@infuro/cms-core 1.0.28 → 1.0.30

package/dist/api.cjs

@@ -213,6 +213,81 @@ var init_email_queue = __esm({
   }
 });
 
+// src/plugins/pg-boss/pg-boss-service.ts
+var pg_boss_service_exports = {};
+__export(pg_boss_service_exports, {
+  JOB_RUNNER_QUEUE: () => JOB_RUNNER_QUEUE,
+  PgBossService: () => PgBossService
+});
+var import_pg_boss, JOB_RUNNER_QUEUE, PgBossService;
+var init_pg_boss_service = __esm({
+  "src/plugins/pg-boss/pg-boss-service.ts"() {
+    "use strict";
+    import_pg_boss = __toESM(require("pg-boss"), 1);
+    JOB_RUNNER_QUEUE = "job-runner";
+    PgBossService = class {
+      boss;
+      started = false;
+      workRegistered = /* @__PURE__ */ new Set();
+      constructor(connectionString, schema) {
+        this.boss = new import_pg_boss.default({
+          connectionString,
+          ...schema?.trim() ? { schema: schema.trim() } : {},
+          schedule: true
+        });
+        this.boss.on("error", (err) => {
+          console.error("[pg-boss]", err);
+        });
+      }
+      async start() {
+        if (this.started) return;
+        await this.boss.start();
+        await this.ensureQueue(JOB_RUNNER_QUEUE);
+        this.started = true;
+      }
+      async stop() {
+        if (!this.started) return;
+        await this.boss.stop({ graceful: true, timeout: 1e4 });
+        this.started = false;
+        this.workRegistered.clear();
+      }
+      get raw() {
+        return this.boss;
+      }
+      async ensureQueue(name) {
+        const existing = await this.boss.getQueue(name);
+        if (!existing) {
+          await this.boss.createQueue(name);
+        }
+      }
+      async send(queue, data) {
+        await this.ensureQueue(queue);
+        return this.boss.send(queue, data, { retryLimit: 2 });
+      }
+      async schedule(name, cron, data, options) {
+        await this.ensureQueue(name);
+        await this.boss.schedule(name, cron, data, options);
+      }
+      async unschedule(name) {
+        try {
+          await this.boss.unschedule(name);
+        } catch {
+        }
+      }
+      async registerWork(queue, handler) {
+        if (this.workRegistered.has(queue)) return;
+        await this.ensureQueue(queue);
+        await this.boss.work(queue, async (jobs) => {
+          for (const job of jobs) {
+            await handler(job.data);
+          }
+        });
+        this.workRegistered.add(queue);
+      }
+    };
+  }
+});
+
 // src/plugins/erp/erp-response-map.ts
 function pickString(o, keys) {
   for (const k of keys) {
@@ -508,6 +583,7 @@ __export(api_exports, {
   createForgotPasswordHandler: () => createForgotPasswordHandler,
   createFormBySlugHandler: () => createFormBySlugHandler,
   createInviteAcceptHandler: () => createInviteAcceptHandler,
+  createJobScheduleHandlers: () => createJobScheduleHandlers,
   createLlmAgentKnowledgeHandlers: () => createLlmAgentKnowledgeHandlers,
   createMediaZipExtractHandler: () => createMediaZipExtractHandler,
   createSetPasswordHandler: () => createSetPasswordHandler,
@@ -7355,6 +7431,145 @@ RssFeed = __decorateClass([
   (0, import_typeorm47.Entity)("rss_feeds")
 ], RssFeed);
 
+// src/entities/job-schedule.entity.ts
+var import_typeorm49 = require("typeorm");
+
+// src/entities/job-schedule-run.entity.ts
+var import_typeorm48 = require("typeorm");
+var JobScheduleRun = class {
+  id;
+  scheduleId;
+  schedule;
+  startedAt;
+  finishedAt;
+  status;
+  error;
+  result;
+  triggeredBy;
+  createdAt;
+};
+__decorateClass([
+  (0, import_typeorm48.PrimaryGeneratedColumn)("uuid")
+], JobScheduleRun.prototype, "id", 2);
+__decorateClass([
+  (0, import_typeorm48.Column)({ type: "uuid" })
+], JobScheduleRun.prototype, "scheduleId", 2);
+__decorateClass([
+  (0, import_typeorm48.ManyToOne)(() => JobSchedule, (s) => s.runs, { onDelete: "CASCADE" }),
+  (0, import_typeorm48.JoinColumn)({ name: "scheduleId" })
+], JobScheduleRun.prototype, "schedule", 2);
+__decorateClass([
+  (0, import_typeorm48.Column)({ type: "timestamp" })
+], JobScheduleRun.prototype, "startedAt", 2);
+__decorateClass([
+  (0, import_typeorm48.Column)({ type: "timestamp", nullable: true })
+], JobScheduleRun.prototype, "finishedAt", 2);
+__decorateClass([
+  (0, import_typeorm48.Column)({ type: "varchar", length: 32 })
+], JobScheduleRun.prototype, "status", 2);
+__decorateClass([
+  (0, import_typeorm48.Column)({ type: "text", nullable: true })
+], JobScheduleRun.prototype, "error", 2);
+__decorateClass([
+  (0, import_typeorm48.Column)({ type: "jsonb", nullable: true })
+], JobScheduleRun.prototype, "result", 2);
+__decorateClass([
+  (0, import_typeorm48.Column)({ type: "varchar", length: 16, default: "schedule" })
+], JobScheduleRun.prototype, "triggeredBy", 2);
+__decorateClass([
+  (0, import_typeorm48.CreateDateColumn)()
+], JobScheduleRun.prototype, "createdAt", 2);
