@glw907/cairn-cms 0.60.0 → 0.62.1

package/dist/sveltekit/cairn-admin.js

@@ -10,6 +10,9 @@ import { createAuthRoutes } from './auth-routes.js';
 import { createContentRoutes, } from './content-routes.js';
 import { createEditorRoutes } from './editors-routes.js';
 import { createNavRoutes } from './nav-routes.js';
+/**
+ *
+ */
 export function createCairnAdmin(runtime, deps = {}) {
     // The runtime already composes the site name and the sender identity, so the magic-link
     // branding needs no second copy of either unless a site overrides it.
@@ -27,11 +30,13 @@ export function createCairnAdmin(runtime, deps = {}) {
     const editors = createEditorRoutes();
     // The nav surface exists only when the site configures a menu; without one its view is a 404.
     const nav = runtime.navMenu ? createNavRoutes(runtime, { mintToken: deps.mintToken }) : null;
-    /** Build the event a wrapped content load reads. The catch-all route carries only a rest
+    /**
+     * Build the event a wrapped content load reads. The catch-all route carries only a rest
      *  param, so `concept` and `id` are synthesized from the parsed view. The override names
      *  each field explicitly rather than spreading: a real RequestEvent's fields can sit behind
      *  getters a bare spread copies poorly, and the structural ContentEvent contract needs only
-     *  these. */
+     *  these.
+     */
     function contentEvent(event, params) {
         return {
             url: event.url,
@@ -42,9 +47,11 @@ export function createCairnAdmin(runtime, deps = {}) {
             cookies: event.cookies,
         };
     }
-    /** Serve the admin view the pathname names, or a 404 for any shape the parser refuses.
+    /**
+     * Serve the admin view the pathname names, or a 404 for any shape the parser refuses.
      *  The authed views run the layout load and the view load concurrently; both mint a GitHub
-     *  token, and the installation-token cache coalesces the mints into one signing. */
+     *  token, and the installation-token cache coalesces the mints into one signing.
+     */
     async function load(event) {
         const view = parseAdminPath(event.url.pathname, runtime.concepts);
         if (!view)
@@ -91,11 +98,18 @@ export function createCairnAdmin(runtime, deps = {}) {
                 const [layout, page] = await Promise.all([content.layoutLoad(delegated), content.settingsLoad(delegated)]);
                 return { view: 'settings', layout, page };
             }
+            case 'help': {
+                const delegated = contentEvent(event, {});
+                const [layout, page] = await Promise.all([content.layoutLoad(delegated), content.helpLoad(delegated)]);
+                return { view: 'help', layout, page };
+            }
         }
     }
-    /** Wrap a delegate in the parse-and-check every action shares: parse the pathname exactly
+    /**
+     * Wrap a delegate in the parse-and-check every action shares: parse the pathname exactly
      *  as load does, 404 on a null parse or a view outside the allowed set, then hand the
-     *  narrowed view to the delegate. */
+     *  narrowed view to the delegate.
+     */
     function viewAction(allowed, delegate) {
         return async (event) => {
             const view = parseAdminPath(event.url.pathname, runtime.concepts);
@@ -106,13 +120,15 @@ export function createCairnAdmin(runtime, deps = {}) {
         };
     }
     // The topbar posts publishAll from every authed admin page; login and confirm may not.
-    const authedViews = ['list', 'edit', 'editors', 'nav', 'media', 'settings'];
+    const authedViews = ['list', 'edit', 'editors', 'nav', 'media', 'settings', 'help'];
     // An editor signs out from wherever they are, so logout accepts any parsed view.
-    const anyView = ['index', 'login', 'confirm', 'list', 'edit', 'editors', 'nav', 'media', 'settings'];
-    /** The full admin action vocabulary, one named async function per action, so a site's
+    const anyView = ['index', 'login', 'confirm', 'list', 'edit', 'editors', 'nav', 'media', 'settings', 'help'];
+    /**
+     * The full admin action vocabulary, one named async function per action, so a site's
      *  catch-all route exports `admin.actions` directly. Each wrapper stays thin: parse,
      *  validate the view, synthesize the params the wrapped action reads, delegate. The
-     *  editor actions gate themselves with requireOwner, so no second gate is added here. */
+     *  editor actions gate themselves with requireOwner, so no second gate is added here.
