@revealui/core 0.5.5 → 0.6.0

package/README.md

@@ -1,19 +1,25 @@
 # @revealui/core
 
-The core runtime engine for RevealUI — collections, admin UI, rich text, security, observability, and plugins.
+[![npm version](https://img.shields.io/npm/v/@revealui/core)](https://www.npmjs.com/package/@revealui/core)
+[![npm downloads](https://img.shields.io/npm/dw/@revealui/core)](https://www.npmjs.com/package/@revealui/core)
+[![license](https://img.shields.io/npm/l/@revealui/core)](https://github.com/RevealUIStudio/revealui/blob/main/LICENSE)
+
+The core runtime engine for [RevealUI](https://revealui.com)  -  collections, admin UI, rich text, security, observability, and plugins.
+
+Part of the [RevealUI monorepo](https://github.com/RevealUIStudio/revealui)  -  open-source agentic business runtime.
 
 ## Features
 
-- **Collections & CRUD** — Define content types with field hooks, access control, and validation
-- **Admin Dashboard** — Ready-to-use React admin UI (collection browser, document editor, global forms)
-- **Rich Text** — Lexical-based editor with 20+ features (bold, headings, lists, links, images, blocks)
-- **Security** — CORS, CSP, HSTS, RBAC/ABAC policy engine, encryption (AES-256-GCM), audit logging
-- **GDPR Compliance** — Consent management, data export, deletion, anonymization, breach reporting
-- **Observability** — Structured logging, process health monitoring, alert system, graceful shutdown
-- **Plugins** — Extensible plugin system (form builder, nested docs, redirects)
-- **Feature Gating** — Tier-based licensing (free, pro, max, enterprise/Forge) with JWT license keys
-- **Database** — PostgreSQL adapters (NeonDB + PGlite for testing), connection pooling, SSL/TLS
-- **Storage** — Pluggable storage interface (Vercel Blob adapter included)
+- **Collections & CRUD**  -  Define content types with field hooks, access control, and validation
+- **Admin Dashboard**  -  Ready-to-use React admin UI (collection browser, document editor, global forms)
+- **Rich Text Fields**  -  Lexical-powered content fields in the admin editor (bold, headings, lists, links, images, blocks)
+- **Security**  -  CORS, CSP, HSTS, RBAC/ABAC policy engine, encryption (AES-256-GCM), audit logging
+- **GDPR Compliance**  -  Consent management, data export, deletion, anonymization, breach reporting
+- **Observability**  -  Structured logging, process health monitoring, alert system, graceful shutdown
+- **Plugins**  -  Extensible plugin system (form builder, nested docs, redirects)
+- **Feature Gating**  -  Tier-based licensing (free, pro, max, enterprise/Forge) with JWT license keys
+- **Database**  -  PostgreSQL adapters (NeonDB + PGlite for testing), connection pooling, SSL/TLS
+- **Storage**  -  Pluggable storage interface (Vercel Blob adapter included)
 
 ## Installation
 
@@ -78,15 +84,15 @@ function App() {
 }
 ```
 
-### Rich Text
+### Rich Text Fields
 
-```typescript
-import { RichTextEditor, BoldFeature, HeadingFeature, ListFeature } from '@revealui/core/richtext/client'
+Rich text editing is available as a field type in the admin dashboard.
+Define a `richText` field in your collection schema  -  the admin UI renders
+a Lexical editor automatically. Not a standalone component.
 
-<RichTextEditor
-  features={[BoldFeature(), HeadingFeature(), ListFeature()]}
-  onChange={(json) => console.log(json)}
-/>
+```typescript
+// In your collection definition:
+defineField({ name: 'body', type: 'richText' })
 ```
 
 ### Feature Gating
@@ -150,20 +156,20 @@ pnpm dev
 - You're building a content-driven app and need collections, admin UI, and CRUD out of the box
 - You need RBAC/ABAC access control, GDPR compliance, or feature gating by license tier
 - You want a rich text editor (Lexical) integrated with your CMS
-- **Not** for standalone UI components — use `@revealui/presentation`
-- **Not** for raw database queries — use `@revealui/db` directly
+- **Not** for standalone UI components  -  use `@revealui/presentation`
+- **Not** for raw database queries  -  use `@revealui/db` directly
 
 ## JOSHUA Alignment
 
-- **Sovereign**: Self-hosted runtime engine — no SaaS dependency for content management, auth, or storage
+- **Sovereign**: Self-hosted runtime engine  -  no vendor dependency for content management, auth, or storage
 - **Unified**: One `buildConfig()` call wires collections, globals, plugins, security, and feature gates into a single configuration
 - **Adaptive**: Plugin system and tier-based feature gating let the platform evolve without breaking existing deployments
 
 ## Related
 
-- [Contracts Package](../contracts/README.md) — Zod schemas and TypeScript types
-- [DB Package](../db/README.md) — Drizzle ORM schema
-- [Auth Package](../auth/README.md) — Authentication system
+- [Contracts Package](../contracts/README.md)  -  Zod schemas and TypeScript types
+- [DB Package](../db/README.md)  -  Drizzle ORM schema
+- [Auth Package](../auth/README.md)  -  Authentication system
 - [Architecture Guide](../../docs/ARCHITECTURE.md)
 
