@glw907/cairn-cms 0.5.0 → 0.6.0-rc.0

package/dist/auth/schema.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../src/lib/auth/schema.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAmBf,CAAC;AAEH,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAoBnB,CAAC;AAEF,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA4BnB,CAAC;AAEF,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgBxB,CAAC;AAEF,eAAO,MAAM,aAAa;;;EAGvB,CAAC;AAEJ,eAAO,MAAM,gBAAgB;;EAK1B,CAAC;AAEJ,eAAO,MAAM,gBAAgB;;EAK1B,CAAC"}

package/dist/auth/schema.js

@@ -1,93 +0,0 @@
-import { relations, sql } from "drizzle-orm";
-import { sqliteTable, text, integer, index } from "drizzle-orm/sqlite-core";
-export const user = sqliteTable("user", {
-    id: text("id").primaryKey(),
-    name: text("name").notNull(),
-    email: text("email").notNull().unique(),
-    emailVerified: integer("email_verified", { mode: "boolean" })
-        .default(false)
-        .notNull(),
-    image: text("image"),
-    createdAt: integer("created_at", { mode: "timestamp_ms" })
-        .default(sql `(cast(unixepoch('subsecond') * 1000 as integer))`)
-        .notNull(),
-    updatedAt: integer("updated_at", { mode: "timestamp_ms" })
-        .default(sql `(cast(unixepoch('subsecond') * 1000 as integer))`)
-        .$onUpdate(() => /* @__PURE__ */ new Date())
-        .notNull(),
-    role: text("role"),
-    banned: integer("banned", { mode: "boolean" }).default(false),
-    banReason: text("ban_reason"),
-    banExpires: integer("ban_expires", { mode: "timestamp_ms" }),
-});
-export const session = sqliteTable("session", {
-    id: text("id").primaryKey(),
-    expiresAt: integer("expires_at", { mode: "timestamp_ms" }).notNull(),
-    token: text("token").notNull().unique(),
-    createdAt: integer("created_at", { mode: "timestamp_ms" })
-        .default(sql `(cast(unixepoch('subsecond') * 1000 as integer))`)
-        .notNull(),
-    updatedAt: integer("updated_at", { mode: "timestamp_ms" })
-        .$onUpdate(() => /* @__PURE__ */ new Date())
-        .notNull(),
-    ipAddress: text("ip_address"),
-    userAgent: text("user_agent"),
-    userId: text("user_id")
-        .notNull()
-        .references(() => user.id, { onDelete: "cascade" }),
-    impersonatedBy: text("impersonated_by"),
-}, (table) => [index("session_userId_idx").on(table.userId)]);
-export const account = sqliteTable("account", {
-    id: text("id").primaryKey(),
-    accountId: text("account_id").notNull(),
-    providerId: text("provider_id").notNull(),
-    userId: text("user_id")
-        .notNull()
-        .references(() => user.id, { onDelete: "cascade" }),
-    accessToken: text("access_token"),
-    refreshToken: text("refresh_token"),
-    idToken: text("id_token"),
-    accessTokenExpiresAt: integer("access_token_expires_at", {
-        mode: "timestamp_ms",
-    }),
-    refreshTokenExpiresAt: integer("refresh_token_expires_at", {
-        mode: "timestamp_ms",
-    }),
-    scope: text("scope"),
-    password: text("password"),
-    createdAt: integer("created_at", { mode: "timestamp_ms" })
-        .default(sql `(cast(unixepoch('subsecond') * 1000 as integer))`)
-        .notNull(),
-    updatedAt: integer("updated_at", { mode: "timestamp_ms" })
-        .$onUpdate(() => /* @__PURE__ */ new Date())
-        .notNull(),
-}, (table) => [index("account_userId_idx").on(table.userId)]);
-export const verification = sqliteTable("verification", {
-    id: text("id").primaryKey(),
-    identifier: text("identifier").notNull(),
-    value: text("value").notNull(),
-    expiresAt: integer("expires_at", { mode: "timestamp_ms" }).notNull(),
-    createdAt: integer("created_at", { mode: "timestamp_ms" })
-        .default(sql `(cast(unixepoch('subsecond') * 1000 as integer))`)
-        .notNull(),
-    updatedAt: integer("updated_at", { mode: "timestamp_ms" })
-        .default(sql `(cast(unixepoch('subsecond') * 1000 as integer))`)
-        .$onUpdate(() => /* @__PURE__ */ new Date())
-        .notNull(),
-}, (table) => [index("verification_identifier_idx").on(table.identifier)]);
-export const userRelations = relations(user, ({ many }) => ({
-    sessions: many(session),
-    accounts: many(account),
-}));
-export const sessionRelations = relations(session, ({ one }) => ({
-    user: one(user, {
-        fields: [session.userId],
-        references: [user.id],
-    }),
-}));
-export const accountRelations = relations(account, ({ one }) => ({
-    user: one(user, {
-        fields: [account.userId],
-        references: [user.id],
-    }),
-}));

