npm - @ekrist1/vulse - Versions diffs - 0.1.6-alpha.3 → 0.1.7-alpha.4 - Mend

@ekrist1/vulse 0.1.6-alpha.3 → 0.1.7-alpha.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (264) hide show

package/dist/cli/migrate.d.ts.map +1 -1
package/dist/cli/migrate.js +3 -4
package/dist/cli/setup.d.ts.map +1 -1
package/dist/cli/setup.js +11 -10
package/dist/core/blueprints/compile.d.ts +1 -1
package/dist/core/blueprints/compile.d.ts.map +1 -1
package/dist/core/blueprints/compile.js +3 -3
package/dist/core/blueprints/mutations.js +2 -2
package/dist/core/forms/rate-limit.d.ts +1 -1
package/dist/core/forms/rate-limit.d.ts.map +1 -1
package/dist/core/forms/rate-limit.js +3 -3
package/dist/core/forms/unique.d.ts +1 -1
package/dist/core/forms/unique.d.ts.map +1 -1
package/dist/core/forms/unique.js +4 -4
package/dist/core/globals/compile.d.ts +1 -1
package/dist/core/globals/compile.d.ts.map +1 -1
package/dist/core/globals/compile.js +2 -2
package/dist/core/globals/definition.d.ts +1 -1
package/dist/core/globals/definition.d.ts.map +1 -1
package/dist/core/globals/definition.js +3 -3
package/dist/core/repos/globals.js +3 -3
package/dist/core/sha256.d.ts +3 -0
package/dist/core/sha256.d.ts.map +1 -0
package/dist/core/sha256.js +9 -0
package/dist/integration/index.js +1 -1
package/dist/integration/install-hook.d.ts.map +1 -1
package/dist/integration/install-hook.js +6 -4
package/dist/integration/wrangler-config.d.ts +12 -0
package/dist/integration/wrangler-config.d.ts.map +1 -0
package/dist/integration/wrangler-config.js +97 -0
package/dist/integration/wrangler-patch.d.ts +1 -0
package/dist/integration/wrangler-patch.d.ts.map +1 -1
package/dist/integration/wrangler-patch.js +2 -1
package/dist/server/routes/form-submit.js +1 -1
package/dist/version.d.ts +1 -1
package/dist/version.js +1 -1
package/package.json +11 -3
package/src/admin/assets/logo-mark.svg +5 -0
package/src/admin/client/active-locale.ts +17 -0
package/src/admin/client/api.ts +21 -0
package/src/admin/client/form-from-zod.ts +7 -0
package/src/admin/client/live-preview-enabled.ts +5 -0
package/src/admin/components/AdminShell.astro +45 -0
package/src/admin/components/AuthSettings.vue +60 -0
package/src/admin/components/BlockEditor.vue +53 -0
package/src/admin/components/BlueprintEditor.vue +1783 -0
package/src/admin/components/CollectionKindIcon.vue +26 -0
package/src/admin/components/CollectionTree.vue +220 -0
package/src/admin/components/EntryEditorWithPreview.vue +130 -0
package/src/admin/components/EntryForm.vue +411 -0
package/src/admin/components/EntryList.vue +121 -0
package/src/admin/components/EntryStatusBadge.vue +24 -0
package/src/admin/components/FormEditor.vue +233 -0
package/src/admin/components/FormList.vue +54 -0
package/src/admin/components/GlobalSetEditor.vue +272 -0
package/src/admin/components/GlobalSetList.vue +55 -0
package/src/admin/components/LivePreviewPanel.vue +171 -0
package/src/admin/components/LoginForm.vue +53 -0
package/src/admin/components/MediaLibrary.vue +106 -0
package/src/admin/components/MediaPicker.vue +49 -0
package/src/admin/components/RevisionDiff.vue +11 -0
package/src/admin/components/RevisionList.vue +134 -0
package/src/admin/components/SeoFields.vue +113 -0
package/src/admin/components/SetEditor.vue +137 -0
package/src/admin/components/SetList.vue +32 -0
package/src/admin/components/SettingsForm.vue +189 -0
package/src/admin/components/SideNav.vue +152 -0
package/src/admin/components/SubmissionDetail.vue +45 -0
package/src/admin/components/SubmissionList.vue +89 -0
package/src/admin/components/ToastHost.vue +33 -0
package/src/admin/components/TreeRow.vue +163 -0
package/src/admin/components/UserEditor.vue +186 -0
package/src/admin/components/UserList.vue +46 -0
package/src/admin/components/blocks/BlockItem.vue +32 -0
package/src/admin/components/blocks/BlockToolbar.vue +12 -0
package/src/admin/components/blocks/edit/CodeEdit.vue +18 -0
package/src/admin/components/blocks/edit/EmbedEdit.vue +14 -0
package/src/admin/components/blocks/edit/HeadingEdit.vue +19 -0
package/src/admin/components/blocks/edit/ImageEdit.vue +40 -0
package/src/admin/components/blocks/edit/ListEdit.vue +36 -0
package/src/admin/components/blocks/edit/ParagraphEdit.vue +14 -0
package/src/admin/components/blocks/edit/QuoteEdit.vue +18 -0
package/src/admin/components/fields/BlocksField.vue +123 -0
package/src/admin/components/fields/BlocksSetsPicker.vue +59 -0
package/src/admin/components/fields/BoolField.vue +10 -0
package/src/admin/components/fields/DateField.vue +22 -0
package/src/admin/components/fields/EntriesField.vue +153 -0
