npm - @revealui/core - Versions diffs - 0.2.1 → 0.3.0 - Mend

@revealui/core 0.2.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (325) hide show

package/dist/api/compression.d.ts.map +1 -1
package/dist/api/payload-optimization.d.ts.map +1 -1
package/dist/api/rate-limit.d.ts +29 -28
package/dist/api/rate-limit.d.ts.map +1 -1
package/dist/api/rate-limit.js +63 -3
package/dist/api/response-cache.d.ts.map +1 -1
package/dist/api/response-cache.js +1 -1
package/dist/api/rest.d.ts.map +1 -1
package/dist/api/rest.js +3 -2
package/dist/auth/access.d.ts.map +1 -1
package/dist/auth/index.d.ts.map +1 -1
package/dist/cache/query-cache.d.ts +12 -10
package/dist/cache/query-cache.d.ts.map +1 -1
package/dist/cache/query-cache.js +38 -42
package/dist/caching/app-cache.d.ts +5 -0
package/dist/caching/app-cache.d.ts.map +1 -1
package/dist/caching/app-cache.js +9 -1
package/dist/caching/cdn-config.d.ts.map +1 -1
package/dist/caching/cdn-config.js +4 -0
package/dist/caching/edge-cache.d.ts +1 -1
package/dist/caching/edge-cache.d.ts.map +1 -1
package/dist/caching/edge-cache.js +36 -7
package/dist/caching/index.d.ts +6 -0
package/dist/caching/index.d.ts.map +1 -0
package/dist/caching/index.js +5 -0
package/dist/caching/service-worker.d.ts +6 -3
package/dist/caching/service-worker.d.ts.map +1 -1
package/dist/caching/service-worker.js +3 -2
package/dist/client/admin/RichText.d.ts +1 -1
package/dist/client/admin/RichText.d.ts.map +1 -1
package/dist/client/admin/components/AdminDashboard.d.ts.map +1 -1
package/dist/client/admin/components/AdminDashboard.js +178 -205
package/dist/client/admin/components/CollectionList.d.ts.map +1 -1
package/dist/client/admin/components/DocumentForm.d.ts.map +1 -1
package/dist/client/admin/components/DocumentForm.js +130 -6
package/dist/client/admin/components/GlobalForm.d.ts.map +1 -1
package/dist/client/admin/context/ServerFunctionContext.d.ts +8 -0
package/dist/client/admin/context/ServerFunctionContext.d.ts.map +1 -0
package/dist/client/admin/context/ServerFunctionContext.js +15 -0
package/dist/client/admin/i18n/en.d.ts.map +1 -1
package/dist/client/admin/index.d.ts +1 -0
package/dist/client/admin/index.d.ts.map +1 -1
package/dist/client/admin/index.js +1 -0
package/dist/client/admin/layout.d.ts +1 -1
package/dist/client/admin/layout.d.ts.map +1 -1
package/dist/client/admin/layout.js +3 -2
package/dist/client/admin/page.d.ts.map +1 -1
package/dist/client/admin/utils/apiClient.d.ts.map +1 -1
package/dist/client/admin/utils/apiClient.js +0 -4
package/dist/client/admin/utils/index.d.ts +0 -1
package/dist/client/admin/utils/index.d.ts.map +1 -1
package/dist/client/admin/utils/index.js +0 -1
package/dist/client/admin/utils/serializeConfig.d.ts.map +1 -1
package/dist/client/hooks.d.ts.map +1 -1
package/dist/client/index.d.ts.map +1 -1
package/dist/client/richtext/RichTextEditor.d.ts.map +1 -1
package/dist/client/richtext/components/ImageNodeComponent.d.ts.map +1 -1
package/dist/client/richtext/components/ImageNodeComponent.js +0 -1
package/dist/client/richtext/components/ImageUploadButton.d.ts +2 -0
package/dist/client/richtext/components/ImageUploadButton.d.ts.map +1 -1
package/dist/client/richtext/components/ImageUploadButton.js +30 -15
package/dist/client/richtext/index.d.ts.map +1 -1
package/dist/client/richtext/nodes/DecoratorBlockNode.d.ts.map +1 -1
package/dist/client/richtext/nodes/ImageNode.d.ts.map +1 -1
package/dist/client/richtext/plugins/CollaborationPlugin.d.ts.map +1 -1
package/dist/client/richtext/plugins/CursorsOverlayPlugin.d.ts.map +1 -1
package/dist/client/richtext/plugins/FloatingToolbarPlugin.d.ts.map +1 -1
package/dist/client/richtext/plugins/ImagePlugin.d.ts.map +1 -1
package/dist/client/richtext/plugins/ToolbarPlugin.d.ts.map +1 -1
package/dist/client/ui/index.d.ts.map +1 -1
package/dist/client/ui/index.js +1 -1
package/dist/collections/CollectionOperations.d.ts +7 -7
package/dist/collections/CollectionOperations.d.ts.map +1 -1
package/dist/collections/CollectionOperations.js +15 -1
package/dist/collections/hooks.d.ts.map +1 -1
package/dist/collections/index.d.ts.map +1 -1
package/dist/collections/operations/create.d.ts +2 -4
package/dist/collections/operations/create.d.ts.map +1 -1
package/dist/collections/operations/create.js +7 -5
package/dist/collections/operations/createMany.d.ts +12 -0
package/dist/collections/operations/createMany.d.ts.map +1 -0
package/dist/collections/operations/createMany.js +43 -0
package/dist/collections/operations/delete.d.ts +1 -1
package/dist/collections/operations/delete.d.ts.map +1 -1
package/dist/collections/operations/delete.js +31 -2
package/dist/collections/operations/deleteMany.d.ts +11 -0
package/dist/collections/operations/deleteMany.d.ts.map +1 -0
package/dist/collections/operations/deleteMany.js +50 -0
package/dist/collections/operations/fieldHooks.d.ts +2 -2
package/dist/collections/operations/fieldHooks.d.ts.map +1 -1
package/dist/collections/operations/fieldHooks.js +4 -4
package/dist/collections/operations/find.d.ts +2 -4
package/dist/collections/operations/find.d.ts.map +1 -1
package/dist/collections/operations/find.js +115 -8
package/dist/collections/operations/findById.d.ts +3 -4
package/dist/collections/operations/findById.d.ts.map +1 -1
package/dist/collections/operations/findById.js +53 -1
package/dist/collections/operations/sqlAdapter.d.ts +23 -0
package/dist/collections/operations/sqlAdapter.d.ts.map +1 -0
package/dist/collections/operations/sqlAdapter.js +76 -0
package/dist/collections/operations/update.d.ts +3 -5
package/dist/collections/operations/update.d.ts.map +1 -1
package/dist/collections/operations/update.js +103 -11
package/dist/collections/operations/updateMany.d.ts +11 -0
package/dist/collections/operations/updateMany.d.ts.map +1 -0
package/dist/collections/operations/updateMany.js +52 -0
package/dist/collections/registry.d.ts +12 -0
package/dist/collections/registry.d.ts.map +1 -0
package/dist/collections/registry.js +38 -0
package/dist/config/index.d.ts.map +1 -1
package/dist/config/runtime.d.ts.map +1 -1
package/dist/config/utils.d.ts +0 -10
package/dist/config/utils.d.ts.map +1 -1
package/dist/config/utils.js +0 -13
package/dist/database/index.d.ts +3 -0
package/dist/database/index.d.ts.map +1 -1
package/dist/database/index.js +1 -5
package/dist/database/safe-parse.d.ts.map +1 -1
package/dist/database/ssl-config.d.ts.map +1 -1
package/dist/database/type-adapter.d.ts.map +1 -1
package/dist/database/universal-postgres.d.ts.map +1 -1
package/dist/database/universal-postgres.js +6 -1
package/dist/dataloader.d.ts.map +1 -1
package/dist/error-handling/circuit-breaker.d.ts +1 -1
package/dist/error-handling/circuit-breaker.d.ts.map +1 -1
package/dist/error-handling/circuit-breaker.js +11 -3
package/dist/error-handling/error-boundary.d.ts.map +1 -1
package/dist/error-handling/error-reporter.d.ts +1 -1
package/dist/error-handling/error-reporter.d.ts.map +1 -1
package/dist/error-handling/error-reporter.js +19 -5
package/dist/error-handling/fallback-components.d.ts.map +1 -1
package/dist/error-handling/fallback-components.js +1 -1
package/dist/error-handling/index.d.ts +2 -4
package/dist/error-handling/index.d.ts.map +1 -1
package/dist/error-handling/index.js +1 -4
package/dist/error-handling/retry.d.ts.map +1 -1
package/dist/error-handling/retry.js +13 -8
package/dist/factories/builders.d.ts.map +1 -1
package/dist/factories/index.d.ts.map +1 -1
package/dist/features.d.ts +0 -4
package/dist/features.d.ts.map +1 -1
package/dist/features.js +0 -2
package/dist/fieldTraversal.d.ts.map +1 -1
package/dist/fields/config/types.d.ts.map +1 -1
package/dist/fields/getDefaultValue.d.ts.map +1 -1
package/dist/fields/getFieldPaths.d.ts.map +1 -1
package/dist/fields/hooks/afterRead/index.d.ts.map +1 -1
package/dist/fields/hooks/afterRead/promise.d.ts.map +1 -1
package/dist/fields/hooks/afterRead/traverseFields.d.ts.map +1 -1
package/dist/generated/types/cms.d.ts.map +1 -1
package/dist/generated/types/cms.js +0 -1
