@glw907/cairn-cms 0.5.0 → 0.6.0-rc.0

package/dist/sveltekit/index.d.ts

@@ -1,84 +1,10 @@
-import type { CairnUser } from '../auth/guard';
-import { type RepoFile } from '../github';
-import { type CairnAdapter, type CairnField } from '../adapter';
-/** The `platform.env` bindings the content routes read. All optional; the handlers guard. */
-export interface AdminEnv {
-    GITHUB_APP_ID?: string;
-    GITHUB_APP_INSTALLATION_ID?: string;
-    GITHUB_APP_PRIVATE_KEY_B64?: string;
-}
-interface PlatformEvent {
-    platform?: {
-        env?: AdminEnv;
-    };
-}
-export interface AdminLayoutData {
-    user: CairnUser | null;
-    siteName: string;
-    pathname: string;
-}
-/**
- * Branding + session for every admin page. `siteName` flows from the adapter without pulling
- * its plugin graph into client bundles; the import stays server-side in the layout load.
- * `pathname` lets the shared shell highlight the active nav item without a `$app/*` import
- * (those kit virtual modules have no types outside a kit app, so they can't live in the
- * package); reading `event.url` here also opts the layout load into rerunning on navigation.
- */
-export declare function adminLayoutLoad(event: {
-    locals: {
-        user: CairnUser | null;
-    };
-    url: URL;
-}, adapter: CairnAdapter): AdminLayoutData;
-export interface AdminCollectionList {
-    type: string;
-    label: string;
-    files: RepoFile[];
-    error?: string;
-}
-/** List every collection's markdown files. A failed listing degrades to an inline error. */
-export declare function adminListLoad(event: PlatformEvent, adapter: CairnAdapter): Promise<{
-    collections: AdminCollectionList[];
-}>;
-export interface EditData {
-    type: string;
-    id: string;
-    label: string;
-    fields: CairnField[];
-    path: string;
-    body: string;
-    frontmatter: Record<string, unknown>;
-    title: string;
-    saved: boolean;
-    error: string | null;
-}
-export declare function editLoad(event: PlatformEvent & {
-    params: {
-        type: string;
-        id: string;
-    };
-    url: URL;
-}, adapter: CairnAdapter): Promise<EditData>;
-export declare function saveCommit(event: PlatformEvent & {
-    request: Request;
-    locals: {
-        user: CairnUser | null;
-    };
-}, adapter: CairnAdapter): Promise<never>;
-export interface HealthData {
-    ok: boolean;
-    checks: {
-        githubAppSigning: {
-            ok: boolean;
-            detail?: string;
-        };
-    };
-}
-/**
- * Deploy-time health check (M2): signs a dummy App JWT to prove the GitHub App key loads and
- * the PKCS#1→PKCS#8 conversion still works, before an editor hits it on save. Behind the
- * `/admin` guard (signed-in editors only); returns ok/fail with no secret in the body.
- */
-export declare function healthLoad(event: PlatformEvent): Promise<HealthData>;
-export {};
+export { createAuthGuard, requireSession, requireOwner } from './guard.js';
+export { createAuthRoutes, type AuthRoutesConfig } from './auth-routes.js';
+export { createEditorRoutes } from './editors-routes.js';
+export { createContentRoutes } from './content-routes.js';
+export type { NavConcept, LayoutData, EntrySummary, ListData, EditData, ContentEvent, ContentRoutesDeps, } from './content-routes.js';
+export { createNavRoutes } from './nav-routes.js';
+export type { NavLoadData, NavPageOption, NavRoutesDeps } from './nav-routes.js';
+export { healthLoad, type HealthData } from './health.js';
+export type { RequestContext, CookieJar, HandleInput } from './types.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/sveltekit/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/lib/sveltekit/index.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAOL,KAAK,QAAQ,EACd,MAAM,WAAW,CAAC;AAEnB,OAAO,EAAuC,KAAK,YAAY,EAAE,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAErG,6FAA6F;AAC7F,MAAM,WAAW,QAAQ;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,0BAA0B,CAAC,EAAE,MAAM,CAAC;CACrC;AAED,UAAU,aAAa;IACrB,QAAQ,CAAC,EAAE;QAAE,GAAG,CAAC,EAAE,QAAQ,CAAA;KAAE,CAAC;CAC/B;AA2BD,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,SAAS,GAAG,IAAI,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAC7B,KAAK,EAAE;IAAE,MAAM,EAAE;QAAE,IAAI,EAAE,SAAS,GAAG,IAAI,CAAA;KAAE,CAAC;IAAC,GAAG,EAAE,GAAG,CAAA;CAAE,EACvD,OAAO,EAAE,YAAY,GACpB,eAAe,CAEjB;AAID,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,QAAQ,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,4FAA4F;AAC5F,wBAAsB,aAAa,CACjC,KAAK,EAAE,aAAa,EACpB,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC;IAAE,WAAW,EAAE,mBAAmB,EAAE,CAAA;CAAE,CAAC,CAajD;AAID,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,UAAU,EAAE,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED,wBAAsB,QAAQ,CAC5B,KAAK,EAAE,aAAa,GAAG;IAAE,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IAAC,GAAG,EAAE,GAAG,CAAA;CAAE,EACzE,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,QAAQ,CAAC,CAyBnB;AAID,wBAAsB,UAAU,CAC9B,KAAK,EAAE,aAAa,GAAG;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE;QAAE,IAAI,EAAE,SAAS,GAAG,IAAI,CAAA;KAAE,CAAA;CAAE,EAC/E,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,KAAK,CAAC,CAoDhB;AAID,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,OAAO,CAAC;IACZ,MAAM,EAAE;QAAE,gBAAgB,EAAE;YAAE,EAAE,EAAE,OAAO,CAAC;YAAC,MAAM,CAAC,EAAE,MAAM,CAAA;SAAE,CAAA;KAAE,CAAC;CAChE;AAED;;;;GAIG;AACH,wBAAsB,UAAU,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,CAS1E"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/lib/sveltekit/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC3E,OAAO,EAAE,gBAAgB,EAAE,KAAK,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,YAAY,EACV,UAAU,EACV,UAAU,EACV,YAAY,EACZ,QAAQ,EACR,QAAQ,EACR,YAAY,EACZ,iBAAiB,GAClB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AACjF,OAAO,EAAE,UAAU,EAAE,KAAK,UAAU,EAAE,MAAM,aAAa,CAAC;AAC1D,YAAY,EAAE,cAAc,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC"}