+JobScheduleRun = __decorateClass([
+  (0, import_typeorm48.Entity)("job_schedule_runs")
+], JobScheduleRun);
+
+// src/entities/job-schedule.entity.ts
+var JobSchedule = class {
+  id;
+  name;
+  jobType;
+  enabled;
+  scheduleMode;
+  intervalMinutes;
+  runAtTime;
+  runOnDays;
+  timezone;
+  cronExpression;
+  payload;
+  authorId;
+  pgBossScheduleName;
+  lastRunAt;
+  lastRunStatus;
+  lastRunError;
+  nextRunAt;
+  runs;
+  createdAt;
+  updatedAt;
+};
+__decorateClass([
+  (0, import_typeorm49.PrimaryGeneratedColumn)("uuid")
+], JobSchedule.prototype, "id", 2);
+__decorateClass([
+  (0, import_typeorm49.Column)({ type: "text" })
+], JobSchedule.prototype, "name", 2);
+__decorateClass([
+  (0, import_typeorm49.Column)({ type: "varchar", length: 64, default: "blog_generate" })
+], JobSchedule.prototype, "jobType", 2);
+__decorateClass([
+  (0, import_typeorm49.Column)({ type: "boolean", default: false })
+], JobSchedule.prototype, "enabled", 2);
+__decorateClass([
+  (0, import_typeorm49.Column)({ type: "varchar", length: 32, default: "daily" })
+], JobSchedule.prototype, "scheduleMode", 2);
+__decorateClass([
+  (0, import_typeorm49.Column)({ type: "int", nullable: true })
+], JobSchedule.prototype, "intervalMinutes", 2);
+__decorateClass([
+  (0, import_typeorm49.Column)({ type: "varchar", length: 8, nullable: true })
+], JobSchedule.prototype, "runAtTime", 2);
+__decorateClass([
+  (0, import_typeorm49.Column)({ type: "jsonb", nullable: true })
+], JobSchedule.prototype, "runOnDays", 2);
+__decorateClass([
+  (0, import_typeorm49.Column)({ type: "varchar", length: 64, default: "UTC" })
+], JobSchedule.prototype, "timezone", 2);
+__decorateClass([
+  (0, import_typeorm49.Column)({ type: "text", nullable: true })
+], JobSchedule.prototype, "cronExpression", 2);
+__decorateClass([
+  (0, import_typeorm49.Column)({ type: "jsonb", default: {} })
+], JobSchedule.prototype, "payload", 2);
+__decorateClass([
+  (0, import_typeorm49.Column)({ type: "int", nullable: true })
+], JobSchedule.prototype, "authorId", 2);
+__decorateClass([
+  (0, import_typeorm49.Column)({ type: "varchar", length: 128, unique: true })
+], JobSchedule.prototype, "pgBossScheduleName", 2);
+__decorateClass([
+  (0, import_typeorm49.Column)({ type: "timestamp", nullable: true })
+], JobSchedule.prototype, "lastRunAt", 2);
+__decorateClass([
+  (0, import_typeorm49.Column)({ type: "varchar", length: 32, nullable: true })
+], JobSchedule.prototype, "lastRunStatus", 2);
+__decorateClass([
+  (0, import_typeorm49.Column)({ type: "text", nullable: true })
+], JobSchedule.prototype, "lastRunError", 2);
+__decorateClass([
+  (0, import_typeorm49.Column)({ type: "timestamp", nullable: true })
+], JobSchedule.prototype, "nextRunAt", 2);
+__decorateClass([
+  (0, import_typeorm49.OneToMany)(() => JobScheduleRun, (r) => r.schedule)
+], JobSchedule.prototype, "runs", 2);
+__decorateClass([
+  (0, import_typeorm49.CreateDateColumn)()
+], JobSchedule.prototype, "createdAt", 2);
+__decorateClass([
+  (0, import_typeorm49.UpdateDateColumn)()
+], JobSchedule.prototype, "updatedAt", 2);
+JobSchedule = __decorateClass([
+  (0, import_typeorm49.Entity)("job_schedules")
+], JobSchedule);
+
 // src/entities/index.ts
 var CMS_ENTITY_MAP = {
   users: User,
@@ -7398,7 +7613,9 @@ var CMS_ENTITY_MAP = {
   llm_agents: LlmAgent,
   llm_agent_knowledge_documents: LlmAgentKnowledgeDocument,
   rss_feeds: RssFeed,
-  rss_articles: RssArticle
+  rss_articles: RssArticle,
+  job_schedules: JobSchedule,
+  job_schedule_runs: JobScheduleRun
 };
 
 // src/plugins/blog-generator/blog-generator-service.ts
@@ -7746,6 +7963,13 @@ var import_node_path = __toESM(require("path"), 1);
 
 // src/plugins/social-media/linkedin-client.ts
 var RESTLI = "2.0.0";
+function linkedInHeaders(accessToken, json = false) {
+  return {
+    Authorization: `Bearer ${accessToken}`,
+    "X-Restli-Protocol-Version": RESTLI,
+    ...json ? { "Content-Type": "application/json" } : {}
+  };
+}
 async function linkedInGetUserinfo(accessToken) {
   const r = await fetch("https://api.linkedin.com/v2/userinfo", {
     headers: { Authorization: `Bearer ${accessToken}` }
@@ -7760,20 +7984,116 @@ async function linkedInGetUserinfo(accessToken) {
     throw new Error("LinkedIn userinfo: invalid JSON");
   }
 }
+async function linkedInFetchOrganizationAcls(accessToken) {
+  const r = await fetch("https://api.linkedin.com/v2/organizationAcls?q=roleAssignee", {
+    headers: linkedInHeaders(accessToken)
+  });
+  const text = await r.text();
+  if (!r.ok) {
+    throw new Error(`LinkedIn organizationAcls failed (${r.status}): ${text.slice(0, 800)}`);
+  }
+  let data;
+  try {
+    data = JSON.parse(text);
+  } catch {
+    throw new Error("LinkedIn organizationAcls: invalid JSON");
+  }
+  return Array.isArray(data.elements) ? data.elements : [];
