@glw907/cairn-cms 0.4.0 → 0.5.0

package/dist/render/registry.d.ts

@@ -0,0 +1,28 @@
+import type { Element } from 'hast';
+/** A site component: how it inserts (editor) and how it renders (rehype). */
+export interface ComponentDef {
+    /** Directive name, e.g. 'card' (matches `:::card`). */
+    name: string;
+    /** Palette label. */
+    label: string;
+    /** Palette description. */
+    description: string;
+    /** Markdown scaffold inserted at the cursor by the editor palette. */
+    insertTemplate: string;
+    /** Build the final hast element from the stamped directive element. */
+    build: (node: Element, rise?: string) => Element;
+    /** Optional role→default-icon (e.g. `{ caution: 'warning' }`). */
+    defaultIconByRole?: Record<string, string>;
+}
+export interface ComponentRegistry {
+    defs: ComponentDef[];
+    names: string[];
+    get(name: string): ComponentDef | undefined;
+    defaultIcon(name: string, role?: string): string | undefined;
+}
+/** Build a registry from a site's component definitions. The single source the
+ *  render pipeline (directive stamp + rehype dispatch) and the editor palette read. */
+export declare function defineRegistry(input: {
+    components: ComponentDef[];
+}): ComponentRegistry;
+//# sourceMappingURL=registry.d.ts.map

package/dist/render/registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../src/lib/render/registry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAEpC,6EAA6E;AAC7E,MAAM,WAAW,YAAY;IAC5B,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;IACb,qBAAqB;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,2BAA2B;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,sEAAsE;IACtE,cAAc,EAAE,MAAM,CAAC;IACvB,uEAAuE;IACvE,KAAK,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC;IACjD,kEAAkE;IAClE,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC3C;AAED,MAAM,WAAW,iBAAiB;IACjC,IAAI,EAAE,YAAY,EAAE,CAAC;IACrB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS,CAAC;IAC5C,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;CAC7D;AAED;uFACuF;AACvF,wBAAgB,cAAc,CAAC,KAAK,EAAE;IAAE,UAAU,EAAE,YAAY,EAAE,CAAA;CAAE,GAAG,iBAAiB,CAQvF"}

package/dist/render/registry.js

@@ -0,0 +1,11 @@
+/** Build a registry from a site's component definitions. The single source the
+ *  render pipeline (directive stamp + rehype dispatch) and the editor palette read. */
+export function defineRegistry(input) {
+    const byName = new Map(input.components.map((c) => [c.name, c]));
+    return {
+        defs: input.components,
+        names: input.components.map((c) => c.name),
+        get: (name) => byName.get(name),
+        defaultIcon: (name, role) => (role ? byName.get(name)?.defaultIconByRole?.[role] : undefined),
+    };
+}

package/dist/render/rehype-dispatch.d.ts

@@ -0,0 +1,24 @@
+import type { Root, Element, ElementContent } from 'hast';
+import type { ComponentRegistry } from './registry';
+export declare function isElement(node: ElementContent | undefined): node is Element;
+export declare function strProp(node: Element, name: string): string | undefined;
+/** Wrap a pre-built glyph in an ec-icon span; secondary role adds the modifier. */
+export declare function iconSpan(glyphEl: Element, role?: string): Element;
+/** A site's icon factory: turn a stamped icon name + role into a hast element. */
+export type MakeIcon = (name: string, role?: string) => Element;
+export declare function splitHead(node: Element, makeIcon?: MakeIcon): {
+    head: Element;
+    rest: ElementContent[];
+};
+/** Section wrapper: `<section class=…><div class="card-body">…</div></section>`,
+ *  with an optional inline rise style. */
+export declare function cardShell(classes: string[], rise: string | undefined, body: ElementContent[]): Element;
+/** Tag the first <ul> among children with `ec-grid` and strip its whitespace-only
+ *  text nodes so the bare list serializes without newlines. Returns that <ul>. */
+export declare function markFirstList(children: ElementContent[]): Element | undefined;
+/** Rehype transformer: dispatch each stamped element through its registry `build`
+ *  fn. Top-level primitives get a document-order rise stagger when `rise` is
+ *  supplied (a site's per-index motion formula); nested ones don't. Non-primitive
+ *  content (lede, intro paragraphs, the page-toc nav) passes through untouched. */
+export declare function rehypeDispatch(registry: ComponentRegistry, rise?: (idx: number) => string): (tree: Root) => void;
+//# sourceMappingURL=rehype-dispatch.d.ts.map

