@glw907/cairn-cms 0.1.0

package/dist/components/LoginPage.svelte.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"LoginPage.svelte.d.ts","sourceRoot":"","sources":["../../src/lib/components/LoginPage.svelte.ts"],"names":[],"mappings":"AAKE,UAAU,KAAK;IACb,IAAI,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC;CACjE;AAwCH,QAAA,MAAM,SAAS,2CAAwC,CAAC;AACxD,KAAK,SAAS,GAAG,UAAU,CAAC,OAAO,SAAS,CAAC,CAAC;AAC9C,eAAe,SAAS,CAAC"}

package/dist/components/index.d.ts

@@ -0,0 +1,5 @@
+export { default as AdminLayout } from './AdminLayout.svelte';
+export { default as AdminList } from './AdminList.svelte';
+export { default as LoginPage } from './LoginPage.svelte';
+export { default as EditPage } from './EditPage.svelte';
+//# sourceMappingURL=index.d.ts.map

package/dist/components/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/lib/components/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAC9D,OAAO,EAAE,OAAO,IAAI,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,EAAE,OAAO,IAAI,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/components/index.js

@@ -0,0 +1,6 @@
+// cairn-cms admin UI shell. Consumers import from 'cairn-cms/components'; each site's
+// admin route `.svelte` files are one-line shims around these.
+export { default as AdminLayout } from './AdminLayout.svelte';
+export { default as AdminList } from './AdminList.svelte';
+export { default as LoginPage } from './LoginPage.svelte';
+export { default as EditPage } from './EditPage.svelte';

package/dist/content.d.ts

@@ -0,0 +1,3 @@
+/** Serialize frontmatter data + markdown body back into a file string. */
+export declare function serializeMarkdown(frontmatter: object, body: string): string;
+//# sourceMappingURL=content.d.ts.map

package/dist/content.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"content.d.ts","sourceRoot":"","sources":["../src/lib/content.ts"],"names":[],"mappings":"AAOA,0EAA0E;AAC1E,wBAAgB,iBAAiB,CAAC,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAE3E"}

package/dist/content.js

@@ -0,0 +1,10 @@
+// cairn-core: reassemble a markdown file from frontmatter + body for committing.
+//
+// The inverse of the gray-matter parse the edit loader does on read. Kept as its own seam
+// so a site adapter can own the on-disk serialization contract (quoting, key order)
+// without the save endpoint reaching for gray-matter directly.
+import matter from 'gray-matter';
+/** Serialize frontmatter data + markdown body back into a file string. */
+export function serializeMarkdown(frontmatter, body) {
+    return matter.stringify(body, frontmatter);
+}

package/dist/email.d.ts

@@ -0,0 +1,14 @@
+/** Cloudflare Email Sending binding surface (the object-form `send`, not the MIME form). */
+export interface EmailSender {
+    send(message: {
+        to: string;
+        from: string;
+        subject: string;
+        text?: string;
+        html?: string;
+    }): Promise<{
+        messageId: string;
+    }>;
+}
+export declare function sendMagicLink(sender: EmailSender, to: string, link: string, siteName: string, from: string): Promise<void>;
+//# sourceMappingURL=email.d.ts.map

package/dist/email.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"email.d.ts","sourceRoot":"","sources":["../src/lib/email.ts"],"names":[],"mappings":"AAQA,4FAA4F;AAC5F,MAAM,WAAW,WAAW;IAC1B,IAAI,CAAC,OAAO,EAAE;QACZ,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,GAAG,OAAO,CAAC;QAAE,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACpC;AAED,wBAAsB,aAAa,CACjC,MAAM,EAAE,WAAW,EACnB,EAAE,EAAE,MAAM,EACV,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,IAAI,CAAC,CASf"}

