@glw907/cairn-cms 0.50.0 → 0.51.0

package/dist/components/editor-highlight.js

@@ -5,7 +5,7 @@ import { HighlightStyle } from '@codemirror/language';
 import { tags } from '@lezer/highlight';
 import { Decoration, ViewPlugin } from '@codemirror/view';
 import { RangeSetBuilder } from '@codemirror/state';
-import { directiveLineKind, findInlineDirectives } from './markdown-directives.js';
+import { directiveLineKind, fenceDepths, findInlineDirectives } from './markdown-directives.js';
 /** Markdown token colors over the admin theme variables. */
 export function cairnHighlightStyle() {
     return HighlightStyle.define([
@@ -24,20 +24,39 @@ export function cairnHighlightStyle() {
 // The machinery lines explain themselves on hover, so an editor who has never seen ::: syntax
 // learns what the line is without leaving the page.
 const MACHINERY_HINT = 'Layout marker. Edit the text between these lines and leave this line as it is.';
-const fenceLine = Decoration.line({ class: 'cm-cairn-directive-fence', attributes: { title: MACHINERY_HINT } });
+// Nesting deeper than three steps shares the third visual step; the depth model itself is unbounded.
+const DEPTH_STEPS = [1, 2, 3];
+const fenceLines = DEPTH_STEPS.map((d) => Decoration.line({ class: `cm-cairn-directive-fence cm-cairn-depth-${d}`, attributes: { title: MACHINERY_HINT } }));
+const contentLines = DEPTH_STEPS.map((d) => Decoration.line({ class: `cm-cairn-directive-content cm-cairn-depth-${d}` }));
 const leafLine = Decoration.line({ class: 'cm-cairn-directive-leaf', attributes: { title: MACHINERY_HINT } });
 const inlineMark = Decoration.mark({ class: 'cm-cairn-directive-inline' });
-function buildDirectiveDecorations(view) {
+// Depth needs the whole document, since a visible line's containers can open above the viewport.
+// One regex pass per line, linear in the document; at admin entry sizes (tens of kilobytes) that
+// is well under a millisecond. The plugin caches the result, so the scan reruns only when the
+// document changes and a scroll rebuilds the viewport decorations from the cached array.
+function docDepths(view) {
+    const doc = view.state.doc;
+    const lines = [];
+    for (let n = 1; n <= doc.lines; n++)
+        lines.push(doc.line(n).text);
+    return fenceDepths(lines);
+}
+function buildDirectiveDecorations(view, depths) {
     const builder = new RangeSetBuilder();
     for (const { from, to } of view.visibleRanges) {
         for (let pos = from; pos <= to;) {
             const line = view.state.doc.lineAt(pos);
             const kind = directiveLineKind(line.text);
-            if (kind === 'fence')
-                builder.add(line.from, line.from, fenceLine);
+            const depth = Math.min(depths[line.number - 1] ?? 0, DEPTH_STEPS.length);
+            // A fence-shaped line at depth 0 is one the depth scan disowned (a documented example
+            // inside a code block, outside any container); it gets no machinery treatment.
+            if (kind === 'fence' && depth > 0)
+                builder.add(line.from, line.from, fenceLines[depth - 1]);
             else if (kind === 'leaf')
                 builder.add(line.from, line.from, leafLine);
-            else {
+            else if (kind === null) {
+                if (depth > 0)
+                    builder.add(line.from, line.from, contentLines[depth - 1]);
                 for (const r of findInlineDirectives(line.text)) {
                     builder.add(line.from + r.from, line.from + r.to, inlineMark);
                 }
@@ -51,12 +70,16 @@ function buildDirectiveDecorations(view) {
 export function cairnDirectivePlugin() {
     return ViewPlugin.fromClass(class {
         decorations;
+        depths;
         constructor(view) {
-            this.decorations = buildDirectiveDecorations(view);
+            this.depths = docDepths(view);
+            this.decorations = buildDirectiveDecorations(view, this.depths);
         }
         update(update) {
+            if (update.docChanged)
+                this.depths = docDepths(update.view);
             if (update.docChanged || update.viewportChanged)
-                this.decorations = buildDirectiveDecorations(update.view);
+                this.decorations = buildDirectiveDecorations(update.view, this.depths);
         }
     }, { decorations: (v) => v.decorations });
 }

