@glw907/cairn-cms 0.60.1 → 0.62.1

package/dist/doctor/index.d.ts

@@ -5,8 +5,10 @@ export interface DoctorArgs {
     from?: string;
     repo?: string;
     sendTest?: string;
-    /** The live admin probe: a URL when --probe carried one, true for the bare flag (probe the
-     *  PUBLIC_ORIGIN input), absent when the flag never appeared (the probe does not run). */
+    /**
+     * The live admin probe: a URL when --probe carried one, true for the bare flag (probe the
+     *  PUBLIC_ORIGIN input), absent when the flag never appeared (the probe does not run).
+     */
     probe?: string | true;
 }
 /** Parse the bin's argv (long flags only). Throws with a usage line on anything unexpected. */
@@ -18,12 +20,16 @@ export declare function parseArgs(argv: string[]): DoctorArgs;
  * readFile stay with the bin, which injects the real ones.
  */
 export declare function contextFromEnv(env: Record<string, string | undefined>, args: DoctorArgs, cwd: string): Omit<DoctorContext, 'fetch' | 'readFile'>;
-/** The lazy derivation sources the bin wires up: the adapter read through the consumer's own
+/**
+ * The lazy derivation sources the bin wires up: the adapter read through the consumer's own
  *  Vite resolution and the wrangler config's account_id. Each runs only when an input it feeds
- *  is still missing, so a doctor run with full flags touches neither. */
+ *  is still missing, so a doctor run with full flags touches neither.
+ */
 export interface DerivationSources {
-    /** Returns { owner, repo, from, mediaBucketBinding } off the adapter, or null when nothing is
-     *  derivable. */
+    /**
+     * Returns `{ owner, repo, from, mediaBucketBinding }` off the adapter, or null when nothing is
+     *  derivable.
+     */
     adapterFacts: () => Promise<{
         owner?: string;
         repo?: string;

package/dist/doctor/report.d.ts

@@ -1,4 +1,7 @@
 import type { CheckResult, DoctorCheck } from './types.js';
+/**
+ *
+ */
 export declare function formatReport(results: {
     check: DoctorCheck;
     result: CheckResult;

package/dist/doctor/report.js

@@ -8,6 +8,9 @@ const TAG = {
     fail: 'FAIL',
     skip: 'SKIP',
 };
+/**
+ *
+ */
 export function formatReport(results) {
     const lines = results.map(({ check, result }) => `${TAG[result.status]}  ${check.title}: ${result.detail}`);
     const failures = results.filter(({ result }) => result.status === 'fail');

package/dist/doctor/run.d.ts

@@ -1,4 +1,7 @@
 import type { CheckResult, DoctorCheck, DoctorContext } from './types.js';
+/**
+ *
+ */
 export declare function runDoctor(checks: DoctorCheck[], ctx: DoctorContext): Promise<{
     results: {
         check: DoctorCheck;

package/dist/doctor/run.js

@@ -1,6 +1,9 @@
 // The doctor's runner: every check executes, every result lands in the table. A throwing check
 // records a fail and the run continues, so one broken probe never hides the rest of the picture.
 import { fail } from './types.js';
+/**
+ *
+ */
 export async function runDoctor(checks, ctx) {
     const results = [];
     let failed = 0;

package/dist/doctor/types.d.ts

@@ -6,7 +6,13 @@ export interface CheckResult {
 }
 /** Result constructors, so a check body reads one outcome per line instead of object literals. */
 export declare function pass(detail: string): CheckResult;
+/**
+ *
+ */
 export declare function fail(detail: string): CheckResult;
+/**
+ *
+ */
 export declare function skip(detail: string): CheckResult;
 export interface DoctorCheck {
     /** Stable id, e.g. 'email.sender-onboarded'. */
@@ -30,8 +36,10 @@ export interface DoctorContext {
     cfAccountId?: string;
     /** PUBLIC_ORIGIN, the env fallback when the wrangler vars carry none. */
     publicOrigin?: string;
-    /** The adapter's media bucket binding (cairn.assets.bucketBinding), derived off the adapter.
-     *  Undefined when the site declares no media assets; the media-bucket check skips in that case. */
+    /**
+     * The adapter's media bucket binding (cairn.assets.bucketBinding), derived off the adapter.
+     *  Undefined when the site declares no media assets; the media-bucket check skips in that case.
+     */
     mediaBucketBinding?: string;
     /** GITHUB_APP_ID / GITHUB_APP_INSTALLATION_ID / GITHUB_APP_PRIVATE_KEY_B64. */
     github?: {

