@nexpress/core 0.1.0

package/dist/chunk-6YI5K2TI.js

@@ -0,0 +1,1959 @@
+import {
+  getMutedTargetIds
+} from "./chunk-NUCGHWCF.js";
+import {
+  createNotification,
+  extractMentionHandles,
+  fanOutMentionNotifications
+} from "./chunk-UGQSQO5B.js";
+import {
+  applyReputation
+} from "./chunk-THX3SHYA.js";
+import {
+  getSpamAdapter
+} from "./chunk-JKXAPSU4.js";
+import {
+  getProfanityAdapter
+} from "./chunk-KU5M27ZC.js";
+import {
+  getCommunityRole,
+  memberCan,
+  withMemberWrite
+} from "./chunk-55FU6WED.js";
+import {
+  buildWeightedSearchVectorSql,
+  deleteDocument,
+  findDocuments,
+  getDocumentById,
+  saveDocument
+} from "./chunk-VGTPQXNQ.js";
+import {
+  can
+} from "./chunk-EQ2Z3KMD.js";
+import {
+  recordAuditEvent
+} from "./chunk-RIPHIRPP.js";
+import {
+  getCommunitySettings
+} from "./chunk-PPBWRKO2.js";
+import {
+  getI18nConfig
+} from "./chunk-4ZLMEKFX.js";
+import {
+  NP_DEFAULT_SITE_ID,
+  getAllCollectionSlugs,
+  getCollectionConfig,
+  getCollectionRegistration,
+  getCollectionTable
+} from "./chunk-FZ7O6DWI.js";
+import {
+  getCurrentSiteId,
+  requireSiteId
+} from "./chunk-SBCVAC2Z.js";
+import {
+  NpConflictError,
+  NpForbiddenError,
+  NpNotFoundError,
+  NpValidationError
+} from "./chunk-ZCINJSS4.js";
+import {
+  getMediaUrl
+} from "./chunk-BHK3AD3Q.js";
+import {
+  deleteMedia
+} from "./chunk-473S4TER.js";
+import {
+  getLogger
+} from "./chunk-JJL74ZPK.js";
+import {
+  getDb
+} from "./chunk-XANPEOJC.js";
+import {
+  npBans,
+  npComments,
+  npFollows,
+  npMedia,
+  npMemberRoles,
+  npMembers,
+  npReactions,
+  npReports,
+  npRevisions
+} from "./chunk-M43PGOQY.js";
+
+// src/community/profiles.ts
+import { and, eq, inArray, ne, or } from "drizzle-orm";
+async function getMemberProfile(idOrHandle, options = {}) {
+  if (typeof idOrHandle !== "string" || idOrHandle.length === 0) return null;
+  const needle = idOrHandle.toLowerCase();
+  const db = getDb();
+  const rows = await db.select({
+    id: npMembers.id,
+    handle: npMembers.handle,
+    displayName: npMembers.displayName,
+    avatarId: npMembers.avatar,
+    bio: npMembers.bio,
+    reputation: npMembers.reputation,
+    status: npMembers.status,
+    createdAt: npMembers.createdAt
+  }).from(npMembers).where(
+    and(
+      or(eq(npMembers.id, needle), eq(npMembers.handle, needle)),
+      ne(npMembers.status, "suspended"),
+      ne(npMembers.status, "deleted")
+    )
+  ).limit(1);
+  const row = rows[0];
+  if (!row) return null;
+  const avatarUrl = row.avatarId ? await getMemberAvatarUrl(row.avatarId, options.avatarVariant ?? "thumbnail") : null;
+  return {
+    id: row.id,
+    handle: row.handle,
+    displayName: row.displayName,
+    avatarUrl,
+    bio: row.bio ?? null,
+    reputation: row.reputation,
+    joinedAt: row.createdAt
+  };
+}
+async function getMemberAvatarUrl(mediaId, variant) {
+  try {
+    return await getMediaUrl(mediaId, { variant });
+  } catch {
+    return null;
+  }
+}
+async function getMemberProfiles(ids, options = {}) {
+  const result = /* @__PURE__ */ new Map();
+  if (ids.length === 0) return result;
+  const unique = Array.from(new Set(ids.filter((id) => typeof id === "string" && id.length > 0)));
+  if (unique.length === 0) return result;
+  const db = getDb();
+  const rows = await db.select({
+    id: npMembers.id,
+    handle: npMembers.handle,
+    displayName: npMembers.displayName,
+    avatarId: npMembers.avatar,
+    bio: npMembers.bio,
+    reputation: npMembers.reputation,
+    status: npMembers.status,
+    createdAt: npMembers.createdAt
+  }).from(npMembers).where(
+    and(
+      inArray(npMembers.id, unique),
+      ne(npMembers.status, "suspended"),
+      ne(npMembers.status, "deleted")
+    )
+  );
+  const variant = options.avatarVariant ?? "thumbnail";
+  await Promise.all(
+    rows.map(async (row) => {
+      const avatarUrl = row.avatarId ? await getMemberAvatarUrl(row.avatarId, variant) : null;
+      result.set(row.id, {
+        id: row.id,
+        handle: row.handle,
+        displayName: row.displayName,
+        avatarUrl,
+        bio: row.bio ?? null,
+        reputation: row.reputation,
+        joinedAt: row.createdAt
+      });
+    })
+  );
+  return result;
+}
+
+// src/community/markdown.ts
+var URL_RE = /^(?:https?:\/\/|mailto:)[^\s)]+$/;
+function escapeHtml(value) {
+  return value.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
+}
+function renderInline(text) {
+  let html = escapeHtml(text);
+  html = html.replace(/`([^`\n]+?)`/g, (_match, code) => `<code>${code}</code>`);
+  html = html.replace(/\*\*([^*\n][^*\n]*?)\*\*/g, "<strong>$1</strong>");
+  html = html.replace(/\*(\S(?:[^*\n]*\S)?)\*/g, "<em>$1</em>");
+  html = html.replace(/\[([^\]\n]+?)\]\(([^)\n]+?)\)/g, (_match, label, rawUrl) => {
+    if (!URL_RE.test(rawUrl)) return `[${label}](${rawUrl})`;
+    return `<a href="${rawUrl}" rel="nofollow ugc" target="_blank">${label}</a>`;
+  });
+  html = html.replace(/\n/g, "<br/>");
+  return html;
+}
+function renderCommentMarkdown(source) {
+  if (!source) return "";
+  const blocks = [];
+  let cursor = 0;
+  const fenceRe = /```([\s\S]*?)```/g;
+  let match;
+  while ((match = fenceRe.exec(source)) !== null) {
+    const before = source.slice(cursor, match.index);
+    if (before) blocks.push(renderTextBlocks(before));
+    blocks.push(`<pre><code>${escapeHtml(match[1] ?? "")}</code></pre>`);
+    cursor = match.index + match[0].length;
+  }
+  const tail = source.slice(cursor);
+  if (tail) blocks.push(renderTextBlocks(tail));
+  return blocks.join("\n").trim();
+}
+function renderTextBlocks(chunk) {
+  return chunk.split(/\n{2,}/).map((para) => para.trim()).filter(Boolean).map((para) => `<p>${renderInline(para)}</p>`).join("\n");
+}
+
+// src/community/comments.ts
+import { and as and2, asc, count, desc, eq as eq2, notInArray, sql } from "drizzle-orm";
+var MAX_BODY_LENGTH = 5e3;
+function assertCollectionAcceptsComments(slug) {
+  const config = getCollectionConfig(slug);
+  if (!config.community?.comments) {
+    throw new NpValidationError("Comments disabled", [
+      {
+        field: "collection",
+        message: `Collection "${slug}" does not accept comments. Set community.comments=true on the collection config.`
+      }
+    ]);
+  }
+}
+function validateBody(bodyMd) {
+  const trimmed = bodyMd.trim();
+  if (trimmed.length === 0) {
+    throw new NpValidationError("Invalid input", [
+      { field: "bodyMd", message: "Comment body required" }
+    ]);
+  }
+  if (trimmed.length > MAX_BODY_LENGTH) {
+    throw new NpValidationError("Invalid input", [
+      { field: "bodyMd", message: `Comment body must be \u2264 ${MAX_BODY_LENGTH} characters` }
+    ]);
+  }
+}
+function commentScopes(row) {
+  return [{ type: "collection", id: row.targetType }];
+}
+async function createComment(input) {
+  validateBody(input.bodyMd);
+  assertCollectionAcceptsComments(input.targetType);
+  return withMemberWrite(
+    input.memberId,
+    [{ type: "collection", id: input.targetType }],
+    async () => doCreateComment(input)
+  );
+}
+async function doCreateComment(input) {
+  const targetDoc = await getDocumentById(input.targetType, input.targetId);
+  if (!targetDoc) {
+    throw new NpNotFoundError(input.targetType, input.targetId);
+  }
+  const requestSiteId = await getCurrentSiteId();
+  if (requestSiteId && typeof targetDoc.siteId === "string" && targetDoc.siteId !== requestSiteId) {
+    throw new NpForbiddenError("comment", "cross-site");
+  }
+  if (targetDoc.locked === true) {
+    throw new NpValidationError("Invalid input", [
+      { field: "targetId", message: "This thread is locked and does not accept new comments." }
+    ]);
+  }
+  const db = getDb();
+  let parentAuthorId = null;
+  if (input.parentId) {
+    const [parent] = await db.select({
+      id: npComments.id,
+      targetType: npComments.targetType,
+      targetId: npComments.targetId,
+      memberId: npComments.memberId,
+      status: npComments.status
+    }).from(npComments).where(eq2(npComments.id, input.parentId)).limit(1);
+    if (!parent) {
+      throw new NpNotFoundError("comment", input.parentId);
