@jant/core 0.3.42 → 0.3.44

package/dist/{app-Cu3lveYI.js → app-CtJDxZBb.js}

@@ -1,19 +1,19 @@
-import { _ as __exportAll, a as getSitePathPrefix, d as slugify, f as stripSitePathPrefix, h as toPublicPath, i as getSiteOrigin, l as normalizeSiteUrl, m as toPublicHref, n as extractDisplayDomain, o as isFullUrl, p as toAbsoluteSiteUrl, r as extractDomain, s as normalizePath, t as buildSiteUrl, u as sanitizeUrl } from "./url-FvvgARU9.js";
-import { A as JANT_POSITIVE_LOGO_PNG_FILENAME, B as getJantLogoHref, C as formatYearMonth, D as HOME_BRANDING_LINK_LABEL, E as toISOString, F as getJantBundledAsset, G as base64ToUint8Array, H as JANT_LOGO_PATH_DATA, I as getJantIconFilename, L as getJantIconHref, M as getDefaultJantAppleTouchIconBytes, N as getDefaultJantFaviconIcoBytes, O as HOME_BRANDING_PREFIX, P as getJantBrandPackHref, R as getJantLogoFilename, S as formatTime, U as JANT_LOGO_VIEW_BOX, V as getJantPositiveLogoPngHref, W as arrayBufferToBase64, _ as getMediaUrl, a as tiptapJsonToMarkdown, b as formatRelativeAge, c as render, d as extractSummary, f as extractSummaryHtml, g as getImageUrl, h as escapeHtml, i as createExportService, j as JANT_REPO_URL, k as JANT_BRAND_PACK_FILENAME, l as toPlainText, m as trimTiptapBody, n as createGitHubSyncService, o as markdownToTiptapJson, p as renderTiptapJson, u as extractBodyText, v as getPublicUrlForProvider, w as now, x as formatRelativeTime, y as formatDate, z as getJantLogoFills } from "./github-sync-zohnA9qv.js";
-import { C as coalesceDisplayText, S as shouldUseSecureCookies, _ as getInternalAdminToken, a as getConfiguredSingleSiteUrl, b as getSiteResolutionMode, c as getDevApiToken, d as getHostedControlPlaneBaseUrl, f as getHostedControlPlaneDomainCheckSecret, g as getHostedControlPlaneSsoSecret, h as getHostedControlPlaneProviderLabel$1, i as getConfiguredSingleSitePathPrefix, l as getEnvString, m as getHostedControlPlaneInternalToken, n as getAuthSecret, o as getConfiguredStorageDriver, p as getHostedControlPlaneInternalBaseUrl, r as getConfiguredSingleSiteOrigin, s as getCorsOrigins, u as getGitHubAppConfig, v as getLocalStoragePath } from "./env-wCpMcNXs.js";
-import { a as listInstallationReposPage, n as getInstallation, o as searchInstallationRepos, t as buildInstallUrl } from "./github-app-F4qZ05xk.js";
-import { r as parseRepoSlug, t as createGitHubClient } from "./github-api-CficQztC.js";
+import { a as getSitePathPrefix, c as normalizePath, d as sanitizeUrl, f as slugify, g as toPublicPath, h as toPublicHref, i as getSiteOrigin, m as toAbsoluteSiteUrl, n as extractDisplayDomain, o as isFullUrl, p as stripSitePathPrefix, r as extractDomain, s as isSafeInternalRedirect, t as buildSiteUrl, u as normalizeSiteUrl, v as __exportAll } from "./url-umUptr5z.js";
+import { A as JANT_BRAND_PACK_FILENAME, B as getJantLogoFills, C as formatTime, D as toISOString, F as getJantBrandPackHref, G as arrayBufferToBase64, H as getJantPositiveLogoPngHref, I as getJantBundledAsset, K as base64ToUint8Array, L as getJantIconFilename, M as JANT_REPO_URL, N as getDefaultJantAppleTouchIconBytes, O as HOME_BRANDING_LINK_LABEL, P as getDefaultJantFaviconIcoBytes, R as getJantIconHref, S as formatRelativeTime, T as now, U as JANT_LOGO_PATH_DATA, V as getJantLogoHref, W as JANT_LOGO_VIEW_BOX, _ as getImageUrl, a as tiptapJsonToMarkdown, b as formatDate, c as render, d as extractSummary, f as extractSummaryHtml, g as escapeHtml, h as trimTiptapBody, i as createExportService, j as JANT_POSITIVE_LOGO_PNG_FILENAME, k as HOME_BRANDING_PREFIX, l as toPlainText, m as renderTiptapJson, n as createGitHubSyncService, o as markdownToTiptapJson, p as renderTiptapDocument, u as extractBodyText, v as getMediaUrl, w as formatYearMonth, x as formatRelativeAge, y as getPublicUrlForProvider, z as getJantLogoFilename } from "./github-sync-7y_nTXx1.js";
+import { C as coalesceDisplayText, S as shouldUseSecureCookies, _ as getInternalAdminToken, a as getConfiguredSingleSiteUrl, b as getSiteResolutionMode, c as getDevApiToken, d as getHostedControlPlaneBaseUrl, f as getHostedControlPlaneDomainCheckSecret, g as getHostedControlPlaneSsoSecret, h as getHostedControlPlaneProviderLabel$1, i as getConfiguredSingleSitePathPrefix, l as getEnvString, m as getHostedControlPlaneInternalToken, n as getAuthSecret, o as getConfiguredStorageDriver, p as getHostedControlPlaneInternalBaseUrl, r as getConfiguredSingleSiteOrigin, s as getCorsOrigins, u as getGitHubAppConfig, v as getLocalStoragePath } from "./env-CgaH9Mut.js";
+import { a as listInstallationReposPage, n as getInstallation, o as searchInstallationRepos, t as buildInstallUrl } from "./github-app-WeadXMb8.js";
+import { r as parseRepoSlug, t as createGitHubClient } from "./github-api-BkRWnqMx.js";
 import { I18n } from "@lingui/core";
+import * as lucideIcons from "lucide-static";
 import { z } from "zod";
 import { fromString, typeidUnboxed } from "typeid-js";
 import { decode } from "blurhash";
-import { and, asc, desc, eq, inArray, isNotNull, isNull, lt, lte, ne, or, sql } from "drizzle-orm";
+import { and, asc, desc, eq, gt, inArray, isNotNull, isNull, lt, lte, ne, or, sql } from "drizzle-orm";
 import { generateKeyBetween } from "fractional-indexing";
 import { drizzle } from "drizzle-orm/better-sqlite3";
 import { drizzle as drizzle$1 } from "drizzle-orm/d1";
 import { check, foreignKey, index, integer, primaryKey, sqliteTable, text, uniqueIndex } from "drizzle-orm/sqlite-core";
 import { boolean, check as check$1, customType, foreignKey as foreignKey$1, index as index$1, integer as integer$1, pgTable, primaryKey as primaryKey$1, text as text$1, timestamp, unique, uniqueIndex as uniqueIndex$1 } from "drizzle-orm/pg-core";
-import * as lucideIcons from "lucide-static";
 import { APIError, betterAuth } from "better-auth";
 import { drizzleAdapter } from "better-auth/adapters/drizzle";
 import { verifyPassword } from "better-auth/crypto";
@@ -3352,15 +3352,289 @@ function normalizeThemeColorForMeta(color) {
 * internal paths (e.g. `/_assets/client-HASH.js`) embedded by the Worker build
 * from the Vite client manifest. Used only in production (IS_VITE_DEV=false).
 */ var IS_VITE_DEV = typeof __JANT_DEV__ !== "undefined" && __JANT_DEV__ === true;
-var CORE_VERSION = "0.3.42-fc459b837c6eaa85";
+var CORE_VERSION = "0.3.44-c595e1fa6d741ba8";
 var CLIENT_JS_FILE = "/_assets/client-D95FNDg5.js";
-var CLIENT_AUTH_JS_FILE = "/_assets/client-auth-BRFl5zQA.js";
-var CLIENT_CSS_FILE = "/_assets/client-C_kImWZj.css";
+var CLIENT_AUTH_JS_FILE = "/_assets/client-auth-CXILhW1b.js";
+var CLIENT_CSS_FILE = "/_assets/client-BQH7AQ24.css";
 var CLIENT_CJK_CSS_FILE = "/_assets/client-cjk-B7Z0snDu.css";
 var CLIENT_CJK_TC_CSS_FILE = "/_assets/client-cjk-tc-BesJYrb2.css";
 var CLIENT_CJK_JP_CSS_FILE = "/_assets/client-cjk-jp-DZwrTzQC.css";
 var CLIENT_CJK_KR_CSS_FILE = "/_assets/client-cjk-kr-_3ZNI2ZP.css";
 //#endregion
+//#region src/ui/shared/icon-collector.ts
+/**
+* Request-scoped icon collector for SSR SVG sprite pattern.
+*
+* The <Icon> component registers each used icon name here during render.
+* At the end of <body>, <IconSprite> reads the collected set and emits a
+* single <svg><symbol>...</symbol></svg> block so every <use href="#icon-x">
+* reference in the page resolves to a definition.
+*
+* Mirrors the I18nProvider pattern in i18n/context.tsx: Hono JSX renders
+* synchronously per request, so a module-level singleton is safe.
+*/ var currentCollector = null;
+/**
+* Start a new collection scope for the current render pass.
+* Call at the top of the root layout before children render.
+*/ function resetIconCollector() {
+	currentCollector = /* @__PURE__ */ new Set();
+}
+/**
+* Register an icon as used during this render.
+* Safe to call even when no collector is active (no-op).
+*/ function collectIcon(name) {
+	currentCollector?.add(name);
+}
+/**
+* Get the icon names collected so far during this render.
+* Returns an empty set if no collection scope is active.
+*/ function getCollectedIcons() {
+	return currentCollector ?? /* @__PURE__ */ new Set();
+}
+//#endregion
+//#region src/lib/featured-icons.ts
+/**
+* Shared icon definitions for featured post affordances.
+*
+* These paths are reused across Hono JSX, Lit, and exported static markup so
+* "Featured" keeps one visual language everywhere.
+*/ var FEATURED_SPARKLE_PATH = "M12 3 10.1 10.1 3 12l7.1 1.9L12 21l1.9-7.1L21 12l-7.1-1.9Z";
+var FEATURED_SPARKLE_OFF_SLASH_PATH = "M4 4 20 20";
+/**
+* Build inline SVG markup for the shared featured sparkle icon.
+*
+* @param options - Render options for the sparkle icon.
+* @returns SVG markup string for inline insertion.
+* @example
+* getFeaturedIconSvg({ off: true, className: "icon-fine" });
+*/ function getFeaturedIconSvg(options = {}) {
+	return `<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"${options.className ? ` class="${options.className}"` : ""} aria-hidden="true"><path d="${FEATURED_SPARKLE_PATH}" />${options.off ? `<path d="${FEATURED_SPARKLE_OFF_SLASH_PATH}" />` : ""}</svg>`;
+}
+//#endregion
+//#region src/lib/decorative-quote-mark.ts
+var DECORATIVE_QUOTE_MARK_VIEWBOX = "0 0 96 96";
+var DECORATIVE_QUOTE_MARK_PATHS = ["M24.4 10.5C16.9 17.7 11.5 26.8 8.2 37.7C4.9 48.7 4.8 58.9 7.8 68.2C10.3 75.7 15.4 79.5 22.9 79.5C28 79.5 32.2 77.8 35.4 74.2C38.6 70.7 40.2 66.5 40.2 61.4C40.2 56.5 38.8 52.6 36 49.6C33.3 46.6 29.7 45.1 25.2 45.1C23.4 45.1 21.8 45.3 20.2 45.8C22.2 37.3 26.7 29.2 33.6 21.4L24.4 10.5Z", "M60.8 10.5C53.3 17.7 47.9 26.8 44.6 37.7C41.3 48.7 41.2 58.9 44.2 68.2C46.7 75.7 51.8 79.5 59.3 79.5C64.4 79.5 68.6 77.8 71.8 74.2C75 70.7 76.6 66.5 76.6 61.4C76.6 56.5 75.2 52.6 72.4 49.6C69.7 46.6 66.1 45.1 61.6 45.1C59.8 45.1 58.2 45.3 56.6 45.8C58.6 37.3 63.1 29.2 70 21.4L60.8 10.5Z"];
+DECORATIVE_QUOTE_MARK_PATHS.map((path) => `<path fill="currentColor" d="${path}" />`).join("");
+//#endregion
+//#region src/ui/shared/custom-icons.ts
+/**
+* Custom (non-lucide) SVG symbol definitions used by the icon sprite.
+*
+* Icons here fall into three groups:
+*   1. Jant-specific paths (decorative quote mark, featured sparkle).
+*   2. Lucide-equivalent paths the UI uses with non-default stroke widths
+*      or sizes that don't match the stock lucide symbol (we keep them as
+*      custom symbols to preserve exact visual fidelity during refactor).
+*   3. Fixed-color SVGs (video play overlay) that don't use currentColor.
+*
+* Each entry provides everything needed to render a <symbol> element:
+*   <symbol id="icon-${name}" viewBox={viewBox}>{inner}</symbol>
+* Consumers of <Icon name="..."> pass `size` / `className` on the outer
+* <svg><use/></svg>; `<symbol>` children inherit the outer attributes.
