@glw907/cairn-cms 0.38.0 → 0.41.0

package/dist/doctor/wrangler-config.js

@@ -0,0 +1,125 @@
+export async function readWranglerConfig(readFile) {
+    const jsonc = await readFile('wrangler.jsonc');
+    if (jsonc !== null)
+        return factsFromJsonc(jsonc);
+    const toml = await readFile('wrangler.toml');
+    if (toml !== null)
+        return factsFromToml(toml);
+    return null;
+}
+// Strip // and /* */ comments outside string literals, character by character, so a URL
+// inside a string survives. Trailing commas go by regex afterward; a string containing
+// ",}" would be mangled, an accepted gap in a tolerant reader.
+function stripJsonc(text) {
+    let out = '';
+    let inString = false;
+    let i = 0;
+    while (i < text.length) {
+        const ch = text[i];
+        if (inString) {
+            out += ch;
+            if (ch === '\\') {
+                out += text[i + 1] ?? '';
+                i += 2;
+                continue;
+            }
+            if (ch === '"')
+                inString = false;
+            i += 1;
+            continue;
+        }
+        if (ch === '"') {
+            inString = true;
+            out += ch;
+            i += 1;
+            continue;
+        }
+        if (ch === '/' && text[i + 1] === '/') {
+            const end = text.indexOf('\n', i);
+            i = end === -1 ? text.length : end;
+            continue;
+        }
+        if (ch === '/' && text[i + 1] === '*') {
+            const end = text.indexOf('*/', i + 2);
+            i = end === -1 ? text.length : end + 2;
+            continue;
+        }
+        out += ch;
+        i += 1;
+    }
+    return out.replace(/,(\s*[}\]])/g, '$1');
+}
+function factsFromJsonc(text) {
+    let config;
+    try {
+        config = JSON.parse(stripJsonc(text));
+    }
+    catch {
+        // V8's SyntaxError embeds a source snippet, which would land verbatim in the report;
+        // a file that exists but does not parse is a fail with a clean message instead.
+        throw new Error('wrangler.jsonc did not parse');
+    }
+    const sendEmail = Array.isArray(config.send_email) ? config.send_email : [];
+    const hasEmailBinding = sendEmail.some((entry) => typeof entry === 'object' && entry !== null && entry.name === 'EMAIL');
+    const databases = Array.isArray(config.d1_databases) ? config.d1_databases : [];
+    const authDb = databases.find((entry) => typeof entry === 'object' && entry !== null && entry.binding === 'AUTH_DB');
+    const observability = config.observability;
+    const facts = {
+        hasEmailBinding,
+        hasAuthDb: authDb !== undefined,
+        observabilityEnabled: observability?.enabled === true,
+    };
+    if (typeof authDb?.database_id === 'string')
+        facts.authDbId = authDb.database_id;
+    return facts;
+}
+// The toml read is deliberately shallow: line-anchored matching for the three facts, not a
+// TOML parser. The remediation tells the operator exactly what to add, so full fidelity
+// buys nothing here. A table header opens a section; the relevant key lines are matched
+// within it and the d1 table flushes on the next header.
+function factsFromToml(text) {
+    const facts = {
+        hasEmailBinding: false,
+        hasAuthDb: false,
+        observabilityEnabled: false,
+    };
+    let section = '';
+    let d1Binding;
+    let d1Id;
+    const flushD1 = () => {
+        if (d1Binding === 'AUTH_DB') {
+            facts.hasAuthDb = true;
+            if (d1Id !== undefined)
+                facts.authDbId = d1Id;
+        }
+        d1Binding = undefined;
+        d1Id = undefined;
+    };
+    for (const line of text.split('\n')) {
+        const header = line.match(/^\s*(\[\[?[\w.]+\]?\])\s*(?:#.*)?$/);
+        if (header) {
+            flushD1();
+            section = header[1];
+            continue;
+        }
+        const kv = line.match(/^\s*(\w+)\s*=\s*(.+?)\s*$/);
+        if (!kv)
+            continue;
+        const [, key, value] = kv;
+        const str = value.match(/^["'](.*)["']/)?.[1];
+        if (section === '[[send_email]]' && key === 'name' && str === 'EMAIL') {
+            facts.hasEmailBinding = true;
+        }
+        else if (section === '[[d1_databases]]') {
+            if (key === 'binding')
+                d1Binding = str;
+            if (key === 'database_id')
+                d1Id = str;
+        }
+        else if (section === '[observability]' && key === 'enabled' && value.startsWith('true')) {
+            facts.observabilityEnabled = true;
+        }
+    }
+    flushD1();
+    return facts;
+}