+    }
+    if (parent.targetType !== input.targetType || parent.targetId !== input.targetId) {
+      throw new NpValidationError("Invalid input", [
+        { field: "parentId", message: "Parent comment belongs to a different document" }
+      ]);
+    }
+    if (parent.status !== "visible") {
+      throw new NpValidationError("Invalid input", [
+        {
+          field: "parentId",
+          message: `Cannot reply to a comment with status '${parent.status}'`
+        }
+      ]);
+    }
+    parentAuthorId = parent.memberId;
+  }
+  const ctx = {
+    memberId: input.memberId,
+    targetType: input.targetType,
+    targetId: input.targetId,
+    parentId: input.parentId ?? null
+  };
+  let profanityVerdict;
+  try {
+    profanityVerdict = await getProfanityAdapter().check(input.bodyMd, ctx);
+  } catch (err) {
+    getLogger().warn("profanity adapter threw \u2014 treating as pass", {
+      error: err instanceof Error ? err.message : String(err),
+      targetType: input.targetType,
+      targetId: input.targetId
+    });
+    profanityVerdict = { kind: "pass" };
+  }
+  if (profanityVerdict.kind === "reject") {
+    throw new NpValidationError("Invalid input", [
+      {
+        field: "bodyMd",
+        message: profanityVerdict.reason ?? "Comment contains prohibited language"
+      }
+    ]);
+  }
+  let spamVerdict;
+  try {
+    spamVerdict = await getSpamAdapter().check(input.bodyMd, ctx);
+  } catch (err) {
+    getLogger().warn("spam adapter threw \u2014 treating as pass", {
+      error: err instanceof Error ? err.message : String(err),
+      targetType: input.targetType,
+      targetId: input.targetId
+    });
+    spamVerdict = { kind: "pass" };
+  }
+  if (spamVerdict.kind === "reject") {
+    throw new NpValidationError("Invalid input", [
+      {
+        field: "bodyMd",
+        message: spamVerdict.reason ?? "Comment was rejected by the site's spam filter"
+      }
+    ]);
+  }
+  const flaggedBy = [];
+  if (profanityVerdict.kind === "flag") flaggedBy.push("profanity");
+  if (spamVerdict.kind === "flag") flaggedBy.push("spam");
+  const initialStatus = flaggedBy.length > 0 ? "pending" : "visible";
+  const html = renderCommentMarkdown(input.bodyMd);
+  const targetSiteId = typeof targetDoc.siteId === "string" && targetDoc.siteId.length > 0 ? targetDoc.siteId : await getCurrentSiteId() ?? NP_DEFAULT_SITE_ID;
+  const [row] = await db.insert(npComments).values({
+    targetType: input.targetType,
+    targetId: input.targetId,
+    parentId: input.parentId ?? null,
+    memberId: input.memberId,
+    bodyMd: input.bodyMd,
+    bodyHtml: html,
+    status: initialStatus,
+    siteId: targetSiteId
+  }).returning();
+  if (!row) throw new Error("Comment insert returned no row");
+  if (flaggedBy.length > 0) {
+    await recordAuditEvent({
+      actor: { kind: "member", memberId: input.memberId },
+      action: "comment.flag",
+      targetType: "comment",
+      targetId: row.id,
+      payload: {
+        sources: flaggedBy,
+        profanity: profanityVerdict.kind === "flag" ? {
+          reason: profanityVerdict.reason ?? null,
+          metadata: profanityVerdict.metadata ?? null
+        } : null,
+        spam: spamVerdict.kind === "flag" ? {
+          reason: spamVerdict.reason ?? null,
+          metadata: spamVerdict.metadata ?? null
+        } : null
+      }
+    });
+  }
+  if (initialStatus === "visible") {
+    await applyReputation(input.memberId, {
+      kind: "comment.created",
+      commentId: row.id,
+      memberId: input.memberId,
+      targetType: input.targetType,
+      targetId: input.targetId
+    });
+  }
+  if (initialStatus === "visible" && parentAuthorId && parentAuthorId !== input.memberId) {
+    await createNotification({
+      memberId: parentAuthorId,
+      kind: "comment.reply",
+      actorMemberId: input.memberId,
+      payload: {
+        commentId: row.id,
+        replyAuthorId: input.memberId,
+        targetType: input.targetType,
+        targetId: input.targetId
+      }
+    });
+  }
+  if (initialStatus === "visible") {
+    const exclude = /* @__PURE__ */ new Set();
+    if (parentAuthorId) exclude.add(parentAuthorId);
+    await fanOutMentionNotifications({
+      actorMemberId: input.memberId,
+      kind: "comment.mention",
+      source: input.bodyMd,
+      exclude,
+      payload: {
+        commentId: row.id,
+        targetType: input.targetType,
+        targetId: input.targetId
+      }
+    });
+  }
+  return row;
+}
+async function listComments(targetType, targetId, options = {}) {
+  const db = getDb();
+  const limit = Math.min(Math.max(options.limit ?? 50, 1), 200);
+  const offset = Math.max(options.offset ?? 0, 0);
+  const order = options.order ?? "newest";
+  const mutedAuthorIds = options.viewerMemberId ? Array.from(await getMutedTargetIds(options.viewerMemberId)) : [];
+  const muteFilter = mutedAuthorIds.length > 0 ? notInArray(npComments.memberId, mutedAuthorIds) : void 0;
+  const baseWhere = options.includeHidden ? and2(eq2(npComments.targetType, targetType), eq2(npComments.targetId, targetId)) : sql`${eq2(npComments.targetType, targetType)} and ${eq2(npComments.targetId, targetId)} and ${eq2(npComments.status, "visible")}`;
+  const where = muteFilter ? and2(baseWhere, muteFilter) : baseWhere;
+  const orderBy = order === "top" ? sql`(SELECT COUNT(*) FROM ${npReactions} WHERE ${npReactions.targetType} = 'comment' AND ${npReactions.targetId} = ${npComments.id}) DESC, ${npComments.createdAt} DESC` : order === "oldest" ? asc(npComments.createdAt) : desc(npComments.createdAt);
+  const joinedRows = await db.select({
+    comment: npComments,
+    authorStatus: npMembers.status
+  }).from(npComments).leftJoin(npMembers, eq2(npComments.memberId, npMembers.id)).where(where).orderBy(orderBy).limit(limit).offset(offset);
+  const rows = joinedRows.map(({ comment, authorStatus }) => ({
+    ...comment,
+    authorStatus
+  }));
+  const [totalRow] = await db.select({ total: count() }).from(npComments).where(where);
+  return { comments: rows, totalDocs: Number(totalRow?.total ?? 0) };
+}
+async function updateComment(input) {
+  validateBody(input.bodyMd);
+  const db = getDb();
+  const [existing] = await db.select().from(npComments).where(eq2(npComments.id, input.commentId)).limit(1);
+  if (!existing) throw new NpNotFoundError("comment", input.commentId);
+  if (existing.status === "deleted") {
+    throw new NpValidationError("Invalid state", [
+      { field: "comment", message: "Cannot edit a deleted comment" }
+    ]);
+  }
+  const ownerCan = await memberCan(input.memberId, "edit-own", {
+    type: "comment",
+    id: existing.id,
+    ownerId: existing.memberId,
+    scopes: commentScopes(existing)
+  });
+  const modCan = ownerCan ? false : await memberCan(input.memberId, "edit-any-comment", {
+    type: "comment",
+    id: existing.id,
+    ownerId: existing.memberId,
+    scopes: commentScopes(existing)
+  });
+  if (!ownerCan && !modCan) {
+    throw new NpForbiddenError("comment", "update");
+  }
+  const ctx = {
+    memberId: input.memberId,
+    targetType: existing.targetType,
+    targetId: existing.targetId,
+    parentId: existing.parentId
+  };
+  let profanityFlag = null;
+  try {
+    const verdict = await getProfanityAdapter().check(input.bodyMd, ctx);
+    if (verdict.kind === "reject") {
+      throw new NpValidationError("Invalid input", [
+        {
+          field: "bodyMd",
+          message: verdict.reason ?? "Comment contains prohibited language"
+        }
+      ]);
+    }
+    if (verdict.kind === "flag") {
+      profanityFlag = {
+        reason: verdict.reason ?? null,
+        metadata: verdict.metadata ?? null
+      };
+    }
+  } catch (err) {
+    if (err instanceof NpValidationError) throw err;
+    getLogger().warn("profanity adapter threw on comment edit \u2014 treating as pass", {
+      error: err instanceof Error ? err.message : String(err),
+      commentId: input.commentId
+    });
+  }
+  let spamFlag = null;
+  try {
+    const verdict = await getSpamAdapter().check(input.bodyMd, ctx);
+    if (verdict.kind === "reject") {