+*/ var STROKE_THIN = "fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.35\" stroke-linecap=\"round\" stroke-linejoin=\"round\"";
+var STROKE_POST_BADGE = "fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.75\" stroke-linecap=\"round\" stroke-linejoin=\"round\"";
+var CUSTOM_SYMBOLS = {
+	"featured-sparkle": {
+		viewBox: "0 0 24 24",
+		inner: `<path ${STROKE_THIN} d="${FEATURED_SPARKLE_PATH}" />`
+	},
+	"featured-sparkle-off": {
+		viewBox: "0 0 24 24",
+		inner: `<path ${STROKE_THIN} d="${FEATURED_SPARKLE_PATH}" /><path ${STROKE_THIN} d="${FEATURED_SPARKLE_OFF_SLASH_PATH}" />`
+	},
+	"decorative-quote": {
+		viewBox: DECORATIVE_QUOTE_MARK_VIEWBOX,
+		inner: DECORATIVE_QUOTE_MARK_PATHS.map((path) => `<path fill="currentColor" d="${path}" />`).join("")
+	},
+	"post-collection-lock": {
+		viewBox: "0 0 16 16",
+		inner: `<rect ${STROKE_THIN} x="3" y="5.05" width="10" height="8.15" rx="2.2" /><path ${STROKE_THIN} d="M5.1 5.05V4.2a1.1 1.1 0 0 1 1.1-1.1h3.6a1.1 1.1 0 0 1 1.1 1.1v.85" />`
+	},
+	"post-menu-dots": {
+		viewBox: "0 0 24 24",
+		inner: `<circle cx="5" cy="12" r="1.75" fill="currentColor" /><circle cx="12" cy="12" r="1.75" fill="currentColor" /><circle cx="19" cy="12" r="1.75" fill="currentColor" />`
+	},
+	"post-external-link": {
+		viewBox: "0 0 24 24",
+		inner: `<path fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" d="M7 17 17 7" /><path fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" d="M9 7h8v8" />`
+	},
+	"post-reply": {
+		viewBox: "0 0 24 24",
+		inner: `<polyline fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" points="9 17 4 12 9 7" /><path fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" d="M20 18v-2a4 4 0 0 0-4-4H4" />`
+	},
+	"link-domain": {
+		viewBox: "0 0 24 24",
+		inner: `<path fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" d="M13.5 6H5.25A2.25 2.25 0 0 0 3 8.25v10.5A2.25 2.25 0 0 0 5.25 21h10.5A2.25 2.25 0 0 0 18 18.75V10.5m-10.5 6L21 3m0 0h-5.25M21 3v5.25" />`
+	},
+	"link-preview-play": {
+		viewBox: "0 0 68 48",
+		inner: "<path class=\"link-preview-play-bg\" fill=\"rgba(0,0,0,.65)\" d=\"M66.52 7.74c-.78-2.93-2.49-5.41-5.42-6.19C55.79.13 34 0 34 0S12.21.13 6.9 1.55C3.97 2.33 2.27 4.81 1.48 7.74.06 13.05 0 24 0 24s.06 10.95 1.48 16.26c.78 2.93 2.49 5.41 5.42 6.19C12.21 47.87 34 48 34 48s21.79-.13 27.1-1.55c2.93-.78 4.64-3.26 5.42-6.19C67.94 34.95 68 24 68 24s-.06-10.95-1.48-16.26z\" /><path fill=\"#fff\" d=\"M45 24L27 14v20\" />"
+	},
+	"link-preview-badge-play": {
+		viewBox: "0 0 16 16",
+		inner: "<path fill=\"currentColor\" d=\"M5.5 3.5v9l7-4.5z\" />"
+	},
+	"toast-success": {
+		viewBox: "0 0 24 24",
+		inner: `<circle fill="none" stroke="currentColor" stroke-width="2" cx="12" cy="12" r="10" /><path fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" d="m9 12 2 2 4-4" />`
+	},
+	"toast-error": {
+		viewBox: "0 0 24 24",
+		inner: `<circle fill="none" stroke="currentColor" stroke-width="2" cx="12" cy="12" r="10" /><path fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" d="m15 9-6 6M9 9l6 6" />`
+	},
+	"toast-close": {
+		viewBox: "0 0 24 24",
+		inner: `<path fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" d="M18 6 6 18M6 6l12 12" />`
+	},
+	"post-status-pin": {
+		viewBox: "0 0 24 24",
+		inner: `<line ${STROKE_POST_BADGE} x1="12" x2="12" y1="17" y2="22" /><path ${STROKE_POST_BADGE} d="M5 17h14v-1.76a2 2 0 0 0-1.11-1.79l-1.78-.9A2 2 0 0 1 15 10.76V6h1a2 2 0 0 0 0-4H8a2 2 0 0 0 0 4h1v4.76a2 2 0 0 1-1.11 1.79l-1.78.9A2 2 0 0 0 5 15.24Z" />`
+	},
+	"post-status-private": {
+		viewBox: "0 0 24 24",
+		inner: `<path ${STROKE_POST_BADGE} d="M10.733 5.076a10.744 10.744 0 0 1 11.205 6.575 1 1 0 0 1 0 .696 10.747 10.747 0 0 1-1.444 2.49" /><path ${STROKE_POST_BADGE} d="M14.084 14.158a3 3 0 0 1-4.242-4.242" /><path ${STROKE_POST_BADGE} d="M17.479 17.499a10.75 10.75 0 0 1-15.417-5.151 1 1 0 0 1 0-.696 10.75 10.75 0 0 1 4.446-5.143" /><path ${STROKE_POST_BADGE} d="m2 2 20 20" />`
+	}
+};
+function getCustomSymbol(name) {
+	return CUSTOM_SYMBOLS[name] ?? null;
+}
+/**
+* Return the viewBox for an icon's outer <svg> wrapper.
+*
+* This must match the <symbol>'s viewBox so the browser computes the correct
+* intrinsic aspect ratio. Without this, outer <svg> with `height: auto` in
+* CSS falls back to the 300×150 replaced-element default instead of the
+* icon's real aspect ratio.
+*
+* Falls back to lucide's "0 0 24 24" for lucide-sourced icons.
+*/ function getIconViewBox(name) {
+	return CUSTOM_SYMBOLS[name]?.viewBox ?? "0 0 24 24";
+}
+//#endregion
+//#region src/ui/shared/Icon.tsx
+/**
+* <Icon> — sprite-based SVG icon for SSR pages.
+*
+* Renders a lightweight <svg><use href="#icon-${name}"/></svg> stub and
+* registers the icon name with the request-scoped collector so the final
+* sprite (rendered by <IconSprite>) contains exactly the icons used on
+* this page.
+*
+* Name can refer to any lucide-static icon (kebab-case) or one of the
+* custom symbols defined in `custom-icons.ts`. Unknown names render an
+* empty <svg> — the same failure mode as the previous getIconSvg() path.
+*
+* Size: outer <svg> width/height in pixels. Defaults to 24 (lucide default).
+* Pass `class` to add CSS classes, e.g. for sizing via stylesheet instead
+* of inline width/height.
+*/ var Icon$1 = ({ name, size, class: cls, "aria-label": ariaLabel, "aria-hidden": ariaHidden }) => {
+	collectIcon(name);
+	const hidden = ariaHidden ?? (ariaLabel ? void 0 : true);
+	return /* @__PURE__ */ jsxDEV$1("svg", {
+		viewBox: getIconViewBox(name),
+		...size !== void 0 ? {
+			width: size,
+			height: size
+		} : {},
+		...cls ? { class: cls } : {},
+		...ariaLabel ? {
+			"aria-label": ariaLabel,
+			role: "img"
+		} : {},
+		...hidden ? { "aria-hidden": "true" } : {},
+		children: /* @__PURE__ */ jsxDEV$1("use", { href: `#icon-${name}` })
+	});
+};
+//#endregion
+//#region src/lib/icons.ts
+/**
+* Shared icon utilities.
+*
+* Provides a small wrapper around lucide-static so server-rendered UI can fetch
+* SVG markup by kebab-case icon name.
+*/
+/**
+* Convert a kebab-case icon name to PascalCase for lucide-static lookup.
+*
+* @param name - Kebab-case icon name such as "book-open"
+* @returns PascalCase name such as "BookOpen"
+*/ function toPascalCase(name) {
+	return name.split("-").map((part) => part.charAt(0).toUpperCase() + part.slice(1)).join("");
+}
+/**
+* Get SVG markup for a Lucide icon by kebab-case name.
+*
+* @param name - Kebab-case icon name
+* @returns SVG string or null when the icon is unknown
+*
+* @example
+* ```ts
+* getIconSvg("book-open");
+* ```
+*/ function getIconSvg(name) {
+	const svg = lucideIcons[toPascalCase(name)];
+	return typeof svg === "string" ? svg : null;
+}
+/**
+* Get the inner SVG contents for a Lucide icon (the path children only,
+* without the outer <svg> wrapper). Used by the icon sprite to build
+* <symbol> definitions.
+*
+* @param name - Kebab-case icon name
+* @returns Inner SVG markup (e.g. "<path ... />"), or null when unknown
+*
+* @example
+* ```ts
+* getIconInnerSvg("book-open");
+* // -> "<path d=\"...\"/><path d=\"...\"/>"
+* ```
+*/ function getIconInnerSvg(name) {
+	const svg = getIconSvg(name);
+	if (!svg) return null;
+	const openTagEnd = svg.indexOf(">");
+	const closeTagStart = svg.lastIndexOf("</svg>");
+	if (openTagEnd < 0 || closeTagStart < 0) return null;
+	return svg.slice(openTagEnd + 1, closeTagStart);
+}
+/**
+* Default stroke/fill attributes inherited by <symbol> children when a
+* lucide icon is referenced via <use>. These mirror the attributes lucide
+* normally sets on the outer <svg> so the currentColor-based theming keeps
+* working through <use>.
+*/ var LUCIDE_SYMBOL_ATTRS = "fill=\"none\" stroke=\"currentColor\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"";
+var LUCIDE_VIEWBOX = "0 0 24 24";
+//#endregion
+//#region src/ui/shared/IconSprite.tsx
+/**
+* <IconSprite> — emits the SVG symbol definitions used by this render.
+*
+* Must be rendered AFTER all <Icon> usages in the document (e.g. at the
+* end of <body>) so the collector has the full set of icon names. Hono
+* JSX stringifies synchronously in document order, so children declared
+* earlier in the tree are evaluated before this component.
+*
+* <use href="#icon-x"> anywhere in the document resolves correctly even
+* when the <symbol> definition comes after the reference, since browsers
+* wire up the references after the full document is parsed.
+*/ function buildSymbol(name) {
+	const custom = getCustomSymbol(name);
+	if (custom) return `<symbol id="icon-${name}" viewBox="${custom.viewBox}">${custom.inner}</symbol>`;
+	const inner = getIconInnerSvg(name);
+	if (inner === null) return null;
+	return `<symbol id="icon-${name}" viewBox="${LUCIDE_VIEWBOX}" ${LUCIDE_SYMBOL_ATTRS}>${inner}</symbol>`;
+}
+var IconSprite = () => {
+	const symbols = Array.from(getCollectedIcons()).sort().map(buildSymbol).filter((s) => s !== null).join("");
+	if (!symbols) return null;
+	return /* @__PURE__ */ jsxDEV$1("svg", {
+		xmlns: "http://www.w3.org/2000/svg",
+		style: "display:none",
+		"aria-hidden": "true",
+		"data-icon-sprite": true,
+		children: raw(symbols)
+	});
+};
+//#endregion
 //#region src/ui/layouts/BaseLayout.tsx
 /**
 * Base HTML Layout
@@ -3370,7 +3644,8 @@ var CLIENT_CJK_KR_CSS_FILE = "/_assets/client-cjk-kr-_3ZNI2ZP.css";
 *
 * In dev mode (Vite), serves assets via Vite's dev server.
 * In production, serves pre-built assets with content-hashed filenames.
-*/ var BaseLayout = ({ title, description, lang, c, toast, faviconHref, appleTouchHref, faviconUrl, faviconVersion, socialImageUrl, noindex, isAuthenticated = false, clientBundle, children }) => {
+*/ var BaseLayout = ({ title, description, lang, c, toast, faviconHref, appleTouchHref, faviconUrl, faviconVersion, socialImageUrl, canonicalHref, noindex, isAuthenticated = false, clientBundle, children }) => {
+	resetIconCollector();
 	const resolvedLang = lang ?? (c ? c.get("lang") : "en");
 	const appConfig = c ? c.get("appConfig") : void 0;
 	const resolvedSocialImagePath = socialImageUrl ?? faviconUrl ?? appConfig?.siteAvatarUrl ?? getJantIconHref("socialImage", appConfig?.sitePathPrefix || "");
@@ -3398,7 +3673,7 @@ var CLIENT_CJK_KR_CSS_FILE = "/_assets/client-cjk-kr-_3ZNI2ZP.css";
 	const cjkSerifFont = appConfig?.cjkSerifFont ?? "off";
 	const cjkStylesheetPath = cjkSerifFont === "zh-Hans" ? IS_VITE_DEV ? assetPath("/src/style-cjk.css") : toPublicAssetPath(CLIENT_CJK_CSS_FILE, assetBasePath) : cjkSerifFont === "zh-Hant" ? IS_VITE_DEV ? assetPath("/src/style-cjk-tc.css") : toPublicAssetPath(CLIENT_CJK_TC_CSS_FILE, assetBasePath) : cjkSerifFont === "ja" ? IS_VITE_DEV ? assetPath("/src/style-cjk-jp.css") : toPublicAssetPath(CLIENT_CJK_JP_CSS_FILE, assetBasePath) : cjkSerifFont === "ko" ? IS_VITE_DEV ? assetPath("/src/style-cjk-kr.css") : toPublicAssetPath(CLIENT_CJK_KR_CSS_FILE, assetBasePath) : null;
 	const clientScriptPath = IS_VITE_DEV ? resolvedClientBundle === "full" ? assetPath("/src/client-auth.ts") : assetPath("/src/client.ts") : toPublicAssetPath(resolvedClientBundle === "full" ? CLIENT_AUTH_JS_FILE : CLIENT_JS_FILE, assetBasePath);
-	const faviconAssetVersion = resolvedFaviconVersion || "0.3.42-fc459b837c6eaa85";
+	const faviconAssetVersion = resolvedFaviconVersion || "0.3.44-c595e1fa6d741ba8";
 	const resolvedFaviconHref = faviconHref ?? (faviconAssetVersion ? toPublicPath(`/favicon.ico?v=${faviconAssetVersion}`, sitePathPrefix) : toPublicPath("/favicon.ico", sitePathPrefix));
 	const resolvedAppleTouchHref = appleTouchHref ?? (faviconAssetVersion ? toPublicPath(`/apple-touch-icon.png?v=${faviconAssetVersion}`, sitePathPrefix) : toPublicPath("/apple-touch-icon.png", sitePathPrefix));
 	const socialImageHref = resolvedSocialImagePath && (isFullUrl(resolvedSocialImagePath) || resolvedSocialImagePath.startsWith("//") ? resolvedSocialImagePath : toAbsoluteSiteUrl(resolvedSocialImagePath, appConfig?.siteUrl || "", sitePathPrefix));
@@ -3497,6 +3772,10 @@ var CLIENT_CJK_KR_CSS_FILE = "/_assets/client-cjk-kr-_3ZNI2ZP.css";
 				name: "robots",
 				content: "noindex, nofollow"
 			}),
+			canonicalHref && /* @__PURE__ */ jsxDEV$1("link", {
+				rel: "canonical",
+				href: canonicalHref
+			}),
 			/* @__PURE__ */ jsxDEV$1("link", {
 				rel: "icon",
 				href: resolvedFaviconHref,
@@ -3555,46 +3834,18 @@ var CLIENT_CJK_KR_CSS_FILE = "/_assets/client-cjk-kr-_3ZNI2ZP.css";
 						class: `toast ${toast.type === "error" ? "toast-error" : "toast-success"}`,
 						"data-init": "el.closest('[popover]').showPopover(); history.replaceState({}, '', location.pathname); setTimeout(() => { el.classList.add('toast-out'); el.addEventListener('animationend', () => el.remove()) }, 3000)",
 						children: [
-							toast.type === "error" ? /* @__PURE__ */ jsxDEV$1("svg", {
-								xmlns: "http://www.w3.org/2000/svg",
-								fill: "none",
-								viewBox: "0 0 24 24",
-								"stroke-width": "2",
-								stroke: "currentColor",
-								children: [/* @__PURE__ */ jsxDEV$1("circle", {
-									cx: "12",
-									cy: "12",
-									r: "10"
-								}), /* @__PURE__ */ jsxDEV$1("path", { d: "m15 9-6 6M9 9l6 6" })]