package/dist/components/markdown-directives.d.ts

@@ -1,5 +1,15 @@
 /** Classify a whole line as a container fence, a leaf directive, or neither. */
 export declare function directiveLineKind(line: string): 'fence' | 'leaf' | null;
+/**
+ * The 1-based container depth each line sits at, or null outside any container. A named fence
+ * opens a container; a bare fence closes the most recent one (colon counts are not trusted for
+ * pairing, since authors vary them). An opener and its closer share the opener's depth, and a
+ * line between them carries the depth of its innermost container. Lines inside a fenced code
+ * block are plain content, so a documented ::: example cannot open a phantom container running
+ * to end of document. Author errors are tolerated: an unmatched closer reads as depth 1 and the
+ * count never goes below zero.
+ */
+export declare function fenceDepths(lines: string[]): (number | null)[];
 /** Inline directive ranges (`:name[...]{...}`) within a line of text. */
 export declare function findInlineDirectives(text: string): {
     from: number;

package/dist/components/markdown-directives.js

@@ -1,9 +1,17 @@
 // Remark-directive detection for the editor's machinery highlighting (spec: directive syntax is
 // styled distinctly so an editor can tell component scaffolding from prose). Pure functions; the
 // CodeMirror decoration plugin wraps them.
-const FENCE = /^\s{0,3}:::+\s*[\w-]*\s*(\{[^}]*\})?\s*$/;
+// A container fence: three or more colons, then an optional name, an optional [label], and
+// optional {attrs}, in remark-directive order. The name is captured so the depth scan below can
+// tell an opener (named) from a closer (bare colons). Matching is tolerant of stray whitespace,
+// the same posture as the leaf form: a slightly off fence should still read as machinery.
+const FENCE = /^\s{0,3}:{3,}\s*([\w-]*)\s*(\[[^\]]*\])?\s*(\{[^}]*\})?\s*$/;
 const LEAF = /^\s{0,3}::[\w-]+(\[[^\]]*\])?(\{[^}]*\})?\s*$/;
 const INLINE = /(?<![:\w]):[\w-]+\[[^\]]*\](\{[^}]*\})?/g;
+// A fenced code block's delimiter: three or more backticks or tildes, indent-tolerant like the
+// directive forms. The depth scan tracks these so a documented ::: example inside a code block
+// never opens a real container.
+const CODE_FENCE = /^\s{0,3}(`{3,}|~{3,})/;
 /** Classify a whole line as a container fence, a leaf directive, or neither. */
 export function directiveLineKind(line) {
     if (FENCE.test(line))
@@ -12,6 +20,51 @@ export function directiveLineKind(line) {
         return 'leaf';
     return null;
 }
+/**
+ * The 1-based container depth each line sits at, or null outside any container. A named fence
+ * opens a container; a bare fence closes the most recent one (colon counts are not trusted for
+ * pairing, since authors vary them). An opener and its closer share the opener's depth, and a
+ * line between them carries the depth of its innermost container. Lines inside a fenced code
+ * block are plain content, so a documented ::: example cannot open a phantom container running
+ * to end of document. Author errors are tolerated: an unmatched closer reads as depth 1 and the
+ * count never goes below zero.
+ */
+export function fenceDepths(lines) {
+    const depths = [];
+    let open = 0;
+    // The marker character that opened the current code block, or null outside one. Only a line
+    // opening with the same character closes it, so tildes inside a backtick block stay literal.
+    let codeMarker = null;
+    for (const line of lines) {
+        const code = CODE_FENCE.exec(line);
+        if (code) {
+            if (codeMarker === null)
+                codeMarker = code[1][0];
+            else if (code[1][0] === codeMarker)
+                codeMarker = null;
+            depths.push(open > 0 ? open : null);
+            continue;
+        }
+        if (codeMarker !== null) {
+            depths.push(open > 0 ? open : null);
+            continue;
+        }
+        const fence = FENCE.exec(line);
+        if (!fence) {
+            depths.push(open > 0 ? open : null);
+        }
+        else if (fence[1]) {
+            open += 1;
+            depths.push(open);
+        }
+        else {
+            depths.push(Math.max(open, 1));
+            if (open > 0)
+                open -= 1;
+        }
+    }
+    return depths;
+}
 /** Inline directive ranges (`:name[...]{...}`) within a line of text. */
 export function findInlineDirectives(text) {
     const out = [];

