@glw907/cairn-cms 0.4.0 → 0.5.1

package/src/lib/render/remark-directives.ts

@@ -0,0 +1,71 @@
+import type { Paragraph, PhrasingContent, Root, Text } from 'mdast';
+import type { ContainerDirective, LeafDirective, TextDirective } from 'mdast-util-directive';
+import { visit } from 'unist-util-visit';
+import type { ComponentRegistry } from './registry';
+
+// Reconstruct a directive's authored attribute block (`{#id .class key="value"}`).
+// Accidental prose directives carry none, so this is almost always empty.
+function serializeAttributes(attributes?: Record<string, string | null | undefined> | null): string {
+	if (!attributes) return '';
+	const tokens: string[] = [];
+	for (const [key, value] of Object.entries(attributes)) {
+		if (value == null) tokens.push(key);
+		else if (key === 'id') tokens.push(`#${value}`);
+		else if (key === 'class') for (const c of value.split(/\s+/).filter(Boolean)) tokens.push(`.${c}`);
+		else tokens.push(`${key}="${value}"`);
+	}
+	return tokens.length ? `{${tokens.join(' ')}}` : '';
+}
+
+// The vocabulary is container-only (`:::name`). A text directive (`:name`) or
+// leaf directive (`::name`) is therefore always an accidental colon in prose
+// ("4:00", "9:30", "ratio 16:9") that micromark tokenized as a directive.
+// Restore it to its literal source text so prose renders verbatim.
+function restoreLiteral(node: TextDirective | LeafDirective): PhrasingContent[] {
+	const marker = node.type === 'leafDirective' ? '::' : ':';
+	const attrs = serializeAttributes(node.attributes);
+	if (node.children.length === 0) {
+		return [{ type: 'text', value: marker + node.name + attrs }];
+	}
+	const open: Text = { type: 'text', value: `${marker}${node.name}[` };
+	const close: Text = { type: 'text', value: `]${attrs}` };
+	return [open, ...(node.children as PhrasingContent[]), close];
+}
+
+// Stamp each registered container directive with data-* markers carrying its
+// component name, icon, and role. No structure is built here; the rehype
+// dispatcher rewrites the marked elements once their children are hast.
+// Text and leaf directives are restored to literal text (accidental prose colons).
+export function remarkDirectiveStamp(registry: ComponentRegistry) {
+	const known = new Set(registry.names);
+	return (tree: Root) => {
+		visit(tree, 'containerDirective', (node: ContainerDirective) => {
+			if (!known.has(node.name)) return;
+			const attrs = node.attributes ?? {};
+			const role = attrs.role || undefined;
+			let icon = attrs.icon || undefined;
+			if (!icon && role) icon = registry.defaultIcon(node.name, role);
+
+			const properties: Record<string, string> = { dataPrimitive: node.name };
+			if (icon) properties.dataIcon = icon;
+			if (role) properties.dataRole = role;
+
+			const data = node.data ?? (node.data = {});
+			data.hName = 'div';
+			data.hProperties = properties;
+		});
+
+		visit(tree, ['textDirective', 'leafDirective'], (node, index, parent) => {
+			if (!parent || index == null) return;
+			const literal = restoreLiteral(node as TextDirective | LeafDirective);
+			if (node.type === 'leafDirective') {
+				// Leaf directives sit at block level; wrap the restored text in a paragraph.
+				const paragraph: Paragraph = { type: 'paragraph', children: literal };
+				parent.children.splice(index, 1, paragraph);
+			} else {
+				parent.children.splice(index, 1, ...literal);
+			}
+			return index;
+		});
+	};
+}

package/src/lib/slug.ts

@@ -0,0 +1,16 @@
+// cairn-core: derive a filename-safe slug stem from a human title, for the create-entry form.
+// The admin is filename-based (Pass E): this produces the editable stem an author can adjust,
+// matching the server-side SLUG_RE (lowercase alphanumerics and internal hyphens). Pure.
+
+/**
+ * Lowercase a title into a filename-safe slug stem.
+ * Apostrophes are dropped so "Geoff's" becomes "geoffs" (no spurious hyphen).
+ * All other non-alphanumeric runs become a single hyphen; leading/trailing hyphens are trimmed.
+ */
+export function slugify(title: string): string {
+  return title
+    .toLowerCase()
+    .replace(/'/g, '')
+    .replace(/[^a-z0-9]+/g, '-')
+    .replace(/^-+|-+$/g, '');
+}

