@emdash-cms/cloudflare 0.0.1

package/src/db/do-preview.ts

@@ -0,0 +1,268 @@
+/**
+ * Preview middleware for Durable Object-backed preview databases.
+ *
+ * This middleware intercepts requests to a preview service, validates
+ * signed preview URLs, creates/resolves DO sessions, populates snapshots,
+ * and overrides the request-context DB so all queries route to the
+ * isolated DO database.
+ *
+ * Designed to be registered as Astro middleware in a preview Worker.
+ *
+ * @example
+ * ```ts
+ * // src/middleware.ts (in the preview Worker)
+ * import { createPreviewMiddleware } from "@emdash-cms/cloudflare/db/do";
+ *
+ * export const onRequest = createPreviewMiddleware({
+ *   binding: "PREVIEW_DB",
+ *   secret: import.meta.env.PREVIEW_SECRET,
+ * });
+ * ```
+ */
+
+import type { MiddlewareHandler } from "astro";
+import { env } from "cloudflare:workers";
+import { Kysely } from "kysely";
+import { runWithContext } from "emdash/request-context";
+import { ulid } from "ulidx";
+
+import type { EmDashPreviewDB } from "./do-class.js";
+import { PreviewDODialect } from "./do-dialect.js";
+import type { PreviewDBStub } from "./do-dialect.js";
+import { isBlockedInPreview } from "./do-preview-routes.js";
+import { verifyPreviewSignature } from "./do-preview-sign.js";
+import { renderPreviewToolbar } from "./preview-toolbar.js";
+
+/** Configuration for the preview middleware */
+export interface PreviewMiddlewareConfig {
+	/** Durable Object binding name (from wrangler.jsonc) */
+	binding: string;
+	/** HMAC secret for validating signed preview URLs */
+	secret: string;
+	/** TTL for preview data in seconds (default: 3600 = 1 hour) */
+	ttl?: number;
+	/** Cookie name for session token (default: "emdash_preview") */
+	cookieName?: string;
+}
+
+/**
+ * Simple loading interstitial HTML.
+ * Auto-reloads after a short delay to check if the snapshot is ready.
+ */
+function loadingPage(): string {
+	return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<meta http-equiv="refresh" content="2">
+<title>Loading preview...</title>
+<style>
+body { font-family: system-ui, sans-serif; display: flex; align-items: center; justify-content: center; min-height: 100vh; margin: 0; background: #fafafa; color: #333; }
+.spinner { width: 40px; height: 40px; border: 3px solid #e0e0e0; border-top-color: #333; border-radius: 50%; animation: spin 0.8s linear infinite; margin-right: 16px; }
+@keyframes spin { to { transform: rotate(360deg); } }
+</style>
+</head>
+<body>
+<div class="spinner"></div>
+<p>Loading preview&hellip;</p>
+</body>
+</html>`;
+}
+
+/**
+ * Create an Astro-compatible preview middleware.
+ *
+ * Returns a middleware function that can be used in `defineMiddleware()`
+ * or composed via `sequence()`.
+ */
+export function createPreviewMiddleware(config: PreviewMiddlewareConfig): MiddlewareHandler {
+	const { binding, secret, ttl = 3600, cookieName = "emdash_preview" } = config;
+
+	return async function previewMiddleware(context, next) {
+		const { url, cookies } = context;
+
+		// --- 0a. Reload endpoint ---
+		// The toolbar POSTs here to clear the httpOnly session cookie and
+		// redirect back with the original signed params for a fresh snapshot.
+		if (url.pathname === "/_preview/reload") {
+			cookies.delete(cookieName, { path: "/" });
+			let redirectTo = "/";
+			const paramsCookie = cookies.get(`${cookieName}_params`)?.value;
+			if (paramsCookie) {
+				const parts = decodeURIComponent(paramsCookie).split("\n");
+				if (parts.length === 3) {
+					const reloadUrl = new URL("/", url.origin);
+					reloadUrl.searchParams.set("source", parts[0]!);
+					reloadUrl.searchParams.set("exp", parts[1]!);
+					reloadUrl.searchParams.set("sig", parts[2]!);
+					redirectTo = reloadUrl.pathname + reloadUrl.search;
+				}
+			}
+			return context.redirect(redirectTo);
+		}
+
+		// --- 0b. Route gating ---
+		// Block admin UI, auth, and setup routes. These depend on state
+		// (users, sessions, credentials) that doesn't exist in preview snapshots.