package/dist/carta.d.ts

@@ -1,39 +0,0 @@
-import type { Pluggable, Processor } from 'unified';
-export interface PreviewPlugins {
-    /** remark plugins, injected after gfm and before remark-rehype. */
-    remarkPlugins: Pluggable[];
-    /** rehype plugins, injected after remark-rehype. */
-    rehypePlugins: Pluggable[];
-}
-interface PreviewTransformer {
-    execution: 'sync';
-    type: 'remark' | 'rehype';
-    transform: (ctx: {
-        processor: Processor;
-    }) => void;
-}
-/**
- * Map the site's plugin set to Carta sync transformers, remark phase before rehype.
- * Carta's processor is remarkParse → gfm → [remark] → remark-rehype → [rehype] → stringify,
- * so this ordering reproduces render.ts exactly. Pure (no Carta) so it is unit-testable.
- */
-export declare function previewTransformers({ remarkPlugins, rehypePlugins }: PreviewPlugins): PreviewTransformer[];
-/** Minimal Options subset we populate (avoids importing carta-md, which re-exports Svelte components). */
-interface PreviewCartaOptions {
-    sanitizer: false;
-    rehypeOptions: {
-        allowDangerousHtml: boolean;
-    };
-    extensions: Array<{
-        transformers: PreviewTransformer[];
-    }>;
-}
-/**
- * Carta options for a render-only preview: site plugins wired in, raw HTML allowed, no
- * sanitizer. Authors are trusted and the directive pipeline emits intentional raw HTML
- * (render.ts uses allowDangerousHtml + rehype-raw); sanitizing here would strip EC
- * primitives. The Svelte component passes this to `new Carta(...)`.
- */
-export declare function previewCartaOptions(plugins: PreviewPlugins): PreviewCartaOptions;
-export {};
-//# sourceMappingURL=carta.d.ts.map

package/dist/carta.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"carta.d.ts","sourceRoot":"","sources":["../src/lib/carta.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAEpD,MAAM,WAAW,cAAc;IAC7B,mEAAmE;IACnE,aAAa,EAAE,SAAS,EAAE,CAAC;IAC3B,oDAAoD;IACpD,aAAa,EAAE,SAAS,EAAE,CAAC;CAC5B;AAED,UAAU,kBAAkB;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,QAAQ,GAAG,QAAQ,CAAC;IAC1B,SAAS,EAAE,CAAC,GAAG,EAAE;QAAE,SAAS,EAAE,SAAS,CAAA;KAAE,KAAK,IAAI,CAAC;CACpD;AAYD;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,EAAE,aAAa,EAAE,aAAa,EAAE,EAAE,cAAc,GAAG,kBAAkB,EAAE,CAE1G;AAED,0GAA0G;AAC1G,UAAU,mBAAmB;IAC3B,SAAS,EAAE,KAAK,CAAC;IACjB,aAAa,EAAE;QAAE,kBAAkB,EAAE,OAAO,CAAA;KAAE,CAAC;IAC/C,UAAU,EAAE,KAAK,CAAC;QAAE,YAAY,EAAE,kBAAkB,EAAE,CAAA;KAAE,CAAC,CAAC;CAC3D;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,cAAc,GAAG,mBAAmB,CAMhF"}