package/src/admin/components/fields/EntryField.vue +138 -0
package/src/admin/components/fields/EnumField.vue +81 -0
package/src/admin/components/fields/FieldRenderer.vue +87 -0
package/src/admin/components/fields/GridField.vue +173 -0
package/src/admin/components/fields/LinkField.vue +219 -0
package/src/admin/components/fields/MediaField.vue +69 -0
package/src/admin/components/fields/NumberField.vue +12 -0
package/src/admin/components/fields/ObjectField.vue +18 -0
package/src/admin/components/fields/RefField.vue +170 -0
package/src/admin/components/fields/RepeaterField.vue +27 -0
package/src/admin/components/fields/ReplicatorField.vue +121 -0
package/src/admin/components/fields/TextField.vue +11 -0
package/src/admin/components/fields/TextareaField.vue +11 -0
package/src/admin/components/fields/VulseAccordionGroupNodeView.vue +82 -0
package/src/admin/components/fields/VulseAccordionNodeView.vue +128 -0
package/src/admin/components/fields/VulseCalloutNodeView.vue +81 -0
package/src/admin/components/fields/VulseIframeNodeView.vue +112 -0
package/src/admin/components/fields/VulseSetNodeView.vue +68 -0
package/src/admin/components/fields/VulseVideoNodeView.vue +104 -0
package/src/admin/components/fields/blocks-editor-extensions.ts +26 -0
package/src/admin/components/fields/emoji-extension.ts +54 -0
package/src/admin/components/fields/link-extension.ts +48 -0
package/src/admin/components/fields/set-node-utils.ts +115 -0
package/src/admin/components/fields/url-utils.ts +85 -0
package/src/admin/components/fields/vulse-accordion-extension.ts +64 -0
package/src/admin/components/fields/vulse-accordion-group-extension.ts +49 -0
package/src/admin/components/fields/vulse-callout-extension.ts +53 -0
package/src/admin/components/fields/vulse-iframe-extension.ts +96 -0
package/src/admin/components/fields/vulse-set-extension.ts +66 -0
package/src/admin/components/fields/vulse-video-extension.ts +65 -0
package/src/admin/composables/toast.ts +35 -0
package/src/admin/composables/useEntrySearch.ts +112 -0
package/src/admin/composables/useSets.ts +31 -0
package/src/admin/pages/collections/[name]/[id]/revisions.astro +27 -0
package/src/admin/pages/collections/[name]/[id].astro +90 -0
package/src/admin/pages/collections/[name]/index.astro +31 -0
package/src/admin/pages/collections/[name]/new.astro +38 -0
package/src/admin/pages/forms/[handle]/submissions/[id].astro +9 -0
package/src/admin/pages/forms/[handle]/submissions/index.astro +9 -0
package/src/admin/pages/forms/[handle].astro +9 -0
package/src/admin/pages/forms/index.astro +7 -0
package/src/admin/pages/forms/new.astro +7 -0
package/src/admin/pages/index.astro +36 -0
package/src/admin/pages/login.astro +14 -0
package/src/admin/pages/media.astro +8 -0
package/src/admin/pages/schema/[handle].astro +10 -0
package/src/admin/pages/schema/new.astro +9 -0
package/src/admin/pages/settings/auth.astro +9 -0
package/src/admin/pages/settings/globals/[handle].astro +9 -0
package/src/admin/pages/settings/globals/index.astro +7 -0
package/src/admin/pages/settings/globals/new.astro +7 -0
package/src/admin/pages/settings/index.astro +8 -0
package/src/admin/pages/settings/sets/[handle].astro +9 -0
package/src/admin/pages/settings/sets/index.astro +7 -0
package/src/admin/pages/settings/sets/new.astro +7 -0
package/src/admin/pages/users/[id].astro +10 -0
package/src/admin/pages/users/index.astro +8 -0
package/src/admin/styles/admin.css +166 -0
package/src/core/access.ts +9 -0
package/src/core/blocks/schema.ts +66 -0
package/src/core/blueprints/code-to-definition.ts +156 -0
package/src/core/blueprints/compile.ts +176 -0
package/src/core/blueprints/define.ts +12 -0
package/src/core/blueprints/definition.ts +185 -0
package/src/core/blueprints/load.ts +144 -0
package/src/core/blueprints/mutations.ts +236 -0
package/src/core/blueprints/preview-path.ts +33 -0
package/src/core/blueprints/reflect-fields.ts +305 -0
package/src/core/blueprints/registry.ts +14 -0
package/src/core/blueprints/seed.ts +20 -0
package/src/core/blueprints/select-helpers.ts +30 -0
package/src/core/blueprints/seo.ts +180 -0
package/src/core/blueprints/types.ts +59 -0
package/src/core/blueprints/zod-helpers.ts +86 -0
package/src/core/db.ts +11 -0
package/src/core/errors.ts +34 -0
package/src/core/forms/compile.ts +84 -0
package/src/core/forms/definition.ts +102 -0
package/src/core/forms/rate-limit.ts +52 -0
package/src/core/forms/unique.ts +38 -0
package/src/core/globals/compile.ts +35 -0
package/src/core/globals/definition.ts +27 -0
package/src/core/locales.ts +45 -0
package/src/core/migrations.ts +48 -0