+		if (isBlockedInPreview(url.pathname)) {
+			return Response.json(
+				{ error: { code: "PREVIEW_MODE", message: "Not available in preview mode" } },
+				{ status: 403 },
+			);
+		}
+
+		// --- 1. Resolve session token ---
+		let sessionToken: string | undefined = cookies.get(cookieName)?.value;
+		let sourceUrl: string | null = null;
+		let snapshotSignature: string | null = null;
+
+		if (!sessionToken) {
+			// No cookie — must have a signed URL
+			const source = url.searchParams.get("source");
+			const exp = url.searchParams.get("exp");
+			const sig = url.searchParams.get("sig");
+
+			if (!source || !exp || !sig) {
+				return new Response("Missing preview parameters", { status: 400 });
+			}
+
+			const expNum = parseInt(exp, 10);
+			if (isNaN(expNum) || expNum < Date.now() / 1000) {
+				return new Response("Preview link expired", { status: 403 });
+			}
+
+			const valid = await verifyPreviewSignature(source, expNum, sig, secret);
+			if (!valid) {
+				return new Response("Invalid preview signature", { status: 403 });
+			}
+
+			// Generate session
+			sessionToken = ulid();
+			sourceUrl = source;
+			// Build the signature header value for snapshot fetch: "source:exp:sig"
+			snapshotSignature = `${source}:${exp}:${sig}`;
+
+			cookies.set(cookieName, sessionToken, {
+				httpOnly: true,
+				sameSite: "lax",
+				path: "/",
+				maxAge: ttl,
+			});
+			// Store the signed params so the toolbar can trigger a reload.
+			// Not httpOnly — the toolbar script needs to read them.
+			cookies.set(`${cookieName}_params`, `${source}\n${exp}\n${sig}`, {
+				sameSite: "lax",
+				path: "/",
+				maxAge: ttl,
+			});
+		}
+
+		// --- 2. Get DO stub ---
+		// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- Worker binding from untyped env
+		const ns = (env as Record<string, unknown>)[binding];
+		if (!ns) {
+			console.error(`Preview binding "${binding}" not found in environment`);
+			return new Response("Preview service misconfigured", { status: 500 });
+		}
+		// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- DO namespace from untyped env
+		const namespace = ns as DurableObjectNamespace<EmDashPreviewDB>;
+		const doId = namespace.idFromName(sessionToken);
+		const stub = namespace.get(doId);
+
+		// --- 3. Populate from snapshot if needed ---
+		let snapshotGeneratedAt: string | undefined;
+		let snapshotError: string | undefined;
+
+		if (!sourceUrl) {
+			// Returning session — get metadata from the DO
+			try {
+				const meta = await stub.getSnapshotMeta();
+				snapshotGeneratedAt = meta?.generatedAt;
+			} catch {
+				// DO may have expired or been cleaned up
+			}
+		}
+
+		if (sourceUrl && snapshotSignature) {
+			try {
+				// Pass the full signature header value (source:exp:sig) so the DO
+				// can send it as X-Preview-Signature when fetching the snapshot.
+				const result = await stub.populateFromSnapshot(sourceUrl, snapshotSignature, { ttl });
+				snapshotGeneratedAt = result.generatedAt;
+
+				// Snapshot loaded — redirect to strip signed params from the URL.
+				// Astro's cookie buffer flushes on context.redirect().
+				const cleanUrl = new URL(url);
+				cleanUrl.searchParams.delete("source");
+				cleanUrl.searchParams.delete("exp");
+				cleanUrl.searchParams.delete("sig");
+				return context.redirect(cleanUrl.pathname + cleanUrl.search);
+			} catch (error) {
+				const message = error instanceof Error ? error.message : String(error);
+				console.error("Failed to populate preview snapshot:", message);
+				snapshotError = message;
+
+				// If this is the initial load (no session yet), show a loading page.
+				// If we already have a session, continue with stale data and show the error in the toolbar.