package/dist/render/rehype-dispatch.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rehype-dispatch.d.ts","sourceRoot":"","sources":["../../src/lib/render/rehype-dispatch.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,cAAc,EAAc,MAAM,MAAM,CAAC;AAEtE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAEpD,wBAAgB,SAAS,CAAC,IAAI,EAAE,cAAc,GAAG,SAAS,GAAG,IAAI,IAAI,OAAO,CAE3E;AAKD,wBAAgB,OAAO,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAGvE;AAED,mFAAmF;AACnF,wBAAgB,QAAQ,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,CAGjE;AAED,kFAAkF;AAClF,MAAM,MAAM,QAAQ,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC;AAMhE,wBAAgB,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,EAAE,QAAQ,GAAG;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,cAAc,EAAE,CAAA;CAAE,CAYvG;AAED;0CAC0C;AAC1C,wBAAgB,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,GAAG,SAAS,EAAE,IAAI,EAAE,cAAc,EAAE,GAAG,OAAO,CAItG;AAED;kFACkF;AAClF,wBAAgB,aAAa,CAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,OAAO,GAAG,SAAS,CAS7E;AAmBD;;;mFAGmF;AACnF,wBAAgB,cAAc,CAAC,QAAQ,EAAE,iBAAiB,EAAE,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,MAAM,IACjF,MAAM,IAAI,UAUlB"}

package/dist/render/rehype-dispatch.js

@@ -0,0 +1,86 @@
+import { h } from 'hastscript';
+export function isElement(node) {
+    return !!node && node.type === 'element';
+}
+// hast Properties values are PropertyValue (string | number | boolean | array | null).
+// Directive markers (dataIcon/dataRole/dataPrimitive) are always stamped as strings;
+// this reads them back with that guarantee instead of casting at each call site.
+export function strProp(node, name) {
+    const value = node.properties?.[name];
+    return typeof value === 'string' ? value : undefined;
+}
+/** Wrap a pre-built glyph in an ec-icon span; secondary role adds the modifier. */
+export function iconSpan(glyphEl, role) {
+    const className = role === 'secondary' ? ['ec-icon', 'ec-icon-secondary'] : ['ec-icon'];
+    return h('span', { className }, [glyphEl]);
+}
+// Pull the section's <h2> out, retag it .card-title, and build the .ec-head row
+// (optional icon + heading). Returns the head plus the remaining body children.
+// `makeIcon` (site-supplied) turns the stamped data-icon into an element; omit it
+// for a head with no icon.
+export function splitHead(node, makeIcon) {
+    const children = node.children;
+    const i = children.findIndex((c) => isElement(c) && c.tagName === 'h2');
+    const h2 = children[i];
+    h2.properties = { ...h2.properties, className: ['card-title'] };
+    const rest = children.filter((_, j) => j !== i);
+    const icon = strProp(node, 'dataIcon');
+    const role = strProp(node, 'dataRole');
+    const headKids = [];
+    if (makeIcon && icon)
+        headKids.push(makeIcon(icon, role));
+    headKids.push(h2);
+    return { head: h('div', { className: ['ec-head'] }, headKids), rest };
+}
+/** Section wrapper: `<section class=…><div class="card-body">…</div></section>`,
+ *  with an optional inline rise style. */
+export function cardShell(classes, rise, body) {
+    const properties = { className: classes };
+    if (rise)
+        properties.style = rise;
+    return h('section', properties, [h('div', { className: ['card-body'] }, body)]);
+}
+/** Tag the first <ul> among children with `ec-grid` and strip its whitespace-only
+ *  text nodes so the bare list serializes without newlines. Returns that <ul>. */
+export function markFirstList(children) {
+    const ul = children.find((c) => isElement(c) && c.tagName === 'ul');
+    if (ul) {
+        ul.properties = { ...ul.properties, className: ['ec-grid'] };
+        ul.children = ul.children.filter((c) => !(c.type === 'text' && /^\s*$/.test(c.value)));
+    }
+    return ul;
+}
+// Recurse into a node's children, transforming any nested primitive sections
+// (a grid inside a card, panels inside a split) WITHOUT a rise stagger.
+function transformChildren(children, registry) {
+    return children.map((c) => {
+        if (isElement(c) && c.properties?.dataPrimitive)
+            return transformNode(c, registry);
+        if (isElement(c))
+            c.children = transformChildren(c.children, registry);
+        return c;
+    });
+}
+function transformNode(node, registry, rise) {
+    node.children = transformChildren(node.children, registry);
+    const name = strProp(node, 'dataPrimitive');
+    const def = name ? registry.get(name) : undefined;
+    return def ? def.build(node, rise) : node;
+}
+/** Rehype transformer: dispatch each stamped element through its registry `build`
+ *  fn. Top-level primitives get a document-order rise stagger when `rise` is
+ *  supplied (a site's per-index motion formula); nested ones don't. Non-primitive
+ *  content (lede, intro paragraphs, the page-toc nav) passes through untouched. */
+export function rehypeDispatch(registry, rise) {
+    return (tree) => {
+        let idx = 0;
+        tree.children = tree.children.map((child) => {
+            if (isElement(child) && child.properties?.dataPrimitive) {
+                return transformNode(child, registry, rise ? rise(idx++) : undefined);
+            }
+            if (isElement(child))
+                child.children = transformChildren(child.children, registry);
+            return child;
+        });
+    };
+}