package/src/core/parse-content.ts +85 -0
package/src/core/plugins/definition.ts +150 -0
package/src/core/preview-content.ts +21 -0
package/src/core/repos/entries.ts +504 -0
package/src/core/repos/forms.ts +270 -0
package/src/core/repos/globals.ts +179 -0
package/src/core/repos/media.ts +106 -0
package/src/core/repos/preview-sessions.ts +108 -0
package/src/core/repos/revisions.ts +60 -0
package/src/core/repos/settings.ts +23 -0
package/src/core/schema.ts +244 -0
package/src/core/sets/compile.ts +12 -0
package/src/core/sets/definition.ts +10 -0
package/src/core/sets/service.ts +82 -0
package/src/core/sets/validate-tree.ts +57 -0
package/src/core/sha256.ts +10 -0
package/src/core/slug.ts +30 -0
package/src/scaffold/collection-write.ts +83 -0
package/src/scaffold/collection.ts +277 -0
package/src/server/assets/live-preview-bridge.content.ts +2 -0
package/src/server/assets/live-preview-bridge.js +535 -0
package/src/server/better-auth.ts +82 -0
package/src/server/cf-images.ts +34 -0
package/src/server/cron.ts +37 -0
package/src/server/email.ts +17 -0
package/src/server/endpoints/api-auth.ts +10 -0
package/src/server/endpoints/api-vulse-blueprints.ts +23 -0
package/src/server/endpoints/api-vulse-entries-locales.ts +12 -0
package/src/server/endpoints/api-vulse-entries-move.ts +7 -0
package/src/server/endpoints/api-vulse-entries-publish.ts +7 -0
package/src/server/endpoints/api-vulse-entries-tree.ts +7 -0
package/src/server/endpoints/api-vulse-entries.ts +23 -0
package/src/server/endpoints/api-vulse-form-handle.ts +30 -0
package/src/server/endpoints/api-vulse-form-public.ts +7 -0
package/src/server/endpoints/api-vulse-form-submit.ts +7 -0
package/src/server/endpoints/api-vulse-form-upload.ts +7 -0
package/src/server/endpoints/api-vulse-forms.ts +12 -0
package/src/server/endpoints/api-vulse-globals-handle.ts +20 -0
package/src/server/endpoints/api-vulse-globals-public-handle.ts +7 -0
package/src/server/endpoints/api-vulse-globals-public.ts +7 -0
package/src/server/endpoints/api-vulse-globals-value.ts +8 -0
package/src/server/endpoints/api-vulse-globals.ts +12 -0
package/src/server/endpoints/api-vulse-media-file.ts +7 -0
package/src/server/endpoints/api-vulse-media-id.ts +12 -0
package/src/server/endpoints/api-vulse-media.ts +12 -0
package/src/server/endpoints/api-vulse-preview-bridge.ts +11 -0
package/src/server/endpoints/api-vulse-preview-sessions-id.ts +10 -0
package/src/server/endpoints/api-vulse-preview-sessions.ts +7 -0
package/src/server/endpoints/api-vulse-preview-start.ts +7 -0
package/src/server/endpoints/api-vulse-preview-stop.ts +7 -0
package/src/server/endpoints/api-vulse-revisions-restore.ts +7 -0
package/src/server/endpoints/api-vulse-revisions.ts +7 -0
package/src/server/endpoints/api-vulse-search.ts +7 -0
package/src/server/endpoints/api-vulse-sets.ts +23 -0
package/src/server/endpoints/api-vulse-settings.ts +12 -0
package/src/server/endpoints/api-vulse-users-id.ts +12 -0
package/src/server/endpoints/api-vulse-users-reset-password.ts +7 -0
package/src/server/endpoints/api-vulse-users-role.ts +9 -0
package/src/server/endpoints/api-vulse-users.ts +7 -0
package/src/server/endpoints/with-runtime.ts +11 -0
package/src/server/env.ts +23 -0
package/src/server/envelope.ts +21 -0
package/src/server/forms/email.ts +11 -0
package/src/server/forms/process-submission.ts +95 -0
package/src/server/forms/queue.ts +25 -0
package/src/server/forms/templates.ts +24 -0
package/src/server/forms/webhook.ts +19 -0
package/src/server/handler.ts +66 -0
package/src/server/image-probe.ts +35 -0
package/src/server/loader.ts +54 -0
package/src/server/plugins.ts +214 -0
package/src/server/preview.ts +25 -0
package/src/server/r2.ts +13 -0
package/src/server/routes/blueprints.ts +62 -0
package/src/server/routes/entries.ts +255 -0
package/src/server/routes/form-submit.ts +168 -0
package/src/server/routes/form-upload.ts +100 -0
package/src/server/routes/forms.ts +88 -0
package/src/server/routes/globals-public.ts +30 -0
package/src/server/routes/globals.ts +93 -0
package/src/server/routes/media.ts +145 -0
package/src/server/routes/preview-sessions.ts +76 -0
package/src/server/routes/preview.ts +36 -0
package/src/server/routes/revisions.ts +29 -0
package/src/server/routes/search.ts +31 -0
package/src/server/routes/sets.ts +40 -0
package/src/server/routes/settings.ts +24 -0
package/src/server/routes/users.ts +127 -0
package/src/server/runtime.ts +99 -0
package/src/server/sdk/collections.ts +98 -0
package/src/server/sdk/index.ts +25 -0
package/src/server/sdk/media.ts +11 -0
package/src/server/sdk/search.ts +90 -0

