@glw907/cairn-cms 0.5.1 → 0.6.0-rc.1

package/src/lib/auth/guard.ts

@@ -1,60 +0,0 @@
-// cairn-core: server-side auth helpers the site route shims delegate to. Each takes the
-// SvelteKit event, typed structurally so the package never depends on a site's generated
-// `App.*` ambient types, plus the per-request `Auth` from `locals`.
-import { redirect } from '@sveltejs/kit';
-import type { Auth } from './config';
-
-/** The session shape the whole admin reads: layout, guards, content fns, manage-editors. */
-export interface CairnUser {
-  id: string;
-  email: string;
-  name: string;
-  role: 'owner' | 'editor';
-}
-
-/** Read the better-auth session into a cairn user (or null). */
-export async function loadSession(auth: Auth, request: Request): Promise<CairnUser | null> {
-  const session = await auth.api.getSession({ headers: request.headers });
-  if (!session?.user) return null;
-  const u = session.user as { id: string; email: string; name: string; role?: string | null };
-  return { id: u.id, email: u.email, name: u.name, role: u.role === 'owner' ? 'owner' : 'editor' };
-}
-
-export function requireSession(user: CairnUser | null): CairnUser {
-  if (!user) throw redirect(303, '/admin/login');
-  return user;
-}
-
-type ConfirmEvent = { request: Request; locals: { auth: Auth }; url: URL };
-
-/**
- * POST-confirm verification (C2). Invoked from the confirm page's POST action: proxies the
- * token to better-auth's GET verify endpoint via the per-request handler, then forwards the
- * resulting Set-Cookie(s) onto a 303 to /admin. Scanners GET the confirm *page* (nothing is
- * consumed); only this explicit POST consumes the token.
- */
-export async function confirmSignIn(event: ConfirmEvent): Promise<Response> {
-  const form = await event.request.formData();
-  const token = String(form.get('token') ?? '');
-  if (!token) throw redirect(303, '/admin/login?error=expired');
-
-  const verifyUrl = `${event.url.origin}/api/auth/magic-link/verify?token=${encodeURIComponent(token)}&callbackURL=/admin`;
-  const res = await event.locals.auth.handler(new Request(verifyUrl, { headers: event.request.headers }));
-  const cookies = res.headers.getSetCookie();
-  if (cookies.length === 0) throw redirect(303, '/admin/login?error=expired');
-
-  const headers = new Headers({ location: '/admin' });
-  for (const cookie of cookies) headers.append('set-cookie', cookie);
-  return new Response(null, { status: 303, headers });
-}
-
-/** Sign out via better-auth, forwarding the session-clearing cookies, then 303 to login. */
-export async function signOut(event: { request: Request; locals: { auth: Auth } }): Promise<Response> {
-  const origin = new URL(event.request.url).origin;
-  const res = await event.locals.auth.handler(
-    new Request(`${origin}/api/auth/sign-out`, { method: 'POST', headers: event.request.headers }),
-  );
-  const headers = new Headers({ location: '/admin/login' });
-  for (const cookie of res.headers.getSetCookie()) headers.append('set-cookie', cookie);
-  return new Response(null, { status: 303, headers });
-}

package/src/lib/auth/index.ts

@@ -1,7 +0,0 @@
-// Public surface of `@glw907/cairn-cms/auth`: the per-request factory + server-side helpers
-// the site route shims and hooks delegate to. The browser client is intentionally NOT here
-// (it lives component-local in LoginPage to keep better-auth's deep client types out of dist).
-export { createAuth, type Auth, type AuthEnv, type AuthBranding } from './config';
-export { loadSession, requireSession, confirmSignIn, signOut, type CairnUser } from './guard';
-export { adminsLoad, addAdmin, removeAdmin, setAdminRole, requireOwner, type AdminsData } from './admins';
-export { can, requireCapability, type Capability } from './capabilities';