+				if (!cookies.get(cookieName)?.value) {
+					return new Response(loadingPage(), {
+						status: 503,
+						headers: {
+							"Content-Type": "text/html",
+							"Retry-After": "2",
+						},
+					});
+				}
+			}
+		}
+
+		// --- 4. Create Kysely dialect pointing at the DO ---
+		const getStub = (): PreviewDBStub => {
+			// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- RPC type limitation
+			return stub as unknown as PreviewDBStub;
+		};
+		const dialect = new PreviewDODialect({ getStub });
+
+		// --- 5. Create Kysely instance and override request-context DB ---
+		// eslint-disable-next-line @typescript-eslint/no-explicit-any
+		const previewDb = new Kysely<any>({ dialect });
+
+		return runWithContext(
+			{
+				editMode: false,
+				db: previewDb,
+			},
+			async () => {
+				const response = await next();
+				return injectPreviewToolbar(response, {
+					generatedAt: snapshotGeneratedAt,
+					source: sourceUrl ?? undefined,
+					error: snapshotError,
+				});
+			},
+		);
+	};
+}
+
+/**
+ * Inject preview toolbar HTML into an HTML response.
+ * Returns the original response unchanged for non-HTML responses.
+ */
+async function injectPreviewToolbar(
+	response: Response,
+	config: { generatedAt?: string; source?: string; error?: string },
+): Promise<Response> {
+	const contentType = response.headers.get("content-type");
+	if (!contentType?.includes("text/html")) return response;
+
+	const html = await response.text();
+	if (!html.includes("</body>")) return new Response(html, response);
+
+	const toolbarHtml = renderPreviewToolbar(config);
+	const injected = html.replace("</body>", `${toolbarHtml}</body>`);
+	return new Response(injected, {
+		status: response.status,
+		headers: response.headers,
+	});
+}

package/src/db/do-types.ts

@@ -0,0 +1,12 @@
+/**
+ * Shared Durable Object config types (preview-only)
+ *
+ * Imported by both the config-time entry (index.ts) and the runtime entry (do.ts).
+ * This module must NOT import from cloudflare:workers so it stays safe at config time.
+ */
+
+/** Durable Object preview database configuration */
+export interface PreviewDOConfig {
+	/** Wrangler binding name for the DO namespace */
+	binding: string;
+}

package/src/db/do.ts

@@ -0,0 +1,62 @@
+/**
+ * Durable Object preview database — RUNTIME ENTRY
+ *
+ * Creates a Kysely dialect backed by a preview Durable Object.
+ * Loaded at runtime via virtual module when preview database queries are needed.
+ *
+ * This module imports directly from cloudflare:workers to access the DO binding.
+ * Do NOT import this at config time.
+ */
+
+import { env } from "cloudflare:workers";
+import type { Dialect } from "kysely";
+
+import type { EmDashPreviewDB } from "./do-class.js";
+import { PreviewDODialect } from "./do-dialect.js";
+import type { PreviewDBStub } from "./do-dialect.js";
+import type { PreviewDOConfig } from "./do-types.js";
+
+/**
+ * Create a preview DO dialect from config.
+ *
+ * The caller is responsible for resolving the DO name (session token).
+ * This is passed as `config.name` by the preview middleware.
+ */
+export function createDialect(config: PreviewDOConfig & { name: string }): Dialect {
+	// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- Worker binding accessed from untyped env object
+	const ns = (env as Record<string, unknown>)[config.binding];
+
+	if (!ns) {
+		throw new Error(
+			`Durable Object binding "${config.binding}" not found in environment. ` +
+				`Check your wrangler.jsonc configuration:\n\n` +
+				`[durable_objects]\n` +
+				`bindings = [\n` +
+				`  { name = "${config.binding}", class_name = "EmDashPreviewDB" }\n` +
+				`]\n\n` +
+				`[[migrations]]\n` +
+				`tag = "v1"\n` +
+				`new_sqlite_classes = ["EmDashPreviewDB"]`,
+		);
+	}
+
+	// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- DO namespace binding from untyped env object
+	const namespace = ns as DurableObjectNamespace<EmDashPreviewDB>;
+	const id = namespace.idFromName(config.name);
+
+	// Return a factory that creates a fresh stub per connection.
+	const getStub = (): PreviewDBStub => {
+		const stub = namespace.get(id);
+		// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- Rpc type limitation with unknown in return types
+		return stub as unknown as PreviewDBStub;
+	};
+
+	return new PreviewDODialect({ getStub });
+}
+
+// Re-export the DO class and preview middleware for user convenience
+export { EmDashPreviewDB } from "./do-class.js";
+export { createPreviewMiddleware } from "./do-preview.js";
+export type { PreviewMiddlewareConfig } from "./do-preview.js";
+export { isBlockedInPreview } from "./do-preview-routes.js";
+export { signPreviewUrl, verifyPreviewSignature } from "./do-preview-sign.js";

package/src/db/playground-middleware.ts

@@ -0,0 +1,340 @@
+/**
+ * Playground middleware — injected by the EmDash integration as order: "pre".