 ## License

package/dist/api/compression.d.ts

@@ -3,7 +3,6 @@
  *
  * Implements gzip and brotli compression for API responses
  */
-import { type NextRequest, NextResponse } from 'next/server';
 interface CompressionOptions {
     threshold?: number;
     level?: number;
@@ -13,11 +12,11 @@ interface CompressionOptions {
 /**
  * Compress API response
  */
-export declare function compressResponse(request: NextRequest, response: NextResponse, options?: CompressionOptions): Promise<NextResponse>;
+export declare function compressResponse(request: Request, response: Response, options?: CompressionOptions): Promise<Response>;
 /**
  * Create compression middleware
  */
-export declare function createCompressionMiddleware(options?: CompressionOptions): (request: NextRequest, next: () => Promise<NextResponse>) => Promise<NextResponse<unknown>>;
+export declare function createCompressionMiddleware(options?: CompressionOptions): (request: Request, next: () => Promise<Response>) => Promise<Response>;
 /**
  * Calculate compression ratio
  */
@@ -75,7 +74,7 @@ export declare function decompressBody(body: Uint8Array, encoding: string): Prom
 /**
  * Check if compression is supported
  */
-export declare function isCompressionSupported(request: NextRequest): {
+export declare function isCompressionSupported(request: Request): {
     gzip: boolean;
     brotli: boolean;
 };

package/dist/api/compression.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"compression.d.ts","sourceRoot":"","sources":["../../src/api/compression.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,KAAK,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG7D,UAAU,kBAAkB;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AA4GD;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,WAAW,EACpB,QAAQ,EAAE,YAAY,EACtB,OAAO,GAAE,kBAAuB,GAC/B,OAAO,CAAC,YAAY,CAAC,CAuCvB;AAED;;GAEG;AACH,wBAAgB,2BAA2B,CAAC,OAAO,GAAE,kBAAuB,IAC5D,SAAS,WAAW,EAAE,MAAM,MAAM,OAAO,CAAC,YAAY,CAAC,oCAItE;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,YAAY,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,MAAM,CAExF;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,wBAAgB,mBAAmB,CACjC,YAAY,EAAE,MAAM,GAAG,UAAU,EACjC,cAAc,EAAE,UAAU,EAC1B,QAAQ,EAAE,MAAM,GACf,gBAAgB,CAelB;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6CtB,CAAC;AAEX;;GAEG;AACH,wBAAsB,YAAY,CAChC,IAAI,EAAE,OAAO,EACb,QAAQ,GAAE,MAAM,GAAG,IAAa,EAChC,KAAK,GAAE,MAAU,GAChB,OAAO,CAAC,UAAU,CAAC,CAGrB;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAkB5F;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,WAAW,GAAG;IAC5D,IAAI,EAAE,OAAO,CAAC;IACd,MAAM,EAAE,OAAO,CAAC;CACjB,CAOA"}
+{"version":3,"file":"compression.d.ts","sourceRoot":"","sources":["../../src/api/compression.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,UAAU,kBAAkB;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AA4GD;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,QAAQ,EAClB,OAAO,GAAE,kBAAuB,GAC/B,OAAO,CAAC,QAAQ,CAAC,CAuCnB;AAED;;GAEG;AACH,wBAAgB,2BAA2B,CAAC,OAAO,GAAE,kBAAuB,IAC5D,SAAS,OAAO,EAAE,MAAM,MAAM,OAAO,CAAC,QAAQ,CAAC,uBAI9D;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,YAAY,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,MAAM,CAExF;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,wBAAgB,mBAAmB,CACjC,YAAY,EAAE,MAAM,GAAG,UAAU,EACjC,cAAc,EAAE,UAAU,EAC1B,QAAQ,EAAE,MAAM,GACf,gBAAgB,CAelB;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6CtB,CAAC;AAEX;;GAEG;AACH,wBAAsB,YAAY,CAChC,IAAI,EAAE,OAAO,EACb,QAAQ,GAAE,MAAM,GAAG,IAAa,EAChC,KAAK,GAAE,MAAU,GAChB,OAAO,CAAC,UAAU,CAAC,CAGrB;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAkB5F;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,OAAO,GAAG;IACxD,IAAI,EAAE,OAAO,CAAC;IACd,MAAM,EAAE,OAAO,CAAC;CACjB,CAOA"}

package/dist/api/compression.js

@@ -3,7 +3,6 @@
  *
  * Implements gzip and brotli compression for API responses
  */
-import { NextResponse } from 'next/server';
 import { logger } from '../observability/logger.js';
 const DEFAULT_OPTIONS = {
     threshold: 1024, // 1KB minimum
@@ -108,7 +107,7 @@ export async function compressResponse(request, response, options = {}) {
         // Compress body
         const compressed = await compressBody(body, encoding, opts.level || 6);
         // Create new response with compressed body
-        const newResponse = new NextResponse(compressed, {
+        const newResponse = new Response(compressed, {
             status: response.status,
             statusText: response.statusText,
             headers: response.headers,