package/dist/components/preview-doc.d.ts

@@ -0,0 +1,27 @@
+import type { ResolvedPreview } from '../content/types.js';
+/** One width the preview frame can take. */
+export interface PreviewDevice {
+    id: 'desktop' | 'tablet' | 'phone' | 'small';
+    /** The device menu label, also the frame caption's first half. */
+    label: string;
+    /** Frame width in CSS pixels; null fills the pane (Desktop). */
+    width: number | null;
+}
+/** A preview device's id, the value the page persists. */
+export type PreviewDeviceId = PreviewDevice['id'];
+/** The four widths the device menu offers, in menu order. Desktop leads as the default. */
+export declare const previewDevices: PreviewDevice[];
+/** The table row for a device id. The id type makes a miss impossible; the fallback satisfies find. */
+export declare function previewDevice(id: PreviewDeviceId): PreviewDevice;
+/** A device's user-facing text, shared by the toolbar's menu items and the frame caption: the
+ *  label with its width when one is fixed, so the value reaches assistive tech at pick time. */
+export declare function deviceLabel(d: PreviewDevice): string;
+/**
+ * Build the preview iframe's srcdoc: a complete document linking the site's stylesheets around
+ * the rendered entry html. The html comes from the site's floored render pipeline, which already
+ * stripped scripts and event handlers, so it embeds unescaped; the frame's empty `sandbox` is
+ * belt and braces over that floor. The parameter is the flat `ResolvedPreview` shape `editLoad`
+ * ships, so the per-concept map can never reach the frame document by construction.
+ * `preview` null (a site without the adapter knob) yields a styleless but complete document.
+ */
+export declare function buildPreviewDoc(html: string, preview: ResolvedPreview | null): string;

package/dist/components/preview-doc.js

@@ -0,0 +1,64 @@
+// cairn-cms: the edit page's preview-frame document. The admin's chrome isolation keeps the
+// site's CSS out of the admin document, so EditPage renders the preview inside a sandboxed
+// iframe whose document links the site's own stylesheets from the adapter's preview knob. This
+// module builds that iframe's srcdoc as one pure string, so its shape is unit-testable, and it
+// carries the device table the frame's width control offers.
+import { escapeHtml } from '../escape.js';
+/** The four widths the device menu offers, in menu order. Desktop leads as the default. */
+export const previewDevices = [
+    { id: 'desktop', label: 'Desktop', width: null },
+    { id: 'tablet', label: 'Tablet', width: 768 },
+    { id: 'phone', label: 'Phone', width: 390 },
+    { id: 'small', label: 'Small phone', width: 320 },
+];
+/** The table row for a device id. The id type makes a miss impossible; the fallback satisfies find. */
+export function previewDevice(id) {
+    return previewDevices.find((d) => d.id === id) ?? previewDevices[0];
+}
+/** A device's user-facing text, shared by the toolbar's menu items and the frame caption: the
+ *  label with its width when one is fixed, so the value reaches assistive tech at pick time. */
+export function deviceLabel(d) {
+    return d.width === null ? d.label : `${d.label} · ${d.width} px`;
+}
+/**
+ * Build the preview iframe's srcdoc: a complete document linking the site's stylesheets around
+ * the rendered entry html. The html comes from the site's floored render pipeline, which already
+ * stripped scripts and event handlers, so it embeds unescaped; the frame's empty `sandbox` is
+ * belt and braces over that floor. The parameter is the flat `ResolvedPreview` shape `editLoad`
+ * ships, so the per-concept map can never reach the frame document by construction.
+ * `preview` null (a site without the adapter knob) yields a styleless but complete document.
+ */
+export function buildPreviewDoc(html, preview) {
+    const links = (preview?.stylesheets ?? [])
+        .map((href) => `<link rel="stylesheet" href="${escapeHtml(href)}">`)
+        .join('\n');
+    const bodyAttrs = preview?.bodyClass ? ` class="${escapeHtml(preview.bodyClass)}"` : '';
+    const content = preview?.containerClass
+        ? `<div class="${escapeHtml(preview.containerClass)}">${html}</div>`
+        : html;
+    // The reset sits BEFORE the site links so the site's CSS wins every collision: it only clears
+    // the default body margin and pins a white ground for sheets that assume one.
+    //
+    // The base tag is what makes links inert. The empty sandbox alone does not: a sandboxed
+    // context may still navigate itself, and a srcdoc document resolves relative hrefs against the
+    // parent's base URL, so a clicked fragment or root link could render the admin login inside
+    // the frame. Targeting every link at a new tab turns each click into a popup, and the sandbox
+    // (which grants no allow-popups) blocks it, so a proofing click goes nowhere.
+    return [
+        '<!doctype html>',
+        '<html>',
+        '<head>',
+        '<meta charset="utf-8">',
+        '<meta name="viewport" content="width=device-width, initial-scale=1">',
+        '<base target="_blank">',
+        '<style>body{margin:0;background:#fff}</style>',
+        links,
+        '</head>',
+        `<body${bodyAttrs}>`,
+        content,
+        '</body>',
+        '</html>',
+    ]
+        .filter((line) => line !== '')
+        .join('\n');
+}