package/dist/carta.js

@@ -1,30 +0,0 @@
-function phase(plugins, type) {
-    return plugins.map((plugin) => ({
-        execution: 'sync',
-        type,
-        transform: ({ processor }) => {
-            processor.use([plugin]);
-        },
-    }));
-}
-/**
- * Map the site's plugin set to Carta sync transformers, remark phase before rehype.
- * Carta's processor is remarkParse → gfm → [remark] → remark-rehype → [rehype] → stringify,
- * so this ordering reproduces render.ts exactly. Pure (no Carta) so it is unit-testable.
- */
-export function previewTransformers({ remarkPlugins, rehypePlugins }) {
-    return [...phase(remarkPlugins, 'remark'), ...phase(rehypePlugins, 'rehype')];
-}
-/**
- * Carta options for a render-only preview: site plugins wired in, raw HTML allowed, no
- * sanitizer. Authors are trusted and the directive pipeline emits intentional raw HTML
- * (render.ts uses allowDangerousHtml + rehype-raw); sanitizing here would strip EC
- * primitives. The Svelte component passes this to `new Carta(...)`.
- */
-export function previewCartaOptions(plugins) {
-    return {
-        sanitizer: false,
-        rehypeOptions: { allowDangerousHtml: true },
-        extensions: [{ transformers: previewTransformers(plugins) }],
-    };
-}

package/dist/components/AdminList.svelte

@@ -1,33 +0,0 @@
-<script lang="ts">
-  // The /admin content list: every collection's files, linking into the editor. Data comes
-  // from `adminListLoad` (collections) merged with `adminLayoutLoad` (siteName). The shell
-  // (AdminLayout) owns the chrome (site title, signed-in identity, nav, sign out), so this
-  // page renders only the content body.
-  import type { AdminCollectionList } from '../sveltekit';
-
-  interface Props {
-    data: { collections: AdminCollectionList[] };
-  }
-  let { data }: Props = $props();
-</script>
-
-<h1 class="text-2xl font-bold">Content</h1>
-
-{#each data.collections as collection (collection.type)}
-  <section class="mt-8">
-    <h2 class="mb-3 text-lg font-semibold">{collection.label}</h2>
-    {#if collection.error}
-      <div class="alert alert-warning">Couldn't load {collection.label.toLowerCase()}: {collection.error}</div>
-    {:else if collection.files.length === 0}
-      <p class="opacity-60">No content yet.</p>
-    {:else}
-      <ul class="menu rounded-box border border-base-300 bg-base-100 p-2">
-        {#each collection.files as file (file.path)}
-          <li>
-            <a href="/admin/edit/{collection.type}/{file.id}">{file.id}</a>
-          </li>
-        {/each}
-      </ul>
-    {/if}
-  </section>
-{/each}

package/dist/components/AdminList.svelte.d.ts

@@ -1,10 +0,0 @@
-import type { AdminCollectionList } from '../sveltekit';
-interface Props {
-    data: {
-        collections: AdminCollectionList[];
-    };
-}
-declare const AdminList: import("svelte").Component<Props, {}, "">;
-type AdminList = ReturnType<typeof AdminList>;
-export default AdminList;
-//# sourceMappingURL=AdminList.svelte.d.ts.map

package/dist/components/AdminList.svelte.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"AdminList.svelte.d.ts","sourceRoot":"","sources":["../../src/lib/components/AdminList.svelte.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAGtD,UAAU,KAAK;IACb,IAAI,EAAE;QAAE,WAAW,EAAE,mBAAmB,EAAE,CAAA;KAAE,CAAC;CAC9C;AAkCH,QAAA,MAAM,SAAS,2CAAwC,CAAC;AACxD,KAAK,SAAS,GAAG,UAAU,CAAC,OAAO,SAAS,CAAC,CAAC;AAC9C,eAAe,SAAS,CAAC"}