package/dist/api/rate-limit.d.ts

@@ -3,13 +3,12 @@
  *
  * Implements rate limiting to prevent API abuse
  */
-import { type NextRequest, NextResponse } from 'next/server';
 interface RateLimitConfig {
     windowMs: number;
     maxRequests: number;
-    keyGenerator?: (request: NextRequest) => string;
-    skip?: (request: NextRequest) => boolean;
-    handler?: (request: NextRequest) => NextResponse;
+    keyGenerator?: (request: Request) => string;
+    skip?: (request: Request) => boolean;
+    handler?: (request: Request) => Response;
 }
 interface RateLimitEntry {
     count: number;
@@ -18,7 +17,7 @@ interface RateLimitEntry {
 /**
  * Check if rate limit exceeded
  */
-export declare function checkRateLimit(request: NextRequest, config: RateLimitConfig): {
+export declare function checkRateLimit(request: Request, config: RateLimitConfig): {
     allowed: boolean;
     limit: number;
     remaining: number;
@@ -27,7 +26,7 @@ export declare function checkRateLimit(request: NextRequest, config: RateLimitCo
 /**
  * Create rate limit middleware
  */
-export declare function createRateLimitMiddleware(config: RateLimitConfig): (request: NextRequest, next: () => Promise<NextResponse>) => Promise<NextResponse<unknown>>;
+export declare function createRateLimitMiddleware(config: RateLimitConfig): (request: Request, next: () => Promise<Response>) => Promise<Response>;
 /**
  * Cleanup expired rate limit entries across all stores
  */
@@ -68,7 +67,7 @@ export declare function getRateLimitPresets(): Readonly<Record<string, RateLimit
  */
 export declare function resetRateLimitPresets(): void;
 /**
- * Rate limit presets — backward-compatible accessor.
+ * Rate limit presets  -  backward-compatible accessor.
  *
  * Reads from the mutable `rateLimitPresets` so overrides from
  * `configureRateLimitPresets()` are reflected automatically.
@@ -77,21 +76,21 @@ export declare const RATE_LIMIT_PRESETS: Record<string, RateLimitPresetConfig>;
 /**
  * Rate limit by user ID
  */
-export declare function createUserRateLimit(config: Omit<RateLimitConfig, 'keyGenerator'>): (request: NextRequest, next: () => Promise<NextResponse>) => Promise<NextResponse<unknown>>;
+export declare function createUserRateLimit(config: Omit<RateLimitConfig, 'keyGenerator'>): (request: Request, next: () => Promise<Response>) => Promise<Response>;
 /**
  * Rate limit by API key
  */
-export declare function createAPIKeyRateLimit(config: Omit<RateLimitConfig, 'keyGenerator'>): (request: NextRequest, next: () => Promise<NextResponse>) => Promise<NextResponse<unknown>>;
+export declare function createAPIKeyRateLimit(config: Omit<RateLimitConfig, 'keyGenerator'>): (request: Request, next: () => Promise<Response>) => Promise<Response>;
 /**
  * Rate limit by endpoint
  */
-export declare function createEndpointRateLimit(config: Omit<RateLimitConfig, 'keyGenerator'>): (request: NextRequest, next: () => Promise<NextResponse>) => Promise<NextResponse<unknown>>;
-export declare function checkSlidingWindowRateLimit(request: NextRequest, config: RateLimitConfig): {
+export declare function createEndpointRateLimit(config: Omit<RateLimitConfig, 'keyGenerator'>): (request: Request, next: () => Promise<Response>) => Promise<Response>;
+export declare function checkSlidingWindowRateLimit(request: Request, config: RateLimitConfig): {
     allowed: boolean;
     limit: number;
     remaining: number;
 };
-export declare function checkTokenBucketRateLimit(request: NextRequest, config: RateLimitConfig & {
+export declare function checkTokenBucketRateLimit(request: Request, config: RateLimitConfig & {
     refillRate: number;
 }): {
     allowed: boolean;

package/dist/api/rate-limit.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../src/api/rate-limit.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,KAAK,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG7D,UAAU,eAAe;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,CAAC,OAAO,EAAE,WAAW,KAAK,MAAM,CAAC;IAChD,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC;IACzC,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,WAAW,KAAK,YAAY,CAAC;CAClD;AAED,UAAU,cAAc;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AA6BD;;GAEG;AACH,wBAAgB,cAAc,CAC5B,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,eAAe,GACtB;IACD,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB,CA0CA;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,eAAe,IACjD,SAAS,WAAW,EAAE,MAAM,MAAM,OAAO,CAAC,YAAY,CAAC,oCAiBtE;AA8BD;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,CA6B1C;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,UAAU,GAAE,MAAc,GAAG,MAAM,CAAC,OAAO,CAOhF;AAED;;GAEG;AACH,wBAAgB,iBAAiB;;;;EAkBhC;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,kCAAkC;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,kCAAkC;IAClC,WAAW,EAAE,MAAM,CAAC;CACrB;AAgDD;;;;GAIG;AACH,wBAAgB,yBAAyB,CACvC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,qBAAqB,CAAC,CAAC,GACxD,IAAI,CAQN;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC,CAErF;AAED;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,IAAI,CAE5C;AAED;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,uCAoB7B,CAAC;AAEH;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,IAAI,CAAC,eAAe,EAAE,cAAc,CAAC,aA1OxD,WAAW,QAAQ,MAAM,OAAO,CAAC,YAAY,CAAC,oCAmPtE;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,IAAI,CAAC,eAAe,EAAE,cAAc,CAAC,aAxP1D,WAAW,QAAQ,MAAM,OAAO,CAAC,YAAY,CAAC,oCAgQtE;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,IAAI,CAAC,eAAe,EAAE,cAAc,CAAC,aArQ5D,WAAW,QAAQ,MAAM,OAAO,CAAC,YAAY,CAAC,oCA+QtE;AAWD,wBAAgB,2BAA2B,CACzC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,eAAe,GACtB;IACD,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB,CA4BA;AAYD,wBAAgB,yBAAyB,CACvC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,eAAe,GAAG;IAAE,UAAU,EAAE,MAAM,CAAA;CAAE,GAC/C;IACD,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB,CAqCA;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAIhD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,IAAI,CAIzC;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI,CAEnE"}
+{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../src/api/rate-limit.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,UAAU,eAAe;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,MAAM,CAAC;IAC5C,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC;IACrC,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,QAAQ,CAAC;CAC1C;AAED,UAAU,cAAc;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AA6BD;;GAEG;AACH,wBAAgB,cAAc,CAC5B,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,eAAe,GACtB;IACD,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB,CA0CA;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,eAAe,IACjD,SAAS,OAAO,EAAE,MAAM,MAAM,OAAO,CAAC,QAAQ,CAAC,uBAiB9D;AA8BD;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,CA6B1C;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,UAAU,GAAE,MAAc,GAAG,MAAM,CAAC,OAAO,CAOhF;AAED;;GAEG;AACH,wBAAgB,iBAAiB;;;;EAkBhC;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,kCAAkC;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,kCAAkC;IAClC,WAAW,EAAE,MAAM,CAAC;CACrB;AAgDD;;;;GAIG;AACH,wBAAgB,yBAAyB,CACvC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,qBAAqB,CAAC,CAAC,GACxD,IAAI,CAQN;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC,CAErF;AAED;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,IAAI,CAE5C;AAED;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,uCAoB7B,CAAC;AAEH;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,IAAI,CAAC,eAAe,EAAE,cAAc,CAAC,aA1OxD,OAAO,QAAQ,MAAM,OAAO,CAAC,QAAQ,CAAC,uBAmP9D;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,IAAI,CAAC,eAAe,EAAE,cAAc,CAAC,aAxP1D,OAAO,QAAQ,MAAM,OAAO,CAAC,QAAQ,CAAC,uBAgQ9D;AAED;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,IAAI,CAAC,eAAe,EAAE,cAAc,CAAC,aArQ5D,OAAO,QAAQ,MAAM,OAAO,CAAC,QAAQ,CAAC,uBA+Q9D;AAWD,wBAAgB,2BAA2B,CACzC,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,eAAe,GACtB;IACD,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB,CA4BA;AAYD,wBAAgB,yBAAyB,CACvC,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,eAAe,GAAG;IAAE,UAAU,EAAE,MAAM,CAAA;CAAE,GAC/C;IACD,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB,CAqCA;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAIhD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,IAAI,CAIzC;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI,CAEnE"}