package/dist/content/compose.js

@@ -31,6 +31,7 @@ export function composeRuntime({ adapter, siteConfig, extensions = [] }) {
         registry: adapter.registry,
         icons: adapter.icons,
         navMenu: adapter.navMenu,
+        preview: adapter.preview,
         assets: adapter.assets,
         adminPanels,
         fieldTypes,

package/dist/content/types.d.ts

@@ -133,6 +133,34 @@ export interface NavMenuConfig {
     /** Max nesting depth allowed in the editor; defaults to 2. */
     maxDepth?: number;
 }
+/**
+ * How the edit page's preview frame reproduces the live site's content styling. The admin
+ * deliberately never loads the site's CSS (chrome isolation), so a design-accurate preview needs
+ * the site to name its stylesheets for the preview frame; without this knob the preview renders
+ * unstyled markup. The frame's srcdoc pins a white body background as a deliberately overridable
+ * default, so a site whose ground is not white should state its body background in its own
+ * stylesheet.
+ */
+export interface PreviewConfig {
+    /** Absolute or root-relative URLs of the site's compiled stylesheets, linked inside the
+     *  preview document. A Vite `?url` import of the site's CSS resolves the hashed asset URL. */
+    stylesheets: string[];
+    /** Class list applied to the preview document's body, for theme or typography roots. */
+    bodyClass?: string;
+    /** Class list for a wrapper element around the rendered content, reproducing the site's
+     *  content container (a prose or measure class). Omitted renders the content bare. */
+    containerClass?: string;
+    /** Per-concept overrides of bodyClass and containerClass, keyed by concept id. An entry's
+     *  preview resolves the override for its concept over the top-level values; stylesheets are
+     *  always shared. */
+    byConcept?: Record<string, {
+        bodyClass?: string;
+        containerClass?: string;
+    }>;
+}
+/** The flat preview shape `editLoad` ships to the edit page: the top-level `PreviewConfig`
+ *  values with the entry's concept override applied, and no `byConcept` map. */
+export type ResolvedPreview = Omit<PreviewConfig, 'byConcept'>;
 /** Reserved asset slot (seam 4). Typed and unused in the rebuild; R7/R9 read it later with no contract change. */
 export interface AssetConfig {
     /** Repo-relative asset roots, e.g. ["static/images"]. */
@@ -168,6 +196,9 @@ export interface CairnAdapter {
     /** The site's glyph name to SVG path-data map, for the admin icon picker and the renderer. */
     icons?: IconSet;
     navMenu?: NavMenuConfig;
+    /** The live site's content styling for the preview frame. The admin's chrome isolation keeps
+     *  the site's CSS out of the admin document, so the preview frame links these instead. */
+    preview?: PreviewConfig;
     assets?: AssetConfig;
 }
 /**
@@ -263,6 +294,8 @@ export interface CairnRuntime {
     /** The site's glyph name to SVG path-data map, for the admin icon picker and the renderer. */
     icons?: IconSet;
     navMenu?: NavMenuConfig;
+    /** The live site's content styling for the preview frame; passed through from the adapter. */
+    preview?: PreviewConfig;
     assets?: AssetConfig;
     /** Admin panels contributed by extensions (Mode 2). Empty until Plan 09 wires the dispatch route. */
     adminPanels?: AdminPanel[];