package/dist/components/ManageAdmins.svelte

@@ -1,84 +0,0 @@
-<script lang="ts">
-  // Owner-gated editor management: list the allowlist, change roles, remove editors, add new
-  // ones. Reuses the same neutral DaisyUI chrome as the rest of the admin (panels, alerts,
-  // table, buttons). Data comes from `adminsLoad` merged with `adminLayoutLoad` (siteName);
-  // mutations post to the page's named form actions (`?/add`, `?/remove`, `?/setRole`).
-  import type { AdminsData } from '../auth';
-
-  interface Props {
-    data: AdminsData & { siteName: string };
-  }
-  let { data }: Props = $props();
-</script>
-
-<svelte:head>
-  <title>Editors · {data.siteName} CMS</title>
-</svelte:head>
-
-<div>
-  <h1 class="text-2xl font-bold">Editors</h1>
-  <p class="text-sm opacity-60">Who can sign in to {data.siteName} CMS.</p>
-</div>
-
-{#if data.saved}
-  <div class="alert alert-success mt-6"><span>Allowlist updated.</span></div>
-{:else if data.error}
-  <div class="alert alert-error mt-6"><span>{data.error}</span></div>
-{/if}
-
-<div class="mt-6 overflow-x-auto rounded-box border border-base-300 bg-base-100">
-  <table class="table">
-    <thead>
-      <tr><th>Name</th><th>Email</th><th>Role</th><th class="text-right">Actions</th></tr>
-    </thead>
-    <tbody>
-      {#each data.admins as admin (admin.email)}
-        {@const isSelf = admin.email === data.self}
-        <tr>
-          <td class="font-medium">{admin.name}</td>
-          <td class="opacity-70">{admin.email}{#if isSelf}<span class="ml-1 opacity-50">(you)</span>{/if}</td>
-          <td>
-            <span class="badge {admin.role === 'owner' ? 'badge-primary' : 'badge-ghost'}">{admin.role}</span>
-          </td>
-          <td>
-            <div class="flex justify-end gap-2">
-              <!-- Flip role. Disabled for yourself so you can't demote the last owner out. -->
-              <form method="POST" action="?/setRole">
-                <input type="hidden" name="email" value={admin.email} />
-                <input type="hidden" name="role" value={admin.role === 'owner' ? 'editor' : 'owner'} />
-                <button type="submit" class="btn btn-ghost btn-xs" disabled={isSelf}>
-                  Make {admin.role === 'owner' ? 'editor' : 'owner'}
-                </button>
-              </form>
-              <form method="POST" action="?/remove">
-                <input type="hidden" name="email" value={admin.email} />
-                <button type="submit" class="btn btn-ghost btn-xs text-error" disabled={isSelf}>Remove</button>
-              </form>
-            </div>
-          </td>
-        </tr>
-      {/each}
-    </tbody>
-  </table>
-</div>
-
-<form method="POST" action="?/add"
-  class="mt-8 grid gap-4 rounded-box border border-base-300 bg-base-100 p-6 sm:grid-cols-[1fr_1fr_auto_auto] sm:items-end">
-  <label class="flex flex-col gap-1">
-    <span class="text-sm font-medium">Email</span>
-    <input type="email" name="email" required autocomplete="off" placeholder="you@example.com"
-      class="input w-full" />
-  </label>
-  <label class="flex flex-col gap-1">
-    <span class="text-sm font-medium">Name</span>
-    <input type="text" name="name" required placeholder="Display name" class="input w-full" />
-  </label>
-  <label class="flex flex-col gap-1">
-    <span class="text-sm font-medium">Role</span>
-    <select name="role" class="select">
-      <option value="editor">editor</option>
-      <option value="owner">owner</option>
-    </select>
-  </label>
-  <button type="submit" class="btn btn-primary">Add editor</button>
-</form>

package/dist/components/ManageAdmins.svelte.d.ts

@@ -1,10 +0,0 @@
-import type { AdminsData } from '../auth';
-interface Props {
-    data: AdminsData & {
-        siteName: string;
-    };
-}
-declare const ManageAdmins: import("svelte").Component<Props, {}, "">;
-type ManageAdmins = ReturnType<typeof ManageAdmins>;
-export default ManageAdmins;
-//# sourceMappingURL=ManageAdmins.svelte.d.ts.map

package/dist/components/ManageAdmins.svelte.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"ManageAdmins.svelte.d.ts","sourceRoot":"","sources":["../../src/lib/components/ManageAdmins.svelte.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAGxC,UAAU,KAAK;IACb,IAAI,EAAE,UAAU,GAAG;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;CACzC;AAmFH,QAAA,MAAM,YAAY,2CAAwC,CAAC;AAC3D,KAAK,YAAY,GAAG,UAAU,CAAC,OAAO,YAAY,CAAC,CAAC;AACpD,eAAe,YAAY,CAAC"}