package/dist/github/branches.d.ts

@@ -0,0 +1,11 @@
+import type { RepoRef } from './types.js';
+/** The head commit sha of a branch, or null when the branch does not exist. */
+export declare function branchHeadSha(repo: RepoRef, branch: string, token: string): Promise<string | null>;
+/** Create `branch` pointing at `fromSha`. Throws on any failure including an existing ref. */
+export declare function createBranch(repo: RepoRef, branch: string, fromSha: string, token: string): Promise<void>;
+/** Delete `branch`. A 404 (already gone) is success: the desired state holds. */
+export declare function deleteBranch(repo: RepoRef, branch: string, token: string): Promise<void>;
+/** Branch names under `prefix`, sorted. The matching-refs API paginates at 30 by default, so a
+ *  site with 31+ pending entries would silently truncate; request the 100-per-page maximum and
+ *  follow the Link rel="next" chain until exhausted. */
+export declare function listBranches(repo: RepoRef, prefix: string, token: string): Promise<string[]>;

package/dist/github/branches.js

@@ -0,0 +1,75 @@
+const API = 'https://api.github.com';
+function headers(token) {
+    return {
+        Accept: 'application/vnd.github+json',
+        'User-Agent': 'cairn-cms',
+        'X-GitHub-Api-Version': '2022-11-28',
+        Authorization: `Bearer ${token}`,
+        'Content-Type': 'application/json',
+    };
+}
+function gitUrl(repo, suffix) {
+    return `${API}/repos/${repo.owner}/${repo.repo}/git/${suffix}`;
+}
+/** The head commit sha of a branch, or null when the branch does not exist. */
+export async function branchHeadSha(repo, branch, token) {
+    const res = await fetch(gitUrl(repo, `ref/heads/${encodeURIComponent(branch)}`), { headers: headers(token) });
+    // The 404 probe is a hot path (every editLoad); drain the body so the connection frees
+    // immediately instead of pinning one of workerd's six until GC.
+    if (res.status === 404) {
+        await res.body?.cancel();
+        return null;
+    }
+    if (!res.ok)
+        throw new Error(`GitHub ref ${branch} failed: ${res.status} ${await res.text()}`);
+    return (await res.json()).object.sha;
+}
+/** Create `branch` pointing at `fromSha`. Throws on any failure including an existing ref. */
+export async function createBranch(repo, branch, fromSha, token) {
+    const res = await fetch(gitUrl(repo, 'refs'), {
+        method: 'POST',
+        headers: headers(token),
+        body: JSON.stringify({ ref: `refs/heads/${branch}`, sha: fromSha }),
+    });
+    if (!res.ok)
+        throw new Error(`GitHub branch create ${branch} failed: ${res.status} ${await res.text()}`);
+    await res.body?.cancel();
+}
+/** Delete `branch`. A 404 (already gone) is success: the desired state holds. */
+export async function deleteBranch(repo, branch, token) {
+    const res = await fetch(gitUrl(repo, `refs/heads/${encodeURIComponent(branch)}`), {
+        method: 'DELETE',
+        headers: headers(token),
+    });
+    if (!res.ok && res.status !== 404) {
+        throw new Error(`GitHub branch delete ${branch} failed: ${res.status} ${await res.text()}`);
+    }
+    await res.body?.cancel();
+}
+/** The rel="next" URL from a GitHub Link header, or null on the last page. */
+function nextPageUrl(link) {
+    if (!link)
+        return null;
+    for (const part of link.split(',')) {
+        const match = part.match(/<([^>]+)>\s*;\s*rel="next"/);
+        if (match)
+            return match[1];
+    }
+    return null;
+}
+/** Branch names under `prefix`, sorted. The matching-refs API paginates at 30 by default, so a
+ *  site with 31+ pending entries would silently truncate; request the 100-per-page maximum and
+ *  follow the Link rel="next" chain until exhausted. */
+export async function listBranches(repo, prefix, token) {
+    const names = [];
+    let url = `${gitUrl(repo, `matching-refs/heads/${prefix}`)}?per_page=100`;
+    while (url) {
+        const res = await fetch(url, { headers: headers(token) });
+        if (!res.ok)
+            throw new Error(`GitHub matching-refs ${prefix} failed: ${res.status} ${await res.text()}`);
+        const refs = (await res.json());
+        names.push(...refs.map((r) => r.ref.replace(/^refs\/heads\//, '')));
+        url = nextPageUrl(res.headers.get('Link'));
+    }
+    return names;
+}