-							}) : /* @__PURE__ */ jsxDEV$1("svg", {
-								xmlns: "http://www.w3.org/2000/svg",
-								fill: "none",
-								viewBox: "0 0 24 24",
-								"stroke-width": "2",
-								stroke: "currentColor",
-								children: [/* @__PURE__ */ jsxDEV$1("circle", {
-									cx: "12",
-									cy: "12",
-									r: "10"
-								}), /* @__PURE__ */ jsxDEV$1("path", { d: "m9 12 2 2 4-4" })]
-							}),
+							toast.type === "error" ? /* @__PURE__ */ jsxDEV$1(Icon$1, { name: "toast-error" }) : /* @__PURE__ */ jsxDEV$1(Icon$1, { name: "toast-success" }),
 							/* @__PURE__ */ jsxDEV$1("span", { children: toast.message }),
 							/* @__PURE__ */ jsxDEV$1("button", {
 								class: "toast-close",
 								"data-on:click": "el.closest('.toast').classList.add('toast-out'); el.closest('.toast').addEventListener('animationend', () => el.closest('.toast').remove())",
-								children: /* @__PURE__ */ jsxDEV$1("svg", {
-									xmlns: "http://www.w3.org/2000/svg",
-									fill: "none",
-									viewBox: "0 0 24 24",
-									"stroke-width": "2",
-									stroke: "currentColor",
-									children: /* @__PURE__ */ jsxDEV$1("path", { d: "M18 6 6 18M6 6l12 12" })
-								})
+								children: /* @__PURE__ */ jsxDEV$1(Icon$1, { name: "toast-close" })
 							})
 						]
 					})
 				}),
-				customBodyEndHtml && raw(customBodyEndHtml)
+				customBodyEndHtml && raw(customBodyEndHtml),
+				/* @__PURE__ */ jsxDEV$1(IconSprite, {})
 			]
 		})]
 	})] });
@@ -5381,9 +5632,10 @@ setupRoutes.post("/setup", async (c) => {
 });
 //#endregion
 //#region src/lib/hosted-signin.ts
-function getHostedAdminContinuationPath(publicRequestUrl) {
+function getHostedAdminContinuationPath(publicRequestUrl, redirect) {
 	const currentHost = new URL(publicRequestUrl).host;
-	return `/auth/handoff/start?host=${encodeURIComponent(currentHost)}&redirect=${encodeURIComponent("/")}`;
+	const safeRedirect = isSafeInternalRedirect(redirect) ? redirect : "/";
+	return `/auth/handoff/start?host=${encodeURIComponent(currentHost)}&redirect=${encodeURIComponent(safeRedirect)}`;
 }
 function buildHostedControlPlaneUrl(env, pathname, search) {
 	const hostedControlPlaneBaseUrl = getHostedControlPlaneBaseUrl(env);
@@ -5393,8 +5645,8 @@ function buildHostedControlPlaneUrl(env, pathname, search) {
 	location.search = search ?? "";
 	return location.toString();
 }
-function getHostedControlPlaneSigninUrl(env, publicRequestUrl) {
-	return buildHostedControlPlaneUrl(env, "/auth/handoff/start", getHostedAdminContinuationPath(publicRequestUrl).replace(/^\/auth\/handoff\/start/, ""));
+function getHostedControlPlaneSigninUrl(env, publicRequestUrl, redirect) {
+	return buildHostedControlPlaneUrl(env, "/auth/handoff/start", getHostedAdminContinuationPath(publicRequestUrl, redirect).replace(/^\/auth\/handoff\/start/, ""));
 }
 function getHostedControlPlaneResetUrl(env, publicRequestUrl) {
 	const search = new URLSearchParams();
@@ -5419,11 +5671,12 @@ function getHostedControlPlaneProviderLabel(env) {
 //#region src/routes/auth/signin.tsx
 /**
 * Sign-in / Sign-out Routes
-*/ var SigninContent = ({ demoEmail, demoPassword, sitePathPrefix = "" }) => {
+*/ var SigninContent = ({ demoEmail, demoPassword, sitePathPrefix = "", redirect }) => {
 	const { i18n } = useLingui();
 	const signals = JSON.stringify({
 		email: demoEmail || "",
-		password: demoPassword || ""
+		password: demoPassword || "",
+		...redirect ? { redirect } : {}
 	}).replace(/</g, "\\u003c");
 	return /* @__PURE__ */ jsxDEV$1("div", {
 		class: "min-h-screen flex items-center justify-center",
@@ -5488,7 +5741,9 @@ function getHostedControlPlaneProviderLabel(env) {
 };
 var signinRoutes = new Hono();
 signinRoutes.get("/signin", async (c) => {
-	const hostedSigninUrl = getHostedControlPlaneSigninUrl(c.env, c.var.publicRequestUrl);
+	const rawRedirect = c.req.query("redirect");
+	const redirect = isSafeInternalRedirect(rawRedirect) ? rawRedirect : void 0;
+	const hostedSigninUrl = getHostedControlPlaneSigninUrl(c.env, c.var.publicRequestUrl, redirect);
 	if (hostedSigninUrl) return c.redirect(hostedSigninUrl);
 	const i18n = getI18n(c);
 	const isSetup = c.req.query("setup") !== void 0;
@@ -5503,7 +5758,8 @@ signinRoutes.get("/signin", async (c) => {
 		children: /* @__PURE__ */ jsxDEV$1(SigninContent, {
 			demoEmail: c.var.appConfig.demoEmail,
 			demoPassword: c.var.appConfig.demoPassword,
-			sitePathPrefix: c.var.appConfig.sitePathPrefix
+			sitePathPrefix: c.var.appConfig.sitePathPrefix,
+			redirect
 		})
 	}));
 });
@@ -5514,6 +5770,8 @@ signinRoutes.post("/signin", async (c) => {
 	const parsed = SigninSchema.safeParse(body);
 	if (!parsed.success) return dsToast(parsed.error.issues[0]?.message ?? i18n._({ id: "vXCC6J" }), "error");
 	const { email, password } = parsed.data;
+	const rawRedirect = body && typeof body === "object" && "redirect" in body ? body.redirect : void 0;
+	const redirectTarget = typeof rawRedirect === "string" && isSafeInternalRedirect(rawRedirect) ? rawRedirect : "/";
 	try {
 		const { headers } = await c.var.auth.api.signInEmail({
 			returnHeaders: true,
@@ -5523,7 +5781,7 @@ signinRoutes.post("/signin", async (c) => {
 			},
 			headers: c.req.raw.headers
 		});
-		return dsRedirect(toPublicPath("/", c.var.appConfig.sitePathPrefix), { headers });
+		return dsRedirect(toPublicPath(redirectTarget, c.var.appConfig.sitePathPrefix), { headers });
 	} catch {
 		return dsToast(i18n._({ id: "nFukaP" }), "error");
 	}
@@ -5721,23 +5979,53 @@ function getRequestHostname(requestUrl, requestHost) {
 	return hostname ? isLocalHostname(hostname) : false;
 }
 /**
+* Paths that should never be used as post-signin redirect targets (would
+* either loop back to signin or hit an unauthenticated endpoint).
+*/ var POST_SIGNIN_REDIRECT_BLOCKLIST = new Set([
+	"/signin",
+	"/signout",
+	"/setup",
+	"/reset",
+	"/__sso"
+]);
+function getPostSigninRedirect(requestUrl) {
+	let url;
+	try {
+		url = new URL(requestUrl);
+	} catch {
+		return null;
+	}
+	const pathname = url.pathname || "/";
+	if (POST_SIGNIN_REDIRECT_BLOCKLIST.has(pathname)) return null;
+	if (pathname.startsWith("/api/")) return null;
+	const candidate = `${pathname}${url.search}`;
+	return isSafeInternalRedirect(candidate) ? candidate : null;
+}
+/**
 * Middleware that requires authentication.
 * Redirects to signin page if not authenticated.
 * Session-only — Bearer tokens are not accepted for dashboard pages.
 */ function requireAuth(redirectTo = "/signin") {
 	return async (c, next) => {
-		const redirectTarget = toPublicHref(redirectTo, getRuntimeSitePathPrefix({
+		const sitePathPrefix = getRuntimeSitePathPrefix({
 			env: c.env,
 			appConfig: c.var.appConfig,
 			currentSiteDomain: c.var.currentSiteDomain
-		}));
+		});
+		const buildRedirectTarget = () => {
+			const publicHref = toPublicHref(redirectTo, sitePathPrefix);
+			if (redirectTo !== "/signin") return publicHref;
+			const postSignin = getPostSigninRedirect(c.req.url);
+			if (!postSignin) return publicHref;
+			return `${publicHref}${publicHref.includes("?") ? "&" : "?"}redirect=${encodeURIComponent(postSignin)}`;
+		};
+		const session = c.var.session;
+		if (!session?.user) return c.redirect(buildRedirectTarget());
 		try {
-			const session = await c.var.auth.api.getSession({ headers: c.req.raw.headers });
-			if (!session?.user) return c.redirect(redirectTarget);
-			if (!await c.var.services.siteMembers.get(c.var.currentSite.id, session.user.id)) return c.redirect(redirectTarget);
+			if (!await c.var.services.siteMembers.get(c.var.currentSite.id, session.user.id)) return c.redirect(buildRedirectTarget());
 			await next();
 		} catch {
-			return c.redirect(redirectTarget);
+			return c.redirect(buildRedirectTarget());
 		}
 	};
 }
@@ -5747,10 +6035,9 @@ function getRequestHostname(requestUrl, requestHost) {
 * Returns 401 if neither method succeeds.
 */ function requireAuthApi() {
 	return async (c, next) => {
-		try {
-			const session = await c.var.auth.api.getSession({ headers: c.req.raw.headers });
-			if (session?.user) {
-				if (!await c.var.services.siteMembers.get(c.var.currentSite.id, session.user.id)) throw new UnauthorizedError();
+		const session = c.var.session;
+		if (session?.user) try {
+			if (await c.var.services.siteMembers.get(c.var.currentSite.id, session.user.id)) {
 				await next();
 				return;
 			}
@@ -5827,7 +6114,7 @@ devAuthRoutes.get("/__dev/login", async (c) => {
 			headers: responseHeaders
 		});
 	} catch {
-		return c.text("Dev login failed. Finish /setup once or run `mise run db-local-rebuild-demo`, then retry.", 500);
+		return c.text("Dev login failed. Finish /setup once or run `mise run db-wrangler-rebuild-demo`, then retry.", 500);
 	}
 });
 //#endregion
@@ -6314,7 +6601,8 @@ function getLegacyBodyPreview(post) {
 }
 function getPlainSummary(post) {
 	if (post.format === "quote") return normalizePreviewText(post.quoteText);
-	return normalizePreviewText(post.summary) || normalizePreviewText(post.bodyText) || getLegacyBodyPreview(post) || normalizePreviewText(post.url);
+	const cleanBody = post.body ? extractBodyText(post.body) : null;
+	return normalizePreviewText(post.summary) || normalizePreviewText(cleanBody) || normalizePreviewText(post.bodyText) || getLegacyBodyPreview(post) || normalizePreviewText(post.url);
 }
 function clipPreviewText(text, maxChars) {
 	if (!text) return void 0;
@@ -6344,10 +6632,16 @@ function clipPreviewText(text, maxChars) {
 		if (result) {
 			summaryHtml = result.html;
 			summaryHasMore = result.hasMore;
-			if (result.hasMore && post.bodyHtml) {
-				const pos = result.html.length;
-				bodyHtmlWithAnchor = post.bodyHtml.slice(0, pos) + "<span id=\"continue\"></span>" + post.bodyHtml.slice(pos);
-			}
+			if (result.hasMore && post.bodyHtml) try {
+				const doc = JSON.parse(post.body);
+				if (doc.type === "doc" && Array.isArray(doc.content) && result.breakAtIndex > 0 && result.breakAtIndex <= doc.content.length) {
+					const beforeHtml = renderTiptapDocument({
+						type: "doc",
+						content: doc.content.slice(0, result.breakAtIndex)
+					});
+					if (post.bodyHtml.startsWith(beforeHtml)) bodyHtmlWithAnchor = beforeHtml + "<span id=\"continue\"></span>" + post.bodyHtml.slice(beforeHtml.length);
+				}
+			} catch {}
 		}
 	}
 	const collections = (postCollections ?? []).map((c) => ({
@@ -6589,8 +6883,8 @@ function clipPreviewText(text, maxChars) {
 *   content: <MyContent />,
 * });
 * ```
-*/ async function getNavigationData(c) {
-	const items = await c.var.services.navItems.list();
+*/ async function getNavigationData(c, options) {
+	const items = options?.preloadedItems ?? await c.var.services.navItems.list();
 	const currentPath = c.var.publicPath;
 	const appConfig = c.var.appConfig;
 	const siteName = appConfig.siteName;
@@ -6602,11 +6896,8 @@ function clipPreviewText(text, maxChars) {
 	const siteAvatarUrl = appConfig.siteAvatarUrl || void 0;
 	const showHeaderAvatar = appConfig.showHeaderAvatar;
 	const siteFooterHtml = siteFooter ? render(siteFooter) : void 0;
-	let isAuthenticated = false;
+	const isAuthenticated = c.var.isAuthenticated;
 	let collections = [];
-	try {
-		isAuthenticated = !!(await c.var.auth.api.getSession({ headers: c.req.raw.headers }))?.user;
-	} catch {}
 	const collectionNavIds = [];
 	for (const item of items) if (item.type === "collection" && item.collectionId) collectionNavIds.push(item.collectionId);
 	const collectionFreshness = collectionNavIds.length > 0 ? await c.var.services.navItems.getCollectionFreshness(collectionNavIds) : void 0;
@@ -7510,7 +7801,7 @@ var SiteLayout = ({ siteName, links, currentPath, sitePathPrefix = "", isAuthent
 * });
 * ```
 */ function renderPublicPage(c, options) {
-	const { title, description, faviconHref, appleTouchHref, socialImageUrl, navData, content, sidebar, toast, showComposeDialog, showHeader, showHomeBranding, composeCollectionId } = options;
+	const { title, description, faviconHref, appleTouchHref, socialImageUrl, canonicalHref, navData, content, sidebar, toast, showComposeDialog, showHeader, showHomeBranding, composeCollectionId } = options;
 	const metaDescription = description || navData.siteDescription || void 0;
 	const appConfig = c.get("appConfig");
 	const allSettings = c.get("allSettings");
@@ -7543,6 +7834,7 @@ var SiteLayout = ({ siteName, links, currentPath, sitePathPrefix = "", isAuthent
 		faviconHref,
 		appleTouchHref,
 		socialImageUrl,
+		canonicalHref,
 		faviconUrl,
 		faviconVersion,
 		noindex,
@@ -9009,25 +9301,6 @@ var MediaGallery = ({ attachments, postPermalink }) => {
 	});
 };
 //#endregion
-//#region src/lib/featured-icons.ts
-/**
-* Shared icon definitions for featured post affordances.
-*
-* These paths are reused across Hono JSX, Lit, and exported static markup so
-* "Featured" keeps one visual language everywhere.
-*/ var FEATURED_SPARKLE_PATH = "M12 3 10.1 10.1 3 12l7.1 1.9L12 21l1.9-7.1L21 12l-7.1-1.9Z";
-var FEATURED_SPARKLE_OFF_SLASH_PATH = "M4 4 20 20";
-/**
-* Build inline SVG markup for the shared featured sparkle icon.
-*
-* @param options - Render options for the sparkle icon.
-* @returns SVG markup string for inline insertion.