package/dist/email.js

@@ -0,0 +1,17 @@
+// cairn-core: pluggable magic-link email sender.
+//
+// Default adapter is Cloudflare Email Service → Email Sending (transactional, arbitrary
+// recipients) — distinct from Email Routing's recipient-restricted `EmailMessage` flow.
+// It is reached through the same `send_email` binding (configured without a
+// destination_address) but a different call shape: `binding.send({ to, from, ... })`.
+// Resend can slot in behind the same `sendMagicLink` signature if needed.
+export async function sendMagicLink(sender, to, link, siteName, from) {
+    const expiry = "This link expires in 10 minutes and works only once. If you didn't request it, ignore this email.";
+    await sender.send({
+        to,
+        from,
+        subject: `Your ${siteName} sign-in link`,
+        text: `Sign in to ${siteName}:\n\n${link}\n\n${expiry}`,
+        html: `<p>Sign in to ${siteName}:</p><p><a href="${link}">Sign in</a></p><p style="color:#666;font-size:0.9em">${expiry}</p>`,
+    });
+}

package/dist/github.d.ts

@@ -0,0 +1,52 @@
+export interface RepoRef {
+    owner: string;
+    repo: string;
+    branch: string;
+}
+/** A markdown file in a collection directory. `id` is the slug (filename without `.md`). */
+export interface RepoFile {
+    id: string;
+    name: string;
+    path: string;
+}
+/** Build the contents-API URL for a repo path, pinned to the configured branch. */
+export declare function contentsUrl(repo: RepoRef, path: string): string;
+interface ContentsEntry {
+    name: string;
+    path: string;
+    type: string;
+}
+/** Keep only markdown files from a contents-API directory listing, newest id first. */
+export declare function markdownFiles(entries: ContentsEntry[]): RepoFile[];
+/** List the markdown files in a collection directory. */
+export declare function listMarkdown(repo: RepoRef, dir: string, token?: string): Promise<RepoFile[]>;
+/** Fetch a file's raw markdown, or null if it does not exist. */
+export declare function readRaw(repo: RepoRef, path: string, token?: string): Promise<string | null>;
+/** Mint a GitHub App JWT (RS256), valid ~9 min, with `iat` backdated for clock skew. */
+export declare function appJwt(appId: string, privateKeyPem: string): Promise<string>;
+export interface AppCredentials {
+    appId: string;
+    installationId: string;
+    /** The stored GITHUB_APP_PRIVATE_KEY_B64 — base64 of the PEM, single line. */
+    privateKeyB64: string;
+}
+/** Exchange the App JWT for a short-lived installation access token. */
+export declare function installationToken(creds: AppCredentials): Promise<string>;
+/** The current blob sha for a path, or null if the file does not yet exist. */
+export declare function fileSha(repo: RepoRef, path: string, token: string): Promise<string | null>;
+export interface CommitAuthor {
+    name: string;
+    email: string;
+}
+/**
+ * Commit `content` to `path` on the configured branch via the contents API. Author is the
+ * editor; committer is omitted so GitHub attributes it to the App (cairn-cms[bot]). Updates
+ * the file in place when it exists (passing its sha), creates it otherwise. Returns the
+ * commit sha.
+ */
+export declare function commitFile(repo: RepoRef, path: string, content: string, opts: {
+    message: string;
+    author: CommitAuthor;
+}, token: string): Promise<string>;
+export {};
+//# sourceMappingURL=github.d.ts.map

package/dist/github.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../src/lib/github.ts"],"names":[],"mappings":"AAWA,MAAM,WAAW,OAAO;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,4FAA4F;AAC5F,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAcD,mFAAmF;AACnF,wBAAgB,WAAW,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAG/D;AAED,UAAU,aAAa;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAED,uFAAuF;AACvF,wBAAgB,aAAa,CAAC,OAAO,EAAE,aAAa,EAAE,GAAG,QAAQ,EAAE,CAKlE;AAED,yDAAyD;AACzD,wBAAsB,YAAY,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC,CAIlG;AAED,iEAAiE;AACjE,wBAAsB,OAAO,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAKjG;AAqCD,wFAAwF;AACxF,wBAAsB,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAclF;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,MAAM,CAAC;IACvB,8EAA8E;IAC9E,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,wEAAwE;AACxE,wBAAsB,iBAAiB,CAAC,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,CAQ9E;AAOD,+EAA+E;AAC/E,wBAAsB,OAAO,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAKhG;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;;;;GAKG;AACH,wBAAsB,UAAU,CAC9B,IAAI,EAAE,OAAO,EACb,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,IAAI,EAAE;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,YAAY,CAAA;CAAE,EAC/C,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,MAAM,CAAC,CAgBjB"}