package/dist/render/remark-directives.d.ts

@@ -0,0 +1,4 @@
+import type { Root } from 'mdast';
+import type { ComponentRegistry } from './registry';
+export declare function remarkDirectiveStamp(registry: ComponentRegistry): (tree: Root) => void;
+//# sourceMappingURL=remark-directives.d.ts.map

package/dist/render/remark-directives.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"remark-directives.d.ts","sourceRoot":"","sources":["../../src/lib/render/remark-directives.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAA8B,IAAI,EAAQ,MAAM,OAAO,CAAC;AAGpE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAmCpD,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,iBAAiB,IAEvD,MAAM,IAAI,UA8BlB"}

package/dist/render/remark-directives.js

@@ -0,0 +1,74 @@
+import { visit } from 'unist-util-visit';
+// Reconstruct a directive's authored attribute block (`{#id .class key="value"}`).
+// Accidental prose directives carry none, so this is almost always empty.
+function serializeAttributes(attributes) {
+    if (!attributes)
+        return '';
+    const tokens = [];
+    for (const [key, value] of Object.entries(attributes)) {
+        if (value == null)
+            tokens.push(key);
+        else if (key === 'id')
+            tokens.push(`#${value}`);
+        else if (key === 'class')
+            for (const c of value.split(/\s+/).filter(Boolean))
+                tokens.push(`.${c}`);
+        else
+            tokens.push(`${key}="${value}"`);
+    }
+    return tokens.length ? `{${tokens.join(' ')}}` : '';
+}
+// The vocabulary is container-only (`:::name`). A text directive (`:name`) or
+// leaf directive (`::name`) is therefore always an accidental colon in prose
+// ("4:00", "9:30", "ratio 16:9") that micromark tokenized as a directive.
+// Restore it to its literal source text so prose renders verbatim.
+function restoreLiteral(node) {
+    const marker = node.type === 'leafDirective' ? '::' : ':';
+    const attrs = serializeAttributes(node.attributes);
+    if (node.children.length === 0) {
+        return [{ type: 'text', value: marker + node.name + attrs }];
+    }
+    const open = { type: 'text', value: `${marker}${node.name}[` };
+    const close = { type: 'text', value: `]${attrs}` };
+    return [open, ...node.children, close];
+}
+// Stamp each registered container directive with data-* markers carrying its
+// component name, icon, and role. No structure is built here; the rehype
+// dispatcher rewrites the marked elements once their children are hast.
+// Text and leaf directives are restored to literal text (accidental prose colons).
+export function remarkDirectiveStamp(registry) {
+    const known = new Set(registry.names);
+    return (tree) => {
+        visit(tree, 'containerDirective', (node) => {
+            if (!known.has(node.name))
+                return;
+            const attrs = node.attributes ?? {};
+            const role = attrs.role || undefined;
+            let icon = attrs.icon || undefined;
+            if (!icon && role)
+                icon = registry.defaultIcon(node.name, role);
+            const properties = { dataPrimitive: node.name };
+            if (icon)
+                properties.dataIcon = icon;
+            if (role)
+                properties.dataRole = role;
+            const data = node.data ?? (node.data = {});
+            data.hName = 'div';
+            data.hProperties = properties;
+        });
+        visit(tree, ['textDirective', 'leafDirective'], (node, index, parent) => {
+            if (!parent || index == null)
+                return;
+            const literal = restoreLiteral(node);
+            if (node.type === 'leafDirective') {
+                // Leaf directives sit at block level; wrap the restored text in a paragraph.
+                const paragraph = { type: 'paragraph', children: literal };
+                parent.children.splice(index, 1, paragraph);
+            }
+            else {
+                parent.children.splice(index, 1, ...literal);
+            }
+            return index;
+        });
+    };
+}