+}
+function organizationDisplayName(org) {
+  if (org.localizedName?.trim()) return org.localizedName.trim();
+  const localized = org.name?.localized;
+  if (localized) {
+    for (const v of Object.values(localized)) {
+      if (v?.trim()) return v.trim();
+    }
+  }
+  if (org.vanityName?.trim()) return org.vanityName.trim();
+  if (org.id != null) return `Organization ${org.id}`;
+  return "Organization";
+}
+function organizationWebsite(org) {
+  if (org.localizedWebsite?.trim()) return org.localizedWebsite.trim();
+  const localized = org.website?.localized;
+  if (localized) {
+    for (const v of Object.values(localized)) {
+      if (v?.trim()) return v.trim();
+    }
+  }
+  return void 0;
+}
+function linkedInOrganizationUrn(orgIdOrUrn) {
+  const s = String(orgIdOrUrn ?? "").trim();
+  if (s.startsWith("urn:li:organization:")) return s;
+  return `urn:li:organization:${s}`;
+}
+function linkedInOrganizationIdFromUrn(organizationUrn) {
+  const m = String(organizationUrn).trim().match(/urn:li:organization:(\d+)/);
+  if (!m?.[1]) throw new Error(`Invalid LinkedIn organization URN: ${organizationUrn}`);
+  return m[1];
+}
+async function linkedInGetOrganization(accessToken, orgIdOrUrn) {
+  const orgId = String(orgIdOrUrn).startsWith("urn:") ? linkedInOrganizationIdFromUrn(String(orgIdOrUrn)) : String(orgIdOrUrn).trim();
+  const r = await fetch(`https://api.linkedin.com/v2/organizations/${encodeURIComponent(orgId)}`, {
+    headers: linkedInHeaders(accessToken)
+  });
+  const text = await r.text();
+  if (!r.ok) {
+    throw new Error(`LinkedIn organization ${orgId} failed (${r.status}): ${text.slice(0, 800)}`);
+  }
+  try {
+    return JSON.parse(text);
+  } catch {
+    throw new Error(`LinkedIn organization ${orgId}: invalid JSON`);
+  }
+}
+async function linkedInListManagedOrganizations(accessToken) {
+  const acls = await linkedInFetchOrganizationAcls(accessToken);
+  const approved = acls.filter((a) => a.state === "APPROVED" && a.organization?.trim());
+  const byUrn = /* @__PURE__ */ new Map();
+  for (const acl of approved) {
+    const urn = linkedInOrganizationUrn(acl.organization);
+    if (!byUrn.has(urn)) byUrn.set(urn, acl);
+  }
+  const out = [];
+  for (const [urn, acl] of byUrn) {
+    try {
+      const org = await linkedInGetOrganization(accessToken, urn);
+      out.push({
+        urn,
+        id: org.id ?? Number(linkedInOrganizationIdFromUrn(urn)),
+        name: organizationDisplayName(org),
+        vanityName: org.vanityName,
+        website: organizationWebsite(org),
+        role: acl.role
+      });
+    } catch {
+      out.push({
+        urn,
+        id: Number(linkedInOrganizationIdFromUrn(urn)),
+        name: linkedInOrganizationIdFromUrn(urn),
+        role: acl.role
+      });
+    }
+  }
+  out.sort((a, b) => a.name.localeCompare(b.name));
+  return out;
+}
 function personUrn(personSub) {
   const s = String(personSub || "").trim();
   if (s.startsWith("urn:li:person:")) return s;
   return `urn:li:person:${s}`;
 }
-async function linkedInRegisterImageUpload(accessToken, personSub) {
-  const owner = personUrn(personSub);
+function authorUrnFromParams(authorUrn, personSub) {
+  const direct = String(authorUrn ?? "").trim();
+  if (direct.startsWith("urn:li:")) return direct;
+  return personUrn(String(personSub ?? "").trim());
+}
+async function linkedInRegisterImageUpload(accessToken, author) {
+  const owner = authorUrnFromParams(author);
   const r = await fetch("https://api.linkedin.com/v2/assets?action=registerUpload", {
     method: "POST",
-    headers: {
-      Authorization: `Bearer ${accessToken}`,
-      "X-Restli-Protocol-Version": RESTLI,
-      "Content-Type": "application/json"
-    },
+    headers: linkedInHeaders(accessToken, true),
     body: JSON.stringify({
       registerUploadRequest: {
         recipes: ["urn:li:digitalmediaRecipe:feedshare-image"],
@@ -7821,7 +8141,7 @@ async function linkedInUploadBinary(accessToken, uploadUrl, body, contentType) {
   }
 }
 async function linkedInCreateImageShare(params) {
-  const author = personUrn(params.personSub);
+  const author = authorUrnFromParams(params.authorUrn);
   const commentary = params.commentary.slice(0, 2900);
   const title = params.title.slice(0, 200);
   const description = (params.description ?? title).slice(0, 200);
@@ -7867,7 +8187,7 @@ async function linkedInCreateImageShare(params) {
   return { status: r.status, id: data.id };
 }
 async function linkedInCreateTextShare(params) {
-  const author = personUrn(params.personSub);
+  const author = authorUrnFromParams(params.authorUrn);
   const commentary = params.commentary.slice(0, 2900);
   const r = await fetch("https://api.linkedin.com/v2/ugcPosts", {
     method: "POST",
@@ -8201,18 +8521,44 @@ function createSocialMediaHandlers(config) {