package/dist/sveltekit/index.js

@@ -1,149 +1,8 @@
-// cairn-core: the SvelteKit content-route server logic, extracted so each site's `admin/**`
-// route files are thin shims (`export const load = (event) => editLoad(event, cairn)`).
-//
-// SvelteKit's filesystem routing requires the route *files* to live in each site's
-// `src/routes/`, but their bodies are identical across sites. Only the adapter differs.
-// These functions take the SvelteKit event (typed structurally, to avoid depending on the
-// site-generated `App.*` ambient types) plus the site `CairnAdapter`, and throw
-// `redirect`/`error` from `@sveltejs/kit` (a peer dependency, so the thrown objects share
-// class identity with the host's runtime; otherwise the redirect 500s). Auth/session/manage-editors
-// logic lives under `@glw907/cairn-cms/auth`; this module is content-only (list/edit/save).
-import { redirect, error } from '@sveltejs/kit';
-import matter from 'gray-matter';
-import { listMarkdown, readRaw, commitFile, installationToken, signingSelfTest, CommitConflictError, } from '../github';
-import { serializeMarkdown } from '../content';
-import { findCollection, frontmatterFromForm } from '../adapter';
-/**
- * Mint a GitHub App installation token for *reads* when the App is configured, else undefined
- * (reads then fall back to anonymous). Authenticated reads get the 5000/hr limit; anonymous
- * reads share GitHub's 60/hr-per-IP budget across Cloudflare's egress IPs, so they 403 in prod.
- * A mint failure degrades gracefully to anonymous rather than 500ing. Unlike the commit path,
- * where a missing App is fatal, a read can still succeed unauthenticated.
- */
-async function readToken(env) {
-    if (!env?.GITHUB_APP_ID || !env.GITHUB_APP_INSTALLATION_ID || !env.GITHUB_APP_PRIVATE_KEY_B64) {
-        return undefined;
-    }
-    try {
-        return await installationToken({
-            appId: env.GITHUB_APP_ID,
-            installationId: env.GITHUB_APP_INSTALLATION_ID,
-            privateKeyB64: env.GITHUB_APP_PRIVATE_KEY_B64,
-        });
-    }
-    catch (err) {
-        console.error('read token mint failed; falling back to anonymous read:', err);
-        return undefined;
-    }
-}
-/**
- * Branding + session for every admin page. `siteName` flows from the adapter without pulling
- * its plugin graph into client bundles; the import stays server-side in the layout load.
- * `pathname` lets the shared shell highlight the active nav item without a `$app/*` import
- * (those kit virtual modules have no types outside a kit app, so they can't live in the
- * package); reading `event.url` here also opts the layout load into rerunning on navigation.
- */
-export function adminLayoutLoad(event, adapter) {
-    return { user: event.locals.user, siteName: adapter.siteName, pathname: event.url.pathname };
-}
-/** List every collection's markdown files. A failed listing degrades to an inline error. */
-export async function adminListLoad(event, adapter) {
-    const token = await readToken(event.platform?.env);
-    const collections = await Promise.all(adapter.collections.map(async ({ type, label, dir }) => {
-        try {
-            return { type, label, files: await listMarkdown(adapter.backend, dir, token) };
-        }
-        catch (err) {
-            // A failed listing (rate limit, network) shouldn't 500 the whole admin.
-            return { type, label, files: [], error: err instanceof Error ? err.message : 'Failed to load' };
-        }
-    }));
-    return { collections };
-}
-export async function editLoad(event, adapter) {
-    const collection = findCollection(adapter, event.params.type);
-    if (!collection)
-        throw error(404, 'Unknown collection');
-    const token = await readToken(event.platform?.env);
-    const path = `${collection.dir}/${event.params.id}.md`;
-    const raw = await readRaw(adapter.backend, path, token);
-    if (raw === null)
-        throw error(404, 'Content not found');
-    // Split frontmatter from body server-side; the editor form binds to the frontmatter and