+ *
+ * Runs BEFORE the EmDash runtime init middleware. Creates a per-session
+ * Durable Object database, runs migrations, applies the seed, creates an
+ * anonymous admin user, and sets the DB in ALS via runWithContext().
+ *
+ * By the time the runtime middleware runs, the ALS-scoped DB is ready.
+ * The runtime's `db` getter checks ALS first, so all init queries
+ * (migrations, FTS, cron, manifest) operate on the real DO database.
+ *
+ * This module is registered via `addMiddleware({ entrypoint: "..." })` in
+ * the integration, NOT in the user's src/middleware.ts.
+ */
+
+import { defineMiddleware } from "astro:middleware";
+import { env } from "cloudflare:workers";
+import { Kysely, sql } from "kysely";
+import { ulid } from "ulidx";
+// @ts-ignore - virtual module populated by EmDash integration at build time
+import virtualConfig from "virtual:emdash/config";
+
+import type { EmDashPreviewDB } from "./do-class.js";
+import { PreviewDODialect } from "./do-dialect.js";
+import type { PreviewDBStub } from "./do-dialect.js";
+import { isBlockedInPlayground } from "./do-playground-routes.js";
+import { renderPlaygroundToolbar } from "./playground-toolbar.js";
+
+/** Default TTL for playground data (1 hour) */
+const DEFAULT_TTL = 3600;
+
+/** Cookie name for playground session */
+const COOKIE_NAME = "emdash_playground";
+
+/** Playground admin user constants */
+const PLAYGROUND_USER_ID = "playground-admin";
+const PLAYGROUND_USER_EMAIL = "playground@emdashcms.com";
+const PLAYGROUND_USER_NAME = "Playground User";
+const PLAYGROUND_USER_ROLE = 50; // Admin
+
+const PLAYGROUND_USER = {
+	id: PLAYGROUND_USER_ID,
+	email: PLAYGROUND_USER_EMAIL,
+	name: PLAYGROUND_USER_NAME,
+	role: PLAYGROUND_USER_ROLE,
+};
+
+/** Track which DOs have been initialized this Worker lifetime */
+const initializedSessions = new Set<string>();
+
+/**
+ * Read the DO binding name from the virtual config.
+ * The database config has the binding in `config.database.config.binding`.
+ */
+function getBindingName(): string {
+	// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- virtual module import
+	const config = virtualConfig as { database?: { config?: { binding?: string } } } | null;
+	const binding = config?.database?.config?.binding;
+	if (!binding) {
+		throw new Error(
+			"Playground middleware: no database binding found in config. " +
+				"Ensure database: playgroundDatabase({ binding: '...' }) is set.",
+		);
+	}
+	return binding;
+}
+
+/**
+ * Get a PreviewDBStub for the given session token.
+ */
+function getStub(binding: string, token: string): PreviewDBStub {
+	// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- Worker binding from untyped env
+	const ns = (env as Record<string, unknown>)[binding];
+	if (!ns) {
+		throw new Error(`Playground binding "${binding}" not found in environment`);
+	}
+	// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- DO namespace from untyped env
+	const namespace = ns as DurableObjectNamespace<EmDashPreviewDB>;
+	const doId = namespace.idFromName(token);
+	const stub = namespace.get(doId);
+	// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- RPC type limitation
+	return stub as unknown as PreviewDBStub;
+}
+
+/**
+ * Get the full DO stub for direct RPC calls (e.g. setTtlAlarm).
+ */
+function getFullStub(binding: string, token: string): DurableObjectStub<EmDashPreviewDB> {
+	// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- Worker binding from untyped env
+	const ns = (env as Record<string, unknown>)[binding];
+	if (!ns) {
+		throw new Error(`Playground binding "${binding}" not found in environment`);
+	}
+	// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- DO namespace from untyped env
+	const namespace = ns as DurableObjectNamespace<EmDashPreviewDB>;
+	const doId = namespace.idFromName(token);
+	return namespace.get(doId);
+}
+
+/**
+ * Derive a created-at timestamp from the ULID session token.