package/dist/generated/types/neon.d.ts.map +1 -1
package/dist/generated/types/neon.js +4 -2
package/dist/globals/GlobalOperations.d.ts.map +1 -1
package/dist/globals/GlobalOperations.js +4 -2
package/dist/globals/index.d.ts.map +1 -1
package/dist/index.d.ts +4 -4
package/dist/index.d.ts.map +1 -1
package/dist/index.js +4 -4
package/dist/instance/RevealUIInstance.d.ts.map +1 -1
package/dist/instance/RevealUIInstance.js +6 -19
package/dist/instance/index.d.ts.map +1 -1
package/dist/instance/logger.d.ts.map +1 -1
package/dist/instance/methods/create.d.ts.map +1 -1
package/dist/instance/methods/create.js +0 -3
package/dist/instance/methods/delete.d.ts.map +1 -1
package/dist/instance/methods/delete.js +1 -4
package/dist/instance/methods/find.d.ts.map +1 -1
package/dist/instance/methods/find.js +0 -3
package/dist/instance/methods/findById.d.ts.map +1 -1
package/dist/instance/methods/findById.js +0 -3
package/dist/instance/methods/hooks.d.ts.map +1 -1
package/dist/instance/methods/update.d.ts.map +1 -1
package/dist/instance/methods/update.js +0 -3
package/dist/jobs/index.d.ts +16 -0
package/dist/jobs/index.d.ts.map +1 -0
package/dist/jobs/index.js +14 -0
package/dist/jobs/queue.d.ts +57 -0
package/dist/jobs/queue.d.ts.map +1 -0
package/dist/jobs/queue.js +134 -0
package/dist/license-encryption.d.ts +21 -0
package/dist/license-encryption.d.ts.map +1 -0
package/dist/license-encryption.js +74 -0
package/dist/license.d.ts +20 -3
package/dist/license.d.ts.map +1 -1
package/dist/license.js +73 -6
package/dist/monitoring/alerts.d.ts.map +1 -1
package/dist/monitoring/cleanup-manager.d.ts.map +1 -1
package/dist/monitoring/health-monitor.d.ts.map +1 -1
package/dist/monitoring/index.d.ts.map +1 -1
package/dist/monitoring/process-registry.d.ts.map +1 -1
package/dist/monitoring/query-monitor.d.ts.map +1 -1
package/dist/monitoring/types.d.ts.map +1 -1
package/dist/monitoring/zombie-detector.d.ts.map +1 -1
package/dist/monitoring/zombie-detector.js +5 -0
package/dist/nextjs/index.d.ts.map +1 -1
package/dist/nextjs/utilities.d.ts.map +1 -1
package/dist/nextjs/withRevealUI.d.ts.map +1 -1
package/dist/observability/alerts.d.ts.map +1 -1
package/dist/observability/alerts.js +1 -2
package/dist/observability/health-check.d.ts +0 -4
package/dist/observability/health-check.d.ts.map +1 -1
package/dist/observability/health-check.js +0 -36
package/dist/observability/index.d.ts.map +1 -1
package/dist/observability/logger.d.ts.map +1 -1
package/dist/observability/logger.js +1 -1
package/dist/observability/metrics.d.ts.map +1 -1
package/dist/observability/tracing.d.ts.map +1 -1
package/dist/observability/tracing.js +0 -1
package/dist/optimization/asset-optimizer.d.ts +6 -2
package/dist/optimization/asset-optimizer.d.ts.map +1 -1
package/dist/optimization/asset-optimizer.js +31 -7
package/dist/optimization/bundle-analyzer.d.ts +1 -1
package/dist/optimization/bundle-analyzer.d.ts.map +1 -1
package/dist/optimization/bundle-analyzer.js +29 -5
package/dist/optimization/code-splitting.d.ts +0 -10
package/dist/optimization/code-splitting.d.ts.map +1 -1
package/dist/optimization/code-splitting.js +0 -16
package/dist/plugins/form-builder.d.ts.map +1 -1
package/dist/plugins/index.d.ts.map +1 -1
package/dist/plugins/nested-docs.d.ts +4 -0
package/dist/plugins/nested-docs.d.ts.map +1 -1
package/dist/plugins/nested-docs.js +50 -5
package/dist/plugins/redirects.d.ts.map +1 -1
package/dist/queries/index.d.ts.map +1 -1
package/dist/queries/queryBuilder.d.ts.map +1 -1
package/dist/queries/queryBuilder.js +9 -2
package/dist/relationships/analyzer.d.ts.map +1 -1
package/dist/relationships/analyzer.js +8 -0
package/dist/relationships/index.d.ts.map +1 -1
package/dist/relationships/populate-core.d.ts +57 -0
package/dist/relationships/populate-core.d.ts.map +1 -0
package/dist/relationships/populate-core.js +116 -0
package/dist/relationships/populate-helpers.d.ts +5 -51
package/dist/relationships/populate-helpers.d.ts.map +1 -1
package/dist/relationships/populate-helpers.js +4 -109
package/dist/relationships/population.d.ts +1 -9
package/dist/relationships/population.d.ts.map +1 -1
package/dist/relationships/population.js +8 -3
package/dist/revealui.d.ts.map +1 -1
package/dist/richtext/exports/client/rcc.d.ts.map +1 -1
package/dist/richtext/exports/client/rcc.js +1 -1
package/dist/richtext/exports/server/rsc.d.ts +17 -0
package/dist/richtext/exports/server/rsc.d.ts.map +1 -1
package/dist/richtext/exports/server/rsc.js +61 -5
package/dist/richtext/index.d.ts.map +1 -1
package/dist/richtext/lexical.d.ts.map +1 -1
package/dist/security/audit.d.ts +1 -1
package/dist/security/audit.d.ts.map +1 -1
package/dist/security/audit.js +4 -2
package/dist/security/auth.d.ts +29 -160
package/dist/security/auth.d.ts.map +1 -1
package/dist/security/auth.js +148 -367
package/dist/security/authorization.d.ts +7 -31
package/dist/security/authorization.d.ts.map +1 -1
package/dist/security/authorization.js +72 -14
package/dist/security/encryption.d.ts +56 -44
package/dist/security/encryption.d.ts.map +1 -1
package/dist/security/encryption.js +113 -96
package/dist/security/gdpr-storage.d.ts +102 -0
package/dist/security/gdpr-storage.d.ts.map +1 -0
package/dist/security/gdpr-storage.js +65 -0
package/dist/security/gdpr.d.ts +57 -37
package/dist/security/gdpr.d.ts.map +1 -1
package/dist/security/gdpr.js +155 -89
package/dist/security/headers.d.ts +4 -2
package/dist/security/headers.d.ts.map +1 -1
package/dist/security/headers.js +35 -17
package/dist/security/index.d.ts +3 -16
package/dist/security/index.d.ts.map +1 -1
package/dist/security/index.js +3 -16
package/dist/server/index.d.ts.map +1 -1
package/dist/server/renderPage.d.ts.map +1 -1
package/dist/storage/index.d.ts +1 -0
package/dist/storage/index.d.ts.map +1 -1
package/dist/storage/index.js +2 -4
package/dist/storage/vercel-blob.d.ts.map +1 -1
package/dist/translations/index.d.ts.map +1 -1
package/dist/types/access.d.ts.map +1 -1
package/dist/types/api.d.ts.map +1 -1
package/dist/types/cms.d.ts.map +1 -1
package/dist/types/config.d.ts.map +1 -1
package/dist/types/core.d.ts.map +1 -1
package/dist/types/extensions.d.ts.map +1 -1
package/dist/types/frontend.d.ts.map +1 -1
package/dist/types/generated.d.ts.map +1 -1
package/dist/types/hooks.d.ts.map +1 -1
package/dist/types/index.d.ts +1 -1
package/dist/types/index.d.ts.map +1 -1
package/dist/types/interfaces/app.d.ts.map +1 -1
package/dist/types/jobs.d.ts.map +1 -1
package/dist/types/legacy.d.ts.map +1 -1
package/dist/types/plugins.d.ts.map +1 -1
package/dist/types/query.d.ts.map +1 -1
package/dist/types/request.d.ts.map +1 -1
package/dist/types/richtext.d.ts.map +1 -1
package/dist/types/runtime.d.ts +59 -1
package/dist/types/runtime.d.ts.map +1 -1
package/dist/types/schema.d.ts.map +1 -1
package/dist/types/user.d.ts.map +1 -1
package/dist/utils/access-conversion.d.ts.map +1 -1
package/dist/utils/api-wrapper.d.ts.map +1 -1
package/dist/utils/api-wrapper.js +1 -1
package/dist/utils/block-conversion.d.ts.map +1 -1
package/dist/utils/cache.d.ts.map +1 -1
package/dist/utils/deep-clone.js +0 -1
package/dist/utils/error-responses.d.ts.map +1 -1
package/dist/utils/errors.d.ts +36 -0
package/dist/utils/errors.d.ts.map +1 -1
package/dist/utils/errors.js +103 -0
package/dist/utils/field-conversion.d.ts +1 -1
package/dist/utils/field-conversion.d.ts.map +1 -1
package/dist/utils/flattenResult.d.ts.map +1 -1
package/dist/utils/flattenResult.js +0 -1
package/dist/utils/getBlockSelect.d.ts.map +1 -1
package/dist/utils/getSelectMode.d.ts.map +1 -1
package/dist/utils/isValidID.d.ts.map +1 -1
package/dist/utils/json-parsing.d.ts.map +1 -1
package/dist/utils/logger-client.d.ts.map +1 -1
package/dist/utils/logger-server.d.ts.map +1 -1
package/dist/utils/logger.d.ts.map +1 -1
package/dist/utils/request-context.d.ts.map +1 -1
package/dist/utils/stripUnselectedFields.d.ts.map +1 -1
package/dist/utils/type-guards.d.ts.map +1 -1
package/package.json +39 -7