package/dist/api/rate-limit.js

@@ -3,11 +3,10 @@
  *
  * Implements rate limiting to prevent API abuse
  */
-import { NextResponse } from 'next/server';
 import { logger } from '../observability/logger.js';
-// WARNING: In-memory store — resets on every serverless cold start or process restart.
+// WARNING: In-memory store  -  resets on every serverless cold start or process restart.
 // This module is NOT used by any app in production (API uses apps/api/src/middleware/rate-limit.ts,
-// CMS uses @revealui/auth/server which is DB-backed). Exported for framework consumers only.
+// admin uses @revealui/auth/server which is DB-backed). Exported for framework consumers only.
 // Replace with a database-backed store before using in production.
 const rateLimitStore = new Map();
 /**
@@ -24,7 +23,7 @@ function defaultKeyGenerator(request) {
     if (realIp) {
         return realIp;
     }
-    // Fallback to unknown (NextRequest doesn't have ip property)
+    // Fallback to unknown (Request doesn't have ip property)
     return 'unknown';
 }
 /**
@@ -90,7 +89,7 @@ export function createRateLimitMiddleware(config) {
  */
 function createRateLimitResponse(result) {
     const retryAfter = Math.ceil((result.resetTime - Date.now()) / 1000);
-    return NextResponse.json({
+    return Response.json({
         error: 'Too Many Requests',
         message: 'Rate limit exceeded. Please try again later.',
         limit: result.limit,
@@ -231,7 +230,7 @@ export function resetRateLimitPresets() {
     rateLimitPresets = { ...DEFAULT_RATE_LIMIT_PRESETS };
 }
 /**
- * Rate limit presets — backward-compatible accessor.
+ * Rate limit presets  -  backward-compatible accessor.
  *
  * Reads from the mutable `rateLimitPresets` so overrides from
  * `configureRateLimitPresets()` are reflected automatically.

package/dist/api/response-cache.d.ts

@@ -3,7 +3,6 @@
  *
  * Implements HTTP caching for API responses
  */
-import { type NextRequest, NextResponse } from 'next/server';
 interface CacheOptions {
     ttl?: number;
     staleWhileRevalidate?: number;
@@ -15,15 +14,15 @@ interface CacheOptions {
 /**
  * Generate cache key from request
  */
-export declare function generateCacheKey(request: NextRequest): string;
+export declare function generateCacheKey(request: Request): string;
 /**
  * Get cached response
  */
-export declare function getCachedResponse(request: NextRequest): Promise<NextResponse | null>;
+export declare function getCachedResponse(request: Request): Promise<Response | null>;
 /**
  * Set cached response
  */
-export declare function setCachedResponse(request: NextRequest, response: NextResponse, options?: CacheOptions): Promise<void>;
+export declare function setCachedResponse(request: Request, response: Response, options?: CacheOptions): Promise<void>;
 /**
  * Invalidate cache by key
  */
@@ -43,11 +42,11 @@ export declare function clearCache(): void;
 /**
  * Set Cache-Control headers
  */
-export declare function setCacheHeaders(response: NextResponse, options: CacheOptions): NextResponse;
+export declare function setCacheHeaders(response: Response, options: CacheOptions): Response;
 /**
  * Create caching middleware
  */
-export declare function createCacheMiddleware(options?: CacheOptions): (request: NextRequest, next: () => Promise<NextResponse>) => Promise<NextResponse<unknown>>;
+export declare function createCacheMiddleware(options?: CacheOptions): (request: Request, next: () => Promise<Response>) => Promise<Response>;
 /**
  * Get cache statistics
  */
@@ -69,15 +68,15 @@ export declare function startCacheCleanup(intervalMs?: number): NodeJS.Timeout;
 /**
  * Cache response with ETag
  */
-export declare function withETag(response: NextResponse, content: string): NextResponse;
+export declare function withETag(response: Response, content: string): Response;
 /**
  * Check if request has matching ETag
  */
-export declare function checkETag(request: NextRequest, etag: string): boolean;
+export declare function checkETag(request: Request, etag: string): boolean;
 /**
  * Create 304 Not Modified response
  */
-export declare function createNotModifiedResponse(): NextResponse;
+export declare function createNotModifiedResponse(): Response;
 /**
  * Cache presets for common scenarios
  */