package/dist/doctor/types.js

@@ -2,9 +2,15 @@
 export function pass(detail) {
     return { status: 'pass', detail };
 }
+/**
+ *
+ */
 export function fail(detail) {
     return { status: 'fail', detail };
 }
+/**
+ *
+ */
 export function skip(detail) {
     return { status: 'skip', detail };
 }

package/dist/doctor/wrangler-config.d.ts

@@ -12,8 +12,13 @@ export interface WranglerFacts {
     publicOrigin?: string;
     /** The top-level account_id, when declared; a fallback for CLOUDFLARE_ACCOUNT_ID. */
     accountId?: string;
-    /** The declared r2_buckets binding names; the conditional media check matches the adapter's
-     *  bucketBinding against this. Not part of the hard config.bindings check (decision 9). */
+    /**
+     * The declared r2_buckets binding names; the conditional media check matches the adapter's
+     *  bucketBinding against this. Not part of the hard config.bindings check (decision 9).
+     */
     r2Buckets: string[];
 }
+/**
+ *
+ */
 export declare function readWranglerConfig(readFile: DoctorContext['readFile']): Promise<WranglerFacts | null>;

package/dist/doctor/wrangler-config.js

@@ -1,3 +1,6 @@
+/**
+ *
+ */
 export async function readWranglerConfig(readFile) {
     const jsonc = await readFile('wrangler.jsonc');
     if (jsonc !== null)

package/dist/email.d.ts

@@ -15,9 +15,11 @@ export interface AuthBranding {
     from: string;
     replyTo?: string;
 }
-/** The injected send. Production uses `cloudflareSend`; tests pass a sink. A thrown error's
+/**
+ * The injected send. Production uses `cloudflareSend`; tests pass a sink. A thrown error's
  *  text reaches the structured log (scrubbed and truncated), so a custom sender must not embed
- *  the message body or the magic link in what it throws. */
+ *  the message body or the magic link in what it throws.
+ */
 export type SendMagicLink = (env: AuthEnv, message: MagicLinkMessage) => Promise<void>;
 /** Build the confirmation email. The link is the only action; the copy stays plain. */
 export declare function buildMagicLinkMessage(input: {

package/dist/env.d.ts

@@ -5,7 +5,6 @@ import type { DeliveryBucket } from './media/delivery-bucket.js';
  *
  * The origin is always config-derived, never read from a request header, so a
  * forged Host header cannot redirect a magic link (spec 7.1, risk H3).
- *
  * @throws CairnError (`config.public-origin-invalid`) when `PUBLIC_ORIGIN` is unset or
  * empty, fails to parse as a URL, or uses http on a non-local host.
  */
@@ -17,7 +16,6 @@ export declare function requireOrigin(env: {
  *
  * The handlers read D1 off `event.platform.env`; without this a misconfigured binding
  * surfaces as a raw `TypeError` deep in a store call. This gives the failure a name.
- *
  * @throws CairnError (`config.bindings-missing`) when `AUTH_DB` is missing.
  */
 export declare function requireDb(env: {
@@ -37,7 +35,6 @@ export declare function requireDb(env: {
  * which is truthy but carries no callable `get`. Without that check the cast would succeed and the
  * first `bucket.get(...)` would throw an uncaught 500 rather than the drained 503 a missing binding
  * earns.
- *
  * @throws CairnError (`config.bindings-missing`) when the named binding is absent or not an R2 bucket.
  */
 export declare function requireBucket(env: Record<string, unknown>, bindingName: string): DeliveryBucket;