package/src/lib/sveltekit/index.ts

@@ -2,20 +2,30 @@
 // route files are thin shims (`export const load = (event) => editLoad(event, cairn)`).
 //
 // SvelteKit's filesystem routing requires the route *files* to live in each site's
-// `src/routes/`, but their bodies are identical across sites — only the adapter differs.
+// `src/routes/`, but their bodies are identical across sites. Only the adapter differs.
 // These functions take the SvelteKit event (typed structurally, to avoid depending on the
 // site-generated `App.*` ambient types) plus the site `CairnAdapter`, and throw
 // `redirect`/`error` from `@sveltejs/kit` (a peer dependency, so the thrown objects share
-// class identity with the host's runtime — else the redirect 500s). Auth/session/manage-editors
+// class identity with the host's runtime; otherwise the redirect 500s). Auth/session/manage-editors
 // logic lives under `@glw907/cairn-cms/auth`; this module is content-only (list/edit/save).
 import { redirect, error } from '@sveltejs/kit';
 import matter from 'gray-matter';
 import type { CairnUser } from '../auth/guard';
-import { listMarkdown, readRaw, commitFile, installationToken, type RepoFile } from '../github';
+import { can, requireCapability } from '../auth/capabilities';
+import {
+  listMarkdown,
+  readRaw,
+  commitFile,
+  installationToken,
+  signingSelfTest,
+  CommitConflictError,
+  type RepoFile,
+} from '../github';
 import { serializeMarkdown } from '../content';
 import { findCollection, frontmatterFromForm, type CairnAdapter, type CairnField } from '../adapter';
+import { validateNavTree, extractMenu, parseSiteConfig, setMenu, type NavNode } from '../nav';
 
-/** The `platform.env` bindings the content routes read. All optional — the handlers guard. */
+/** The `platform.env` bindings the content routes read. All optional; the handlers guard. */
 export interface AdminEnv {
   GITHUB_APP_ID?: string;
   GITHUB_APP_INSTALLATION_ID?: string;
@@ -30,7 +40,7 @@ interface PlatformEvent {
  * Mint a GitHub App installation token for *reads* when the App is configured, else undefined
  * (reads then fall back to anonymous). Authenticated reads get the 5000/hr limit; anonymous
  * reads share GitHub's 60/hr-per-IP budget across Cloudflare's egress IPs, so they 403 in prod.
- * A mint failure degrades gracefully to anonymous rather than 500ing — unlike the commit path,
+ * A mint failure degrades gracefully to anonymous rather than 500ing. Unlike the commit path,
  * where a missing App is fatal, a read can still succeed unauthenticated.
  */
 async function readToken(env: AdminEnv | undefined): Promise<string | undefined> {
@@ -51,52 +61,195 @@ async function readToken(env: AdminEnv | undefined): Promise<string | undefined>
 
 // ── /admin layout ──────────────────────────────────────────────────────────
 
+/** A collection reduced to what the sidebar nav needs (no plugin graph crosses to the client). */
+export interface NavCollection {
+  type: string;
+  label: string;
+}
+
 export interface AdminLayoutData {
   user: CairnUser | null;
   siteName: string;
   pathname: string;
+  collections: NavCollection[];
+  /** Managed menus (name+label only) so the shell can show a Navigation entry. */
+  navMenus: { name: string; label: string }[];
+  /** Whether the viewer may manage navigation (gates the Navigation nav entry). */
+  canManageNav: boolean;
 }
 