         const enabled = map.enabled !== "false";
         const token = (map.linkedin_access_token ?? "").trim();
         const sub = (map.linkedin_person_sub ?? "").trim();
+        const orgUrn = (map.linkedin_organization_urn ?? "").trim();
         return json({
           ok: true,
-          linkedInReady: enabled && Boolean(token) && Boolean(sub),
+          linkedInReady: enabled && Boolean(token) && Boolean(orgUrn),
           enabled,
           hasToken: Boolean(token),
-          hasPersonSub: Boolean(sub)
+          hasPersonSub: Boolean(sub),
+          hasOrganization: Boolean(orgUrn),
+          organizationName: map.linkedin_organization_name?.trim() || null
         });
       } catch (e) {
         const msg = e instanceof Error ? e.message : "Failed to load status";
         return json({ error: msg }, { status: 500 });
       }
     },
+    async fetchLinkedInOrganizations(req) {
+      const a = await requireAuth(req);
+      if (a) return a;
+      const pe = await requireEntityPermission(req, "settings", "read");
+      if (pe) return pe;
+      let body = {};
+      try {
+        body = await req.json();
+      } catch {
+      }
+      try {
+        const map = await loadGroupMap(dataSource, entityMap, encryptionKey);
+        const token = String(body?.accessToken ?? map.linkedin_access_token ?? "").trim();
+        if (!token) {
+          return json({ error: "LinkedIn access token is required." }, { status: 400 });
+        }
+        const organizations = await linkedInListManagedOrganizations(token);
+        return json({ ok: true, organizations });
+      } catch (e) {
+        const msg = e instanceof Error ? e.message : "LinkedIn organizations request failed";
+        return json({ error: msg }, { status: 502 });
+      }
+    },
     async syncLinkedInProfile(req) {
       const a = await requireAuth(req);
       if (a) return a;
@@ -8261,10 +8607,12 @@ function createSocialMediaHandlers(config) {
           return json({ error: "Social media plugin is disabled." }, { status: 400 });
         }
         const token = (map.linkedin_access_token ?? "").trim();
-        const personSub = (map.linkedin_person_sub ?? "").trim();
-        if (!token || !personSub) {
+        const authorUrn = (map.linkedin_organization_urn ?? "").trim();
+        if (!token || !authorUrn) {
           return json(
-            { error: "Configure LinkedIn access token and sync profile (Plugins \u2192 Social media)." },
+            {
+              error: "Configure LinkedIn access token and target organization (Plugins \u2192 Social media \u2192 LinkedIn)."
+            },
             { status: 400 }
           );
         }
@@ -8305,7 +8653,7 @@ ${excerpt}`).trim().slice(0, 2900);
             contentType: imagePayload.contentType
           });
           try {
-            const { uploadUrl, asset } = await linkedInRegisterImageUpload(token, personSub);
+            const { uploadUrl, asset } = await linkedInRegisterImageUpload(token, authorUrn);
             logLinkedInPublish(publishLog, "image_registered", {
               blogId,
               asset: truncateForLog(asset, 120),
@@ -8321,7 +8669,7 @@ ${excerpt}`).trim().slice(0, 2900);
             logLinkedInPublish(publishLog, "image_uploaded", { blogId, bytes: imagePayload.buffer.length });
             const out2 = await linkedInCreateImageShare({
               accessToken: token,
-              personSub,
+              authorUrn,
               asset,
               commentary,
               title,
@@ -8359,7 +8707,7 @@ ${excerpt}`).trim().slice(0, 2900);
             });
             const out2 = await linkedInCreateTextShare({
               accessToken: token,
-              personSub,
+              authorUrn,
               commentary
             });
             logLinkedInPublish(publishLog, "success", {
@@ -8398,7 +8746,7 @@ ${excerpt}`).trim().slice(0, 2900);
         });
         const out = await linkedInCreateTextShare({
           accessToken: token,
-          personSub,
+          authorUrn,
           commentary
         });
         logLinkedInPublish(publishLog, "success", {
@@ -8601,6 +8949,323 @@ ${excerpt}`).trim().slice(0, 2200);
   };
 }
 
+// src/api/job-schedule-handlers.ts
+var import_crypto = require("crypto");
+
+// src/plugins/jobs/schedule-cron.ts
+function pgBossScheduleNameForId(scheduleId) {
+  return `schedule:${scheduleId}`;
+}
+function buildCronFromSchedule(schedule) {
+  if (schedule.scheduleMode === "cron" && schedule.cronExpression?.trim()) {
+    return schedule.cronExpression.trim();
+  }
+  const time = parseRunAtTime(schedule.runAtTime);
+  const minute = time?.minute ?? 0;
+  const hour = time?.hour ?? 9;
+  if (schedule.scheduleMode === "interval") {
+    const mins = schedule.intervalMinutes ?? 60;
+    if (mins >= 60 && mins % 60 === 0) {
