@infuro/cms-core 1.0.25 → 1.0.27

package/dist/api.cjs

@@ -521,6 +521,8 @@ __export(api_exports, {
   getPublicSettingsGroup: () => getPublicSettingsGroup,
   mergeGuardrailsIntoSystemPrompt: () => mergeGuardrailsIntoSystemPrompt,
   parseLlmAgentValidationRules: () => parseLlmAgentValidationRules,
+  simpleDecrypt: () => simpleDecrypt,
+  simpleEncrypt: () => simpleEncrypt,
   validateUserMessageAgainstAgentRules: () => validateUserMessageAgainstAgentRules,
   validateUserMessageAgainstStructuredRules: () => validateUserMessageAgainstStructuredRules
 });
@@ -1959,14 +1961,14 @@ function createUserAuthApiRouter(config) {
   }) : null;
   return {
     async POST(req, pathname) {
-      const path = pathname.replace(/\/$/, "");
-      if (!USER_AUTH_PATHS.includes(path)) {
+      const path2 = pathname.replace(/\/$/, "");
+      if (!USER_AUTH_PATHS.includes(path2)) {
         return config.json({ error: "Not found" }, { status: 404 });
       }
-      if (path === "forgot-password") return forgot(req);
-      if (path === "set-password") return setPass(req);
-      if (path === "invite") return invite(req);
-      if (path === "reset-password" && changePass) return changePass(req);
+      if (path2 === "forgot-password") return forgot(req);
+      if (path2 === "set-password") return setPass(req);
+      if (path2 === "invite") return invite(req);
+      if (path2 === "reset-password" && changePass) return changePass(req);
       return config.json({ error: "Not found" }, { status: 404 });
     }
   };
@@ -2235,12 +2237,12 @@ async function extractZipMediaIntoParentTree(opts) {
     if (opts.storage) {
       publicUrl = await opts.storage.upload(buf, `uploads/${relativeUnderUploads}`, contentType);
     } else {
-      const fs = await import("fs/promises");
+      const fs2 = await import("fs/promises");
       const pathMod = await import("path");
       const dir = pathMod.join(process.cwd(), opts.localUploadDir);
       const filePath = pathMod.join(dir, relativeUnderUploads);
-      await fs.mkdir(pathMod.dirname(filePath), { recursive: true });
-      await fs.writeFile(filePath, buf);
+      await fs2.mkdir(pathMod.dirname(filePath), { recursive: true });
+      await fs2.writeFile(filePath, buf);
       publicUrl = `/${opts.localUploadDir.replace(/^\/+/, "").replace(/\\/g, "/")}/${relativeUnderUploads.replace(/\\/g, "/")}`;
     }
     await repo.save(
@@ -2662,12 +2664,12 @@ function createUploadHandler(config) {
         const fileUrl = await storageService.upload(buffer, `uploads/${relativeUnderUploads}`, contentType);
         return json({ filePath: fileUrl, parentId });
       }
-      const fs = await import("fs/promises");
-      const path = await import("path");
-      const dir = path.join(process.cwd(), localUploadDir);
-      const filePath = path.join(dir, relativeUnderUploads);
-      await fs.mkdir(path.dirname(filePath), { recursive: true });
-      await fs.writeFile(filePath, buffer);
+      const fs2 = await import("fs/promises");
+      const path2 = await import("path");
+      const dir = path2.join(process.cwd(), localUploadDir);
+      const filePath = path2.join(dir, relativeUnderUploads);
+      await fs2.mkdir(path2.dirname(filePath), { recursive: true });
+      await fs2.writeFile(filePath, buffer);
       const urlRel = `${localUploadDir.replace(/^\/+/, "").replace(/\\/g, "/")}/${relativeUnderUploads.replace(/\\/g, "/")}`;
       return json({ filePath: `/${urlRel}`, parentId });
     } catch (err) {
@@ -3321,11 +3323,11 @@ function createUserAvatarHandler(config) {
       const ext = file.name.split(".").pop() || "jpg";
       const fileName = `avatar_${session.user.email}_${Date.now()}.${ext}`;
       const avatarUrl = saveAvatar ? await saveAvatar(buffer, fileName) : await (async () => {
-        const fs = await import("fs/promises");
-        const path = await import("path");
-        const dir = path.join(process.cwd(), "public", "uploads", "avatars");
-        await fs.mkdir(dir, { recursive: true });
-        await fs.writeFile(path.join(dir, fileName), buffer);
+        const fs2 = await import("fs/promises");
+        const path2 = await import("path");
+        const dir = path2.join(process.cwd(), "public", "uploads", "avatars");
+        await fs2.mkdir(dir, { recursive: true });
+        await fs2.writeFile(path2.join(dir, fileName), buffer);
         return `/uploads/avatars/${fileName}`;
       })();
       return json({ message: "Avatar uploaded successfully", avatarUrl });
@@ -5212,6 +5214,7 @@ var Blog = class {
   id;
   title;
   content;
+  socialMediaContent;
   coverImage;
   authorId;
   categoryId;
@@ -5240,6 +5243,9 @@ __decorateClass([
 __decorateClass([
   (0, import_typeorm16.Column)("text")
 ], Blog.prototype, "content", 2);
+__decorateClass([
+  (0, import_typeorm16.Column)("text", { nullable: true })
+], Blog.prototype, "socialMediaContent", 2);
 __decorateClass([
   (0, import_typeorm16.Column)("varchar", { nullable: true })
 ], Blog.prototype, "coverImage", 2);
@@ -5929,7 +5935,7 @@ __decorateClass([
   (0, import_typeorm25.JoinColumn)({ name: "userId" })
 ], Contact.prototype, "user", 2);
 __decorateClass([
-  (0, import_typeorm25.OneToMany)(() => FormSubmission, (fs) => fs.contact)
+  (0, import_typeorm25.OneToMany)(() => FormSubmission, (fs2) => fs2.contact)
 ], Contact.prototype, "form_submissions", 2);
 __decorateClass([
   (0, import_typeorm25.OneToMany)(() => Address, (a) => a.contact)
@@ -7225,6 +7231,130 @@ LlmAgentKnowledgeDocument = __decorateClass([
   (0, import_typeorm45.Index)("IDX_llm_agent_knowledge_agent", ["agentId"])
 ], LlmAgentKnowledgeDocument);
 
+// src/entities/rss-feed.entity.ts
+var import_typeorm47 = require("typeorm");
+
+// src/entities/rss-article.entity.ts
+var import_typeorm46 = require("typeorm");
+var RssArticle = class {
+  id;
+  rssFeedId;
+  rssFeed;
+  externalId;
+  title;
+  articleUrl;
+  summary;
+  content;
+  author;
+  publishedAt;
+  imageUrl;
+  rawData;
+  contentHash;
+  isProcessed;
+  createdAt;
+};
+__decorateClass([
+  (0, import_typeorm46.PrimaryGeneratedColumn)("uuid")
+], RssArticle.prototype, "id", 2);
+__decorateClass([
+  (0, import_typeorm46.Column)("uuid")
+], RssArticle.prototype, "rssFeedId", 2);
+__decorateClass([
+  (0, import_typeorm46.ManyToOne)(() => RssFeed, (f) => f.articles, { onDelete: "CASCADE" }),
+  (0, import_typeorm46.JoinColumn)({ name: "rssFeedId" })
+], RssArticle.prototype, "rssFeed", 2);
+__decorateClass([
+  (0, import_typeorm46.Column)({ type: "text", nullable: true })
+], RssArticle.prototype, "externalId", 2);
+__decorateClass([
+  (0, import_typeorm46.Column)({ type: "text" })
+], RssArticle.prototype, "title", 2);
+__decorateClass([
+  (0, import_typeorm46.Column)({ type: "text" })
+], RssArticle.prototype, "articleUrl", 2);
+__decorateClass([
+  (0, import_typeorm46.Column)({ type: "text", nullable: true })
+], RssArticle.prototype, "summary", 2);
+__decorateClass([
+  (0, import_typeorm46.Column)({ type: "text", nullable: true })
+], RssArticle.prototype, "content", 2);
+__decorateClass([
+  (0, import_typeorm46.Column)({ type: "text", nullable: true })
+], RssArticle.prototype, "author", 2);
+__decorateClass([
+  (0, import_typeorm46.Column)({ type: "timestamp", nullable: true })
+], RssArticle.prototype, "publishedAt", 2);
+__decorateClass([
+  (0, import_typeorm46.Column)({ type: "text", nullable: true })
+], RssArticle.prototype, "imageUrl", 2);
+__decorateClass([
+  (0, import_typeorm46.Column)({ type: "jsonb", nullable: true })
+], RssArticle.prototype, "rawData", 2);
+__decorateClass([
+  (0, import_typeorm46.Column)({ type: "text", nullable: true })
+], RssArticle.prototype, "contentHash", 2);
+__decorateClass([
+  (0, import_typeorm46.Column)({ type: "boolean", default: false })
+], RssArticle.prototype, "isProcessed", 2);
+__decorateClass([
+  (0, import_typeorm46.CreateDateColumn)()
+], RssArticle.prototype, "createdAt", 2);
+RssArticle = __decorateClass([
+  (0, import_typeorm46.Entity)("rss_articles"),
+  (0, import_typeorm46.Unique)("UQ_rss_articles_feed_article_url", ["rssFeedId", "articleUrl"])
+], RssArticle);
+
+// src/entities/rss-feed.entity.ts
+var RssFeed = class {
+  id;
+  name;
+  rssUrl;
+  websiteUrl;
+  isActive;
+  fetchFrequencyMinutes;
+  lastFetchedAt;
+  lastArticleDate;
+  articles;
+  createdAt;
+  updatedAt;
+};
+__decorateClass([
+  (0, import_typeorm47.PrimaryGeneratedColumn)("uuid")
+], RssFeed.prototype, "id", 2);
+__decorateClass([
+  (0, import_typeorm47.Column)({ type: "text" })
+], RssFeed.prototype, "name", 2);
+__decorateClass([
+  (0, import_typeorm47.Column)({ type: "text", unique: true })
+], RssFeed.prototype, "rssUrl", 2);
+__decorateClass([
+  (0, import_typeorm47.Column)({ type: "text", nullable: true })
+], RssFeed.prototype, "websiteUrl", 2);
+__decorateClass([
+  (0, import_typeorm47.Column)({ type: "boolean", default: true })
+], RssFeed.prototype, "isActive", 2);
+__decorateClass([
+  (0, import_typeorm47.Column)({ type: "int", default: 60 })
+], RssFeed.prototype, "fetchFrequencyMinutes", 2);
+__decorateClass([
+  (0, import_typeorm47.Column)({ type: "timestamp", nullable: true })
+], RssFeed.prototype, "lastFetchedAt", 2);
+__decorateClass([
+  (0, import_typeorm47.Column)({ type: "timestamp", nullable: true })
+], RssFeed.prototype, "lastArticleDate", 2);
+__decorateClass([
+  (0, import_typeorm47.OneToMany)(() => RssArticle, (article) => article.rssFeed)
+], RssFeed.prototype, "articles", 2);
+__decorateClass([
+  (0, import_typeorm47.CreateDateColumn)()
+], RssFeed.prototype, "createdAt", 2);
+__decorateClass([
+  (0, import_typeorm47.UpdateDateColumn)()
+], RssFeed.prototype, "updatedAt", 2);
+RssFeed = __decorateClass([
+  (0, import_typeorm47.Entity)("rss_feeds")
+], RssFeed);
+
 // src/entities/index.ts
 var CMS_ENTITY_MAP = {
   users: User,
@@ -7266,9 +7396,1211 @@ var CMS_ENTITY_MAP = {
   wishlists: Wishlist,
   wishlist_items: WishlistItem,
   llm_agents: LlmAgent,
-  llm_agent_knowledge_documents: LlmAgentKnowledgeDocument
+  llm_agent_knowledge_documents: LlmAgentKnowledgeDocument,
+  rss_feeds: RssFeed,
+  rss_articles: RssArticle
 };
 
+// src/plugins/blog-generator/blog-generator-service.ts
+var import_rss_parser = __toESM(require("rss-parser"), 1);
+
+// src/plugins/blog-generator/blog-generator-agent-defaults.ts
+var BLOG_GENERATOR_LLM_AGENT_SLUG = "blog-generator";
+var BLOG_GENERATOR_MARKDOWN_ARTICLE_SEPARATOR = "---BLOG_GENERATOR_NEXT---";
+var BLOG_GENERATOR_DEFAULT_SYSTEM_INSTRUCTION = `You are a professional financial and business content writer.
+
+Your task is to generate completely original, high-quality blog article(s) from the latest RSS-derived source material in the user message (one block per feed). The user message is factual input only.
+
+IMPORTANT RULES:
+
+1. NEVER copy the RSS article directly.
+2. Rewrite the information into a fresh, human-like article.
+3. Expand the topic with professional insights and explanations.
+4. Maintain a natural editorial tone.
+5. Make the article SEO-friendly.
+6. Use engaging headings and subheadings.
+7. Avoid robotic AI phrasing.
+8. Do not mention that the content came from RSS or feeds.
+9. Preserve factual accuracy from the source material.
+10. The output should feel like a professionally written industry blog.
+
+MULTIPLE FEEDS:
+- If several feeds are provided, compare them: if they largely cover the same story or overlap heavily, produce ONE cohesive article.
+- If they cover clearly different topics or distinct stories, produce MULTIPLE articles (one per distinct story).
+- You may also produce one synthesis plus a short separate angle when that best serves the reader\u2014use your judgment.
+
+WRITING STYLE:
+- Professional
+- Clear
+- Informative
+- Business-focused
+- Human sounding
+- Modern editorial style
+
+ARTICLE STRUCTURE (each article \u2014 express in HTML):
+1. Engaging introduction
+2. Industry context
+3. Main developments
+4. Key implications
+5. Expert/business analysis
+6. Conclusion
+
+HTML STRUCTURE (STRICT \u2014 each article must be valid, semantic HTML only):
+- Output HTML only. Do not use Markdown (no # headings, no **bold**, no \`code fences\`).