package/dist/env.js

@@ -4,7 +4,6 @@ import { CairnError } from './diagnostics/index.js';
  *
  * The origin is always config-derived, never read from a request header, so a
  * forged Host header cannot redirect a magic link (spec 7.1, risk H3).
- *
  * @throws CairnError (`config.public-origin-invalid`) when `PUBLIC_ORIGIN` is unset or
  * empty, fails to parse as a URL, or uses http on a non-local host.
  */
@@ -38,7 +37,6 @@ export function requireOrigin(env) {
  *
  * The handlers read D1 off `event.platform.env`; without this a misconfigured binding
  * surfaces as a raw `TypeError` deep in a store call. This gives the failure a name.
- *
  * @throws CairnError (`config.bindings-missing`) when `AUTH_DB` is missing.
  */
 export function requireDb(env) {
@@ -61,7 +59,6 @@ export function requireDb(env) {
  * which is truthy but carries no callable `get`. Without that check the cast would succeed and the
  * first `bucket.get(...)` would throw an uncaught 500 rather than the drained 503 a missing binding
  * earns.
- *
  * @throws CairnError (`config.bindings-missing`) when the named binding is absent or not an R2 bucket.
  */
 export function requireBucket(env, bindingName) {

package/dist/github/branches.d.ts

@@ -5,7 +5,9 @@ export declare function branchHeadSha(repo: RepoRef, branch: string, token: stri
 export declare function createBranch(repo: RepoRef, branch: string, fromSha: string, token: string): Promise<void>;
 /** Delete `branch`. A 404 (already gone) is success: the desired state holds. */
 export declare function deleteBranch(repo: RepoRef, branch: string, token: string): Promise<void>;
-/** Branch names under `prefix`, sorted. The matching-refs API paginates at 30 by default, so a
+/**
+ * Branch names under `prefix`, sorted. The matching-refs API paginates at 30 by default, so a
  *  site with 31+ pending entries would silently truncate; request the 100-per-page maximum and
- *  follow the Link rel="next" chain until exhausted. */
+ *  follow the Link rel="next" chain until exhausted.
+ */
 export declare function listBranches(repo: RepoRef, prefix: string, token: string): Promise<string[]>;

package/dist/github/branches.js

@@ -57,9 +57,11 @@ function nextPageUrl(link) {
     }
     return null;
 }
-/** Branch names under `prefix`, sorted. The matching-refs API paginates at 30 by default, so a
+/**
+ * Branch names under `prefix`, sorted. The matching-refs API paginates at 30 by default, so a
  *  site with 31+ pending entries would silently truncate; request the 100-per-page maximum and
- *  follow the Link rel="next" chain until exhausted. */
+ *  follow the Link rel="next" chain until exhausted.
+ */
 export async function listBranches(repo, prefix, token) {
     const names = [];
     let url = `${gitUrl(repo, `matching-refs/heads/${prefix}`)}?per_page=100`;

package/dist/github/signing.d.ts

@@ -7,7 +7,7 @@ export declare function installationToken(creds: AppCredentials): Promise<string
  * Build an installation-token cache. A module-global instance memoizes the minted token per
  * installation for most of its one-hour life, so a warm Worker isolate reuses it across requests
  * instead of re-signing and re-calling GitHub on every list and commit. A cold isolate re-mints,
- * which is always safe. This mirrors the default of @octokit/auth-app, which caches installation
+ * which is always safe. This mirrors the default of `@octokit/auth-app`, which caches installation
  * tokens in memory and returns them until expiry. The TTL stays under GitHub's documented one-hour
  * lifetime, so a fixed margin avoids parsing the API expiry. The cache holds the in-flight
  * promise, not the resolved token, so a cold isolate's parallel loads coalesce into one mint;

package/dist/github/signing.js

@@ -10,7 +10,7 @@ function bytesToB64url(bytes) {
 function buf(bytes) {
     return bytes.buffer.slice(bytes.byteOffset, bytes.byteOffset + bytes.byteLength);
 }
-/** DER length octets for a value of `n` bytes (short form < 128, else long form). */
+/** DER length octets for a value of `n` bytes (short form `< 128`, else long form). */
 function derLength(n) {
     if (n < 0x80)
         return [n];
@@ -63,7 +63,7 @@ export async function installationToken(creds) {
  * Build an installation-token cache. A module-global instance memoizes the minted token per
  * installation for most of its one-hour life, so a warm Worker isolate reuses it across requests
  * instead of re-signing and re-calling GitHub on every list and commit. A cold isolate re-mints,
- * which is always safe. This mirrors the default of @octokit/auth-app, which caches installation
+ * which is always safe. This mirrors the default of `@octokit/auth-app`, which caches installation
  * tokens in memory and returns them until expiry. The TTL stays under GitHub's documented one-hour
  * lifetime, so a fixed margin avoids parsing the API expiry. The cache holds the in-flight
  * promise, not the resolved token, so a cold isolate's parallel loads coalesce into one mint;