package/dist/github/signing.d.ts

@@ -9,7 +9,9 @@ export declare function installationToken(creds: AppCredentials): Promise<string
  * instead of re-signing and re-calling GitHub on every list and commit. A cold isolate re-mints,
  * which is always safe. This mirrors the default of @octokit/auth-app, which caches installation
  * tokens in memory and returns them until expiry. The TTL stays under GitHub's documented one-hour
- * lifetime, so a fixed margin avoids parsing the API expiry. `mint` and `now` are injected so the
+ * lifetime, so a fixed margin avoids parsing the API expiry. The cache holds the in-flight
+ * promise, not the resolved token, so a cold isolate's parallel loads coalesce into one mint;
+ * a rejected mint evicts itself so the next call retries. `mint` and `now` are injected so the
  * cache is testable with no network call and no real clock.
  */
 export declare function createInstallationTokenCache(mint?: (creds: AppCredentials) => Promise<string>, now?: () => number, ttlMs?: number): (creds: AppCredentials) => Promise<string>;

package/dist/github/signing.js

@@ -65,18 +65,26 @@ export async function installationToken(creds) {
  * instead of re-signing and re-calling GitHub on every list and commit. A cold isolate re-mints,
  * which is always safe. This mirrors the default of @octokit/auth-app, which caches installation
  * tokens in memory and returns them until expiry. The TTL stays under GitHub's documented one-hour
- * lifetime, so a fixed margin avoids parsing the API expiry. `mint` and `now` are injected so the
+ * lifetime, so a fixed margin avoids parsing the API expiry. The cache holds the in-flight
+ * promise, not the resolved token, so a cold isolate's parallel loads coalesce into one mint;
+ * a rejected mint evicts itself so the next call retries. `mint` and `now` are injected so the
  * cache is testable with no network call and no real clock.
  */
 export function createInstallationTokenCache(mint = installationToken, now = () => Date.now(), ttlMs = 55 * 60 * 1000) {
     const cache = new Map();
-    return async function get(creds) {
+    return function get(creds) {
         const hit = cache.get(creds.installationId);
         if (hit && hit.expiresAt > now())
             return hit.token;
-        const token = await mint(creds);
-        cache.set(creds.installationId, { token, expiresAt: now() + ttlMs });
-        return token;
+        const entry = { token: mint(creds), expiresAt: now() + ttlMs };
+        cache.set(creds.installationId, entry);
+        // Evict only this entry on rejection: a newer entry that replaced it must survive. The
+        // caller's await surfaces the rejection itself, so this side handler swallows nothing.
+        entry.token.catch(() => {
+            if (cache.get(creds.installationId) === entry)
+                cache.delete(creds.installationId);
+        });
+        return entry.token;
     };
 }
 /** The shared installation-token cache, one instance per Worker isolate. */