package/src/lib/auth/schema.ts

@@ -1,112 +0,0 @@
-import { relations, sql } from "drizzle-orm";
-import { sqliteTable, text, integer, index } from "drizzle-orm/sqlite-core";
-
-export const user = sqliteTable("user", {
-  id: text("id").primaryKey(),
-  name: text("name").notNull(),
-  email: text("email").notNull().unique(),
-  emailVerified: integer("email_verified", { mode: "boolean" })
-    .default(false)
-    .notNull(),
-  image: text("image"),
-  createdAt: integer("created_at", { mode: "timestamp_ms" })
-    .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)
-    .notNull(),
-  updatedAt: integer("updated_at", { mode: "timestamp_ms" })
-    .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)
-    .$onUpdate(() => /* @__PURE__ */ new Date())
-    .notNull(),
-  role: text("role"),
-  banned: integer("banned", { mode: "boolean" }).default(false),
-  banReason: text("ban_reason"),
-  banExpires: integer("ban_expires", { mode: "timestamp_ms" }),
-});
-
-export const session = sqliteTable(
-  "session",
-  {
-    id: text("id").primaryKey(),
-    expiresAt: integer("expires_at", { mode: "timestamp_ms" }).notNull(),
-    token: text("token").notNull().unique(),
-    createdAt: integer("created_at", { mode: "timestamp_ms" })
-      .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)
-      .notNull(),
-    updatedAt: integer("updated_at", { mode: "timestamp_ms" })
-      .$onUpdate(() => /* @__PURE__ */ new Date())
-      .notNull(),
-    ipAddress: text("ip_address"),
-    userAgent: text("user_agent"),
-    userId: text("user_id")
-      .notNull()
-      .references(() => user.id, { onDelete: "cascade" }),
-    impersonatedBy: text("impersonated_by"),
-  },
-  (table) => [index("session_userId_idx").on(table.userId)],
-);
-
-export const account = sqliteTable(
-  "account",
-  {
-    id: text("id").primaryKey(),
-    accountId: text("account_id").notNull(),
-    providerId: text("provider_id").notNull(),
-    userId: text("user_id")
-      .notNull()
-      .references(() => user.id, { onDelete: "cascade" }),
-    accessToken: text("access_token"),
-    refreshToken: text("refresh_token"),
-    idToken: text("id_token"),
-    accessTokenExpiresAt: integer("access_token_expires_at", {
-      mode: "timestamp_ms",
-    }),
-    refreshTokenExpiresAt: integer("refresh_token_expires_at", {
-      mode: "timestamp_ms",
-    }),
-    scope: text("scope"),
-    password: text("password"),
-    createdAt: integer("created_at", { mode: "timestamp_ms" })
-      .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)
-      .notNull(),
-    updatedAt: integer("updated_at", { mode: "timestamp_ms" })
-      .$onUpdate(() => /* @__PURE__ */ new Date())
-      .notNull(),
-  },
-  (table) => [index("account_userId_idx").on(table.userId)],
-);
-
-export const verification = sqliteTable(
-  "verification",
-  {
-    id: text("id").primaryKey(),
-    identifier: text("identifier").notNull(),
-    value: text("value").notNull(),
-    expiresAt: integer("expires_at", { mode: "timestamp_ms" }).notNull(),
-    createdAt: integer("created_at", { mode: "timestamp_ms" })
-      .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)
-      .notNull(),
-    updatedAt: integer("updated_at", { mode: "timestamp_ms" })
-      .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)
-      .$onUpdate(() => /* @__PURE__ */ new Date())
-      .notNull(),
-  },
-  (table) => [index("verification_identifier_idx").on(table.identifier)],
-);
-
-export const userRelations = relations(user, ({ many }) => ({
-  sessions: many(session),
-  accounts: many(account),
-}));
-
-export const sessionRelations = relations(session, ({ one }) => ({
-  user: one(user, {
-    fields: [session.userId],
-    references: [user.id],
-  }),
-}));
-
-export const accountRelations = relations(account, ({ one }) => ({
-  user: one(user, {
-    fields: [account.userId],
-    references: [user.id],
-  }),
-}));