 /**
- * Branding + session for every admin page. `siteName` flows from the adapter without pulling
- * its plugin graph into client bundles — the import stays server-side in the layout load.
- * `pathname` lets the shared shell highlight the active nav item without a `$app/*` import
- * (those kit virtual modules have no types outside a kit app, so they can't live in the
- * package); reading `event.url` here also opts the layout load into rerunning on navigation.
+ * Branding, session, and collection nav for every admin page. `siteName` and the collection
+ * list flow from the adapter without pulling its plugin graph into client bundles (the import
+ * stays server-side in the layout load; only `{type,label}` crosses). `pathname` lets the
+ * shared shell highlight the active nav item without a `$app/*` import (those kit virtual
+ * modules have no types outside a kit app); reading `event.url` also opts the layout load into
+ * rerunning on navigation, keeping the active class correct.
  */
 export function adminLayoutLoad(
   event: { locals: { user: CairnUser | null }; url: URL },
   adapter: CairnAdapter,
 ): AdminLayoutData {
-  return { user: event.locals.user, siteName: adapter.siteName, pathname: event.url.pathname };
+  return {
+    user: event.locals.user,
+    siteName: adapter.siteName,
+    pathname: event.url.pathname,
+    collections: adapter.collections.map(({ type, label }) => ({ type, label })),
+    navMenus: adapter.navMenu ? [{ name: adapter.navMenu.menuName, label: adapter.navMenu.label }] : [],
+    canManageNav: can(event.locals.user, 'nav:manage'),
+  };
 }
 
-// ── /admin (content list) ────────────────────────────────────────────────────
+/**
+ * The `/admin` index has no content of its own now that each collection is its own page; send
+ * the editor straight to the first collection's entries list (a Sveltia-style landing).
+ */
+export function adminIndexRedirect(adapter: CairnAdapter): never {
+  const first = adapter.collections[0];
+  if (!first) throw error(404, 'No collections configured');
+  throw redirect(307, `/admin/${first.type}`);
+}
+
+// ── /admin/[collection] (entries list) ─────────────────────────────────────
+
+/** One entry row: id (filename stem), display title, optional date, draft flag. */
+export interface CollectionEntry {
+  id: string;
+  path: string;
+  title: string;
+  date: string | null;
+  draft: boolean;
+}
 
-export interface AdminCollectionList {
+export interface CollectionListData {
   type: string;
   label: string;
-  files: RepoFile[];
+  kind: 'page' | 'story';
+  entries: CollectionEntry[];
+  /** Set when the directory listing itself failed (rate limit, network). */
   error?: string;
+  /** A create-flow error bounced back via `?error=` (an invalid or taken slug). */
+  formError: string | null;
+  /** Whether the viewer may create an entry in this collection (page-create is owner-only). */
+  canCreate: boolean;
 }
 