+     */
     const actions = {
         request: viewAction(['login'], (event) => auth.requestAction(event)),
         confirm: viewAction(['confirm'], (event) => auth.confirmAction(event)),

package/dist/sveltekit/content-routes.d.ts

@@ -1,6 +1,9 @@
 import { fail } from '@sveltejs/kit';
+import { type AdvisoryNotice } from '../content/advisories.js';
 import { type GithubKeyEnv } from '../github/credentials.js';
 import { type LinkTarget, type InboundLink } from '../content/manifest.js';
+import { type GettingStarted } from '../content/getting-started.js';
+import { type MarkdownReferenceRow } from '../components/markdown-reference.js';
 import type { TidyConventions } from '../nav/site-config.js';
 import type { MediaEntry } from '../media/manifest.js';
 import type { MediaLibrary, MediaLibraryEntry } from '../media/library-entry.js';
@@ -12,6 +15,7 @@ import type { BulkDeleteSkip } from '../media/bulk-delete-plan.js';
 import type { CookieJar, EventBase } from './types.js';
 import type { CairnRuntime, FrontmatterField, ResolvedPreview } from '../content/types.js';
 import type { Role } from '../auth/types.js';
+export type { AdvisoryNotice, AdvisoryAction } from '../content/advisories.js';
 /** A sidebar concept entry: just enough to render the nav without shipping validators to the client. */
 export interface NavConcept {
     id: string;
@@ -32,13 +36,17 @@ export interface LayoutData {
     navLabel: string | null;
     /** The admin theme resolved for SSR: the persisted cookie choice, or the light default. */
     theme: 'cairn-admin' | 'cairn-admin-dark';
-    /** The nav group labels the user has collapsed, from the persisted cookie. Read at SSR so a
-     *  collapsed group renders collapsed with no flash. Empty when none are collapsed. */
+    /**
+     * The nav group labels the user has collapsed, from the persisted cookie. Read at SSR so a
+     *  collapsed group renders collapsed with no flash. Empty when none are collapsed.
+     */
     collapsedNav: string[];
     /** The session's CSRF double-submit token, rendered as a hidden field in every admin form. */
     csrf: string;
-    /** Every entry with unpublished edits (a `cairn/` ref), for the topbar's publish-all action.
-     *  Null when GitHub is unreachable, so the topbar hides the action rather than lying. */
+    /**
+     * Every entry with unpublished edits (a `cairn/` ref), for the topbar's publish-all action.
+     *  Null when GitHub is unreachable, so the topbar hides the action rather than lying.
+     */
     pendingEntries: {
         concept: string;
         id: string;
@@ -52,16 +60,20 @@ export interface EntrySummary {
     draft: boolean;
     /** Publish state derived from the ref set: live as-is, live with pending edits, or branch-only. */
     status: 'published' | 'edited' | 'new';
-    /** The row's one-line summary: the manifest's indexed excerpt for a published row, the branch
-     *  frontmatter/body excerpt for a pending one, and null when neither yields text. */
+    /**
+     * The row's one-line summary: the manifest's indexed excerpt for a published row, the branch
+     *  frontmatter/body excerpt for a pending one, and null when neither yields text.
+     */
     summary: string | null;
 }
 /** The concept list view's data. */
 export interface ListData {
     conceptId: string;
     label: string;
-    /** The singular noun for the create affordances ("New post"); from the descriptor, which defaults
-     *  it to `label`. */
+    /**
+     * The singular noun for the create affordances ("New post"); from the descriptor, which defaults
+     *  it to `label`.