+      throw new NpValidationError("Invalid input", [
+        {
+          field: "bodyMd",
+          message: verdict.reason ?? "Comment was rejected by the site's spam filter"
+        }
+      ]);
+    }
+    if (verdict.kind === "flag") {
+      spamFlag = {
+        reason: verdict.reason ?? null,
+        metadata: verdict.metadata ?? null
+      };
+    }
+  } catch (err) {
+    if (err instanceof NpValidationError) throw err;
+    getLogger().warn("spam adapter threw on comment edit \u2014 treating as pass", {
+      error: err instanceof Error ? err.message : String(err),
+      commentId: input.commentId
+    });
+  }
+  const editFlaggedBy = [];
+  if (profanityFlag) editFlaggedBy.push("profanity");
+  if (spamFlag) editFlaggedBy.push("spam");
+  const html = renderCommentMarkdown(input.bodyMd);
+  const updateValues = {
+    bodyMd: input.bodyMd,
+    bodyHtml: html,
+    editedAt: /* @__PURE__ */ new Date()
+  };
+  if (editFlaggedBy.length > 0) {
+    updateValues.status = "pending";
+  }
+  const [updated] = await db.update(npComments).set(updateValues).where(eq2(npComments.id, input.commentId)).returning();
+  if (!updated) throw new Error("Comment update returned no row");
+  if (editFlaggedBy.length > 0) {
+    await recordAuditEvent({
+      actor: { kind: "member", memberId: input.memberId },
+      action: "comment.flag",
+      targetType: "comment",
+      targetId: updated.id,
+      payload: {
+        event: "update",
+        sources: editFlaggedBy,
+        profanity: profanityFlag,
+        spam: spamFlag
+      }
+    });
+  }
+  if (updated.status === "visible") {
+    const previousHandles = new Set(extractMentionHandles(existing.bodyMd));
+    await fanOutMentionNotifications({
+      actorMemberId: input.memberId,
+      kind: "comment.mention",
+      source: input.bodyMd,
+      previousHandles,
+      payload: {
+        commentId: updated.id,
+        targetType: existing.targetType,
+        targetId: existing.targetId
+      }
+    });
+  }
+  return updated;
+}
+async function deleteComment(input) {
+  const db = getDb();
+  const [existing] = await db.select().from(npComments).where(eq2(npComments.id, input.commentId)).limit(1);
+  if (!existing) throw new NpNotFoundError("comment", input.commentId);
+  const ownerCan = await memberCan(input.memberId, "delete-own", {
+    type: "comment",
+    id: existing.id,
+    ownerId: existing.memberId,
+    scopes: commentScopes(existing)
+  });
+  const modCan = ownerCan ? false : await memberCan(input.memberId, "delete-any-comment", {
+    type: "comment",
+    id: existing.id,
+    ownerId: existing.memberId,
+    scopes: commentScopes(existing)
+  });
+  if (!ownerCan && !modCan) {
+    throw new NpForbiddenError("comment", "delete");
+  }
+  await db.update(npComments).set({ status: "deleted", bodyMd: "", bodyHtml: "", editedAt: /* @__PURE__ */ new Date() }).where(eq2(npComments.id, input.commentId));
+}
+async function hideComment(input) {
+  const db = getDb();
+  const [existing] = await db.select().from(npComments).where(eq2(npComments.id, input.commentId)).limit(1);
+  if (!existing) throw new NpNotFoundError("comment", input.commentId);
+  const ok = await memberCan(input.memberId, "hide-comment", {
+    type: "comment",
+    id: existing.id,
+    ownerId: existing.memberId,
+    scopes: commentScopes(existing)
+  });
+  if (!ok) throw new NpForbiddenError("comment", "hide");
+  await db.update(npComments).set({
+    status: "hidden",
+    hiddenByMemberId: input.memberId,
+    hiddenReason: input.reason ?? null
+  }).where(eq2(npComments.id, input.commentId));
+  await recordAuditEvent({
+    actor: { kind: "member", memberId: input.memberId },
+    action: "comment.hide",
+    targetType: "comment",
+    targetId: existing.id,
+    payload: { reason: input.reason ?? null, collection: existing.targetType }
+  });
+}
+async function restoreComment(input) {
+  const db = getDb();
+  const [existing] = await db.select().from(npComments).where(eq2(npComments.id, input.commentId)).limit(1);
+  if (!existing) throw new NpNotFoundError("comment", input.commentId);
+  if (existing.status !== "hidden") {
+    throw new NpValidationError("Invalid state", [
+      { field: "status", message: `Comment is "${existing.status}", not "hidden"` }
+    ]);
+  }
+  const ok = await memberCan(input.memberId, "restore-comment", {
+    type: "comment",
+    id: existing.id,
+    ownerId: existing.memberId,
+    scopes: commentScopes(existing)
+  });
+  if (!ok) throw new NpForbiddenError("comment", "restore");
+  await db.update(npComments).set({
+    status: "visible",
+    hiddenByUserId: null,
+    hiddenByMemberId: null,
+    hiddenReason: null
+  }).where(eq2(npComments.id, input.commentId));
+  await recordAuditEvent({
+    actor: { kind: "member", memberId: input.memberId },
+    action: "comment.restore",
+    targetType: "comment",
+    targetId: existing.id,
+    payload: { collection: existing.targetType }
+  });
+}
+async function loadCommentForStaffOp(commentId) {
+  const db = getDb();
+  const [existing] = await db.select().from(npComments).where(eq2(npComments.id, commentId)).limit(1);
+  if (!existing) throw new NpNotFoundError("comment", commentId);
+  const requestSiteId = await requireSiteId();
+  if (existing.siteId !== requestSiteId) {
+    throw new NpForbiddenError("comment", "cross-site");
+  }
+  return { row: existing, siteId: requestSiteId };
+}
+async function staffHideComment(commentId, staffUserId, reason) {
+  const { row: existing, siteId } = await loadCommentForStaffOp(commentId);
+  const db = getDb();
+  await db.update(npComments).set({
+    status: "hidden",
+    hiddenByUserId: staffUserId,
+    hiddenByMemberId: null,
+    hiddenReason: reason ?? null
+  }).where(and2(eq2(npComments.id, commentId), eq2(npComments.siteId, siteId)));
+  await recordAuditEvent({
+    actor: { kind: "staff", userId: staffUserId },
+    action: "comment.hide",
+    targetType: "comment",
+    targetId: commentId,
+    payload: { reason: reason ?? null, byStaff: true }
+  });
+  await applyReputation(existing.memberId, {
+    kind: "comment.hidden",
+    commentId,
+    memberId: existing.memberId,
+    byStaff: true,
+    reason: reason ?? null
+  });
+}
+async function staffRestoreComment(commentId, staffUserId) {
+  const { row: existing, siteId } = await loadCommentForStaffOp(commentId);
+  if (existing.status !== "hidden") {
+    throw new NpValidationError("Invalid state", [
+      {
+        field: "status",
+        message: `Comment is "${existing.status}", not "hidden"`
+      }
+    ]);
+  }
+  const db = getDb();
+  await db.update(npComments).set({
+    status: "visible",
+    hiddenByUserId: null,
+    hiddenByMemberId: null,
+    hiddenReason: null
+  }).where(and2(eq2(npComments.id, commentId), eq2(npComments.siteId, siteId)));
+  await recordAuditEvent({
+    actor: { kind: "staff", userId: staffUserId },
+    action: "comment.restore",
+    targetType: "comment",
+    targetId: commentId,
+    payload: { byStaff: true }
+  });
+}
+async function staffDeleteComment(commentId, staffUserId) {
+  const { row: existing, siteId } = await loadCommentForStaffOp(commentId);
+  const db = getDb();
+  await db.update(npComments).set({ status: "deleted", bodyMd: "", bodyHtml: "" }).where(and2(eq2(npComments.id, commentId), eq2(npComments.siteId, siteId)));
+  await recordAuditEvent({
+    actor: { kind: "staff", userId: staffUserId },
+    action: "comment.delete",
+    targetType: "comment",
+    targetId: commentId,
+    payload: { byStaff: true }
+  });
+  await applyReputation(existing.memberId, {
+    kind: "comment.deleted",
+    commentId,
+    memberId: existing.memberId,
+    byStaff: true
+  });
+}
+
+// src/community/reactions.ts
+import { and as and3, count as count2, eq as eq3 } from "drizzle-orm";
+var DEFAULT_REACTION_KINDS = ["like"];
+var KIND_RE = /^[a-z][a-z0-9_-]{0,29}$/;
+function validateKind(kind) {
+  if (!KIND_RE.test(kind)) {
+    throw new NpValidationError("Invalid input", [
+      {
+        field: "kind",
+        message: "kind must match [a-z][a-z0-9_-]{0,29}"
+      }
+    ]);