package/src/server/forms/templates.ts ADDED Viewed

@@ -0,0 +1,24 @@
+import type { FormDefinition } from '../../core/forms/definition.js'
+import type { SubmissionRow } from '../../core/repos/forms.js'
+export interface TemplateContext {
+  form: FormDefinition
+  submission: SubmissionRow
+  payload: Record<string, unknown>
+}
+export function renderTemplate(template: string, ctx: TemplateContext): string {
+  const tokens: Record<string, string> = {
+    'form.label': ctx.form.label,
+    'submission.id': ctx.submission.id,
+    'submission.created_at': ctx.submission.createdAt.toISOString(),
+  }
+  for (const [key, value] of Object.entries(ctx.payload)) {
+    tokens[key] = value === null || value === undefined ? '' : String(value)
+  }
+  return template.replace(/\{\{([^}]+)\}\}/g, (_, key: string) => {
+    const trimmed = key.trim()
+    return tokens[trimmed] ?? ''
+  })
+}

package/src/server/forms/webhook.ts ADDED Viewed

@@ -0,0 +1,19 @@
+export async function sendFormWebhook(
+  url: string,
+  payload: unknown,
+  headers: Record<string, string> = {},
+): Promise<void> {
+  const controller = new AbortController()
+  const timeout = setTimeout(() => controller.abort(), 5000)
+  try {
+    const res = await fetch(url, {
+      method: 'POST',
+      headers: { 'content-type': 'application/json', ...headers },
+      body: JSON.stringify(payload),
+      signal: controller.signal,
+    })
+    if (!res.ok) throw new Error(`webhook failed: ${res.status}`)
+  } finally {
+    clearTimeout(timeout)
+  }
+}