package/dist/github.js

@@ -0,0 +1,136 @@
+// cairn-core: read and write repository content through the GitHub API.
+//
+// Reads (Pass B) list a collection directory and fetch a file's raw markdown; the token
+// is optional because ecnordic's repo is public. Writes (Pass C) mint a short-lived
+// GitHub App installation token — App JWT (RS256) signed with Web Crypto, no octokit
+// dependency — and commit through the contents API with author = editor, committer = the
+// App (cairn-cms[bot]). The same token also lifts reads to the authenticated rate limit
+// and unlocks private repos (e.g. 907-life).
+import { bytesToB64url } from './utils';
+const API = 'https://api.github.com';
+function ghHeaders(accept, token) {
+    const headers = {
+        Accept: accept,
+        'User-Agent': 'cairn-cms',
+        'X-GitHub-Api-Version': '2022-11-28',
+    };
+    if (token)
+        headers.Authorization = `Bearer ${token}`;
+    return headers;
+}
+/** Build the contents-API URL for a repo path, pinned to the configured branch. */
+export function contentsUrl(repo, path) {
+    const clean = path.replace(/^\/+|\/+$/g, '');
+    return `${API}/repos/${repo.owner}/${repo.repo}/contents/${clean}?ref=${encodeURIComponent(repo.branch)}`;
+}
+/** Keep only markdown files from a contents-API directory listing, newest id first. */
+export function markdownFiles(entries) {
+    return entries
+        .filter((entry) => entry.type === 'file' && entry.name.endsWith('.md'))
+        .map((entry) => ({ id: entry.name.replace(/\.md$/, ''), name: entry.name, path: entry.path }))
+        .sort((a, b) => b.id.localeCompare(a.id));
+}
+/** List the markdown files in a collection directory. */
+export async function listMarkdown(repo, dir, token) {
+    const res = await fetch(contentsUrl(repo, dir), { headers: ghHeaders('application/vnd.github+json', token) });
+    if (!res.ok)
+        throw new Error(`GitHub list ${dir} failed: ${res.status}`);
+    return markdownFiles((await res.json()));
+}
+/** Fetch a file's raw markdown, or null if it does not exist. */
+export async function readRaw(repo, path, token) {
+    const res = await fetch(contentsUrl(repo, path), { headers: ghHeaders('application/vnd.github.raw', token) });
+    if (res.status === 404)
+        return null;
+    if (!res.ok)
+        throw new Error(`GitHub read ${path} failed: ${res.status}`);
+    return res.text();
+}
+// --- Write path: GitHub App auth + commit (Pass C) -------------------------------------
+const encoder = new TextEncoder();
+// TextEncoder/atob produce Uint8Arrays whose generic buffer type no longer satisfies
+// Web Crypto's BufferSource under strict lib types; hand the underlying ArrayBuffer over.
+function buf(bytes) {
+    return bytes.buffer.slice(bytes.byteOffset, bytes.byteOffset + bytes.byteLength);
+}
+/** DER length octets for a value of `n` bytes (short form < 128, else long form). */
+function derLength(n) {
+    if (n < 0x80)
+        return [n];
+    const out = [];
+    for (let v = n; v > 0; v >>= 8)
+        out.unshift(v & 0xff);
+    return [0x80 | out.length, ...out];
+}
+// AlgorithmIdentifier for rsaEncryption (OID 1.2.840.113549.1.1.1) with NULL parameters.
+const RSA_ALG_ID = [0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00];
+/** Wrap a PKCS#1 RSAPrivateKey (DER) as PKCS#8 — the only RSA form Web Crypto importKey takes. */
+function pkcs1ToPkcs8(pkcs1) {
+    const octet = [0x04, ...derLength(pkcs1.length), ...pkcs1];