+- Wrap each complete article in a single root: <article class="blog-post"> ... </article>
+- Inside <article>, use this outline:
+  - <header><h1 class="blog-post-title">\u2026main title\u2026</h1></header> (exactly one h1 per article)
+  - <section class="blog-post-body"> for all following content
+  - Use <h2> and <h3> for section and subsection titles (never skip levels: h1 \u2192 h2 \u2192 h3).
+  - Use <p> for paragraphs; keep paragraphs focused (avoid huge unbroken text).
+  - Use <ul>/<ol> with <li> for lists where appropriate.
+  - Use <strong> and <em> for emphasis sparingly; use <blockquote> only when quoting or callouts fit.
+- Do not include <html>, <head>, <body>, or document-level wrappers \u2014 only the fragment(s) described above.
+- Do not use <script>, <style>, <iframe>, or inline event handlers. Avoid inline style="" except when essential for accessibility (prefer none).
+- Escape angle brackets in body text if you must mention markup; keep output safe for embedding in a CMS.
+
+CONTENT REQUIREMENTS:
+- Minimum 800 words per article unless source material is very small.
+- Add context around industry trends where appropriate.
+- Explain why the topic matters.
+- Include practical implications for businesses/professionals.
+
+IF RSS CONTENT IS LIMITED:
+- Expand intelligently using general industry knowledge.
+- Keep the article relevant to the original topic.
+- Do not invent fake facts or statistics.
+
+OUTPUT FORMAT (STRICT \u2014 HTML only):
+- Return ONLY the article HTML fragment(s). No JSON, no preamble or postscript ("Here is your article\u2026"), no markdown.
+- If you output more than one article, output multiple <article class="blog-post">\u2026</article> blocks in sequence, and between articles put a single line containing exactly this (and nothing else on that line):
+${BLOG_GENERATOR_MARKDOWN_ARTICLE_SEPARATOR}
+- If you output a single article, use one <article> only and do not use that separator line.`;
+var BLOG_GENERATOR_DEFAULT_VALIDATION_RULES = JSON.stringify(
+  {
+    maxUserChars: 5e5,
+    guardrails: `Your reply must be semantic HTML blog article(s) only, as in the system OUTPUT FORMAT (<article class="blog-post">\u2026). No JSON, no Markdown, no explanations before or after the HTML. If multiple articles, separate them with a line containing exactly ${BLOG_GENERATOR_MARKDOWN_ARTICLE_SEPARATOR} alone. Do not mention RSS, feeds, or scraping. Preserve factual accuracy; do not invent statistics or quotes.`
+  },
+  null,
+  2
+);
+
+// src/plugins/blog-generator/blog-generator-metadata-defaults.ts
+var BLOG_METADATA_ENRICHER_LLM_AGENT_SLUG = "blog-generator-metadata";
+var BLOG_METADATA_ENRICHER_DEFAULT_VALIDATION_RULES = JSON.stringify(
+  {
+    maxUserChars: 5e5,
+    guardrails: "Reply with one valid JSON object only (see system OUTPUT FORMAT). No markdown fences, no text before or after JSON. Keys: categoryName, blogSlug, seo { title, description, keywords, ogTitle, ogDescription }, tags (array of strings)."
+  },
+  null,
+  2
+);
+
+// src/plugins/blog-generator/blog-generator-social-defaults.ts
+var BLOG_SOCIAL_ENRICHER_LLM_AGENT_SLUG = "blog-generator-social";
+var BLOG_SOCIAL_ENRICHER_DEFAULT_VALIDATION_RULES = JSON.stringify(
+  {
+    maxUserChars: 5e5,
+    guardrails: "Reply with one valid JSON object only. Key: socialMediaContent (string, plain text, max ~2900 chars). No markdown fences."
+  },
+  null,
+  2
+);
+
+// src/plugins/blog-generator/blog-generator-service.ts
+var parser = new import_rss_parser.default({
+  defaultRSS: 2
+});
+function resolveBlogCategoryIdByName(needle, rows) {
+  if (!needle?.trim()) return { categoryId: null, matched: false };
+  const n = needle.trim().toLowerCase();
+  const hit = rows.find((r) => r.name.trim().toLowerCase() === n);
+  return hit ? { categoryId: hit.id, matched: true } : { categoryId: null, matched: false };
+}
+
+// src/plugins/blog-generator/blog-generator-persist.ts
+function slugBase(draft) {
+  const raw = (draft.slug?.trim() || draft.title || "post").toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "").slice(0, 100);
+  return raw || "post";
+}
+function normalizeSlugSegment(input) {
+  const t = input.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "").slice(0, 100);
+  return t || "post";
+}
+async function allocateUniqueSlug(repo, base) {
+  let b = normalizeSlugSegment(base);
+  for (let i = 0; i < 120; i++) {
+    const s = i === 0 ? b : `${b}-${i + 1}`.slice(0, 160);
+    const exists = await repo.findOne({ where: { slug: s } });
+    if (!exists) return s;
+  }
+  throw new Error("Could not allocate a unique slug");
+}
+async function findOrCreateTag(repo, name) {
+  const trimmed = name.trim().slice(0, 500);
+  if (!trimmed) throw new Error("Empty tag name");
+  let row = await repo.findOne({ where: { name: trimmed } });
+  if (row && row.deleted) {
+    await repo.update(
+      { id: row.id },
+      { deleted: false, updatedAt: /* @__PURE__ */ new Date() }
+    );
+    row = await repo.findOne({ where: { id: row.id } });
+    return row;
+  }
+  if (row) return row;
+  const now = /* @__PURE__ */ new Date();
+  return repo.save(
+    repo.create({
+      name: trimmed,
+      deleted: false,
+      createdAt: now,
+      updatedAt: now
+    })
+  );
+}
+async function findOrCreateCategory(repo, displayName) {
+  const n = displayName.trim().slice(0, 500);
+  if (!n) return null;
+  let row = await repo.createQueryBuilder("c").where("LOWER(TRIM(c.name)) = LOWER(TRIM(:n))", { n }).getOne();
+  if (row && row.deleted) {
+    await repo.update(
+      { id: row.id },
+      { deleted: false, updatedAt: /* @__PURE__ */ new Date() }
+    );
+    row = await repo.findOne({ where: { id: row.id } });
+    return row;
+  }
+  if (row) return row;
+  const now = /* @__PURE__ */ new Date();
+  return repo.save(
+    repo.create({
+      name: n,
+      deleted: false,
+      createdAt: now,
+      updatedAt: now
+    })
+  );
+}
+async function persistGeneratedBlogDraft(manager, maps, params) {
+  const { draft, authorId } = params;
+  const blogRepo = manager.getRepository(maps.blogs);
+  const tagRepo = manager.getRepository(maps.tags);
+  const catRepo = manager.getRepository(maps.categories);
+  const seoRepo = manager.getRepository(maps.seos);
+  const uniqueBlogSlug = await allocateUniqueSlug(blogRepo, slugBase(draft));
+  const uniqueSeoSlug = await allocateUniqueSlug(seoRepo, uniqueBlogSlug);
+  const seoRow = await seoRepo.save(
+    seoRepo.create({
+      slug: uniqueSeoSlug,
+      title: draft.seo.title,
+      description: draft.seo.description,
+      keywords: draft.seo.keywords,
+      ogTitle: draft.seo.ogTitle ?? draft.seo.title,
+      ogDescription: draft.seo.ogDescription ?? draft.seo.description,
+      ogImage: null,
+      deleted: false,
+      createdAt: /* @__PURE__ */ new Date(),
+      updatedAt: /* @__PURE__ */ new Date()
+    })
+  );
+  const seoId = Number(seoRow.id);
+  let categoryId = null;
+  if (draft.categoryName?.trim()) {
+    const cat = await findOrCreateCategory(catRepo, draft.categoryName);
+    if (cat) categoryId = Number(cat.id);
+  }
+  const tagEntities = [];
+  const seen = /* @__PURE__ */ new Set();
+  for (const t of draft.tags ?? []) {
+    const key = t.trim().toLowerCase();
+    if (!key || seen.has(key)) continue;
+    seen.add(key);
+    tagEntities.push(await findOrCreateTag(tagRepo, t));
+  }
+  const socialTrim = typeof draft.socialMediaContent === "string" && draft.socialMediaContent.trim() ? draft.socialMediaContent.trim().slice(0, 2900) : null;
+  const now = /* @__PURE__ */ new Date();
+  const blogRow = await blogRepo.save(
+    blogRepo.create({
+      title: draft.title.trim().slice(0, 500) || "Untitled",
+      content: draft.markdown,
+      socialMediaContent: socialTrim,
+      slug: uniqueBlogSlug,
+      authorId,
+      categoryId,
+      seoId,
+      published: false,
+      deleted: false,
+      coverImage: null,
+      createdBy: authorId,
+      updatedBy: authorId,
+      createdAt: now,
+      updatedAt: now
+    })
+  );
+  const blogId = Number(blogRow.id);
+  if (tagEntities.length > 0) {
+    const blog = await blogRepo.findOne({
+      where: { id: blogId },
+      relations: ["tags"]
+    });
+    if (blog) {
+      blog.tags = tagEntities;
+      await blogRepo.save(blog);
+    }
+  }
+  const tagIds = tagEntities.map((e) => Number(e.id)).filter((id) => Number.isFinite(id));
+  return { blogId, slug: uniqueBlogSlug, categoryId, seoId, tagIds };
+}
+async function persistAllGeneratedBlogDrafts(dataSource, maps, params) {
+  const out = [];
+  for (const draft of params.drafts) {
+    const row = await dataSource.transaction(
+      (manager) => persistGeneratedBlogDraft(manager, maps, { draft, authorId: params.authorId })
+    );
+    out.push(row);
+  }
+  return out;
+}
+
+// src/api/rss-feed-blog-api.ts
+function deriveRssFeedDisplayName(rssUrl) {
+  try {
+    const u = new URL(rssUrl);
+    const h = u.hostname.replace(/^www\./i, "");
+    return (h || rssUrl).slice(0, 500);
+  } catch {
+    return rssUrl.slice(0, 500);
+  }
+}
+async function upsertRssFeedRow(dataSource, feedEntity, rssUrl, opts) {
+  const repo = dataSource.getRepository(feedEntity);
+  const trimmed = rssUrl.trim();
+  const name = (opts?.name?.trim() || deriveRssFeedDisplayName(trimmed)).slice(0, 500);
+  let row = await repo.findOne({ where: { rssUrl: trimmed } });
+  if (!row) {
+    row = repo.create({
+      name,
+      rssUrl: trimmed,
+      websiteUrl: opts?.websiteUrl?.trim() || null,
+      isActive: true,
+      fetchFrequencyMinutes: 60
+    });
+  } else {
+    row.name = name;
+    if (opts?.websiteUrl !== void 0) {
+      row.websiteUrl = opts.websiteUrl?.trim() || null;
+    }
+    row.updatedAt = /* @__PURE__ */ new Date();
+  }
+  return repo.save(row);
+}
+async function recordRssFetchSuccess(dataSource, feedEntity, articleEntity, rssUrl, latest) {
+  const feedRepo = dataSource.getRepository(feedEntity);
+  const row = await feedRepo.findOne({ where: { rssUrl: rssUrl.trim() } });
+  if (!row) return;
+  row.lastFetchedAt = /* @__PURE__ */ new Date();
+  if (latest?.date) {
+    row.lastArticleDate = latest.date;
+  }
+  row.updatedAt = /* @__PURE__ */ new Date();
+  await feedRepo.save(row);
+  const articleUrl = latest?.link?.trim();
+  if (!latest || !articleUrl || !articleEntity) return;
+  const artRepo = dataSource.getRepository(articleEntity);
+  await artRepo.upsert(
+    {
+      rssFeedId: row.id,
+      externalId: articleUrl.slice(0, 2e3),
+      title: (latest.title?.trim() || "Untitled").slice(0, 2e3),
+      articleUrl: articleUrl.slice(0, 2e3),
+      summary: latest.summary?.trim() ? latest.summary.trim().slice(0, 1e5) : null,
+      content: latest.content?.trim() ? latest.content.trim().slice(0, 5e5) : null,
+      author: latest.creator?.trim() ? latest.creator.trim().slice(0, 500) : null,
+      publishedAt: latest.date,
+      imageUrl: null,
+      rawData: { source: "blog-generator-latest", rssUrl: rssUrl.trim() },
+      contentHash: null,
+      isProcessed: false
+    },
+    { conflictPaths: ["rssFeedId", "articleUrl"], skipUpdateIfNoValuesChanged: false }
+  );
+}
+function serializeRssFeed(f) {
+  return {
+    id: f.id,
+    name: f.name,
+    rssUrl: f.rssUrl,
+    websiteUrl: f.websiteUrl,
+    isActive: f.isActive,
+    fetchFrequencyMinutes: f.fetchFrequencyMinutes,
+    lastFetchedAt: f.lastFetchedAt?.toISOString() ?? null,
+    lastArticleDate: f.lastArticleDate?.toISOString() ?? null,
+    createdAt: f.createdAt.toISOString(),
+    updatedAt: f.updatedAt.toISOString()
+  };
+}
+
+// src/plugins/social-media/social-media-api-handlers.ts
+var import_promises = __toESM(require("fs/promises"), 1);
+var import_node_path = __toESM(require("path"), 1);
+
+// src/plugins/social-media/linkedin-client.ts
+var RESTLI = "2.0.0";
+async function linkedInGetUserinfo(accessToken) {
+  const r = await fetch("https://api.linkedin.com/v2/userinfo", {
+    headers: { Authorization: `Bearer ${accessToken}` }
+  });
+  const text = await r.text();
+  if (!r.ok) {
+    throw new Error(`LinkedIn userinfo failed (${r.status}): ${text.slice(0, 500)}`);
+  }
+  try {
+    return JSON.parse(text);
+  } catch {
+    throw new Error("LinkedIn userinfo: invalid JSON");
+  }
+}
+function personUrn(personSub) {
+  const s = String(personSub || "").trim();
+  if (s.startsWith("urn:li:person:")) return s;
+  return `urn:li:person:${s}`;
+}
+async function linkedInRegisterImageUpload(accessToken, personSub) {
+  const owner = personUrn(personSub);
+  const r = await fetch("https://api.linkedin.com/v2/assets?action=registerUpload", {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${accessToken}`,
+      "X-Restli-Protocol-Version": RESTLI,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      registerUploadRequest: {
+        recipes: ["urn:li:digitalmediaRecipe:feedshare-image"],
+        owner,
+        serviceRelationships: [
+          {
+            relationshipType: "OWNER",
+            identifier: "urn:li:userGeneratedContent"
+          }
+        ]
+      }
+    })
+  });
+  const text = await r.text();
+  if (!r.ok) {
+    throw new Error(`LinkedIn registerUpload failed (${r.status}): ${text.slice(0, 800)}`);
+  }
+  let data;
+  try {
+    data = JSON.parse(text);
+  } catch {