+  }
+}
+async function addReaction(input) {
+  validateKind(input.kind);
+  const settings = await getCommunitySettings();
+  if (!settings.reactionKinds.includes(input.kind)) {
+    throw new NpValidationError("Invalid input", [
+      {
+        field: "kind",
+        message: `Reaction kind '${input.kind}' is not allowed on this site`
+      }
+    ]);
+  }
+  const scopes = await deriveScopesFor(input);
+  return withMemberWrite(input.memberId, scopes, async () => {
+    return doAddReaction(input);
+  });
+}
+async function deriveScopesFor(input) {
+  if (input.targetType !== "comment") return [];
+  const db = getDb();
+  const [comment] = await db.select({ targetType: npComments.targetType }).from(npComments).where(eq3(npComments.id, input.targetId)).limit(1);
+  if (!comment) return [];
+  return [{ type: "collection", id: comment.targetType }];
+}
+async function doAddReaction(input) {
+  const db = getDb();
+  const requestSiteId = await getCurrentSiteId() ?? NP_DEFAULT_SITE_ID;
+  let targetSiteId;
+  if (input.targetType === "comment") {
+    const [t] = await db.select({ siteId: npComments.siteId }).from(npComments).where(eq3(npComments.id, input.targetId)).limit(1);
+    targetSiteId = t?.siteId ?? requestSiteId;
+  } else {
+    targetSiteId = requestSiteId;
+  }
+  if (targetSiteId !== requestSiteId) {
+    throw new NpForbiddenError("reaction", "cross-site");
+  }
+  const inserted = await db.insert(npReactions).values({
+    targetType: input.targetType,
+    targetId: input.targetId,
+    memberId: input.memberId,
+    kind: input.kind,
+    siteId: targetSiteId
+  }).onConflictDoNothing().returning();
+  let row;
+  if (inserted.length > 0) {
+    row = inserted[0];
+  } else {
+    const [existing] = await db.select().from(npReactions).where(
+      and3(
+        eq3(npReactions.targetType, input.targetType),
+        eq3(npReactions.targetId, input.targetId),
+        eq3(npReactions.memberId, input.memberId),
+        eq3(npReactions.kind, input.kind)
+      )
+    ).limit(1);
+    if (!existing) throw new Error("Reaction conflict but row not found");
+    return existing;
+  }
+  if (input.targetType === "comment") {
+    const [comment] = await db.select({ memberId: npComments.memberId }).from(npComments).where(eq3(npComments.id, input.targetId)).limit(1);
+    if (comment && comment.memberId !== input.memberId) {
+      await createNotification({
+        memberId: comment.memberId,
+        kind: "reaction.received",
+        actorMemberId: input.memberId,
+        payload: {
+          reactorId: input.memberId,
+          targetType: input.targetType,
+          targetId: input.targetId,
+          reactionKind: input.kind
+        }
+      });
+      await applyReputation(comment.memberId, {
+        kind: "reaction.received",
+        reactionKind: input.kind,
+        recipientId: comment.memberId,
+        reactorId: input.memberId,
+        targetType: input.targetType,
+        targetId: input.targetId
+      });
+    }
+  }
+  return row;
+}
+async function removeReaction(input) {
+  validateKind(input.kind);
+  const db = getDb();
+  const requestSiteId = await getCurrentSiteId() ?? NP_DEFAULT_SITE_ID;
+  let recipientId = null;
+  if (input.targetType === "comment") {
+    const [comment] = await db.select({ memberId: npComments.memberId, siteId: npComments.siteId }).from(npComments).where(eq3(npComments.id, input.targetId)).limit(1);
+    if (comment && comment.siteId !== requestSiteId) {
+      throw new NpForbiddenError("reaction", "cross-site");
+    }
+    if (comment && comment.memberId !== input.memberId) {
+      recipientId = comment.memberId;
+    }
+  }
+  const deleted = await db.delete(npReactions).where(
+    and3(
+      eq3(npReactions.targetType, input.targetType),
+      eq3(npReactions.targetId, input.targetId),
+      eq3(npReactions.memberId, input.memberId),
+      eq3(npReactions.kind, input.kind),
+      eq3(npReactions.siteId, requestSiteId)
+    )
+  ).returning({ id: npReactions.id });
+  if (recipientId && deleted.length > 0) {
+    await applyReputation(recipientId, {
+      kind: "reaction.removed",
+      reactionKind: input.kind,
+      recipientId,
+      reactorId: input.memberId,
+      targetType: input.targetType,
+      targetId: input.targetId
+    });
+  }
+}
+async function countReactions(targetType, targetId) {
+  const db = getDb();
+  const rows = await db.select({ kind: npReactions.kind, total: count2() }).from(npReactions).where(and3(eq3(npReactions.targetType, targetType), eq3(npReactions.targetId, targetId))).groupBy(npReactions.kind);
+  const out = {};
+  for (const row of rows) out[row.kind] = Number(row.total);
+  return out;
+}
+async function listMemberReactions(targetType, targetId, memberId) {
+  const db = getDb();
+  const rows = await db.select({ kind: npReactions.kind }).from(npReactions).where(
+    and3(
+      eq3(npReactions.targetType, targetType),
+      eq3(npReactions.targetId, targetId),
+      eq3(npReactions.memberId, memberId)
+    )
+  );
+  return rows.map((r) => r.kind);
+}
+async function assertReactableExists(targetType, targetId) {
+  if (targetType !== "comment") {
+    throw new NpValidationError("Invalid input", [
+      {
+        field: "targetType",
+        message: `Reactions on '${targetType}' aren't supported yet \u2014 only 'comment' is wired today.`
+      }
+    ]);
+  }
+  const db = getDb();
+  const [comment] = await db.select({ id: npComments.id, status: npComments.status }).from(npComments).where(eq3(npComments.id, targetId)).limit(1);
+  if (!comment) throw new NpNotFoundError("comment", targetId);
+  if (comment.status === "deleted") {
+    throw new NpValidationError("Invalid input", [
+      { field: "targetId", message: "Cannot react to a deleted comment" }
+    ]);
+  }
+}
+
+// src/community/follows.ts
+import { and as and4, eq as eq4 } from "drizzle-orm";
+var SUPPORTED_TARGETS = ["member", "thread", "tag"];
+function assertSupportedTarget(targetType) {
+  if (!SUPPORTED_TARGETS.includes(targetType)) {
+    throw new NpValidationError("Invalid input", [
+      {
+        field: "targetType",
+        message: `targetType must be one of: ${SUPPORTED_TARGETS.join(", ")}`
+      }
+    ]);
+  }
+}
+async function follow(input) {
+  assertSupportedTarget(input.targetType);
+  if (input.targetType === "member" && input.targetId === input.followerId) {
+    throw new NpValidationError("Invalid input", [
+      { field: "targetId", message: "Members can't follow themselves." }
+    ]);
+  }
+  return withMemberWrite(input.followerId, [], async () => {
+    return doFollow(input);
+  });
+}
+async function doFollow(input) {
+  const db = getDb();
+  if (input.targetType === "member") {
+    const [target] = await db.select({ id: npMembers.id, status: npMembers.status }).from(npMembers).where(eq4(npMembers.id, input.targetId)).limit(1);
+    if (!target) throw new NpNotFoundError("member", input.targetId);
+    if (target.status !== "active") {
+      throw new NpValidationError("Invalid input", [
+        { field: "targetId", message: "Cannot follow a non-active member." }
+      ]);
+    }
+  } else {
+    throw new NpValidationError("Invalid input", [
+      {
+        field: "targetType",
+        message: `Following ${input.targetType} targets is not supported yet`
+      }
+    ]);
+  }
+  const siteId = await getCurrentSiteId() ?? NP_DEFAULT_SITE_ID;
+  const [inserted] = await db.insert(npFollows).values({
+    followerId: input.followerId,
+    targetType: input.targetType,
+    targetId: input.targetId,
+    siteId
+  }).onConflictDoNothing().returning();
+  if (inserted) {
+    if (input.targetType === "member") {
+      await createNotification({
+        memberId: input.targetId,
+        kind: "follow.received",
+        actorMemberId: input.followerId,
+        payload: { followerId: input.followerId }
+      });
+    }
+    return inserted;
+  }
+  const [existing] = await db.select().from(npFollows).where(
+    and4(
+      eq4(npFollows.followerId, input.followerId),
+      eq4(npFollows.targetType, input.targetType),
+      eq4(npFollows.targetId, input.targetId),