+      const h = Math.max(1, Math.min(23, Math.floor(mins / 60)));
+      if (h === 1) return `${minute} * * * *`;
+      return `${minute} */${h} * * *`;
+    }
+    if (mins <= 59) {
+      return `*/${Math.max(1, mins)} * * * *`;
+    }
+    return `${minute} * * * *`;
+  }
+  if (schedule.scheduleMode === "weekly") {
+    const days = Array.isArray(schedule.runOnDays) && schedule.runOnDays.length > 0 ? schedule.runOnDays.filter((d) => d >= 0 && d <= 6).join(",") : "1";
+    return `${minute} ${hour} * * ${days}`;
+  }
+  return `${minute} ${hour} * * *`;
+}
+function parseRunAtTime(runAtTime) {
+  if (!runAtTime?.trim()) return null;
+  const m = runAtTime.trim().match(/^(\d{1,2}):(\d{2})$/);
+  if (!m) return null;
+  const hour = parseInt(m[1], 10);
+  const minute = parseInt(m[2], 10);
+  if (hour < 0 || hour > 23 || minute < 0 || minute > 59) return null;
+  return { hour, minute };
+}
+function validateScheduleInput(schedule) {
+  if (schedule.scheduleMode === "cron") {
+    if (!schedule.cronExpression?.trim()) return "cronExpression is required for cron mode";
+    return null;
+  }
+  if (schedule.scheduleMode === "interval") {
+    const mins = schedule.intervalMinutes;
+    if (mins == null || !Number.isFinite(mins) || mins < 1 || mins > 10080) {
+      return "intervalMinutes must be between 1 and 10080";
+    }
+    return null;
+  }
+  if (schedule.runAtTime?.trim()) {
+    if (!parseRunAtTime(schedule.runAtTime)) return "runAtTime must be HH:mm (24h)";
+  }
+  return null;
+}
+
+// src/plugins/jobs/schedule-sync.ts
+async function syncJobScheduleToPgBoss(cms, schedule, onRegisterQueue) {
+  const boss = cms.getPlugin("pg_boss");
+  if (!boss) return;
+  const name = schedule.pgBossScheduleName;
+  await boss.unschedule(name);
+  if (!schedule.enabled) return;
+  const cron = buildCronFromSchedule(schedule);
+  const data = {
+    scheduleId: schedule.id,
+    triggeredBy: "schedule"
+  };
+  await boss.schedule(name, cron, data, { tz: schedule.timezone || "UTC" });
+  if (onRegisterQueue) {
+    await onRegisterQueue(name);
+  }
+}
+async function queueJobScheduleNow(cms, scheduleId) {
+  const boss = cms.getPlugin("pg_boss");
+  if (!boss) {
+    throw new Error("pg-boss is not configured (DATABASE_URL required)");
+  }
+  const { JOB_RUNNER_QUEUE: JOB_RUNNER_QUEUE2 } = await Promise.resolve().then(() => (init_pg_boss_service(), pg_boss_service_exports));
+  await boss.send(JOB_RUNNER_QUEUE2, {
+    scheduleId,
+    triggeredBy: "manual"
+  });
+}
+
+// src/plugins/jobs/job-runner.ts
+init_pg_boss_service();
+
+// src/plugins/jobs/blog-generate-job.ts
+var import_typeorm50 = require("typeorm");
+
+// src/plugins/jobs/schedule-next-run.ts
+var import_cron_parser = require("cron-parser");
+function computeNextRunAt(schedule, from = /* @__PURE__ */ new Date()) {
+  if (!schedule.enabled) return null;
+  try {
+    const cron = buildCronFromSchedule(schedule);
+    const tz = schedule.timezone?.trim() || "UTC";
+    const interval = (0, import_cron_parser.parseExpression)(cron, {
+      currentDate: from,
+      tz
+    });
+    return interval.next().toDate();
+  } catch (err) {
+    console.warn("[job-schedules] could not compute next run:", err);
+    return null;
+  }
+}
+
+// src/plugins/jobs/job-runner.ts
+var executeJobRef = null;
+async function ensureScheduleQueueWorker(cms, queueName) {
+  const boss = cms.getPlugin("pg_boss");
+  if (!boss || !executeJobRef) return;
+  await boss.registerWork(queueName, executeJobRef);
+}
+
+// src/api/job-schedule-handlers.ts
+function serializeSchedule(s) {
+  return {
+    id: s.id,
+    name: s.name,
+    jobType: s.jobType,
+    enabled: s.enabled,
+    scheduleMode: s.scheduleMode,
+    intervalMinutes: s.intervalMinutes,
+    runAtTime: s.runAtTime,
+    runOnDays: s.runOnDays,
+    timezone: s.timezone,
+    cronExpression: s.cronExpression,
+    cronResolved: buildCronFromSchedule(s),
+    payload: s.payload ?? {},
+    authorId: s.authorId,
+    pgBossScheduleName: s.pgBossScheduleName,
+    lastRunAt: s.lastRunAt?.toISOString() ?? null,
+    lastRunStatus: s.lastRunStatus,
+    lastRunError: s.lastRunError,
+    nextRunAt: (computeNextRunAt(s) ?? s.nextRunAt)?.toISOString() ?? null,
+    createdAt: s.createdAt.toISOString(),
+    updatedAt: s.updatedAt.toISOString()
+  };
+}
+function serializeRun(r) {
+  return {
+    id: r.id,
+    scheduleId: r.scheduleId,
+    startedAt: r.startedAt.toISOString(),
+    finishedAt: r.finishedAt?.toISOString() ?? null,
+    status: r.status,
+    error: r.error,
+    result: r.result,
+    triggeredBy: r.triggeredBy,
+    createdAt: r.createdAt.toISOString()
+  };
+}
+function parseScheduleBody(body, existing) {
+  const scheduleMode = typeof body.scheduleMode === "string" ? body.scheduleMode : existing?.scheduleMode ?? "daily";