-    // the Carta editor binds to the body, and /admin/save reassembles them on commit.
-    const { data: frontmatter, content: body } = matter(raw);
-    return {
-        type: event.params.type,
-        id: event.params.id,
-        label: collection.label,
-        fields: collection.fields,
-        path,
-        body,
-        frontmatter,
-        title: typeof frontmatter.title === 'string' ? frontmatter.title : event.params.id,
-        saved: event.url.searchParams.get('saved') === '1',
-        error: event.url.searchParams.get('error'),
-    };
-}
-// ── /admin/save (POST) ──────────────────────────────────────────────────────
-export async function saveCommit(event, adapter) {
-    const user = event.locals.user;
-    if (!user)
-        throw error(401, 'Not signed in');
-    const env = event.platform?.env;
-    if (!env?.GITHUB_APP_ID || !env.GITHUB_APP_INSTALLATION_ID || !env.GITHUB_APP_PRIVATE_KEY_B64) {
-        throw error(500, 'GitHub App is not configured');
-    }
-    const form = await event.request.formData();
-    const type = String(form.get('type') ?? '');
-    const id = String(form.get('id') ?? '');
-    const body = String(form.get('body') ?? '');
-    const collection = findCollection(adapter, type);
-    if (!collection || !id)
-        throw error(400, 'Bad request');
-    // Build frontmatter from the posted fields and validate against the collection's schema; a
-    // bad field bounces back to the editor with the validator's message rather than 500ing.
-    let frontmatter;
-    try {
-        frontmatter = collection.validate(frontmatterFromForm(collection, form), `${id}.md`);
-    }
-    catch (err) {
-        const message = err instanceof Error ? err.message : 'Invalid frontmatter';
-        throw redirect(303, `/admin/edit/${type}/${id}?error=${encodeURIComponent(message)}`);
-    }
-    const markdown = serializeMarkdown(frontmatter, body);
-    const token = await installationToken({
-        appId: env.GITHUB_APP_ID,
-        installationId: env.GITHUB_APP_INSTALLATION_ID,
-        privateKeyB64: env.GITHUB_APP_PRIVATE_KEY_B64,
-    });
-    try {
-        await commitFile(adapter.backend, `${collection.dir}/${id}.md`, markdown, { message: `Update ${collection.label.toLowerCase()}: ${id}`, author: { name: user.name, email: user.email } }, token);
-    }
-    catch (err) {
-        // Concurrent-edit 409 (C3): fail safe. Bounce back with a reload prompt; the editor reloads
-        // the current version and reapplies. Any other error is unexpected, so rethrow.
-        if (err instanceof CommitConflictError) {
-            const message = 'This file changed since you opened it. Reload and reapply your edits.';
-            throw redirect(303, `/admin/edit/${type}/${id}?error=${encodeURIComponent(message)}`);
-        }
-        throw err;
-    }
-    throw redirect(303, `/admin/edit/${type}/${id}?saved=1`);
-}
-/**
- * Deploy-time health check (M2): signs a dummy App JWT to prove the GitHub App key loads and
- * the PKCS#1→PKCS#8 conversion still works, before an editor hits it on save. Behind the
- * `/admin` guard (signed-in editors only); returns ok/fail with no secret in the body.
- */
-export async function healthLoad(event) {
-    const env = event.platform?.env;
-    let githubAppSigning;
-    if (env?.GITHUB_APP_ID && env.GITHUB_APP_PRIVATE_KEY_B64) {
-        githubAppSigning = await signingSelfTest(env.GITHUB_APP_ID, env.GITHUB_APP_PRIVATE_KEY_B64);
-    }
-    else {
-        githubAppSigning = { ok: false, detail: 'GitHub App not configured' };
-    }
-    return { ok: githubAppSigning.ok, checks: { githubAppSigning } };
-}
+// SvelteKit server logic consumed by site route shims: the guard plus the auth, editor,
+// content, and health route factories and functions.
+export { createAuthGuard, requireSession, requireOwner } from './guard.js';
+export { createAuthRoutes } from './auth-routes.js';
+export { createEditorRoutes } from './editors-routes.js';
+export { createContentRoutes } from './content-routes.js';
+export { createNavRoutes } from './nav-routes.js';
+export { healthLoad } from './health.js';