+    const body = [0x02, 0x01, 0x00, ...RSA_ALG_ID, ...octet];
+    return Uint8Array.from([0x30, ...derLength(body.length), ...body]);
+}
+/** Decode a PEM private key to PKCS#8 DER, converting from PKCS#1 (GitHub's format) if needed. */
+function pemToPkcs8(pem) {
+    const b64 = pem.replace(/-----[^-]+-----/g, '').replace(/\s+/g, '');
+    const der = Uint8Array.from(atob(b64), (c) => c.charCodeAt(0));
+    return pem.includes('RSA PRIVATE KEY') ? pkcs1ToPkcs8(der) : der;
+}
+/** Mint a GitHub App JWT (RS256), valid ~9 min, with `iat` backdated for clock skew. */
+export async function appJwt(appId, privateKeyPem) {
+    const now = Math.floor(Date.now() / 1000);
+    const header = bytesToB64url(encoder.encode(JSON.stringify({ alg: 'RS256', typ: 'JWT' })));
+    const payload = bytesToB64url(encoder.encode(JSON.stringify({ iat: now - 60, exp: now + 540, iss: appId })));
+    const signingInput = `${header}.${payload}`;
+    const key = await crypto.subtle.importKey('pkcs8', buf(pemToPkcs8(privateKeyPem)), { name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-256' }, false, ['sign']);
+    const sig = await crypto.subtle.sign('RSASSA-PKCS1-v1_5', key, buf(encoder.encode(signingInput)));
+    return `${signingInput}.${bytesToB64url(new Uint8Array(sig))}`;
+}
+/** Exchange the App JWT for a short-lived installation access token. */
+export async function installationToken(creds) {
+    const jwt = await appJwt(creds.appId, atob(creds.privateKeyB64));
+    const res = await fetch(`${API}/app/installations/${creds.installationId}/access_tokens`, {
+        method: 'POST',
+        headers: ghHeaders('application/vnd.github+json', jwt),
+    });
+    if (!res.ok)
+        throw new Error(`GitHub installation token failed: ${res.status}`);
+    return (await res.json()).token;
+}
+/** Standard (padded) base64 of UTF-8 text — the encoding the contents API expects. */
+function toBase64(text) {
+    return btoa(Array.from(encoder.encode(text), (b) => String.fromCharCode(b)).join(''));
+}
+/** The current blob sha for a path, or null if the file does not yet exist. */
+export async function fileSha(repo, path, token) {
+    const res = await fetch(contentsUrl(repo, path), { headers: ghHeaders('application/vnd.github+json', token) });
+    if (res.status === 404)
+        return null;
+    if (!res.ok)
+        throw new Error(`GitHub stat ${path} failed: ${res.status}`);
+    return (await res.json()).sha;
+}
+/**
+ * Commit `content` to `path` on the configured branch via the contents API. Author is the
+ * editor; committer is omitted so GitHub attributes it to the App (cairn-cms[bot]). Updates
+ * the file in place when it exists (passing its sha), creates it otherwise. Returns the
+ * commit sha.
+ */
+export async function commitFile(repo, path, content, opts, token) {
+    const sha = await fileSha(repo, path, token);
+    const url = `${API}/repos/${repo.owner}/${repo.repo}/contents/${path.replace(/^\/+|\/+$/g, '')}`;
+    const res = await fetch(url, {
+        method: 'PUT',
+        headers: { ...ghHeaders('application/vnd.github+json', token), 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+            message: opts.message,
+            content: toBase64(content),
+            branch: repo.branch,
+            author: opts.author,
+            ...(sha ? { sha } : {}),
+        }),
+    });
+    if (!res.ok)
+        throw new Error(`GitHub commit ${path} failed: ${res.status} ${await res.text()}`);
+    return (await res.json()).commit.sha;
+}