+  const patch = {
+    name: typeof body.name === "string" ? body.name.trim().slice(0, 500) : existing?.name,
+    jobType: body.jobType === "blog_generate" ? "blog_generate" : existing?.jobType ?? "blog_generate",
+    enabled: typeof body.enabled === "boolean" ? body.enabled : existing?.enabled ?? false,
+    scheduleMode,
+    intervalMinutes: typeof body.intervalMinutes === "number" ? body.intervalMinutes : body.intervalMinutes != null ? Number(body.intervalMinutes) : existing?.intervalMinutes ?? null,
+    runAtTime: typeof body.runAtTime === "string" ? body.runAtTime.trim() || null : body.runAtTime === null ? null : existing?.runAtTime ?? null,
+    runOnDays: Array.isArray(body.runOnDays) ? body.runOnDays.map((d) => Number(d)).filter((d) => Number.isFinite(d)) : existing?.runOnDays ?? null,
+    timezone: typeof body.timezone === "string" && body.timezone.trim() ? body.timezone.trim().slice(0, 64) : existing?.timezone ?? "UTC",
+    cronExpression: typeof body.cronExpression === "string" ? body.cronExpression.trim() || null : existing?.cronExpression ?? null,
+    payload: body.payload != null && typeof body.payload === "object" && !Array.isArray(body.payload) ? body.payload : existing?.payload ?? {},
+    authorId: typeof body.authorId === "number" ? body.authorId : body.authorId != null ? Number(body.authorId) : existing?.authorId ?? null
+  };
+  return patch;
+}
+function createJobScheduleHandlers(apiConfig) {
+  const { dataSource, entityMap, json, requireAuth, requireEntityPermission, getCms } = apiConfig;
+  const ScheduleEntity = entityMap.job_schedules ?? JobSchedule;
+  const RunEntity = entityMap.job_schedule_runs ?? JobScheduleRun;
+  async function perm(req, action) {
+    if (!requireEntityPermission) return null;
+    return requireEntityPermission(req, "blogs", action);
+  }
+  async function syncAfterSave(cms, schedule) {
+    await syncJobScheduleToPgBoss(cms, schedule, async (queueName) => {
+      await ensureScheduleQueueWorker(cms, queueName);
+    });
+    const repo = dataSource.getRepository(ScheduleEntity);
+    schedule.nextRunAt = computeNextRunAt(schedule);
+    await repo.save(schedule);
+  }
+  return {
+    async list(req) {
+      const a = await requireAuth(req);
+      if (a) return a;
+      const pe = await perm(req, "read");
+      if (pe) return pe;
+      const list = await dataSource.getRepository(ScheduleEntity).find({
+        order: { updatedAt: "DESC" }
+      });
+      return json({ schedules: list.map(serializeSchedule) });
+    },
+    async getById(req, id) {
+      const a = await requireAuth(req);
+      if (a) return a;
+      const pe = await perm(req, "read");
+      if (pe) return pe;
+      const row = await dataSource.getRepository(ScheduleEntity).findOne({ where: { id } });
+      if (!row) return json({ error: "Schedule not found" }, { status: 404 });
+      const runs = await dataSource.getRepository(RunEntity).find({
+        where: { scheduleId: id },
+        order: { startedAt: "DESC" },
+        take: 20
+      });
+      return json({ schedule: serializeSchedule(row), runs: runs.map(serializeRun) });
+    },
+    async create(req) {
+      const a = await requireAuth(req);
+      if (a) return a;
+      const pe = await perm(req, "create");
+      if (pe) return pe;
+      if (!getCms) return json({ error: "CMS not configured" }, { status: 503 });
+      let body;
+      try {
+        body = await req.json();
+      } catch {
+        return json({ error: "Invalid JSON body" }, { status: 400 });
+      }
+      const patch = parseScheduleBody(body);
+      if (!patch.name) return json({ error: "name is required" }, { status: 400 });
+      const draft = Object.assign(new JobSchedule(), patch);
+      const validationError = validateScheduleInput(draft);
+      if (validationError) return json({ error: validationError }, { status: 400 });
+      const repo = dataSource.getRepository(ScheduleEntity);
+      let row = repo.create({
+        ...patch,
+        pgBossScheduleName: `pending-${(0, import_crypto.randomUUID)()}`
+      });
+      row = await repo.save(row);
+      row.pgBossScheduleName = pgBossScheduleNameForId(row.id);
+      row = await repo.save(row);
+      const cms = await getCms();
+      await syncAfterSave(cms, row);
+      return json({ schedule: serializeSchedule(row) }, { status: 201 });
+    },
+    async update(req, id) {
+      const a = await requireAuth(req);
+      if (a) return a;
+      const pe = await perm(req, "update");
+      if (pe) return pe;
+      if (!getCms) return json({ error: "CMS not configured" }, { status: 503 });
+      const repo = dataSource.getRepository(ScheduleEntity);
+      const existing = await repo.findOne({ where: { id } });
+      if (!existing) return json({ error: "Schedule not found" }, { status: 404 });
+      let body;