-* @example
-* getFeaturedIconSvg({ off: true, className: "icon-fine" });
-*/ function getFeaturedIconSvg(options = {}) {
-	return `<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1.35" stroke-linecap="round" stroke-linejoin="round"${options.className ? ` class="${options.className}"` : ""} aria-hidden="true"><path d="${FEATURED_SPARKLE_PATH}" />${options.off ? `<path d="${FEATURED_SPARKLE_OFF_SLASH_PATH}" />` : ""}</svg>`;
-}
-//#endregion
 //#region src/ui/shared/PostFooter.tsx
 /**
 * Post Footer
@@ -9054,22 +9327,7 @@ var FEATURED_SPARKLE_OFF_SLASH_PATH = "M4 4 20 20";
 				children: [showIcon && /* @__PURE__ */ jsxDEV$1("span", {
 					class: "post-collection-primary-icon",
 					"aria-hidden": "true",
-					children: /* @__PURE__ */ jsxDEV$1("svg", {
-						xmlns: "http://www.w3.org/2000/svg",
-						viewBox: "0 0 16 16",
-						fill: "none",
-						stroke: "currentColor",
-						"stroke-width": "1.35",
-						"stroke-linecap": "round",
-						"stroke-linejoin": "round",
-						children: [/* @__PURE__ */ jsxDEV$1("rect", {
-							x: "3",
-							y: "5.05",
-							width: "10",
-							height: "8.15",
-							rx: "2.2"
-						}), /* @__PURE__ */ jsxDEV$1("path", { d: "M5.1 5.05V4.2a1.1 1.1 0 0 1 1.1-1.1h3.6a1.1 1.1 0 0 1 1.1 1.1v.85" })]
-					})
+					children: /* @__PURE__ */ jsxDEV$1(Icon$1, { name: "post-collection-lock" })
 				}), /* @__PURE__ */ jsxDEV$1("span", {
 					class: "post-collection-tag-text",
 					children: first.title
@@ -9140,29 +9398,9 @@ var PostMenuTriggerButton = ({ className = "post-menu-trigger" }) => {
 		"aria-label": i18n._({ id: "JcD7qf" }),
 		"aria-expanded": "false",
 		"data-post-menu-trigger": true,
-		children: /* @__PURE__ */ jsxDEV$1("svg", {
-			xmlns: "http://www.w3.org/2000/svg",
-			width: "15",
-			height: "15",
-			viewBox: "0 0 24 24",
-			fill: "currentColor",
-			children: [
-				/* @__PURE__ */ jsxDEV$1("circle", {
-					cx: "5",
-					cy: "12",
-					r: "1.75"
-				}),
-				/* @__PURE__ */ jsxDEV$1("circle", {
-					cx: "12",
-					cy: "12",
-					r: "1.75"
-				}),
-				/* @__PURE__ */ jsxDEV$1("circle", {
-					cx: "19",
-					cy: "12",
-					r: "1.75"
-				})
-			]
+		children: /* @__PURE__ */ jsxDEV$1(Icon$1, {
+			name: "post-menu-dots",
+			size: 15
 		})
 	});
 };
@@ -9190,17 +9428,7 @@ var PostFooter = ({ post, detail, display }) => {
 					"aria-label": featuredLabel,
 					"data-tooltip": featuredLabel,
 					"data-align": "center",
-					children: /* @__PURE__ */ jsxDEV$1("svg", {
-						xmlns: "http://www.w3.org/2000/svg",
-						viewBox: "0 0 24 24",
-						fill: "none",
-						stroke: "currentColor",
-						"stroke-width": "1.35",
-						"stroke-linecap": "round",
-						"stroke-linejoin": "round",
-						"aria-hidden": "true",
-						children: /* @__PURE__ */ jsxDEV$1("path", { d: FEATURED_SPARKLE_PATH })
-					})
+					children: /* @__PURE__ */ jsxDEV$1(Icon$1, { name: "featured-sparkle" })
 				}),
 				showTimestamp && /* @__PURE__ */ jsxDEV$1(PostPublishedLink, {
 					post,
@@ -9212,16 +9440,7 @@ var PostFooter = ({ post, detail, display }) => {
 					target: "_blank",
 					rel: "noopener noreferrer",
 					"aria-label": i18n._({ id: "9dr9Nh" }),
-					children: /* @__PURE__ */ jsxDEV$1("svg", {
-						xmlns: "http://www.w3.org/2000/svg",
-						viewBox: "0 0 24 24",
-						fill: "none",
-						stroke: "currentColor",
-						"stroke-width": "2",
-						"stroke-linecap": "round",
-						"stroke-linejoin": "round",
-						children: [/* @__PURE__ */ jsxDEV$1("path", { d: "M7 17 17 7" }), /* @__PURE__ */ jsxDEV$1("path", { d: "M9 7h8v8" })]
-					})
+					children: /* @__PURE__ */ jsxDEV$1(Icon$1, { name: "post-external-link" })
 				}),
 				/* @__PURE__ */ jsxDEV$1(CompactCollectionTags, {
 					collections: post.collections,
@@ -9236,17 +9455,9 @@ var PostFooter = ({ post, detail, display }) => {
 				class: "reply-trigger",
 				"aria-label": i18n._({ id: "ImOQa9" }),
 				"data-reply-trigger": true,
-				children: /* @__PURE__ */ jsxDEV$1("svg", {
-					xmlns: "http://www.w3.org/2000/svg",
-					width: "14",
-					height: "14",
-					viewBox: "0 0 24 24",
-					fill: "none",
-					stroke: "currentColor",
-					"stroke-width": "2",
-					"stroke-linecap": "round",
-					"stroke-linejoin": "round",
-					children: [/* @__PURE__ */ jsxDEV$1("polyline", { points: "9 17 4 12 9 7" }), /* @__PURE__ */ jsxDEV$1("path", { d: "M20 18v-2a4 4 0 0 0-4-4H4" })]
+				children: /* @__PURE__ */ jsxDEV$1(Icon$1, {
+					name: "post-reply",
+					size: 14
 				})
 			}), /* @__PURE__ */ jsxDEV$1(PostMenuTriggerButton, {})]
 		})]
@@ -9268,57 +9479,15 @@ var PostFooter = ({ post, detail, display }) => {
 		children: [
 			/* @__PURE__ */ jsxDEV$1("span", {
 				class: "post-status-badge post-status-pinned",
-				children: [/* @__PURE__ */ jsxDEV$1("svg", {
-					xmlns: "http://www.w3.org/2000/svg",
-					viewBox: "0 0 24 24",
-					fill: "none",
-					stroke: "currentColor",
-					"stroke-width": "1.75",
-					"stroke-linecap": "round",
-					"stroke-linejoin": "round",
-					children: [/* @__PURE__ */ jsxDEV$1("line", {
-						x1: "12",
-						x2: "12",
-						y1: "17",
-						y2: "22"
-					}), /* @__PURE__ */ jsxDEV$1("path", { d: "M5 17h14v-1.76a2 2 0 0 0-1.11-1.79l-1.78-.9A2 2 0 0 1 15 10.76V6h1a2 2 0 0 0 0-4H8a2 2 0 0 0 0 4h1v4.76a2 2 0 0 1-1.11 1.79l-1.78.9A2 2 0 0 0 5 15.24Z" })]
-				}), "Pinned"]
+				children: [/* @__PURE__ */ jsxDEV$1(Icon$1, { name: "post-status-pin" }), "Pinned"]
 			}),
 			/* @__PURE__ */ jsxDEV$1("span", {
 				class: "post-status-badge post-status-pinned-in-collection",
-				children: [/* @__PURE__ */ jsxDEV$1("svg", {
-					xmlns: "http://www.w3.org/2000/svg",
-					viewBox: "0 0 24 24",
-					fill: "none",
-					stroke: "currentColor",
-					"stroke-width": "1.75",
-					"stroke-linecap": "round",
-					"stroke-linejoin": "round",
-					children: [/* @__PURE__ */ jsxDEV$1("line", {
-						x1: "12",
-						x2: "12",
-						y1: "17",
-						y2: "22"
-					}), /* @__PURE__ */ jsxDEV$1("path", { d: "M5 17h14v-1.76a2 2 0 0 0-1.11-1.79l-1.78-.9A2 2 0 0 1 15 10.76V6h1a2 2 0 0 0 0-4H8a2 2 0 0 0 0 4h1v4.76a2 2 0 0 1-1.11 1.79l-1.78.9A2 2 0 0 0 5 15.24Z" })]
-				}), "Pinned"]
+				children: [/* @__PURE__ */ jsxDEV$1(Icon$1, { name: "post-status-pin" }), "Pinned"]
 			}),
 			/* @__PURE__ */ jsxDEV$1("span", {
 				class: "post-status-badge post-status-private",
-				children: [/* @__PURE__ */ jsxDEV$1("svg", {
-					xmlns: "http://www.w3.org/2000/svg",
-					viewBox: "0 0 24 24",
-					fill: "none",
-					stroke: "currentColor",
-					"stroke-width": "1.75",
-					"stroke-linecap": "round",
-					"stroke-linejoin": "round",
-					children: [
-						/* @__PURE__ */ jsxDEV$1("path", { d: "M10.733 5.076a10.744 10.744 0 0 1 11.205 6.575 1 1 0 0 1 0 .696 10.747 10.747 0 0 1-1.444 2.49" }),
-						/* @__PURE__ */ jsxDEV$1("path", { d: "M14.084 14.158a3 3 0 0 1-4.242-4.242" }),
-						/* @__PURE__ */ jsxDEV$1("path", { d: "M17.479 17.499a10.75 10.75 0 0 1-15.417-5.151 1 1 0 0 1 0-.696 10.75 10.75 0 0 1 4.446-5.143" }),
-						/* @__PURE__ */ jsxDEV$1("path", { d: "m2 2 20 20" })
-					]
-				}), "Private"]
+				children: [/* @__PURE__ */ jsxDEV$1(Icon$1, { name: "post-status-private" }), "Private"]
 			})
 		]
 	});
@@ -9452,29 +9621,17 @@ var LinkPreview = ({ imageUrl, linkUrl, kind, provider }) => {
 			isVideo && /* @__PURE__ */ jsxDEV$1("div", {
 				class: "link-preview-play",
 				"aria-hidden": "true",
-				children: /* @__PURE__ */ jsxDEV$1("svg", {
-					class: "link-preview-play-icon",
-					viewBox: "0 0 68 48",
-					xmlns: "http://www.w3.org/2000/svg",
-					children: [/* @__PURE__ */ jsxDEV$1("path", {
-						class: "link-preview-play-bg",
-						d: "M66.52 7.74c-.78-2.93-2.49-5.41-5.42-6.19C55.79.13 34 0 34 0S12.21.13 6.9 1.55C3.97 2.33 2.27 4.81 1.48 7.74.06 13.05 0 24 0 24s.06 10.95 1.48 16.26c.78 2.93 2.49 5.41 5.42 6.19C12.21 47.87 34 48 34 48s21.79-.13 27.1-1.55c2.93-.78 4.64-3.26 5.42-6.19C67.94 34.95 68 24 68 24s-.06-10.95-1.48-16.26z",
-						fill: "rgba(0,0,0,.65)"
-					}), /* @__PURE__ */ jsxDEV$1("path", {
-						d: "M45 24L27 14v20",
-						fill: "#fff"
-					})]
+				children: /* @__PURE__ */ jsxDEV$1(Icon$1, {
+					name: "link-preview-play",
+					class: "link-preview-play-icon"
 				})
 			}),
 			providerLabel && /* @__PURE__ */ jsxDEV$1("span", {
 				class: "link-preview-badge",
 				"aria-hidden": "true",
-				children: [isVideo && /* @__PURE__ */ jsxDEV$1("svg", {
-					class: "link-preview-badge-icon",
-					viewBox: "0 0 16 16",
-					xmlns: "http://www.w3.org/2000/svg",
-					fill: "currentColor",
-					children: /* @__PURE__ */ jsxDEV$1("path", { d: "M5.5 3.5v9l7-4.5z" })
+				children: [isVideo && /* @__PURE__ */ jsxDEV$1(Icon$1, {
+					name: "link-preview-badge-play",
+					class: "link-preview-badge-icon"
 				}), providerLabel]
 			})
 		]
@@ -9501,25 +9658,15 @@ var LinkPreview = ({ imageUrl, linkUrl, kind, provider }) => {
 		class: "feed-link-domain",
 		target: "_blank",
 		rel: "noopener noreferrer",
-		children: [/* @__PURE__ */ jsxDEV$1("svg", {
-			class: "feed-link-domain-icon",
-			xmlns: "http://www.w3.org/2000/svg",
-			fill: "none",
-			viewBox: "0 0 24 24",
-			"stroke-width": "2",
-			stroke: "currentColor",
-			children: /* @__PURE__ */ jsxDEV$1("path", { d: "M13.5 6H5.25A2.25 2.25 0 0 0 3 8.25v10.5A2.25 2.25 0 0 0 5.25 21h10.5A2.25 2.25 0 0 0 18 18.75V10.5m-10.5 6L21 3m0 0h-5.25M21 3v5.25" })
+		children: [/* @__PURE__ */ jsxDEV$1(Icon$1, {
+			name: "link-domain",
+			class: "feed-link-domain-icon"
 		}), /* @__PURE__ */ jsxDEV$1("span", { children: domain })]
 	}) : /* @__PURE__ */ jsxDEV$1("div", {
 		class: "feed-link-domain",
-		children: [/* @__PURE__ */ jsxDEV$1("svg", {
-			class: "feed-link-domain-icon",
-			xmlns: "http://www.w3.org/2000/svg",
-			fill: "none",
-			viewBox: "0 0 24 24",
-			"stroke-width": "2",
-			stroke: "currentColor",
-			children: /* @__PURE__ */ jsxDEV$1("path", { d: "M13.5 6H5.25A2.25 2.25 0 0 0 3 8.25v10.5A2.25 2.25 0 0 0 5.25 21h10.5A2.25 2.25 0 0 0 18 18.75V10.5m-10.5 6L21 3m0 0h-5.25M21 3v5.25" })
+		children: [/* @__PURE__ */ jsxDEV$1(Icon$1, {
+			name: "link-domain",
+			class: "feed-link-domain-icon"
 		}), /* @__PURE__ */ jsxDEV$1("span", { children: domain })]
 	}));
 	const previewEl = !isCompact && post.previewImageUrl && /* @__PURE__ */ jsxDEV$1(LinkPreview, {
@@ -9600,11 +9747,6 @@ var LinkPreview = ({ imageUrl, linkUrl, kind, provider }) => {
 	});
 };
 //#endregion
-//#region src/lib/decorative-quote-mark.ts
-var DECORATIVE_QUOTE_MARK_VIEWBOX = "0 0 96 96";
-var DECORATIVE_QUOTE_MARK_PATHS = ["M24.4 10.5C16.9 17.7 11.5 26.8 8.2 37.7C4.9 48.7 4.8 58.9 7.8 68.2C10.3 75.7 15.4 79.5 22.9 79.5C28 79.5 32.2 77.8 35.4 74.2C38.6 70.7 40.2 66.5 40.2 61.4C40.2 56.5 38.8 52.6 36 49.6C33.3 46.6 29.7 45.1 25.2 45.1C23.4 45.1 21.8 45.3 20.2 45.8C22.2 37.3 26.7 29.2 33.6 21.4L24.4 10.5Z", "M60.8 10.5C53.3 17.7 47.9 26.8 44.6 37.7C41.3 48.7 41.2 58.9 44.2 68.2C46.7 75.7 51.8 79.5 59.3 79.5C64.4 79.5 68.6 77.8 71.8 74.2C75 70.7 76.6 66.5 76.6 61.4C76.6 56.5 75.2 52.6 72.4 49.6C69.7 46.6 66.1 45.1 61.6 45.1C59.8 45.1 58.2 45.3 56.6 45.8C58.6 37.3 63.1 29.2 70 21.4L60.8 10.5Z"];
-DECORATIVE_QUOTE_MARK_PATHS.map((path) => `<path fill="currentColor" d="${path}" />`).join("");
-//#endregion
 //#region src/ui/shared/DecorativeQuoteMark.tsx
 /**
 * Decorative double-quote mark rendered as SVG so the shape stays consistent
@@ -9613,15 +9755,7 @@ DECORATIVE_QUOTE_MARK_PATHS.map((path) => `<path fill="currentColor" d="${path}"
 	class: `decorative-quote-mark${cls ? ` ${cls}` : ""}`,
 	"data-direction": direction,
 	"aria-hidden": "true",
-	children: /* @__PURE__ */ jsxDEV$1("svg", {
-		viewBox: DECORATIVE_QUOTE_MARK_VIEWBOX,
-		role: "presentation",
-		focusable: "false",
-		children: DECORATIVE_QUOTE_MARK_PATHS.map((path) => /* @__PURE__ */ jsxDEV$1("path", {
-			fill: "currentColor",
-			d: path
-		}))
-	})
+	children: /* @__PURE__ */ jsxDEV$1(Icon$1, { name: "decorative-quote" })
 });
 //#endregion
 //#region src/ui/feed/QuoteCard.tsx
@@ -10086,16 +10220,23 @@ var PaginatedPageHeader = ({ title, currentPage = 1, totalPages, description, ic
 * Latest and Featured in navigation. The explicit feed routes still work.