+      eq4(npFollows.siteId, siteId)
+    )
+  ).limit(1);
+  if (!existing) {
+    throw new Error("Follow insert hit conflict but re-select returned no row");
+  }
+  return existing;
+}
+async function unfollow(input) {
+  assertSupportedTarget(input.targetType);
+  const db = getDb();
+  const siteId = await getCurrentSiteId() ?? NP_DEFAULT_SITE_ID;
+  await db.delete(npFollows).where(
+    and4(
+      eq4(npFollows.followerId, input.followerId),
+      eq4(npFollows.targetType, input.targetType),
+      eq4(npFollows.targetId, input.targetId),
+      eq4(npFollows.siteId, siteId)
+    )
+  );
+}
+async function isFollowing(input) {
+  assertSupportedTarget(input.targetType);
+  const db = getDb();
+  const siteId = await getCurrentSiteId() ?? NP_DEFAULT_SITE_ID;
+  const [row] = await db.select({ id: npFollows.id }).from(npFollows).where(
+    and4(
+      eq4(npFollows.followerId, input.followerId),
+      eq4(npFollows.targetType, input.targetType),
+      eq4(npFollows.targetId, input.targetId),
+      eq4(npFollows.siteId, siteId)
+    )
+  ).limit(1);
+  return Boolean(row);
+}
+async function listFollowing(followerId, options = {}) {
+  const db = getDb();
+  const limit = Math.min(Math.max(options.limit ?? 50, 1), 200);
+  const offset = Math.max(options.offset ?? 0, 0);
+  const siteId = await getCurrentSiteId() ?? NP_DEFAULT_SITE_ID;
+  const where = options.targetType ? and4(
+    eq4(npFollows.followerId, followerId),
+    eq4(npFollows.targetType, options.targetType),
+    eq4(npFollows.siteId, siteId)
+  ) : and4(eq4(npFollows.followerId, followerId), eq4(npFollows.siteId, siteId));
+  const rows = await db.select().from(npFollows).where(where).limit(limit).offset(offset);
+  return rows;
+}
+
+// src/community/principal.ts
+async function principalCan(principal, action, target) {
+  const ownerOnly = action === "edit-own" || action === "delete-own";
+  switch (principal.kind) {
+    case "staff":
+      if (ownerOnly) return false;
+      return can(principal.user, "community.moderate");
+    case "member":
+      return memberCan(principal.memberId, action, target);
+    default: {
+      const _exhaustive = principal;
+      void _exhaustive;
+      return false;
+    }
+  }
+}
+
+// src/community/reports.ts
+import { and as and5, count as count3, desc as desc2, eq as eq5, isNotNull, isNull } from "drizzle-orm";
+var MAX_REASON_LENGTH = 1e3;
+var SUPPORTED_TARGETS2 = ["comment", "thread", "reply", "member"];
+function validateTargetType(value) {
+  if (!SUPPORTED_TARGETS2.includes(value)) {
+    throw new NpValidationError("Invalid input", [
+      {
+        field: "targetType",
+        message: `targetType must be one of: ${SUPPORTED_TARGETS2.join(", ")}`
+      }
+    ]);
+  }
+}
+async function fileReport(input) {
+  validateTargetType(input.targetType);
+  const targetId = input.targetId.trim();
+  if (targetId.length === 0) {
+    throw new NpValidationError("Invalid input", [
+      { field: "targetId", message: "targetId required" }
+    ]);
+  }
+  const reason = input.reason.trim();
+  if (reason.length === 0) {
+    throw new NpValidationError("Invalid input", [
+      { field: "reason", message: "Report reason required" }
+    ]);
+  }
+  if (reason.length > MAX_REASON_LENGTH) {
+    throw new NpValidationError("Invalid input", [
+      { field: "reason", message: `Reason must be \u2264 ${MAX_REASON_LENGTH} characters` }
+    ]);
+  }
+  return withMemberWrite(input.reporterId, [], async () => {
+    return doFileReport(input, targetId, reason);
+  });
+}
+async function doFileReport(input, targetId, reason) {
+  const target = await assertReportTargetExists(input.targetType, targetId);
+  const db = getDb();
+  const siteId = await requireSiteId();
+  if (target.siteId !== null && target.siteId !== siteId) {
+    throw new NpForbiddenError("report", "cross-site");
+  }
+  const [row] = await db.insert(npReports).values({
+    reporterId: input.reporterId,
+    targetType: input.targetType,
+    targetId,
+    reason,
+    siteId
+  }).returning();
+  if (!row) throw new Error("Report insert returned no row");
+  await recordAuditEvent({
+    actor: { kind: "member", memberId: input.reporterId },
+    action: "report.filed",
+    targetType: input.targetType,
+    targetId,
+    payload: { reportId: row.id, reason }
+  });
+  return row;
+}
+async function listReports(options = {}) {
+  const db = getDb();
+  const limit = Math.min(Math.max(options.limit ?? 50, 1), 200);
+  const offset = Math.max(options.offset ?? 0, 0);
+  const filters = [];
+  if (options.status === "resolved") filters.push(isNotNull(npReports.resolvedAt));
+  else if (options.status === "all") {
+  } else filters.push(isNull(npReports.resolvedAt));
+  if (options.targetType) filters.push(eq5(npReports.targetType, options.targetType));
+  if (options.siteId !== null) {
+    const resolvedSite = options.siteId !== void 0 ? options.siteId : await getCurrentSiteId();
+    if (resolvedSite !== null) {
+      filters.push(eq5(npReports.siteId, resolvedSite));
+    }
+  }
+  const where = filters.length > 0 ? and5(...filters) : void 0;
+  const reports = await db.select().from(npReports).where(where).orderBy(desc2(npReports.createdAt)).limit(limit).offset(offset);
+  const [totalRow] = await db.select({ total: count3() }).from(npReports).where(where);
+  return { reports, totalDocs: Number(totalRow?.total ?? 0) };
+}
+async function resolveReport(input) {
+  const resolution = input.resolution.trim();
+  if (resolution.length === 0) {
+    throw new NpValidationError("Invalid input", [
+      { field: "resolution", message: "Resolution label required" }
+    ]);
+  }
+  const db = getDb();
+  const requestSiteId = await requireSiteId();
+  const [existing] = await db.select().from(npReports).where(eq5(npReports.id, input.reportId)).limit(1);
+  if (!existing) throw new NpNotFoundError("report", input.reportId);
+  if (existing.siteId !== requestSiteId) {
+    throw new NpForbiddenError("report", "cross-site");
+  }
+  if (existing.resolvedAt) {
+    throw new NpValidationError("Invalid state", [
+      { field: "report", message: "Report already resolved" }
+    ]);
+  }
+  const resolvedByUserId = input.actor.kind === "staff" ? input.actor.user.id : null;
+  const resolvedByMemberId = input.actor.kind === "member" ? input.actor.memberId : null;
+  const [updated] = await db.update(npReports).set({
+    resolvedAt: /* @__PURE__ */ new Date(),
+    resolvedByUserId,
+    resolvedByMemberId,
+    resolution
+  }).where(and5(eq5(npReports.id, input.reportId), eq5(npReports.siteId, requestSiteId))).returning();
+  if (!updated) throw new Error("Report update returned no row");
+  await recordAuditEvent({
+    actor: input.actor.kind === "staff" ? { kind: "staff", userId: input.actor.user.id } : { kind: "member", memberId: input.actor.memberId },
+    action: "report.resolved",
+    targetType: existing.targetType,
+    targetId: existing.targetId,
+    payload: { reportId: existing.id, resolution }
+  });
+  return updated;
+}
+async function assertReportTargetExists(targetType, targetId) {
+  const db = getDb();
+  if (targetType === "comment" || targetType === "reply") {
+    const [row] = await db.select({ id: npComments.id, siteId: npComments.siteId }).from(npComments).where(eq5(npComments.id, targetId)).limit(1);
+    if (!row) throw new NpNotFoundError(targetType, targetId);
+    return { siteId: row.siteId };
+  }
+  if (targetType === "member") {
+    const [row] = await db.select({ id: npMembers.id }).from(npMembers).where(eq5(npMembers.id, targetId)).limit(1);
+    if (!row) throw new NpNotFoundError("member", targetId);
+    return { siteId: null };
+  }
+  if (targetType === "thread") {
+    const slug = "discussions";
+    let registered;
+    try {
+      registered = getCollectionRegistration(slug);
+    } catch {
+      registered = null;
+    }
+    if (!registered) {
+      throw new NpValidationError("Invalid input", [
+        {
+          field: "targetType",
+          message: "Reports against threads require the forum plugin's `discussions` collection to be registered."