+    throw new Error("LinkedIn registerUpload: invalid JSON");
+  }
+  const v = data.value;
+  const uploadUrl = v?.uploadMechanism?.["com.linkedin.digitalmedia.uploading.MediaUploadHttpRequest"]?.uploadUrl;
+  const asset = v?.asset;
+  if (!uploadUrl || !asset) {
+    throw new Error("LinkedIn registerUpload: missing uploadUrl or asset");
+  }
+  return { uploadUrl, asset };
+}
+async function linkedInUploadBinary(accessToken, uploadUrl, body, contentType) {
+  const r = await fetch(uploadUrl, {
+    method: "PUT",
+    headers: {
+      Authorization: `Bearer ${accessToken}`,
+      "X-Restli-Protocol-Version": RESTLI,
+      "Content-Type": contentType || "application/octet-stream"
+    },
+    body: new Uint8Array(body)
+  });
+  if (!r.ok) {
+    const t = await r.text();
+    throw new Error(`LinkedIn binary upload failed (${r.status}): ${t.slice(0, 500)}`);
+  }
+}
+async function linkedInCreateImageShare(params) {
+  const author = personUrn(params.personSub);
+  const commentary = params.commentary.slice(0, 2900);
+  const title = params.title.slice(0, 200);
+  const description = (params.description ?? title).slice(0, 200);
+  const r = await fetch("https://api.linkedin.com/v2/ugcPosts", {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${params.accessToken}`,
+      "X-Restli-Protocol-Version": RESTLI,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      author,
+      lifecycleState: "PUBLISHED",
+      specificContent: {
+        "com.linkedin.ugc.ShareContent": {
+          shareCommentary: { attributes: [], text: commentary },
+          shareMediaCategory: "IMAGE",
+          media: [
+            {
+              status: "READY",
+              description: { attributes: [], text: description },
+              media: params.asset,
+              title: { attributes: [], text: title }
+            }
+          ]
+        }
+      },
+      visibility: {
+        "com.linkedin.ugc.MemberNetworkVisibility": "PUBLIC"
+      }
+    })
+  });
+  const text = await r.text();
+  if (!r.ok) {
+    throw new Error(`LinkedIn ugcPosts failed (${r.status}): ${text.slice(0, 1200)}`);
+  }
+  let data;
+  try {
+    data = JSON.parse(text);
+  } catch {
+    return { status: r.status };
+  }
+  return { status: r.status, id: data.id };
+}
+async function linkedInCreateTextShare(params) {
+  const author = personUrn(params.personSub);
+  const commentary = params.commentary.slice(0, 2900);
+  const r = await fetch("https://api.linkedin.com/v2/ugcPosts", {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${params.accessToken}`,
+      "X-Restli-Protocol-Version": RESTLI,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      author,
+      lifecycleState: "PUBLISHED",
+      specificContent: {
+        "com.linkedin.ugc.ShareContent": {
+          shareCommentary: { attributes: [], text: commentary },
+          shareMediaCategory: "NONE"
+        }
+      },
+      visibility: {
+        "com.linkedin.ugc.MemberNetworkVisibility": "PUBLIC"
+      }
+    })
+  });
+  const text = await r.text();
+  if (!r.ok) {
+    throw new Error(`LinkedIn ugcPosts (text) failed (${r.status}): ${text.slice(0, 1200)}`);
+  }
+  let data;
+  try {
+    data = JSON.parse(text);
+  } catch {
+    return { status: r.status };
+  }
+  return { status: r.status, id: data.id };
+}
+
+// src/plugins/social-media/meta-service.ts
+var GRAPH_API_VERSION = "v23.0";
+var GRAPH_BASE = `https://graph.facebook.com/${GRAPH_API_VERSION}`;
+async function metaFetchUserManagedPages(userAccessToken) {
+  const token = String(userAccessToken || "").trim();
+  if (!token) {
+    throw new Error("User access token is required");
+  }
+  const url = new URL(`${GRAPH_BASE}/me/accounts`);
+  url.searchParams.set("access_token", token);
+  const r = await fetch(url.toString(), { method: "GET", headers: { Accept: "application/json" } });
+  const text = await r.text();
+  let body;
+  try {
+    body = JSON.parse(text);
+  } catch {
+    throw new Error(`Facebook Graph returned invalid JSON (${r.status})`);
+  }
+  if (body.error?.message) {
+    const code = body.error.code != null ? ` (code ${body.error.code})` : "";
+    throw new Error(`${body.error.message}${code}`);
+  }
+  if (!r.ok) {
+    throw new Error(`Facebook Graph request failed (${r.status}): ${text.slice(0, 600)}`);
+  }
+  return body;
+}
+function parseGraphMutation(text, httpOk) {
+  let body;
+  try {
+    body = JSON.parse(text);
+  } catch {
+    throw new Error(`Facebook Graph returned invalid JSON (${httpOk ? "200" : "error"})`);
+  }
+  if (body.error?.message) {
+    const code = body.error.code != null ? ` (code ${body.error.code})` : "";
+    throw new Error(`${body.error.message}${code}`);
+  }
+  if (!httpOk) {
+    throw new Error(`Facebook Graph request failed: ${text.slice(0, 600)}`);
+  }
+  return body;
+}
+function metaResolvePageAccessToken(accounts, pageId) {
+  const id = String(pageId || "").trim();
+  if (!id || !accounts.data?.length) return null;
+  const row = accounts.data.find((p) => String(p.id ?? "").trim() === id);
+  const tok = row?.access_token;
+  return typeof tok === "string" && tok.trim() ? tok.trim() : null;
+}
+async function metaPostPagePhoto(opts) {
+  const { pageId, pageAccessToken, imageBuffer, contentType, caption } = opts;
+  const pid = String(pageId || "").trim();
+  const tok = String(pageAccessToken || "").trim();
+  if (!pid || !tok) throw new Error("Page ID and page access token are required");
+  if (!imageBuffer?.length) throw new Error("Image buffer is empty");
+  const url = `${GRAPH_BASE}/${encodeURIComponent(pid)}/photos`;
+  const lower = contentType.split(";")[0].trim().toLowerCase();
+  const filename = lower.includes("png") ? "photo.png" : "photo.jpg";
+  const blob = new Blob([new Uint8Array(imageBuffer)], { type: lower || "image/jpeg" });
+  const form = new FormData();
+  form.append("access_token", tok);
+  form.append("caption", String(caption || "").trim().slice(0, 2200));
+  form.append("source", blob, filename);
+  const r = await fetch(url, { method: "POST", body: form });
+  const text = await r.text();
+  return parseGraphMutation(text, r.ok);
+}
+async function metaPostPageFeed(opts) {
+  const { pageId, pageAccessToken, message } = opts;
+  const pid = String(pageId || "").trim();
+  const tok = String(pageAccessToken || "").trim();
+  if (!pid || !tok) throw new Error("Page ID and page access token are required");
+  const url = new URL(`${GRAPH_BASE}/${encodeURIComponent(pid)}/feed`);
+  const params = new URLSearchParams();
+  params.set("access_token", tok);
+  params.set("message", String(message || "").trim().slice(0, 5e3));
+  const r = await fetch(url.toString(), {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded", Accept: "application/json" },
+    body: params.toString()
+  });
+  const text = await r.text();
+  return parseGraphMutation(text, r.ok);
+}
+
+// src/plugins/social-media/social-media-api-handlers.ts
+var SETTINGS_GROUP = "social_media";
+async function loadGroupMap(dataSource, entityMap, encryptionKey) {
+  if (!entityMap.configs) return {};
+  const repo = dataSource.getRepository(entityMap.configs);
+  const rows = await repo.find({ where: { settings: SETTINGS_GROUP, deleted: false } });
+  const out = {};
+  for (const row of rows) {
+    let val = row.value;
+    if (row.encrypted && encryptionKey) {
+      try {
+        val = simpleDecrypt(val, encryptionKey);
+      } catch {
+      }
+    }
+    out[row.key] = val;
+  }
+  return out;
+}
+async function upsertConfigKey(dataSource, entityMap, key, value, opts) {
+  if (!entityMap.configs) throw new Error("configs entity missing");
+  const repo = dataSource.getRepository(entityMap.configs);
+  let stored = value;
+  if (opts.encrypted && opts.encryptionKey) {
+    stored = simpleEncrypt(value, opts.encryptionKey);
+  }
+  const existing = await repo.findOne({ where: { settings: SETTINGS_GROUP, key } });
+  if (existing) {
+    await repo.update(existing.id, {
+      value: stored,
+      type: opts.type,
+      encrypted: opts.encrypted,
+      updatedAt: /* @__PURE__ */ new Date()
+    });
+  } else {
+    await repo.save(
+      repo.create({
+        settings: SETTINGS_GROUP,
+        key,
+        value: stored,
+        type: opts.type,
+        encrypted: opts.encrypted
+      })
+    );
+  }
+}
+function stripHtml(html, maxLen) {
+  const t = String(html || "").replace(/<script[\s\S]*?<\/script>/gi, " ").replace(/<style[\s\S]*?<\/style>/gi, " ").replace(/<[^>]+>/g, " ").replace(/\s+/g, " ").trim();
+  return t.slice(0, maxLen);
+}
+function decodeHtmlAttr(s) {
+  return String(s).replace(/&amp;/gi, "&").replace(/&quot;/gi, '"').replace(/&#39;/g, "'").replace(/&lt;/gi, "<").replace(/&gt;/gi, ">");
+}
+function extractFirstImageSrcFromHtml(html) {
+  const s = String(html);
+  const patterns = [
+    /<img[^>]*\bsrc\s*=\s*["']([^"']+)["']/i,
+    /<img[^>]*\bsrc\s*=\s*([^\s>]+)/i,
+    /<img[^>]*\bdata-src\s*=\s*["']([^"']+)["']/i,
+    /<img[^>]*\bdata-src\s*=\s*([^\s>]+)/i
+  ];
+  for (const re of patterns) {
+    const m = s.match(re);
+    const raw = m?.[1]?.trim();
+    if (raw) return decodeHtmlAttr(raw);
+  }
+  return null;
+}
+function resolveAbsoluteUrl(publicSiteUrl, pathOrUrl) {
+  if (!pathOrUrl || !String(pathOrUrl).trim()) return null;
+  const s = decodeHtmlAttr(String(pathOrUrl).trim());
+  if (/^https?:\/\//i.test(s)) return s;
+  if (s.startsWith("//")) return `https:${s}`;
+  const base = (publicSiteUrl || "").replace(/\/+$/, "");
+  if (!base) return null;
+  const rel = s.startsWith("/") ? s : `/${s}`;
+  return `${base}${rel}`;
+}
+function guessImageContentType(filePathOrUrl, buf) {
+  const lower = filePathOrUrl.toLowerCase();
+  if (lower.includes(".png")) return "image/png";
+  if (lower.includes(".webp")) return "image/webp";
+  if (lower.includes(".gif")) return "image/gif";
+  if (lower.includes(".jpg") || lower.includes(".jpeg")) return "image/jpeg";
+  if (buf.length >= 2 && buf[0] === 255 && buf[1] === 216) return "image/jpeg";
+  if (buf.length >= 8 && buf[0] === 137 && buf[1] === 80 && buf[2] === 78 && buf[3] === 71) return "image/png";
+  if (buf.length >= 12 && buf[8] === 87 && buf[9] === 69 && buf[10] === 66 && buf[11] === 80) return "image/webp";
+  return "image/jpeg";
+}
+function isLinkedInFeedshareCompatibleContentType(mime) {
+  const m = mime.split(";")[0].trim().toLowerCase();
+  return m === "image/jpeg" || m === "image/png";
+}
+async function loadImageBytesForBlogShare(coverImage, contentHtml, publicSiteUrl, req) {
+  const origin = publicSiteUrl || inferRequestOrigin(req) || "";
+  const fromHtml = extractFirstImageSrcFromHtml(contentHtml);
+  const candidates = [];
+  const seenDecoded = /* @__PURE__ */ new Set();
+  const pushCand = (role, raw) => {
+    const decoded = decodeHtmlAttr(raw.trim());
+    if (!decoded || decoded.startsWith("data:")) return;
+    if (seenDecoded.has(decoded)) return;
+    seenDecoded.add(decoded);
+    candidates.push({ role, raw });
+  };
+  if (coverImage?.trim()) pushCand("cover", coverImage.trim());
+  if (fromHtml) pushCand("bodyImage", fromHtml);
+  for (const { role, raw } of candidates) {
+    const decoded = decodeHtmlAttr(raw.trim());
+    if (decoded.startsWith("data:")) continue;
+    if (decoded.startsWith("/uploads/") || decoded.startsWith("uploads/")) {
+      const rel = decoded.startsWith("/") ? decoded.slice(1) : decoded;
+      const tries = [import_node_path.default.join(process.cwd(), "public", rel), import_node_path.default.join(process.cwd(), rel)];
+      for (const filePath of tries) {
+        try {
+          const buf = await import_promises.default.readFile(filePath);
+          if (buf.length > 0) {
+            const contentType = guessImageContentType(filePath, buf);
+            if (!isLinkedInFeedshareCompatibleContentType(contentType)) {
+              continue;
+            }
+            return {
+              buffer: buf,
+              contentType,
+              source: `${role}:local_file:${truncateForLog(rel, 120)}`
+            };
+          }
+        } catch {
+        }
+      }
+    }
+    const url = resolveAbsoluteUrl(origin, decoded);
+    if (!url) continue;
+    try {
+      const imgRes = await fetch(url, {
+        headers: {
+          "User-Agent": "InfuroCMS/1.0 (social share; +https://infuro.com)",
+          Accept: "image/*,*/*;q=0.5"
+        }
+      });
+      if (!imgRes.ok) continue;
+      const buf = Buffer.from(await imgRes.arrayBuffer());
+      if (buf.length === 0) continue;
+      const hdr = imgRes.headers.get("content-type");
+      const contentType = hdr && /^image\//i.test(hdr) ? hdr.split(";")[0].trim() : guessImageContentType(url, buf);
+      if (!isLinkedInFeedshareCompatibleContentType(contentType)) {
+        continue;
+      }
+      return {
+        buffer: buf,
+        contentType,
+        source: `${role}:fetch:${truncateForLog(url, 160)}`
+      };
+    } catch {
+    }
+  }
+  return null;
+}
+function inferRequestOrigin(req) {
+  const host = req.headers.get("x-forwarded-host") || req.headers.get("host");
+  if (!host) return void 0;
+  const rawProto = req.headers.get("x-forwarded-proto") || "https";
+  const proto = rawProto.split(",")[0]?.trim() || "https";
+  return `${proto}://${host}`.replace(/\/+$/, "");
+}