+     */
     singular: string;
     /** Posts carry a date in the new-entry form; pages do not (concept routing, spec §7.2). */
     dated: boolean;
@@ -91,17 +103,21 @@ export interface EditData {
     slug: string;
     /** The site's link targets, for the preview resolver and the link picker; from the committed manifest. */
     linkTargets: LinkTarget[];
-    /** The minimal media-resolver input the edit page builds its preview `resolveMedia` from, keyed by
-     *  the 16-hex content hash and parallel to `linkTargets`. Empty when media is off or the read fails. */
+    /**
+     * The minimal media-resolver input the edit page builds its preview `resolveMedia` from, keyed by
+     *  the 16-hex content hash and parallel to `linkTargets`. Empty when media is off or the read fails.
+     */
     mediaTargets: Record<string, {
         slug: string;
         ext: string;
         contentType: string;
     }>;
-    /** The picker's human layer for each stored asset, keyed by the 16-hex content hash and projected
+    /**
+     * The picker's human layer for each stored asset, keyed by the 16-hex content hash and projected
      *  from the same committed media manifest read that populates `mediaTargets`. The `hash` field
      *  duplicates the key, so the picker can iterate `Object.values`. Empty when media is off or the
-     *  read fails (the same degradation path as `mediaTargets`). */
+     *  read fails (the same degradation path as `mediaTargets`).
+     */
     mediaLibrary: MediaLibrary;
     /** The entries that link to this one, for the delete guard. Empty when nothing links here. */
     inboundLinks: InboundLink[];
@@ -113,107 +129,152 @@ export interface EditData {
     publishedFlash: boolean;
     /** True after a discard redirect (`?discarded=1`), for the confirmation strip. */
     discardedFlash: boolean;
-    /** The adapter's preview knob resolved for this entry's concept (its `byConcept` override,
+    /**
+     * The adapter's preview knob resolved for this entry's concept (its `byConcept` override,
      *  when one exists, applied over the top-level values); null when the site sets none, which
-     *  leaves the frame rendering unstyled markup behind a hint. */
+     *  leaves the frame rendering unstyled markup behind a hint.
+     */
     preview: ResolvedPreview | null;
-    /** The spellcheck dictionary file for the site's configured dialect (default US English), resolved
+    /**
+     * The spellcheck dictionary file for the site's configured dialect (default US English), resolved
      *  once at compose. The editor resolves it to a real asset URL on the main thread and hands that URL
      *  to the spellcheck Worker's `init`, the same way `mediaLibrary` is threaded in. Just the filename,
-     *  e.g. "dictionary-en-us.txt". */
+     *  e.g. "dictionary-en-us.txt".
+     */
     spellcheckDictionary: string;
-    /** The committed personal-dictionary words for the site (spec 1.6): the durable, shared, reviewable
+    /**
+     * The committed personal-dictionary words for the site (spec 1.6): the durable, shared, reviewable
      *  layer the editor seeds the spellcheck Worker's personal set from, the way `mediaLibrary` is handed
      *  in. Read from the git-committed `dictionary.txt` at editor load; empty when the file is absent or
      *  unreadable (the editor degrades to dialect-only). The dialect dictionary and the session ignore
-     *  list are the other two layers; only this one is committed. */
+     *  list are the other two layers; only this one is committed.
+     */
     siteDictionary: string[];
-    /** The editor-tier tidy facts the review surface needs (spec 2.5): whether tidy is enabled, the model
+    /**
+     * The editor-tier tidy facts the review surface needs (spec 2.5): whether tidy is enabled, the model
      *  that runs (for the head pill), and the RESOLVED conventions (the only data source for a
      *  normalization's because-line and the local category inference). The API key never appears here, it
-     *  is a Worker secret. `enabled` false hides the Tidy control. */
+     *  is a Worker secret. `enabled` false hides the Tidy control.
+     */
     tidy: {
         enabled: boolean;
         model: string;
         conventions: TidyConventions;
     };
+    /** Non-blocking editor advisories built server-side; today the cross-branch address collision. */
+    advisories: AdvisoryNotice[];
 }
-/** One asset's where-used overlay, kept separate from MediaLibraryEntry so the picker's shared
- *  projection stays decoupled from the Library-only usage facts. */
+/**
+ * One asset's where-used overlay, kept separate from MediaLibraryEntry so the picker's shared
+ *  projection stays decoupled from the Library-only usage facts.