package/dist/index.d.ts

@@ -0,0 +1,7 @@
+export * from './auth';
+export * from './email';
+export * from './github';
+export * from './carta';
+export * from './content';
+export * from './adapter';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/lib/index.ts"],"names":[],"mappings":"AACA,cAAc,QAAQ,CAAC;AACvB,cAAc,SAAS,CAAC;AACxB,cAAc,UAAU,CAAC;AACzB,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC"}

package/dist/index.js

@@ -0,0 +1,7 @@
+// cairn-cms public API. Consumers import everything from 'cairn-cms'.
+export * from './auth';
+export * from './email';
+export * from './github';
+export * from './carta';
+export * from './content';
+export * from './adapter';

package/dist/sveltekit/index.d.ts

@@ -0,0 +1,91 @@
+import { type Cookies } from '@sveltejs/kit';
+import type { KVNamespace } from '@cloudflare/workers-types';
+import { type Editor } from '../auth';
+import { type EmailSender } from '../email';
+import { type RepoFile } from '../github';
+import { type CairnAdapter, type CairnField } from '../adapter';
+/** The `platform.env` bindings the admin routes read. All optional — the handlers guard. */
+export interface AdminEnv {
+    AUTH_KV?: KVNamespace;
+    MAGIC_LINK_SECRET?: string;
+    SESSION_SECRET?: string;
+    EMAIL?: EmailSender;
+    /** Overrides `url.origin` for the magic-link base (set in dev, unset in prod). */
+    PUBLIC_ORIGIN?: string;
+    GITHUB_APP_ID?: string;
+    GITHUB_APP_INSTALLATION_ID?: string;
+    GITHUB_APP_PRIVATE_KEY_B64?: string;
+}
+interface PlatformEvent {
+    platform?: {
+        env?: AdminEnv;
+    };
+}
+export interface AdminLayoutData {
+    editor: Editor | null;
+    siteName: string;
+}
+/**
+ * Branding + session for every admin page. `siteName` flows from the adapter without pulling
+ * its plugin graph into client bundles — the import stays server-side in the layout load.
+ */
+export declare function adminLayoutLoad(event: {
+    locals: {
+        editor: Editor | null;
+    };
+}, adapter: CairnAdapter): AdminLayoutData;
+export interface AdminCollectionList {
+    type: string;
+    label: string;
+    files: RepoFile[];
+    error?: string;
+}
+/** List every collection's markdown files. A failed listing degrades to an inline error. */
+export declare function adminListLoad(adapter: CairnAdapter): Promise<{
+    collections: AdminCollectionList[];
+}>;
+export interface LoginData {
+    sent: boolean;
+    error: string | null;
+}
+export declare function loginLoad(event: {
+    url: URL;
+}): LoginData;
+export interface EditData {
+    type: string;
+    id: string;
+    label: string;
+    fields: CairnField[];
+    path: string;
+    body: string;
+    frontmatter: Record<string, unknown>;
+    title: string;
+    saved: boolean;
+    error: string | null;
+}
+export declare function editLoad(event: {
+    params: {
+        type: string;
+        id: string;
+    };
+    url: URL;