+function linkedInPublishLoggingEnabled(config) {
+  if (config.linkedInPublishLogging === false) return false;
+  if (config.linkedInPublishLogging === true) return true;
+  try {
+    if (typeof process !== "undefined" && String(process.env.CMS_LINKEDIN_PUBLISH_LOG).trim() === "0") {
+      return false;
+    }
+  } catch {
+  }
+  return true;
+}
+function logLinkedInPublish(enabled, event, detail) {
+  if (!enabled) return;
+  const line = `[LinkedIn publish] ${event} ${JSON.stringify(detail)}`;
+  if (event === "failed" || event === "image_path_failed_falling_back_to_text") {
+    console.warn(line);
+  } else {
+    console.info(line);
+  }
+}
+function truncateForLog(s, max = 160) {
+  const t = String(s).replace(/\s+/g, " ").trim();
+  if (t.length <= max) return t;
+  return `${t.slice(0, max)}\u2026`;
+}
+function createSocialMediaHandlers(config) {
+  const {
+    dataSource,
+    entityMap,
+    json,
+    requireAuth,
+    requireEntityPermission,
+    encryptionKey,
+    publicSiteUrl
+  } = config;
+  const publishLog = linkedInPublishLoggingEnabled(config);
+  return {
+    async getLinkedInStatus(req) {
+      const a = await requireAuth(req);
+      if (a) return a;
+      const pe = await requireEntityPermission(req, "blogs", "read");
+      if (pe) return pe;
+      try {
+        const map = await loadGroupMap(dataSource, entityMap, encryptionKey);
+        const enabled = map.enabled !== "false";
+        const token = (map.linkedin_access_token ?? "").trim();
+        const sub = (map.linkedin_person_sub ?? "").trim();
+        return json({
+          ok: true,
+          linkedInReady: enabled && Boolean(token) && Boolean(sub),
+          enabled,
+          hasToken: Boolean(token),
+          hasPersonSub: Boolean(sub)
+        });
+      } catch (e) {
+        const msg = e instanceof Error ? e.message : "Failed to load status";
+        return json({ error: msg }, { status: 500 });
+      }
+    },
+    async syncLinkedInProfile(req) {
+      const a = await requireAuth(req);
+      if (a) return a;
+      const pe = await requireEntityPermission(req, "blogs", "read");
+      if (pe) return pe;
+      try {
+        const map = await loadGroupMap(dataSource, entityMap, encryptionKey);
+        const token = (map.linkedin_access_token ?? "").trim();
+        if (!token) {
+          return json({ error: "Save a LinkedIn access token in Plugins \u2192 Social media first." }, { status: 400 });
+        }
+        const info = await linkedInGetUserinfo(token);
+        const sub = String(info.sub ?? "").trim();
+        if (!sub) {
+          return json({ error: "LinkedIn userinfo did not return a subject (sub)." }, { status: 502 });
+        }
+        await upsertConfigKey(dataSource, entityMap, "linkedin_person_sub", sub, {
+          type: "private",
+          encrypted: false,
+          encryptionKey
+        });
+        return json({
+          ok: true,
+          linkedin_person_sub: sub,
+          name: info.name ?? null
+        });
+      } catch (e) {
+        const msg = e instanceof Error ? e.message : "Sync failed";
+        return json({ error: msg }, { status: 502 });
+      }
+    },
+    async publishBlogToLinkedIn(req, blogId) {
+      const a = await requireAuth(req);
+      if (a) return a;
+      const pe = await requireEntityPermission(req, "blogs", "update");
+      if (pe) return pe;
+      if (!Number.isFinite(blogId) || blogId < 1) {
+        return json({ error: "Invalid blog id" }, { status: 400 });
+      }
+      if (!entityMap.blogs) {
+        return json({ error: "Blogs entity not configured" }, { status: 503 });
+      }
+      try {
+        const map = await loadGroupMap(dataSource, entityMap, encryptionKey);
+        if (map.enabled === "false") {
+          return json({ error: "Social media plugin is disabled." }, { status: 400 });
+        }
+        const token = (map.linkedin_access_token ?? "").trim();
+        const personSub = (map.linkedin_person_sub ?? "").trim();
+        if (!token || !personSub) {
+          return json(
+            { error: "Configure LinkedIn access token and sync profile (Plugins \u2192 Social media)." },
+            { status: 400 }
+          );
+        }
+        const blogRepo = dataSource.getRepository(entityMap.blogs);
+        const blog = await blogRepo.findOne({
+          where: { id: blogId, deleted: false }
+        });
+        if (!blog) {
+          return json({ error: "Blog not found" }, { status: 404 });
+        }
+        const b = blog;
+        const title = String(b.title ?? "Blog").trim() || "Blog";
+        const social = String(b.socialMediaContent ?? "").trim();
+        const excerpt = stripHtml(String(b.content ?? ""), 2800);
+        const commentary = (social || `${title}
+
+${excerpt}`).trim().slice(0, 2900);
+        const commentaryFrom = social ? "socialMediaContent" : "titleAndExcerpt";
+        logLinkedInPublish(publishLog, "start", {
+          blogId,
+          titleLen: title.length,
+          commentaryFrom,
+          commentaryChars: commentary.length,
+          hasCover: Boolean(b.coverImage?.trim()),
+          contentHtmlChars: String(b.content ?? "").length
+        });
+        const imagePayload = await loadImageBytesForBlogShare(
+          b.coverImage,
+          String(b.content ?? ""),
+          publicSiteUrl || inferRequestOrigin(req),
+          req
+        );
+        if (imagePayload) {
+          logLinkedInPublish(publishLog, "image_bytes_ready", {
+            blogId,
+            source: imagePayload.source,
+            bytes: imagePayload.buffer.length,
+            contentType: imagePayload.contentType
+          });
+          try {
+            const { uploadUrl, asset } = await linkedInRegisterImageUpload(token, personSub);
+            logLinkedInPublish(publishLog, "image_registered", {
+              blogId,
+              asset: truncateForLog(asset, 120),
+              uploadHost: (() => {
+                try {
+                  return new URL(uploadUrl).host;
+                } catch {
+                  return "unknown";
+                }
+              })()
+            });
+            await linkedInUploadBinary(token, uploadUrl, imagePayload.buffer, imagePayload.contentType);
+            logLinkedInPublish(publishLog, "image_uploaded", { blogId, bytes: imagePayload.buffer.length });
+            const out2 = await linkedInCreateImageShare({
+              accessToken: token,
+              personSub,
+              asset,
+              commentary,
+              title,
+              description: title
+            });
+            logLinkedInPublish(publishLog, "success", {
+              blogId,
+              mode: "image_plus_text",
+              linkedinPostId: out2.id ?? null,
+              commentaryFrom,
+              commentaryChars: commentary.length,
+              imageSource: imagePayload.source
+            });
+            return json({
+              ok: true,
+              linkedin: out2,
+              usedImage: true,
+              publishSummary: {
+                mode: "image_plus_text",
+                commentaryFrom,
+                commentaryChars: commentary.length,
+                image: {
+                  bytes: imagePayload.buffer.length,
+                  contentType: imagePayload.contentType,
+                  source: imagePayload.source
+                },
+                linkedinPostId: out2.id ?? null
+              }
+            });
+          } catch (imgErr) {
+            const imgMsg = imgErr instanceof Error ? imgErr.message : String(imgErr);
+            logLinkedInPublish(publishLog, "image_path_failed_falling_back_to_text", {
+              blogId,
+              message: truncateForLog(imgMsg, 500)
+            });
+            const out2 = await linkedInCreateTextShare({
+              accessToken: token,
+              personSub,
+              commentary
+            });
+            logLinkedInPublish(publishLog, "success", {
+              blogId,
+              mode: "text_only_after_image_failure",
+              linkedinPostId: out2.id ?? null,
+              commentaryFrom,
+              commentaryChars: commentary.length,
+              imageError: truncateForLog(imgMsg, 400)
+            });
+            return json({
+              ok: true,
+              linkedin: out2,
+              usedImage: false,
+              usedTextOnly: true,
+              imagePathError: imgMsg,
+              publishSummary: {
+                mode: "text_only_after_image_failure",
+                commentaryFrom,
+                commentaryChars: commentary.length,
+                linkedinPostId: out2.id ?? null,
+                imageAttempt: {
+                  bytes: imagePayload.buffer.length,
+                  contentType: imagePayload.contentType,
+                  source: imagePayload.source
+                }
+              }
+            });
+          }
+        }
+        logLinkedInPublish(publishLog, "no_image_bytes", {
+          blogId,
+          commentaryFrom,
+          commentaryChars: commentary.length,
+          note: "posting_text_only"
+        });
+        const out = await linkedInCreateTextShare({
+          accessToken: token,
+          personSub,
+          commentary
+        });
+        logLinkedInPublish(publishLog, "success", {
+          blogId,
+          mode: "text_only",
+          linkedinPostId: out.id ?? null,
+          commentaryFrom,
+          commentaryChars: commentary.length
+        });
+        return json({
+          ok: true,
+          linkedin: out,
+          usedTextOnly: true,
+          publishSummary: {
+            mode: "text_only",
+            commentaryFrom,
+            commentaryChars: commentary.length,
+            linkedinPostId: out.id ?? null
+          },
+          hint: "No image bytes loaded, or only non-JPEG/PNG images were found. Use JPEG or PNG for cover or an inline <img>, set CMS_PUBLIC_URL for absolute URLs, or paths under /uploads/. LinkedIn feedshare uploads expect JPEG or PNG."
+        });
+      } catch (e) {
+        const msg = e instanceof Error ? e.message : "Publish failed";
+        logLinkedInPublish(publishLog, "failed", { blogId, message: truncateForLog(msg, 600) });
+        return json({ error: msg }, { status: 502 });
+      }
+    },
+    async getFacebookStatus(req) {
+      const a = await requireAuth(req);
+      if (a) return a;
+      const pe = await requireEntityPermission(req, "blogs", "read");
+      if (pe) return pe;
+      try {
+        const map = await loadGroupMap(dataSource, entityMap, encryptionKey);
+        const enabled = map.enabled !== "false";
+        const userToken = (map.meta_user_access_token ?? "").trim();
+        const pageId = (map.meta_facebook_page_id ?? "").trim();
+        let hasPageToken = false;
+        if (enabled && userToken && pageId) {
+          try {
+            const accounts = await metaFetchUserManagedPages(userToken);
+            hasPageToken = Boolean(metaResolvePageAccessToken(accounts, pageId));
+          } catch {
+            hasPageToken = false;
+          }
+        }
+        const facebookReady = enabled && Boolean(userToken) && Boolean(pageId);
+        return json({
+          ok: true,
+          facebookReady,
+          enabled,
+          hasUserToken: Boolean(userToken),
+          hasPageId: Boolean(pageId),
+          hasPageToken
+        });
+      } catch (e) {
+        const msg = e instanceof Error ? e.message : "Failed to load status";
+        return json({ error: msg }, { status: 500 });
+      }
+    },
+    async publishBlogToFacebook(req, blogId) {
+      const a = await requireAuth(req);
+      if (a) return a;
+      const pe = await requireEntityPermission(req, "blogs", "update");
+      if (pe) return pe;
+      if (!Number.isFinite(blogId) || blogId < 1) {
+        return json({ error: "Invalid blog id" }, { status: 400 });
+      }
+      if (!entityMap.blogs) {
+        return json({ error: "Blogs entity not configured" }, { status: 503 });
+      }
+      try {
+        const map = await loadGroupMap(dataSource, entityMap, encryptionKey);
+        if (map.enabled === "false") {
+          return json({ error: "Social media plugin is disabled." }, { status: 400 });
+        }
+        const userToken = (map.meta_user_access_token ?? "").trim();
+        const pageId = (map.meta_facebook_page_id ?? "").trim();
+        if (!userToken || !pageId) {
+          return json(
+            {
+              error: "Configure Meta user access token and Facebook Page ID in Plugins \u2192 Social media \u2192 Facebook, then save."
+            },
+            { status: 400 }
+          );
+        }
+        let accounts;
+        try {
+          accounts = await metaFetchUserManagedPages(userToken);
+        } catch (e) {
+          const msg = e instanceof Error ? e.message : "Failed to load Facebook pages";
+          return json({ error: msg }, { status: 502 });
+        }
+        const pageAccessToken = metaResolvePageAccessToken(accounts, pageId);
+        if (!pageAccessToken) {
+          return json(
+            {
+              error: "No page access token for the saved Page ID. In Plugins \u2192 Facebook, use Fetch managed pages, copy a Page `id` you manage, set Target Page ID, and save."