package/dist/sveltekit/nav-routes.d.ts

@@ -0,0 +1,30 @@
+import { type GithubKeyEnv } from '../github/credentials.js';
+import { type NavNode } from '../nav/site-config.js';
+import type { CairnRuntime } from '../content/types.js';
+import type { ContentEvent } from './content-routes.js';
+/** One page option for the URL picker datalist. */
+export interface NavPageOption {
+    label: string;
+    url: string;
+}
+/** The nav editor's load data: the menu meta, the current tree, page options, and flags. */
+export interface NavLoadData {
+    menu: {
+        name: string;
+        label: string;
+        maxDepth: number;
+    };
+    tree: NavNode[];
+    pages: NavPageOption[];
+    saved: boolean;
+    error: string | null;
+}
+/** Injectable dependencies; tests stub the token mint to avoid signing a real key. */
+export interface NavRoutesDeps {
+    mintToken?: (env: GithubKeyEnv) => Promise<string>;
+}
+export declare function createNavRoutes(runtime: CairnRuntime, deps?: NavRoutesDeps): {
+    navLoad: (event: ContentEvent) => Promise<NavLoadData>;
+    navSave: (event: ContentEvent) => Promise<never>;
+};
+//# sourceMappingURL=nav-routes.d.ts.map

package/dist/sveltekit/nav-routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nav-routes.d.ts","sourceRoot":"","sources":["../../src/lib/sveltekit/nav-routes.ts"],"names":[],"mappings":"AAIA,OAAO,EAAkB,KAAK,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAI7E,OAAO,EAA0D,KAAK,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAC7G,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAGxD,mDAAmD;AACnD,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;CACb;AAED,4FAA4F;AAC5F,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IACxD,IAAI,EAAE,OAAO,EAAE,CAAC;IAChB,KAAK,EAAE,aAAa,EAAE,CAAC;IACvB,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED,sFAAsF;AACtF,MAAM,WAAW,aAAa;IAC5B,SAAS,CAAC,EAAE,CAAC,GAAG,EAAE,YAAY,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;CACpD;AAcD,wBAAgB,eAAe,CAAC,OAAO,EAAE,YAAY,EAAE,IAAI,GAAE,aAAkB;qBAqB/C,YAAY,KAAG,OAAO,CAAC,WAAW,CAAC;qBAiCnC,YAAY,KAAG,OAAO,CAAC,KAAK,CAAC;EAuC5D"}