package/dist/sveltekit/index.d.ts

@@ -1,7 +1,7 @@
 import type { CairnUser } from '../auth/guard';
 import { type RepoFile } from '../github';
 import { type CairnAdapter, type CairnField } from '../adapter';
-/** The `platform.env` bindings the content routes read. All optional — the handlers guard. */
+/** The `platform.env` bindings the content routes read. All optional; the handlers guard. */
 export interface AdminEnv {
     GITHUB_APP_ID?: string;
     GITHUB_APP_INSTALLATION_ID?: string;
@@ -19,7 +19,7 @@ export interface AdminLayoutData {
 }
 /**
  * Branding + session for every admin page. `siteName` flows from the adapter without pulling
- * its plugin graph into client bundles — the import stays server-side in the layout load.
+ * its plugin graph into client bundles; the import stays server-side in the layout load.
  * `pathname` lets the shared shell highlight the active nav item without a `$app/*` import
  * (those kit virtual modules have no types outside a kit app, so they can't live in the
  * package); reading `event.url` here also opts the layout load into rerunning on navigation.
@@ -65,5 +65,20 @@ export declare function saveCommit(event: PlatformEvent & {
         user: CairnUser | null;
     };
 }, adapter: CairnAdapter): Promise<never>;
+export interface HealthData {
+    ok: boolean;
+    checks: {
+        githubAppSigning: {
+            ok: boolean;
+            detail?: string;
+        };
+    };
+}
+/**
+ * Deploy-time health check (M2): signs a dummy App JWT to prove the GitHub App key loads and
+ * the PKCS#1→PKCS#8 conversion still works, before an editor hits it on save. Behind the
+ * `/admin` guard (signed-in editors only); returns ok/fail with no secret in the body.
+ */
+export declare function healthLoad(event: PlatformEvent): Promise<HealthData>;
 export {};
 //# sourceMappingURL=index.d.ts.map

package/dist/sveltekit/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/lib/sveltekit/index.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAwD,KAAK,QAAQ,EAAE,MAAM,WAAW,CAAC;AAEhG,OAAO,EAAuC,KAAK,YAAY,EAAE,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAErG,8FAA8F;AAC9F,MAAM,WAAW,QAAQ;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,0BAA0B,CAAC,EAAE,MAAM,CAAC;CACrC;AAED,UAAU,aAAa;IACrB,QAAQ,CAAC,EAAE;QAAE,GAAG,CAAC,EAAE,QAAQ,CAAA;KAAE,CAAC;CAC/B;AA2BD,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,SAAS,GAAG,IAAI,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAC7B,KAAK,EAAE;IAAE,MAAM,EAAE;QAAE,IAAI,EAAE,SAAS,GAAG,IAAI,CAAA;KAAE,CAAC;IAAC,GAAG,EAAE,GAAG,CAAA;CAAE,EACvD,OAAO,EAAE,YAAY,GACpB,eAAe,CAEjB;AAID,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,QAAQ,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,4FAA4F;AAC5F,wBAAsB,aAAa,CACjC,KAAK,EAAE,aAAa,EACpB,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC;IAAE,WAAW,EAAE,mBAAmB,EAAE,CAAA;CAAE,CAAC,CAajD;AAID,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,UAAU,EAAE,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED,wBAAsB,QAAQ,CAC5B,KAAK,EAAE,aAAa,GAAG;IAAE,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IAAC,GAAG,EAAE,GAAG,CAAA;CAAE,EACzE,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,QAAQ,CAAC,CAyBnB;AAID,wBAAsB,UAAU,CAC9B,KAAK,EAAE,aAAa,GAAG;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE;QAAE,IAAI,EAAE,SAAS,GAAG,IAAI,CAAA;KAAE,CAAA;CAAE,EAC/E,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,KAAK,CAAC,CA0ChB"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/lib/sveltekit/index.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAOL,KAAK,QAAQ,EACd,MAAM,WAAW,CAAC;AAEnB,OAAO,EAAuC,KAAK,YAAY,EAAE,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAErG,6FAA6F;AAC7F,MAAM,WAAW,QAAQ;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,0BAA0B,CAAC,EAAE,MAAM,CAAC;CACrC;AAED,UAAU,aAAa;IACrB,QAAQ,CAAC,EAAE;QAAE,GAAG,CAAC,EAAE,QAAQ,CAAA;KAAE,CAAC;CAC/B;AA2BD,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,SAAS,GAAG,IAAI,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAC7B,KAAK,EAAE;IAAE,MAAM,EAAE;QAAE,IAAI,EAAE,SAAS,GAAG,IAAI,CAAA;KAAE,CAAC;IAAC,GAAG,EAAE,GAAG,CAAA;CAAE,EACvD,OAAO,EAAE,YAAY,GACpB,eAAe,CAEjB;AAID,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,QAAQ,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,4FAA4F;AAC5F,wBAAsB,aAAa,CACjC,KAAK,EAAE,aAAa,EACpB,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC;IAAE,WAAW,EAAE,mBAAmB,EAAE,CAAA;CAAE,CAAC,CAajD;AAID,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,UAAU,EAAE,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED,wBAAsB,QAAQ,CAC5B,KAAK,EAAE,aAAa,GAAG;IAAE,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IAAC,GAAG,EAAE,GAAG,CAAA;CAAE,EACzE,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,QAAQ,CAAC,CAyBnB;AAID,wBAAsB,UAAU,CAC9B,KAAK,EAAE,aAAa,GAAG;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE;QAAE,IAAI,EAAE,SAAS,GAAG,IAAI,CAAA;KAAE,CAAA;CAAE,EAC/E,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,KAAK,CAAC,CAoDhB;AAID,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,OAAO,CAAC;IACZ,MAAM,EAAE;QAAE,gBAAgB,EAAE;YAAE,EAAE,EAAE,OAAO,CAAC;YAAC,MAAM,CAAC,EAAE,MAAM,CAAA;SAAE,CAAA;KAAE,CAAC;CAChE;AAED;;;;GAIG;AACH,wBAAsB,UAAU,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,CAS1E"}