+            },
+            { status: 400 }
+          );
+        }
+        const blogRepo = dataSource.getRepository(entityMap.blogs);
+        const blog = await blogRepo.findOne({
+          where: { id: blogId, deleted: false }
+        });
+        if (!blog) {
+          return json({ error: "Blog not found" }, { status: 404 });
+        }
+        const b = blog;
+        const title = String(b.title ?? "Blog").trim() || "Blog";
+        const social = String(b.socialMediaContent ?? "").trim();
+        const excerpt = stripHtml(String(b.content ?? ""), 2800);
+        const caption = (social || `${title}
+
+${excerpt}`).trim().slice(0, 2200);
+        const imagePayload = await loadImageBytesForBlogShare(
+          b.coverImage,
+          String(b.content ?? ""),
+          publicSiteUrl || inferRequestOrigin(req),
+          req
+        );
+        if (imagePayload) {
+          const out2 = await metaPostPagePhoto({
+            pageId,
+            pageAccessToken,
+            imageBuffer: imagePayload.buffer,
+            contentType: imagePayload.contentType,
+            caption
+          });
+          return json({
+            ok: true,
+            facebook: out2,
+            usedImage: true,
+            publishSummary: {
+              mode: "page_photo",
+              captionChars: caption.length,
+              imageSource: imagePayload.source,
+              facebookPostId: out2.post_id ?? out2.id ?? null
+            }
+          });
+        }
+        const out = await metaPostPageFeed({
+          pageId,
+          pageAccessToken,
+          message: caption
+        });
+        return json({
+          ok: true,
+          facebook: out,
+          usedImage: false,
+          usedFeed: true,
+          publishSummary: {
+            mode: "page_feed_text",
+            messageChars: caption.length,
+            facebookPostId: out.id ?? null
+          },
+          hint: "Posted as a Page text update (no JPEG/PNG cover or body image found). Add a JPEG/PNG cover or inline image for a photo post."
+        });
+      } catch (e) {
+        const msg = e instanceof Error ? e.message : "Facebook publish failed";
+        return json({ error: msg }, { status: 502 });
+      }
+    },
+    /**
+     * POST JSON `{ appId, appSecret, userAccessToken }`. Calls Graph `GET /me/accounts` with the user token.
+     * App ID and secret are validated but not used yet (reserved for future token flows).
+     * Persist credentials via Plugins → Save: `meta_app_id` (public), `meta_app_secret` and `meta_user_access_token` (encrypted).
+     */
+    async fetchFacebookManagedPages(req) {
+      const a = await requireAuth(req);
+      if (a) return a;
+      const pe = await requireEntityPermission(req, "settings", "read");
+      if (pe) return pe;
+      let body;
+      try {
+        body = await req.json();
+      } catch {
+        return json({ error: "Invalid JSON body" }, { status: 400 });
+      }
+      const appId = String(body?.appId ?? "").trim();
+      const appSecret = String(body?.appSecret ?? "").trim();
+      const userAccessToken = String(body?.userAccessToken ?? "").trim();
+      if (!appId || !appSecret || !userAccessToken) {
+        return json(
+          { error: "App ID, app secret, and user access token are required." },
+          { status: 400 }
+        );
+      }
+      void appId;
+      void appSecret;
+      try {
+        const graph = await metaFetchUserManagedPages(userAccessToken);
+        return json({ ok: true, graph });
+      } catch (e) {
+        const msg = e instanceof Error ? e.message : "Facebook Graph request failed";
+        return json({ error: msg }, { status: 502 });
+      }
+    }
+  };
+}
+
 // src/api/cms-api-handler.ts
 var KNOWLEDGE_SUFFIX = "knowledge";
 var CMS_API_LOG = "[cms-api]";
@@ -7277,7 +8609,9 @@ function withLlmKnowledgeEntityFallbacks(base) {
     "llm_agents",
     "llm_agent_knowledge_documents",
     "knowledge_base_documents",
-    "knowledge_base_chunks"
+    "knowledge_base_chunks",
+    "rss_feeds",
+    "rss_articles"
   ];
   const patch = {};
   for (const key of keys) {
@@ -7293,8 +8627,8 @@ function withLlmKnowledgeEntityFallbacks(base) {
   }
   return merged;
 }
-function matchLlmAgentKnowledgeRoute(path) {
-  const p = path[0] === "api" ? path.slice(1) : path;
+function matchLlmAgentKnowledgeRoute(path2) {
+  const p = path2[0] === "api" ? path2.slice(1) : path2;
   if (p[0] !== "llm_agents" || p.length < 2) return null;
   const seg1 = p[1];
   if (!seg1) return null;
@@ -7325,7 +8659,9 @@ var DEFAULT_EXCLUDE = /* @__PURE__ */ new Set([
   "wishlists",
   "wishlist_items",
   "message_templates",
-  "llm_agent_knowledge_documents"
+  "llm_agent_knowledge_documents",
+  "rss_feeds",
+  "rss_articles"
 ]);
 function createCmsApiHandler(config) {
   const {
@@ -7452,6 +8788,23 @@ function createCmsApiHandler(config) {
   const avatarPost = userAvatar ? createUserAvatarHandler(userAvatar) : null;
   const profileHandlers = userProfile ? createUserProfileHandler(userProfile) : null;
   const settingsHandlers = settingsConfig ? createSettingsApiHandlers(settingsConfig) : null;
+  function resolvePublicSiteUrlForSocial() {
+    if (typeof process === "undefined") return void 0;
+    const u = (process.env.CMS_PUBLIC_URL || process.env.NEXT_PUBLIC_SITE_URL || "").trim();
+    if (u) return u.replace(/\/+$/, "");
+    const v = (process.env.VERCEL_URL || "").trim();
+    if (!v) return void 0;
+    return v.startsWith("http") ? v.replace(/\/+$/, "") : `https://${v.replace(/\/+$/, "")}`;
+  }
+  const socialMediaHandlers = settingsConfig?.dataSource && entityMap.configs ? createSocialMediaHandlers({
+    dataSource: settingsConfig.dataSource,
+    entityMap,
+    json: config.json,
+    requireAuth: config.requireAuth,
+    requireEntityPermission: requireEntityPermissionEffective,
+    encryptionKey: settingsConfig.encryptionKey,
+    publicSiteUrl: resolvePublicSiteUrlForSocial()
+  }) : null;
   const smsMessageTemplateHandlers = createSmsMessageTemplateHandlers({
     dataSource,
     entityMap,
@@ -7478,95 +8831,526 @@ function createCmsApiHandler(config) {
   return {
     async handle(method, pathInput, req) {
       const m = typeof method === "string" ? method.toUpperCase() : "GET";
-      const path = pathInput.length > 0 && pathInput[0] === "api" ? pathInput.slice(1) : pathInput;
+      const path2 = pathInput.length > 0 && pathInput[0] === "api" ? pathInput.slice(1) : pathInput;
       async function analyticsGate() {
         const a = await config.requireAuth(req);
         if (a) return a;
         return requireEntityPermissionEffective(req, "analytics", "read");
       }
-      if (path[0] === "admin" && path[1] === "roles") {
+      if (path2[0] === "admin" && path2[1] === "roles") {
         if (!adminRoles) return config.json({ error: "Not found" }, { status: 404 });
-        if (path.length === 2 && m === "GET") return adminRoles.list();
-        if (path.length === 2 && m === "POST") return adminRoles.createGroup(req);
-        if (path.length === 3 && m === "PATCH") return adminRoles.patchGroup(req, path[2]);
-        if (path.length === 3 && m === "DELETE") return adminRoles.deleteGroup(path[2]);
-        if (path.length === 4 && path[3] === "permissions" && m === "PUT") return adminRoles.putPermissions(req, path[2]);
+        if (path2.length === 2 && m === "GET") return adminRoles.list();
+        if (path2.length === 2 && m === "POST") return adminRoles.createGroup(req);
+        if (path2.length === 3 && m === "PATCH") return adminRoles.patchGroup(req, path2[2]);
+        if (path2.length === 3 && m === "DELETE") return adminRoles.deleteGroup(path2[2]);
+        if (path2.length === 4 && path2[3] === "permissions" && m === "PUT") return adminRoles.putPermissions(req, path2[2]);
         return config.json({ error: "Not found" }, { status: 404 });
       }
-      if (path[0] === "dashboard" && path[1] === "stats" && path.length === 2 && m === "GET" && dashboardGet) {
+      if (path2[0] === "dashboard" && path2[1] === "stats" && path2.length === 2 && m === "GET" && dashboardGet) {
         return dashboardGet(req);
       }
-      if (path[0] === "dashboard" && path[1] === "ecommerce" && path.length === 2 && m === "GET" && ecommerceAnalyticsGet) {
+      if (path2[0] === "dashboard" && path2[1] === "ecommerce" && path2.length === 2 && m === "GET" && ecommerceAnalyticsGet) {
         const g = await analyticsGate();
         if (g) return g;
         return ecommerceAnalyticsGet(req);
       }
-      if (path[0] === "analytics" && analyticsHandlers) {
-        if (path.length === 1 && m === "GET") {
+      if (path2[0] === "blog-generator" && path2[1] === "feeds" && path2.length === 3 && m === "DELETE" && getCms) {
+        const id = path2[2];
+        const uuidLooksValid = typeof id === "string" && /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i.test(id);
+        const a = await config.requireAuth(req);
+        if (a) return a;
+        const pe = await requireEntityPermissionEffective(req, "blogs", "read");
+        if (pe) return pe;
+        if (!entityMap.rss_feeds) {
+          return config.json({ error: "RSS feeds are not configured (missing entity map)." }, { status: 503 });
+        }
+        if (!uuidLooksValid) {
+          return config.json({ error: "Invalid feed id" }, { status: 400 });
+        }
+        try {
+          await dataSource.getRepository(entityMap.rss_feeds).delete({ id });
+          return config.json({ ok: true });
+        } catch (e) {
+          const message = e instanceof Error ? e.message : "Delete failed";
+          return config.json({ error: message }, { status: 500 });
+        }
+      }
+      if (path2[0] === "blog-generator" && path2[1] === "feeds" && path2.length === 2 && m === "GET" && getCms) {
+        const a = await config.requireAuth(req);
+        if (a) return a;
+        const pe = await requireEntityPermissionEffective(req, "blogs", "read");
+        if (pe) return pe;
+        if (!entityMap.rss_feeds) {
+          return config.json({ error: "RSS feeds are not configured (missing entity map)." }, { status: 503 });
+        }
+        try {
+          const list = await dataSource.getRepository(entityMap.rss_feeds).find({
+            where: { isActive: true },
+            order: { updatedAt: "DESC" }
+          });
+          return config.json({ feeds: list.map(serializeRssFeed) });
+        } catch (e) {
+          const message = e instanceof Error ? e.message : "Failed to list feeds";
+          return config.json({ error: message }, { status: 500 });
+        }
+      }
+      if (path2[0] === "blog-generator" && path2[1] === "feeds" && path2.length === 2 && m === "POST" && getCms) {
+        const a = await config.requireAuth(req);
+        if (a) return a;
+        const pe = await requireEntityPermissionEffective(req, "blogs", "read");
+        if (pe) return pe;
+        if (!entityMap.rss_feeds) {
+          return config.json({ error: "RSS feeds are not configured (missing entity map)." }, { status: 503 });
+        }
+        let body;
+        try {
+          body = await req.json();
+        } catch {
+          return config.json({ error: "Invalid JSON body" }, { status: 400 });
+        }
+        const rowsIn = Array.isArray(body.rows) ? body.rows : [];
+        const rows = rowsIn.map((r) => r).map((r) => {
+          let websiteUrl;
+          if ("websiteUrl" in r) {
+            const w = r.websiteUrl;
+            if (w === null || w === "") websiteUrl = null;
+            else if (typeof w === "string") websiteUrl = w;
+          }
+          return {
+            rssUrl: typeof r.rssUrl === "string" ? r.rssUrl.trim() : "",
+            name: typeof r.name === "string" ? r.name : void 0,
+            websiteUrl
+          };
+        }).filter((r) => r.rssUrl !== "");
+        try {
+          const Feed = entityMap.rss_feeds;
+          for (const r of rows) {
+            await upsertRssFeedRow(dataSource, Feed, r.rssUrl, {
+              name: r.name,
+              websiteUrl: r.websiteUrl
+            });
+          }
+          const list = await dataSource.getRepository(Feed).find({
+            where: { isActive: true },
+            order: { updatedAt: "DESC" }
+          });
+          return config.json({ feeds: list.map(serializeRssFeed) });
+        } catch (e) {
+          const message = e instanceof Error ? e.message : "Failed to save feeds";
+          return config.json({ error: message }, { status: 500 });
+        }
+      }
+      if (path2[0] === "blog-generator" && path2[1] === "latest" && path2.length === 2 && m === "POST" && getCms) {
+        const a = await config.requireAuth(req);
+        if (a) return a;
+        const pe = await requireEntityPermissionEffective(req, "blogs", "read");
+        if (pe) return pe;
+        const cms = await getCms();
+        const svc = cms.getPlugin("blog_generator");
+        if (!svc) {
+          return config.json({ error: "Blog Generator plugin is not enabled" }, { status: 503 });
+        }
+        let body;
+        try {
+          body = await req.json();
+        } catch {
+          return config.json({ error: "Invalid JSON body" }, { status: 400 });
+        }
+        const rawUrls = [];
+        if (Array.isArray(body.rssUrls)) {
+          for (const u of body.rssUrls) {
+            if (typeof u === "string") {
+              const t = u.trim();
+              if (t) rawUrls.push(t);
+            }
+          }
+        }
+        if (rawUrls.length === 0 && typeof body.rssUrl === "string" && body.rssUrl.trim()) {
+          rawUrls.push(body.rssUrl.trim());
+        }
+        const seen = /* @__PURE__ */ new Set();
+        const urls = rawUrls.filter((u) => {
+          if (seen.has(u)) return false;
+          seen.add(u);
+          return true;
+        });
+        if (urls.length === 0) {
+          return config.json({ error: "Provide rssUrls (array) or rssUrl (string)" }, { status: 400 });
+        }
+        const results = [];
+        for (const rssUrl of urls) {
+          try {
+            if (entityMap.rss_feeds) {
+              await upsertRssFeedRow(dataSource, entityMap.rss_feeds, rssUrl);
+            }
+            const latest = await svc.getLatestArticleFromFeed(rssUrl);
+            if (entityMap.rss_feeds) {
+              await recordRssFetchSuccess(
+                dataSource,
+                entityMap.rss_feeds,
+                entityMap.rss_articles,
+                rssUrl,
+                latest == null ? null : {
+                  title: latest.title,
+                  link: latest.link,
+                  summary: latest.summary,
+                  content: latest.content,
+                  creator: latest.creator,
+                  date: latest.date