package/dist/log/events.d.ts

@@ -1 +1 @@
-export type CairnLogEvent = 'auth.link.requested' | 'auth.link.send_failed' | 'auth.token.minted' | 'auth.token.confirmed' | 'auth.session.created' | 'auth.session.destroyed' | 'commit.succeeded' | 'commit.failed' | 'guard.rejected';
+export type CairnLogEvent = 'auth.link.requested' | 'auth.link.send_failed' | 'auth.token.minted' | 'auth.token.confirmed' | 'auth.session.created' | 'auth.session.destroyed' | 'commit.succeeded' | 'commit.failed' | 'entry.published' | 'entry.discarded' | 'publish.failed' | 'github.unreachable' | 'guard.rejected';

package/dist/sveltekit/content-routes.d.ts

@@ -29,6 +29,12 @@ export interface LayoutData {
     collapsedNav: string[];
     /** The session's CSRF double-submit token, rendered as a hidden field in every admin form. */
     csrf: string;
+    /** Every entry with unpublished edits (a `cairn/` ref), for the topbar's publish-all action.
+     *  Null when GitHub is unreachable, so the topbar hides the action rather than lying. */
+    pendingEntries: {
+        concept: string;
+        id: string;
+    }[] | null;
 }
 /** One row in a concept's list view. */
 export interface EntrySummary {
@@ -36,6 +42,8 @@ export interface EntrySummary {
     title: string;
     date: string | null;
     draft: boolean;
+    /** Publish state derived from the ref set: live as-is, live with pending edits, or branch-only. */
+    status: 'published' | 'edited' | 'new';
 }
 /** The concept list view's data. */
 export interface ListData {
@@ -48,6 +56,8 @@ export interface ListData {
     error: string | null;
     /** A create-form bounce error read from `?error`. */
     formError: string | null;
+    /** The entry count from a publish-all redirect (`?publishedAll=`), for the list page's flash. */
+    publishedAll: number | null;
 }
 /** The editor's data. `frontmatter` holds form-ready values (dates already `YYYY-MM-DD`). */
 export interface EditData {
@@ -69,6 +79,14 @@ export interface EditData {
     linkTargets: LinkTarget[];
     /** The entries that link to this one, for the delete guard. Empty when nothing links here. */
     inboundLinks: InboundLink[];
+    /** True when the entry has a pending branch, so the body above came from that branch. */
+    pending: boolean;
+    /** True when the entry file exists on the default branch (the live site shows it). */
+    published: boolean;
+    /** True after a publish redirect (`?published=1`), for the confirmation strip. */
+    publishedFlash: boolean;
+    /** True after a discard redirect (`?discarded=1`), for the confirmation strip. */
+    discardedFlash: boolean;
 }
 /** The structural event the content routes read; a real SvelteKit RequestEvent satisfies it. */
 export interface ContentEvent {
@@ -91,12 +109,15 @@ export interface ContentRoutesDeps {
     mintToken?: (env: GithubKeyEnv) => Promise<string>;
 }
 export declare function createContentRoutes(runtime: CairnRuntime, deps?: ContentRoutesDeps): {
-    layoutLoad: (event: ContentEvent) => LayoutData;
+    layoutLoad: (event: ContentEvent) => Promise<LayoutData>;
     indexRedirect: () => never;
     listLoad: (event: ContentEvent) => Promise<ListData>;
     createAction: (event: ContentEvent) => Promise<never>;
     editLoad: (event: ContentEvent) => Promise<EditData>;
     saveAction: (event: ContentEvent) => Promise<ReturnType<typeof fail> | never>;
+    publishAction: (event: ContentEvent) => Promise<ReturnType<typeof fail> | never>;
+    publishAllAction: (event: ContentEvent) => Promise<never>;
+    discardAction: (event: ContentEvent) => Promise<never>;
     deleteAction: (event: ContentEvent) => Promise<ReturnType<typeof fail> | never>;
     listDeleteAction: (event: ContentEvent) => Promise<ReturnType<typeof fail> | never>;
     renameAction: (event: ContentEvent) => Promise<ReturnType<typeof fail> | never>;