package/dist/collections/operations/findById.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"findById.d.ts","sourceRoot":"","sources":["../../../src/collections/operations/findById.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EACV,~~cAAc,EACd,~~YAAY,EACZ,sBAAsB,EACtB,cAAc,EACd,aAAa,EAEd,MAAM,sBAAsB,~~CAAA~~;~~AAG7B~~,wBAAsB,QAAQ,CAC5B,MAAM,EAAE,sBAAsB,EAC9B,EAAE,EAAE~~;IACF~~,~~KAAK~~,~~EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,cAAc,CAAC,CAAA;CACtE,~~GAAG,IAAI,~~EACR~~,OAAO,EAAE;IACP,EAAE,EAAE,MAAM,GAAG,MAAM,~~CAAA~~;~~IACnB~~,KAAK,CAAC,EAAE,MAAM,~~CAAA~~;~~IACd~~,GAAG,CAAC,EAAE,aAAa,~~CAAA~~;~~IACnB~~,QAAQ,CAAC,EAAE,YAAY,~~CAAA~~;~~CACxB~~,GACA,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,~~CA2DhC~~"}
1	+ {"version":3,"file":"findById.d.ts","sourceRoot":"","sources":["../../../src/collections/operations/findById.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EACV,YAAY,EACZ,wBAAwB,EACxB,sBAAsB,EACtB,cAAc,EACd,aAAa,EAEd,MAAM,sBAAsB,CAAC;AAI9B,wBAAsB,QAAQ,CAC5B,MAAM,EAAE,sBAAsB,EAC9B,EAAE,EAAE,wBAAwB,GAAG,IAAI,EACnC,OAAO,EAAE;IACP,EAAE,EAAE,MAAM,GAAG,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,GAAG,CAAC,EAAE,aAAa,CAAC;IACpB,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B,GACA,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAwHhC"}