+      try {
+        body = await req.json();
+      } catch {
+        return json({ error: "Invalid JSON body" }, { status: 400 });
+      }
+      const patch = parseScheduleBody(body, existing);
+      Object.assign(existing, patch);
+      const validationError = validateScheduleInput(existing);
+      if (validationError) return json({ error: validationError }, { status: 400 });
+      const row = await repo.save(existing);
+      const cms = await getCms();
+      await syncAfterSave(cms, row);
+      return json({ schedule: serializeSchedule(row) });
+    },
+    async remove(req, id) {
+      const a = await requireAuth(req);
+      if (a) return a;
+      const pe = await perm(req, "delete");
+      if (pe) return pe;
+      if (!getCms) return json({ error: "CMS not configured" }, { status: 503 });
+      const repo = dataSource.getRepository(ScheduleEntity);
+      const existing = await repo.findOne({ where: { id } });
+      if (!existing) return json({ error: "Schedule not found" }, { status: 404 });
+      const cms = await getCms();
+      existing.enabled = false;
+      await syncJobScheduleToPgBoss(cms, existing);
+      await repo.delete({ id });
+      return json({ ok: true });
+    },
+    async runNow(req, id) {
+      const a = await requireAuth(req);
+      if (a) return a;
+      const pe = await perm(req, "create");
+      if (pe) return pe;
+      if (!getCms) return json({ error: "CMS not configured" }, { status: 503 });
+      const repo = dataSource.getRepository(ScheduleEntity);
+      const existing = await repo.findOne({ where: { id } });
+      if (!existing) return json({ error: "Schedule not found" }, { status: 404 });
+      try {
+        const cms = await getCms();
+        await queueJobScheduleNow(cms, id);
+        return json({ ok: true, message: "Job queued" });
+      } catch (e) {
+        const message = e instanceof Error ? e.message : "Failed to queue job";
+        return json({ error: message }, { status: 503 });
+      }
+    },
+    async listRuns(req, id) {
+      const a = await requireAuth(req);
+      if (a) return a;
+      const pe = await perm(req, "read");
+      if (pe) return pe;
+      const runs = await dataSource.getRepository(RunEntity).find({
+        where: { scheduleId: id },
+        order: { startedAt: "DESC" },
+        take: 50
+      });
+      return json({ runs: runs.map(serializeRun) });
+    }
+  };
+}
+
 // src/api/cms-api-handler.ts
 var KNOWLEDGE_SUFFIX = "knowledge";
 var CMS_API_LOG = "[cms-api]";
@@ -8661,7 +9326,9 @@ var DEFAULT_EXCLUDE = /* @__PURE__ */ new Set([
   "message_templates",
   "llm_agent_knowledge_documents",
   "rss_feeds",
-  "rss_articles"
+  "rss_articles",
+  "job_schedules",
+  "job_schedule_runs"
 ]);
 function createCmsApiHandler(config) {
   const {
@@ -8824,6 +9491,15 @@ function createCmsApiHandler(config) {
     ...llmAgentKnowledgeMerged,
     requireEntityPermission: requireEntityPermissionEffective
   }) : null;
+  const jobScheduleHandlers = getCms ? createJobScheduleHandlers({
+    dataSource,
+    entityMap,
+    json: config.json,
+    requireAuth: config.requireAuth,
+    requireEntityPermission: requireEntityPermissionEffective,
+    getCms,
+    config: typeof process !== "undefined" ? process.env : {}
+  }) : null;
   function resolveResource(segment) {
     const model = pathToModel(segment);
     return crudResources.includes(model) ? model : segment;
@@ -8854,6 +9530,30 @@ function createCmsApiHandler(config) {
         if (g) return g;
         return ecommerceAnalyticsGet(req);
       }
+      if (path2[0] === "job-schedules" && jobScheduleHandlers) {
+        if (path2.length === 2 && m === "GET") {
+          return jobScheduleHandlers.getById(req, path2[1]);
+        }
+        if (path2.length === 2 && m === "PATCH") {
+          return jobScheduleHandlers.update(req, path2[1]);
+        }
+        if (path2.length === 2 && m === "DELETE") {
+          return jobScheduleHandlers.remove(req, path2[1]);
+        }
+        if (path2.length === 3 && path2[2] === "run-now" && m === "POST") {
+          return jobScheduleHandlers.runNow(req, path2[1]);
+        }
+        if (path2.length === 3 && path2[2] === "runs" && m === "GET") {
+          return jobScheduleHandlers.listRuns(req, path2[1]);
+        }
+        if (path2.length === 1 && m === "GET") {
+          return jobScheduleHandlers.list(req);
+        }
+        if (path2.length === 1 && m === "POST") {
+          return jobScheduleHandlers.create(req);
+        }
+        return config.json({ error: "Not found" }, { status: 404 });
+      }
       if (path2[0] === "blog-generator" && path2[1] === "feeds" && path2.length === 3 && m === "DELETE" && getCms) {
         const id = path2[2];
         const uuidLooksValid = typeof id === "string" && /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i.test(id);