package/src/lib/carta.ts

@@ -1,59 +0,0 @@
-// cairn-core: pure Carta options/transformer wiring for render-only preview.
-//
-// Plugins are passed in rather than imported; that seam is what the Pass D adapter formalises.
-// No `carta-md` import: its index re-exports Svelte components that the node test env
-// can't load. The Svelte component calls `new Carta(previewCartaOptions(...))` directly.
-import type { Pluggable, Processor } from 'unified';
-
-export interface PreviewPlugins {
-  /** remark plugins, injected after gfm and before remark-rehype. */
-  remarkPlugins: Pluggable[];
-  /** rehype plugins, injected after remark-rehype. */
-  rehypePlugins: Pluggable[];
-}
-
-interface PreviewTransformer {
-  execution: 'sync';
-  type: 'remark' | 'rehype';
-  transform: (ctx: { processor: Processor }) => void;
-}
-
-function phase(plugins: Pluggable[], type: PreviewTransformer['type']): PreviewTransformer[] {
-  return plugins.map((plugin) => ({
-    execution: 'sync',
-    type,
-    transform: ({ processor }) => {
-      processor.use([plugin]);
-    },
-  }));
-}
-
-/**
- * Map the site's plugin set to Carta sync transformers, remark phase before rehype.
- * Carta's processor is remarkParse → gfm → [remark] → remark-rehype → [rehype] → stringify,
- * so this ordering reproduces render.ts exactly. Pure (no Carta) so it is unit-testable.
- */
-export function previewTransformers({ remarkPlugins, rehypePlugins }: PreviewPlugins): PreviewTransformer[] {
-  return [...phase(remarkPlugins, 'remark'), ...phase(rehypePlugins, 'rehype')];
-}
-
-/** Minimal Options subset we populate (avoids importing carta-md, which re-exports Svelte components). */
-interface PreviewCartaOptions {
-  sanitizer: false;
-  rehypeOptions: { allowDangerousHtml: boolean };
-  extensions: Array<{ transformers: PreviewTransformer[] }>;
-}
-
-/**
- * Carta options for a render-only preview: site plugins wired in, raw HTML allowed, no
- * sanitizer. Authors are trusted and the directive pipeline emits intentional raw HTML
- * (render.ts uses allowDangerousHtml + rehype-raw); sanitizing here would strip EC
- * primitives. The Svelte component passes this to `new Carta(...)`.
- */
-export function previewCartaOptions(plugins: PreviewPlugins): PreviewCartaOptions {
-  return {
-    sanitizer: false,
-    rehypeOptions: { allowDangerousHtml: true },
-    extensions: [{ transformers: previewTransformers(plugins) }],
-  };
-}

package/src/lib/components/CollectionList.svelte

@@ -1,96 +0,0 @@
-<script lang="ts">
-  // One collection's entries: a table (title, date, draft badge) linking into the editor, plus a
-  // collapsible "New entry" form. The author types a title; the slug stem derives from it (R4) and
-  // stays editable. A story collection also collects a date, which createEntry forwards so the new
-  // entry opens with its date set. Placeholders differ by kind. The shell (AdminLayout) owns the
-  // chrome and nav; this renders only the body.
-  import type { CollectionListData } from '../sveltekit';
-  import { slugify } from '../slug';
-
-  let { data }: { data: CollectionListData } = $props();
-
-  let title = $state('');
-  let slug = $state('');
-  let slugEdited = $state(false);
-
-  // Keep the slug in sync with the title until the author edits the slug directly.
-  function onTitleInput(value: string) {
-    title = value;
-    if (!slugEdited) slug = slugify(value);
-  }
-
-  const slugPlaceholder = $derived(data.kind === 'page' ? 'about-us' : '2026-05-my-entry');
-</script>
-
-<div class="flex items-center justify-between gap-4">
-  <h1 class="text-2xl font-bold">{data.label}</h1>
-  {#if data.canCreate}
-    <details class="dropdown dropdown-end">
-      <summary class="btn btn-primary btn-sm">New entry</summary>
-      <form
-        method="POST"
-        action="?/create"
-        class="dropdown-content z-10 mt-2 flex w-80 flex-col gap-2 rounded-box border border-base-300 bg-base-100 p-4 shadow"
-      >
-        <label class="flex flex-col gap-1">
-          <span class="text-sm font-medium">Title</span>
-          <input
-            type="text"
-            value={title}
-            oninput={(e) => onTitleInput(e.currentTarget.value)}
-            placeholder="A human title"
-            class="input w-full"
-          />
-        </label>
-
-        {#if data.kind === 'story'}
-          <label class="flex flex-col gap-1">
-            <span class="text-sm font-medium">Date</span>
-            <input type="date" name="date" class="input w-full" />
-          </label>
-        {/if}
-
-        <label class="flex flex-col gap-1">
-          <span class="text-sm font-medium">Slug</span>
-          <input
-            type="text"
-            name="id"
-            required
-            bind:value={slug}
-            oninput={() => (slugEdited = true)}
-            placeholder={slugPlaceholder}
-            pattern="[a-z0-9]([a-z0-9-]*[a-z0-9])?"
-            class="input w-full"
-          />
-          <span class="text-xs opacity-60">Lowercase letters, numbers, and hyphens. Becomes the filename.</span>
-        </label>
-
-        <button type="submit" class="btn btn-primary btn-sm">Create &amp; edit</button>
-      </form>
-    </details>
-  {/if}
-</div>
-
-{#if data.formError}
-  <div class="alert alert-error mt-4"><span>{data.formError}</span></div>
-{/if}
-
-{#if data.error}
-  <div class="alert alert-warning mt-6">Couldn't load {data.label.toLowerCase()}: {data.error}</div>
-{:else if data.entries.length === 0}
-  <p class="mt-6 opacity-60">No entries yet.</p>
-{:else}
-  <ul class="menu mt-6 rounded-box border border-base-300 bg-base-100 p-2">
-    {#each data.entries as entry (entry.path)}
-      <li>
-        <a href="/admin/edit/{data.type}/{entry.id}" class="flex items-center justify-between gap-3">
-          <span class="flex items-center gap-2">
-            <span>{entry.title}</span>
-            {#if entry.draft}<span class="badge badge-warning badge-sm">Draft</span>{/if}
-          </span>
-          {#if entry.date}<span class="text-xs opacity-60">{entry.date}</span>{/if}
-        </a>
-      </li>
-    {/each}
-  </ul>
-{/if}