package/dist/diagnostics/conditions.js

@@ -69,6 +69,14 @@ export const REGISTRY = {
         remediation: "Set csrf: { checkOrigin: false } in svelte.config.js and wire createAuthGuard into src/hooks.server.ts; cairn's guard owns the Origin and double-submit token checks.",
         docsAnchor: 'cloudflare-readiness.md#hand-cairn-the-csrf-authority',
     },
+    'config.public-origin-invalid': {
+        id: 'config.public-origin-invalid',
+        severity: 'blocker',
+        title: 'PUBLIC_ORIGIN is missing or invalid',
+        why: 'PUBLIC_ORIGIN is unset, does not parse as a URL, or uses http on a non-local host. The magic-link confirmation links and the absolute feed URLs derive from it, config-only so a forged Host header cannot redirect a link, and sign-in cannot mint a usable link without it.',
+        remediation: "Set PUBLIC_ORIGIN to the site's canonical https origin in the wrangler config vars (with .dev.vars carrying the local http override), then re-deploy; http passes only on localhost or 127.0.0.1.",
+        docsAnchor: 'cloudflare-readiness.md#set-the-public-origin',
+    },
     'config.site-config-invalid': {
         id: 'config.site-config-invalid',
         severity: 'blocker',
@@ -77,6 +85,14 @@ export const REGISTRY = {
         remediation: 'Correct site.config.yaml; the parse or validation error names the failing field or URL-policy rule.',
         docsAnchor: 'cloudflare-readiness.md#validate-the-site-config',
     },
+    'config.dependency-floors-unmet': {
+        id: 'config.dependency-floors-unmet',
+        severity: 'blocker',
+        title: 'A framework dependency sits below the engine floor',
+        why: 'The lockfile resolves svelte or @sveltejs/kit below the range the engine declares as a peer. Consumer sites compile the shipped .svelte sources, so a below-floor compiler bites silently at build time; svelte 5.56.1 miscompiles parenthesized boolean groupings, which is why the svelte floor is ^5.56.3.',
+        remediation: "Raise the devDependency range in the site's package.json to the engine peer range and reinstall so the lockfile re-resolves, for example `npm install --save-dev svelte@^5.56.3`.",
+        docsAnchor: 'cloudflare-readiness.md#meet-the-dependency-floors',
+    },
     'edge.hsts-off': {
         id: 'edge.hsts-off',
         severity: 'warning',
@@ -102,6 +118,14 @@ export const REGISTRY = {
         docsAnchor: 'cloudflare-readiness.md#install-the-github-app',
         logEvent: 'github.unreachable',
     },
+    'admin.login-probe-failed': {
+        id: 'admin.login-probe-failed',
+        severity: 'blocker',
+        title: 'Live admin login probe failed',
+        why: 'A live request to the deployed admin did not answer with the working sign-in envelope (the login page, its CSRF cookie and hidden field, and the request action), so a real editor cannot sign in either. A probe failure has many possible causes; the detail line names the assertion that failed.',
+        remediation: 'Read the failed assertion in the detail line, run the full doctor against the same site, and work through the deploy guide; the other checks narrow the cause.',
+        docsAnchor: 'cloudflare-readiness.md#probe-the-deployed-admin',
+    },
 };
 // The registry is shared identity, never working state; freeze every entry and the map itself.
 for (const entry of Object.values(REGISTRY))