package/src/server/handler.ts ADDED Viewed

@@ -0,0 +1,66 @@
+import { z } from 'astro/zod'
+import type { Auth } from './better-auth.js'
+import type { AuthContext, Role } from '../core/blueprints/types.js'
+import { AccessDeniedError, ValidationError } from '../core/errors.js'
+import { fail, ok } from './envelope.js'
+export interface HandlerCtx<P, B> {
+  request: Request
+  url: URL
+  params: P
+  body: B
+  auth: AuthContext
+}
+export interface HandlerOptions<P, B> {
+  params?: z.ZodType<P>
+  body?: z.ZodType<B>
+  requireRole?: Role[]
+}
+export function defineHandler<P = unknown, B = unknown, R = unknown>(
+  auth: Auth,
+  opts: HandlerOptions<P, B>,
+  fn: (ctx: HandlerCtx<P, B>) => Promise<R>,
+) {
+  return async (request: Request, rawParams: Record<string, string> = {}): Promise<Response> => {
+    try {
+      const url = new URL(request.url)
+      let params: P = rawParams as unknown as P
+      if (opts.params) {
+        const parsed = opts.params.safeParse(rawParams)
+        if (!parsed.success) throw new ValidationError('Invalid params', { issues: parsed.error.issues })
+        params = parsed.data
+      }
+      let body: B = undefined as unknown as B
+      if (opts.body && request.method !== 'GET' && request.method !== 'DELETE') {
+        const raw = await request.json().catch(() => undefined)
+        const parsed = opts.body.safeParse(raw)
+        if (!parsed.success) throw new ValidationError('Invalid body', { issues: parsed.error.issues })
+        body = parsed.data
+      }
+      const session = await auth.api.getSession({ headers: request.headers })
+      const authCtx: AuthContext = session ? {
+        user: {
+          id: session.user.id,
+          email: session.user.email,
+          role: (session.user as { role?: Role }).role ?? 'member',
+        },
+      } : { user: null }
+      if (opts.requireRole && !authCtx.user) throw new AccessDeniedError('Authentication required')
+      if (opts.requireRole && authCtx.user && !opts.requireRole.includes(authCtx.user.role)) {
+        throw new AccessDeniedError(`Requires role: ${opts.requireRole.join(' or ')}`)
+      }
+      const result = await fn({ request, url, params, body, auth: authCtx })
+      if (result instanceof Response) return result
+      return ok(result)
+    } catch (err) {
+      return fail(err)
+    }
+  }
+}

package/src/server/image-probe.ts ADDED Viewed

@@ -0,0 +1,35 @@
+/** Returns {width,height} from image headers without decoding the full file. */
+export function probeDimensions(buf: ArrayBuffer, mime: string): { width: number; height: number } | null {
+  const v = new DataView(buf)
+  if (mime === 'image/png') {
+    if (v.byteLength < 24) return null
+    return { width: v.getUint32(16), height: v.getUint32(20) }
+  }
+  if (mime === 'image/jpeg') {
+    let i = 2
+    while (i < v.byteLength) {
+      if (v.getUint8(i) !== 0xff) return null
+      const marker = v.getUint8(i + 1)
+      const len = v.getUint16(i + 2)
+      if ((marker >= 0xc0 && marker <= 0xcf) && marker !== 0xc4 && marker !== 0xc8 && marker !== 0xcc) {
+        return { height: v.getUint16(i + 5), width: v.getUint16(i + 7) }
+      }
+      i += 2 + len
+    }
+    return null
+  }
+  if (mime === 'image/webp') {
+    if (v.byteLength < 30) return null
+    if (String.fromCharCode(v.getUint8(12), v.getUint8(13), v.getUint8(14), v.getUint8(15)) === 'VP8L') {
+      const b0 = v.getUint8(21)
+      const b1 = v.getUint8(22)
+      const b2 = v.getUint8(23)
+      const b3 = v.getUint8(24)
+      const width = 1 + (((b1 & 0x3f) << 8) | b0)
+      const height = 1 + (((b3 & 0x0f) << 10) | (b2 << 2) | ((b1 & 0xc0) >> 6))
+      return { width, height }
+    }
+    return null
+  }
+  return null
+}