-/** List every collection's markdown files. A failed listing degrades to an inline error. */
-export async function adminListLoad(
-  event: PlatformEvent,
+/** Coerce a frontmatter `date` (gray-matter may parse YAML dates to `Date`) to `YYYY-MM-DD`. */
+function entryDate(value: unknown): string | null {
+  if (value instanceof Date) return value.toISOString().slice(0, 10);
+  if (typeof value === 'string') return value;
+  return null;
+}
+
+/**
+ * List one collection's entries, reading each file's frontmatter for the display title, date,
+ * and draft badge. Reads run in parallel; a single failed read degrades that row to the slug
+ * (rather than failing the page), and a failed directory listing returns an inline `error`.
+ * Collections are small here; the 1,000-entry / Git-Trees sharding concern is risk #11, deferred.
+ */
+export async function collectionListLoad(
+  event: PlatformEvent & { params: { collection: string }; url: URL; locals: { user: CairnUser | null } },
   adapter: CairnAdapter,
-): Promise<{ collections: AdminCollectionList[] }> {
+): Promise<CollectionListData> {
+  const collection = findCollection(adapter, event.params.collection);
+  if (!collection) throw error(404, 'Unknown collection');
+
+  const kind = collection.kind ?? 'story';
+  const canCreate = can(event.locals.user, kind === 'page' ? 'page:create' : 'story:create');
+  const formError = event.url.searchParams.get('error');
   const token = await readToken(event.platform?.env);
-  const collections = await Promise.all(
-    adapter.collections.map(async ({ type, label, dir }): Promise<AdminCollectionList> => {
+
+  let files: RepoFile[];
+  try {
+    files = await listMarkdown(adapter.backend, collection.dir, token);
+  } catch (err) {
+    return {
+      type: collection.type,
+      label: collection.label,
+      kind,
+      entries: [],
+      error: err instanceof Error ? err.message : 'Failed to load',
+      formError,
+      canCreate,
+    };
+  }
+
+  const entries = await Promise.all(
+    files.map(async (file): Promise<CollectionEntry> => {
+      const fallback: CollectionEntry = {
+        id: file.id,
+        path: file.path,
+        title: file.id,
+        date: null,
+        draft: false,
+      };
       try {
-        return { type, label, files: await listMarkdown(adapter.backend, dir, token) };
-      } catch (err) {
-        // A failed listing (rate limit, network) shouldn't 500 the whole admin.
-        return { type, label, files: [], error: err instanceof Error ? err.message : 'Failed to load' };
+        const raw = await readRaw(adapter.backend, file.path, token);
+        if (raw === null) return fallback;
+        const { data } = matter(raw);
+        return {
+          id: file.id,
+          path: file.path,
+          title: typeof data.title === 'string' ? data.title : file.id,
+          date: entryDate(data.date),
+          draft: data.draft === true,
+        };
+      } catch {
+        return fallback;
       }
     }),
   );
-  return { collections };
+
+  return {
+    type: collection.type,
+    label: collection.label,
+    kind,
+    entries,
+    formError,
+    canCreate,
+  };
+}
+
+// ── /admin/[collection]?/create (POST) ─────────────────────────────────────
+
+/** A safe filename stem: starts and ends with a lowercase alphanumeric, hyphens allowed within. */
+const SLUG_RE = /^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/;
+
+/**
+ * The "New entry" form action. Validates the requested slug, rejects one that already exists,
+ * then redirects into the editor in create mode (`?new=1`, where `editLoad` serves a blank
+ * document and `saveCommit`'s create path commits a new file). cairn is filename-based, so the
+ * slug is the filename stem the author types; a title-driven auto-slug is a later (Pass K) concern.
+ */
+export async function createEntry(
+  event: PlatformEvent & {
+    params: { collection: string };
+    locals: { user: CairnUser | null };
+    request: Request;
+  },
+  adapter: CairnAdapter,
+): Promise<never> {
+  const collection = findCollection(adapter, event.params.collection);
+  if (!collection) throw error(404, 'Unknown collection');
+  const kind = collection.kind ?? 'story';
+  requireCapability(event.locals.user, kind === 'page' ? 'page:create' : 'story:create');
+
+  const form = await event.request.formData();
+  const id = String(form.get('id') ?? '').trim();
+  const back = (message: string) =>
+    redirect(303, `/admin/${collection.type}?error=${encodeURIComponent(message)}`);
+
+  if (!SLUG_RE.test(id)) {
+    throw back('Enter a slug using lowercase letters, numbers, and hyphens (for example 2026-05-my-entry).');
+  }
+
+  const token = await readToken(event.platform?.env);
+  const existing = await readRaw(adapter.backend, `${collection.dir}/${id}.md`, token);
+  if (existing !== null) throw back(`An entry named "${id}" already exists.`);
+  const date = String(form.get('date') ?? '').trim();
+  const dateSuffix = kind === 'story' && date ? `&date=${encodeURIComponent(date)}` : '';
+
+  throw redirect(303, `/admin/edit/${collection.type}/${id}?new=1${dateSuffix}`);
 }
 
 // ── /admin/edit/[type]/[id] ─────────────────────────────────────────────────
@@ -105,6 +258,7 @@ export interface EditData {
   type: string;
   id: string;
   label: string;
+  kind: 'page' | 'story';
   fields: CairnField[];
   path: string;
   body: string;
@@ -112,6 +266,8 @@ export interface EditData {
   title: string;
   saved: boolean;
   error: string | null;
+  /** True when editing a not-yet-committed new entry (reached via `?new=1`). */
+  isNew: boolean;
 }
 
 export async function editLoad(
@@ -124,16 +280,27 @@ export async function editLoad(
   const token = await readToken(event.platform?.env);
   const path = `${collection.dir}/${event.params.id}.md`;
   const raw = await readRaw(adapter.backend, path, token);
-  if (raw === null) throw error(404, 'Content not found');
+  const isNew = event.url.searchParams.get('new') === '1';
 