package/dist/doctor/bin.js

@@ -7,8 +7,10 @@
 // before the process ends.
 import { readFile } from 'node:fs/promises';
 import { resolve } from 'node:path';
+import { liveProbeCheck } from './check-probe.js';
 import { liveSendCheck } from './check-send.js';
-import { contextFromEnv, defaultChecks, formatReport, parseArgs, runDoctor } from './index.js';
+import { readWranglerConfig } from './wrangler-config.js';
+import { contextFromEnv, defaultChecks, deriveMissingInputs, formatReport, parseArgs, runDoctor, } from './index.js';
 async function main() {
     let args;
     try {
@@ -20,23 +22,39 @@ async function main() {
         return;
     }
     const cwd = process.cwd();
+    const readFileUnderCwd = async (relPath) => {
+        try {
+            return await readFile(resolve(cwd, relPath), 'utf8');
+        }
+        catch (err) {
+            if (err.code === 'ENOENT')
+                return null;
+            throw err;
+        }
+    };
+    // Fill inputs the flags and env left missing from the repo itself: from and repo off the
+    // adapter (through the vite arm, which exists only on this bin path, never in a Worker)
+    // and the account id off the wrangler config. The API token stays env-only.
+    const derived = await deriveMissingInputs(contextFromEnv(process.env, args, cwd), {
+        adapterFacts: async () => {
+            const { readAdapterFacts } = await import('../vite/index.js');
+            return readAdapterFacts(cwd);
+        },
+        wranglerAccountId: async () => (await readWranglerConfig(readFileUnderCwd))?.accountId,
+    });
     const ctx = {
-        ...contextFromEnv(process.env, args, cwd),
+        ...derived,
         fetch: globalThis.fetch,
-        readFile: async (relPath) => {
-            try {
-                return await readFile(resolve(cwd, relPath), 'utf8');
-            }
-            catch (err) {
-                if (err.code === 'ENOENT')
-                    return null;
-                throw err;
-            }
-        },
+        readFile: readFileUnderCwd,
     };
     const checks = defaultChecks();
     if (args.sendTest)
         checks.push(liveSendCheck(args.sendTest));
+    // The probe is an opt-in network POST against a live site, so it joins only on --probe;
+    // the bare flag hands the URL resolution (the PUBLIC_ORIGIN input) to the check itself.
+    if (args.probe !== undefined) {
+        checks.push(liveProbeCheck(args.probe === true ? undefined : args.probe));
+    }
     const { results, failed } = await runDoctor(checks, ctx);
     console.log(formatReport(results));
     process.exitCode = failed > 0 ? 1 : 0;

package/dist/doctor/check-floors.d.ts

@@ -0,0 +1,15 @@
+import type { CheckResult, DoctorCheck } from './types.js';
+/**
+ * Judge a lockfile's resolved framework versions against the engine's peer ranges. Pure, so the
+ * tests drive it table-style; the check object wires in the real lockfile and the real peers.
+ * A below-range version fails; a lockfile or entry the check cannot read skips, since a pnpm or
+ * yarn consumer carries no package-lock.json at all.
+ */
+export declare function dependencyFloorsResult(lockText: string | null, peers: Record<string, string>): CheckResult;
+/**
+ * The engine's own declared peer ranges, read from the installed package.json at runtime so the
+ * floors are declared exactly once. The self-reference resolves through the consumer's
+ * node_modules in a real install and through the repo root during development.
+ */
+export declare function readEnginePeers(): Record<string, string>;
+export declare const configDependencyFloors: DoctorCheck;