package/dist/sveltekit/index.js

@@ -2,22 +2,22 @@
 // route files are thin shims (`export const load = (event) => editLoad(event, cairn)`).
 //
 // SvelteKit's filesystem routing requires the route *files* to live in each site's
-// `src/routes/`, but their bodies are identical across sites — only the adapter differs.
+// `src/routes/`, but their bodies are identical across sites. Only the adapter differs.
 // These functions take the SvelteKit event (typed structurally, to avoid depending on the
 // site-generated `App.*` ambient types) plus the site `CairnAdapter`, and throw
 // `redirect`/`error` from `@sveltejs/kit` (a peer dependency, so the thrown objects share
-// class identity with the host's runtime — else the redirect 500s). Auth/session/manage-editors
+// class identity with the host's runtime; otherwise the redirect 500s). Auth/session/manage-editors
 // logic lives under `@glw907/cairn-cms/auth`; this module is content-only (list/edit/save).
 import { redirect, error } from '@sveltejs/kit';
 import matter from 'gray-matter';
-import { listMarkdown, readRaw, commitFile, installationToken } from '../github';
+import { listMarkdown, readRaw, commitFile, installationToken, signingSelfTest, CommitConflictError, } from '../github';
 import { serializeMarkdown } from '../content';
 import { findCollection, frontmatterFromForm } from '../adapter';
 /**
  * Mint a GitHub App installation token for *reads* when the App is configured, else undefined
  * (reads then fall back to anonymous). Authenticated reads get the 5000/hr limit; anonymous
  * reads share GitHub's 60/hr-per-IP budget across Cloudflare's egress IPs, so they 403 in prod.
- * A mint failure degrades gracefully to anonymous rather than 500ing — unlike the commit path,
+ * A mint failure degrades gracefully to anonymous rather than 500ing. Unlike the commit path,
  * where a missing App is fatal, a read can still succeed unauthenticated.
  */
 async function readToken(env) {
@@ -38,7 +38,7 @@ async function readToken(env) {
 }
 /**
  * Branding + session for every admin page. `siteName` flows from the adapter without pulling
- * its plugin graph into client bundles — the import stays server-side in the layout load.
+ * its plugin graph into client bundles; the import stays server-side in the layout load.
  * `pathname` lets the shared shell highlight the active nav item without a `$app/*` import
  * (those kit virtual modules have no types outside a kit app, so they can't live in the
  * package); reading `event.url` here also opts the layout load into rerunning on navigation.
@@ -117,6 +117,33 @@ export async function saveCommit(event, adapter) {
         installationId: env.GITHUB_APP_INSTALLATION_ID,
         privateKeyB64: env.GITHUB_APP_PRIVATE_KEY_B64,
     });
-    await commitFile(adapter.backend, `${collection.dir}/${id}.md`, markdown, { message: `Update ${collection.label.toLowerCase()}: ${id}`, author: { name: user.name, email: user.email } }, token);
+    try {
+        await commitFile(adapter.backend, `${collection.dir}/${id}.md`, markdown, { message: `Update ${collection.label.toLowerCase()}: ${id}`, author: { name: user.name, email: user.email } }, token);
+    }
+    catch (err) {
+        // Concurrent-edit 409 (C3): fail safe. Bounce back with a reload prompt; the editor reloads
+        // the current version and reapplies. Any other error is unexpected, so rethrow.
+        if (err instanceof CommitConflictError) {
+            const message = 'This file changed since you opened it. Reload and reapply your edits.';
+            throw redirect(303, `/admin/edit/${type}/${id}?error=${encodeURIComponent(message)}`);
+        }
+        throw err;
+    }
     throw redirect(303, `/admin/edit/${type}/${id}?saved=1`);
 }
+/**
+ * Deploy-time health check (M2): signs a dummy App JWT to prove the GitHub App key loads and
+ * the PKCS#1→PKCS#8 conversion still works, before an editor hits it on save. Behind the
+ * `/admin` guard (signed-in editors only); returns ok/fail with no secret in the body.
+ */
+export async function healthLoad(event) {
+    const env = event.platform?.env;
+    let githubAppSigning;
+    if (env?.GITHUB_APP_ID && env.GITHUB_APP_PRIVATE_KEY_B64) {
+        githubAppSigning = await signingSelfTest(env.GITHUB_APP_ID, env.GITHUB_APP_PRIVATE_KEY_B64);
+    }
+    else {
+        githubAppSigning = { ok: false, detail: 'GitHub App not configured' };
+    }
+    return { ok: githubAppSigning.ok, checks: { githubAppSigning } };
+}