@@ -9319,6 +10019,9 @@ function createCmsApiHandler(config) {
         if (tail === "sync-profile" && m === "POST") {
           return socialMediaHandlers.syncLinkedInProfile(req);
         }
+        if (tail === "fetch-organizations" && m === "POST") {
+          return socialMediaHandlers.fetchLinkedInOrganizations(req);
+        }
         if (tail === "publish-blog" && m === "POST") {
           let body;
           try {
@@ -9499,7 +10202,7 @@ function createCmsApiHandler(config) {
 }
 
 // src/api/storefront-handlers.ts
-var import_typeorm49 = require("typeorm");
+var import_typeorm52 = require("typeorm");
 
 // src/lib/is-valid-signup-email.ts
 var MAX_EMAIL = 254;
@@ -9758,8 +10461,8 @@ async function queueSms(cms, payload) {
 }
 
 // src/lib/otp-challenge.ts
-var import_crypto = require("crypto");
-var import_typeorm48 = require("typeorm");
+var import_crypto2 = require("crypto");
+var import_typeorm51 = require("typeorm");
 var OTP_TTL_MS = 10 * 60 * 1e3;
 var MAX_SENDS_PER_HOUR = 5;
 var MAX_VERIFY_ATTEMPTS = 8;
@@ -9767,19 +10470,19 @@ function getPepper(explicit) {
   return (explicit || process.env.OTP_PEPPER || process.env.NEXTAUTH_SECRET || "dev-otp-pepper").trim();
 }
 function hashOtpCode(code, purpose, identifier, pepper) {
-  return (0, import_crypto.createHmac)("sha256", getPepper(pepper)).update(`${purpose}|${identifier}|${code}`).digest("hex");
+  return (0, import_crypto2.createHmac)("sha256", getPepper(pepper)).update(`${purpose}|${identifier}|${code}`).digest("hex");
 }
 function verifyOtpCodeHash(code, storedHash, purpose, identifier, pepper) {
   const h = hashOtpCode(code, purpose, identifier, pepper);
   try {
-    return (0, import_crypto.timingSafeEqual)(Buffer.from(h, "utf8"), Buffer.from(storedHash, "utf8"));
+    return (0, import_crypto2.timingSafeEqual)(Buffer.from(h, "utf8"), Buffer.from(storedHash, "utf8"));
   } catch {
     return false;
   }
 }
 function generateNumericOtp(length = 6) {
   const max = 10 ** length;
-  return (0, import_crypto.randomInt)(0, max).toString().padStart(length, "0");
+  return (0, import_crypto2.randomInt)(0, max).toString().padStart(length, "0");
 }
 function normalizePhoneE164(raw, defaultCountryCode) {
   const t = raw.trim();
@@ -9793,7 +10496,7 @@ function normalizePhoneE164(raw, defaultCountryCode) {
 async function countRecentOtpSends(dataSource, entityMap, purpose, identifier, since) {
   const repo = dataSource.getRepository(entityMap.otp_challenges);
   return repo.count({
-    where: { purpose, identifier, createdAt: (0, import_typeorm48.MoreThan)(since) }
+    where: { purpose, identifier, createdAt: (0, import_typeorm51.MoreThan)(since) }
   });
 }
 async function createOtpChallenge(dataSource, entityMap, input) {
@@ -9807,7 +10510,7 @@ async function createOtpChallenge(dataSource, entityMap, input) {
   await repo.delete({
     purpose,
     identifier,
-    consumedAt: (0, import_typeorm48.IsNull)()
+    consumedAt: (0, import_typeorm51.IsNull)()
   });
   const expiresAt = new Date(Date.now() + OTP_TTL_MS);
   const codeHash = hashOtpCode(code, purpose, identifier, pepper);
@@ -9828,7 +10531,7 @@ async function verifyAndConsumeOtpChallenge(dataSource, entityMap, input) {
   const { purpose, identifier, code, pepper } = input;
   const repo = dataSource.getRepository(entityMap.otp_challenges);
   const row = await repo.findOne({
-    where: { purpose, identifier, consumedAt: (0, import_typeorm48.IsNull)() },
+    where: { purpose, identifier, consumedAt: (0, import_typeorm51.IsNull)() },
     order: { id: "DESC" }
   });
   if (!row) {
@@ -10062,7 +10765,7 @@ function createStorefrontApiHandler(config) {
     const u = await userRepo().findOne({ where: { id: userId } });
     if (!u) return null;
     const unclaimed = await contactRepo().findOne({
-      where: { email: u.email, userId: (0, import_typeorm49.IsNull)(), deleted: false }
+      where: { email: u.email, userId: (0, import_typeorm52.IsNull)(), deleted: false }
     });
     if (unclaimed) {
       await contactRepo().update(unclaimed.id, { userId });
@@ -11113,7 +11816,7 @@ function createStorefrontApiHandler(config) {
           const previewByOrder = {};
           if (orderIds.length) {
             const oItems = await orderItemRepo().find({
-              where: { orderId: (0, import_typeorm49.In)(orderIds) },
+              where: { orderId: (0, import_typeorm52.In)(orderIds) },
               relations: ["product"],
               order: { id: "ASC" }
             });
@@ -11250,6 +11953,7 @@ function createStorefrontApiHandler(config) {
   createForgotPasswordHandler,
   createFormBySlugHandler,
   createInviteAcceptHandler,
+  createJobScheduleHandlers,
   createLlmAgentKnowledgeHandlers,
   createMediaZipExtractHandler,
   createSetPasswordHandler,