package/dist/api/response-cache.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"response-cache.d.ts","sourceRoot":"","sources":["../../src/api/response-cache.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,KAAK,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG7D,UAAU,YAAY;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAiBD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,WAAW,GAAG,MAAM,CAW7D;AAyBD;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,OAAO,EAAE,WAAW,GAAG,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CA0B1F;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,WAAW,EACpB,QAAQ,EAAE,YAAY,EACtB,OAAO,GAAE,YAAiB,GACzB,OAAO,CAAC,IAAI,CAAC,CAyBf;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAEpD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAY9D;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,CAW1D;AAED;;GAEG;AACH,wBAAgB,UAAU,IAAI,IAAI,CAEjC;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,YAAY,GAAG,YAAY,CA6B3F;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,GAAE,YAAiB,IAChD,SAAS,WAAW,EAAE,MAAM,MAAM,OAAO,CAAC,YAAY,CAAC,oCAqBtE;AAED;;GAEG;AACH,wBAAgB,aAAa;;;;;;EA0B5B;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,CAc1C;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,GAAE,MAAc,GAAG,MAAM,CAAC,OAAO,CAO5E;AAED;;GAEG;AACH,wBAAgB,QAAQ,CAAC,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,GAAG,YAAY,CAQ9E;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAGrE;AAED;;GAEG;AACH,wBAAgB,yBAAyB,IAAI,YAAY,CAKxD;AAED;;GAEG;AACH,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+ChB,CAAC;AAEX;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,CAAC,EACtC,GAAG,EAAE,MAAM,EACX,UAAU,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EAC5B,OAAO,GAAE,YAAiB,GACzB,OAAO,CAAC;IAAE,IAAI,EAAE,CAAC,CAAC;IAAC,MAAM,EAAE,OAAO,CAAA;CAAE,CAAC,CAsCvC"}
+{"version":3,"file":"response-cache.d.ts","sourceRoot":"","sources":["../../src/api/response-cache.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,UAAU,YAAY;IACpB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAiBD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,OAAO,GAAG,MAAM,CAWzD;AAyBD;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CA0BlF;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,OAAO,EAChB,QAAQ,EAAE,QAAQ,EAClB,OAAO,GAAE,YAAiB,GACzB,OAAO,CAAC,IAAI,CAAC,CAyBf;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAEpD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAc9D;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,CAW1D;AAED;;GAEG;AACH,wBAAgB,UAAU,IAAI,IAAI,CAEjC;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,YAAY,GAAG,QAAQ,CA6BnF;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,GAAE,YAAiB,IAChD,SAAS,OAAO,EAAE,MAAM,MAAM,OAAO,CAAC,QAAQ,CAAC,uBAqB9D;AAED;;GAEG;AACH,wBAAgB,aAAa;;;;;;EA0B5B;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,CAc1C;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,GAAE,MAAc,GAAG,MAAM,CAAC,OAAO,CAO5E;AAED;;GAEG;AACH,wBAAgB,QAAQ,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,GAAG,QAAQ,CAQtE;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAGjE;AAED;;GAEG;AACH,wBAAgB,yBAAyB,IAAI,QAAQ,CAKpD;AAED;;GAEG;AACH,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+ChB,CAAC;AAEX;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,CAAC,EACtC,GAAG,EAAE,MAAM,EACX,UAAU,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EAC5B,OAAO,GAAE,YAAiB,GACzB,OAAO,CAAC;IAAE,IAAI,EAAE,CAAC,CAAC;IAAC,MAAM,EAAE,OAAO,CAAA;CAAE,CAAC,CAsCvC"}

package/dist/api/response-cache.js

@@ -3,7 +3,6 @@
  *
  * Implements HTTP caching for API responses
  */
-import { NextResponse } from 'next/server';
 import { logger } from '../observability/logger.js';
 // In-memory cache store (no external cache dependency needed)
 const cacheStore = new Map();
@@ -58,7 +57,7 @@ export async function getCachedResponse(request) {
     const headers = new Headers(entry.response.headers);
     headers.set('X-Cache', 'HIT');
     headers.set('Age', age.toString());
-    return new NextResponse(entry.response.body, {
+    return new Response(entry.response.body, {
         status: entry.response.status,
         statusText: entry.response.statusText,
         headers,
@@ -100,7 +99,9 @@ export function invalidateCacheKey(key) {
  */
 export function invalidateCachePattern(pattern) {
     let count = 0;
-    const regex = new RegExp(pattern.replace('*', '.*'));
+    // Escape all regex special characters, then convert glob wildcards (*) to .*
+    const escaped = pattern.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+    const regex = new RegExp(`^${escaped.replaceAll('\\*', '.*')}$`);
     for (const key of cacheStore.keys()) {
         if (regex.test(key)) {
             cacheStore.delete(key);
@@ -248,7 +249,7 @@ export function checkETag(request, etag) {
  * Create 304 Not Modified response
  */
 export function createNotModifiedResponse() {
-    return new NextResponse(null, {
+    return new Response(null, {
         status: 304,
         statusText: 'Not Modified',
     });

package/dist/api/rest.d.ts

@@ -1,7 +1,7 @@
 /**
  * RevealUI REST API Implementation
  *
- * Based on RevealUI CMS REST API but adapted for RevealUI.
+ * Based on RevealUI admin REST API but adapted for RevealUI.
  *
  * WARNING: This module is server-only.
  * Do NOT import in client-side code or edge runtime.

package/dist/api/rest.js

@@ -1,7 +1,7 @@
 /**
  * RevealUI REST API Implementation
  *
- * Based on RevealUI CMS REST API but adapted for RevealUI.
+ * Based on RevealUI admin REST API but adapted for RevealUI.
  *
  * WARNING: This module is server-only.
  * Do NOT import in client-side code or edge runtime.
@@ -24,7 +24,7 @@ function parseQueryParams(searchParams) {
     if (fallbackLocale) {
         options.fallbackLocale = fallbackLocale;
     }
-    // Parse overrideAccess — SECURITY: This flag bypasses collection access control.
+    // Parse overrideAccess  -  SECURITY: This flag bypasses collection access control.
     // It is stripped from external API requests below to prevent abuse.
     // Only server-side code should set overrideAccess=true (e.g., internal hooks, seed scripts).
     const overrideAccess = searchParams.get('overrideAccess');

package/dist/cache/query-cache.d.ts

@@ -2,7 +2,7 @@
  * Query Result Caching
  *
  * In-memory Map-based cache for database queries. No external dependencies
- * (Redis, Memcached, etc.) — RevealUI uses PostgreSQL + ElectricSQL/PGlite
+ * (Redis, Memcached, etc.)  -  RevealUI uses PostgreSQL + ElectricSQL/PGlite
  * for all persistence and sync.
  */
 interface CacheOptions {

package/dist/cache/query-cache.js

@@ -2,7 +2,7 @@
  * Query Result Caching
  *
  * In-memory Map-based cache for database queries. No external dependencies
- * (Redis, Memcached, etc.) — RevealUI uses PostgreSQL + ElectricSQL/PGlite
+ * (Redis, Memcached, etc.)  -  RevealUI uses PostgreSQL + ElectricSQL/PGlite
  * for all persistence and sync.
  */
 import { logger } from '../observability/logger.js';