+ */
 export interface MediaUsageInfo {
     /** Distinct content entries that reference the asset (count by distinct concept+id). */
     count: number;
     /** Every where-used row (published and edit-branch origins), for the detail's grouped list. */
     entries: UsageEntry[];
 }
-/** The Media Library screen's data: the unioned assets, the per-hash usage overlay, and the
+/**
+ * The Media Library screen's data: the unioned assets, the per-hash usage overlay, and the
  *  degraded-load error. The usage overlay is keyed by content hash; an asset with no references
- *  simply has no key, which the screen renders as "no references found". */
+ *  simply has no key, which the screen renders as "no references found".
+ */
 export interface MediaLibraryData {
     assets: MediaLibraryEntry[];
     /** Per-hash usage overlay, kept separate from MediaLibraryEntry so the popover stays decoupled. */
     usage: Record<string, MediaUsageInfo>;
-    /** The degraded-load error: a failed token mint or media read. This slot is the failure of THIS
+    /**
+     * The degraded-load error: a failed token mint or media read. This slot is the failure of THIS
      *  load, distinct from a prior action's conflict error (see `flashError`), so a read failure and a
-     *  redirected commit conflict never overwrite each other. */
+     *  redirected commit conflict never overwrite each other.
+     */
     error: string | null;
-    /** The success flash a redirected action carries: `deleted` from `?deleted=1`, `updated` from
+    /**
+     * The success flash a redirected action carries: `deleted` from `?deleted=1`, `updated` from
      *  `?updated=1`, `replaced` from `?replaced=1`, `altPropagated` from `?altPropagated=1`,
      *  `bulkDeleted` from `?bulkDeleted=1`, `orphansPurged` from `?orphansPurged=1`, null otherwise.
-     *  The component renders a polite success strip for each. */
+     *  The component renders a polite success strip for each.
+     */
     flash: 'deleted' | 'updated' | 'replaced' | 'altPropagated' | 'bulkDeleted' | 'orphansPurged' | null;
-    /** A redirected action's conflict error read from `?error=` (a commit-conflict bounce). Kept in
-     *  its own slot rather than the degraded-load `error` above, so the two never collide. */
+    /**
+     * A redirected action's conflict error read from `?error=` (a commit-conflict bounce). Kept in
+     *  its own slot rather than the degraded-load `error` above, so the two never collide.
+     */
     flashError: string | null;
 }
-/** The two-tier tidy settings load (spec 2.8, Task 15). The developer tier is read-only: `enabled`,
+/**
+ * The two-tier tidy settings load (spec 2.8, Task 15). The developer tier is read-only: `enabled`,
  *  `keyConfigured`, and `model`/`modelLabel` are deploy-time facts the editor sees but cannot change.
  *  The editor tier is the resolved `conventions` block, written back through the save. The visibility
  *  gate is truthful: `enabled` is true only when `tidy.enabled` is set AND the API key is present, so
  *  the screen renders the convention list only then and the honest gate note otherwise. The key is a
  *  Worker secret, so `keyConfigured` is the presence of `ANTHROPIC_API_KEY` in the load's env, never
- *  the key itself; nothing here returns or logs the secret. */
+ *  the key itself; nothing here returns or logs the secret.
+ */
 export interface SettingsData {
-    /** The truthful gate: tidy is enabled AND the API key is present. The screen renders the editor
+    /**
+     * The truthful gate: tidy is enabled AND the API key is present. The screen renders the editor
      *  tier only when this is true, and the honest gate note (a labelled region, no disabled controls)
-     *  otherwise. */
+     *  otherwise.
+     */
     enabled: boolean;
-    /** Whether `tidy.enabled` is set in the site config, independent of the key. The gate note's
-     *  checklist reads this to show which deploy-time step is still open. */
+    /**
+     * Whether `tidy.enabled` is set in the site config, independent of the key. The gate note's
+     *  checklist reads this to show which deploy-time step is still open.