package/src/server/loader.ts ADDED Viewed

@@ -0,0 +1,54 @@
+import type { Loader } from 'astro/loaders'
+import { createDb } from '../core/db.js'
+import { readLocalesConfig } from '../core/locales.js'
+import { EntriesRepo } from '../core/repos/entries.js'
+export interface VulseLoaderOptions {
+  collection: string
+  locale?: string
+}
+declare global {
+  // eslint-disable-next-line no-var
+  var __VULSE_TEST_DB__: D1Database | undefined
+}
+function resolveBinding(ctx: unknown): D1Database {
+  const c = ctx as { _vulseTestBinding?: D1Database }
+  if (c._vulseTestBinding) return c._vulseTestBinding
+  if (globalThis.__VULSE_TEST_DB__) return globalThis.__VULSE_TEST_DB__
+  throw new Error('vulseLoader: no D1 binding available. See https://vulse.dev/docs/loader-binding')
+}
+export function vulseLoader(opts: VulseLoaderOptions): Loader {
+  return {
+    name: `vulse-loader-${opts.collection}`,
+    load: async (ctx) => {
+      const includeDrafts = (ctx as { _vulseIncludeDrafts?: boolean })._vulseIncludeDrafts ?? false
+      const db = createDb(resolveBinding(ctx))
+      const repo = new EntriesRepo(db)
+      const locale = opts.locale ?? (await readLocalesConfig(db)).defaultLocale
+      const rows = await repo.list({
+        collection: opts.collection,
+        locale,
+        ...(includeDrafts ? {} : { status: 'published' }),
+      })
+      ctx.store.clear()
+      for (const r of rows) {
+        await ctx.store.set({
+          id: r.id,
+          digest: `v${r.version}`,
+          data: {
+            ...((r.content as Record<string, unknown>) ?? {}),
+            id: r.id,
+            slug: r.slug,
+            status: r.status,
+            publishedAt: r.publishedAt?.toISOString() ?? null,
+            updatedAt: r.updatedAt.toISOString(),
+          },
+        })
+      }
+    },
+  }
+}