package/dist/sveltekit/nav-routes.js

@@ -0,0 +1,103 @@
+// The admin nav-editing routes: the load and save a site's /admin/nav shim calls. A factory closes
+// over the composed runtime and the GitHub token mint, mirroring createContentRoutes, so the read
+// and commit paths are unit-testable against a fetch double with an injected token.
+import { redirect, error } from '@sveltejs/kit';
+import { appCredentials } from '../github/credentials.js';
+import { installationToken } from '../github/signing.js';
+import { listMarkdown, readRaw, commitFile } from '../github/repo.js';
+import { CommitConflictError } from '../github/types.js';
+import { parseSiteConfig, extractMenu, validateNavTree, setMenu } from '../nav/site-config.js';
+/** The signed-in editor the guard resolved, or a login redirect. */
+function sessionOf(event) {
+    const editor = event.locals.editor;
+    if (!editor)
+        throw redirect(303, '/admin/login');
+    return editor;
+}
+/** Match a commit conflict by class and by name (bundling can alias the class identity). */
+function isConflict(err) {
+    return err instanceof CommitConflictError || err?.name === 'CommitConflictError';
+}
+export function createNavRoutes(runtime, deps = {}) {
+    const mintToken = deps.mintToken ?? ((env) => installationToken(appCredentials(runtime.backend, env)));
+    /** List page-like concepts (routable, not dated) for the URL picker. Best-effort per concept. */
+    async function pageOptions(token) {
+        const pageConcepts = runtime.concepts.filter((c) => c.routing.routable && !c.routing.dated);
+        const lists = await Promise.all(pageConcepts.map(async (c) => {
+            try {
+                const files = await listMarkdown(runtime.backend, c.dir, token);
+                return files.map((f) => ({ label: f.id, url: `/${f.id}` }));
+            }
+            catch {
+                return [];
+            }
+        }));
+        return lists.flat();
+    }
+    /** Load the nav editor. A missing or unparsable config degrades to an empty tree so it still opens. */
+    async function navLoad(event) {
+        sessionOf(event);
+        const config = runtime.navMenu;
+        if (!config)
+            throw error(404, 'No navigation menu configured');
+        const maxDepth = config.maxDepth ?? 2;
+        const menu = { name: config.menuName, label: config.label, maxDepth };
+        let token;
+        try {
+            token = await mintToken(event.platform?.env ?? {});
+        }
+        catch {
+            return { menu, tree: [], pages: [], saved: false, error: 'Could not authenticate with GitHub.' };
+        }
+        let tree = [];
+        try {
+            const raw = await readRaw(runtime.backend, config.configPath, token);
+            if (raw !== null)
+                tree = extractMenu(parseSiteConfig(raw), config.menuName, maxDepth);
+        }
+        catch {
+            // A malformed or unreadable config degrades to an empty tree; the first save writes a clean menu.
+            tree = [];
+        }
+        return {
+            menu,
+            tree,
+            pages: await pageOptions(token),
+            saved: event.url.searchParams.get('saved') === '1',
+            error: event.url.searchParams.get('error'),
+        };
+    }
+    /** Save the nav tree: validate, then read-modify-commit the one menu with the session editor as author. */
+    async function navSave(event) {
+        const editor = sessionOf(event);
+        const config = runtime.navMenu;
+        if (!config)
+            throw error(404, 'No navigation menu configured');
+        const maxDepth = config.maxDepth ?? 2;
+        const form = await event.request.formData();
+        let tree;
+        try {
+            tree = validateNavTree(JSON.parse(String(form.get('tree') ?? '[]')), maxDepth);
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : 'Invalid navigation';
+            throw redirect(303, `/admin/nav?error=${encodeURIComponent(message)}`);
+        }
+        const token = await mintToken(event.platform?.env ?? {});
+        const raw = await readRaw(runtime.backend, config.configPath, token);
+        if (raw === null)
+            throw error(404, 'Site config not found');
+        try {
+            await commitFile(runtime.backend, config.configPath, setMenu(raw, config.menuName, tree), { message: `Update ${config.label.toLowerCase()}`, author: { name: editor.displayName, email: editor.email } }, token);
+        }
+        catch (err) {
+            if (isConflict(err)) {
+                const message = 'The site config changed since you opened it. Reload and reapply your edits.';
+                throw redirect(303, `/admin/nav?error=${encodeURIComponent(message)}`);
+            }
+            throw err;
+        }
+        throw redirect(303, '/admin/nav?saved=1');
+    }
+    return { navLoad, navSave };
+}