+                }
+              );
+            }
+            const article = latest == null ? null : {
+              title: latest.title,
+              link: latest.link,
+              summary: latest.summary,
+              content: latest.content,
+              date: latest.date.toISOString()
+            };
+            results.push({ rssUrl, article });
+          } catch (e) {
+            const message = e instanceof Error ? e.message : "Failed to parse feed";
+            results.push({ rssUrl, article: null, error: message });
+          }
+        }
+        const singleArticle = results.length === 1 ? results[0].article : void 0;
+        return config.json({ results, article: singleArticle });
+      }
+      if (path2[0] === "blog-generator" && path2[1] === "generate" && path2.length === 2 && m === "POST" && getCms) {
+        const a = await config.requireAuth(req);
+        if (a) return a;
+        const pe = await requireEntityPermissionEffective(req, "blogs", "read");
+        if (pe) return pe;
+        const cms = await getCms();
+        const svc = cms.getPlugin("blog_generator");
+        if (!svc) {
+          return config.json({ error: "Blog Generator plugin is not enabled" }, { status: 503 });
+        }
+        const llm = cms.getPlugin("llm");
+        if (!llm) {
+          return config.json({ error: "LLM plugin is not enabled. Configure the LLM gateway to generate articles." }, { status: 503 });
+        }
+        let body;
+        try {
+          body = await req.json();
+        } catch {
+          return config.json({ error: "Invalid JSON body" }, { status: 400 });
+        }
+        const rawUrls = [];
+        if (Array.isArray(body.rssUrls)) {
+          for (const u of body.rssUrls) {
+            if (typeof u === "string") {
+              const t = u.trim();
+              if (t) rawUrls.push(t);
+            }
+          }
+        }
+        if (rawUrls.length === 0 && typeof body.rssUrl === "string" && body.rssUrl.trim()) {
+          rawUrls.push(body.rssUrl.trim());
+        }
+        const seen = /* @__PURE__ */ new Set();
+        const rssUrls = rawUrls.filter((u) => {
+          if (seen.has(u)) return false;
+          seen.add(u);
+          return true;
+        });
+        if (rssUrls.length === 0) {
+          return config.json({ error: "Provide rssUrls (non-empty array) or rssUrl (string)" }, { status: 400 });
+        }
+        const systemInstruction = typeof body.systemInstruction === "string" ? body.systemInstruction : void 0;
+        const validationRules = typeof body.validationRules === "string" ? body.validationRules : void 0;
+        const persistToCms = body.persistToCms === true;
+        let llmAgentChatOptions;
+        let llmAgentResolution = null;
+        let metadataLlmAgentChatOptions;
+        let metadataLlmAgentResolution = null;
+        let socialLlmAgentChatOptions;
+        let socialLlmAgentResolution = null;
+        let metadataRow = null;
+        let socialRow = null;
+        if (entityMap.llm_agents) {
+          const agentRepo = dataSource.getRepository(entityMap.llm_agents);
+          const agentRow = await agentRepo.findOne({
+            where: { slug: BLOG_GENERATOR_LLM_AGENT_SLUG, deleted: false, enabled: true }
+          });
+          if (agentRow) {
+            const o = llmAgentToChatAgentOptions(agentRow);
+            llmAgentChatOptions = {
+              model: o.model,
+              temperature: o.temperature,
+              max_tokens: o.max_tokens
+            };
+            llmAgentResolution = {
+              slug: BLOG_GENERATOR_LLM_AGENT_SLUG,
+              model: agentRow.model?.trim() || null,
+              temperature: agentRow.temperature ?? null,
+              maxTokens: agentRow.maxTokens ?? null
+            };
+          }
+          metadataRow = await agentRepo.findOne({
+            where: { slug: BLOG_METADATA_ENRICHER_LLM_AGENT_SLUG, deleted: false, enabled: true }
+          });
+          if (metadataRow) {
+            const mo = llmAgentToChatAgentOptions(metadataRow);
+            metadataLlmAgentChatOptions = {
+              model: mo.model,
+              temperature: mo.temperature,
+              max_tokens: mo.max_tokens
+            };
+            metadataLlmAgentResolution = {
+              slug: BLOG_METADATA_ENRICHER_LLM_AGENT_SLUG,
+              model: metadataRow.model?.trim() || null,
+              temperature: metadataRow.temperature ?? null,
+              maxTokens: metadataRow.maxTokens ?? null
+            };
+          }
+          socialRow = await agentRepo.findOne({
+            where: { slug: BLOG_SOCIAL_ENRICHER_LLM_AGENT_SLUG, deleted: false, enabled: true }
+          });
+          if (socialRow) {
+            const so = llmAgentToChatAgentOptions(socialRow);
+            socialLlmAgentChatOptions = {
+              model: so.model,
+              temperature: so.temperature,
+              max_tokens: so.max_tokens
+            };
+            socialLlmAgentResolution = {
+              slug: BLOG_SOCIAL_ENRICHER_LLM_AGENT_SLUG,
+              model: socialRow.model?.trim() || null,
+              temperature: socialRow.temperature ?? null,
+              maxTokens: socialRow.maxTokens ?? null
+            };
+          }
+        }
+        try {
+          const categoryEntities = entityMap.categories ? await dataSource.getRepository(entityMap.categories).find({
+            where: { deleted: false },
+            select: ["id", "name"]
+          }) : [];
+          const categoryRows = categoryEntities.map((r) => ({
+            id: Number(r.id),
+            name: String(r.name ?? "").trim()
+          })).filter((r) => Number.isFinite(r.id) && r.name !== "");
+          const tagEntities = entityMap.tags ? await dataSource.getRepository(entityMap.tags).find({
+            where: { deleted: false },
+            select: ["name"]
+          }) : [];
+          const tagNames = tagEntities.map((r) => String(r.name ?? "").trim()).filter((n) => n !== "");
+          const out = await svc.generateBlogMarkdownFromRss({
+            llm,
+            rssUrls,
+            systemInstruction,
+            validationRules,
+            categoryNamesHint: categoryRows.map((c) => c.name),
+            tagNamesHint: tagNames,
+            llmAgentChatOptions,
+            metadataSystemInstruction: metadataRow?.systemInstruction,
+            metadataValidationRules: metadataRow?.validationRules ?? void 0,
+            metadataLlmAgentChatOptions,
+            socialSystemInstruction: socialRow?.systemInstruction,
+            socialValidationRules: socialRow?.validationRules ?? void 0,
+            socialLlmAgentChatOptions
+          });
+          let savedBlogs;
+          if (persistToCms) {
+            const pCreate = await requireEntityPermissionEffective(req, "blogs", "create");
+            if (pCreate) return pCreate;
+            if (!entityMap.blogs || !entityMap.tags || !entityMap.categories || !entityMap.seos) {
+              return config.json(
+                { error: "persistToCms requires blogs, tags, categories, and seos in the entity map." },
+                { status: 503 }
+              );
+            }
+            let authorId = null;
+            if (getSessionUser) {
+              const su = await getSessionUser();
+              if (su?.id) {
+                const n = Number(su.id);
+                if (Number.isFinite(n)) authorId = n;
+              }
+              if (authorId == null && su?.email?.trim() && entityMap.users) {
+                const ur = await dataSource.getRepository(entityMap.users).findOne({
+                  where: { email: su.email.trim(), deleted: false },
+                  select: ["id"]
+                });
+                if (ur) authorId = Number(ur.id);
+              }
+            }
+            if (authorId == null || !Number.isFinite(authorId)) {
+              return config.json(
+                {
+                  error: "persistToCms requires a logged-in user with id in session or a users row matching session email."
+                },
+                { status: 400 }
+              );
+            }
+            savedBlogs = await persistAllGeneratedBlogDrafts(
+              dataSource,
+              {
+                blogs: entityMap.blogs,
+                tags: entityMap.tags,
+                categories: entityMap.categories,
+                seos: entityMap.seos
+              },
+              { drafts: out.blogDrafts, authorId }
+            );
+          }
+          const blogs = out.blogDrafts.map((draft) => {
+            const { categoryId, matched: categoryMatched } = resolveBlogCategoryIdByName(
+              draft.categoryName,
+              categoryRows
+            );
+            return {
+              title: draft.title,
+              slug: draft.slug ?? null,
+              markdown: draft.markdown,
+              socialMediaContent: draft.socialMediaContent ?? null,
+              categoryName: draft.categoryName,
+              categoryId,
+              categoryMatched,
+              seo: draft.seo,
+              tags: draft.tags,
+              parseMode: draft.parseMode
+            };
+          });
+          const firstArticle = out.article;
+          return config.json({
+            agentName: out.agentName,
+            blogMarkdown: out.blogMarkdown,
+            blogs,
+            blog: blogs[0] ?? null,
+            feedArticles: out.feedArticles.map((f) => ({
+              rssUrl: f.rssUrl,
+              article: {
+                title: f.article.title,
+                link: f.article.link,
+                summary: f.article.summary,
+                content: f.article.content,
+                date: f.article.date.toISOString()
+              }
+            })),
+            llmAgent: llmAgentResolution,
+            metadataLlmAgent: metadataLlmAgentResolution,
+            socialLlmAgent: socialLlmAgentResolution,
+            article: {
+              title: firstArticle.title,
+              link: firstArticle.link,
+              summary: firstArticle.summary,
+              content: firstArticle.content,
+              date: firstArticle.date.toISOString()
+            },
+            ...savedBlogs != null ? { savedBlogs } : {}
+          });
+        } catch (e) {
+          const message = e instanceof Error ? e.message : "Failed to generate blog";
+          const status = /No items found|LLM returned empty/i.test(message) ? 400 : 502;
+          return config.json({ error: message }, { status });
+        }
+      }
+      if (path2[0] === "analytics" && analyticsHandlers) {
+        if (path2.length === 1 && m === "GET") {
           const g = await analyticsGate();
           if (g) return g;
           return analyticsHandlers.GET(req);
         }
-        if (path.length === 2 && path[1] === "property-id" && m === "GET") {
+        if (path2.length === 2 && path2[1] === "property-id" && m === "GET") {
           const g = await analyticsGate();
           if (g) return g;
           return analyticsHandlers.propertyId();
         }
-        if (path.length === 2 && path[1] === "permissions" && m === "GET") {
+        if (path2.length === 2 && path2[1] === "permissions" && m === "GET") {
           const g = await analyticsGate();
           if (g) return g;
           return analyticsHandlers.permissions();
         }
       }
-      if (path[0] === "upload" && path.length === 1 && m === "POST" && uploadPost) return uploadPost(req);
-      if (path[0] === "media" && path[1] === "extract" && path.length === 3 && m === "POST" && zipExtractPost) {
-        return zipExtractPost(req, path[2]);
+      if (path2[0] === "upload" && path2.length === 1 && m === "POST" && uploadPost) return uploadPost(req);
+      if (path2[0] === "media" && path2[1] === "extract" && path2.length === 3 && m === "POST" && zipExtractPost) {
+        return zipExtractPost(req, path2[2]);
       }
-      if (path[0] === "blogs" && path[1] === "slug" && path.length === 3 && m === "GET" && blogBySlugGet) {
-        return blogBySlugGet(req, path[2]);
+      if (path2[0] === "blogs" && path2[1] === "slug" && path2.length === 3 && m === "GET" && blogBySlugGet) {
+        return blogBySlugGet(req, path2[2]);
       }
-      if (path[0] === "forms" && path[1] === "slug" && path.length === 3 && m === "GET" && formBySlugGet) {
-        return formBySlugGet(req, path[2]);
+      if (path2[0] === "forms" && path2[1] === "slug" && path2.length === 3 && m === "GET" && formBySlugGet) {
+        return formBySlugGet(req, path2[2]);
       }
-      if (path[0] === "form-submissions") {
-        if (path.length === 1) {
+      if (path2[0] === "form-submissions") {
+        if (path2.length === 1) {
           if (m === "GET" && formSubmissionList) return formSubmissionList(req);
           if (m === "POST" && formSubmissionPost) return formSubmissionPost(req);
         }
-        if (path.length === 2 && m === "GET" && formSubmissionGetById) return formSubmissionGetById(req, path[1]);
+        if (path2.length === 2 && m === "GET" && formSubmissionGetById) return formSubmissionGetById(req, path2[1]);
       }
-      if (path[0] === "forms" && formSaveHandlers) {
-        if (path.length === 1 && m === "POST") return formSaveHandlers.POST(req);
-        if (path.length === 2) {
-          if (m === "GET") return formSaveHandlers.GET(req, path[1]);
-          if (m === "PUT" || m === "PATCH") return formSaveHandlers.PUT(req, path[1]);
+      if (path2[0] === "forms" && formSaveHandlers) {
+        if (path2.length === 1 && m === "POST") return formSaveHandlers.POST(req);
+        if (path2.length === 2) {
+          if (m === "GET") return formSaveHandlers.GET(req, path2[1]);
+          if (m === "PUT" || m === "PATCH") return formSaveHandlers.PUT(req, path2[1]);
         }
       }
-      if (path[0] === "users" && usersHandlers) {
-        if (path.length === 1) {
+      if (path2[0] === "users" && usersHandlers) {
+        if (path2.length === 1) {
           if (m === "GET") return usersHandlers.list(req);
           if (m === "POST") return usersHandlers.create(req);
         }
-        if (path.length === 2) {
-          if (path[1] === "avatar" && m === "POST" && avatarPost) return avatarPost(req);
-          if (path[1] === "profile" && profileHandlers) {
+        if (path2.length === 2) {
+          if (path2[1] === "avatar" && m === "POST" && avatarPost) return avatarPost(req);
+          if (path2[1] === "profile" && profileHandlers) {
             if (m === "GET") return profileHandlers.GET(req);
             if (m === "PUT") return profileHandlers.PUT(req);
           }
-          const id = path[1];
+          const id = path2[1];
           if (m === "GET") return usersHandlers.getById(req, id);