package/dist/collections/operations/findById.js CHANGED Viewed

@@ -5,17 +5,69 @@
  */
 import { afterRead } from '../../fields/hooks/afterRead/index.js';
 import { deserializeJsonFields } from '../../utils/json-parsing.js';
+import { selectByIdQuery } from './sqlAdapter.js';
 export async function findByID(config, db, options) {
     const { id, depth = 0, req, populate: populateOption } = options;
     // Validate depth
     if (depth < 0 || depth > 3) {
         throw new Error(`Depth must be between 0 and 3, got ${depth}`);
     }
+    // --- Access control enforcement ---
+    if (!options.overrideAccess) {
+        const accessConfig = config.access;
+        const readAccess = accessConfig?.read;
+        if (readAccess) {
+            if (!req)
+                return null; // No request context = deny
+            const result = await readAccess({ req, id });
+            if (result === false)
+                return null;
+            // If result is a WhereClause (row-level filter), we fetch the doc first then verify.
+            // For findByID, we check after fetch whether the doc matches the access filter.
+            // Boolean true = allow, WhereClause = post-fetch filter (handled below after query).
+        }
+    }
+    if (db?.collectionStorage?.findByID) {
+        const doc = await db.collectionStorage.findByID(config, { id });
+        if (doc !== undefined) {
+            if (!doc)
+                return null;
+            if (req && depth > 0) {
+                const sanitizedConfig = {
+                    ...config,
+                    fields: config.fields,
+                    flattenedFields: config.fields,
+                    endpoints: config.endpoints === false ? undefined : config.endpoints,
+                };
+                return await afterRead({
+                    collection: sanitizedConfig,
+                    context: req.context || {},
+                    currentDepth: 1,
+                    depth,
+                    doc,
+                    draft: false,
+                    fallbackLocale: req.fallbackLocale || 'en',
+                    findMany: false,
+                    flattenLocales: true,
+                    global: null,
+                    locale: req.locale || 'en',
+                    overrideAccess: false,
+                    populate: populateOption,
+                    req,
+                    select: undefined,
+                    showHiddenFields: false,
+                });
+            }
+            return doc;
+        }
+    }
     if (db?.query) {
+        // Dynamic collection storage is quarantined in sqlAdapter.ts until this
+        // layer is redesigned around typed tables that Drizzle can model directly.
         const tableName = config.slug;
         // Ensure id is a string for consistent comparison
         const idString = String(id);
-        const query = `SELECT * FROM "${tableName}" WHERE id = $1 LIMIT 1`;
+        const query = selectByIdQuery(tableName);
         const result = await db.query(query, [idString]);
         const rawDoc = result.rows[0];
         if (!rawDoc) {

package/dist/collections/operations/sqlAdapter.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import type { DatabaseResult } from '../../types/index.js';
+export type QueryableCollectionDb = {
+    query: (query: string, values?: unknown[]) => Promise<DatabaseResult>;
+};
+export declare function validateSlug(slug: string): void;
+export declare function validateColumnName(column: string): void;
+export declare function escapeIdentifier(identifier: string): string;
+export declare function collectionTable(configSlug: string): string;
+export declare function selectByIdQuery(configSlug: string): string;
+export declare function deleteByIdQuery(configSlug: string): string;
+export declare function countDocumentsQuery(configSlug: string, whereClause?: string): string;
+export declare function listDocumentsQuery(configSlug: string, whereClause: string, orderByClause: string, limitParam: number, offsetParam: number): string;
+export declare function insertDocumentQuery(configSlug: string, columns: string[]): string;
+export declare function selectJsonByIdQuery(configSlug: string): string;
+export declare function checkExistsByIdQuery(configSlug: string): string;
+export declare function updateByIdQuery(configSlug: string, keys: string[]): string;
+/**
+ * Version-aware UPDATE: includes `version = version + 1` in SET
+ * and `AND version = $N` in WHERE for optimistic locking.
+ * Returns the number of affected rows (0 = conflict).
+ */
+export declare function updateByIdWithVersionQuery(configSlug: string, keys: string[]): string;
+//# sourceMappingURL=sqlAdapter.d.ts.map

package/dist/collections/operations/sqlAdapter.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sqlAdapter.d.ts","sourceRoot":"","sources":["../../../src/collections/operations/sqlAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAE3D,MAAM,MAAM,qBAAqB,GAAG;IAClC,KAAK,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,cAAc,CAAC,CAAC;CACvE,CAAC;AAgBF,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAM/C;AAKD,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAMvD;AAED,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAE3D;AAED,wBAAgB,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAG1D;AAED,wBAAgB,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAE1D;AAED,wBAAgB,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAE1D;AAED,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,CAIpF;AAED,wBAAgB,kBAAkB,CAChC,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,aAAa,EAAE,MAAM,EACrB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAClB,MAAM,CAER;AAED,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,CAKjF;AAED,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAE9D;AAED,wBAAgB,oBAAoB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAE/D;AAED,wBAAgB,eAAe,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,CAI1E;AAED;;;;GAIG;AACH,wBAAgB,0BAA0B,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,CAKrF"}

package/dist/collections/operations/sqlAdapter.js ADDED Viewed

@@ -0,0 +1,76 @@
+/**
+ * Dynamic collections resolve table and column names at runtime from config.
+ * Drizzle is the default elsewhere in the codebase. This adapter exists only
+ * because these collection operations target runtime-selected tables/columns
+ * that do not map cleanly to Drizzle's compile-time table model yet.
+ *
+ * Treat this as a temporary quarantine boundary for dynamic SQL. Do not add
+ * inline SQL back into the collection operations; extend this adapter or
+ * redesign the collection storage layer toward typed tables instead.
+ */
+/** Only lowercase alphanumeric, hyphens, and underscores (1-63 chars, PostgreSQL identifier limit). */
+const VALID_SLUG = /^[a-z][a-z0-9_-]{0,62}$/;
+export function validateSlug(slug) {
+    if (!VALID_SLUG.test(slug)) {
+        throw new Error(`Invalid collection slug: "${slug}". Slugs must start with a lowercase letter and contain only lowercase alphanumeric characters, hyphens, and underscores (max 63 chars).`);
+    }
+}
+/** Only lowercase alphanumeric and underscores (PostgreSQL column name safe). */
+const VALID_COLUMN = /^[a-z_][a-z0-9_]{0,62}$/;
+export function validateColumnName(column) {
+    if (!VALID_COLUMN.test(column)) {
+        throw new Error(`Invalid column name: "${column}". Column names must start with a lowercase letter or underscore and contain only lowercase alphanumeric characters and underscores.`);
+    }
+}
+export function escapeIdentifier(identifier) {
+    return identifier.replace(/"/g, '""');
+}
+export function collectionTable(configSlug) {
+    validateSlug(configSlug);
+    return `"${escapeIdentifier(configSlug)}"`;
+}
+export function selectByIdQuery(configSlug) {
+    return `SELECT * FROM ${collectionTable(configSlug)} WHERE id = $1 LIMIT 1`;
+}
+export function deleteByIdQuery(configSlug) {
+    return `DELETE FROM ${collectionTable(configSlug)} WHERE id = $1`;
+}
+export function countDocumentsQuery(configSlug, whereClause) {
+    return whereClause
+        ? `SELECT COUNT(*) as total FROM ${collectionTable(configSlug)} WHERE ${whereClause}`
+        : `SELECT COUNT(*) as total FROM ${collectionTable(configSlug)}`;
+}
+export function listDocumentsQuery(configSlug, whereClause, orderByClause, limitParam, offsetParam) {
+    return `SELECT * FROM ${collectionTable(configSlug)} ${whereClause ? `WHERE ${whereClause}` : ''} ${orderByClause} LIMIT $${limitParam} OFFSET $${offsetParam}`;
+}
+export function insertDocumentQuery(configSlug, columns) {
+    for (const col of columns)
+        validateColumnName(col);
+    const escapedColumns = columns.map((column) => `"${escapeIdentifier(column)}"`).join(', ');
+    const placeholders = columns.map((_, i) => `$${i + 2}`).join(', ');
+    return `INSERT INTO ${collectionTable(configSlug)} (id, ${escapedColumns}) VALUES ($1, ${placeholders})`;
+}
+export function selectJsonByIdQuery(configSlug) {
+    return `SELECT _json FROM ${collectionTable(configSlug)} WHERE id = $1 LIMIT 1`;
+}
+export function checkExistsByIdQuery(configSlug) {
+    return `SELECT id FROM ${collectionTable(configSlug)} WHERE id = $1 LIMIT 1`;
+}
+export function updateByIdQuery(configSlug, keys) {
+    for (const key of keys)
+        validateColumnName(key);
+    const setClause = keys.map((key, i) => `"${escapeIdentifier(key)}" = $${i + 1}`).join(', ');
+    return `UPDATE ${collectionTable(configSlug)} SET ${setClause} WHERE id = $${keys.length + 1}`;
+}
+/**
+ * Version-aware UPDATE: includes `version = version + 1` in SET
+ * and `AND version = $N` in WHERE for optimistic locking.
+ * Returns the number of affected rows (0 = conflict).
+ */
+export function updateByIdWithVersionQuery(configSlug, keys) {
+    for (const key of keys)
+        validateColumnName(key);
+    const setClause = keys.map((key, i) => `"${escapeIdentifier(key)}" = $${i + 1}`).join(', ');
+    // version param is at keys.length + 1, id param is at keys.length + 2
+    return `UPDATE ${collectionTable(configSlug)} SET ${setClause}, "version" = "version" + 1 WHERE id = $${keys.length + 2} AND "version" = $${keys.length + 1}`;
+}