 */ var homeRoutes = new Hono();
 homeRoutes.get("/", async (c) => {
-	const navData = await getNavigationData(c);
 	const i18n = getI18n(c);
 	const page = parsePageNumber(c.req.query("page"));
 	const paginatedPageTitle = formatPageLabel(page);
-	if (navData.homeDefaultView === "featured") {
+	const isAuthenticated = c.var.isAuthenticated;
+	const navItems = await c.var.services.navItems.list();
+	const homeDefaultView = getHomeDefaultViewFromNavItems(navItems);
+	const timelinePromise = homeDefaultView === "featured" ? assembleFeaturedTimeline(c, {
+		page,
+		isAuthenticated
+	}) : assembleTimeline(c, {
+		page,
+		isAuthenticated
+	});
+	const [navData, timeline] = await Promise.all([getNavigationData(c, { preloadedItems: navItems }), timelinePromise]);
+	const { items, currentPage, totalPages } = timeline;
+	if (homeDefaultView === "featured") {
 		const featuredTitle = i18n._({ id: "FkMol5" });
-		const { items, currentPage, totalPages } = await assembleFeaturedTimeline(c, {
-			page,
-			isAuthenticated: navData.isAuthenticated
-		});
 		return renderPublicPage(c, {
 			title: page > 1 ? buildPageTitle(featuredTitle, paginatedPageTitle, navData.siteName) : navData.siteName,
 			navData,
@@ -10109,10 +10250,6 @@ homeRoutes.get("/", async (c) => {
 		});
 	}
 	const latestTitle = i18n._({ id: "wL3cK8" });
-	const { items, currentPage, totalPages } = await assembleTimeline(c, {
-		page,
-		isAuthenticated: navData.isAuthenticated
-	});
 	return renderPublicPage(c, {
 		title: page > 1 ? buildPageTitle(latestTitle, paginatedPageTitle, navData.siteName) : navData.siteName,
 		navData,
@@ -10170,6 +10307,17 @@ var PostPage = ({ post, threadPosts }) => {
 //#region src/lib/post-meta.ts
 var TITLE_MAX_CHARS = 72;
 var DESCRIPTION_MAX_CHARS = 160;
+/**
+* Derive a clean plain-text projection of the body for human-facing meta.
+*
+* We cannot reuse `post.bodyText` here: that column is written with
+* `includeLinkHrefs: true` so inline link URLs land in the FTS index, which
+* pollutes the stored text with trailing URLs. Re-derive from the source
+* TipTap JSON (`post.body`) without that option.
+*/ function getCleanBodyText(post) {
+	if (post.body) return extractBodyText(post.body) ?? "";
+	return post.bodyText ?? "";
+}
 function normalizeText(text) {
 	return (text ?? "").replace(/\s+/g, " ").trim();
 }
@@ -10193,7 +10341,7 @@ function getTitleCandidate(post) {
 	if (normalizeText(post.title)) return normalizeText(post.title);
 	const summarySnippet = getFirstParagraph(post.summary);
 	if (summarySnippet) return clipText(summarySnippet, TITLE_MAX_CHARS);
-	const bodySnippet = getFirstParagraph(post.bodyText);
+	const bodySnippet = getFirstParagraph(getCleanBodyText(post));
 	if (bodySnippet) return clipText(bodySnippet, TITLE_MAX_CHARS);
 	if (post.format === "link" && post.url) return extractDisplayDomain(post.url) || post.url;
 	return "";
@@ -10205,7 +10353,7 @@ function getDescriptionCandidate(post) {
 	}
 	const summaryText = normalizeText(post.summary);
 	if (summaryText) return clipText(summaryText, DESCRIPTION_MAX_CHARS);
-	const bodyText = normalizeText(post.bodyText);
+	const bodyText = normalizeText(getCleanBodyText(post));
 	if (bodyText) return clipText(bodyText, DESCRIPTION_MAX_CHARS);
 	const quoteText = normalizeText(post.quoteText);
 	if (quoteText) return clipText(quoteText, DESCRIPTION_MAX_CHARS);
@@ -10305,6 +10453,7 @@ function buildPostMeta(post, siteName) {
 	pathRegistry: () => pathRegistry$1,
 	postCollections: () => postCollections$1,
 	posts: () => posts$1,
+	rateLimit: () => rateLimit$2,
 	session: () => session$1,
 	settings: () => settings$1,
 	siteDomains: () => siteDomains$1,
@@ -10367,9 +10516,14 @@ var sites$1 = sqliteTable("site", {
 	id: text("id").primaryKey(),
 	key: text("key").notNull(),
 	status: text("status", { enum: SITE_STATUSES$1 }).notNull().default("active"),
+	provisioningIdempotencyKey: text("provisioning_idempotency_key"),
 	createdAt: integer("created_at").notNull(),
 	updatedAt: integer("updated_at").notNull()
-}, (table) => [uniqueIndex("uq_site_key").on(table.key), check("chk_site_status", sql`${table.status} IN (${sqlTextEnum$1(SITE_STATUSES$1)})`)]);
+}, (table) => [
+	uniqueIndex("uq_site_key").on(table.key),
+	uniqueIndex("uq_site_provisioning_idempotency_key").on(table.provisioningIdempotencyKey).where(sql`${table.provisioningIdempotencyKey} IS NOT NULL`),
+	check("chk_site_status", sql`${table.status} IN (${sqlTextEnum$1(SITE_STATUSES$1)})`)
+]);
 var siteDomains$1 = sqliteTable("site_domain", {
 	id: text("id").primaryKey(),
 	siteId: text("site_id").notNull().references(() => sites$1.id, { onDelete: "cascade" }),
@@ -10752,6 +10906,19 @@ var githubAppInstallation$1 = sqliteTable("github_app_installation", {
 	index("github_app_installation_by_site").on(table.siteId),
 	check("chk_github_app_installation_account_type", sql`${table.accountType} IN (${sqlTextEnum$1(GITHUB_APP_ACCOUNT_TYPES$1)})`)
 ]);
+/**
+* Per-key sliding-window rate-limit counters. Used by the Cloudflare Workers
+* runtime; Node deployments keep the state in memory instead.
+*
+* `key` is typically a scope prefix plus client IP (e.g. "search:1.2.3.4").
+* `window_start` is the aligned start of the window in Unix seconds — we
+* store two adjacent windows per key to support the sliding-window-counter
+* algorithm.
+*/ var rateLimit$2 = sqliteTable("rate_limit", {
+	key: text("key").notNull(),
+	windowStart: integer("window_start").notNull(),
+	count: integer("count").notNull().default(0)
+}, (table) => [primaryKey({ columns: [table.key, table.windowStart] })]);
 //#endregion
 //#region src/db/index.ts
 /**
@@ -10856,6 +11023,7 @@ function isNodeSqliteDatabase(db) {
 	pathRegistry: () => pathRegistry,
 	postCollections: () => postCollections,
 	posts: () => posts,
+	rateLimit: () => rateLimit$1,
 	session: () => session,
 	settings: () => settings,
 	siteDomains: () => siteDomains,
@@ -10921,9 +11089,14 @@ var sites = pgTable("site", {
 	id: text$1("id").primaryKey(),
 	key: text$1("key").notNull(),
 	status: text$1("status", { enum: SITE_STATUSES }).notNull().default("active"),
+	provisioningIdempotencyKey: text$1("provisioning_idempotency_key"),
 	createdAt: integer$1("created_at").notNull(),
 	updatedAt: integer$1("updated_at").notNull()
-}, (table) => [uniqueIndex$1("uq_site_key").on(table.key), check$1("chk_site_status", sql`${table.status} IN (${sqlTextEnum(SITE_STATUSES)})`)]);
+}, (table) => [
+	uniqueIndex$1("uq_site_key").on(table.key),
+	uniqueIndex$1("uq_site_provisioning_idempotency_key").on(table.provisioningIdempotencyKey).where(sql`${table.provisioningIdempotencyKey} IS NOT NULL`),
+	check$1("chk_site_status", sql`${table.status} IN (${sqlTextEnum(SITE_STATUSES)})`)
+]);
 var siteDomains = pgTable("site_domain", {
 	id: text$1("id").primaryKey(),
 	siteId: text$1("site_id").notNull().references(() => sites.id, { onDelete: "cascade" }),
@@ -11344,6 +11517,14 @@ var githubAppInstallation = pgTable("github_app_installation", {
 	index$1("github_app_installation_by_site").on(table.siteId),
 	check$1("chk_github_app_installation_account_type", sql`${table.accountType} IN (${sqlTextEnum(GITHUB_APP_ACCOUNT_TYPES)})`)
 ]);
+/**
+* Per-key sliding-window rate-limit counters. Mirrors the SQLite `rate_limit`
+* table — kept in lockstep because both dialects are production targets.
+*/ var rateLimit$1 = pgTable("rate_limit", {
+	key: text$1("key").notNull(),
+	windowStart: integer$1("window_start").notNull(),
+	count: integer$1("count").notNull().default(0)
+}, (table) => [primaryKey$1({ columns: [table.key, table.windowStart] })]);
 //#endregion
 //#region src/db/schema-bundle.ts
 var sqliteSchemaBundle = schema_exports$1;
@@ -11766,36 +11947,6 @@ function createMediaService(db, siteId, databaseSchema = sqliteSchemaBundle, dat
 	};
 }
 //#endregion
-//#region src/lib/icons.ts
-/**
-* Shared icon utilities.
-*
-* Provides a small wrapper around lucide-static so server-rendered UI can fetch
-* SVG markup by kebab-case icon name.
-*/
-/**
-* Convert a kebab-case icon name to PascalCase for lucide-static lookup.
-*
-* @param name - Kebab-case icon name such as "book-open"
-* @returns PascalCase name such as "BookOpen"
-*/ function toPascalCase(name) {
-	return name.split("-").map((part) => part.charAt(0).toUpperCase() + part.slice(1)).join("");
-}
-/**
-* Get SVG markup for a Lucide icon by kebab-case name.
-*
-* @param name - Kebab-case icon name
-* @returns SVG string or null when the icon is unknown
-*
-* @example
-* ```ts
-* getIconSvg("book-open");
-* ```
-*/ function getIconSvg(name) {
-	const svg = lucideIcons[toPascalCase(name)];
-	return typeof svg === "string" ? svg : null;
-}
-//#endregion
 //#region src/ui/pages/ArchivePage.tsx
 /**
 * Archive Page
@@ -12706,33 +12857,33 @@ function getAtomTitle(post) {
 </feed>`;
 }
 /**
-* Default Sitemap renderer.
+* Render a sitemap `<urlset>` XML document from a list of URL entries.
 *
-* @param data - Sitemap data with PostView[]
-* @returns Sitemap XML string
-*/ function defaultSitemapRenderer(data) {
-	const { siteUrl, sitemapUrl, posts } = data;
-	const postUrls = posts.map((post) => {
-		return `
-  <url>
-    <loc>${escapeXml(new URL(post.permalink, siteUrl).toString())}</loc>
-    <lastmod>${post.updatedAt.split("T")[0]}</lastmod>
-    <priority>${post.featured ? "0.8" : "0.6"}</priority>
-  </url>`;
-	}).join("");
-	const homepageUrl = `
-  <url>
-    <loc>${escapeXml(siteUrl)}</loc>
-    <priority>1.0</priority>
-    <changefreq>daily</changefreq>
-  </url>`;
+* Used by the sharded sitemap endpoints in `routes/feed/sitemap.ts`.
+*/ function renderSitemapUrlSet(entries) {
 	return `<?xml version="1.0" encoding="UTF-8"?>
 <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
-  <!-- Generated from ${escapeXml(sitemapUrl)} -->
-  ${homepageUrl}
-  ${postUrls}
+${entries.map((entry) => {
+		const parts = [`    <loc>${escapeXml(entry.loc)}</loc>`];
+		if (entry.lastmod) parts.push(`    <lastmod>${escapeXml(entry.lastmod)}</lastmod>`);
+		if (entry.changefreq) parts.push(`    <changefreq>${escapeXml(entry.changefreq)}</changefreq>`);
+		if (entry.priority) parts.push(`    <priority>${escapeXml(entry.priority)}</priority>`);
+		return `  <url>\n${parts.join("\n")}\n  </url>`;
+	}).join("\n")}
 </urlset>`;
 }
+/**
+* Render a `<sitemapindex>` XML document listing shard sitemap URLs.
+*/ function renderSitemapIndex(entries) {
+	return `<?xml version="1.0" encoding="UTF-8"?>
+<sitemapindex xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
+${entries.map((entry) => {
+		const parts = [`    <loc>${escapeXml(entry.loc)}</loc>`];
+		if (entry.lastmod) parts.push(`    <lastmod>${escapeXml(entry.lastmod)}</lastmod>`);
+		return `  <sitemap>\n${parts.join("\n")}\n  </sitemap>`;
+	}).join("\n")}
+</sitemapindex>`;
+}
 //#endregion
 //#region src/routes/pages/archive.tsx
 /**
@@ -13760,12 +13911,29 @@ collectionRoutes.get("/:slug/feed", async (c) => {
 * Resolves post slugs, aliases, redirects, and collection aliases.
 * Must be registered last.
 */ var pageRoutes = new Hono();
+/**
+* Build the canonical absolute URL for a post page.
+*
+* Reply URLs render the full thread, so search engines see overlapping
+* content at every reply URL. Point the canonical to the thread root so
+* crawlers consolidate ranking on one URL.
