the edit when possible.
 - Don’t modify `storage.rules` or `firestore.rules`.
 ## Firebase Functions guidance
-- Review `functions/config.js`, `functions/edgeFirebase.js`, and `functions/cms.js` to mirror established patterns, but do not edit those files.
+- Review `functions/config.js`, `functions/edgeFirebase.js`, and `functions/cms.js` to mirror established patterns.
+- Only edit `functions/config.js`, `functions/edgeFirebase.js`, or `functions/cms.js` when absolutely required and only after asking for and receiving user permission each time.
 - When adding new cloud functions, create a new JS file under `functions/` and export handlers using the shared imports from `config.js`. Wire it up by requiring it in `functions/index.js` (same pattern as `stripe.js`), instead of modifying restricted files.
 - For every `onCall` function, always enforce both checks up front: `request.auth?.uid` must exist, and `request.data?.uid` must exactly match `request.auth.uid`. Throw `HttpsError('unauthenticated', ...)` when auth is missing and `HttpsError('permission-denied', ...)` when the uid does not match.
+## Public Publications Contract
+- Public publication rendering is callable-only in this repo: `pages/publications/[org]/[pub].vue` should use `publicAccess-getOrgBySlug`, `publicAccess-getMagazineBySlug`, and `publicAccess-getArticles`, and should not rely on `/api/publications`.
+- Organization docs should include Glossee-compatible profile fields maintained by `functions/organizations.js`: `docId`, `slug`, `about`, `location`, `logo_url`, `website`, `social_links`.
+- `functions/publicAccess.js` is the source of truth for unauthenticated publication visibility (`published` + flipbook detection). Keep this logic centralized; do not duplicate access rules in page code.
+- `functions/publications.js` controls KV mirroring/indexing for files. Preserve status/slug/name/flipbook indexes when refactoring.
+- When changing any of these files, run:
+  - `npm run test:publications-public-access`
+  - `npm run test:model-import`

package/deploy.sh CHANGED Viewed

@@ -99,6 +99,57 @@ resolve_functions_region() {
   echo "us-west1"
 }
+resolve_project_id() {
+  if [ -n "${PROJECT_ID:-}" ]; then
+    echo "$PROJECT_ID"
+    return
+  fi
+  if [ -n "${FIREBASE_PROJECT_ID:-}" ]; then
+    echo "$FIREBASE_PROJECT_ID"
+    return
+  fi
+  if [ -f ".firebaserc" ]; then
+    local rc_project
+    rc_project="$(
+      node - <<'NODE'
+const fs = require('fs')
+const path = '.firebaserc'
+try {
+  const json = JSON.parse(fs.readFileSync(path, 'utf8'))
+  const projectId = json?.projects?.default || ''
+  process.stdout.write(projectId)
+}
+catch {
+  process.stdout.write('')
+}
+NODE
+    )"
+    if [ -n "$rc_project" ]; then
+      echo "$rc_project"
+      return
+    fi
+  fi
+  if [ -n "${GCLOUD_PROJECT:-}" ]; then
+    echo "$GCLOUD_PROJECT"
+    return
+  fi
+  if [ -n "${GOOGLE_CLOUD_PROJECT:-}" ]; then
+    echo "$GOOGLE_CLOUD_PROJECT"
+    return
+  fi
+  if [ -n "${CLOUDSDK_CORE_PROJECT:-}" ]; then
+    echo "$CLOUDSDK_CORE_PROJECT"
+    return
+  fi
+  echo ""
+}
 ensure_callable_public_access() {
   if ! command -v gcloud >/dev/null 2>&1; then
     echo "Deploy aborted: gcloud CLI not found. It is required to enforce callable invoker access." >&2
@@ -107,6 +158,13 @@ ensure_callable_public_access() {
   local region
   region="$(resolve_functions_region)"
+  local project_id
+  project_id="$(resolve_project_id)"
+  if [ -z "$project_id" ]; then
+    echo "Deploy aborted: unable to resolve project id for callable invoker enforcement." >&2
+    exit 1
+  fi
   local callable_functions
   callable_functions="$(
@@ -146,12 +204,13 @@ NODE
     return
   fi
-  echo "Ensuring public invoker access for callable functions in region '${region}'..."
+  echo "Ensuring public invoker access for callable functions in region '${region}' (project '${project_id}')..."
   while IFS= read -r function_name; do
     [ -z "$function_name" ] && continue
     echo " - ${function_name}"
     gcloud functions add-invoker-policy-binding "$function_name" \
       --gen2 \
+      --project "$project_id" \
       --region "$region" \
       --member="allUsers" >/dev/null
   done <<< "$callable_functions"