package/dist/utils.d.ts

@@ -1,3 +1,3 @@
-/** Encode bytes as unpadded base64url (RFC 4648 §5) — the JWT/token wire format. */
+/** Encode bytes as unpadded base64url (RFC 4648 §5), the JWT/token wire format. */
 export declare function bytesToB64url(bytes: Uint8Array): string;
 //# sourceMappingURL=utils.d.ts.map

package/dist/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/lib/utils.ts"],"names":[],"mappings":"AAOA,oFAAoF;AACpF,wBAAgB,aAAa,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAGvD"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/lib/utils.ts"],"names":[],"mappings":"AAOA,mFAAmF;AACnF,wBAAgB,aAAa,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAGvD"}

package/dist/utils.js

@@ -1,10 +1,10 @@
 // cairn-core: internal encoding helpers shared across modules.
 //
-// Deliberately NOT re-exported from index.ts — these are implementation details of the
+// Deliberately NOT re-exported from index.ts. These are implementation details of the
 // auth/github crypto, not part of the public API (auth.ts signs tokens, github.ts builds
 // the App JWT; both need base64url). Keeping them here stops bytesToB64url leaking through
 // the `export *` barrel.
-/** Encode bytes as unpadded base64url (RFC 4648 §5) — the JWT/token wire format. */
+/** Encode bytes as unpadded base64url (RFC 4648 §5), the JWT/token wire format. */
 export function bytesToB64url(bytes) {
     const binary = Array.from(bytes, (b) => String.fromCharCode(b)).join('');
     return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@glw907/cairn-cms",
-  "version": "0.4.0",
+  "version": "0.5.0",
   "description": "Embedded, magic-link, GitHub-committing CMS for SvelteKit/Cloudflare sites.",
   "type": "module",
   "license": "MIT",
@@ -86,7 +86,20 @@
     "svelte": "^5.0.0"
   },
   "dependencies": {
-    "gray-matter": "^4"
+    "@types/hast": "^3.0.4",
+    "@types/mdast": "^4.0.4",
+    "gray-matter": "^4",
+    "hastscript": "^9.0.1",
+    "mdast-util-directive": "^3.1.0",
+    "rehype-raw": "^7.0.0",
+    "rehype-slug": "^6.0.0",
+    "rehype-stringify": "^10.0.1",
+    "remark-directive": "^4.0.0",
+    "remark-gfm": "^4",
+    "remark-parse": "^11.0.0",
+    "remark-rehype": "^11.1.2",
+    "unified": "^11.0.5",
+    "unist-util-visit": "^5.1.0"
   },
   "devDependencies": {
     "@better-auth/cli": "^1.4.21",
@@ -103,7 +116,6 @@
     "svelte": "^5",
     "svelte-check": "^4",
     "typescript": "^6.0.3",
-    "unified": "^11.0.5",
     "vitest": "^4.1.6"
   }
 }

package/src/lib/adapter.ts

@@ -3,11 +3,12 @@
 // This is the single seam that lets one admin surface serve different designs. A site
 // supplies a `CairnAdapter` (see `src/lib/cairn.config.ts`) describing its backend repo,
 // its editable collections (folder + form fields + frontmatter validator), and its preview
-// plugin set. cairn-core never hard-codes a collection, tag, or directive — it reads them
+// plugin set. cairn-core never hard-codes a collection, tag, or directive; it reads them
 // from the adapter. Field descriptors are plain data so a load function can hand them to
-// the editor form across the server→client boundary.
+// the editor form across the server-to-client boundary.
 import type { PreviewPlugins } from './carta';
 import type { RepoRef } from './github';
+import type { ComponentRegistry } from './render';
 
 interface FieldBase {
   /** Frontmatter key and form input name. */
@@ -63,13 +64,21 @@ export interface CairnCollection {
 export interface CairnAdapter {
   /** Branding + magic-link email copy. */
   siteName: string;
-  /** From: address for magic-link email — a domain-authenticated sender. */
+  /** From: address for magic-link email (must be a domain-authenticated sender). */
   sender: string;
   /** The repository the admin reads content from and commits to. */
   backend: RepoRef;
   /** Site plugin set for the Carta preview (parity with the live render). */
   preview: PreviewPlugins;
   collections: CairnCollection[];
+  /**
+   * The site's component registry: the single declaration of its directive
+   * components (R10a). Rendering parity already flows through `preview`; this
+   * exposes the same registry so the editor's insert-component palette can read
+   * `registry.defs`. Optional: a site with no rich components (e.g. 907.life) may
+   * omit it or supply an empty registry.
+   */
+  registry?: ComponentRegistry;
 }
 