package/dist/log/events.d.ts

@@ -1 +1 @@
-export type CairnLogEvent = 'auth.link.requested' | 'auth.link.send_failed' | 'auth.token.minted' | 'auth.token.confirmed' | 'auth.session.created' | 'auth.session.destroyed' | 'commit.succeeded' | 'commit.failed' | 'config.invalid' | 'entry.published' | 'entry.discarded' | 'publish.failed' | 'github.unreachable' | 'guard.rejected' | 'media.uploaded' | 'media.upload_failed' | 'media.delivery_failed' | 'media.orphan_reconcile' | 'media.resolve_missing' | 'media.deleted' | 'media.delete_blocked' | 'media.bulk_deleted' | 'media.orphans_purged' | 'media.replaced' | 'media.replace_blocked' | 'media.alt_propagated' | 'dictionary.added' | 'dictionary.add_conflict' | 'tidy.done' | 'tidy.error' | 'tidy.refused' | 'tidy.empty';
+export type CairnLogEvent = 'auth.link.requested' | 'auth.link.send_failed' | 'auth.token.minted' | 'auth.token.confirmed' | 'auth.session.created' | 'auth.session.destroyed' | 'commit.succeeded' | 'commit.failed' | 'config.invalid' | 'entry.published' | 'entry.discarded' | 'publish.failed' | 'publish.address_collision' | 'github.unreachable' | 'guard.rejected' | 'media.uploaded' | 'media.upload_failed' | 'media.delivery_failed' | 'media.orphan_reconcile' | 'media.resolve_missing' | 'media.deleted' | 'media.delete_blocked' | 'media.bulk_deleted' | 'media.orphans_purged' | 'media.replaced' | 'media.replace_blocked' | 'media.alt_propagated' | 'dictionary.added' | 'dictionary.add_conflict' | 'tidy.done' | 'tidy.error' | 'tidy.refused' | 'tidy.empty';

package/dist/media/bulk-delete-plan.d.ts

@@ -1,14 +1,18 @@
 import type { UsageEntry, UsageIndex } from './usage.js';
 import type { MediaManifest } from './manifest.js';
-/** One selected hash that is not deleted, with why and (for the where-used) its usage rows. The rows
- *  are present only for 'still-referenced'; an 'uncommitted' skip carries an empty list. */
+/**
+ * One selected hash that is not deleted, with why and (for the where-used) its usage rows. The rows
+ *  are present only for 'still-referenced'; an 'uncommitted' skip carries an empty list.
+ */
 export interface BulkDeleteSkip {
     hash: string;
     reason: 'still-referenced' | 'uncommitted';
     usage: UsageEntry[];
 }
-/** The partitioned selection: the hashes safe to purge and the hashes held back. Both arrays keep the
- *  input order of `selected` so the screen reports them in the order the user picked. */
+/**
+ * The partitioned selection: the hashes safe to purge and the hashes held back. Both arrays keep the
+ *  input order of `selected` so the screen reports them in the order the user picked.
+ */
 export interface BulkDeletePlan {
     deletable: string[];
     skipped: BulkDeleteSkip[];