-  // Split frontmatter from body server-side; the editor form binds to the frontmatter and
-  // the Carta editor binds to the body, and /admin/save reassembles them on commit.
-  const { data: frontmatter, content: body } = matter(raw);
+  // A missing file is a 404 normally, but in create mode (`?new=1`) it's a blank new document.
+  if (raw === null && !isNew) throw error(404, 'Content not found');
+
+  // Split frontmatter from body server-side; the editor form binds to the frontmatter and the
+  // Carta editor to the body, and /admin/save reassembles them on commit. A new document starts
+  // empty so the author fills the fields from scratch.
+  const { data: frontmatter, content: body } =
+    raw === null ? { data: {} as Record<string, unknown>, content: '' } : matter(raw);
+
+  const seedDate = event.url.searchParams.get('date');
+  if (isNew && seedDate && frontmatter.date === undefined) {
+    frontmatter.date = seedDate;
+  }
 
   return {
     type: event.params.type,
     id: event.params.id,
     label: collection.label,
+    kind: collection.kind ?? 'story',
     fields: collection.fields,
     path,
     body,
@@ -141,6 +308,7 @@ export async function editLoad(
     title: typeof frontmatter.title === 'string' ? frontmatter.title : event.params.id,
     saved: event.url.searchParams.get('saved') === '1',
     error: event.url.searchParams.get('error'),
+    isNew,
   };
 }
 
@@ -162,6 +330,7 @@ export async function saveCommit(
   const type = String(form.get('type') ?? '');
   const id = String(form.get('id') ?? '');
   const body = String(form.get('body') ?? '');
+  const newSuffix = form.get('new') === '1' ? '&new=1' : '';
   const collection = findCollection(adapter, type);
   if (!collection || !id) throw error(400, 'Bad request');
 
@@ -172,7 +341,7 @@ export async function saveCommit(
     frontmatter = collection.validate(frontmatterFromForm(collection, form), `${id}.md`);
   } catch (err) {
     const message = err instanceof Error ? err.message : 'Invalid frontmatter';
-    throw redirect(303, `/admin/edit/${type}/${id}?error=${encodeURIComponent(message)}`);
+    throw redirect(303, `/admin/edit/${type}/${id}?error=${encodeURIComponent(message)}${newSuffix}`);
   }
 
   const markdown = serializeMarkdown(frontmatter, body);
@@ -182,13 +351,162 @@ export async function saveCommit(
     privateKeyB64: env.GITHUB_APP_PRIVATE_KEY_B64,
   });
 
-  await commitFile(
-    adapter.backend,
-    `${collection.dir}/${id}.md`,
-    markdown,
-    { message: `Update ${collection.label.toLowerCase()}: ${id}`, author: { name: user.name, email: user.email } },
-    token,
-  );
+  try {
+    await commitFile(
+      adapter.backend,
+      `${collection.dir}/${id}.md`,
+      markdown,
+      { message: `Update ${collection.label.toLowerCase()}: ${id}`, author: { name: user.name, email: user.email } },
+      token,
+    );
+  } catch (err) {
+    // Concurrent-edit 409 (C3): fail safe. Bounce back with a reload prompt; the editor reloads
+    // the current version and reapplies. Any other error is unexpected, so rethrow.
+    if (err instanceof CommitConflictError) {
+      const message = 'This file changed since you opened it. Reload and reapply your edits.';
+      throw redirect(303, `/admin/edit/${type}/${id}?error=${encodeURIComponent(message)}${newSuffix}`);
+    }
+    throw err;
+  }
 