package/dist/sveltekit/types.d.ts

@@ -0,0 +1,32 @@
+import type { AuthEnv, Editor } from '../auth/types.js';
+export interface CookieSetOptions {
+    path: string;
+    httpOnly?: boolean;
+    secure?: boolean;
+    sameSite?: 'lax' | 'strict' | 'none';
+    maxAge?: number;
+}
+export interface CookieJar {
+    get(name: string): string | undefined;
+    set(name: string, value: string, opts: CookieSetOptions): void;
+    delete(name: string, opts: {
+        path: string;
+    }): void;
+}
+export interface RequestContext {
+    url: URL;
+    request: Request;
+    cookies: CookieJar;
+    locals: {
+        editor?: Editor | null;
+    };
+    platform?: {
+        env?: AuthEnv;
+    };
+    setHeaders(headers: Record<string, string>): void;
+}
+export interface HandleInput {
+    event: RequestContext;
+    resolve(event: RequestContext): Promise<Response> | Response;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/sveltekit/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/lib/sveltekit/types.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAExD,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IACrC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,SAAS;IACxB,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC;IACtC,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,gBAAgB,GAAG,IAAI,CAAC;IAC/D,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;CACpD;AAED,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,GAAG,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,SAAS,CAAC;IACnB,MAAM,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC;IACnC,QAAQ,CAAC,EAAE;QAAE,GAAG,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC;IAG7B,UAAU,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI,CAAC;CACnD;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,cAAc,CAAC;IACtB,OAAO,CAAC,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC;CAC9D"}

package/dist/sveltekit/types.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -1,8 +1,12 @@
 {
   "name": "@glw907/cairn-cms",
-  "version": "0.5.0",
+  "version": "0.6.0-rc.0",
   "description": "Embedded, magic-link, GitHub-committing CMS for SvelteKit/Cloudflare sites.",
   "type": "module",
+  "sideEffects": [
+    "**/*.svelte",
+    "**/*.css"
+  ],
   "license": "MIT",
   "author": "Geoff Wright",
   "repository": {
@@ -19,75 +23,47 @@
   ],
   "scripts": {
     "package": "svelte-package",
-    "package:watch": "svelte-package --watch",
-    "prepublishOnly": "svelte-package",
+    "check:package": "npm run package && publint --strict && attw --pack . --ignore-rules no-resolution cjs-resolves-to-esm internal-resolution-error",
+    "prepare": "svelte-package",
+    "check": "svelte-check --tsconfig ./tsconfig.json",
     "test": "vitest run",
     "test:watch": "vitest",
-    "auth:schema": "better-auth generate --config auth.cli.ts --output src/lib/auth/schema.ts -y",
-    "auth:sql": "drizzle-kit generate"
+    "test:unit": "vitest run --project unit",
+    "test:integration": "vitest run --project integration",
+    "test:component": "vitest run --project component"
   },
   "exports": {
     ".": {
-      "types": "./src/lib/index.ts",
-      "svelte": "./src/lib/index.ts",
-      "default": "./src/lib/index.ts"
+      "types": "./dist/index.d.ts",
+      "svelte": "./dist/index.js",
+      "default": "./dist/index.js"
     },
     "./sveltekit": {
-      "types": "./src/lib/sveltekit/index.ts",
-      "svelte": "./src/lib/sveltekit/index.ts",
-      "default": "./src/lib/sveltekit/index.ts"
+      "types": "./dist/sveltekit/index.d.ts",
+      "svelte": "./dist/sveltekit/index.js",
+      "default": "./dist/sveltekit/index.js"
     },
     "./components": {
-      "types": "./src/lib/components/index.ts",
-      "svelte": "./src/lib/components/index.ts",
-      "default": "./src/lib/components/index.ts"
-    },
-    "./auth": {
-      "types": "./src/lib/auth/index.ts",
-      "svelte": "./src/lib/auth/index.ts",
-      "default": "./src/lib/auth/index.ts"
+      "types": "./dist/components/index.d.ts",
+      "svelte": "./dist/components/index.js",
+      "default": "./dist/components/index.js"
     },
     "./package.json": "./package.json"
   },
-  "publishConfig": {
-    "exports": {
-      ".": {
-        "types": "./dist/index.d.ts",
-        "svelte": "./dist/index.js",
-        "default": "./dist/index.js"
-      },
-      "./sveltekit": {
-        "types": "./dist/sveltekit/index.d.ts",
-        "svelte": "./dist/sveltekit/index.js",
-        "default": "./dist/sveltekit/index.js"
-      },
-      "./components": {
-        "types": "./dist/components/index.d.ts",
-        "svelte": "./dist/components/index.js",
-        "default": "./dist/components/index.js"
-      },
-      "./auth": {
-        "types": "./dist/auth/index.d.ts",
-        "svelte": "./dist/auth/index.js",
-        "default": "./dist/auth/index.js"
-      },
-      "./package.json": "./package.json"
-    }
-  },
   "files": [
     "dist",
     "src/lib"
   ],
   "peerDependencies": {
     "@sveltejs/kit": "^2",
-    "better-auth": "^1.6",
     "carta-md": "^4.11",
-    "drizzle-orm": ">=0.40 <1",
     "svelte": "^5.0.0"
   },
   "dependencies": {
+    "@rodrigodagostino/svelte-sortable-list": "^2.1.17",
     "@types/hast": "^3.0.4",
     "@types/mdast": "^4.0.4",
+    "dompurify": "^3.4.7",
     "gray-matter": "^4",
     "hastscript": "^9.0.1",
     "mdast-util-directive": "^3.1.0",
@@ -99,23 +75,27 @@
     "remark-parse": "^11.0.0",
     "remark-rehype": "^11.1.2",
     "unified": "^11.0.5",
-    "unist-util-visit": "^5.1.0"
+    "unist-util-visit": "^5.1.0",
+    "yaml": "^2"
   },
   "devDependencies": {
-    "@better-auth/cli": "^1.4.21",
-    "@cloudflare/workers-types": "^4.20260405.1",
-    "@sveltejs/kit": "^2",
+    "@arethetypeswrong/cli": "^0.18.3",
+    "@cloudflare/vitest-pool-workers": "^0.16",
+    "@cloudflare/workers-types": "^4.20260501.0",
+    "@sveltejs/kit": "^2.61",
     "@sveltejs/package": "^2",
-    "@sveltejs/vite-plugin-svelte": "^7",
-    "@types/better-sqlite3": "^7.6.13",
-    "better-auth": "^1.6.11",
-    "better-sqlite3": "^12.10.0",
+    "@sveltejs/vite-plugin-svelte": "^7.1",
+    "@vitest/browser": "^4.1.7",
+    "@vitest/browser-playwright": "^4.1.7",
     "carta-md": "^4.11",
-    "drizzle-kit": "^0.31.10",
-    "drizzle-orm": "^0.45.2",
-    "svelte": "^5",
+    "playwright": "^1.60.0",
+    "publint": "^0.3.21",
+    "svelte": "^5.55",
     "svelte-check": "^4",
     "typescript": "^6.0.3",
-    "vitest": "^4.1.6"
+    "vite": "^8.0",
+    "vitest": "^4.1",
+    "vitest-browser-svelte": "^2.1.1",
+    "wrangler": "^4"
   }
 }