+*
+* The root post is always at index 0 of `threadPostViews` (getThread orders
+* by createdAt ASC, and the DB check constraint guarantees root has the
+* smallest createdAt in its thread). When `threadPostViews` is undefined the
+* post is not part of a multi-post thread, so the post itself is the root.
+*/ function buildPostCanonicalHref(postView, threadPostViews, siteUrl) {
+	const rootPermalink = threadPostViews?.[0]?.permalink ?? postView.permalink;
+	if (!siteUrl) return rootPermalink;
+	return new URL(rootPermalink, siteUrl).toString();
+}
 async function renderPostWithTextPreview(c, post, autoOpen) {
 	const navDataPromise = getNavigationData(c);
 	const display = await assemblePostPageDisplay(c, post, { isAuthenticated: true });
 	if (!display) return c.notFound();
 	const navData = await navDataPromise;
 	const meta = buildPostMeta(post, navData.siteName);
+	const canonicalHref = buildPostCanonicalHref(display.postView, display.threadPostViews, c.var.appConfig.siteUrl);
 	const pageTitle = autoOpen.attachmentTitle || meta.title;
 	const autoOpenMeta = JSON.stringify({
 		shareHref: autoOpen.shareHref,
@@ -13776,6 +13944,7 @@ async function renderPostWithTextPreview(c, post, autoOpen) {
 	return renderPublicPage(c, {
 		title: pageTitle,
 		description: meta.description,
+		canonicalHref,
 		navData,
 		content: /* @__PURE__ */ jsxDEV$1(Fragment$1, { children: [
 			/* @__PURE__ */ jsxDEV$1(PostPage, {
@@ -13824,9 +13993,11 @@ async function renderPost(c, post) {
 	if (!display) return c.notFound();
 	const navData = await navDataPromise;
 	const meta = buildPostMeta(post, navData.siteName);
+	const canonicalHref = buildPostCanonicalHref(display.postView, display.threadPostViews, c.var.appConfig.siteUrl);
 	return renderPublicPage(c, {
 		title: meta.title,
 		description: meta.description,
+		canonicalHref,
 		navData,
 		content: /* @__PURE__ */ jsxDEV$1(PostPage, {
 			post: display.postView,
@@ -14845,18 +15016,11 @@ newPostRoutes.get("/new", async (c) => {
 //#endregion
 //#region src/routes/pages/partials.tsx
 var partialPageRoutes = new Hono();
-async function getIsAuthenticated(c) {
-	try {
-		return !!(await c.var.auth.api.getSession({ headers: c.req.raw.headers }))?.user;
-	} catch {
-		return false;
-	}
-}
 partialPageRoutes.get("/_/version", (c) => {
 	return c.json({ version: CORE_VERSION });
 });
 partialPageRoutes.get("/_/timeline-item/:threadRootId", async (c) => {
-	const item = await assembleTimelineItem(c, parseIdParam(c.req.param("threadRootId"), ID_PREFIX.post), { isAuthenticated: await getIsAuthenticated(c) });
+	const item = await assembleTimelineItem(c, parseIdParam(c.req.param("threadRootId"), ID_PREFIX.post), { isAuthenticated: c.var.isAuthenticated });
 	if (!item) return c.notFound();
 	return c.html(/* @__PURE__ */ jsxDEV$1(I18nProvider, {
 		c,
@@ -14864,7 +15028,7 @@ partialPageRoutes.get("/_/timeline-item/:threadRootId", async (c) => {
 	}));
 });
 partialPageRoutes.get("/_/post-card/:postId", async (c) => {
-	const postView = await assemblePostCardView(c, parseIdParam(c.req.param("postId"), ID_PREFIX.post), { isAuthenticated: await getIsAuthenticated(c) });
+	const postView = await assemblePostCardView(c, parseIdParam(c.req.param("postId"), ID_PREFIX.post), { isAuthenticated: c.var.isAuthenticated });
 	if (!postView) return c.notFound();
 	return c.html(/* @__PURE__ */ jsxDEV$1(I18nProvider, {
 		c,
@@ -14872,7 +15036,7 @@ partialPageRoutes.get("/_/post-card/:postId", async (c) => {
 	}));
 });
 partialPageRoutes.get("/_/post-view/:postId", async (c) => {
-	const display = await assemblePostPageDisplay(c, parseIdParam(c.req.param("postId"), ID_PREFIX.post), { isAuthenticated: await getIsAuthenticated(c) });
+	const display = await assemblePostPageDisplay(c, parseIdParam(c.req.param("postId"), ID_PREFIX.post), { isAuthenticated: c.var.isAuthenticated });
 	if (!display) return c.notFound();
 	return c.html(/* @__PURE__ */ jsxDEV$1(I18nProvider, {
 		c,
@@ -19829,6 +19993,10 @@ function parseConfigInt(value, fallback) {
 		showHeaderAvatar: allSettings["SHOW_HEADER_AVATAR"] === "true",
 		siteAvatarUrl,
 		faviconVersion: allSettings["SITE_FAVICON_VERSION"] ?? "",
+		rateLimit: {
+			disabled: getEnvString(env, "RATE_LIMIT_DISABLED") === "true",
+			searchPerMinute: parseInt(getEnvString(env, "RATE_LIMIT_SEARCH_PER_MIN") ?? "30", 10) || 30
+		},
 		fallbacks: {
 			siteName: resolveFallback("SITE_NAME", env),
 			siteDescription: resolveFallback("SITE_DESCRIPTION", env),
@@ -20019,8 +20187,8 @@ async function syncHostedControlPlaneSiteAvatar(input) {
 		return;
 	}
 	await markSyncPending(settings);
-	const { createGitHubSyncService } = await import("./github-sync-zohnA9qv.js").then((n) => n.r);
-	const { getGitHubAppConfig } = await import("./env-wCpMcNXs.js").then((n) => n.t);
+	const { createGitHubSyncService } = await import("./github-sync-7y_nTXx1.js").then((n) => n.r);
+	const { getGitHubAppConfig } = await import("./env-CgaH9Mut.js").then((n) => n.t);
 	const run = runBackgroundSync(settings, createGitHubSyncService(c.var.services, c.var.currentSite.id, await buildSyncSiteConfig(c), {
 		storage: c.var.storage,
 		githubApp: getGitHubAppConfig(c.env)
@@ -20634,7 +20802,7 @@ settingsRoutes.get("/account", async (c) => {
 settingsRoutes.get("/account/sessions", async (c) => {
 	if (c.var.appConfig.demoMode) return c.redirect(publicPath(c, "/settings/account"));
 	const navData = await getNavigationData(c);
-	const currentToken = (await c.var.auth.api.getSession({ headers: c.req.raw.headers }))?.session?.token ?? "";
+	const currentToken = c.var.session?.session?.token ?? "";
 	const sessions = (await c.var.auth.api.listSessions({ headers: c.req.raw.headers }) ?? []).map((s) => ({
 		token: s.token,
 		ipAddress: s.ipAddress ?? null,
@@ -20787,7 +20955,7 @@ settingsRoutes.post("/github-sync/connect", async (c) => {
 	if (getGitHubAppConfig(c.env)) return dsToast("This deployment uses GitHub App authentication. Use Install GitHub App instead.", "error");
 	const body = await c.req.json();
 	if (!body.token?.trim() || !body.repo?.trim()) return dsToast("Token and repository are required.", "error");
-	const { parseRepoSlug, createGitHubClient } = await import("./github-api-CficQztC.js").then((n) => n.n);
+	const { parseRepoSlug, createGitHubClient } = await import("./github-api-BkRWnqMx.js").then((n) => n.n);
 	const parsed = parseRepoSlug(body.repo);
 	if (!parsed) return dsToast("Invalid repository format. Use owner/repo.", "error");
 	const client = createGitHubClient(body.token);
@@ -20806,7 +20974,7 @@ settingsRoutes.post("/github-sync/connect", async (c) => {
 	await c.var.services.settings.set("GITHUB_SYNC_AUTH_MODE", "pat");
 	await c.var.services.settings.set("GITHUB_SYNC_APP_INSTALLATION_ID", "");
 	await c.var.services.settings.set("GITHUB_SYNC_ENABLED", "true");
-	const { createGitHubSyncService } = await import("./github-sync-zohnA9qv.js").then((n) => n.r);
+	const { createGitHubSyncService } = await import("./github-sync-7y_nTXx1.js").then((n) => n.r);
 	const syncService = createGitHubSyncService(c.var.services, c.var.currentSite.id, await buildSyncSiteConfig(c), {
 		storage: c.var.storage,
 		githubApp: getGitHubAppConfig(c.env)
@@ -20825,7 +20993,7 @@ settingsRoutes.post("/github-sync/connect", async (c) => {
 	return dsRedirect(publicPath(c, "/settings/github-sync"));
 });
 settingsRoutes.post("/github-sync/push", async (c) => {
-	const { createGitHubSyncService } = await import("./github-sync-zohnA9qv.js").then((n) => n.r);
+	const { createGitHubSyncService } = await import("./github-sync-7y_nTXx1.js").then((n) => n.r);
 	const syncService = createGitHubSyncService(c.var.services, c.var.currentSite.id, await buildSyncSiteConfig(c), {
 		storage: c.var.storage,
 		githubApp: getGitHubAppConfig(c.env)
@@ -20845,7 +21013,7 @@ settingsRoutes.post("/github-sync/push", async (c) => {
 	});
 });
 settingsRoutes.post("/github-sync/disconnect", async (c) => {
-	const { createGitHubSyncService } = await import("./github-sync-zohnA9qv.js").then((n) => n.r);
+	const { createGitHubSyncService } = await import("./github-sync-7y_nTXx1.js").then((n) => n.r);
 	await createGitHubSyncService(c.var.services, c.var.currentSite.id, await buildSyncSiteConfig(c), { githubApp: getGitHubAppConfig(c.env) }).teardownWebhook();
 	return dsRedirect(publicPath(c, "/settings/github-sync"));
 });
@@ -21033,10 +21201,10 @@ function buildRepoPickerLabels(c) {
 	const repo = String(body.repo ?? "").trim();
 	const confirmForeign = body.confirmForeign === true || body.confirmForeign === "true";
 	if (!installationId || !repo) return wantsJson ? c.json({ error: "Missing installationId or repo." }, 400) : c.text("Missing installationId or repo.", 400);
-	const { parseRepoSlug, createGitHubClient } = await import("./github-api-CficQztC.js").then((n) => n.n);
+	const { parseRepoSlug, createGitHubClient } = await import("./github-api-BkRWnqMx.js").then((n) => n.n);
 	const parsed = parseRepoSlug(repo);
 	if (!parsed) return wantsJson ? c.json({ error: "Invalid repository format." }, 400) : c.text("Invalid repository format.", 400);
-	const { classifyRepoForSync } = await import("./github-sync-zohnA9qv.js").then((n) => n.r);
+	const { classifyRepoForSync } = await import("./github-sync-7y_nTXx1.js").then((n) => n.r);
 	const ghClient = createGitHubClient(() => getInstallationTokenFromApp(app, installationId));
 	let classification;
 	try {
@@ -21066,7 +21234,7 @@ function buildRepoPickerLabels(c) {
 	await c.var.services.settings.set("GITHUB_SYNC_REPO", repo);
 	await c.var.services.settings.set("GITHUB_SYNC_TOKEN", "");
 	await c.var.services.settings.set("GITHUB_SYNC_ENABLED", "true");
-	const { createGitHubSyncService } = await import("./github-sync-zohnA9qv.js").then((n) => n.r);
+	const { createGitHubSyncService } = await import("./github-sync-7y_nTXx1.js").then((n) => n.r);
 	const syncService = createGitHubSyncService(c.var.services, c.var.currentSite.id, await buildSyncSiteConfig(c), {
 		storage: c.var.storage,
 		githubApp: app
@@ -21105,7 +21273,7 @@ function requireGitHubApp(c) {
 * build a client for classification without adding the helper to the
 * top-level imports (the module already lazy-imports github-api).
 */ async function getInstallationTokenFromApp(app, installationId) {
-	const { getInstallationToken } = await import("./github-app-F4qZ05xk.js").then((n) => n.i);
+	const { getInstallationToken } = await import("./github-app-WeadXMb8.js").then((n) => n.i);
 	return getInstallationToken(app, installationId);
 }
 /** List GitHub App installations authorized for this site. */ settingsRoutes.get("/github-sync/app/installations", async (c) => {
@@ -21179,10 +21347,10 @@ function requireGitHubApp(c) {
 	const installationId = String(body.installationId ?? "").trim();
 	const repo = String(body.repo ?? "").trim();
 	if (!installationId || !repo) return c.json({ error: "Missing installationId or repo." }, 400);
-	const { parseRepoSlug, createGitHubClient } = await import("./github-api-CficQztC.js").then((n) => n.n);
+	const { parseRepoSlug, createGitHubClient } = await import("./github-api-BkRWnqMx.js").then((n) => n.n);
 	const parsed = parseRepoSlug(repo);
 	if (!parsed) return c.json({ error: "Invalid repository format." }, 400);
-	const { classifyRepoForSync } = await import("./github-sync-zohnA9qv.js").then((n) => n.r);
+	const { classifyRepoForSync } = await import("./github-sync-7y_nTXx1.js").then((n) => n.r);
 	const client = createGitHubClient(() => getInstallationTokenFromApp(app, installationId));
 	try {
 		const classification = await classifyRepoForSync(client, parsed.owner, parsed.repo, c.var.currentSite.id);
@@ -23389,10 +23557,78 @@ function toSearchApiResult(post, snippet, sitePathPrefix) {
 	};
 }
 //#endregion
+//#region src/lib/rate-limit.ts
+/**
+* Rate Limiting Abstraction
+*
+* Shared interface for per-key rate limiting. Runtimes provide their own
+* implementation: Cloudflare Workers uses a D1-backed sliding-window table
+* (ephemeral isolates can't hold memory state), while Node uses an
+* in-process Map (the process is persistent and avoids DB round-trips).
+*
+* Consumers depend only on this interface; they are runtime-agnostic.
+*/ /**
+* Extracts the client IP from a Hono request context.
+*
+* On Cloudflare Workers, `cf-connecting-ip` is set by the edge and is
+* authoritative. On Node deployments we fall back to the leftmost
+* `x-forwarded-for` entry, which is the conventional client IP when the
+* app sits behind a single trusted proxy. When neither header is
+* available we return `"unknown"` so all such requests share a bucket —
+* preferable to skipping the rate limit entirely.
+*
+* Note: this helper does not verify proxy trust. It is used for DoS
+* protection, not authentication. If header-forgery resistance becomes
+* important, gate the `x-forwarded-for` branch on `shouldTrustProxy`.
+*/ function getClientIp(c) {
+	const cf = c.req.header("cf-connecting-ip");
+	if (cf) return cf;
+	const fwd = c.req.header("x-forwarded-for");
+	if (fwd) {
+		const first = fwd.split(",")[0]?.trim();
+		if (first) return first;
+	}
+	return "unknown";
+}
+//#endregion
+//#region src/middleware/rate-limit.ts
+/**
+* Rate-Limit Middleware
+*
+* Applies a per-IP rate limit to the routes it wraps. Which storage
+* backs the limiter (D1 or in-memory) is decided upstream by the
+* runtime; this middleware only reads `c.var.rateLimiter` and doesn't
+* care.