package/dist/media/config.d.ts

@@ -1,8 +1,10 @@
 import type { AssetConfig } from '../content/types.js';
 import type { VariantSpec } from './transform-url.js';
-/** The resolved media config the engine serves from. When a site declares no assets block, media is
+/**
+ * The resolved media config the engine serves from. When a site declares no assets block, media is
  *  off and the value is `{ enabled: false }`; otherwise every field is filled from the AssetConfig
- *  or its default. */
+ *  or its default.
+ */
 export type ResolvedAssetConfig = {
     enabled: false;
 } | {
@@ -13,12 +15,16 @@ export type ResolvedAssetConfig = {
     maxUploadBytes: number;
     allowedTypes: string[];
     variants: Record<string, VariantSpec>;
-    /** Whether Cloudflare Image Transformations are enabled for the zone. With it false, the media
-     *  resolver serves the bare full-size delivery path and ignores any preset. */
+    /**
+     * Whether Cloudflare Image Transformations are enabled for the zone. With it false, the media
+     *  resolver serves the bare full-size delivery path and ignores any preset.
+     */
     transformations: boolean;
 };
-/** Validate a site's AssetConfig and resolve it into a ResolvedAssetConfig. An undefined block leaves
+/**
+ * Validate a site's AssetConfig and resolve it into a ResolvedAssetConfig. An undefined block leaves
  *  media off and returns `{ enabled: false }` rather than throwing. A declared block must name its R2
  *  bucket and carry a known urlForm and valid variant fit and gravity values; each failure throws a
- *  cairn:-prefixed error. The named variants merge over the built-in presets. */
+ *  cairn:-prefixed error. The named variants merge over the built-in presets.
+ */
 export declare function normalizeAssets(assets: AssetConfig | undefined): ResolvedAssetConfig;

package/dist/media/config.js

@@ -4,8 +4,10 @@ const DEFAULT_PUBLIC_BASE = '/media';
 const DEFAULT_MAX_UPLOAD_BYTES = 25 * 1024 * 1024;
 /** The default accepted upload MIME types: the common web image formats. */
 const DEFAULT_ALLOWED_TYPES = ['image/jpeg', 'image/png', 'image/webp', 'image/gif', 'image/avif'];
-/** The built-in named transform presets. A site's `variants` merge over these, so a caller preset of
- *  the same name overrides the built-in. */
+/**
+ * The built-in named transform presets. A site's `variants` merge over these, so a caller preset of
+ *  the same name overrides the built-in.
+ */
 const BUILT_IN_PRESETS = {
     thumb: { width: 320, height: 320, fit: 'cover' },
     inline: { width: 800 },
@@ -14,8 +16,10 @@ const BUILT_IN_PRESETS = {
 };
 /** The fit values Cloudflare Images accepts. A variant whose fit is set to anything else is rejected. */
 const FIT_VALUES = new Set(['scale-down', 'contain', 'cover', 'crop', 'pad']);
-/** The named gravity keywords Cloudflare Images accepts. A gravity is also valid as a coordinate
- *  string; everything else is rejected. */
+/**
+ * The named gravity keywords Cloudflare Images accepts. A gravity is also valid as a coordinate
+ *  string; everything else is rejected.
+ */
 const GRAVITY_KEYWORDS = new Set([
     'auto',
     'face',
@@ -27,9 +31,11 @@ const GRAVITY_KEYWORDS = new Set([
 ]);
 /** A gravity coordinate string, e.g. "0.5x0.5". */
 const GRAVITY_COORD_RE = /^\d+(\.\d+)?x\d+(\.\d+)?$/;
-/** Validate one variant's fit and gravity, throwing a cairn:-prefixed error naming the offending
+/**
+ * Validate one variant's fit and gravity, throwing a cairn:-prefixed error naming the offending
  *  preset and value. The type system collapses VariantSpec.gravity to string, so the gravity check
- *  is the only guard against a bogus value reaching the transform URL. */
+ *  is the only guard against a bogus value reaching the transform URL.
+ */
 function validateVariant(name, spec) {
     if (spec.fit !== undefined && !FIT_VALUES.has(spec.fit)) {
         throw new Error(`cairn: media variant "${name}" has an unknown fit "${spec.fit}"`);
@@ -40,10 +46,12 @@ function validateVariant(name, spec) {
         throw new Error(`cairn: media variant "${name}" has an unknown gravity "${spec.gravity}"`);
     }
 }
-/** Validate a site's AssetConfig and resolve it into a ResolvedAssetConfig. An undefined block leaves
+/**
+ * Validate a site's AssetConfig and resolve it into a ResolvedAssetConfig. An undefined block leaves
  *  media off and returns `{ enabled: false }` rather than throwing. A declared block must name its R2
  *  bucket and carry a known urlForm and valid variant fit and gravity values; each failure throws a
- *  cairn:-prefixed error. The named variants merge over the built-in presets. */
+ *  cairn:-prefixed error. The named variants merge over the built-in presets.
+ */
 export function normalizeAssets(assets) {
     if (assets === undefined)
         return { enabled: false };