package/dist/content.d.ts

@@ -1,3 +0,0 @@
-/** Serialize frontmatter data + markdown body back into a file string. */
-export declare function serializeMarkdown(frontmatter: object, body: string): string;
-//# sourceMappingURL=content.d.ts.map

package/dist/content.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"content.d.ts","sourceRoot":"","sources":["../src/lib/content.ts"],"names":[],"mappings":"AAOA,0EAA0E;AAC1E,wBAAgB,iBAAiB,CAAC,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAE3E"}

package/dist/content.js

@@ -1,10 +0,0 @@
-// cairn-core: reassemble a markdown file from frontmatter + body for committing.
-//
-// The inverse of the gray-matter parse the edit loader does on read. Kept as its own seam
-// so a site adapter can own the on-disk serialization contract (quoting, key order)
-// without the save endpoint reaching for gray-matter directly.
-import matter from 'gray-matter';
-/** Serialize frontmatter data + markdown body back into a file string. */
-export function serializeMarkdown(frontmatter, body) {
-    return matter.stringify(body, frontmatter);
-}

package/dist/github.d.ts

@@ -1,72 +0,0 @@
-export interface RepoRef {
-    owner: string;
-    repo: string;
-    branch: string;
-}
-/** A markdown file in a collection directory. `id` is the slug (filename without `.md`). */
-export interface RepoFile {
-    id: string;
-    name: string;
-    path: string;
-}
-/** Build the contents-API URL for a repo path, pinned to the configured branch. */
-export declare function contentsUrl(repo: RepoRef, path: string): string;
-interface ContentsEntry {
-    name: string;
-    path: string;
-    type: string;
-}
-/** Keep only markdown files from a contents-API directory listing, newest id first. */
-export declare function markdownFiles(entries: ContentsEntry[]): RepoFile[];
-/** List the markdown files in a collection directory. */
-export declare function listMarkdown(repo: RepoRef, dir: string, token?: string): Promise<RepoFile[]>;
-/** Fetch a file's raw markdown, or null if it does not exist. */
-export declare function readRaw(repo: RepoRef, path: string, token?: string): Promise<string | null>;
-/** Mint a GitHub App JWT (RS256), valid ~9 min, with `iat` backdated for clock skew. */
-export declare function appJwt(appId: string, privateKeyPem: string): Promise<string>;
-export interface AppCredentials {
-    appId: string;
-    installationId: string;
-    /** The stored GITHUB_APP_PRIVATE_KEY_B64: base64 of the PEM, single line. */
-    privateKeyB64: string;
-}
-/** Exchange the App JWT for a short-lived installation access token. */
-export declare function installationToken(creds: AppCredentials): Promise<string>;
-/** The current blob sha for a path, or null if the file does not yet exist. */
-export declare function fileSha(repo: RepoRef, path: string, token: string): Promise<string | null>;
-export interface CommitAuthor {
-    name: string;
-    email: string;
-}
-/**
- * A concurrent edit lost the SHA race (C3): the file changed between the read and the PUT,
- * from another editor or the site's own CI. Thrown so callers can fail safe (re-fetch and ask
- * the editor to reapply) instead of surfacing a raw 409. Defined and caught inside the package
- * so `instanceof` is reliable (no peer-boundary identity split, unlike kit's `redirect`/`error`).
- */
-export declare class CommitConflictError extends Error {
-    readonly path: string;
-    constructor(path: string);
-}
-/**
- * Commit `content` to `path` on the configured branch via the contents API. Author is the
- * editor; committer is omitted so GitHub attributes it to the App (cairn-cms[bot]). Updates
- * the file in place when it exists (passing its sha), creates it otherwise. Returns the
- * commit sha. A stale-sha 409 (someone committed in between) becomes a `CommitConflictError`.
- */
-export declare function commitFile(repo: RepoRef, path: string, content: string, opts: {
-    message: string;
-    author: CommitAuthor;
-}, token: string): Promise<string>;
-/**
- * Deploy-time self-test for the GitHub App signer (M2): sign a dummy JWT with the configured
- * private key. Exercises the brittle PKCS#1→PKCS#8 conversion + Web Crypto import/sign without
- * any network call or secret in the result, so `/admin/healthz` catches a bad/rotated key
- * before an editor's save fails. Returns `{ ok: false, detail }` rather than throwing.
- */
-export declare function signingSelfTest(appId: string, privateKeyB64: string): Promise<{
-    ok: boolean;
-    detail?: string;
-}>;
-export {};
-//# sourceMappingURL=github.d.ts.map