           if (m === "PUT" || m === "PATCH") return usersHandlers.update(req, id);
           if (m === "DELETE") return usersHandlers.delete(req, id);
         }
-        if (path.length === 3 && path[2] === "regenerate-invite" && m === "POST") {
-          return usersHandlers.regenerateInvite(req, path[1]);
+        if (path2.length === 3 && path2[2] === "regenerate-invite" && m === "POST") {
+          return usersHandlers.regenerateInvite(req, path2[1]);
         }
       }
-      if (path[0] === "users" && path.length === 2 && userAuthRouter && m === "POST") {
-        return userAuthRouter.POST(req, path[1]);
+      if (path2[0] === "users" && path2.length === 2 && userAuthRouter && m === "POST") {
+        return userAuthRouter.POST(req, path2[1]);
       }
-      if (path[0] === "settings" && path.length === 2 && settingsHandlers) {
-        const group = path[1];
+      if (path2[0] === "social-media" && path2[1] === "linkedin" && socialMediaHandlers && path2.length === 3) {
+        const tail = path2[2];
+        if (tail === "status" && m === "GET") {
+          return socialMediaHandlers.getLinkedInStatus(req);
+        }
+        if (tail === "sync-profile" && m === "POST") {
+          return socialMediaHandlers.syncLinkedInProfile(req);
+        }
+        if (tail === "publish-blog" && m === "POST") {
+          let body;
+          try {
+            body = await req.json();
+          } catch {
+            return config.json({ error: "Invalid JSON body" }, { status: 400 });
+          }
+          const id = Number(body?.blogId);
+          return socialMediaHandlers.publishBlogToLinkedIn(req, id);
+        }
+      }
+      if (path2[0] === "social-media" && path2[1] === "facebook" && socialMediaHandlers && path2.length === 3) {
+        const tail = path2[2];
+        if (tail === "fetch-pages" && m === "POST") {
+          return socialMediaHandlers.fetchFacebookManagedPages(req);
+        }
+        if (tail === "status" && m === "GET") {
+          return socialMediaHandlers.getFacebookStatus(req);
+        }
+        if (tail === "publish-blog" && m === "POST") {
+          let body;
+          try {
+            body = await req.json();
+          } catch {
+            return config.json({ error: "Invalid JSON body" }, { status: 400 });
+          }
+          const id = Number(body?.blogId);
+          return socialMediaHandlers.publishBlogToFacebook(req, id);
+        }
+      }
+      if (path2[0] === "settings" && path2.length === 2 && settingsHandlers) {
+        const group = path2[1];
         const isPublic = settingsConfig?.publicGetGroups?.includes(group);
         if (m === "GET") {
           if (!isPublic) {
@@ -7583,15 +9367,15 @@ function createCmsApiHandler(config) {
           return settingsHandlers.PUT(req, group);
         }
       }
-      if (path[0] === "message-templates" && path[1] === "sms" && path.length === 2) {
+      if (path2[0] === "message-templates" && path2[1] === "sms" && path2.length === 2) {
         if (m === "GET") return smsMessageTemplateHandlers.GET(req);
         if (m === "PUT") return smsMessageTemplateHandlers.PUT(req);
       }
-      if (path[0] === "llm_agents") {
+      if (path2[0] === "llm_agents") {
         if (!entityMap.llm_agents) {
           console.error(CMS_API_LOG, "llm_agents route: entity missing after merge", {
             method: m,
-            pathJoined: path.join("/"),
+            pathJoined: path2.join("/"),
             entityMapKeyCount: Object.keys(entityMap).length
           });
           return config.json(
@@ -7599,19 +9383,19 @@ function createCmsApiHandler(config) {
             { status: 503 }
           );
         }
-        if (path.length === 1) {
+        if (path2.length === 1) {
           if (m === "GET") return crud.GET(req, "llm_agents");
           if (m === "POST") return crud.POST(req, "llm_agents");
         }
-        if (path.length === 2 && !path[1]?.includes("knowledge")) {
-          const id = path[1];
+        if (path2.length === 2 && !path2[1]?.includes("knowledge")) {
+          const id = path2[1];
           if (m === "GET") return crudById.GET(req, "llm_agents", id);
           if (m === "PUT" || m === "PATCH") return crudById.PUT(req, "llm_agents", id);
           if (m === "DELETE") return crudById.DELETE(req, "llm_agents", id);
         }
       }
       {
-        const kbMatch = matchLlmAgentKnowledgeRoute(path);
+        const kbMatch = matchLlmAgentKnowledgeRoute(path2);
         if (kbMatch) {
           if (!llmAgentKnowledgeHandlers) {
             return config.json(
@@ -7634,29 +9418,29 @@ function createCmsApiHandler(config) {
           }
         }
       }
-      if (path[0] === "chat" && chatHandlers) {
-        if (path.length === 2 && path[1] === "config" && m === "GET") return chatHandlers.publicConfig(req);
-        if (path.length === 2 && path[1] === "identify" && m === "POST") return chatHandlers.identify(req);
-        if (path.length === 4 && path[1] === "conversations" && path[3] === "messages" && m === "GET") return chatHandlers.getMessages(req, path[2]);
-        if (path.length === 2 && path[1] === "messages" && m === "POST") return chatHandlers.postMessage(req);
+      if (path2[0] === "chat" && chatHandlers) {
+        if (path2.length === 2 && path2[1] === "config" && m === "GET") return chatHandlers.publicConfig(req);
+        if (path2.length === 2 && path2[1] === "identify" && m === "POST") return chatHandlers.identify(req);
+        if (path2.length === 4 && path2[1] === "conversations" && path2[3] === "messages" && m === "GET") return chatHandlers.getMessages(req, path2[2]);
+        if (path2.length === 2 && path2[1] === "messages" && m === "POST") return chatHandlers.postMessage(req);
       }
-      if (path[0] === "orders" && path.length === 3 && path[2] === "invoice" && m === "GET" && getCms) {
+      if (path2[0] === "orders" && path2.length === 3 && path2[2] === "invoice" && m === "GET" && getCms) {
         const a = await config.requireAuth(req);
         if (a) return a;
         const pe = await requireEntityPermissionEffective(req, "orders", "read");
         if (pe) return pe;
         const cms = await getCms();
         const { streamOrderInvoicePdf: streamOrderInvoicePdf2 } = await Promise.resolve().then(() => (init_erp_order_invoice(), erp_order_invoice_exports));
-        const oid = Number(path[1]);
+        const oid = Number(path2[1]);
         if (!Number.isFinite(oid)) return config.json({ error: "Invalid id" }, { status: 400 });
         return streamOrderInvoicePdf2(cms, dataSource, entityMap, oid, {});
       }
-      if (path[0] === "orders" && path.length === 3 && path[2] === "repost-erp" && getCms) {
+      if (path2[0] === "orders" && path2.length === 3 && path2[2] === "repost-erp" && getCms) {
         const a = await config.requireAuth(req);
         if (a) return a;
         const pe = await requireEntityPermissionEffective(req, "orders", m === "GET" ? "read" : "update");
         if (pe) return pe;
-        const oid = Number(path[1]);
+        const oid = Number(path2[1]);
         if (!Number.isFinite(oid)) return config.json({ error: "Invalid id" }, { status: 400 });
         const cms = await getCms();
         const { isErpIntegrationEnabled: isErpIntegrationEnabled3 } = await Promise.resolve().then(() => (init_erp_config_enabled(), erp_config_enabled_exports));
@@ -7672,13 +9456,13 @@ function createCmsApiHandler(config) {
         }
         return config.json({ error: "Method not allowed" }, { status: 405 });
       }
-      if (path.length === 0) return config.json({ error: "Not found" }, { status: 404 });
-      const resource = resolveResource(path[0]);
+      if (path2.length === 0) return config.json({ error: "Not found" }, { status: 404 });
+      const resource = resolveResource(path2[0]);
       if (!crudResources.includes(resource)) {
         console.warn(CMS_API_LOG, "generic CRUD gate: Invalid resource (not in crudResources)", {
           method: m,
-          pathJoined: path.join("/"),
-          pathSegments: path,
+          pathJoined: path2.join("/"),
+          pathSegments: path2,
           resource,
           hasLlmAgentsEntity: Boolean(entityMap.llm_agents),
           crudResourcesHasResource: crudResources.includes(resource),
@@ -7686,24 +9470,24 @@ function createCmsApiHandler(config) {
         });
         return config.json({ error: "Invalid resource" }, { status: 400 });
       }
-      if (path.length === 2) {
-        if (path[1] === "metadata" && m === "GET") {
+      if (path2.length === 2) {
+        if (path2[1] === "metadata" && m === "GET") {
           return crud.GET_METADATA(req, resource);
         }
-        if (path[1] === "bulk" && m === "POST") {
+        if (path2[1] === "bulk" && m === "POST") {
           return crud.BULK_POST(req, resource);
         }
-        if (path[1] === "export" && m === "GET") {
+        if (path2[1] === "export" && m === "GET") {
           return crud.GET_EXPORT(req, resource);
         }
       }
-      if (path.length === 1) {
+      if (path2.length === 1) {
         if (m === "GET") return crud.GET(req, resource);
         if (m === "POST") return crud.POST(req, resource);
         return config.json({ error: "Method not allowed" }, { status: 405 });
       }
-      if (path.length === 2) {
-        const id = path[1];
+      if (path2.length === 2) {
+        const id = path2[1];
         if (m === "GET") return crudById.GET(req, resource, id);
         if (m === "PUT" || m === "PATCH") return crudById.PUT(req, resource, id);
         if (m === "DELETE") return crudById.DELETE(req, resource, id);
@@ -7715,7 +9499,7 @@ function createCmsApiHandler(config) {
 }
 
 // src/api/storefront-handlers.ts
-var import_typeorm47 = require("typeorm");
+var import_typeorm49 = require("typeorm");
 
 // src/lib/is-valid-signup-email.ts
 var MAX_EMAIL = 254;
@@ -7975,7 +9759,7 @@ async function queueSms(cms, payload) {
 
 // src/lib/otp-challenge.ts
 var import_crypto = require("crypto");
-var import_typeorm46 = require("typeorm");
+var import_typeorm48 = require("typeorm");
 var OTP_TTL_MS = 10 * 60 * 1e3;
 var MAX_SENDS_PER_HOUR = 5;
 var MAX_VERIFY_ATTEMPTS = 8;
@@ -8009,7 +9793,7 @@ function normalizePhoneE164(raw, defaultCountryCode) {
 async function countRecentOtpSends(dataSource, entityMap, purpose, identifier, since) {
   const repo = dataSource.getRepository(entityMap.otp_challenges);
   return repo.count({
-    where: { purpose, identifier, createdAt: (0, import_typeorm46.MoreThan)(since) }
+    where: { purpose, identifier, createdAt: (0, import_typeorm48.MoreThan)(since) }
   });
 }
 async function createOtpChallenge(dataSource, entityMap, input) {
@@ -8023,7 +9807,7 @@ async function createOtpChallenge(dataSource, entityMap, input) {
   await repo.delete({
     purpose,
     identifier,
-    consumedAt: (0, import_typeorm46.IsNull)()
+    consumedAt: (0, import_typeorm48.IsNull)()
   });
   const expiresAt = new Date(Date.now() + OTP_TTL_MS);
   const codeHash = hashOtpCode(code, purpose, identifier, pepper);
@@ -8044,7 +9828,7 @@ async function verifyAndConsumeOtpChallenge(dataSource, entityMap, input) {
   const { purpose, identifier, code, pepper } = input;
   const repo = dataSource.getRepository(entityMap.otp_challenges);
   const row = await repo.findOne({
-    where: { purpose, identifier, consumedAt: (0, import_typeorm46.IsNull)() },
+    where: { purpose, identifier, consumedAt: (0, import_typeorm48.IsNull)() },
     order: { id: "DESC" }
   });
   if (!row) {
@@ -8278,7 +10062,7 @@ function createStorefrontApiHandler(config) {
     const u = await userRepo().findOne({ where: { id: userId } });
     if (!u) return null;
     const unclaimed = await contactRepo().findOne({
-      where: { email: u.email, userId: (0, import_typeorm47.IsNull)(), deleted: false }
+      where: { email: u.email, userId: (0, import_typeorm49.IsNull)(), deleted: false }
     });
     if (unclaimed) {
       await contactRepo().update(unclaimed.id, { userId });
@@ -8421,7 +10205,7 @@ function createStorefrontApiHandler(config) {
     };
   }
   return {
-    async handle(method, path, req) {
+    async handle(method, path2, req) {
       try {
         let serializeAddress2 = function(a) {
           return {
@@ -8437,7 +10221,7 @@ function createStorefrontApiHandler(config) {
           };
         };
         var serializeAddress = serializeAddress2;
-        if (path[0] === "products" && path.length === 1 && method === "GET") {
+        if (path2[0] === "products" && path2.length === 1 && method === "GET") {
           const url = new URL(req.url || "", "http://localhost");
           const collectionSlug = url.searchParams.get("collection")?.trim();
           const collectionId = url.searchParams.get("collectionId");
@@ -8479,8 +10263,8 @@ function createStorefrontApiHandler(config) {
             ...collectionFilter && { collection: collectionFilter }
           });
         }
-        if (path[0] === "products" && path.length === 2 && method === "GET") {
-          const idOrSlug = path[1];
+        if (path2[0] === "products" && path2.length === 2 && method === "GET") {
+          const idOrSlug = path2[1];
           const byId = /^\d+$/.test(idOrSlug);
           const product = await productRepo().findOne({
             where: byId ? { id: parseInt(idOrSlug, 10), status: "available", deleted: false } : { slug: idOrSlug, status: "available", deleted: false },
@@ -8495,7 +10279,7 @@ function createStorefrontApiHandler(config) {
           })).filter((t) => t.name || t.value);
           return json({ ...serializeProduct(p), attributes: attributeTags });
         }
-        if (path[0] === "collections" && path.length === 1 && method === "GET") {
+        if (path2[0] === "collections" && path2.length === 1 && method === "GET") {
           const items = await collectionRepo().find({
             where: { active: true, deleted: false },
             order: { sortOrder: "ASC", id: "ASC" }
@@ -8524,8 +10308,8 @@ function createStorefrontApiHandler(config) {
             })
           });
         }
-        if (path[0] === "collections" && path.length === 2 && method === "GET") {
-          const idOrSlug = path[1];
+        if (path2[0] === "collections" && path2.length === 2 && method === "GET") {
+          const idOrSlug = path2[1];
           const byId = /^\d+$/.test(idOrSlug);
           const collection = await collectionRepo().findOne({
             where: byId ? { id: parseInt(idOrSlug, 10), active: true, deleted: false } : { slug: idOrSlug, active: true, deleted: false },
@@ -8548,7 +10332,7 @@ function createStorefrontApiHandler(config) {
             products: products.map((p) => serializeProduct(p))
           });
         }
-        if (path[0] === "profile" && path.length === 1 && method === "GET") {