package/dist/media/delivery-bucket.d.ts

@@ -6,9 +6,11 @@ export interface DeliveryObject {
     httpEtag: string;
     /** The full object size in bytes, the denominator of a `Content-Range`. */
     size: number;
-    /** Present only on a ranged read: the served window, used to build the `Content-Range`. R2 fills
+    /**
+     * Present only on a ranged read: the served window, used to build the `Content-Range`. R2 fills
      *  both fields for a `bytes=start-end` request; each is typed optional so the route derives the
-     *  range bounds defensively against `size`. */
+     *  range bounds defensively against `size`.
+     */
     range?: {
         offset?: number;
         length?: number;

package/dist/media/library-entry.d.ts

@@ -24,7 +24,9 @@ export interface MediaLibraryEntry {
 }
 /** The projected library keyed by the 16-hex content hash, exactly EditData's `mediaLibrary`. */
 export type MediaLibrary = Record<string, MediaLibraryEntry>;
-/** Project a stored MediaEntry to the picker's MediaLibraryEntry, copying every display field and
+/**
+ * Project a stored MediaEntry to the picker's MediaLibraryEntry, copying every display field and
  *  dropping the source-only sha256 and original filename. The single projection editLoad and
- *  mediaLibraryLoad both call, so the popover and the Library never diverge on the shared shape. */
+ *  mediaLibraryLoad both call, so the popover and the Library never diverge on the shared shape.
+ */
 export declare function mediaLibraryEntry(entry: MediaEntry): MediaLibraryEntry;

package/dist/media/library-entry.js

@@ -1,6 +1,8 @@
-/** Project a stored MediaEntry to the picker's MediaLibraryEntry, copying every display field and
+/**
+ * Project a stored MediaEntry to the picker's MediaLibraryEntry, copying every display field and
  *  dropping the source-only sha256 and original filename. The single projection editLoad and
- *  mediaLibraryLoad both call, so the popover and the Library never diverge on the shared shape. */
+ *  mediaLibraryLoad both call, so the popover and the Library never diverge on the shared shape.
+ */
 export function mediaLibraryEntry(entry) {
     return {
         hash: entry.hash,