+     */
     tidyEnabled: boolean;
     /** Whether the API key secret is present in the Worker env. A presence flag, never the key. */
     keyConfigured: boolean;
     /** The model id (a developer-tier fact, read-only on the screen). */
     model: string;
-    /** A plain-language label for the model id ("Claude Sonnet"), so the read-only fact is not a bare
-     *  jargon token. Falls back to the raw id for an unknown model. */
+    /**
+     * A plain-language label for the model id ("Claude Sonnet"), so the read-only fact is not a bare
+     *  jargon token. Falls back to the raw id for an unknown model.
+     */
     modelLabel: string;
-    /** The resolved editor-tier conventions: every field concrete, the screen's initial control state.
-     *  Present only when the gate is open; the gate state needs no conventions. */
+    /**
+     * The resolved editor-tier conventions: every field concrete, the screen's initial control state.
+     *  Present only when the gate is open; the gate state needs no conventions.
+     */
     conventions: TidyConventions;
     /** The success flash a redirected save carries (`?saved=1`). */
     saved: boolean;
     /** A redirected save's validation or conflict error read from `?error=`. */
     error: string | null;
 }
-/** A refused settings save: a conflict bounce or a malformed conventions payload. Just the one-line
- *  summary; the save commits nothing on a refusal. */
+/**
+ * A refused settings save: a conflict bounce or a malformed conventions payload. Just the one-line
+ *  summary; the save commits nothing on a refusal.
+ */
 export interface SettingsSaveFailure {
     error: string;
 }
+/**
+ * The Help home's data: the derived getting-started progress, the full markdown reference (the
+ *  component curates by group), and the optional support hand-off (rendered only when set).
+ */
+export interface HelpData {
+    gettingStarted: GettingStarted;
+    reference: MarkdownReferenceRow[];
+    supportContact?: string;
+}
 /** The structural event the content routes read; a real SvelteKit RequestEvent satisfies it. */
 export interface ContentEvent extends EventBase<GithubKeyEnv> {
     params: Record<string, string>;
-    /** SvelteKit's cookie jar. The layout load reads the persisted admin theme and issues the CSRF
-     *  token. Optional for non-route callers. */
+    /**
+     * SvelteKit's cookie jar. The layout load reads the persisted admin theme and issues the CSRF
+     *  token. Optional for non-route callers.
+     */
     cookies?: CookieJar;
 }
 /** Injectable dependencies; tests stub the token mint to avoid signing a real key. */
-/** The minimal Anthropic client surface the tidy action uses, typed structurally so the SDK's deep
+/**
+ * The minimal Anthropic client surface the tidy action uses, typed structurally so the SDK's deep
  *  generics never reach a public signature and so the integration test can inject a fake whose
  *  `messages.create` it stubs. The real factory builds `new Anthropic({ apiKey })`, which satisfies
  *  this shape. The success path reads only the text blocks, the model, the stop reason, and the usage
- *  counts. */
+ *  counts.
+ */
 export interface TidyClient {
     messages: {
         create(body: {
@@ -241,25 +302,33 @@ export interface TidyClient {
     };
 }
 export interface ContentRoutesDeps {
-    /** Mint a GitHub App installation token from the Worker env. Defaults to the real signer.
-     *  A bare string works too; the routes await whatever comes back. */
+    /**
+     * Mint a GitHub App installation token from the Worker env. Defaults to the real signer.
+     *  A bare string works too; the routes await whatever comes back.
+     */
     mintToken?: (env: GithubKeyEnv) => string | Promise<string>;
-    /** Build the Anthropic client for the tidy action from the resolved API key. Defaults to the real
+    /**
+     * Build the Anthropic client for the tidy action from the resolved API key. Defaults to the real
      *  SDK client. Injected in tests so `messages.create` is stubbed and no network call (or real key)
      *  is ever needed. The factory runs only after the key is read from the env, so a disabled or
-     *  unconfigured site never constructs a client. */
+     *  unconfigured site never constructs a client.