+ */
+function getSessionCreatedAt(token: string): string {
+	try {
+		const ENCODING = "0123456789ABCDEFGHJKMNPQRSTVWXYZ";
+		let time = 0;
+		const chars = token.toUpperCase().slice(0, 10);
+		for (const char of chars) {
+			time = time * 32 + ENCODING.indexOf(char);
+		}
+		return new Date(time).toISOString();
+	} catch {
+		return new Date().toISOString();
+	}
+}
+
+/**
+ * Initialize a playground DO: run migrations, apply seed, create admin user.
+ */
+async function initializePlayground(
+	// eslint-disable-next-line @typescript-eslint/no-explicit-any
+	db: Kysely<any>,
+	token: string,
+): Promise<void> {
+	// Check if already initialized (persisted in the DO)
+	try {
+		const { rows } = await sql<{ value: string }>`
+			SELECT value FROM options WHERE name = ${"emdash:setup_complete"}
+		`.execute(db);
+
+		if (rows.length > 0) {
+			return;
+		}
+	} catch {
+		// Table doesn't exist yet -- first initialization
+	}
+
+	console.log(`[playground] Initializing session ${token}`);
+
+	// 1. Run all EmDash migrations.
+	// If the DO was previously initialized (persisted state) but somehow the
+	// setup_complete flag is missing, migrations may partially fail on tables
+	// that already exist. Treat migration errors as non-fatal if there are
+	// tables present (i.e. the DO was previously initialized).
+	const { runMigrations } = await import("emdash/db");
+	try {
+		const migrations = await runMigrations(db);
+		console.log(`[playground] Migrations applied: ${migrations.applied.length}`);
+	} catch (migrationError) {
+		// Check if this looks like a "tables already exist" error -- the DO
+		// was probably initialized in a previous Worker lifetime and the
+		// options check above failed for a transient reason.
+		const msg = migrationError instanceof Error ? migrationError.message : String(migrationError);
+		if (msg.includes("already exists")) {
+			console.log(`[playground] Migrations skipped (tables already exist)`);
+			// Mark setup complete if it wasn't (recover from partial init)
+			try {
+				await sql`
+					INSERT OR IGNORE INTO options (name, value)
+					VALUES (${"emdash:setup_complete"}, ${JSON.stringify(true)})
+				`.execute(db);
+			} catch {
+				// Best effort
+			}
+			return;
+		}
+		throw migrationError;
+	}
+
+	// 2. Load and apply seed with content (skip media downloads)
+	const { loadSeed } = await import("emdash/seed");
+	const { applySeed } = await import("emdash");
+	const seed = await loadSeed();
+	const seedResult = await applySeed(db, seed, {
+		includeContent: true,
+		onConflict: "skip",
+		skipMediaDownload: true,
+	});
+	console.log(
+		`[playground] Seed applied: ${seedResult.collections.created} collections, ${seedResult.content.created} content entries`,
+	);
+
+	// 3. Create anonymous admin user
+	const now = new Date().toISOString();
+	try {
+		await sql`
+			INSERT INTO users (id, email, name, role, email_verified, created_at, updated_at)
+			VALUES (${PLAYGROUND_USER_ID}, ${PLAYGROUND_USER_EMAIL}, ${PLAYGROUND_USER_NAME},
+			        ${PLAYGROUND_USER_ROLE}, ${1}, ${now}, ${now})
+		`.execute(db);
+	} catch {
+		// User might already exist
+	}
+
+	// 4. Mark setup complete
+	try {
+		await sql`
+			INSERT INTO options (name, value)
+			VALUES (${"emdash:setup_complete"}, ${JSON.stringify(true)})
+		`.execute(db);
+	} catch {
+		// May already exist
+	}
+
+	// 5. Set site title
+	try {
+		await sql`
+			INSERT OR REPLACE INTO options (name, value)
+			VALUES (${"emdash:site_title"}, ${JSON.stringify("EmDash Playground")})
+		`.execute(db);
+	} catch {
+		// Non-critical
+	}
+
+	console.log(`[playground] Session ${token} initialized`);
+}
+
+/**
+ * Inject playground toolbar HTML into an HTML response.