+        }
+      ]);
+    }
+    const table = getCollectionTable(slug);
+    const idCol = table.id;
+    const siteCol = table.siteId;
+    const [row] = await db.select({ id: idCol, siteId: siteCol }).from(table).where(eq5(idCol, targetId)).limit(1);
+    if (!row) throw new NpNotFoundError("thread", targetId);
+    return { siteId: row.siteId ?? null };
+  }
+  throw new NpValidationError("Invalid input", [
+    {
+      field: "targetType",
+      message: `Reports against "${targetType}" are not supported`
+    }
+  ]);
+}
+async function unresolvedReportCount() {
+  const db = getDb();
+  const siteId = await getCurrentSiteId() ?? NP_DEFAULT_SITE_ID;
+  const [row] = await db.select({ total: count3() }).from(npReports).where(and5(eq5(npReports.siteId, siteId), isNull(npReports.resolvedAt)));
+  return Number(row?.total ?? 0);
+}
+
+// src/community/bans.ts
+import { and as and6, desc as desc3, eq as eq6, gt, isNull as isNull2, or as or2 } from "drizzle-orm";
+async function issueBan(input) {
+  if (input.kind === "temporary" && !(input.expiresAt instanceof Date)) {
+    throw new NpValidationError("Invalid input", [
+      { field: "expiresAt", message: "Temporary bans require an expiresAt timestamp" }
+    ]);
+  }
+  if (input.scopeType !== "site" && !input.scopeId) {
+    throw new NpValidationError("Invalid input", [
+      { field: "scopeId", message: "Scoped bans require a scopeId" }
+    ]);
+  }
+  const db = getDb();
+  const byUserId = input.actor.kind === "staff" ? input.actor.user.id : null;
+  const byMemberId = input.actor.kind === "member" ? input.actor.memberId : null;
+  const siteId = await requireSiteId();
+  const [row] = await db.insert(npBans).values({
+    memberId: input.memberId,
+    scopeType: input.scopeType,
+    scopeId: input.scopeId ?? null,
+    kind: input.kind,
+    expiresAt: input.expiresAt ?? null,
+    reason: input.reason ?? null,
+    byUserId,
+    byMemberId,
+    siteId
+  }).returning();
+  if (!row) throw new Error("Ban insert returned no row");
+  await recordAuditEvent({
+    actor: input.actor.kind === "staff" ? { kind: "staff", userId: input.actor.user.id } : { kind: "member", memberId: input.actor.memberId },
+    action: "member.ban",
+    targetType: "member",
+    targetId: input.memberId,
+    payload: {
+      banId: row.id,
+      scopeType: row.scopeType,
+      scopeId: row.scopeId,
+      kind: row.kind,
+      expiresAt: row.expiresAt?.toISOString() ?? null,
+      reason: row.reason
+    }
+  });
+  return row;
+}
+async function listBansForMember(memberId) {
+  const db = getDb();
+  const siteId = await getCurrentSiteId() ?? NP_DEFAULT_SITE_ID;
+  const now = /* @__PURE__ */ new Date();
+  return await db.select().from(npBans).where(
+    and6(
+      eq6(npBans.memberId, memberId),
+      eq6(npBans.siteId, siteId),
+      or2(isNull2(npBans.expiresAt), gt(npBans.expiresAt, now))
+    )
+  ).orderBy(desc3(npBans.createdAt));
+}
+async function revokeBan(input) {
+  const db = getDb();
+  const requestSiteId = await requireSiteId();
+  const [existing] = await db.select().from(npBans).where(eq6(npBans.id, input.banId)).limit(1);
+  if (!existing) throw new NpNotFoundError("ban", input.banId);
+  if (existing.siteId !== requestSiteId) {
+    throw new NpForbiddenError("ban", "cross-site");
+  }
+  await db.delete(npBans).where(and6(eq6(npBans.id, input.banId), eq6(npBans.siteId, requestSiteId)));
+  await recordAuditEvent({
+    actor: input.actor.kind === "staff" ? { kind: "staff", userId: input.actor.user.id } : { kind: "member", memberId: input.actor.memberId },
+    action: "member.unban",
+    targetType: "member",
+    targetId: existing.memberId,
+    payload: { banId: existing.id, scopeType: existing.scopeType, scopeId: existing.scopeId }
+  });
+}
+
+// src/community/grants.ts
+import { and as and7, desc as desc4, eq as eq7, gt as gt2, isNull as isNull3, or as or3 } from "drizzle-orm";
+async function grantMemberRole(input) {
+  const definition = getCommunityRole(input.role, input.scopeType);
+  if (!definition) {
+    throw new NpValidationError("Invalid input", [
+      {
+        field: "role",
+        message: `Unknown role '${input.role}' for scope '${input.scopeType}'`
+      }
+    ]);
+  }
+  const scopeId = input.scopeType === "site" ? null : (input.scopeId ?? "").trim();
+  if (input.scopeType !== "site" && !scopeId) {
+    throw new NpValidationError("Invalid input", [
+      { field: "scopeId", message: "scopeId required for non-site grants" }
+    ]);
+  }
+  if (input.expiresAt instanceof Date && input.expiresAt.getTime() <= Date.now()) {
+    throw new NpValidationError("Invalid input", [
+      { field: "expiresAt", message: "expiresAt must be in the future" }
+    ]);
+  }
+  const db = getDb();
+  const normalizedScopeId = scopeId === "" ? null : scopeId;
+  const siteId = await getCurrentSiteId() ?? NP_DEFAULT_SITE_ID;
+  const existing = await db.select({ id: npMemberRoles.id }).from(npMemberRoles).where(
+    and7(
+      eq7(npMemberRoles.memberId, input.memberId),
+      eq7(npMemberRoles.role, input.role),
+      eq7(npMemberRoles.scopeType, input.scopeType),
+      eq7(npMemberRoles.siteId, siteId),
+      normalizedScopeId === null ? isNull3(npMemberRoles.scopeId) : eq7(npMemberRoles.scopeId, normalizedScopeId)
+    )
+  ).limit(1);
+  if (existing.length > 0) {
+    throw new NpConflictError(`Member already has this role grant in scope '${input.scopeType}'.`);
+  }
+  let row;
+  try {
+    const [inserted] = await db.insert(npMemberRoles).values({
+      memberId: input.memberId,
+      role: input.role,
+      scopeType: input.scopeType,
+      scopeId: normalizedScopeId,
+      siteId,
+      grantedBy: input.grantedByUserId,
+      expiresAt: input.expiresAt ?? null
+    }).returning();
+    if (!inserted) throw new Error("Grant insert returned no row");
+    row = inserted;
+  } catch (err) {
+    const code = err?.code;
+    const message = err instanceof Error ? err.message : "";
+    if (code === "23505" || /unique|23505|duplicate key/i.test(message)) {
+      throw new NpConflictError(
+        `Member already has this role grant in scope '${input.scopeType}'.`
+      );
+    }
+    throw err;
+  }
+  await recordAuditEvent({
+    actor: { kind: "staff", userId: input.grantedByUserId },
+    action: "member.role.grant",
+    targetType: "member",
+    targetId: input.memberId,
+    payload: {
+      grantId: row.id,
+      role: row.role,
+      scopeType: row.scopeType,
+      scopeId: row.scopeId,
+      expiresAt: row.expiresAt?.toISOString() ?? null
+    }
+  });
+  return row;
+}
+async function listMemberRoleGrants(memberId) {
+  const db = getDb();
+  const siteId = await getCurrentSiteId() ?? NP_DEFAULT_SITE_ID;
+  const now = /* @__PURE__ */ new Date();
+  return await db.select().from(npMemberRoles).where(
+    and7(
+      eq7(npMemberRoles.memberId, memberId),
+      eq7(npMemberRoles.siteId, siteId),
+      or3(isNull3(npMemberRoles.expiresAt), gt2(npMemberRoles.expiresAt, now))
+    )
+  ).orderBy(desc4(npMemberRoles.grantedAt));
+}
+async function revokeMemberRole(input) {
+  const db = getDb();
+  const requestSiteId = await requireSiteId();
+  const deleted = await db.delete(npMemberRoles).where(and7(eq7(npMemberRoles.id, input.grantId), eq7(npMemberRoles.siteId, requestSiteId))).returning();
+  if (deleted.length === 0) {
+    throw new NpNotFoundError("memberRoleGrant", input.grantId);
+  }
+  const [existing] = deleted;
+  await recordAuditEvent({
+    actor: { kind: "staff", userId: input.revokedByUserId },
+    action: "member.role.revoke",
+    targetType: "member",
+    targetId: existing.memberId,
+    payload: {
+      grantId: existing.id,
+      role: existing.role,
+      scopeType: existing.scopeType,
+      scopeId: existing.scopeId
+    }
+  });
+}
+
+// src/community/member-admin.ts
+import { and as and9, eq as eq11, isNull as isNull4, ne as ne2 } from "drizzle-orm";
+
+// src/collections/revisions.ts
+import { and as and8, desc as desc5, eq as eq8, count as count4 } from "drizzle-orm";
+function normalizeLimit(limit) {
+  if (!limit || limit < 1) return 20;
+  return Math.min(Math.floor(limit), 100);
+}
+function normalizeOffset(offset) {
+  if (!offset || offset < 0) return 0;
+  return Math.floor(offset);
+}
+function assertVersionsEnabled(collection) {
+  const config = getCollectionConfig(collection);
+  if (!config.versions) {
+    throw new NpValidationError("Revisions not enabled", [
+      {
+        field: "collection",
+        message: `Collection "${collection}" has no versions config \u2014 enable versions.drafts to persist revisions.`
+      }
+    ]);
+  }
+}
+async function assertReadAccess(collection, user, doc) {
+  const config = getCollectionConfig(collection);
+  if (!user) {
+    throw new NpForbiddenError(collection, "read-revision");