package/dist/github.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../src/lib/github.ts"],"names":[],"mappings":"AAWA,MAAM,WAAW,OAAO;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,4FAA4F;AAC5F,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAcD,mFAAmF;AACnF,wBAAgB,WAAW,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAG/D;AAED,UAAU,aAAa;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAED,uFAAuF;AACvF,wBAAgB,aAAa,CAAC,OAAO,EAAE,aAAa,EAAE,GAAG,QAAQ,EAAE,CAKlE;AAED,yDAAyD;AACzD,wBAAsB,YAAY,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC,CAIlG;AAED,iEAAiE;AACjE,wBAAsB,OAAO,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAKjG;AAqCD,wFAAwF;AACxF,wBAAsB,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAclF;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,MAAM,CAAC;IACvB,6EAA6E;IAC7E,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,wEAAwE;AACxE,wBAAsB,iBAAiB,CAAC,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,CAQ9E;AAOD,+EAA+E;AAC/E,wBAAsB,OAAO,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAKhG;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;;;;GAKG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;aAChB,IAAI,EAAE,MAAM;gBAAZ,IAAI,EAAE,MAAM;CAIzC;AAED;;;;;GAKG;AACH,wBAAsB,UAAU,CAC9B,IAAI,EAAE,OAAO,EACb,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,IAAI,EAAE;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,YAAY,CAAA;CAAE,EAC/C,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,MAAM,CAAC,CAmBjB;AAED;;;;;GAKG;AACH,wBAAsB,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAQrH"}