package/dist/doctor/check-floors.js

@@ -0,0 +1,107 @@
+// The dependency-floors check. The engine's peer ranges have teeth only when something reads
+// the consumer's lockfile, where a transitively pinned svelte can sit below the floor while
+// package.json looks fine (the ecxc retrofit shipped svelte 5.56.0 that way). The check compares
+// the resolved svelte and @sveltejs/kit versions in package-lock.json against the peer ranges
+// the installed @glw907/cairn-cms declares, read at runtime so the floors live in one place.
+import { createRequire } from 'node:module';
+import { fail, pass, skip } from './types.js';
+// Plain x.y.z only. A prerelease or build tag returns null, so the check skips rather than
+// guessing how a tagged build orders against the floor.
+function parseVersion(text) {
+    const m = text.match(/^(\d+)\.(\d+)\.(\d+)$/);
+    if (!m)
+        return null;
+    return { major: Number(m[1]), minor: Number(m[2]), patch: Number(m[3]) };
+}
+// The engine's peers are simple caret ranges (^x.y.z, or ^x.y like the kit floor ^2.12), so
+// this handles the caret form only; anything else returns null and the check skips for that
+// dependency instead of approximating a full semver implementation.
+function caretFloor(range) {
+    const m = range.match(/^\^(\d+)(?:\.(\d+))?(?:\.(\d+))?$/);
+    if (!m)
+        return null;
+    return { major: Number(m[1]), minor: Number(m[2] ?? 0), patch: Number(m[3] ?? 0) };
+}
+function compareVersions(a, b) {
+    return a.major - b.major || a.minor - b.minor || a.patch - b.patch;
+}
+function lockedVersion(lock, dep) {
+    const version = lock.packages?.[`node_modules/${dep}`]?.version;
+    return typeof version === 'string' ? version : undefined;
+}
+/**
+ * Judge a lockfile's resolved framework versions against the engine's peer ranges. Pure, so the
+ * tests drive it table-style; the check object wires in the real lockfile and the real peers.
+ * A below-range version fails; a lockfile or entry the check cannot read skips, since a pnpm or
+ * yarn consumer carries no package-lock.json at all.
+ */
+export function dependencyFloorsResult(lockText, peers) {
+    if (lockText === null) {
+        return skip('no package-lock.json found (a pnpm or yarn lockfile is not read)');
+    }
+    let lock;
+    try {
+        lock = JSON.parse(lockText);
+    }
+    catch {
+        // Like the wrangler reader: never echo file content into the report.
+        return fail('package-lock.json did not parse');
+    }
+    if (lock.packages === undefined) {
+        return skip('package-lock.json carries no packages map (lockfile v1; reinstall with a current npm)');
+    }
+    const failures = [];
+    const skips = [];
+    const passes = [];
+    for (const [dep, range] of Object.entries(peers)) {
+        const floor = caretFloor(range);
+        if (floor === null) {
+            skips.push(`${dep}: the engine range ${range} is not a simple caret range`);
+            continue;
+        }
+        const resolved = lockedVersion(lock, dep);
+        if (resolved === undefined) {
+            skips.push(`${dep}: no node_modules/${dep} entry in package-lock.json`);
+            continue;
+        }
+        const version = parseVersion(resolved);
+        if (version === null) {
+            skips.push(`${dep}: resolved ${resolved} is not a plain x.y.z version`);
+            continue;
+        }
+        // The caret bounds both ends: at or above the floor, same major. The engine's peers
+        // start at major 1 or higher, so the 0.x caret nuance never applies here.
+        if (compareVersions(version, floor) < 0) {
+            failures.push(`${dep} resolves to ${resolved}, below the engine floor ${range}`);
+        }
+        else if (version.major !== floor.major) {
+            failures.push(`${dep} resolves to ${resolved}, outside the engine peer range ${range}`);
+        }
+        else {
+            passes.push(`${dep} ${resolved}`);
+        }
+    }
+    if (failures.length > 0)
+        return fail(failures.join('; '));
+    if (skips.length > 0)
+        return skip(skips.join('; '));
+    return pass(`${passes.join(' and ')} satisfy the engine peer ranges`);
+}
+/**
+ * The engine's own declared peer ranges, read from the installed package.json at runtime so the
+ * floors are declared exactly once. The self-reference resolves through the consumer's
+ * node_modules in a real install and through the repo root during development.
+ */
+export function readEnginePeers() {
+    const require = createRequire(import.meta.url);
+    const pkg = require('@glw907/cairn-cms/package.json');
+    return pkg.peerDependencies ?? {};
+}
+export const configDependencyFloors = {
+    id: 'config.dependency-floors',
+    conditionId: 'config.dependency-floors-unmet',
+    title: 'Dependency floors',
+    async run(ctx) {
+        return dependencyFloorsResult(await ctx.readFile('package-lock.json'), readEnginePeers());
+    },
+};

package/dist/doctor/check-probe.d.ts

@@ -0,0 +1,3 @@
+import type { DoctorCheck } from './types.js';
+/** Build the live-probe check. A missing url falls back to the PUBLIC_ORIGIN input at run time. */
+export declare function liveProbeCheck(url?: string): DoctorCheck;