+  }
+  if (config.access?.update) {
+    const allowed = await config.access.update({ user, doc: doc ?? void 0 });
+    if (!allowed) {
+      throw new NpForbiddenError(collection, "read-revision");
+    }
+    return;
+  }
+  if (user.role !== "admin" && user.role !== "editor") {
+    throw new NpForbiddenError(collection, "read-revision");
+  }
+}
+function toRevisionSnapshot(value) {
+  if (!value || typeof value !== "object" || Array.isArray(value)) {
+    throw new NpValidationError("Invalid revision snapshot", [
+      { field: "snapshot", message: "Snapshot must be a JSON object" }
+    ]);
+  }
+  return value;
+}
+async function listRevisions(collection, documentId, options = {}, user = null) {
+  assertVersionsEnabled(collection);
+  const targetDoc = await getDocumentById(collection, documentId, user ?? void 0);
+  await assertReadAccess(collection, user, targetDoc);
+  const db = getDb();
+  const limit = normalizeLimit(options.limit);
+  const offset = normalizeOffset(options.offset);
+  const filter = and8(
+    eq8(npRevisions.collection, collection),
+    eq8(npRevisions.documentId, documentId)
+  );
+  const rows = await db.select({
+    id: npRevisions.id,
+    collection: npRevisions.collection,
+    documentId: npRevisions.documentId,
+    version: npRevisions.version,
+    status: npRevisions.status,
+    changedFields: npRevisions.changedFields,
+    authorId: npRevisions.authorId,
+    createdAt: npRevisions.createdAt
+  }).from(npRevisions).where(filter).orderBy(desc5(npRevisions.version)).limit(limit).offset(offset);
+  const [totalRow] = await db.select({ total: count4() }).from(npRevisions).where(filter);
+  return {
+    revisions: rows.map((row) => ({
+      ...row,
+      changedFields: row.changedFields ?? []
+    })),
+    total: Number(totalRow?.total ?? 0)
+  };
+}
+async function getRevision(collection, documentId, revisionId, user = null) {
+  assertVersionsEnabled(collection);
+  const targetDoc = await getDocumentById(collection, documentId, user ?? void 0);
+  await assertReadAccess(collection, user, targetDoc);
+  const db = getDb();
+  const [row] = await db.select().from(npRevisions).where(
+    and8(
+      eq8(npRevisions.id, revisionId),
+      eq8(npRevisions.collection, collection),
+      eq8(npRevisions.documentId, documentId)
+    )
+  ).limit(1);
+  if (!row) {
+    throw new NpNotFoundError("revision", revisionId);
+  }
+  return {
+    id: row.id,
+    collection: row.collection,
+    documentId: row.documentId,
+    version: row.version,
+    status: row.status,
+    changedFields: row.changedFields ?? [],
+    snapshot: toRevisionSnapshot(row.snapshot),
+    authorId: row.authorId,
+    createdAt: row.createdAt
+  };
+}
+async function restoreRevision(collection, documentId, revisionId, user) {
+  const revision = await getRevision(collection, documentId, revisionId, user);
+  return saveDocument(collection, documentId, revision.snapshot, user, {
+    status: revision.status === "published" ? "published" : "draft"
+  });
+}
+
+// src/collections/pending-queue.ts
+import { sql as sql2 } from "drizzle-orm";
+function getTableColumn(table, name) {
+  return table[name];
+}
+function buildPendingBranch(slug) {
+  let config;
+  try {
+    config = getCollectionConfig(slug);
+  } catch {
+    return null;
+  }
+  if (!config.community?.memberWrite?.create) return null;
+  const table = getCollectionTable(slug);
+  const titleCol = getTableColumn(table, "title");
+  if (!titleCol) return null;
+  const slugCol = getTableColumn(table, "slug");
+  return sql2`
+    SELECT
+      ${slug}::text AS collection_slug,
+      id,
+      title,
+      ${slugCol ? sql2`slug` : sql2`NULL::text`} AS doc_slug,
+      created_at,
+      member_author_id
+    FROM ${table}
+    WHERE status = 'pending' AND member_author_id IS NOT NULL
+  `;
+}
+async function listPendingMemberDocs(options = {}) {
+  const limit = Math.min(Math.max(options.limit ?? 50, 1), 200);
+  const offset = Math.max(options.offset ?? 0, 0);
+  const slugs = options.collectionSlug ? [options.collectionSlug] : getAllCollectionSlugs();
+  const db = getDb();
+  const branches = [];
+  for (const slug of slugs) {
+    const branch = buildPendingBranch(slug);
+    if (branch) branches.push(branch);
+  }
+  if (branches.length === 0) {
+    return { docs: [], totalDocs: 0 };
+  }
+  const union = sql2.join(branches, sql2` UNION ALL `);
+  const [countRow] = (await db.execute(
+    sql2`SELECT count(*)::int AS total FROM (${union}) p`
+  )).rows;
+  const totalDocs = Number(countRow?.total ?? 0);
+  const result = await db.execute(sql2`
+    SELECT
+      p.collection_slug AS collection_slug,
+      p.id AS id,
+      p.title AS title,
+      p.doc_slug AS doc_slug,
+      p.created_at AS created_at,
+      m.id AS member_id,
+      m.handle AS member_handle,
+      m.display_name AS member_display_name
+    FROM (${union}) p
+    LEFT JOIN ${npMembers} m ON m.id = p.member_author_id
+    ORDER BY p.created_at DESC
+    LIMIT ${limit} OFFSET ${offset}
+  `);
+  const docs = result.rows.map((row) => ({
+    id: row.id,
+    collectionSlug: row.collection_slug,
+    title: typeof row.title === "string" && row.title.length > 0 ? row.title : "(untitled)",
+    slug: row.doc_slug,
+    status: "pending",
+    createdAt: row.created_at instanceof Date ? row.created_at : new Date(row.created_at),
+    memberAuthor: row.member_id && row.member_handle && row.member_display_name ? {
+      id: row.member_id,
+      handle: row.member_handle,
+      displayName: row.member_display_name
+    } : null
+  }));
+  return { docs, totalDocs };
+}
+
+// src/collections/search-api.ts
+import { eq as eq9 } from "drizzle-orm";
+
+// src/collections/search-adapter.ts
+var currentAdapter = null;
+function setSearchAdapter(adapter) {
+  if (typeof adapter?.search !== "function") {
+    throw new Error("setSearchAdapter: adapter must implement search()");
+  }
+  currentAdapter = adapter;
+}
+function getSearchAdapter() {
+  return currentAdapter;
+}
+function resetSearchAdapter() {
+  currentAdapter = null;
+}
+
+// src/collections/search-api.ts
+var DEFAULT_LIMIT = 10;
+var MAX_LIMIT = 50;
+function normalizeLimit2(limit) {
+  if (!limit || limit < 1) return DEFAULT_LIMIT;
+  return Math.min(Math.floor(limit), MAX_LIMIT);
+}
+function hasSearchVectorColumn(table) {
+  return table.searchVector !== void 0;
+}
+async function searchCollections(opts) {
+  const query = opts.q.trim();
+  if (query.length === 0) {
+    return { results: [], total: 0, perCollection: {} };
+  }
+  const slugs = opts.collections ?? getAllCollectionSlugs();
+  const limit = normalizeLimit2(opts.limit);
+  const offset = opts.offset ?? 0;
+  const baseWhere = opts.where ?? { status: "published" };
+  const adapter = getSearchAdapter();
+  if (adapter) {
+    try {
+      const adapterResult = await adapter.search({
+        q: query,
+        collections: opts.collections,
+        limit,
+        offset,
+        locale: opts.locale
+      });
+      if (adapterResult) return adapterResult;
+    } catch (err) {
+      const { getLogger: getLogger2 } = await import("./logger-S7REWDNE.js");
+      getLogger2().warn("search adapter threw \u2014 falling back to pg tsvector", {
+        error: err instanceof Error ? err.message : String(err)
+      });
+    }
+  }
+  const results = [];
+  const perCollection = {};
+  let total = 0;
+  for (const slug of slugs) {
+    let table;
+    try {
+      table = getCollectionTable(slug);
+    } catch {
+      continue;
+    }
+    if (!hasSearchVectorColumn(table)) continue;
+    const config = getCollectionConfig(slug);
+    const collectionLocale = config.i18n && opts.locale ? opts.locale : void 0;
+    const page = await findDocuments(slug, {
+      search: query,
+      where: baseWhere,
+      limit,
+      page: 1,
+      ...collectionLocale ? { locale: collectionLocale } : {}
+    });
+    perCollection[slug] = page.totalDocs;
+    total += page.totalDocs;
+    for (const doc of page.docs) {
+      results.push({ collection: slug, doc });
+    }
+  }
+  return {
+    results: results.slice(offset, offset + limit),
+    total,
+    perCollection
+  };
+}
+function getTableColumn2(table, key) {
+  const column = table[key];
+  if (!column) {
+    throw new Error(`Column '${key}' not found on collection table.`);
+  }
+  return column;
+}
+async function reindexCollection(slug) {
+  const config = getCollectionConfig(slug);
+  const table = getCollectionTable(slug);
+  if (!hasSearchVectorColumn(table)) {
+    return { collection: slug, processed: 0 };
+  }
+  const db = getDb();
+  const idCol = getTableColumn2(table, "id");
+  const rows = await db.select().from(table);
+  let processed = 0;
+  for (const row of rows) {
+    const weighted = buildWeightedSearchVectorSql(config, row);