package/src/server/plugins.ts ADDED Viewed

@@ -0,0 +1,214 @@
+import { ValidationError } from '../core/errors.js'
+import {
+  assertValidPluginId,
+  type AuthUserBeforeCreateResult,
+  type AuthUserCreateEvent,
+  type AuthUserCreateInput,
+  type AuthUserCreatedEvent,
+  type FormAfterSubmitEvent,
+  type FormBeforeSubmitEvent,
+  type FormBeforeSubmitResult,
+  type FormProcessEvent,
+  type MaybePromise,
+  type VulseHookName,
+  type VulsePlugin,
+  type VulsePluginContext,
+} from '../core/plugins/definition.js'
+import { sendFormEmail } from './forms/email.js'
+import type { FormEmailEnv } from './forms/email.js'
+const DEFAULT_HOOK_TIMEOUT_MS = 5_000
+interface RegisteredPlugin {
+  plugin: VulsePlugin
+  order: number
+}
+let registeredPlugins: RegisteredPlugin[] = []
+function orderedPlugins(): RegisteredPlugin[] {
+  return [...registeredPlugins].sort((a, b) => {
+    const priority = (b.plugin.priority ?? 0) - (a.plugin.priority ?? 0)
+    return priority || a.order - b.order
+  })
+}
+export function setVulsePlugins(plugins: VulsePlugin[] = []): void {
+  const seen = new Set<string>()
+  registeredPlugins = plugins.map((plugin, order) => {
+    assertValidPluginId(plugin.id)
+    if (seen.has(plugin.id)) throw new Error(`Vulse plugin "${plugin.id}" is registered more than once`)
+    seen.add(plugin.id)
+    return { plugin, order }
+  })
+}
+export function getVulsePlugins(): VulsePlugin[] {
+  return orderedPlugins().map(({ plugin }) => plugin)
+}
+export function __testResetVulsePlugins(): void {
+  registeredPlugins = []
+}
+function loggerFor(pluginId: string): VulsePluginContext['logger'] {
+  return {
+    debug: (message, data) => console.debug(`[vulse:${pluginId}] ${message}`, data ?? ''),
+    info: (message, data) => console.info(`[vulse:${pluginId}] ${message}`, data ?? ''),
+    warn: (message, data) => console.warn(`[vulse:${pluginId}] ${message}`, data ?? ''),
+    error: (message, data) => console.error(`[vulse:${pluginId}] ${message}`, data ?? ''),
+  }
+}
+function pluginContext(pluginId: string, env?: Record<string, unknown>): VulsePluginContext {
+  const safeEnv = env ?? {}
+  return {
+    env: safeEnv,
+    logger: loggerFor(pluginId),
+    email: {
+      send: async (input) => {
+        await sendFormEmail(safeEnv as FormEmailEnv, {
+          to: input.to,
+          subject: input.subject,
+          body: input.body ?? input.text ?? input.html ?? '',
+        })
+      },
+    },
+  }
+}
+async function withTimeout<T>(
+  promise: Promise<T>,
+  pluginId: string,
+  hookName: VulseHookName,
+): Promise<T> {
+  let timeout: ReturnType<typeof setTimeout> | undefined
+  try {
+    return await Promise.race([
+      promise,
+      new Promise<never>((_, reject) => {
+        timeout = setTimeout(() => {
+          reject(new Error(`Vulse plugin "${pluginId}" hook "${hookName}" timed out`))
+        }, DEFAULT_HOOK_TIMEOUT_MS)
+      }),
+    ])
+  } finally {
+    if (timeout) clearTimeout(timeout)
+  }
+}
+async function invokeHook<TEvent, TResult>(
+  plugin: VulsePlugin,
+  hookName: VulseHookName,
+  event: TEvent,
+  env: Record<string, unknown> | undefined,
+): Promise<TResult | undefined> {
+  const hook = plugin.hooks?.[hookName] as
+    | ((event: TEvent, ctx: VulsePluginContext) => MaybePromise<TResult>)
+    | undefined
+  if (!hook) return undefined
+  return await withTimeout(
+    Promise.resolve(hook(event, pluginContext(plugin.id, env))),
+    plugin.id,
+    hookName,
+  )
+}
+async function runContinueHook<TEvent>(
+  hookName: VulseHookName,
+  event: TEvent,
+  env?: Record<string, unknown>,
+): Promise<void> {
+  for (const { plugin } of orderedPlugins()) {
+    try {
+      await invokeHook<TEvent, void>(plugin, hookName, event, env)
+    } catch (err) {
+      pluginContext(plugin.id, env).logger.error(`Hook "${hookName}" failed`, err)
+    }
+  }
+}
+export async function runFormBeforeSubmitHooks(
+  event: FormBeforeSubmitEvent,
+  env?: Record<string, unknown>,
+): Promise<{ action: 'continue'; payload: Record<string, unknown> } | { action: 'drop'; reason?: string }> {
+  let payload = event.payload
+  for (const { plugin } of orderedPlugins()) {
+    const result = await invokeHook<FormBeforeSubmitEvent, FormBeforeSubmitResult>(
+      plugin,
+      'form:beforeSubmit',
+      { ...event, payload },
+      env,
+    )
+    if (!result) continue
+    if (result.action === 'drop') {
+      return { action: 'drop', ...(result.reason ? { reason: result.reason } : {}) }
+    }
+    if (result.action === 'reject') {
+      throw new ValidationError(result.message ?? `Submission rejected by plugin "${plugin.id}"`, { plugin: plugin.id })
+    }
+    if (result.payload) payload = result.payload
+  }
+  return { action: 'continue', payload }
+}
+export async function runFormAfterSubmitHooks(
+  event: FormAfterSubmitEvent,
+  env?: Record<string, unknown>,
+): Promise<void> {
+  await runContinueHook('form:afterSubmit', event, env)
+}
+export async function runFormBeforeProcessHooks(
+  event: FormProcessEvent,
+  env?: Record<string, unknown>,
+): Promise<void> {
+  for (const { plugin } of orderedPlugins()) {
+    await invokeHook<FormProcessEvent, void>(plugin, 'form:beforeProcess', event, env)
+  }
+}
+export async function runFormAfterProcessHooks(
+  event: FormProcessEvent,
+  env?: Record<string, unknown>,
+): Promise<void> {
+  await runContinueHook('form:afterProcess', event, env)
+}
+export async function runAuthUserBeforeCreateHooks(
+  event: AuthUserCreateEvent,
+  env?: Record<string, unknown>,
+): Promise<AuthUserCreateInput | false | undefined> {
+  let user = event.user
+  let changed = false
+  for (const { plugin } of orderedPlugins()) {
+    const result = await invokeHook<AuthUserCreateEvent, AuthUserBeforeCreateResult>(
+      plugin,
+      'auth:userBeforeCreate',
+      { user },
+      env,
+    )
+    if (result === false) return false
+    if (!result) continue
+    if (result.action === 'reject') {
+      throw new Error(result.message ?? `User rejected by plugin "${plugin.id}"`)
+    }
+    if (result.data) {
+      user = { ...user, ...result.data }
+      changed = true
+    }
+  }
+  return changed ? user : undefined
+}
+export async function runAuthUserAfterCreateHooks(
+  event: AuthUserCreatedEvent,
+  env?: Record<string, unknown>,
+): Promise<void> {
+  await runContinueHook('auth:userAfterCreate', event, env)
+}