+        if (path2[0] === "profile" && path2.length === 1 && method === "GET") {
           const u = await getSessionUser();
           const uid = u?.id ? parseInt(String(u.id), 10) : NaN;
           if (!Number.isFinite(uid)) return json({ error: "Unauthorized" }, { status: 401 });
@@ -8565,7 +10349,7 @@ function createStorefrontApiHandler(config) {
             } : null
           });
         }
-        if (path[0] === "profile" && path.length === 1 && method === "PUT") {
+        if (path2[0] === "profile" && path2.length === 1 && method === "PUT") {
           const u = await getSessionUser();
           const uid = u?.id ? parseInt(String(u.id), 10) : NaN;
           if (!Number.isFinite(uid)) return json({ error: "Unauthorized" }, { status: 401 });
@@ -8602,7 +10386,7 @@ function createStorefrontApiHandler(config) {
           if (!contact) return json({ error: "Contact not found" }, { status: 404 });
           return { contactId: contact.id };
         }
-        if (path[0] === "addresses" && path.length === 1 && method === "GET") {
+        if (path2[0] === "addresses" && path2.length === 1 && method === "GET") {
           const contactOrErr = await getContactForAddresses();
           if (contactOrErr instanceof Response) return contactOrErr;
           const list = await addressRepo().find({
@@ -8611,7 +10395,7 @@ function createStorefrontApiHandler(config) {
           });
           return json({ addresses: list.map((a) => serializeAddress2(a)) });
         }
-        if (path[0] === "addresses" && path.length === 1 && method === "POST") {
+        if (path2[0] === "addresses" && path2.length === 1 && method === "POST") {
           const contactOrErr = await getContactForAddresses();
           if (contactOrErr instanceof Response) return contactOrErr;
           const b = await req.json().catch(() => ({}));
@@ -8630,10 +10414,10 @@ function createStorefrontApiHandler(config) {
           const created = await addressRepo().save(addressRepo().create(row));
           return json(serializeAddress2(created));
         }
-        if (path[0] === "addresses" && path.length === 2 && (method === "PATCH" || method === "PUT")) {
+        if (path2[0] === "addresses" && path2.length === 2 && (method === "PATCH" || method === "PUT")) {
           const contactOrErr = await getContactForAddresses();
           if (contactOrErr instanceof Response) return contactOrErr;
-          const id = parseInt(path[1], 10);
+          const id = parseInt(path2[1], 10);
           if (!Number.isFinite(id)) return json({ error: "Invalid id" }, { status: 400 });
           const existing = await addressRepo().findOne({ where: { id, contactId: contactOrErr.contactId } });
           if (!existing) return json({ error: "Not found" }, { status: 404 });
@@ -8659,17 +10443,17 @@ function createStorefrontApiHandler(config) {
           const updated = await addressRepo().findOne({ where: { id } });
           return json(serializeAddress2(updated));
         }
-        if (path[0] === "addresses" && path.length === 2 && method === "DELETE") {
+        if (path2[0] === "addresses" && path2.length === 2 && method === "DELETE") {
           const contactOrErr = await getContactForAddresses();
           if (contactOrErr instanceof Response) return contactOrErr;
-          const id = parseInt(path[1], 10);
+          const id = parseInt(path2[1], 10);
           if (!Number.isFinite(id)) return json({ error: "Invalid id" }, { status: 400 });
           const existing = await addressRepo().findOne({ where: { id, contactId: contactOrErr.contactId } });
           if (!existing) return json({ error: "Not found" }, { status: 404 });
           await addressRepo().delete(id);
           return json({ deleted: true });
         }
-        if (path[0] === "verify-email" && path.length === 1 && method === "POST") {
+        if (path2[0] === "verify-email" && path2.length === 1 && method === "POST") {
           const b = await req.json().catch(() => ({}));
           const token = typeof b.token === "string" ? b.token.trim() : "";
           if (!token) return json({ error: "token is required" }, { status: 400 });
@@ -8688,7 +10472,7 @@ function createStorefrontApiHandler(config) {
           await tokenRepo().delete({ email });
           return json({ success: true, message: "Email verified. You can sign in." });
         }
-        if (path[0] === "auth" && path[1] === "otp" && path[2] === "send" && path.length === 3 && method === "POST") {
+        if (path2[0] === "auth" && path2[1] === "otp" && path2[2] === "send" && path2.length === 3 && method === "POST") {
           const b = await req.json().catch(() => ({}));
           const purposeRaw = typeof b.purpose === "string" ? b.purpose.trim() : "";
           const purpose = purposeRaw === "login" || purposeRaw === "verify_email" || purposeRaw === "verify_phone" ? purposeRaw : "";
@@ -8773,7 +10557,7 @@ function createStorefrontApiHandler(config) {
           }
           return json({ ok: true });
         }
-        if (path[0] === "auth" && path[1] === "otp" && path[2] === "verify-email" && path.length === 3 && method === "POST") {
+        if (path2[0] === "auth" && path2[1] === "otp" && path2[2] === "verify-email" && path2.length === 3 && method === "POST") {
           if (otpOff("verifyEmail")) return json({ error: "otp_disabled" }, { status: 403 });
           const b = await req.json().catch(() => ({}));
           const email = typeof b.email === "string" ? b.email.trim().toLowerCase() : "";
@@ -8796,7 +10580,7 @@ function createStorefrontApiHandler(config) {
           await tokenRepo().delete({ email });
           return json({ success: true, message: "Email verified. You can sign in." });
         }
-        if (path[0] === "auth" && path[1] === "otp" && path[2] === "verify-phone" && path.length === 3 && method === "POST") {
+        if (path2[0] === "auth" && path2[1] === "otp" && path2[2] === "verify-phone" && path2.length === 3 && method === "POST") {
           if (otpOff("verifyPhone")) return json({ error: "otp_disabled" }, { status: 403 });
           const su = await getSessionUser();
           const uid = su?.id ? parseInt(String(su.id), 10) : NaN;
@@ -8824,7 +10608,7 @@ function createStorefrontApiHandler(config) {
           }
           return json({ success: true });
         }
-        if (path[0] === "register" && path.length === 1 && method === "POST") {
+        if (path2[0] === "register" && path2.length === 1 && method === "POST") {
           if (!config.hashPassword) return json({ error: "Registration not configured" }, { status: 501 });
           const b = await req.json().catch(() => ({}));
           const capReg = await assertCaptchaOk(getCms, b, req, json);
@@ -8881,14 +10665,14 @@ function createStorefrontApiHandler(config) {
             emailVerificationSent
           });
         }
-        if (path[0] === "cart" && path.length === 1 && method === "GET") {
+        if (path2[0] === "cart" && path2.length === 1 && method === "GET") {
           const { cart, setCookie, err } = await getOrCreateCart(req);
           if (err) return err;
           const body = serializeCart(cart);
           if (setCookie) return json(body, { headers: { "Set-Cookie": setCookie } });
           return json(body);
         }
-        if (path[0] === "cart" && path[1] === "items" && path.length === 2 && method === "POST") {
+        if (path2[0] === "cart" && path2[1] === "items" && path2.length === 2 && method === "POST") {
           const body = await req.json().catch(() => ({}));
           const capCart = await assertCaptchaOk(getCms, body, req, json);
           if (capCart) return capCart;
@@ -8919,8 +10703,8 @@ function createStorefrontApiHandler(config) {
           if (setCookie) return json(out, { headers: { "Set-Cookie": setCookie } });
           return json(out);
         }
-        if (path[0] === "cart" && path[1] === "items" && path.length === 3) {
-          const itemId = parseInt(path[2], 10);
+        if (path2[0] === "cart" && path2[1] === "items" && path2.length === 3) {
+          const itemId = parseInt(path2[2], 10);
           if (!Number.isFinite(itemId)) return json({ error: "Invalid item id" }, { status: 400 });
           const { cart, setCookie, err } = await getOrCreateCart(req);
           if (err) return err;
@@ -8953,7 +10737,7 @@ function createStorefrontApiHandler(config) {
             return json(out);
           }
         }
-        if (path[0] === "cart" && path[1] === "merge" && method === "POST") {
+        if (path2[0] === "cart" && path2[1] === "merge" && method === "POST") {
           const u = await getSessionUser();
           const uid = u?.id ? parseInt(String(u.id), 10) : NaN;
           if (!Number.isFinite(uid)) return json({ error: "Unauthorized" }, { status: 401 });
@@ -9059,7 +10843,7 @@ function createStorefrontApiHandler(config) {
           }
           return { wishlist: w, setCookie: null, err: null };
         }
-        if (path[0] === "wishlist" && path.length === 1 && method === "GET") {
+        if (path2[0] === "wishlist" && path2.length === 1 && method === "GET") {
           const { wishlist, setCookie, err } = await getOrCreateWishlist(req);
           if (err) return err;
           const items = await wishlistItemRepo().find({
@@ -9087,7 +10871,7 @@ function createStorefrontApiHandler(config) {
           if (setCookie) return json(body, { headers: { "Set-Cookie": setCookie } });
           return json(body);
         }
-        if (path[0] === "wishlist" && path[1] === "items" && path.length === 2 && method === "POST") {
+        if (path2[0] === "wishlist" && path2[1] === "items" && path2.length === 2 && method === "POST") {
           const { wishlist, setCookie, err } = await getOrCreateWishlist(req);
           if (err) return err;
           const b = await req.json().catch(() => ({}));
@@ -9101,15 +10885,15 @@ function createStorefrontApiHandler(config) {
           if (setCookie) return json({ ok: true }, { headers: { "Set-Cookie": setCookie } });
           return json({ ok: true });
         }
-        if (path[0] === "wishlist" && path[1] === "items" && path.length === 3 && method === "DELETE") {
+        if (path2[0] === "wishlist" && path2[1] === "items" && path2.length === 3 && method === "DELETE") {
           const { wishlist, setCookie, err } = await getOrCreateWishlist(req);
           if (err) return err;
-          const productId = parseInt(path[2], 10);
+          const productId = parseInt(path2[2], 10);
           await wishlistItemRepo().delete({ wishlistId: wishlist.id, productId });
           if (setCookie) return json({ ok: true }, { headers: { "Set-Cookie": setCookie } });
           return json({ ok: true });
         }
-        if (path[0] === "checkout" && path[1] === "order" && path.length === 2 && method === "POST") {
+        if (path2[0] === "checkout" && path2[1] === "order" && path2.length === 2 && method === "POST") {
           const b = await req.json().catch(() => ({}));
           const capOrd = await assertCaptchaOk(getCms, b, req, json);
           if (capOrd) return capOrd;
@@ -9212,7 +10996,7 @@ function createStorefrontApiHandler(config) {
             currency: cart.currency || "INR"
           });
         }
-        if (path[0] === "checkout" && path.length === 1 && method === "POST") {
+        if (path2[0] === "checkout" && path2.length === 1 && method === "POST") {
           const b = await req.json().catch(() => ({}));
           const capChk = await assertCaptchaOk(getCms, b, req, json);
           if (capChk) return capChk;
@@ -9314,7 +11098,7 @@ function createStorefrontApiHandler(config) {
             total: prepChk.orderTotal
           });
         }
-        if (path[0] === "orders" && path.length === 1 && method === "GET") {
+        if (path2[0] === "orders" && path2.length === 1 && method === "GET") {
           const u = await getSessionUser();
           const uid = u?.id ? parseInt(String(u.id), 10) : NaN;
           if (!Number.isFinite(uid)) return json({ error: "Unauthorized" }, { status: 401 });
@@ -9329,7 +11113,7 @@ function createStorefrontApiHandler(config) {
           const previewByOrder = {};
           if (orderIds.length) {
             const oItems = await orderItemRepo().find({
-              where: { orderId: (0, import_typeorm47.In)(orderIds) },
+              where: { orderId: (0, import_typeorm49.In)(orderIds) },
               relations: ["product"],
               order: { id: "ASC" }
             });
@@ -9356,27 +11140,27 @@ function createStorefrontApiHandler(config) {
             })
           });
         }
-        if (path[0] === "orders" && path.length === 3 && path[2] === "invoice" && method === "GET") {
+        if (path2[0] === "orders" && path2.length === 3 && path2[2] === "invoice" && method === "GET") {
           const u = await getSessionUser();
           const uid = u?.id ? parseInt(String(u.id), 10) : NaN;
           if (!Number.isFinite(uid)) return json({ error: "Unauthorized" }, { status: 401 });
           if (!getCms) return json({ error: "Not found" }, { status: 404 });
           const contact = await contactRepo().findOne({ where: { userId: uid, deleted: false } });
           if (!contact) return json({ error: "Not found" }, { status: 404 });
-          const orderId = parseInt(path[1], 10);
+          const orderId = parseInt(path2[1], 10);
           if (!Number.isFinite(orderId)) return json({ error: "Invalid id" }, { status: 400 });
           const cms = await getCms();
           return streamOrderInvoicePdf(cms, dataSource, entityMap, orderId, {
             ownerContactId: contact.id
           });
         }
-        if (path[0] === "orders" && path.length === 2 && method === "GET") {
+        if (path2[0] === "orders" && path2.length === 2 && method === "GET") {
           const u = await getSessionUser();
           const uid = u?.id ? parseInt(String(u.id), 10) : NaN;
           if (!Number.isFinite(uid)) return json({ error: "Unauthorized" }, { status: 401 });
           const contact = await contactRepo().findOne({ where: { userId: uid, deleted: false } });
           if (!contact) return json({ error: "Not found" }, { status: 404 });
-          const orderId = parseInt(path[1], 10);
+          const orderId = parseInt(path2[1], 10);
           let order = await orderRepo().findOne({
             where: { id: orderId, contactId: contact.id, deleted: false },
             relations: ["items", "items.product"]
@@ -9479,6 +11263,8 @@ function createStorefrontApiHandler(config) {
   getPublicSettingsGroup,
   mergeGuardrailsIntoSystemPrompt,
   parseLlmAgentValidationRules,
+  simpleDecrypt,
+  simpleEncrypt,
   validateUserMessageAgainstAgentRules,
   validateUserMessageAgainstStructuredRules
 });