   throw redirect(303, `/admin/edit/${type}/${id}?saved=1`);
 }
+
+// ── /admin/nav (navigation tree) ───────────────────────────────────────────
+
+/** A page the picker can insert: its display label and the URL the nav item points at. */
+export interface NavPageOption {
+  label: string;
+  url: string;
+}
+
+export interface NavLoadData {
+  menu: { name: string; label: string; maxDepth: number };
+  tree: NavNode[];
+  pages: NavPageOption[];
+  saved: boolean;
+  error: string | null;
+}
+
+/** List page-collection entries for the picker (one directory listing per page collection). */
+async function navPageOptions(adapter: CairnAdapter, env: AdminEnv | undefined): Promise<NavPageOption[]> {
+  const token = await readToken(env);
+  const pageCollections = adapter.collections.filter((c) => (c.kind ?? 'story') === 'page');
+  const lists = await Promise.all(
+    pageCollections.map(async (c) => {
+      try {
+        const files = await listMarkdown(adapter.backend, c.dir, token);
+        return files.map((f): NavPageOption => ({ label: f.id, url: `/${f.id}` }));
+      } catch {
+        return [];
+      }
+    }),
+  );
+  return lists.flat();
+}
+
+export async function navLoad(
+  event: PlatformEvent & { locals: { user: CairnUser | null }; url: URL },
+  adapter: CairnAdapter,
+): Promise<NavLoadData> {
+  requireCapability(event.locals.user, 'nav:manage');
+  const config = adapter.navMenu;
+  if (!config) throw error(404, 'No navigation menu configured');
+  const maxDepth = config.maxDepth ?? 2;
+  const menu = { name: config.menuName, label: config.label, maxDepth };
+
+  // Read the menu from the committed YAML. A missing/unparsable file degrades to an empty tree so
+  // the editor still loads (a first edit then creates the menu); only the read itself is best-effort.
+  const token = await readToken(event.platform?.env);
+  let tree: NavNode[] = [];
+  try {
+    const raw = await readRaw(adapter.backend, config.configPath, token);
+    if (raw !== null) tree = extractMenu(parseSiteConfig(raw), config.menuName, maxDepth);
+  } catch (err) {
+    console.error(`cairn nav: failed to read "${config.configPath}":`, err);
+  }
+
+  return {
+    menu,
+    tree,
+    pages: await navPageOptions(adapter, event.platform?.env),
+    saved: event.url.searchParams.get('saved') === '1',
+    error: event.url.searchParams.get('error'),
+  };
+}
+
+export async function navSave(
+  event: PlatformEvent & { locals: { user: CairnUser | null }; request: Request },
+  adapter: CairnAdapter,
+): Promise<never> {
+  const user = requireCapability(event.locals.user, 'nav:manage');
+  const config = adapter.navMenu;
+  if (!config) throw error(404, 'No navigation menu configured');
+  const maxDepth = config.maxDepth ?? 2;
+
+  const env = event.platform?.env;
+  if (!env?.GITHUB_APP_ID || !env.GITHUB_APP_INSTALLATION_ID || !env.GITHUB_APP_PRIVATE_KEY_B64) {
+    throw error(500, 'GitHub App is not configured');
+  }
+
+  const form = await event.request.formData();
+  let tree: NavNode[];
+  try {
+    tree = validateNavTree(JSON.parse(String(form.get('tree') ?? '[]')), maxDepth);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : 'Invalid navigation';
+    throw redirect(303, `/admin/nav?error=${encodeURIComponent(message)}`);
+  }
+
+  const token = await installationToken({
+    appId: env.GITHUB_APP_ID,
+    installationId: env.GITHUB_APP_INSTALLATION_ID,
+    privateKeyB64: env.GITHUB_APP_PRIVATE_KEY_B64,
+  });
+
+  // Read-modify-commit: replace only this menu in the current file, preserving the rest.
+  const raw = await readRaw(adapter.backend, config.configPath, token);
+  if (raw === null) throw error(404, `Site config not found at ${config.configPath}`);
+
+  try {
+    await commitFile(
+      adapter.backend,
+      config.configPath,
+      setMenu(raw, config.menuName, tree),
+      { message: `Update ${config.label.toLowerCase()}`, author: { name: user.name, email: user.email } },
+      token,
+    );
+  } catch (err) {
+    // Concurrent-edit 409 (C3): fail safe, same as the content save path.
+    if (err instanceof CommitConflictError) {
+      const message = 'The site config changed since you opened it. Reload and reapply your edits.';
+      throw redirect(303, `/admin/nav?error=${encodeURIComponent(message)}`);
+    }
+    throw err;
+  }
+
+  throw redirect(303, '/admin/nav?saved=1');
+}
+
+// ── /admin/healthz (GET) ──────────────────────────────────────────────────────
+
+export interface HealthData {
+  ok: boolean;
+  checks: { githubAppSigning: { ok: boolean; detail?: string } };
+}
+
+/**
+ * Deploy-time health check (M2): signs a dummy App JWT to prove the GitHub App key loads and
+ * the PKCS#1→PKCS#8 conversion still works, before an editor hits it on save. Behind the
+ * `/admin` guard (signed-in editors only); returns ok/fail with no secret in the body.
+ */
+export async function healthLoad(event: PlatformEvent): Promise<HealthData> {
+  const env = event.platform?.env;
+  let githubAppSigning: { ok: boolean; detail?: string };
+  if (env?.GITHUB_APP_ID && env.GITHUB_APP_PRIVATE_KEY_B64) {
+    githubAppSigning = await signingSelfTest(env.GITHUB_APP_ID, env.GITHUB_APP_PRIVATE_KEY_B64);
+  } else {
+    githubAppSigning = { ok: false, detail: 'GitHub App not configured' };
+  }
+  return { ok: githubAppSigning.ok, checks: { githubAppSigning } };
+}