+     */
     anthropic?: (opts: {
         apiKey: string;
     }) => TidyClient;
-    /** The tidy action's own request deadline in milliseconds, set shorter than the platform limit so a
+    /**
+     * The tidy action's own request deadline in milliseconds, set shorter than the platform limit so a
      *  slow model call becomes a clean retryable fail(502) rather than a platform timeout. Defaults to
-     *  {@link DEFAULT_TIDY_TIMEOUT_MS}. Overridable in tests to assert the deadline path without waiting. */
+     *  {@link DEFAULT_TIDY_TIMEOUT_MS}. Overridable in tests to assert the deadline path without waiting.
+     */
     tidyTimeoutMs?: number;
 }
-/** The successful tidy outcome (spec 2.1): the corrected markdown, the model that produced it, and the
+/**
+ * The successful tidy outcome (spec 2.1): the corrected markdown, the model that produced it, and the
  *  token usage. The diff is computed on the client (Task 12), so the server returns the plain text and
  *  commits nothing. Admin-internal: consumed by the editor's review surface, not on the package's
- *  sveltekit subpath, so it carries no reference page. */
+ *  sveltekit subpath, so it carries no reference page.
+ */
 export interface TidyResult {
     corrected: string;
     model: string;
@@ -268,10 +337,12 @@ export interface TidyResult {
         output_tokens: number;
     };
 }
-/** A refused tidy: `fail(403)` on a failed CSRF check, `fail(503)` when tidy is disabled or the API
+/**
+ * A refused tidy: `fail(403)` on a failed CSRF check, `fail(503)` when tidy is disabled or the API
  *  key is missing, `fail(413)` for an over-long body, `fail(502)` for a deadline overrun, abort, or
  *  model error (all retryable), `fail(422)` for a model refusal, `fail(400)` for a malformed body. Just
- *  the one-line summary; the action commits nothing, so a refusal can never corrupt the entry. */
+ *  the one-line summary; the action commits nothing, so a refusal can never corrupt the entry.
+ */
 export interface TidyFailure {
     error: string;
 }
@@ -298,9 +369,11 @@ export interface RenameFailure {
     /** The one-line human summary every content action failure carries. */
     error: string;
 }
-/** A refused media delete: `fail(404)` for an asset not committed on the default branch, or
+/**
+ * A refused media delete: `fail(404)` for an asset not committed on the default branch, or
  *  `fail(409)` when a fresh usage read finds the asset still in use and the typed-slug override
- *  was not given. `fail(503)` covers media-off or a missing bucket binding. */
+ *  was not given. `fail(503)` covers media-off or a missing bucket binding.
+ */
 export interface MediaDeleteRefusal {
     /** The one-line human summary every action failure carries. */
     error: string;
@@ -311,49 +384,63 @@ export interface MediaDeleteRefusal {
     /** The distinct-entry count behind the refusal; zero when the asset is uncommitted. */
     foundIn: number;
 }
-/** A refused media metadata edit: `fail(404)` for an asset not committed on the default branch, or
- *  `fail(400)` for an invalid slug. */
+/**
+ * A refused media metadata edit: `fail(404)` for an asset not committed on the default branch, or
+ *  `fail(400)` for an invalid slug.
+ */
 export interface MediaUpdateFailure {
     /** The one-line human summary every action failure carries. */
     error: string;
 }
-/** A refused media replace: `fail(409)` when a fresh usage read finds the asset still in use and the
+/**
+ * A refused media replace: `fail(409)` when a fresh usage read finds the asset still in use and the
  *  typed-slug override was not given, or `fail(503)` when usage cannot be verified (fail closed) or the
- *  bucket is unbound. Mirrors MediaDeleteRefusal: the asset hash, the where-used rows, and the count. */
+ *  bucket is unbound. Mirrors MediaDeleteRefusal: the asset hash, the where-used rows, and the count.
+ */
 export interface MediaReplaceFailure {
     error: string;
     hash: string;
     usage: UsageEntry[];
     foundIn: number;
 }
-/** A refused media alt-propagation: `fail(503)` when usage cannot be verified across main and every
+/**
+ * A refused media alt-propagation: `fail(503)` when usage cannot be verified across main and every
  *  open branch (fail closed), or the bucket is unbound. Just the one-line summary; alt fill has no
- *  typed-slug gate. */
+ *  typed-slug gate.