+*
+* When the limit is exceeded, responds with HTTP 429 and a
+* `Retry-After` header. When `appConfig.rateLimit.disabled` is true the
+* middleware short-circuits to `next()` so test and dev environments
+* don't have to reason about bucket state.
+*/ function rateLimit(opts) {
+	return async (c, next) => {
+		if (c.var.appConfig.rateLimit.disabled) return next();
+		const ip = getClientIp(c);
+		const result = await c.var.rateLimiter.check(`${opts.name}:${ip}`, {
+			limit: opts.limit,
+			windowSec: opts.windowSec
+		});
+		if (!result.ok) {
+			c.header("Retry-After", String(result.retryAfterSec ?? opts.windowSec));
+			return c.json({ error: "Too many requests. Please slow down." }, 429);
+		}
+		return next();
+	};
+}
+//#endregion
 //#region src/routes/api/search.ts
 /**
 * Search API Routes
 */ var searchApiRoutes = new Hono();
+searchApiRoutes.use("*", async (c, next) => rateLimit({
+	name: "search",
+	limit: c.var.appConfig.rateLimit.searchPerMinute,
+	windowSec: 60
+})(c, next));
 searchApiRoutes.get("/", async (c) => {
 	const query = c.req.query("q");
 	if (!query || query.trim().length === 0) throw new ValidationError("Query parameter 'q' is required");
@@ -24472,7 +24708,8 @@ var CreateManagedSiteSchema = z.object({
 	primaryHost: z.string().trim().toLowerCase().min(1).max(255).regex(/^(?=.{1,255}$)(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?$/, "Primary host must be a valid hostname."),
 	siteName: z.string().trim().min(1).max(120),
 	siteLanguage: z.string().trim().max(35).optional(),
-	timeZone: z.string().trim().max(100).optional()
+	timeZone: z.string().trim().max(100).optional(),
+	idempotencyKey: z.string().trim().min(1).max(128).optional()
 });
 var ManagedSiteDomainSchema = z.object({
 	host: z.string().trim().toLowerCase().min(1).max(255).regex(/^(?=.{1,255}$)(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?$/, "Domain host must be a valid hostname."),
@@ -24857,6 +25094,30 @@ var internalTextAttachmentsRoutes = new Hono();
 	return c.json(result);
 });
 //#endregion
+//#region src/routes/api/internal/search-reindex.ts
+var ReindexSchema = z.object({
+	limit: z.number().int().positive().max(500).optional(),
+	cursor: z.string().min(1).optional()
+});
+var internalSearchReindexRoutes = new Hono();
+/**
+* Rebuild `post.body_text` for a batch of non-deleted posts. FTS indexes
+* (SQLite trigger / Postgres generated column) refresh automatically when
+* `body_text` changes.
+*
+* Idempotent. Callers loop with the returned `nextCursor` until `done: true`.
+* Used by the `jant search-reindex` CLI to backfill search indexes for
+* existing posts after changes to the text extraction logic (e.g. including
+* link mark hrefs so inline URLs become searchable).
+*/ internalSearchReindexRoutes.post("/", requireInternalAdminApi(), async (c) => {
+	const body = parseValidated(ReindexSchema, (c.req.header("Content-Type") || "").includes("application/json") ? await c.req.json().catch(() => ({})) : {});
+	const result = await c.var.services.posts.reindexBodyText({
+		limit: body.limit,
+		cursor: body.cursor
+	});
+	return c.json(result);
+});
+//#endregion
 //#region src/routes/api/internal/uploads.ts
 var CleanupUploadsSchema = z.object({ limit: z.number().int().positive().max(500).optional() });
 var internalUploadsRoutes = new Hono();
@@ -25354,30 +25615,111 @@ feedRoutes.get("/all/atom.xml", (c) => {
 //#region src/routes/feed/sitemap.ts
 /**
 * Sitemap Routes
+*
+* Sitemap is sharded to keep each shard small, cache-friendly, and stable:
+*
+*   /sitemap.xml            → sitemap index listing all shards
+*   /sitemap-posts-N.xml    → one shard of published non-reply posts
+*   /sitemap-collections.xml → public collection pages
+*   /sitemap-pages.xml       → homepage + static aggregate pages
+*
+* Post shards are keyset-paginated by post `id` (TypeIDs embed a
+* creation-ordered UUIDv7 timestamp), so once a shard fills up its membership
+* never changes: new posts always land in the last shard, never rewriting an
+* older one. This lets old shards be cached at the edge for a long time.
 */ var sitemapRoutes = new Hono();
-sitemapRoutes.get("/sitemap.xml", async (c) => {
-	const { appConfig } = c.var;
-	const siteUrl = appConfig.siteUrl;
-	const posts = await c.var.services.posts.list({
-		status: "published",
-		excludeReplies: true,
-		excludePrivate: true,
-		limit: 1e3
-	});
-	const mediaCtx = createMediaContext(appConfig);
-	const aliasesMap = await c.var.services.paths.getPostAliases(posts.map((p) => p.id));
-	const aliasMap = /* @__PURE__ */ new Map();
-	for (const [id, aliases] of aliasesMap) if (aliases[0]) aliasMap.set(id, aliases[0]);
-	const postViews = toPostViewsFromPosts(posts, mediaCtx, void 0, aliasMap);
-	const xml = defaultSitemapRenderer({
-		siteUrl,
-		sitemapUrl: toAbsoluteSiteUrl("/sitemap.xml", siteUrl, appConfig.sitePathPrefix),
-		posts: postViews
-	});
+var CACHE_SHORT = "public, max-age=180";
+var CACHE_FULL_SHARD = "public, max-age=86400, s-maxage=86400";
+function xmlResponse(xml, cacheControl) {
 	return new Response(xml, { headers: {
 		"Content-Type": "application/xml; charset=utf-8",
-		"Cache-Control": "public, max-age=180"
+		"Cache-Control": cacheControl
 	} });
+}
+/**
+* Build a public URL entry (absolute URL) from an internal path.
+*/ function absoluteUrl(internalPath, siteUrl, sitePathPrefix) {
+	return toAbsoluteSiteUrl(internalPath, siteUrl, sitePathPrefix);
+}
+/** Convert a unix-seconds timestamp into a `YYYY-MM-DD` string. */ function toIsoDate(unixSeconds) {
+	return (/* @__PURE__ */ new Date(unixSeconds * 1e3)).toISOString().slice(0, 10);
+}
+sitemapRoutes.get("/sitemap.xml", async (c) => {
+	const { appConfig } = c.var;
+	const { siteUrl, sitePathPrefix } = appConfig;
+	const postCount = await c.var.services.posts.countForSitemap();
+	const postShardCount = Math.max(1, Math.ceil(postCount / 500));
+	const entries = [{ loc: absoluteUrl("/sitemap-pages.xml", siteUrl, sitePathPrefix) }];
+	for (let page = 1; page <= postShardCount; page++) entries.push({ loc: absoluteUrl(`/sitemap-posts-${page}.xml`, siteUrl, sitePathPrefix) });
+	if ((await c.var.services.collections.list()).length > 0) entries.push({ loc: absoluteUrl("/sitemap-collections.xml", siteUrl, sitePathPrefix) });
+	return xmlResponse(renderSitemapIndex(entries), CACHE_SHORT);
+});
+sitemapRoutes.get("/:file{sitemap-posts-[0-9]+\\.xml}", async (c) => {
+	const { appConfig } = c.var;
+	const { siteUrl, sitePathPrefix } = appConfig;
+	const file = c.req.param("file");
+	const match = /^sitemap-posts-([0-9]+)\.xml$/.exec(file);
+	if (!match) return c.notFound();
+	const page = Number(match[1]);
+	if (!Number.isFinite(page) || page < 1) return c.notFound();
+	let afterId;
+	if (page > 1) {
+		const cursorOffset = (page - 1) * 500 - 1;
+		const cursor = await c.var.services.posts.getSitemapIdAt(cursorOffset);
+		if (cursor === null) return c.notFound();
+		afterId = cursor;
+	}
+	const shardEntries = await c.var.services.posts.listForSitemap({
+		afterId,
+		limit: 500
+	});
+	const urls = shardEntries.map((entry) => {
+		return {
+			loc: absoluteUrl(entry.alias ?? `/${entry.slug}`, siteUrl, sitePathPrefix),
+			lastmod: toIsoDate(entry.updatedAt),
+			priority: entry.featuredAt ? "0.8" : "0.6"
+		};
+	});
+	const cacheControl = shardEntries.length === 500 ? CACHE_FULL_SHARD : CACHE_SHORT;
+	return xmlResponse(renderSitemapUrlSet(urls), cacheControl);
+});
+sitemapRoutes.get("/sitemap-collections.xml", async (c) => {
+	const { appConfig } = c.var;
+	const { siteUrl, sitePathPrefix } = appConfig;
+	const collections = await c.var.services.collections.list();
+	return xmlResponse(renderSitemapUrlSet(await Promise.all(collections.map(async (collection) => {
+		const alias = await c.var.services.customUrls.getByTarget("collection", collection.id);
+		return {
+			loc: absoluteUrl(alias ? `/${alias.path}` : `/${collection.slug}`, siteUrl, sitePathPrefix),
+			lastmod: toIsoDate(collection.updatedAt),
+			priority: "0.7"
+		};
+	}))), CACHE_SHORT);
+});
+sitemapRoutes.get("/sitemap-pages.xml", async (c) => {
+	const { appConfig } = c.var;
+	const { siteUrl, sitePathPrefix, homeDefaultView } = appConfig;
+	const urls = [{
+		loc: absoluteUrl("/", siteUrl, sitePathPrefix),
+		priority: "1.0",
+		changefreq: "daily"
+	}, {
+		loc: absoluteUrl("/archive", siteUrl, sitePathPrefix),
+		priority: "0.5",
+		changefreq: "weekly"
+	}];
+	const secondaryAggregate = homeDefaultView === "featured" ? "/latest" : "/featured";
+	urls.push({
+		loc: absoluteUrl(secondaryAggregate, siteUrl, sitePathPrefix),
+		priority: "0.6",
+		changefreq: "daily"
+	});
+	if ((await c.var.services.collections.list()).length > 0) urls.push({
+		loc: absoluteUrl("/collections", siteUrl, sitePathPrefix),
+		priority: "0.5",
+		changefreq: "weekly"
+	});
+	return xmlResponse(renderSitemapUrlSet(urls), CACHE_SHORT);
 });
 sitemapRoutes.get("/robots.txt", async (c) => {
 	const { appConfig } = c.var;
@@ -25395,7 +25737,7 @@ sitemapRoutes.get("/robots.txt", async (c) => {
 	].join("\n");
 	return new Response(robots, { headers: {
 		"Content-Type": "text/plain; charset=utf-8",
-		"Cache-Control": "public, max-age=180"
+		"Cache-Control": CACHE_SHORT
 	} });
 });
 //#endregion
@@ -25438,6 +25780,34 @@ manifestRoutes.get("/manifest.webmanifest", (c) => {
 	} });
 });
 //#endregion
+//#region src/middleware/session.ts
+/**
+* Session Middleware
+*
+* Runs once per request (after runtime init) to look up the better-auth
+* session and stash it on `c.var.session` / `c.var.isAuthenticated`.
+*
+* This replaces ad-hoc `auth.api.getSession()` calls scattered across
+* view helpers (e.g. `lib/navigation.ts`) so each request only parses
+* the session cookie once. better-auth's own cookieCache (5 min) still
+* keeps this cheap, but centralizing the call also unlocks `Promise.all`
+* patterns in routes that previously serialized on a hidden session fetch.
+*
+* Never throws — any lookup error is treated as "not authenticated".
+*/ function attachSession() {
+	return async (c, next) => {
+		try {
+			const session = await c.var.auth.api.getSession({ headers: c.req.raw.headers });
+			c.set("session", session ?? null);
+			c.set("isAuthenticated", !!session?.user);
+		} catch {
+			c.set("session", null);
+			c.set("isAuthenticated", false);
+		}
+		await next();
+	};
+}
+//#endregion
 //#region src/middleware/onboarding.ts
 /**
 * Onboarding Middleware
@@ -26361,6 +26731,60 @@ async function deriveScryptKey(password, saltHex, opts) {
 	});
 }
 //#endregion
+//#region src/lib/rate-limit-d1.ts
+/**
+* D1 Sliding-Window Rate Limiter
+*
+* Used by the Cloudflare Workers runtime where isolates are ephemeral and
+* memory-based limiters would silently drop state between requests. Each
+* check performs one SELECT (over a two-row range) plus one UPSERT — both
+* hit a composite primary key so the round-trips are cheap.
+*
+* Algorithm: two-window weighted counter. The previous window's tally
+* decays linearly as the current window fills, giving a smoother limit
+* than a naive fixed window (which would allow a 2x burst at the
+* boundary) while remaining a single-key storage primitive.
+*
+* For Node deployments use `createMemoryRateLimiter` instead.
+*/
+/**
+* Probability of running opportunistic cleanup on any given write.
+* 1% strikes a balance between bounded table growth and per-request cost.