package/src/lib/utils.ts

@@ -1,11 +1,11 @@
 // cairn-core: internal encoding helpers shared across modules.
 //
-// Deliberately NOT re-exported from index.ts — these are implementation details of the
+// Deliberately NOT re-exported from index.ts. These are implementation details of the
 // auth/github crypto, not part of the public API (auth.ts signs tokens, github.ts builds
 // the App JWT; both need base64url). Keeping them here stops bytesToB64url leaking through
 // the `export *` barrel.
 
-/** Encode bytes as unpadded base64url (RFC 4648 §5) — the JWT/token wire format. */
+/** Encode bytes as unpadded base64url (RFC 4648 §5), the JWT/token wire format. */
 export function bytesToB64url(bytes: Uint8Array): string {
   const binary = Array.from(bytes, (b) => String.fromCharCode(b)).join('');
   return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');

package/dist/components/AdminList.svelte

@@ -1,33 +0,0 @@
-<script lang="ts">
-  // The /admin content list: every collection's files, linking into the editor. Data comes
-  // from `adminListLoad` (collections) merged with `adminLayoutLoad` (siteName). The shell
-  // (AdminLayout) owns the chrome — site title, signed-in identity, nav, sign out — so this
-  // page renders only the content body.
-  import type { AdminCollectionList } from '../sveltekit';
-
-  interface Props {
-    data: { collections: AdminCollectionList[] };
-  }
-  let { data }: Props = $props();
-</script>
-
-<h1 class="text-2xl font-bold">Content</h1>
-
-{#each data.collections as collection (collection.type)}
-  <section class="mt-8">
-    <h2 class="mb-3 text-lg font-semibold">{collection.label}</h2>
-    {#if collection.error}
-      <div class="alert alert-warning">Couldn't load {collection.label.toLowerCase()}: {collection.error}</div>
-    {:else if collection.files.length === 0}
-      <p class="opacity-60">No content yet.</p>
-    {:else}
-      <ul class="menu rounded-box border border-base-300 bg-base-100 p-2">
-        {#each collection.files as file (file.path)}
-          <li>
-            <a href="/admin/edit/{collection.type}/{file.id}">{file.id}</a>
-          </li>
-        {/each}
-      </ul>
-    {/if}
-  </section>
-{/each}

package/dist/components/AdminList.svelte.d.ts

@@ -1,10 +0,0 @@
-import type { AdminCollectionList } from '../sveltekit';
-interface Props {
-    data: {
-        collections: AdminCollectionList[];
-    };
-}
-declare const AdminList: import("svelte").Component<Props, {}, "">;
-type AdminList = ReturnType<typeof AdminList>;
-export default AdminList;
-//# sourceMappingURL=AdminList.svelte.d.ts.map

package/dist/components/AdminList.svelte.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"AdminList.svelte.d.ts","sourceRoot":"","sources":["../../src/lib/components/AdminList.svelte.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAGtD,UAAU,KAAK;IACb,IAAI,EAAE;QAAE,WAAW,EAAE,mBAAmB,EAAE,CAAA;KAAE,CAAC;CAC9C;AAkCH,QAAA,MAAM,SAAS,2CAAwC,CAAC;AACxD,KAAK,SAAS,GAAG,UAAU,CAAC,OAAO,SAAS,CAAC,CAAC;AAC9C,eAAe,SAAS,CAAC"}