+}, adapter: CairnAdapter): Promise<EditData>;
+export declare function authRequest(event: PlatformEvent & {
+    request: Request;
+    url: URL;
+}, adapter: CairnAdapter): Promise<never>;
+export declare function authCallback(event: PlatformEvent & {
+    url: URL;
+    cookies: Cookies;
+}): Promise<never>;
+export declare function logout(event: {
+    cookies: Cookies;
+}): never;
+export declare function saveCommit(event: PlatformEvent & {
+    request: Request;
+    locals: {
+        editor: Editor | null;
+    };
+}, adapter: CairnAdapter): Promise<never>;
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/sveltekit/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/lib/sveltekit/index.ts"],"names":[],"mappings":"AASA,OAAO,EAAmB,KAAK,OAAO,EAAE,MAAM,eAAe,CAAC;AAC9D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAE7D,OAAO,EAOL,KAAK,MAAM,EACZ,MAAM,SAAS,CAAC;AACjB,OAAO,EAAiB,KAAK,WAAW,EAAE,MAAM,UAAU,CAAC;AAC3D,OAAO,EAAwD,KAAK,QAAQ,EAAE,MAAM,WAAW,CAAC;AAEhG,OAAO,EAAuC,KAAK,YAAY,EAAE,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAErG,4FAA4F;AAC5F,MAAM,WAAW,QAAQ;IACvB,OAAO,CAAC,EAAE,WAAW,CAAC;IACtB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,KAAK,CAAC,EAAE,WAAW,CAAC;IACpB,kFAAkF;IAClF,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,0BAA0B,CAAC,EAAE,MAAM,CAAC;CACrC;AAED,UAAU,aAAa;IACrB,QAAQ,CAAC,EAAE;QAAE,GAAG,CAAC,EAAE,QAAQ,CAAA;KAAE,CAAC;CAC/B;AAMD,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAC7B,KAAK,EAAE;IAAE,MAAM,EAAE;QAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAA;CAAE,EAC5C,OAAO,EAAE,YAAY,GACpB,eAAe,CAEjB;AAID,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,QAAQ,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,4FAA4F;AAC5F,wBAAsB,aAAa,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC;IAAE,WAAW,EAAE,mBAAmB,EAAE,CAAA;CAAE,CAAC,CAY1G;AAID,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED,wBAAgB,SAAS,CAAC,KAAK,EAAE;IAAE,GAAG,EAAE,GAAG,CAAA;CAAE,GAAG,SAAS,CAKxD;AAID,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,UAAU,EAAE,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED,wBAAsB,QAAQ,CAC5B,KAAK,EAAE;IAAE,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IAAC,GAAG,EAAE,GAAG,CAAA;CAAE,EACzD,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,QAAQ,CAAC,CAyBnB;AAID,wBAAsB,WAAW,CAC/B,KAAK,EAAE,aAAa,GAAG;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,GAAG,EAAE,GAAG,CAAA;CAAE,EACrD,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,KAAK,CAAC,CA8BhB;AAID,wBAAsB,YAAY,CAChC,KAAK,EAAE,aAAa,GAAG;IAAE,GAAG,EAAE,GAAG,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,GACpD,OAAO,CAAC,KAAK,CAAC,CA4BhB;AAID,wBAAgB,MAAM,CAAC,KAAK,EAAE;IAAE,OAAO,EAAE,OAAO,CAAA;CAAE,GAAG,KAAK,CAGzD;AAID,wBAAsB,UAAU,CAC9B,KAAK,EAAE,aAAa,GAAG;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE;QAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAA;CAAE,EAC9E,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,KAAK,CAAC,CA0ChB"}