+*/ var CLEANUP_PROBABILITY = .01;
+function createD1RateLimiter(db, schema, now = () => Math.floor(Date.now() / 1e3)) {
+	const { rateLimit } = schema;
+	return { async check(key, opts) {
+		const { limit, windowSec } = opts;
+		const nowSec = now();
+		const currentWindow = Math.floor(nowSec / windowSec) * windowSec;
+		const previousWindow = currentWindow - windowSec;
+		const rows = await db.select({
+			windowStart: rateLimit.windowStart,
+			count: rateLimit.count
+		}).from(rateLimit).where(and(eq(rateLimit.key, key), inArray(rateLimit.windowStart, [currentWindow, previousWindow])));
+		let currentCount = 0;
+		let previousCount = 0;
+		for (const row of rows) if (row.windowStart === currentWindow) currentCount = row.count;
+		else if (row.windowStart === previousWindow) previousCount = row.count;
+		const elapsed = nowSec - currentWindow;
+		const prevWeight = 1 - elapsed / windowSec;
+		if (previousCount * prevWeight + currentCount >= limit) return {
+			ok: false,
+			retryAfterSec: Math.max(1, windowSec - elapsed)
+		};
+		await db.insert(rateLimit).values({
+			key,
+			windowStart: currentWindow,
+			count: 1
+		}).onConflictDoUpdate({
+			target: [rateLimit.key, rateLimit.windowStart],
+			set: { count: sql`${rateLimit.count} + 1` }
+		});
+		if (Math.random() < CLEANUP_PROBABILITY) await db.delete(rateLimit).where(lt(rateLimit.windowStart, currentWindow - windowSec * 2));
+		return { ok: true };
+	} };
+}
+//#endregion
 //#region src/lib/hosted-sso.ts
 var textEncoder = new TextEncoder();
 var textDecoder = new TextDecoder();
@@ -27649,6 +28073,51 @@ function createPostService(db, config, siteId, paths, databaseSchema = sqliteSch
 			if (filters.offset !== void 0) query = query.offset(filters.offset);
 			return hydratePosts(await query);
 		},
+		async listForSitemap({ afterId, limit }) {
+			const conditions = buildFilterConditions({
+				status: "published",
+				excludePrivate: true,
+				excludeReplies: true
+			});
+			if (afterId !== void 0) conditions.push(sql`${posts.id} > ${afterId}`);
+			const rows = await db.select({
+				id: posts.id,
+				updatedAt: posts.updatedAt,
+				featuredAt: posts.featuredAt
+			}).from(posts).where(conditions.length > 0 ? and(...conditions) : void 0).orderBy(asc(posts.id)).limit(limit);
+			if (rows.length === 0) return [];
+			const ids = rows.map((row) => row.id);
+			const [slugMap, aliasesMap] = await Promise.all([resolvedPaths.getPostSlugMap(ids), resolvedPaths.getPostAliases(ids)]);
+			return rows.map((row) => {
+				const slug = slugMap.get(row.id);
+				if (!slug) return null;
+				const alias = aliasesMap.get(row.id)?.[0] ?? null;
+				return {
+					id: row.id,
+					slug,
+					alias,
+					updatedAt: row.updatedAt,
+					featuredAt: row.featuredAt
+				};
+			}).filter((entry) => entry !== null);
+		},
+		async countForSitemap() {
+			const conditions = buildFilterConditions({
+				status: "published",
+				excludePrivate: true,
+				excludeReplies: true
+			});
+			return (await db.select({ count: sql`CAST(count(*) AS INTEGER)`.as("count") }).from(posts).where(conditions.length > 0 ? and(...conditions) : void 0))[0]?.count ?? 0;
+		},
+		async getSitemapIdAt(offset) {
+			if (offset < 0) return null;
+			const conditions = buildFilterConditions({
+				status: "published",
+				excludePrivate: true,
+				excludeReplies: true
+			});
+			return (await db.select({ id: posts.id }).from(posts).where(conditions.length > 0 ? and(...conditions) : void 0).orderBy(asc(posts.id)).limit(1).offset(offset))[0]?.id ?? null;
+		},
 		async count(filters = {}) {
 			const conditions = buildFilterConditions(filters);
 			return (await db.select({ count: sql`CAST(count(*) AS INTEGER)`.as("count") }).from(posts).where(conditions.length > 0 ? and(...conditions) : void 0))[0]?.count ?? 0;
@@ -27688,7 +28157,7 @@ function createPostService(db, config, siteId, paths, databaseSchema = sqliteSch
 				hasAttachments: data.attachments ? data.attachments.length > 0 : void 0
 			});
 			const bodyHtml = body ? renderTiptapJson(body) : null;
-			const bodyText = body ? extractBodyText(body) : null;
+			const bodyText = body ? extractBodyText(body, { includeLinkHrefs: true }) : null;
 			let summary = null;
 			if (format === "note" && title && body && summaryConfig) summary = extractSummary(body, summaryConfig.maxParagraphs, summaryConfig.maxChars);
 			let threadId = id;
@@ -27968,7 +28437,7 @@ function createPostService(db, config, siteId, paths, databaseSchema = sqliteSch
 				const normalizedBody = rawBody ? trimTiptapBody(rawBody) : null;
 				updates.body = normalizedBody;
 				updates.bodyHtml = normalizedBody ? renderTiptapJson(normalizedBody) : null;
-				updates.bodyText = normalizedBody ? extractBodyText(normalizedBody) : null;
+				updates.bodyText = normalizedBody ? extractBodyText(normalizedBody, { includeLinkHrefs: true }) : null;
 			}
 			if (summaryConfig) {
 				const format = nextFormat;
@@ -28406,6 +28875,40 @@ function createPostService(db, config, siteId, paths, databaseSchema = sqliteSch
 			const conditions = [...buildFilterConditions(filters), isNotNull(posts.publishedAt)];
 			const publishedYearExpr = buildPublishedYearExpr();
 			return (await db.select({ year: publishedYearExpr.as("year") }).from(posts).where(conditions.length > 0 ? and(...conditions) : void 0).groupBy(publishedYearExpr).orderBy(desc(publishedYearExpr))).map((r) => parseInt(r.year, 10));
+		},
+		async reindexBodyText(options = {}) {
+			const requested = options.limit ?? 50;
+			const limit = Math.min(Math.max(Math.trunc(requested), 1), 500);
+			const cursor = options.cursor;
+			const whereConditions = [eq(posts.siteId, siteId), isNull(posts.deletedAt)];
+			if (cursor) whereConditions.push(gt(posts.id, cursor));
+			const rows = await db.select({
+				id: posts.id,
+				body: posts.body,
+				bodyText: posts.bodyText
+			}).from(posts).where(and(...whereConditions)).orderBy(asc(posts.id)).limit(limit + 1);
+			const hasMore = rows.length > limit;
+			const batch = hasMore ? rows.slice(0, limit) : rows;
+			let updated = 0;
+			let skipped = 0;
+			for (const row of batch) {
+				const nextBodyText = row.body ? extractBodyText(row.body, { includeLinkHrefs: true }) : null;
+				if (nextBodyText === row.bodyText) {
+					skipped++;
+					continue;
+				}
+				await db.update(posts).set({ bodyText: nextBodyText }).where(and(eq(posts.siteId, siteId), eq(posts.id, row.id)));
+				updated++;
+			}
+			const lastRow = batch.at(-1);
+			const lastId = lastRow ? lastRow.id : null;
+			return {
+				processed: batch.length,
+				updated,
+				skipped,
+				nextCursor: hasMore ? lastId : null,
+				done: !hasMore
+			};
 		}
 	};
 }
@@ -29933,10 +30436,28 @@ function createSiteAdminService(db, databaseSchema = sqliteSchemaBundle, databas
 		const pathPrefix = domain.pathPrefix ?? "";
 		return `${protocol}//${domain.host}${pathPrefix}`;
 	}
+	async function loadByIdempotencyKey(targetDb, idempotencyKey) {
+		const siteRow = (await targetDb.select().from(sites).where(eq(sites.provisioningIdempotencyKey, idempotencyKey)).limit(1))[0];
+		if (!siteRow) return null;
+		const domainRow = (await targetDb.select().from(siteDomains).where(and(eq(siteDomains.siteId, siteRow.id), eq(siteDomains.kind, "primary"))).limit(1))[0];
+		if (!domainRow) return null;
+		return {
+			site: toSite(siteRow),
+			domain: toSiteDomain(domainRow)
+		};
+	}
 	async function createWithDatabase(targetDb, input) {
 		const siteKey = input.key.trim();
 		const primaryHost = input.primaryHost.trim().toLowerCase();
 		const siteName = input.siteName.trim();
+		const idempotencyKey = input.idempotencyKey?.trim() || null;
+		if (idempotencyKey) {
+			const existing = await loadByIdempotencyKey(targetDb, idempotencyKey);
+			if (existing) {
+				if (existing.site.key !== siteKey || existing.domain.host !== primaryHost) throw new ConflictError("Idempotency key was reused with a different site key or primary host.");
+				return existing;
+			}
+		}
 		if ((await targetDb.select({ id: sites.id }).from(sites).where(eq(sites.key, siteKey)).limit(1))[0]) throw new ConflictError("Site key is already in use.");
 		if ((await targetDb.select({ id: siteDomains.id }).from(siteDomains).where(eq(siteDomains.host, primaryHost)).limit(1))[0]) throw new ConflictError("Primary host is already in use.");
 		const timestamp = now();
@@ -29946,6 +30467,7 @@ function createSiteAdminService(db, databaseSchema = sqliteSchemaBundle, databas
 			id: siteId,
 			key: siteKey,
 			status: "active",
+			provisioningIdempotencyKey: idempotencyKey,
 			createdAt: timestamp,
 			updatedAt: timestamp
 		}).returning())[0];
@@ -30863,6 +31385,7 @@ function getResolvedSiteBaseUrl(env, publicRequestUrl, pathPrefix) {
 			schema: sqliteSchemaBundle,
 			secret: hostedControlPlaneSsoSecret
 		}),
+		rateLimiter: createD1RateLimiter(db, sqliteSchemaBundle),
 		services: createServices(db, session, siteLookup.site.id, {
 			databaseDialect: "sqlite",
 			bootstrapSite: getSingleSiteBootstrapOptions(env),
@@ -30876,7 +31399,76 @@ function getResolvedSiteBaseUrl(env, publicRequestUrl, pathPrefix) {
 	};
 }
 //#endregion
+//#region src/lib/rate-limit-memory.ts
+/**
+* In-Memory Rate Limiter
+*
+* Used by the Node runtime. The server process is long-lived and
+* single-instance, so a local `Map` is reliable and avoids unnecessary DB
+* round-trips. Uses the classic sliding-window-counter algorithm (two
+* aligned buckets with a weighted estimate) for smooth limiting without
+* the 2x boundary burst of a fixed window.
+*
+* On Cloudflare Workers use `createD1RateLimiter` instead — isolates are
+* ephemeral and cannot share memory across requests.
+*/ /**
+* Number of live keys after which we prune old buckets on the next write.
+* Keeps the Map bounded under abuse without paying for eager sweeps.
+*/ var SWEEP_THRESHOLD = 1e4;
+/**
+* Creates an isolated in-memory limiter. Tests construct one per test app;
+* the Node runtime holds a single module-level instance across requests.
+*
+* `now` is injectable so tests can assert window-rollover behavior without
+* relying on real time.
+*/ function createMemoryRateLimiter(now = () => Math.floor(Date.now() / 1e3)) {
+	const buckets = /* @__PURE__ */ new Map();
+	function sweep(nowSec) {
+		if (buckets.size < SWEEP_THRESHOLD) return;
+		const cutoff = nowSec - 600;
+		for (const [key, bucket] of buckets) if (bucket.windowStart < cutoff) buckets.delete(key);
+	}
+	return { async check(key, opts) {
+		const { limit, windowSec } = opts;
+		const nowSec = now();
+		const currentWindow = Math.floor(nowSec / windowSec) * windowSec;
+		let bucket = buckets.get(key);
+		if (!bucket) {
+			bucket = {
+				windowStart: currentWindow,
+				count: 0,
+				prevCount: 0
+			};
+			buckets.set(key, bucket);
+		} else if (bucket.windowStart !== currentWindow) {
+			if (bucket.windowStart === currentWindow - windowSec) bucket.prevCount = bucket.count;
+			else bucket.prevCount = 0;
+			bucket.count = 0;
+			bucket.windowStart = currentWindow;
+		}
+		const elapsed = nowSec - currentWindow;
+		const prevWeight = 1 - elapsed / windowSec;
+		if (bucket.prevCount * prevWeight + bucket.count >= limit) return {
+			ok: false,
+			retryAfterSec: Math.max(1, windowSec - elapsed)
+		};
+		bucket.count += 1;
+		sweep(nowSec);
+		return { ok: true };
+	} };
+}
+//#endregion
 //#region src/runtime/node.ts
+/**
+* Single process-wide rate limiter for the Node runtime. Node serves all
+* requests out of one persistent process, so in-memory counters are
+* reliable and avoid per-request D1 round-trips. Constructed lazily on
+* first use so tests that never build a request runtime don't pay for it.
+*/ var sharedNodeRateLimiter = null;
+function getNodeRateLimiter() {
+	sharedNodeRateLimiter ??= createMemoryRateLimiter();
+	return sharedNodeRateLimiter;
+}
 function createBetterSqliteRawQuery(sqlite) {
 	return { prepare(query) {
 		let params = [];
@@ -30928,6 +31520,7 @@ function createBetterSqliteRawQuery(sqlite) {
 			schema: databaseSchema,
 			secret: hostedControlPlaneSsoSecret
 		}),
+		rateLimiter: getNodeRateLimiter(),
 		services: createServices(db, rawQuery, siteLookup.site.id, {
 			databaseDialect,
 			bootstrapSite: getSingleSiteBootstrapOptions(env),
@@ -31204,8 +31797,10 @@ async function servePublicStorage(c) {
 		c.set("auth", runtime.auth);
 		c.set("currentSite", runtime.currentSite);
 		c.set("currentSiteDomain", runtime.currentSiteDomain);
+		c.set("rateLimiter", runtime.rateLimiter);
 		await next();
 	});
+	app.use("*", attachSession());
 	app.use("*", async (c, next) => {
 		const redirectUrl = await getHostedCanonicalRedirect({
 			currentSite: c.var.currentSite,
@@ -31223,6 +31818,7 @@ async function servePublicStorage(c) {
 	app.route("/api/internal/api-tokens", internalApiTokensRoutes);
 	app.route("/api/internal/sites", internalSitesRoutes);
 	app.route("/api/internal/text-attachments", internalTextAttachmentsRoutes);
+	app.route("/api/internal/search/reindex", internalSearchReindexRoutes);
 	app.route("/api/internal/uploads", internalUploadsRoutes);
 	app.route("/api/github-sync", githubSyncWebhookRoutes);
 	app.get("/api/media/:id/content", async (c) => {
@@ -31352,4 +31948,4 @@ async function servePublicStorage(c) {
 	return app;
 }
 //#endregion
-export { MEDIA_KINDS as A, toNavItemViews as C, FORMATS$2 as D, toSearchResultView as E, buildThemeStyle as F, BUILTIN_COLOR_THEMES as I, getPublicAssetBasePath as L, SORT_ORDERS as M, STATUSES$2 as N, MAX_MEDIA_ATTACHMENTS as O, TEXT_ATTACHMENT_CONTENT_FORMATS as P, isAssetPath as R, toNavItemView as S, toPostViews as T, schema_exports$1 as _, createSiteService as a, toArchiveGroupsWithMedia as b, resolveConfig as c, getFontThemeCssVariables as d, defaultFeedRenderer as f, createNodeDatabase as g, sqliteSchemaBundle as h, createNodeRequestRuntime as i, NAV_ITEM_TYPES$2 as j, MAX_PINNED_POSTS as k, BUILTIN_FONT_THEMES as l, pgSchemaBundle as m, createRequestRuntime as n, resolveDatabaseDialect as o, defaultSitemapRenderer as p, createNodeCliRuntime as r, getHostBasedStartupConfigurationIssues as s, createApp as t, getCjkSerifCssVariables as u, createMediaContext as v, toPostView as w, toMediaView as x, toArchiveGroups as y };
+export { NAV_ITEM_TYPES$2 as A, toPostView as C, MAX_MEDIA_ATTACHMENTS as D, FORMATS$2 as E, BUILTIN_COLOR_THEMES as F, getPublicAssetBasePath as I, isAssetPath as L, STATUSES$2 as M, TEXT_ATTACHMENT_CONTENT_FORMATS as N, MAX_PINNED_POSTS as O, buildThemeStyle as P, toNavItemViews as S, toSearchResultView as T, createMediaContext as _, createSiteService as a, toMediaView as b, resolveConfig as c, getFontThemeCssVariables as d, defaultFeedRenderer as f, schema_exports$1 as g, createNodeDatabase as h, createNodeRequestRuntime as i, SORT_ORDERS as j, MEDIA_KINDS as k, BUILTIN_FONT_THEMES as l, sqliteSchemaBundle as m, createRequestRuntime as n, resolveDatabaseDialect as o, pgSchemaBundle as p, createNodeCliRuntime as r, getHostBasedStartupConfigurationIssues as s, createApp as t, getCjkSerifCssVariables as u, toArchiveGroups as v, toPostViews as w, toNavItemView as x, toArchiveGroupsWithMedia as y };