package/dist/github.js

@@ -1,171 +0,0 @@
-// cairn-core: read and write repository content through the GitHub API.
-//
-// Reads (Pass B) list a collection directory and fetch a file's raw markdown; the token
-// is optional because ecnordic's repo is public. Writes (Pass C) mint a short-lived
-// GitHub App installation token (App JWT, RS256 signed with Web Crypto, no octokit
-// dependency) and commit through the contents API with author = editor, committer = the
-// App (cairn-cms[bot]). The same token also lifts reads to the authenticated rate limit
-// and unlocks private repos (e.g. 907-life).
-import { bytesToB64url } from './utils';
-const API = 'https://api.github.com';
-function ghHeaders(accept, token) {
-    const headers = {
-        Accept: accept,
-        'User-Agent': 'cairn-cms',
-        'X-GitHub-Api-Version': '2022-11-28',
-    };
-    if (token)
-        headers.Authorization = `Bearer ${token}`;
-    return headers;
-}
-/** Build the contents-API URL for a repo path, pinned to the configured branch. */
-export function contentsUrl(repo, path) {
-    const clean = path.replace(/^\/+|\/+$/g, '');
-    return `${API}/repos/${repo.owner}/${repo.repo}/contents/${clean}?ref=${encodeURIComponent(repo.branch)}`;
-}
-/** Keep only markdown files from a contents-API directory listing, newest id first. */
-export function markdownFiles(entries) {
-    return entries
-        .filter((entry) => entry.type === 'file' && entry.name.endsWith('.md'))
-        .map((entry) => ({ id: entry.name.replace(/\.md$/, ''), name: entry.name, path: entry.path }))
-        .sort((a, b) => b.id.localeCompare(a.id));
-}
-/** List the markdown files in a collection directory. */
-export async function listMarkdown(repo, dir, token) {
-    const res = await fetch(contentsUrl(repo, dir), { headers: ghHeaders('application/vnd.github+json', token) });
-    if (!res.ok)
-        throw new Error(`GitHub list ${dir} failed: ${res.status}`);
-    return markdownFiles((await res.json()));
-}
-/** Fetch a file's raw markdown, or null if it does not exist. */
-export async function readRaw(repo, path, token) {
-    const res = await fetch(contentsUrl(repo, path), { headers: ghHeaders('application/vnd.github.raw', token) });
-    if (res.status === 404)
-        return null;
-    if (!res.ok)
-        throw new Error(`GitHub read ${path} failed: ${res.status}`);
-    return res.text();
-}
-// --- Write path: GitHub App auth + commit (Pass C) -------------------------------------
-const encoder = new TextEncoder();
-// TextEncoder/atob produce Uint8Arrays whose generic buffer type no longer satisfies
-// Web Crypto's BufferSource under strict lib types; hand the underlying ArrayBuffer over.
-function buf(bytes) {
-    return bytes.buffer.slice(bytes.byteOffset, bytes.byteOffset + bytes.byteLength);
-}
-/** DER length octets for a value of `n` bytes (short form < 128, else long form). */
-function derLength(n) {
-    if (n < 0x80)
-        return [n];
-    const out = [];
-    for (let v = n; v > 0; v >>= 8)
-        out.unshift(v & 0xff);
-    return [0x80 | out.length, ...out];
-}
-// AlgorithmIdentifier for rsaEncryption (OID 1.2.840.113549.1.1.1) with NULL parameters.
-const RSA_ALG_ID = [0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00];
-/** Wrap a PKCS#1 RSAPrivateKey (DER) as PKCS#8 (the only RSA form Web Crypto importKey takes). */
-function pkcs1ToPkcs8(pkcs1) {
-    const octet = [0x04, ...derLength(pkcs1.length), ...pkcs1];
-    const body = [0x02, 0x01, 0x00, ...RSA_ALG_ID, ...octet];
-    return Uint8Array.from([0x30, ...derLength(body.length), ...body]);
-}
-/** Decode a PEM private key to PKCS#8 DER, converting from PKCS#1 (GitHub's format) if needed. */
-function pemToPkcs8(pem) {
-    const b64 = pem.replace(/-----[^-]+-----/g, '').replace(/\s+/g, '');
-    const der = Uint8Array.from(atob(b64), (c) => c.charCodeAt(0));
-    return pem.includes('RSA PRIVATE KEY') ? pkcs1ToPkcs8(der) : der;
-}
-/** Mint a GitHub App JWT (RS256), valid ~9 min, with `iat` backdated for clock skew. */
-export async function appJwt(appId, privateKeyPem) {
-    const now = Math.floor(Date.now() / 1000);
-    const header = bytesToB64url(encoder.encode(JSON.stringify({ alg: 'RS256', typ: 'JWT' })));
-    const payload = bytesToB64url(encoder.encode(JSON.stringify({ iat: now - 60, exp: now + 540, iss: appId })));
-    const signingInput = `${header}.${payload}`;
-    const key = await crypto.subtle.importKey('pkcs8', buf(pemToPkcs8(privateKeyPem)), { name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-256' }, false, ['sign']);
-    const sig = await crypto.subtle.sign('RSASSA-PKCS1-v1_5', key, buf(encoder.encode(signingInput)));
-    return `${signingInput}.${bytesToB64url(new Uint8Array(sig))}`;
-}
-/** Exchange the App JWT for a short-lived installation access token. */
-export async function installationToken(creds) {
-    const jwt = await appJwt(creds.appId, atob(creds.privateKeyB64));