package/dist/sveltekit/index.js

@@ -0,0 +1,163 @@
+// cairn-core: the SvelteKit route server logic, extracted so each site's `admin/**` route
+// files are thin shims (`export const load = (event) => editLoad(event, cairn)`).
+//
+// SvelteKit's filesystem routing requires the route *files* to live in each site's
+// `src/routes/`, but their bodies are identical across sites — only the adapter differs.
+// These functions take the SvelteKit event (typed structurally, to avoid depending on the
+// site-generated `App.*` ambient types) plus the site `CairnAdapter`, and throw
+// `redirect`/`error` from `@sveltejs/kit`. That `@sveltejs/kit` is a peer dependency so the
+// thrown objects share class identity with the host's runtime (else the redirect 500s).
+import { redirect, error } from '@sveltejs/kit';
+import matter from 'gray-matter';
+import { createMagicLink, redeemMagicToken, createSession, lookupEditor, SESSION_COOKIE, SESSION_MAX_AGE, } from '../auth';
+import { sendMagicLink } from '../email';
+import { listMarkdown, readRaw, commitFile, installationToken } from '../github';
+import { serializeMarkdown } from '../content';
+import { findCollection, frontmatterFromForm } from '../adapter';
+const EMAIL_RE = /^[^@\s]+@[^@\s]+\.[^@\s]+$/;
+/**
+ * Branding + session for every admin page. `siteName` flows from the adapter without pulling
+ * its plugin graph into client bundles — the import stays server-side in the layout load.
+ */
+export function adminLayoutLoad(event, adapter) {
+    return { editor: event.locals.editor, siteName: adapter.siteName };
+}
+/** List every collection's markdown files. A failed listing degrades to an inline error. */
+export async function adminListLoad(adapter) {
+    const collections = await Promise.all(adapter.collections.map(async ({ type, label, dir }) => {
+        try {
+            return { type, label, files: await listMarkdown(adapter.backend, dir) };
+        }
+        catch (err) {
+            // A failed listing (rate limit, network) shouldn't 500 the whole admin.
+            return { type, label, files: [], error: err instanceof Error ? err.message : 'Failed to load' };
+        }
+    }));
+    return { collections };
+}
+export function loginLoad(event) {
+    return {
+        sent: event.url.searchParams.get('sent') === '1',
+        error: event.url.searchParams.get('error'),
+    };
+}
+export async function editLoad(event, adapter) {
+    const collection = findCollection(adapter, event.params.type);
+    if (!collection)
+        throw error(404, 'Unknown collection');
+    // Anonymous read — repos are public; the GitHub App token is commit-only (see saveCommit).
+    const path = `${collection.dir}/${event.params.id}.md`;
+    const raw = await readRaw(adapter.backend, path);
+    if (raw === null)
+        throw error(404, 'Content not found');
+    // Split frontmatter from body server-side; the editor form binds to the frontmatter and
+    // the Carta editor binds to the body, and /admin/save reassembles them on commit.
+    const { data: frontmatter, content: body } = matter(raw);
+    return {
+        type: event.params.type,
+        id: event.params.id,
+        label: collection.label,
+        fields: collection.fields,
+        path,
+        body,
+        frontmatter,
+        title: typeof frontmatter.title === 'string' ? frontmatter.title : event.params.id,
+        saved: event.url.searchParams.get('saved') === '1',
+        error: event.url.searchParams.get('error'),
+    };
+}
+// ── /admin/auth/request (POST) ──────────────────────────────────────────────
+export async function authRequest(event, adapter) {
+    const env = event.platform?.env;
+    if (!env?.AUTH_KV || !env.MAGIC_LINK_SECRET || !env.EMAIL) {
+        throw redirect(303, '/admin/login?error=config');
+    }
+    const form = await event.request.formData();
+    const email = String(form.get('email') ?? '').trim().toLowerCase();
+    if (!EMAIL_RE.test(email)) {
+        throw redirect(303, '/admin/login?error=invalid');
+    }
+    const editor = await lookupEditor(email, env.AUTH_KV);
+    if (!editor) {
+        throw redirect(303, '/admin/login?error=denied');
+    }
+    const token = await createMagicLink(email, env.MAGIC_LINK_SECRET, env.AUTH_KV);
+    // PUBLIC_ORIGIN overrides url.origin for local dev (where wrangler's custom-domain
+    // route makes url.origin the production host); unset in prod → url.origin is correct.
+    const origin = env.PUBLIC_ORIGIN || event.url.origin;