package/src/server/preview.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import { SignJWT, jwtVerify } from 'jose'
+const ALG = 'HS256'
+export async function mintPreviewToken(secret: string, userId: string, ttlSeconds = 60 * 60): Promise<string> {
+  const key = new TextEncoder().encode(secret)
+  return await new SignJWT({ sub: userId, kind: 'vulse-preview' })
+    .setProtectedHeader({ alg: ALG })
+    .setExpirationTime(Math.floor(Date.now() / 1000) + ttlSeconds)
+    .sign(key)
+}
+export async function verifyPreviewToken(secret: string, token: string): Promise<boolean> {
+  try {
+    const key = new TextEncoder().encode(secret)
+    const { payload } = await jwtVerify(token, key)
+    return payload.kind === 'vulse-preview'
+  } catch {
+    return false
+  }
+}
+export function previewSecret(env: { VULSE_PREVIEW_SECRET?: string; BETTER_AUTH_SECRET: string }): string {
+  return env.VULSE_PREVIEW_SECRET ?? env.BETTER_AUTH_SECRET
+}

package/src/server/r2.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import { nanoid } from 'nanoid'
+export interface UploadContext { bucket: R2Bucket }
+export async function putToR2(ctx: UploadContext, body: ArrayBuffer, mime: string): Promise<{ key: string }> {
+  const key = `${new Date().toISOString().slice(0, 10)}/${nanoid()}`
+  await ctx.bucket.put(key, body, { httpMetadata: { contentType: mime } })
+  return { key }
+}
+export async function deleteFromR2(ctx: UploadContext, key: string): Promise<void> {
+  await ctx.bucket.delete(key)
+}

package/src/server/routes/blueprints.ts ADDED Viewed

@@ -0,0 +1,62 @@
+import { z } from 'astro/zod'
+import type { Auth } from '../better-auth.js'
+import type { VulseDb } from '../../core/db.js'
+import {
+  BlueprintDefinitionSchema,
+  BlueprintDefinitionWithRenamesSchema,
+} from '../../core/blueprints/definition.js'
+import {
+  createBlueprint,
+  deleteBlueprint,
+  getBlueprintDefinition,
+  listBlueprintDefinitions,
+  updateBlueprint,
+} from '../../core/blueprints/mutations.js'
+import { _resetRegistry } from '../../core/blueprints/load.js'
+import { _resetRuntime } from '../runtime.js'
+import { defineHandler } from '../handler.js'
+const paramsHandle = z.object({ handle: z.string() })
+export function blueprintsRoutes(db: VulseDb, auth: Auth) {
+  return {
+    list: defineHandler(auth, {}, async () => listBlueprintDefinitions(db)),
+    get: defineHandler(auth, { params: paramsHandle }, async ({ params }) => {
+      const def = await getBlueprintDefinition(db, params.handle)
+      if (!def) throw new (await import('../../core/errors.js')).NotFoundError('blueprint not found')
+      return def
+    }),
+    create: defineHandler(auth, {
+      body: BlueprintDefinitionSchema,
+      requireRole: ['admin'],
+    }, async ({ body }) => {
+      const out = await createBlueprint(db, body)
+      _resetRegistry()
+      _resetRuntime()
+      return out
+    }),
+    update: defineHandler(auth, {
+      params: paramsHandle,
+      body: BlueprintDefinitionWithRenamesSchema,
+      requireRole: ['admin'],
+    }, async ({ params, body }) => {
+      const out = await updateBlueprint(db, params.handle, body)
+      _resetRegistry()
+      _resetRuntime()
+      return out
+    }),
+    delete: defineHandler(auth, {
+      params: paramsHandle,
+      requireRole: ['admin'],
+    }, async ({ params }) => {
+      await deleteBlueprint(db, params.handle)
+      _resetRegistry()
+      _resetRuntime()
+      return null
+    }),
+  }
+}