package/dist/media/manifest.d.ts

@@ -1,7 +1,9 @@
-/** One stored asset's row: its content hash, its human layer, and its byte and pixel facts. The
+/**
+ * One stored asset's row: its content hash, its human layer, and its byte and pixel facts. The
  *  `contentType` is the stored MIME type, so the delivery route serves it verbatim rather than
  *  guessing from the extension. `width` and `height` are null when no dimensions are known (the
- *  client is the only dimension source and a Worker cannot re-derive them). */
+ *  client is the only dimension source and a Worker cannot re-derive them).
+ */
 export interface MediaEntry {
     hash: string;
     sha256: string;
@@ -18,27 +20,39 @@ export interface MediaEntry {
 }
 /** The whole stored-asset record, keyed by the 16-hex content-hash prefix. */
 export type MediaManifest = Record<string, MediaEntry>;
-/** Parse a committed media manifest. Tolerant: an empty, missing, null, or non-object input yields
- *  an empty manifest, so a first ingest into a site with no manifest file reads a clean {}. A valid
- *  object is returned as the manifest. */
+/**
+ * Parse a committed media manifest. Tolerant: an empty, missing, null, or non-object input yields
+ *  an empty manifest, so a first ingest into a site with no manifest file reads a clean `{}`. A valid
+ *  object is returned as the manifest.
+ */
 export declare function parseMediaManifest(json: unknown): MediaManifest;
-/** Parse the posted `media` field into a validated list of MediaEntry rows. The field arrives as a
+/**
+ * Parse the posted `media` field into a validated list of MediaEntry rows. The field arrives as a
  *  JSON string (the usual form-post shape), an already-parsed array, or junk. A string is JSON-parsed
  *  inside a try/catch that yields `[]` on a parse failure; a non-string array is taken directly;
  *  anything else yields `[]`. Each element is validated and a failing element is dropped, so a partly
  *  malformed post still lands its good rows. This is the trust boundary for the client's optimistic
- *  records. */
+ *  records.
+ */
 export declare function parseMediaEntries(value: unknown): MediaEntry[];
-/** The dedup lookup: the entry stored under the content-hash prefix, or undefined when no bytes with
- *  that hash are stored yet. */
+/**
+ * The dedup lookup: the entry stored under the content-hash prefix, or undefined when no bytes with
+ *  that hash are stored yet.
+ */
 export declare function findByHash(manifest: MediaManifest, hash: string): MediaEntry | undefined;
-/** Set the entry under its own hash, replacing any same-hash row. Returns a new manifest and leaves
- *  the input untouched, so a caller's prior manifest reference stays valid. The ingest path's patch. */
+/**
+ * Set the entry under its own hash, replacing any same-hash row. Returns a new manifest and leaves
+ *  the input untouched, so a caller's prior manifest reference stays valid. The ingest path's patch.
+ */
 export declare function upsertMediaEntry(manifest: MediaManifest, entry: MediaEntry): MediaManifest;
-/** Drop the entry under the given hash, returning a new manifest and leaving the input untouched.
+/**
+ * Drop the entry under the given hash, returning a new manifest and leaving the input untouched.
  *  Removing an absent hash is a no-op that still returns an equivalent new manifest. The safe-delete
- *  path's patch. */
+ *  path's patch.
+ */
 export declare function removeMediaEntry(manifest: MediaManifest, hash: string): MediaManifest;
-/** Serialize canonically: the top-level hash keys sorted ascending, two-space pretty, and a trailing
- *  newline, so the committed file diffs cleanly in a PR and a re-serialization is byte-identical. */
+/**
+ * Serialize canonically: the top-level hash keys sorted ascending, two-space pretty, and a trailing
+ *  newline, so the committed file diffs cleanly in a PR and a re-serialization is byte-identical.
+ */
 export declare function serializeMediaManifest(manifest: MediaManifest): string;

package/dist/media/manifest.js

@@ -3,19 +3,22 @@
 // the dedup lookup: an ingest checks the content-hash prefix here before storing, so the same bytes
 // are never stored twice. It mirrors the content manifest in ../content/manifest.ts, keyed by the
 // 16-hex content-hash prefix rather than concept and id.
-/** Parse a committed media manifest. Tolerant: an empty, missing, null, or non-object input yields
- *  an empty manifest, so a first ingest into a site with no manifest file reads a clean {}. A valid
- *  object is returned as the manifest. */
+/**
+ * Parse a committed media manifest. Tolerant: an empty, missing, null, or non-object input yields
+ *  an empty manifest, so a first ingest into a site with no manifest file reads a clean `{}`. A valid
+ *  object is returned as the manifest.
+ */
 export function parseMediaManifest(json) {
     if (!json || typeof json !== 'object' || Array.isArray(json))
         return {};
     return json;
 }
-/** Validate one posted value as a MediaEntry, returning it narrowed or undefined. The trust boundary
+/**
+ * Validate one posted value as a MediaEntry, returning it narrowed or undefined. The trust boundary
  *  for an optimistic record the client re-posts: the upload action server-owned each field at
  *  creation, but a re-post is untrusted, so every field is re-checked. A `hash` must be the 16-hex
- *  content-hash prefix; the string fields must be strings; `bytes` must be finite; `width`/`height`
- *  must each be a number or null; `createdAt` must be a string. */
+ *  content-hash prefix.
+ */
 function validateMediaEntry(value) {
     if (!value || typeof value !== 'object')
         return undefined;
@@ -51,12 +54,14 @@ function validateMediaEntry(value) {
         createdAt: e.createdAt,
     };
 }
-/** Parse the posted `media` field into a validated list of MediaEntry rows. The field arrives as a
+/**
+ * Parse the posted `media` field into a validated list of MediaEntry rows. The field arrives as a
  *  JSON string (the usual form-post shape), an already-parsed array, or junk. A string is JSON-parsed
  *  inside a try/catch that yields `[]` on a parse failure; a non-string array is taken directly;
  *  anything else yields `[]`. Each element is validated and a failing element is dropped, so a partly
  *  malformed post still lands its good rows. This is the trust boundary for the client's optimistic
- *  records. */
+ *  records.
+ */
 export function parseMediaEntries(value) {
     let raw = value;
     if (typeof value === 'string') {
@@ -77,25 +82,33 @@ export function parseMediaEntries(value) {
     }
     return entries;
 }
-/** The dedup lookup: the entry stored under the content-hash prefix, or undefined when no bytes with
- *  that hash are stored yet. */
+/**
+ * The dedup lookup: the entry stored under the content-hash prefix, or undefined when no bytes with
+ *  that hash are stored yet.
+ */
 export function findByHash(manifest, hash) {
     return manifest[hash];
 }
-/** Set the entry under its own hash, replacing any same-hash row. Returns a new manifest and leaves
- *  the input untouched, so a caller's prior manifest reference stays valid. The ingest path's patch. */
+/**
+ * Set the entry under its own hash, replacing any same-hash row. Returns a new manifest and leaves
+ *  the input untouched, so a caller's prior manifest reference stays valid. The ingest path's patch.
+ */
 export function upsertMediaEntry(manifest, entry) {
     return { ...manifest, [entry.hash]: entry };
 }
-/** Drop the entry under the given hash, returning a new manifest and leaving the input untouched.
+/**
+ * Drop the entry under the given hash, returning a new manifest and leaving the input untouched.
  *  Removing an absent hash is a no-op that still returns an equivalent new manifest. The safe-delete
- *  path's patch. */
+ *  path's patch.
+ */
 export function removeMediaEntry(manifest, hash) {
     const { [hash]: _removed, ...rest } = manifest;
     return rest;
 }
-/** Serialize canonically: the top-level hash keys sorted ascending, two-space pretty, and a trailing
- *  newline, so the committed file diffs cleanly in a PR and a re-serialization is byte-identical. */
+/**
+ * Serialize canonically: the top-level hash keys sorted ascending, two-space pretty, and a trailing
+ *  newline, so the committed file diffs cleanly in a PR and a re-serialization is byte-identical.
+ */
 export function serializeMediaManifest(manifest) {
     const sorted = {};
     for (const hash of Object.keys(manifest).sort()) {