 /** Look up a collection by its route segment, or undefined if the segment is unknown. */

package/src/lib/auth/config.ts

@@ -1,5 +1,5 @@
 // cairn-core: the better-auth instance. Auth is engine code (engine-fat rule), so the whole
-// config — Drizzle/D1 adapter, magic-link (POST-confirm-shaped send), admin roles — lives here.
+// config lives here: Drizzle/D1 adapter, magic-link (POST-confirm-shaped send), admin roles.
 // Instantiated PER REQUEST in hooks.server.ts (the D1 binding is request-scoped); the factory
 // is cheap (no I/O at construction).
 import { betterAuth } from 'better-auth';
@@ -14,7 +14,7 @@ import * as schema from './schema';
 
 // Two-tier roles on the admin plugin's access-control system: `owner` holds every admin
 // statement (manage editors, revoke sessions); `editor` holds none (content-only). `adminRoles`
-// must name a role defined here, so owner — not the plugin's built-in `admin` — is the gate.
+// must name a role defined here, so owner (not the plugin's built-in `admin`) is the gate.
 const ac = createAccessControl(defaultStatements);
 const owner = ac.newRole(defaultStatements);
 const editor = ac.newRole({});
@@ -37,17 +37,17 @@ export interface AuthBranding {
   sender: string;
 }
 
-/** The drizzle adapter result `betterAuth` consumes — the same provider/schema everywhere. */
+/** The drizzle adapter result `betterAuth` consumes (same provider/schema everywhere). */
 type DrizzleDb = Parameters<typeof drizzleAdapter>[0];
 
 /**
  * The shared better-auth config. Kept separate from `createAuth` so the test harness can run
  * the EXACT plugin set (allowlist semantics, expiry, POST-confirm send) over an in-memory
- * SQLite instead of D1. `disableSignUp:true` makes the `user` table the editor allowlist —
+ * SQLite instead of D1. `disableSignUp:true` makes the `user` table the editor allowlist:
  * magic-link never auto-creates, so the only way in is the owner-gated admin `createUser`
  * (see auth/admins.ts). `adminRoles:['owner']` lets owners (not the default `admin` role)
  * drive the admin API. Tokens are stored hashed and consumed atomically on first verify
- * (better-auth GHSA-hc7v-rggr-4hvx) — single-use by construction (C1).
+ * (better-auth GHSA-hc7v-rggr-4hvx), single-use by construction (C1).
  */
 export function buildAuth(opts: {
   database: DrizzleDb;
@@ -70,7 +70,7 @@ export function buildAuth(opts: {
         sendMagicLink: async ({ email, token }, ctx) => {
           // Allowlist gate: better-auth always fires this callback (even for unknown emails, to
           // avoid enumeration) and only blocks user creation at verify. So gate the actual send
-          // here — never email a non-editor. The login UI shows neutral copy either way, so this
+          // here. Never email a non-editor. The login UI shows neutral copy either way, so this
           // leaks nothing; it just stops strangers receiving a dead link.
           const existing = await ctx?.context.internalAdapter.findUserByEmail(email);
           if (!existing?.user) return;

package/src/lib/auth/guard.ts

@@ -1,10 +1,10 @@
 // cairn-core: server-side auth helpers the site route shims delegate to. Each takes the
-// SvelteKit event (typed structurally, so the package never depends on a site's generated
-// `App.*` ambient types) plus the per-request `Auth` from `locals`.
+// SvelteKit event, typed structurally so the package never depends on a site's generated
+// `App.*` ambient types, plus the per-request `Auth` from `locals`.
 import { redirect } from '@sveltejs/kit';
 import type { Auth } from './config';
 
-/** The session shape the whole admin reads — layout, guards, content fns, manage-editors. */
+/** The session shape the whole admin reads: layout, guards, content fns, manage-editors. */
 export interface CairnUser {
   id: string;
   email: string;

package/src/lib/carta.ts

@@ -1,6 +1,6 @@
 // cairn-core: pure Carta options/transformer wiring for render-only preview.
 //
-// Plugins are passed in, not imported — that seam is what the Pass D adapter formalises.
+// Plugins are passed in rather than imported; that seam is what the Pass D adapter formalises.
 // No `carta-md` import: its index re-exports Svelte components that the node test env
 // can't load. The Svelte component calls `new Carta(previewCartaOptions(...))` directly.
 import type { Pluggable, Processor } from 'unified';
@@ -37,7 +37,7 @@ export function previewTransformers({ remarkPlugins, rehypePlugins }: PreviewPlu
   return [...phase(remarkPlugins, 'remark'), ...phase(rehypePlugins, 'rehype')];
 }
 