package/dist/collections/operations/update.d.ts CHANGED Viewed

@@ -1,10 +1,8 @@
 /**
  * Update Operation
  *
- * Updates an existing document with validation, password hashing, and JSON field handling.
+ * Updates an existing document with access control, validation, password hashing, and JSON field handling.
  */
-import type { DatabaseResult, RevealCollectionConfig, RevealDocument, RevealUpdateOptions } from '../../types/index.js';
-export declare function update(config: RevealCollectionConfig, db: {
-    query: (query: string, values?: unknown[]) => Promise<DatabaseResult>;
-} | null, options: RevealUpdateOptions): Promise<RevealDocument>;
+import type { QueryableDatabaseAdapter, RevealCollectionConfig, RevealDocument, RevealUpdateOptions } from '../../types/index.js';
+export declare function update(config: RevealCollectionConfig, db: QueryableDatabaseAdapter | null, options: RevealUpdateOptions): Promise<RevealDocument>;
 //# sourceMappingURL=update.d.ts.map

package/dist/collections/operations/update.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"update.d.ts","sourceRoot":"","sources":["../../../src/collections/operations/update.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EACV,~~cAAc~~,~~EACd~~,sBAAsB,EACtB,cAAc,~~EAEd~~,mBAAmB,EACpB,MAAM,sBAAsB,~~CAAA~~;~~AAM7B~~,wBAAsB,MAAM,CAC1B,MAAM,EAAE,sBAAsB,EAC9B,EAAE,EAAE~~;IACF~~,~~KAAK~~,~~EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,cAAc,CAAC,CAAA;CACtE,~~GAAG,IAAI,~~EACR~~,OAAO,EAAE,mBAAmB,GAC3B,OAAO,CAAC,cAAc,CAAC,~~CAgJzB~~"}
1	+ {"version":3,"file":"update.d.ts","sourceRoot":"","sources":["../../../src/collections/operations/update.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EACV,wBAAwB,EACxB,sBAAsB,EACtB,cAAc,EAGd,mBAAmB,EACpB,MAAM,sBAAsB,CAAC;AAiF9B,wBAAsB,MAAM,CAC1B,MAAM,EAAE,sBAAsB,EAC9B,EAAE,EAAE,wBAAwB,GAAG,IAAI,EACnC,OAAO,EAAE,mBAAmB,GAC3B,OAAO,CAAC,cAAc,CAAC,CAkMzB"}