+ */
 export interface MediaAltPropagateFailure {
     error: string;
 }
-/** The personal-dictionary add outcome (spec 1.6): the merged, canonical sorted word list after the
+/**
+ * The personal-dictionary add outcome (spec 1.6): the merged, canonical sorted word list after the
  *  add landed. The client reconciles its pending-additions set against this (a word now in the list is
  *  committed and dropped from pending). Admin-internal: exported for the editor host's reconcile, not
- *  on the package's sveltekit subpath, so it carries no reference page. */
+ *  on the package's sveltekit subpath, so it carries no reference page.
+ */
 export interface DictionaryAddResult {
     words: string[];
 }
-/** A refused personal-dictionary add: `fail(403)` on a failed CSRF check, `fail(400)` on a body that
+/**
+ * A refused personal-dictionary add: `fail(403)` on a failed CSRF check, `fail(400)` on a body that
  *  carries no valid word. The client keeps its pending additions for the session and re-attempts on
- *  the next save, so the word is never silently dropped. Just the one-line summary. */
+ *  the next save, so the word is never silently dropped. Just the one-line summary.
+ */
 export interface DictionaryAddFailure {
     error: string;
 }
-/** A refused media bulk delete or orphan purge: `fail(503)` for the fail-closed strict-usage refusal
+/**
+ * A refused media bulk delete or orphan purge: `fail(503)` for the fail-closed strict-usage refusal
  *  (the whole batch refuses) or media-off / a missing bucket binding. The per-item outcomes ride the
- *  returned summary, not a fail. */
+ *  returned summary, not a fail.
+ */
 export interface MediaBulkFailure {
     error: string;
 }
-/** The bulk-delete outcome the component renders: the deleted hashes, the skipped rows from the
+/**
+ * The bulk-delete outcome the component renders: the deleted hashes, the skipped rows from the
  *  partition (with their reason and where-used), and any per-object R2 delete failure. Admin-internal,
- *  not on the package subpath, so no reference page. */
+ *  not on the package subpath, so no reference page.
+ */
 export interface MediaBulkDeleteResult {
     deleted: string[];
     skipped: BulkDeleteSkip[];
@@ -362,8 +449,10 @@ export interface MediaBulkDeleteResult {
         error: string;
     }[];
 }
-/** The orphan-purge outcome: the purged R2 keys, the keys skipped because their hash was claimed by a
- *  manifest row since the scan, and any per-object delete failure. Admin-internal, no reference page. */
+/**
+ * The orphan-purge outcome: the purged R2 keys, the keys skipped because their hash was claimed by a
+ *  manifest row since the scan, and any per-object delete failure. Admin-internal, no reference page.
+ */
 export interface MediaOrphanPurgeResult {
     purged: string[];
     skippedClaimed: string[];
@@ -372,11 +461,13 @@ export interface MediaOrphanPurgeResult {
         error: string;
     }[];
 }
-/** One entry the replace preview will rewrite, enriched with its display title and permalink from the
+/**
+ * One entry the replace preview will rewrite, enriched with its display title and permalink from the
  *  content manifest (the planner's PlannedEntry carries neither). The screen lists these as the
  *  confirm dialog's where-touched preview, and the apply re-derives its own plan rather than trusting
  *  this. Admin-internal: exported from content-routes for the bundled Media Library component, not
- *  added to the package's sveltekit subpath, so it carries no reference page. */
+ *  added to the package's sveltekit subpath, so it carries no reference page.
+ */
 export interface MediaReplacePreviewEntry {
     /** The concept id, e.g. "posts". */
     concept: string;
@@ -389,20 +480,24 @@ export interface MediaReplacePreviewEntry {
     /** The per-reference diff for this entry: one placement per repointed `media:` token. */
     placements: RepointPlacement[];
 }
-/** The replace preview plan: the affected main entries (enriched), the distinct affected count, and
+/**
+ * The replace preview plan: the affected main entries (enriched), the distinct affected count, and
  *  the report-only cross-branch delta (open cairn/* branches that reference the same bytes; an apply
- *  rewrites main only). Display-only: the apply re-derives a fresh plan and never trusts this. */
+ *  rewrites main only). Display-only: the apply re-derives a fresh plan and never trusts this.