package/dist/caching/index.d.ts

@@ -1,5 +1,5 @@
 /**
- * Caching utilities — re-exported from @revealui/cache
+ * Caching utilities  -  re-exported from @revealui/cache
  * New code should import directly from '@revealui/cache'.
  */
 export * from '@revealui/cache';

package/dist/caching/index.js

@@ -1,5 +1,5 @@
 /**
- * Caching utilities — re-exported from @revealui/cache
+ * Caching utilities  -  re-exported from @revealui/cache
  * New code should import directly from '@revealui/cache'.
  */
 export * from '@revealui/cache';

package/dist/client/admin/components/AdminDashboard.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AdminDashboard.d.ts","sourceRoot":"","sources":["../../../../src/client/admin/components/AdminDashboard.tsx"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAEV,YAAY,EAGb,MAAM,yBAAyB,CAAC;AAUjC,UAAU,mBAAmB;IAC3B,MAAM,EAAE,YAAY,CAAC;CACtB;AA6XD,wBAAgB,cAAc,CAAC,EAAE,MAAM,EAAE,EAAE,mBAAmB,2CAqS7D"}
+{"version":3,"file":"AdminDashboard.d.ts","sourceRoot":"","sources":["../../../../src/client/admin/components/AdminDashboard.tsx"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAEV,YAAY,EAGb,MAAM,yBAAyB,CAAC;AAUjC,UAAU,mBAAmB;IAC3B,MAAM,EAAE,YAAY,CAAC;CACtB;AA6XD,wBAAgB,cAAc,CAAC,EAAE,MAAM,EAAE,EAAE,mBAAmB,2CAkV7D"}