-/** Minimal Options subset we populate — avoids importing carta-md (Svelte re-exports). */
+/** Minimal Options subset we populate (avoids importing carta-md, which re-exports Svelte components). */
 interface PreviewCartaOptions {
   sanitizer: false;
   rehypeOptions: { allowDangerousHtml: boolean };

package/src/lib/components/AdminLayout.svelte

@@ -1,7 +1,7 @@
 <script lang="ts">
   // Neutral admin chrome, shared across sites so the tool looks identical everywhere (only the
   // adapter's siteName varies). When signed in it's a responsive DaisyUI drawer+navbar shell
-  // (`drawer lg:drawer-open` — sidebar pinned on desktop, slide-over + hamburger on mobile),
+  // (`drawer lg:drawer-open`, sidebar pinned on desktop, slide-over + hamburger on mobile),
   // patterned on scosman/CMSaasStarter's `(admin)/(menu)` layout. The nav is data-driven and
   // role-gated, so a new surface is one entry in `nav` (plus its route + component). Signed out
   // (the login page lives under this layout) it falls back to a minimal centered shell.
@@ -22,7 +22,7 @@
     label: string;
     icon: Snippet;
     active: boolean;
-    /** Owner-only surface — hidden from regular editors. */
+    /** Owner-only surface; hidden from regular editors. */
     owner?: boolean;
   }
 
@@ -73,7 +73,7 @@
     <input id="admin-drawer" type="checkbox" class="drawer-toggle" />
 
     <div class="drawer-content">
-      <!-- Mobile top bar — the desktop sidebar replaces this at lg. -->
+      <!-- Mobile top bar; the desktop sidebar replaces this at lg. -->
       <div class="navbar bg-base-100 lg:hidden">
         <div class="flex-1">
           <span class="px-2 text-xl font-bold">{data.siteName} CMS</span>

package/src/lib/components/AdminList.svelte

@@ -1,7 +1,7 @@
 <script lang="ts">
   // The /admin content list: every collection's files, linking into the editor. Data comes
   // from `adminListLoad` (collections) merged with `adminLayoutLoad` (siteName). The shell
-  // (AdminLayout) owns the chrome — site title, signed-in identity, nav, sign out — so this
+  // (AdminLayout) owns the chrome (site title, signed-in identity, nav, sign out), so this
   // page renders only the content body.
   import type { AdminCollectionList } from '../sveltekit';
 

package/src/lib/components/ConfirmPage.svelte

@@ -1,6 +1,6 @@
 <script lang="ts">
-  // The scanner-safe confirm surface (C2). A GET renders this static page — nothing is consumed.
-  // The token rides in a hidden field; only the explicit form POST (the route's default action →
+  // The scanner-safe confirm surface (C2). A GET renders this static page and consumes nothing.
+  // The token rides in a hidden field; only the explicit form POST (the route's default action,
   // confirmSignIn) verifies it. Mail scanners GET URLs but don't submit forms, so prefetch can't
   // burn the link. JS-free by design.
   interface Props {

package/src/lib/components/EditPage.svelte

@@ -13,21 +13,21 @@
 
   // Body is editable state; the Carta editor's preview runs the exact site plugin set, so it
   // matches the live page. A hidden input carries the current value into the form.
-  // svelte-ignore state_referenced_locally — seeding from the initial load is intended.
+  // svelte-ignore state_referenced_locally (seeding from the initial load is intended)
   let body = $state(data.body);
 
-  // svelte-ignore state_referenced_locally — the preview plugin set is fixed for the load.
+  // svelte-ignore state_referenced_locally (the preview plugin set is fixed for the load)
   const carta = new Carta(previewCartaOptions(preview));
 
   // Carta's MarkdownEditor must not render on the worker (it pulls Shiki). onMount fires only
-  // in the browser, so SSR renders the plain textarea and the client swaps in the editor —
-  // the kit-free equivalent of the per-site route's `$app/environment` `browser` guard.
+  // in the browser, so SSR renders the plain textarea and the client swaps in the editor.
+  // This is the kit-free equivalent of the per-site route's `$app/environment` `browser` guard.
   let mounted = $state(false);
   onMount(() => {
     mounted = true;
   });
 
-  // svelte-ignore state_referenced_locally — form defaults from the initial load.
+  // svelte-ignore state_referenced_locally (form defaults from the initial load)
   const fm = data.frontmatter as Record<string, unknown>;
 
   function fmString(key: string): string {