package/src/lib/components/ManageAdmins.svelte

@@ -1,84 +0,0 @@
-<script lang="ts">
-  // Owner-gated editor management: list the allowlist, change roles, remove editors, add new
-  // ones. Reuses the same neutral DaisyUI chrome as the rest of the admin (panels, alerts,
-  // table, buttons). Data comes from `adminsLoad` merged with `adminLayoutLoad` (siteName);
-  // mutations post to the page's named form actions (`?/add`, `?/remove`, `?/setRole`).
-  import type { AdminsData } from '../auth';
-
-  interface Props {
-    data: AdminsData & { siteName: string };
-  }
-  let { data }: Props = $props();
-</script>
-
-<svelte:head>
-  <title>Editors · {data.siteName} CMS</title>
-</svelte:head>
-
-<div>
-  <h1 class="text-2xl font-bold">Editors</h1>
-  <p class="text-sm opacity-60">Who can sign in to {data.siteName} CMS.</p>
-</div>
-
-{#if data.saved}
-  <div class="alert alert-success mt-6"><span>Allowlist updated.</span></div>
-{:else if data.error}
-  <div class="alert alert-error mt-6"><span>{data.error}</span></div>
-{/if}
-
-<div class="mt-6 overflow-x-auto rounded-box border border-base-300 bg-base-100">
-  <table class="table">
-    <thead>
-      <tr><th>Name</th><th>Email</th><th>Role</th><th class="text-right">Actions</th></tr>
-    </thead>
-    <tbody>
-      {#each data.admins as admin (admin.email)}
-        {@const isSelf = admin.email === data.self}
-        <tr>
-          <td class="font-medium">{admin.name}</td>
-          <td class="opacity-70">{admin.email}{#if isSelf}<span class="ml-1 opacity-50">(you)</span>{/if}</td>
-          <td>
-            <span class="badge {admin.role === 'owner' ? 'badge-primary' : 'badge-ghost'}">{admin.role}</span>
-          </td>
-          <td>
-            <div class="flex justify-end gap-2">
-              <!-- Flip role. Disabled for yourself so you can't demote the last owner out. -->
-              <form method="POST" action="?/setRole">
-                <input type="hidden" name="email" value={admin.email} />
-                <input type="hidden" name="role" value={admin.role === 'owner' ? 'editor' : 'owner'} />
-                <button type="submit" class="btn btn-ghost btn-xs" disabled={isSelf}>
-                  Make {admin.role === 'owner' ? 'editor' : 'owner'}
-                </button>
-              </form>
-              <form method="POST" action="?/remove">
-                <input type="hidden" name="email" value={admin.email} />
-                <button type="submit" class="btn btn-ghost btn-xs text-error" disabled={isSelf}>Remove</button>
-              </form>
-            </div>
-          </td>
-        </tr>
-      {/each}
-    </tbody>
-  </table>
-</div>
-
-<form method="POST" action="?/add"
-  class="mt-8 grid gap-4 rounded-box border border-base-300 bg-base-100 p-6 sm:grid-cols-[1fr_1fr_auto_auto] sm:items-end">
-  <label class="flex flex-col gap-1">
-    <span class="text-sm font-medium">Email</span>
-    <input type="email" name="email" required autocomplete="off" placeholder="you@example.com"
-      class="input w-full" />
-  </label>
-  <label class="flex flex-col gap-1">
-    <span class="text-sm font-medium">Name</span>
-    <input type="text" name="name" required placeholder="Display name" class="input w-full" />
-  </label>
-  <label class="flex flex-col gap-1">
-    <span class="text-sm font-medium">Role</span>
-    <select name="role" class="select">
-      <option value="editor">editor</option>
-      <option value="owner">owner</option>
-    </select>
-  </label>
-  <button type="submit" class="btn btn-primary">Add editor</button>
-</form>