+    const link = `${origin}/admin/auth/callback?token=${encodeURIComponent(token)}`;
+    try {
+        await sendMagicLink(env.EMAIL, email, link, adapter.siteName, adapter.sender);
+    }
+    catch (err) {
+        console.error('magic-link send failed:', err);
+        throw redirect(303, '/admin/login?error=config');
+    }
+    throw redirect(303, '/admin/login?sent=1');
+}
+// ── /admin/auth/callback (GET) ──────────────────────────────────────────────
+export async function authCallback(event) {
+    const env = event.platform?.env;
+    if (!env?.AUTH_KV || !env.MAGIC_LINK_SECRET || !env.SESSION_SECRET) {
+        throw redirect(303, '/admin/login?error=config');
+    }
+    const token = event.url.searchParams.get('token') ?? '';
+    const email = await redeemMagicToken(token, env.MAGIC_LINK_SECRET, env.AUTH_KV);
+    if (!email) {
+        throw redirect(303, '/admin/login?error=expired');
+    }
+    // Re-check the allowlist at redemption — membership may have changed since issue.
+    const editor = await lookupEditor(email, env.AUTH_KV);
+    if (!editor) {
+        throw redirect(303, '/admin/login?error=denied');
+    }
+    const session = await createSession(editor, env.SESSION_SECRET);
+    event.cookies.set(SESSION_COOKIE, session, {
+        path: '/',
+        httpOnly: true,
+        secure: event.url.protocol === 'https:',
+        sameSite: 'lax',
+        maxAge: SESSION_MAX_AGE,
+    });
+    throw redirect(303, '/admin');
+}
+// ── /admin/auth/logout (POST) ───────────────────────────────────────────────
+export function logout(event) {
+    event.cookies.delete(SESSION_COOKIE, { path: '/' });
+    throw redirect(303, '/admin/login');
+}
+// ── /admin/save (POST) ──────────────────────────────────────────────────────
+export async function saveCommit(event, adapter) {
+    const editor = event.locals.editor;
+    if (!editor)
+        throw error(401, 'Not signed in');
+    const env = event.platform?.env;
+    if (!env?.GITHUB_APP_ID || !env.GITHUB_APP_INSTALLATION_ID || !env.GITHUB_APP_PRIVATE_KEY_B64) {
+        throw error(500, 'GitHub App is not configured');
+    }
+    const form = await event.request.formData();
+    const type = String(form.get('type') ?? '');
+    const id = String(form.get('id') ?? '');
+    const body = String(form.get('body') ?? '');
+    const collection = findCollection(adapter, type);
+    if (!collection || !id)
+        throw error(400, 'Bad request');
+    // Build frontmatter from the posted fields and validate against the collection's schema; a
+    // bad field bounces back to the editor with the validator's message rather than 500ing.
+    let frontmatter;
+    try {
+        frontmatter = collection.validate(frontmatterFromForm(collection, form), `${id}.md`);
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : 'Invalid frontmatter';
+        throw redirect(303, `/admin/edit/${type}/${id}?error=${encodeURIComponent(message)}`);
+    }
+    const markdown = serializeMarkdown(frontmatter, body);
+    const token = await installationToken({
+        appId: env.GITHUB_APP_ID,
+        installationId: env.GITHUB_APP_INSTALLATION_ID,
+        privateKeyB64: env.GITHUB_APP_PRIVATE_KEY_B64,
+    });
+    await commitFile(adapter.backend, `${collection.dir}/${id}.md`, markdown, { message: `Update ${collection.label.toLowerCase()}: ${id}`, author: { name: editor.name, email: editor.email } }, token);
+    throw redirect(303, `/admin/edit/${type}/${id}?saved=1`);
+}

package/dist/utils.d.ts

@@ -0,0 +1,3 @@
+/** Encode bytes as unpadded base64url (RFC 4648 §5) — the JWT/token wire format. */
+export declare function bytesToB64url(bytes: Uint8Array): string;
+//# sourceMappingURL=utils.d.ts.map

package/dist/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/lib/utils.ts"],"names":[],"mappings":"AAOA,oFAAoF;AACpF,wBAAgB,aAAa,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAGvD"}

package/dist/utils.js

@@ -0,0 +1,11 @@
+// cairn-core: internal encoding helpers shared across modules.
+//
+// Deliberately NOT re-exported from index.ts — these are implementation details of the
+// auth/github crypto, not part of the public API (auth.ts signs tokens, github.ts builds
+// the App JWT; both need base64url). Keeping them here stops bytesToB64url leaking through
+// the `export *` barrel.
+/** Encode bytes as unpadded base64url (RFC 4648 §5) — the JWT/token wire format. */
+export function bytesToB64url(bytes) {
+    const binary = Array.from(bytes, (b) => String.fromCharCode(b)).join('');
+    return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+}