package/dist/client/admin/components/AdminDashboard.js

@@ -72,7 +72,7 @@ function SignOutButton() {
             });
         }
         catch {
-            // Sign out even if the API call fails — clear client state regardless
+            // Sign out even if the API call fails  -  clear client state regardless
         }
         window.location.href = '/login';
     }, []);
@@ -82,7 +82,7 @@ function SignOutButton() {
 // Dashboard home view
 // =============================================================================
 function DashboardHome({ collections, globals, onCollectionClick, onGlobalClick, }) {
-    return (_jsxs("div", { className: "min-h-screen bg-gray-50", children: [_jsx("header", { className: "bg-white shadow-sm border-b", children: _jsx("div", { className: "max-w-7xl mx-auto px-4 sm:px-6 lg:px-8", children: _jsxs("div", { className: "flex justify-between items-center py-4", children: [_jsx("div", { className: "flex items-center", children: _jsx("h1", { className: "text-2xl font-bold text-gray-900", children: "RevealUI Admin" }) }), _jsxs("div", { className: "flex items-center space-x-4", children: [_jsx("span", { className: "text-sm text-gray-500", children: "v0.1.0" }), _jsx(SignOutButton, {})] })] }) }) }), _jsx("main", { className: "max-w-7xl mx-auto py-6 sm:px-6 lg:px-8", children: _jsx("div", { className: "px-4 py-6 sm:px-0", children: _jsxs("div", { className: "grid grid-cols-1 gap-6 sm:grid-cols-2 lg:grid-cols-3", children: [_jsxs("div", { className: "bg-white overflow-hidden shadow rounded-lg", children: [_jsx("div", { className: "p-5", children: _jsxs("div", { className: "flex items-center", children: [_jsx("div", { className: "flex-shrink-0", children: _jsxs("svg", { className: "h-8 w-8 text-gray-400", "aria-label": "Collections", fill: "none", stroke: "currentColor", viewBox: "0 0 24 24", role: "img", children: [_jsx("title", { children: "Collections" }), _jsx("path", { strokeLinecap: "round", strokeLinejoin: "round", strokeWidth: 2, d: "M19 11H5m14 0a2 2 0 012 2v6a2 2 0 01-2 2H5a2 2 0 01-2-2v-6a2 2 0 012-2m14 0V9a2 2 0 00-2-2M5 11V9a2 2 0 012-2m0 0V5a2 2 0 012-2h6a2 2 0 012 2v2M7 7h10" })] }) }), _jsx("div", { className: "ml-5 w-0 flex-1", children: _jsxs("dl", { children: [_jsx("dt", { className: "text-sm font-medium text-gray-500 truncate", children: "Collections" }), _jsx("dd", { className: "text-lg font-medium text-gray-900", children: collections.length })] }) })] }) }), _jsx("div", { className: "bg-gray-50 px-5 py-3", children: _jsx("div", { className: "text-sm", children: collections.length > 0 ? (_jsx("ul", { className: "space-y-1 max-h-48 overflow-y-auto", children: collections.map((collection) => (_jsx("li", { className: "text-gray-600 hover:text-gray-900", children: _jsx("button", { type: "button", onClick: () => onCollectionClick(collection), className: "hover:underline cursor-pointer", children: String(collection.slug) }) }, String(collection.slug)))) })) : (_jsx("p", { className: "text-gray-500", children: "No collections configured" })) }) })] }), _jsxs("div", { className: "bg-white overflow-hidden shadow rounded-lg", children: [_jsx("div", { className: "p-5", children: _jsxs("div", { className: "flex items-center", children: [_jsx("div", { className: "flex-shrink-0", children: _jsxs("svg", { className: "h-8 w-8 text-gray-400", fill: "none", stroke: "currentColor", viewBox: "0 0 24 24", "aria-labelledby": "globals-icon-title", role: "img", children: [_jsx("title", { id: "globals-icon-title", children: "Globals" }), _jsx("path", { strokeLinecap: "round", strokeLinejoin: "round", strokeWidth: 2, d: "M12 6V4m0 2a2 2 0 100 4m0-4a2 2 0 110 4m-6 8a2 2 0 100-4m0 4a2 2 0 100 4m0-4v2m0-6V4m6 6v10m6-2a2 2 0 100-4m0 4a2 2 0 100 4m0-4v2m0-6V4" })] }) }), _jsx("div", { className: "ml-5 w-0 flex-1", children: _jsxs("dl", { children: [_jsx("dt", { className: "text-sm font-medium text-gray-500 truncate", children: "Globals" }), _jsx("dd", { className: "text-lg font-medium text-gray-900", children: globals.length })] }) })] }) }), _jsx("div", { className: "bg-gray-50 px-5 py-3", children: _jsx("div", { className: "text-sm", children: globals.length > 0 ? (_jsx("ul", { className: "space-y-1 max-h-32 overflow-y-auto", children: globals.map((global) => (_jsx("li", { className: "text-gray-600 hover:text-gray-900", children: _jsx("button", { type: "button", onClick: () => onGlobalClick(global), className: "hover:underline cursor-pointer", children: global.label || String(global.slug) }) }, String(global.slug)))) })) : (_jsx("p", { className: "text-gray-500", children: "No globals configured" })) }) })] }), _jsxs("div", { className: "bg-white overflow-hidden shadow rounded-lg", children: [_jsx("div", { className: "p-5", children: _jsxs("div", { className: "flex items-center", children: [_jsx("div", { className: "flex-shrink-0", children: _jsx("div", { className: "h-8 w-8 bg-green-100 rounded-full flex items-center justify-center", children: _jsxs("svg", { className: "h-5 w-5 text-green-600", fill: "none", stroke: "currentColor", viewBox: "0 0 24 24", "aria-labelledby": "system-status-icon-title", role: "img", children: [_jsx("title", { id: "system-status-icon-title", children: "System Status: Healthy" }), _jsx("path", { strokeLinecap: "round", strokeLinejoin: "round", strokeWidth: 2, d: "M5 13l4 4L19 7" })] }) }) }), _jsx("div", { className: "ml-5 w-0 flex-1", children: _jsxs("dl", { children: [_jsx("dt", { className: "text-sm font-medium text-gray-500 truncate", children: "System Status" }), _jsx("dd", { className: "text-lg font-medium text-gray-900", children: "Healthy" })] }) })] }) }), _jsx("div", { className: "bg-gray-50 px-5 py-3", children: _jsx("div", { className: "text-sm text-gray-600", children: "RevealUI CMS is running successfully" }) })] })] }) }) })] }));
+    return (_jsxs("div", { className: "min-h-screen bg-gray-50", children: [_jsx("header", { className: "bg-white shadow-sm border-b", children: _jsx("div", { className: "max-w-7xl mx-auto px-4 sm:px-6 lg:px-8", children: _jsxs("div", { className: "flex justify-between items-center py-4", children: [_jsx("div", { className: "flex items-center", children: _jsx("h1", { className: "text-2xl font-bold text-gray-900", children: "RevealUI Admin" }) }), _jsxs("div", { className: "flex items-center space-x-4", children: [_jsx("span", { className: "text-sm text-gray-500", children: "v0.1.0" }), _jsx(SignOutButton, {})] })] }) }) }), _jsx("main", { className: "max-w-7xl mx-auto py-6 sm:px-6 lg:px-8", children: _jsx("div", { className: "px-4 py-6 sm:px-0", children: _jsxs("div", { className: "grid grid-cols-1 gap-6 sm:grid-cols-2 lg:grid-cols-3", children: [_jsxs("div", { className: "bg-white overflow-hidden shadow rounded-lg", children: [_jsx("div", { className: "p-5", children: _jsxs("div", { className: "flex items-center", children: [_jsx("div", { className: "flex-shrink-0", children: _jsxs("svg", { className: "h-8 w-8 text-gray-400", "aria-label": "Collections", fill: "none", stroke: "currentColor", viewBox: "0 0 24 24", role: "img", children: [_jsx("title", { children: "Collections" }), _jsx("path", { strokeLinecap: "round", strokeLinejoin: "round", strokeWidth: 2, d: "M19 11H5m14 0a2 2 0 012 2v6a2 2 0 01-2 2H5a2 2 0 01-2-2v-6a2 2 0 012-2m14 0V9a2 2 0 00-2-2M5 11V9a2 2 0 012-2m0 0V5a2 2 0 012-2h6a2 2 0 012 2v2M7 7h10" })] }) }), _jsx("div", { className: "ml-5 w-0 flex-1", children: _jsxs("dl", { children: [_jsx("dt", { className: "text-sm font-medium text-gray-500 truncate", children: "Collections" }), _jsx("dd", { className: "text-lg font-medium text-gray-900", children: collections.length })] }) })] }) }), _jsx("div", { className: "bg-gray-50 px-5 py-3", children: _jsx("div", { className: "text-sm", children: collections.length > 0 ? (_jsx("ul", { className: "space-y-1 max-h-48 overflow-y-auto", children: collections.map((collection) => (_jsx("li", { className: "text-gray-600 hover:text-gray-900", children: _jsx("button", { type: "button", onClick: () => onCollectionClick(collection), className: "hover:underline cursor-pointer", children: String(collection.slug) }) }, String(collection.slug)))) })) : (_jsx("p", { className: "text-gray-500", children: "No collections configured" })) }) })] }), _jsxs("div", { className: "bg-white overflow-hidden shadow rounded-lg", children: [_jsx("div", { className: "p-5", children: _jsxs("div", { className: "flex items-center", children: [_jsx("div", { className: "flex-shrink-0", children: _jsxs("svg", { className: "h-8 w-8 text-gray-400", fill: "none", stroke: "currentColor", viewBox: "0 0 24 24", "aria-labelledby": "globals-icon-title", role: "img", children: [_jsx("title", { id: "globals-icon-title", children: "Globals" }), _jsx("path", { strokeLinecap: "round", strokeLinejoin: "round", strokeWidth: 2, d: "M12 6V4m0 2a2 2 0 100 4m0-4a2 2 0 110 4m-6 8a2 2 0 100-4m0 4a2 2 0 100 4m0-4v2m0-6V4m6 6v10m6-2a2 2 0 100-4m0 4a2 2 0 100 4m0-4v2m0-6V4" })] }) }), _jsx("div", { className: "ml-5 w-0 flex-1", children: _jsxs("dl", { children: [_jsx("dt", { className: "text-sm font-medium text-gray-500 truncate", children: "Globals" }), _jsx("dd", { className: "text-lg font-medium text-gray-900", children: globals.length })] }) })] }) }), _jsx("div", { className: "bg-gray-50 px-5 py-3", children: _jsx("div", { className: "text-sm", children: globals.length > 0 ? (_jsx("ul", { className: "space-y-1 max-h-32 overflow-y-auto", children: globals.map((global) => (_jsx("li", { className: "text-gray-600 hover:text-gray-900", children: _jsx("button", { type: "button", onClick: () => onGlobalClick(global), className: "hover:underline cursor-pointer", children: global.label || String(global.slug) }) }, String(global.slug)))) })) : (_jsx("p", { className: "text-gray-500", children: "No globals configured" })) }) })] }), _jsxs("div", { className: "bg-white overflow-hidden shadow rounded-lg", children: [_jsx("div", { className: "p-5", children: _jsxs("div", { className: "flex items-center", children: [_jsx("div", { className: "flex-shrink-0", children: _jsx("div", { className: "h-8 w-8 bg-green-100 rounded-full flex items-center justify-center", children: _jsxs("svg", { className: "h-5 w-5 text-green-600", fill: "none", stroke: "currentColor", viewBox: "0 0 24 24", "aria-labelledby": "system-status-icon-title", role: "img", children: [_jsx("title", { id: "system-status-icon-title", children: "System Status: Healthy" }), _jsx("path", { strokeLinecap: "round", strokeLinejoin: "round", strokeWidth: 2, d: "M5 13l4 4L19 7" })] }) }) }), _jsx("div", { className: "ml-5 w-0 flex-1", children: _jsxs("dl", { children: [_jsx("dt", { className: "text-sm font-medium text-gray-500 truncate", children: "System Status" }), _jsx("dd", { className: "text-lg font-medium text-gray-900", children: "Healthy" })] }) })] }) }), _jsx("div", { className: "bg-gray-50 px-5 py-3", children: _jsx("div", { className: "text-sm text-gray-600", children: "RevealUI admin is running successfully" }) })] })] }) }) })] }));
 }
 // =============================================================================
 // Error handling helpers
@@ -185,6 +185,49 @@ export function AdminDashboard({ config }) {
             });
         }
     };
+    const handleBulkDelete = async (ids) => {
+        if (!state.view.collection)
+            return;
+        const confirmed = window.confirm(`Are you sure you want to delete ${ids.length} ${String(state.view.collection.slug)}? This action cannot be undone.`);
+        if (!confirmed)
+            return;
+        try {
+            dispatch({ type: 'SET_ERROR', error: null });
+            await apiClient.batchDelete({
+                collection: String(state.view.collection.slug),
+                ids,
+            });
+            if (state.view.collection) {
+                await fetchCollection(state.view.collection, state.page);
+            }
+            dispatch({ type: 'SET_SUCCESS', message: `${ids.length} documents deleted` });
+        }
+        catch (err) {
+            const msg = extractErrorMessage(err, 'Bulk delete failed. Please try again.');
+            logApiError(err, 'Bulk delete failed');
+            dispatch({ type: 'SET_ERROR', error: msg });
+        }
+    };
+    const handleBulkPublish = async (ids) => {
+        if (!state.view.collection)
+            return;
+        try {
+            dispatch({ type: 'SET_ERROR', error: null });
+            await apiClient.batchUpdate({
+                collection: String(state.view.collection.slug),
+                items: ids.map((id) => ({ id, status: 'published' })),
+            });
+            if (state.view.collection) {
+                await fetchCollection(state.view.collection, state.page);
+            }
+            dispatch({ type: 'SET_SUCCESS', message: `${ids.length} documents published` });
+        }
+        catch (err) {
+            const msg = extractErrorMessage(err, 'Bulk publish failed. Please try again.');
+            logApiError(err, 'Bulk publish failed');
+            dispatch({ type: 'SET_ERROR', error: msg });
+        }
+    };
     const handleDelete = async (document) => {
         if (!(state.view.collection && document.id))
             return;
@@ -293,7 +336,7 @@ export function AdminDashboard({ config }) {
                                 const collection = state.view.collection;
                                 if (collection)
                                     void fetchCollection(collection, nextPage);
-                            }, deleting: state.deleting })] })] }));
+                            }, deleting: state.deleting, onBulkDelete: (ids) => void handleBulkDelete(ids), onBulkPublish: (ids) => void handleBulkPublish(ids) })] })] }));
     }
     // ── Document edit/create view ─────────────────────────────────────────
     if (state.view.type === 'edit' && state.view.collection) {