-    const res = await fetch(`${API}/app/installations/${creds.installationId}/access_tokens`, {
-        method: 'POST',
-        headers: ghHeaders('application/vnd.github+json', jwt),
-    });
-    if (!res.ok)
-        throw new Error(`GitHub installation token failed: ${res.status}`);
-    return (await res.json()).token;
-}
-/** Standard (padded) base64 of UTF-8 text, as the contents API expects. */
-function toBase64(text) {
-    return btoa(Array.from(encoder.encode(text), (b) => String.fromCharCode(b)).join(''));
-}
-/** The current blob sha for a path, or null if the file does not yet exist. */
-export async function fileSha(repo, path, token) {
-    const res = await fetch(contentsUrl(repo, path), { headers: ghHeaders('application/vnd.github+json', token) });
-    if (res.status === 404)
-        return null;
-    if (!res.ok)
-        throw new Error(`GitHub stat ${path} failed: ${res.status}`);
-    return (await res.json()).sha;
-}
-/**
- * A concurrent edit lost the SHA race (C3): the file changed between the read and the PUT,
- * from another editor or the site's own CI. Thrown so callers can fail safe (re-fetch and ask
- * the editor to reapply) instead of surfacing a raw 409. Defined and caught inside the package
- * so `instanceof` is reliable (no peer-boundary identity split, unlike kit's `redirect`/`error`).
- */
-export class CommitConflictError extends Error {
-    path;
-    constructor(path) {
-        super(`Commit conflict on ${path}: it changed since it was opened`);
-        this.path = path;
-        this.name = 'CommitConflictError';
-    }
-}
-/**
- * Commit `content` to `path` on the configured branch via the contents API. Author is the
- * editor; committer is omitted so GitHub attributes it to the App (cairn-cms[bot]). Updates
- * the file in place when it exists (passing its sha), creates it otherwise. Returns the
- * commit sha. A stale-sha 409 (someone committed in between) becomes a `CommitConflictError`.
- */
-export async function commitFile(repo, path, content, opts, token) {
-    const sha = await fileSha(repo, path, token);
-    const url = `${API}/repos/${repo.owner}/${repo.repo}/contents/${path.replace(/^\/+|\/+$/g, '')}`;
-    const res = await fetch(url, {
-        method: 'PUT',
-        headers: { ...ghHeaders('application/vnd.github+json', token), 'Content-Type': 'application/json' },
-        body: JSON.stringify({
-            message: opts.message,
-            content: toBase64(content),
-            branch: repo.branch,
-            author: opts.author,
-            ...(sha ? { sha } : {}),
-        }),
-    });
-    // 409 = the blob sha we read is no longer current. Fail safe: the caller re-fetches and the
-    // editor reapplies. (Full three-way merge stays out of scope; see ARCHITECTURE §5.)
-    if (res.status === 409)
-        throw new CommitConflictError(path);
-    if (!res.ok)
-        throw new Error(`GitHub commit ${path} failed: ${res.status} ${await res.text()}`);
-    return (await res.json()).commit.sha;
-}
-/**
- * Deploy-time self-test for the GitHub App signer (M2): sign a dummy JWT with the configured
- * private key. Exercises the brittle PKCS#1→PKCS#8 conversion + Web Crypto import/sign without
- * any network call or secret in the result, so `/admin/healthz` catches a bad/rotated key
- * before an editor's save fails. Returns `{ ok: false, detail }` rather than throwing.
- */
-export async function signingSelfTest(appId, privateKeyB64) {
-    try {
-        const jwt = await appJwt(appId, atob(privateKeyB64));
-        if (jwt.split('.').length !== 3)
-            return { ok: false, detail: 'malformed JWT' };
-        return { ok: true };
-    }
-    catch (err) {
-        return { ok: false, detail: err instanceof Error ? err.message : 'sign failed' };
-    }
-}

package/dist/utils.d.ts

@@ -1,3 +0,0 @@
-/** Encode bytes as unpadded base64url (RFC 4648 §5), the JWT/token wire format. */
-export declare function bytesToB64url(bytes: Uint8Array): string;
-//# sourceMappingURL=utils.d.ts.map

package/dist/utils.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/lib/utils.ts"],"names":[],"mappings":"AAOA,mFAAmF;AACnF,wBAAgB,aAAa,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAGvD"}

package/dist/utils.js

@@ -1,11 +0,0 @@
-// cairn-core: internal encoding helpers shared across modules.
-//
-// Deliberately NOT re-exported from index.ts. These are implementation details of the
-// auth/github crypto, not part of the public API (auth.ts signs tokens, github.ts builds
-// the App JWT; both need base64url). Keeping them here stops bytesToB64url leaking through
-// the `export *` barrel.
-/** Encode bytes as unpadded base64url (RFC 4648 §5), the JWT/token wire format. */
-export function bytesToB64url(bytes) {
-    const binary = Array.from(bytes, (b) => String.fromCharCode(b)).join('');
-    return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
-}