+ */
 export interface MediaReplacePreviewPlan {
     affectedCount: number;
     entries: MediaReplacePreviewEntry[];
     branchDelta: BranchRef[];
 }
-/** One entry the alt-propagation preview reports, enriched with its display title and permalink from
+/**
+ * One entry the alt-propagation preview reports, enriched with its display title and permalink from
  *  the content manifest. Its placements carry every reference of the asset on this entry, each tagged
  *  with the bucket it falls in (a will-fill, a customized alt left as-is, or a decorative hero), so
  *  the screen can show what would change. Admin-internal: exported from content-routes for the bundled
  *  Media Library component, not added to the package's sveltekit subpath, so it carries no reference
- *  page. */
+ *  page.
+ */
 export interface MediaAltPreviewEntry {
     /** The concept id, e.g. "posts". */
     concept: string;
@@ -415,11 +510,13 @@ export interface MediaAltPreviewEntry {
     /** The per-reference diff for this entry: one placement per reference of the asset. */
     placements: AltPlacement[];
 }
-/** The alt-propagation preview plan: every entry that references the asset (enriched), the report-only
+/**
+ * The alt-propagation preview plan: every entry that references the asset (enriched), the report-only
  *  cross-branch delta, and the bucket counts aggregated across every placement. Display-only: the
  *  apply re-derives a fresh plan and never trusts this. The preview reports an entry even when its
  *  only placements are reported-but-unchanged (a kept custom alt, a decorative hero), so the screen
- *  can show every bucket; the apply commits only the entries it actually changes. */
+ *  can show every bucket; the apply commits only the entries it actually changes.
+ */
 export interface MediaAltPreviewPlan {
     entries: MediaAltPreviewEntry[];
     branchDelta: BranchRef[];
@@ -430,24 +527,32 @@ export interface MediaAltPreviewPlan {
         decorativeSkipped: number;
     };
 }
-/** What a route's single `form` export presents to a view component: whichever content action
+/**
+ * What a route's single `form` export presents to a view component: whichever content action
  *  last failed, merged with every field optional. `error` is always set on a failure; the richer
  *  keys identify which guard refused. The media refusals ride here too, so the Media Library's one
  *  `form` prop carries a `?/mediaDelete`, `?/mediaUpdate`, `?/mediaReplace`, or `?/mediaAltPropagate`
- *  refusal without a second type. */
+ *  refusal without a second type.
+ */
 export type ContentFormFailure = Partial<SaveFailure & DeleteRefusal & RenameFailure & MediaDeleteRefusal & MediaUpdateFailure & MediaReplaceFailure & MediaAltPropagateFailure & MediaBulkFailure & TidyFailure>;
-/** The successful upload's response (`uploadAction`). The server-owned `record` rides the editor's
+/**
+ * The successful upload's response (`uploadAction`). The server-owned `record` rides the editor's
  *  optimistic client state and commits with the entry at Save (the upload itself commits nothing).
  *  `reused` is true when identical bytes were already stored, so the second upload did no second put;
- *  `mismatch` flags an existing object whose stored content type differs from this sniff. */
+ *  `mismatch` flags an existing object whose stored content type differs from this sniff.
+ */
 export interface UploadResult {
     reference: string;
     record: MediaEntry;
     reused: boolean;
     mismatch: boolean;
 }
+/**
+ *
+ */
 export declare function createContentRoutes(runtime: CairnRuntime, deps?: ContentRoutesDeps): {
     layoutLoad: (event: ContentEvent) => Promise<LayoutData>;
+    helpLoad: (event: ContentEvent) => Promise<HelpData>;
     indexRedirect: () => never;
     listLoad: (event: ContentEvent) => Promise<ListData>;
     mediaLibraryLoad: (event: ContentEvent) => Promise<MediaLibraryData>;