+ */
+async function injectPlaygroundToolbar(
+	response: Response,
+	config: { createdAt: string; ttl: number; editMode: boolean },
+): Promise<Response> {
+	const contentType = response.headers.get("content-type");
+	if (!contentType?.includes("text/html")) return response;
+
+	const html = await response.text();
+	if (!html.includes("</body>")) return new Response(html, response);
+
+	const toolbarHtml = renderPlaygroundToolbar(config);
+	const injected = html.replace("</body>", `${toolbarHtml}</body>`);
+	return new Response(injected, {
+		status: response.status,
+		headers: response.headers,
+	});
+}
+
+export const onRequest = defineMiddleware(async (context, next) => {
+	const { url, cookies } = context;
+	const ttl = DEFAULT_TTL;
+
+	// Lazy-load binding name from virtual config
+	const binding = getBindingName();
+
+	// --- Entry point: /playground ---
+	if (url.pathname === "/playground") {
+		let token = cookies.get(COOKIE_NAME)?.value;
+		if (!token) {
+			token = ulid();
+			cookies.set(COOKIE_NAME, token, {
+				httpOnly: true,
+				sameSite: "lax",
+				path: "/",
+				maxAge: ttl,
+			});
+		}
+
+		const stub = getStub(binding, token);
+		const dialect = new PreviewDODialect({ getStub: () => stub });
+		// eslint-disable-next-line @typescript-eslint/no-explicit-any
+		const db = new Kysely<any>({ dialect });
+
+		if (!initializedSessions.has(token)) {
+			await initializePlayground(db, token);
+			initializedSessions.add(token);
+			const fullStub = getFullStub(binding, token);
+			await fullStub.setTtlAlarm(ttl);
+		}
+
+		return context.redirect("/_emdash/admin");
+	}
+
+	// --- Reset endpoint ---
+	// Instead of dropping tables on the old DO (which is fragile and races
+	// with cached state), just clear the cookie and redirect to /playground.
+	// That creates a brand new DO with a fresh session -- clean slate.
+	// The old DO expires via its TTL alarm.
+	if (url.pathname === "/_playground/reset") {
+		cookies.delete(COOKIE_NAME, { path: "/" });
+		return context.redirect("/playground");
+	}
+
+	// --- Route gating ---
+	if (isBlockedInPlayground(url.pathname)) {
+		return Response.json(
+			{ error: { code: "PLAYGROUND_MODE", message: "Not available in playground mode" } },
+			{ status: 403 },
+		);
+	}
+
+	// --- Resolve session ---
+	const token = cookies.get(COOKIE_NAME)?.value;
+	if (!token) {
+		// No session -- redirect to /playground to create one
+		return context.redirect("/playground");
+	}
+
+	// --- Set up DO database and ALS ---
+	const stub = getStub(binding, token);
+	const dialect = new PreviewDODialect({ getStub: () => stub });
+	// eslint-disable-next-line @typescript-eslint/no-explicit-any
+	const db = new Kysely<any>({ dialect });
+
+	// Ensure initialized
+	if (!initializedSessions.has(token)) {
+		try {
+			await initializePlayground(db, token);
+			initializedSessions.add(token);
+			const fullStub = getFullStub(binding, token);
+			await fullStub.setTtlAlarm(ttl);
+		} catch (error) {
+			console.error("Playground initialization failed:", error);
+			return Response.json(
+				{ error: { code: "PLAYGROUND_INIT_ERROR", message: "Failed to initialize playground" } },
+				{ status: 500 },
+			);
+		}
+	}
+
+	// Stash the DO database and user on locals so downstream middleware
+	// (runtime init, request-context) can use them. We can't use ALS directly
+	// because this middleware is in @emdash-cms/cloudflare and resolves to a
+	// different AsyncLocalStorage instance than the emdash core package
+	// (workerd loads dist modules separately from Vite's source modules).
+	// The request-context middleware (same module context as the loader)
+	// detects locals.__playgroundDb and wraps the render in runWithContext().
+	// The __playgroundDb property is declared on App.Locals in emdash's locals.d.ts.
+	Object.assign(context.locals, { __playgroundDb: db, user: PLAYGROUND_USER });
+
+	const editMode = cookies.get("emdash-edit-mode")?.value === "true";
+
+	const response = await next();
+
+	return injectPlaygroundToolbar(response, {
+		createdAt: getSessionCreatedAt(token),
+		ttl,
+		editMode,
+	});
+});