package/dist/collections/operations/update.js CHANGED Viewed

@@ -1,7 +1,7 @@
 /**
  * Update Operation
  *
- * Updates an existing document with validation, password hashing, and JSON field handling.
+ * Updates an existing document with access control, validation, password hashing, and JSON field handling.
  */
 import bcrypt from 'bcryptjs';
 import { defaultLogger } from '../../instance/logger.js';
@@ -9,10 +9,61 @@ import { collectJsonFields, serializeValueForDatabase } from '../../utils/json-p
 import { flattenFields, isJsonFieldType } from '../../utils/type-guards.js';
 import { runBeforeFieldHooks } from './fieldHooks.js';
 import { findByID } from './findById.js';
+import { checkExistsByIdQuery, selectJsonByIdQuery, updateByIdQuery, updateByIdWithVersionQuery, } from './sqlAdapter.js';
+/**
+ * Recursively deep-merge two plain objects. Arrays, nulls, Dates, and
+ * primitives in `source` replace the corresponding key in `target`.
+ * Only plain-object vs plain-object pairs are merged recursively.
+ */
+function deepMergeJson(target, source) {
+    const result = structuredClone(target);
+    for (const key of Object.keys(source)) {
+        const sourceVal = source[key];
+        const targetVal = result[key];
+        if (sourceVal !== null &&
+            typeof sourceVal === 'object' &&
+            !Array.isArray(sourceVal) &&
+            targetVal !== null &&
+            typeof targetVal === 'object' &&
+            !Array.isArray(targetVal)) {
+            result[key] = deepMergeJson(targetVal, sourceVal);
+        }
+        else {
+            result[key] = structuredClone(sourceVal);
+        }
+    }
+    return result;
+}
+/**
+ * Evaluate a collection's access.update function.
+ * Returns true (allow) or false (deny).
+ */
+async function evaluateUpdateAccess(config, options) {
+    if (options.overrideAccess)
+        return true;
+    const accessConfig = config.access;
+    const updateAccess = accessConfig?.update;
+    // No access rule defined = allow all (backward compatible)
+    if (!updateAccess)
+        return true;
+    const req = options.req;
+    if (!req)
+        return false; // No request context = deny (safe default)
+    const result = await updateAccess({ req, id: options.id, data: options.data });
+    if (result === false)
+        return false;
+    // Any truthy result (true, WhereClause) = allowed for single-document operations
+    return !!result;
+}
 export async function update(config, db, options) {
     const { id, data } = options;
+    // --- Access control enforcement ---
+    const allowed = await evaluateUpdateAccess(config, options);
+    if (!allowed) {
+        throw new Error('Access denied: insufficient permissions to update this document');
+    }
     // Run beforeValidate field hooks before validation so they can transform values.
-    await runBeforeFieldHooks(config, data, 'update', 'beforeValidate');
+    await runBeforeFieldHooks(config, data, 'update', 'beforeValidate', undefined, options.req);
     // Validate email format if email field is being updated
     if (config.fields) {
         for (const field of config.fields) {
@@ -42,13 +93,15 @@ export async function update(config, db, options) {
         }
     }
     // Run beforeChange field hooks after validation but before the DB write.
-    await runBeforeFieldHooks(config, data, 'update', 'beforeChange');
+    await runBeforeFieldHooks(config, data, 'update', 'beforeChange', undefined, options.req);
     // Hash password if present and not already hashed (doesn't start with $2a$ or $2b$)
     if (data.password && typeof data.password === 'string' && !data.password.startsWith('$2')) {
-        const saltRounds = 10;
+        const saltRounds = 12;
         data.password = await bcrypt.hash(data.password, saltRounds);
     }
     if (db?.query) {
+        // Dynamic collection storage is quarantined in sqlAdapter.ts until this
+        // layer is redesigned around typed tables that Drizzle can model directly.
         const tableName = config.slug;
         // Build UPDATE query (PostgreSQL uses $1, $2 style)
         // Serialize complex values (objects, arrays) to JSON strings for SQLite
@@ -57,7 +110,23 @@ export async function update(config, db, options) {
             .filter((field) => isJsonFieldType(field) && field.name)
             .map((field) => field.name)
             .filter((name) => typeof name === 'string'));
-        const keys = Object.keys(data).filter((k) => k !== 'id' && !jsonFieldNames.has(k));
+        // Build allowlist from collection fields + system columns to prevent SQL injection via crafted keys
+        const allowedColumns = new Set([
+            'id',
+            'createdAt',
+            'updatedAt',
+            'created_at',
+            'updated_at',
+            '_json',
+            'password',
+        ]);
+        if (config.fields) {
+            for (const field of config.fields) {
+                if (field.name)
+                    allowedColumns.add(field.name);
+            }
+        }
+        const keys = Object.keys(data).filter((k) => k !== 'id' && !jsonFieldNames.has(k) && allowedColumns.has(k));
         const jsonKeys = Object.keys(data).filter((k) => k !== 'id' && jsonFieldNames.has(k));
         // Collect JSON fields to update using collectJsonFields utility
         const jsonUpdates = collectJsonFields(data, jsonFieldNames);
@@ -67,7 +136,7 @@ export async function update(config, db, options) {
         let existingJson = {};
         if (jsonFieldNames.size > 0) {
             // Fetch _json to preserve existing JSON fields (even when only updating non-JSON fields)
-            const rawQuery = `SELECT _json FROM "${tableName}" WHERE id = $1 LIMIT 1`;
+            const rawQuery = selectJsonByIdQuery(tableName);
             const rawResult = await db.query(rawQuery, [String(id)]);
             if (!rawResult.rows[0]) {
                 throw new Error(`Document with id ${id} not found`);
@@ -95,7 +164,7 @@ export async function update(config, db, options) {
         }
         else if (keys.length > 0) {
             // No JSON fields in collection - just verify document exists
-            const checkQuery = `SELECT id FROM "${tableName}" WHERE id = $1 LIMIT 1`;
+            const checkQuery = checkExistsByIdQuery(tableName);
             const checkResult = await db.query(checkQuery, [String(id)]);
             if (!checkResult.rows[0]) {
                 throw new Error(`Document with id ${id} not found`);
@@ -104,13 +173,12 @@ export async function update(config, db, options) {
         // Merge existing JSON with updates (only if we have JSON fields)
         let mergedJson = {};
         if (jsonFieldNames.size > 0) {
-            mergedJson = { ...existingJson, ...jsonUpdates };
+            mergedJson = deepMergeJson(existingJson, jsonUpdates);
             // Only include _json in UPDATE if there are actual changes or existing JSON to preserve
             if (jsonKeys.length > 0 || Object.keys(existingJson).length > 0) {
                 keys.push('_json');
             }
         }
-        const setClause = keys.map((key, i) => `"${key}" = $${i + 1}`).join(', ');
         const values = keys.map((key) => {
             if (key === '_json') {
                 // Serialize merged JSON fields object to JSON string
@@ -121,8 +189,32 @@ export async function update(config, db, options) {
         });
         // Ensure id is a string for consistent comparison
         const idString = String(id);
-        const query = `UPDATE "${tableName}" SET ${setClause} WHERE id = $${keys.length + 1}`;
-        await db.query(query, [...values, idString]);
+        // Optimistic locking: if the caller provides a `version` field, use version-aware update
+        // to detect concurrent modifications. The version is stripped from the SET clause and
+        // moved to the WHERE clause; the DB auto-increments version on success.
+        const clientVersion = typeof data.version === 'number' ? data.version : undefined;
+        const updateKeys = clientVersion !== undefined ? keys.filter((k) => k !== 'version') : keys;
+        const updateValues = clientVersion !== undefined
+            ? updateKeys.map((key) => {
+                if (key === '_json')
+                    return serializeValueForDatabase(mergedJson);
+                return serializeValueForDatabase(data[key]);
+            })
+            : values;
+        if (clientVersion !== undefined) {
+            const query = updateByIdWithVersionQuery(tableName, updateKeys);
+            const result = await db.query(query, [...updateValues, clientVersion, idString]);
+            if (result.rowCount === 0) {
+                // Document exists but version mismatch — concurrent edit detected
+                const err = new Error('Document was modified by another user. Refresh and try again.');
+                err.statusCode = 409;
+                throw err;
+            }
+        }
+        else {
+            const query = updateByIdQuery(tableName, updateKeys);
+            await db.query(query, [...updateValues, idString]);
+        }
         // Return updated document (use idString for consistency)
         const updatedDoc = await findByID(config, db, { id: idString });
         if (!updatedDoc) {

package/dist/collections/operations/updateMany.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+/**
+ * updateMany Operation
+ *
+ * Updates multiple documents in a single transaction. All-or-nothing: if any
+ * update fails, the entire batch is rolled back.
+ *
+ * Documents without a db adapter fall back to in-memory objects (no transaction).
+ */
+import type { BatchResult, BatchUpdateOptions, QueryableDatabaseAdapter, RevealCollectionConfig, RevealDocument } from '../../types/index.js';
+export declare function updateMany(config: RevealCollectionConfig, db: QueryableDatabaseAdapter | null, options: BatchUpdateOptions): Promise<BatchResult<RevealDocument>>;
+//# sourceMappingURL=updateMany.d.ts.map

package/dist/collections/operations/updateMany.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"updateMany.d.ts","sourceRoot":"","sources":["../../../src/collections/operations/updateMany.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,WAAW,EACX,kBAAkB,EAClB,wBAAwB,EACxB,sBAAsB,EACtB,cAAc,EACf,MAAM,sBAAsB,CAAC;AAG9B,wBAAsB,UAAU,CAC9B,MAAM,EAAE,sBAAsB,EAC9B,EAAE,EAAE,wBAAwB,GAAG,IAAI,EACnC,OAAO,EAAE,kBAAkB,GAC1B,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC,CA2CtC"}

package/dist/collections/operations/updateMany.js ADDED Viewed

@@ -0,0 +1,52 @@
+/**
+ * updateMany Operation
+ *
+ * Updates multiple documents in a single transaction. All-or-nothing: if any
+ * update fails, the entire batch is rolled back.
+ *
+ * Documents without a db adapter fall back to in-memory objects (no transaction).
+ */
+import { update } from './update.js';
+export async function updateMany(config, db, options) {
+    const results = [];
+    const errors = [];
+    if (!db?.query || options.updates.length === 0) {
+        // No DB or empty batch: run each update independently (no transaction available).
+        for (const [i, item] of options.updates.entries()) {
+            try {
+                const doc = await update(config, db, {
+                    id: item.id,
+                    data: item.data,
+                    req: options.req,
+                    overrideAccess: options.overrideAccess,
+                });
+                results.push(doc);
+            }
+            catch (error) {
+                errors.push({ index: i, error: error instanceof Error ? error.message : String(error) });
+            }
+        }
+        return { results, errors };
+    }
+    // Wrap all updates in a transaction: stop on first error, rollback on failure.
+    await db.query('BEGIN');
+    try {
+        for (const item of options.updates) {
+            const doc = await update(config, db, {
+                id: item.id,
+                data: item.data,
+                req: options.req,
+                overrideAccess: options.overrideAccess,
+            });
+            results.push(doc);
+        }
+        await db.query('COMMIT');
+    }
+    catch (error) {
+        await db.query('ROLLBACK');
+        const index = results.length; // Index of the failing item
+        errors.push({ index, error: error instanceof Error ? error.message : String(error) });
+        return { results: [], errors };
+    }
+    return { results, errors };
+}