package/src/lib/content.ts

@@ -1,11 +0,0 @@
-// cairn-core: reassemble a markdown file from frontmatter + body for committing.
-//
-// The inverse of the gray-matter parse the edit loader does on read. Kept as its own seam
-// so a site adapter can own the on-disk serialization contract (quoting, key order)
-// without the save endpoint reaching for gray-matter directly.
-import matter from 'gray-matter';
-
-/** Serialize frontmatter data + markdown body back into a file string. */
-export function serializeMarkdown(frontmatter: object, body: string): string {
-  return matter.stringify(body, frontmatter);
-}

package/src/lib/editor.ts

@@ -1,38 +0,0 @@
-// cairn-core: the editor cursor seam (decision P3). The component palette and any later insert
-// control talk to MarkdownEditor, never to Carta directly, so a swap to a different editing
-// engine is contained to this file. Verified against carta-md@4.11: `input.getSelection()` and
-// `input.insertAt(pos, text)` are public on the InputEnhancer.
-
-// Local structural type for the Carta surface this module uses. carta-md is a peerDep and its
-// types are erased at runtime, but the carta-boundary test bars any `.ts` file from importing
-// `carta-md` (C4 bundle guard). A structural type avoids that import while remaining compatible.
-interface CartaInput {
-  getSelection(): { start: number; end: number; direction: string; slice: string };
-  insertAt(position: number, text: string): void;
-}
-
-interface CartaLike {
-  input?: CartaInput;
-}
-
-/** The programmatic editing surface the admin relies on. */
-export interface MarkdownEditor {
-  /** Insert a component or template at the current cursor position. */
-  insertComponent(template: string): void;
-}
-
-/**
- * Wrap a Carta instance as a MarkdownEditor. Takes a getter (not the instance) because the
- * EditPage component creates the Carta instance once and `carta.input` is only populated after
- * the editor mounts; reading it lazily at call time avoids capturing an undefined `input`.
- */
-export function cartaEditor(getCarta: () => CartaLike): MarkdownEditor {
-  return {
-    insertComponent(template) {
-      const input = getCarta().input;
-      if (!input) return; // editor not mounted yet; nothing to insert into
-      const { start } = input.getSelection();
-      input.insertAt(start, template);
-    },
-  };
-}

package/src/lib/frontmatter.ts

@@ -1,17 +0,0 @@
-// cairn-core: coerce a frontmatter value to the YYYY-MM-DD string an <input type="date"> wants.
-// gray-matter parses an unquoted YAML date (date: 2026-05-14) into a JS Date, so a string-only
-// read leaves the date input empty and drops the date on save. This normalizes a Date or an
-// ISO-ish string to YYYY-MM-DD. A parsed YAML date is UTC midnight, so slicing the ISO string
-// avoids a local-timezone shift. Internal (not re-exported from the barrel), like utils.ts.
-
-/** A frontmatter date value (Date or string) to the `YYYY-MM-DD` an `<input type="date">` expects. */
-export function dateInputValue(value: unknown): string {
-  if (value instanceof Date) {
-    return Number.isNaN(value.getTime()) ? '' : value.toISOString().slice(0, 10);
-  }
-  if (typeof value === 'string') {
-    const match = value.match(/^\d{4}-\d{2}-\d{2}/);
-    return match ? match[0] : '';
-  }
-  return '';
-}