package/src/lib/auth/crypto.ts

@@ -0,0 +1,37 @@
+// Token and session-id generation plus SHA-256 token hashing, on Web Crypto so the
+// code runs unchanged in workerd. The store keeps only the hash of a token, never the
+// token itself (spec 7.1).
+
+/** The session cookie name. */
+export const COOKIE_NAME = 'cairn_session';
+
+/** Magic-link tokens live 10 minutes. */
+export const TOKEN_TTL_MS = 10 * 60 * 1000;
+
+/** Sessions live 30 days. */
+export const SESSION_TTL_MS = 30 * 24 * 60 * 60 * 1000;
+
+function randomBase64Url(byteLength = 32): string {
+  const bytes = new Uint8Array(byteLength);
+  crypto.getRandomValues(bytes);
+  let binary = '';
+  for (const b of bytes) binary += String.fromCharCode(b);
+  return btoa(binary).replaceAll('+', '-').replaceAll('/', '_').replaceAll('=', '');
+}
+
+/** A fresh 256-bit magic-link token, url-safe. */
+export function generateToken(): string {
+  return randomBase64Url(32);
+}
+
+/** A fresh 256-bit session id, url-safe. */
+export function generateSessionId(): string {
+  return randomBase64Url(32);
+}
+
+/** The lowercase hex SHA-256 of a token, for storage and lookup. */
+export async function hashToken(token: string): Promise<string> {
+  const data = new TextEncoder().encode(token);
+  const digest = await crypto.subtle.digest('SHA-256', data);
+  return [...new Uint8Array(digest)].map((b) => b.toString(16).padStart(2, '0')).join('');
+}