package/dist/collections/registry.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import type { RevealCollectionConfig } from '../types/index.js';
+export type CollectionStorageMode = 'dynamic' | 'typed-candidate';
+export interface CollectionStorageDescriptor {
+    slug: string;
+    tableName: string;
+    storageMode: CollectionStorageMode;
+    allowedColumns: string[];
+    jsonFieldNames: string[];
+}
+export declare function buildCollectionStorageDescriptor(collection: RevealCollectionConfig): CollectionStorageDescriptor;
+export declare function buildCollectionStorageRegistry(collections: RevealCollectionConfig[] | undefined): Record<string, CollectionStorageDescriptor>;
+//# sourceMappingURL=registry.d.ts.map

package/dist/collections/registry.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../src/collections/registry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,sBAAsB,EAAiB,MAAM,mBAAmB,CAAC;AAG/E,MAAM,MAAM,qBAAqB,GAAG,SAAS,GAAG,iBAAiB,CAAC;AAElE,MAAM,WAAW,2BAA2B;IAC1C,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,qBAAqB,CAAC;IACnC,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B;AAID,wBAAgB,gCAAgC,CAC9C,UAAU,EAAE,sBAAsB,GACjC,2BAA2B,CA6B7B;AAED,wBAAgB,8BAA8B,CAC5C,WAAW,EAAE,sBAAsB,EAAE,GAAG,SAAS,GAChD,MAAM,CAAC,MAAM,EAAE,2BAA2B,CAAC,CAM7C"}

package/dist/collections/registry.js ADDED Viewed

@@ -0,0 +1,38 @@
+import { flattenFields, isJsonFieldType } from '../utils/type-guards.js';
+const TYPED_CANDIDATE_SLUGS = new Set(['sites', 'pages', 'posts', 'media', 'users']);
+export function buildCollectionStorageDescriptor(collection) {
+    const flattenedFields = flattenFields(collection.fields || []);
+    const allowedColumns = new Set([
+        'id',
+        'createdAt',
+        'updatedAt',
+        'created_at',
+        'updated_at',
+        '_json',
+        'password',
+    ]);
+    const jsonFieldNames = new Set();
+    for (const field of flattenedFields) {
+        if (!field.name)
+            continue;
+        if (isJsonFieldType(field)) {
+            jsonFieldNames.add(field.name);
+            continue;
+        }
+        allowedColumns.add(field.name);
+    }
+    return {
+        slug: collection.slug,
+        tableName: collection.slug,
+        storageMode: TYPED_CANDIDATE_SLUGS.has(collection.slug) ? 'typed-candidate' : 'dynamic',
+        allowedColumns: [...allowedColumns],
+        jsonFieldNames: [...jsonFieldNames],
+    };
+}
+export function buildCollectionStorageRegistry(collections) {
+    const registry = {};
+    for (const collection of collections || []) {
+        registry[collection.slug] = buildCollectionStorageDescriptor(collection);
+    }
+    return registry;
+}

package/dist/config/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/config/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,~~CAAA~~;~~AAG/C~~;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,CAAC,SAAS,MAAM,EAAE,MAAM,EAAE,CAAC,GAAG,CAAC,CAyD1D"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/config/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAGhD;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,CAAC,SAAS,MAAM,EAAE,MAAM,EAAE,CAAC,GAAG,CAAC,CAyD1D"}

package/dist/config/runtime.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../../src/config/runtime.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,IAAI,eAAe,EAAE,MAAM,yBAAyB,~~CAAA~~;~~AACxE~~,OAAO,KAAK,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,~~CAAA~~;~~AAEvE~~,4CAA4C;AAC5C,KAAK,cAAc,GAAG,YAAY,GAAG,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,~~CAAA~~;~~AAK9E~~;;;;;;;;;;;;GAYG;AACH,wBAAsB,WAAW,CAAC,OAAO,EAAE;IAAE,MAAM,EAAE,cAAc,CAAA;CAAE,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAoBhG"}
1	+ {"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../../src/config/runtime.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,IAAI,eAAe,EAAE,MAAM,yBAAyB,CAAC;AACzE,OAAO,KAAK,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAExE,4CAA4C;AAC5C,KAAK,cAAc,GAAG,YAAY,GAAG,eAAe,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAK/E;;;;;;;;;;;;GAYG;AACH,wBAAsB,WAAW,CAAC,OAAO,EAAE;IAAE,MAAM,EAAE,cAAc,CAAA;CAAE,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAoBhG"}

package/dist/config/utils.d.ts CHANGED Viewed

@@ -1,12 +1,2 @@
 export declare function deepMerge<T extends object>(target: Partial<T>, source: T): T;
-/**
- * @deprecated This function is deprecated. Use ConfigContract validation instead.
- * Validation is now handled by the contract system in @revealui/contracts/cms.
- * This function is kept for backward compatibility but should not be used in new code.
- */
-export declare function validateConfig(config: {
-    secret?: string;
-    collections?: unknown[];
-    globals?: unknown[];
-}): void;
 //# sourceMappingURL=utils.d.ts.map

package/dist/config/utils.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/config/utils.ts"],"names":[],"mappings":"AAAA,wBAAgB,SAAS,CAAC,CAAC,SAAS,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,GAAG,CAAC,CAuB5E~~;AAED;;;;GAIG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE;IACrC,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,WAAW,CAAC,EAAE,OAAO,EAAE,CAAA;IACvB,OAAO,CAAC,EAAE,OAAO,EAAE,CAAA;CACpB,GAAG,IAAI,CAQP~~"}
1	+ {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/config/utils.ts"],"names":[],"mappings":"AAAA,wBAAgB,SAAS,CAAC,CAAC,SAAS,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,GAAG,CAAC,CAuB5E"}

package/dist/config/utils.js CHANGED Viewed

@@ -19,16 +19,3 @@ export function deepMerge(target, source) {
     }
     return result;
 }
-/**
- * @deprecated This function is deprecated. Use ConfigContract validation instead.
- * Validation is now handled by the contract system in @revealui/contracts/cms.
- * This function is kept for backward compatibility but should not be used in new code.
- */
-export function validateConfig(config) {
-    if (!config.secret) {
-        throw new Error('RevealUI config requires a secret');
-    }
-    if (!(config.collections || config.globals)) {
-        throw new Error('RevealUI config must have at least one collection or global');
-    }
-}

package/dist/database/index.d.ts CHANGED Viewed

@@ -1 +1,4 @@
+export type { DatabaseResult } from '../types/index.js';
+export type { UniversalPostgresAdapterConfig } from './universal-postgres.js';
+export { universalPostgresAdapter } from './universal-postgres.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/database/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/database/index.ts"],"names":[],"mappings":""}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/database/index.ts"],"names":[],"mappings":"AAEA,YAAY,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACxD,YAAY,EAAE,8BAA8B,EAAE,MAAM,yBAAyB,CAAC;AAC9E,OAAO,EAAE,wBAAwB,EAAE,MAAM,yBAAyB,CAAC"}