package/dist/media/naming.d.ts

@@ -2,17 +2,23 @@
 export declare function hashBytes(bytes: Uint8Array): Promise<string>;
 /** The first 16 characters of a full hex digest, the content-hash prefix media references commit to. */
 export declare function shortHash(full: string): string;
-/** The strict ingest transform from a raw filename to a slug that satisfies the media: slug grammar,
+/**
+ * The strict ingest transform from a raw filename to a slug that satisfies the media: slug grammar,
  *  or the literal `file`. Drops the extension, lowercases, transliterates accents, collapses non-alphanumeric runs
  *  to a single hyphen, trims, caps at 80 chars, screens Windows reserved names, and falls back to
- *  `file` when nothing usable is left. */
+ *  `file` when nothing usable is left.
+ */
 export declare function slugifyFilename(name: string): string;
-/** The content-addressed R2 object key `media/<aa>/<shortHash>.<ext>`, fanned out on the first two
+/**
+ * The content-addressed R2 object key `media/<aa>/<shortHash>.<ext>`, fanned out on the first two
  *  hex chars of the short hash. No leading slash: this is an object key, not a URL. `ext` is bare
- *  (no dot), for example `webp`. */
+ *  (no dot), for example `webp`.
+ */
 export declare function r2Key(shortHash: string, ext: string): string;
-/** The public delivery URL path, with a leading slash, under the delivery base (`publicBase`,
+/**
+ * The public delivery URL path, with a leading slash, under the delivery base (`publicBase`,
  *  default `/media`). The `slug` form is human-readable (`<base>/<slug>.<shortHash>.<ext>`, or
  *  `<base>/<shortHash>.<ext>` when the slug is null); the `opaque` form mirrors the R2 fan-out
- *  (`<base>/<aa>/<shortHash>.<ext>`) and ignores the slug. */
+ *  (`<base>/<aa>/<shortHash>.<ext>`) and ignores the slug.
+ */
 export declare function publicPath(slug: string | null, shortHash: string, ext: string, urlForm: 'slug' | 'opaque', publicBase?: string): string;