+    await db.update(table).set({ searchVector: weighted }).where(eq9(idCol, row.id));
+    processed += 1;
+  }
+  return { collection: slug, processed };
+}
+
+// src/collections/translations.ts
+import { eq as eq10, sql as sql3 } from "drizzle-orm";
+function getTableColumn3(table, name) {
+  const column = table[name];
+  if (!column) {
+    throw new Error(`Column "${name}" not found on table`);
+  }
+  return column;
+}
+async function findTranslations(collection, docId) {
+  const config = getCollectionConfig(collection);
+  if (!config.i18n) {
+    throw new NpValidationError("Invalid input", [
+      {
+        field: "collection",
+        message: `Collection "${collection}" is not i18n-enabled`
+      }
+    ]);
+  }
+  const table = getCollectionTable(collection);
+  const db = getDb();
+  const source = await getDocumentById(collection, docId);
+  if (!source) throw new NpNotFoundError(collection, docId);
+  const groupId = source.translationGroupId;
+  if (!groupId) {
+    throw new Error(
+      `Doc ${docId} in collection "${collection}" has no translationGroupId`
+    );
+  }
+  const rows = await db.select().from(table).where(
+    eq10(getTableColumn3(table, "translationGroupId"), groupId)
+  );
+  const ordering = getI18nConfig()?.locales ?? [];
+  const rank = (locale) => {
+    const i = ordering.indexOf(locale);
+    return i === -1 ? Number.MAX_SAFE_INTEGER : i;
+  };
+  return rows.map(
+    (r) => ({
+      id: String(r.id),
+      locale: String(r.locale),
+      slug: String(r.slug),
+      status: String(r.status),
+      title: r.title,
+      updatedAt: r.updatedAt,
+      translationGroupId: String(r.translationGroupId)
+    })
+  ).sort((a, b) => rank(a.locale) - rank(b.locale));
+}
+async function createTranslation(collection, sourceDocId, targetLocale, user) {
+  const config = getCollectionConfig(collection);
+  if (!config.i18n) {
+    throw new NpValidationError("Invalid input", [
+      {
+        field: "collection",
+        message: `Collection "${collection}" is not i18n-enabled`
+      }
+    ]);
+  }
+  const i18n = getI18nConfig();
+  if (!i18n) {
+    throw new Error("i18n config is not initialised");
+  }
+  if (!i18n.locales.includes(targetLocale)) {
+    throw new NpValidationError("Invalid input", [
+      {
+        field: "targetLocale",
+        message: `Locale "${targetLocale}" is not configured`
+      }
+    ]);
+  }
+  const source = await getDocumentById(collection, sourceDocId);
+  if (!source) throw new NpNotFoundError(collection, sourceDocId);
+  const sourceLocale = source.locale;
+  if (sourceLocale === targetLocale) {
+    throw new NpValidationError("Invalid input", [
+      {
+        field: "targetLocale",
+        message: `Source row is already in locale "${targetLocale}"`
+      }
+    ]);
+  }
+  const existing = await findTranslations(collection, sourceDocId);
+  if (existing.some((r) => r.locale === targetLocale)) {
+    throw new NpValidationError("Invalid input", [
+      {
+        field: "targetLocale",
+        message: `A "${targetLocale}" translation already exists for this document`
+      }
+    ]);
+  }
+  const groupId = source.translationGroupId;
+  if (!groupId) {
+    throw new Error(
+      `Doc ${sourceDocId} in collection "${collection}" has no translationGroupId`
+    );
+  }
+  const {
+    id,
+    slug,
+    locale,
+    status,
+    _status,
+    createdAt,
+    updatedAt,
+    createdBy,
+    updatedBy,
+    searchVector,
+    translationGroupId,
+    ...content
+  } = source;
+  void id;
+  void slug;
+  void locale;
+  void status;
+  void _status;
+  void createdAt;
+  void updatedAt;
+  void createdBy;
+  void updatedBy;
+  void searchVector;
+  void translationGroupId;
+  const result = await saveDocument(
+    collection,
+    null,
+    {
+      ...content,
+      locale: targetLocale,
+      translationGroupId: groupId
+    },
+    user,
+    { status: "draft" }
+  );
+  return { id: result.doc.id };
+}
+async function getTranslationProgress() {
+  const i18n = getI18nConfig();
+  if (!i18n) return null;
+  const db = getDb();
+  const out = [];
+  for (const slug of getAllCollectionSlugs()) {
+    const config = getCollectionConfig(slug);
+    if (!config.i18n) continue;
+    const table = getCollectionTable(slug);
+    const localeCol = getTableColumn3(table, "locale");
+    const groupCol = getTableColumn3(table, "translationGroupId");
+    const localeRows = await db.select({
+      locale: localeCol,
+      count: sql3`count(*)::int`
+    }).from(table).groupBy(localeCol);
+    const totalRows = await db.select({
+      groups: sql3`count(distinct ${groupCol})::int`
+    }).from(table);
+    const totalGroups = totalRows[0]?.groups ?? 0;
+    const counts = Object.fromEntries(
+      i18n.locales.map((loc) => [loc, 0])
+    );
+    for (const row of localeRows) {
+      if (row.locale in counts) {
+        counts[row.locale] = row.count;
+      }
+    }
+    const perLocale = {};
+    for (const loc of i18n.locales) {
+      const count5 = counts[loc] ?? 0;
+      perLocale[loc] = {
+        count: count5,
+        missing: Math.max(0, totalGroups - count5)
+      };
+    }
+    out.push({
+      collection: slug,
+      totalGroups,
+      perLocale
+    });
+  }
+  return {
+    defaultLocale: i18n.defaultLocale,
+    locales: i18n.locales,
+    collections: out
+  };
+}
+
+// src/community/member-admin.ts
+async function purgeMemberContent(memberId, staffUser) {
+  const db = getDb();
+  const [memberRow] = await db.select({ id: npMembers.id }).from(npMembers).where(eq11(npMembers.id, memberId)).limit(1);
+  if (!memberRow) {
+    throw new NpNotFoundError("member", memberId);
+  }
+  const liveComments = await db.select({ id: npComments.id }).from(npComments).where(
+    and9(eq11(npComments.memberId, memberId), ne2(npComments.status, "deleted"))
+  );
+  let commentsDeleted = 0;
+  for (const row of liveComments) {
+    try {
+      await staffDeleteComment(row.id, staffUser.id);
+      commentsDeleted += 1;
+    } catch (err) {
+      if (err instanceof NpNotFoundError) continue;
+      throw err;
+    }
+  }
+  const documents = {};
+  for (const slug of getAllCollectionSlugs()) {
+    let config;
+    try {
+      config = getCollectionConfig(slug);
+    } catch {
+      continue;
+    }
+    if (!config.community?.memberWrite?.create) continue;
+    const table = getCollectionTable(slug);
+    const memberAuthorCol = table.memberAuthorId;
+    const idCol = table.id;
+    if (!memberAuthorCol || !idCol) continue;
+    const rows = await db.select({ id: idCol }).from(table).where(eq11(memberAuthorCol, memberId));
+    let perCollection = 0;
+    for (const row of rows) {
+      try {
+        await deleteDocument(slug, row.id, staffUser);
+        perCollection += 1;
+      } catch (err) {
+        if (err instanceof NpNotFoundError) continue;
+        throw err;
+      }
+    }
+    if (perCollection > 0) documents[slug] = perCollection;
+  }
+  const mediaDb = getDb();
+  const liveMedia = await mediaDb.select({ id: npMedia.id }).from(npMedia).where(
+    and9(eq11(npMedia.uploadedByMemberId, memberId), isNull4(npMedia.deletedAt))
+  );
+  let mediaDeleted = 0;
+  let mediaSkipped = 0;
+  for (const row of liveMedia) {
+    const result = await deleteMedia(row.id);
+    if (result.deleted) mediaDeleted += 1;
+    else mediaSkipped += 1;
+  }
+  await recordAuditEvent({
+    actor: { kind: "staff", userId: staffUser.id },
+    action: "member.content.purge",
+    targetType: "member",
+    targetId: memberId,
+    payload: {
+      comments: commentsDeleted,
+      documents,
+      media: { deleted: mediaDeleted, skipped: mediaSkipped }
+    }
+  });
+  return {
+    comments: commentsDeleted,
+    documents,
+    media: { deleted: mediaDeleted, skipped: mediaSkipped }
+  };
+}
+
+export {
+  listRevisions,
+  getRevision,
+  restoreRevision,
+  listPendingMemberDocs,
+  setSearchAdapter,
+  getSearchAdapter,
+  resetSearchAdapter,
+  searchCollections,
+  reindexCollection,
+  findTranslations,
+  createTranslation,
+  getTranslationProgress,
+  getMemberProfile,
+  getMemberProfiles,
+  renderCommentMarkdown,
+  createComment,
+  listComments,
+  updateComment,
+  deleteComment,
+  hideComment,
+  restoreComment,
+  staffHideComment,
+  staffRestoreComment,
+  staffDeleteComment,
+  DEFAULT_REACTION_KINDS,
+  addReaction,
+  removeReaction,
+  countReactions,
+  listMemberReactions,
+  assertReactableExists,
+  follow,
+  unfollow,
+  isFollowing,
+  listFollowing,
+  principalCan,
+  fileReport,
+  listReports,
+  resolveReport,
+  unresolvedReportCount,
+  issueBan,
+  listBansForMember,
+  revokeBan,
+  grantMemberRole,
+  listMemberRoleGrants,
+  revokeMemberRole,
+  purgeMemberContent
+};
+//# sourceMappingURL=chunk-6YI5K2TI.js.map