package/dist/database/index.js CHANGED Viewed

@@ -1,6 +1,2 @@
-"use strict";
 // Re-export database adapters and types (PostgreSQL/PGlite only)
-// Temporarily commented out to get CMS running
-// export type { DatabaseResult } from '../types/index.js'
-// export type { UniversalPostgresAdapterConfig } from './universal-postgres.js'
-// export { universalPostgresAdapter } from './universal-postgres.js'
+export { universalPostgresAdapter } from './universal-postgres.js';

package/dist/database/safe-parse.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"safe-parse.d.ts","sourceRoot":"","sources":["../../src/database/safe-parse.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,~~CAAA~~;~~AAEvD~~;;;;;;;;;GASG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,OAAO,GAAG,cAAc,GAAG,IAAI,CAgB3E;AAED;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,cAAc,EAAE,CAI1E"}
1	+ {"version":3,"file":"safe-parse.d.ts","sourceRoot":"","sources":["../../src/database/safe-parse.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAExD;;;;;;;;;GASG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,OAAO,GAAG,cAAc,GAAG,IAAI,CAgB3E;AAED;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,cAAc,EAAE,CAI1E"}

package/dist/database/ssl-config.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ssl-config.d.ts","sourceRoot":"","sources":["../../src/database/ssl-config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,YAAY,EAAE,SAAS,EAAE,MAAM,0BAA0B,~~CAAA~~;~~AACzD~~,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,~~CAAA~~"}
1	+ {"version":3,"file":"ssl-config.d.ts","sourceRoot":"","sources":["../../src/database/ssl-config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,YAAY,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC"}

package/dist/database/type-adapter.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"type-adapter.d.ts","sourceRoot":"","sources":["../../src/database/type-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gCAAgC,~~CAAA~~;~~AAE9D~~;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAEpE;AAED;;;;;;;GAOG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,GAAG,OAAO,CAEvE;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,EAC/C,QAAQ,EAAE,QAAQ,CAAC,SAAS,CAAC,EAC7B,KAAK,EAAE,MAAM,GACZ,SAAS,CAEX;AAED;;;;GAIG;AACH,KAAK,YAAY,GAAG;IAClB,MAAM,EAAE;~~QACN~~,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE;YAAE,GAAG,EAAE,OAAO,CAAC;YAAC,MAAM,EAAE,OAAO,CAAC;YAAC,MAAM,EAAE,OAAO,CAAA;SAAE,CAAC,~~CAAA~~;~~KAC3E~~,~~CAAA~~;~~CACF~~,~~CAAA~~;~~AAED~~,MAAM,MAAM,oBAAoB,CAAC,CAAC,SAAS,YAAY,IAAI;KACxD,CAAC,IAAI,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;QAEpE,GAAG,EAAE,MAAM,CAAC,~~CAAA~~;~~KACb~~,GACG,QAAQ,CAAC,CAAC,CAAC,GACX,KAAK;CACV,~~CAAA~~;~~AAED~~;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,kBAAkB,CAAC,CAAC,SAAS,YAAY,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,EAC9F,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;IAE1C,GAAG,EAAE,MAAM,CAAC,~~CAAA~~;~~CACb~~,GACG,QAAQ,CAAC,CAAC,CAAC,GACX,KAAK;IAuBP;;;;;;;;OAQG;;aA1BE,MAAM,CAAC;;aAAP,MAAM,CAAC;;IAqCZ;;OAEG;;aAvCE,MAAM,CAAC;;gBAMJ,MAAM,CAAC;;IAsCf;;OAEG;mBACY,OAAO;aA/CjB,MAAM,CAAC;kBA+CmB;gBAnCvB,MAAM,CAAC;;EAuClB"}
1	+ {"version":3,"file":"type-adapter.d.ts","sourceRoot":"","sources":["../../src/database/type-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gCAAgC,CAAC;AAE/D;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAEpE;AAED;;;;;;;GAOG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,GAAG,OAAO,CAEvE;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,EAC/C,QAAQ,EAAE,QAAQ,CAAC,SAAS,CAAC,EAC7B,KAAK,EAAE,MAAM,GACZ,SAAS,CAEX;AAED;;;;GAIG;AACH,KAAK,YAAY,GAAG;IAClB,MAAM,EAAE;QAEN,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE;YAAE,GAAG,EAAE,OAAO,CAAC;YAAC,MAAM,EAAE,OAAO,CAAC;YAAC,MAAM,EAAE,OAAO,CAAA;SAAE,CAAC,CAAC;KAC5E,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,oBAAoB,CAAC,CAAC,SAAS,YAAY,IAAI;KACxD,CAAC,IAAI,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;QAEpE,GAAG,EAAE,MAAM,CAAC,CAAC;KACd,GACG,QAAQ,CAAC,CAAC,CAAC,GACX,KAAK;CACV,CAAC;AAEF;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,kBAAkB,CAAC,CAAC,SAAS,YAAY,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,EAC9F,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;IAE1C,GAAG,EAAE,MAAM,CAAC,CAAC;CACd,GACG,QAAQ,CAAC,CAAC,CAAC,GACX,KAAK;IAuBP;;;;;;;;OAQG;;aA1BE,MAAM,CAAC;;aAAP,MAAM,CAAC;;IAqCZ;;OAEG;;aAvCE,MAAM,CAAC;;gBAMJ,MAAM,CAAC;;IAsCf;;OAEG;mBACY,OAAO;aA/CjB,MAAM,CAAC;kBA+CmB;gBAnCvB,MAAM,CAAC;;EAuClB"}

package/dist/database/universal-postgres.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"universal-postgres.d.ts","sourceRoot":"","sources":["../../src/database/universal-postgres.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAKH,OAAO,KAAK,EAAE,eAAe,~~EAAkC~~,MAAM,mBAAmB,~~CAAA~~;~~AAIxF~~,MAAM,WAAW,8BAA8B;IAC7C;;;;;;OAMG;IACH,gBAAgB,CAAC,EAAE,MAAM,~~CAAA~~;~~IACzB~~;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,~~CAAA~~;~~IACf~~;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,GAAG,UAAU,GAAG,UAAU,~~CAAA~~;~~CAC5C~~;~~AAiGD~~;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,MAAM,GAAE,8BAAmC,GAC1C,eAAe,~~CAqcjB~~;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,eAAe,UAAQ,GAAG,IAAI,CAa/D;AAGD,eAAe,wBAAwB,~~CAAA~~"}
1	+ {"version":3,"file":"universal-postgres.d.ts","sourceRoot":"","sources":["../../src/database/universal-postgres.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAKH,OAAO,KAAK,EAAE,eAAe,EAAkB,MAAM,mBAAmB,CAAC;AAIzE,MAAM,WAAW,8BAA8B;IAC7C;;;;;;OAMG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,GAAG,UAAU,GAAG,UAAU,CAAC;CAC7C;AAmGD;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,MAAM,GAAE,8BAAmC,GAC1C,eAAe,CAwcjB;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,eAAe,UAAQ,GAAG,IAAI,CAa/D;AAGD,eAAe,wBAAwB,CAAC"}