package/dist/client/admin/components/CollectionList.d.ts

@@ -10,7 +10,9 @@ interface CollectionListProps {
     onDelete: (doc: RevealDocument) => void;
     onPageChange: (page: number) => void;
     deleting?: string | null;
+    onBulkDelete?: (ids: string[]) => void;
+    onBulkPublish?: (ids: string[]) => void;
 }
-export declare function CollectionList({ collection, documents, totalDocs, page, totalPages, onCreate, onEdit, onDelete, onPageChange, deleting, }: CollectionListProps): import("react/jsx-runtime").JSX.Element;
+export declare function CollectionList({ collection, documents, totalDocs, page, totalPages, onCreate, onEdit, onDelete, onPageChange, deleting, onBulkDelete, onBulkPublish, }: CollectionListProps): import("react/jsx-runtime").JSX.Element;
 export {};
 //# sourceMappingURL=CollectionList.d.ts.map

package/dist/client/admin/components/CollectionList.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"CollectionList.d.ts","sourceRoot":"","sources":["../../../../src/client/admin/components/CollectionList.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,sBAAsB,EACtB,cAAc,EAEf,MAAM,yBAAyB,CAAC;AAoCjC,UAAU,mBAAmB;IAC3B,UAAU,EAAE,sBAAsB,CAAC;IACnC,SAAS,EAAE,cAAc,EAAE,CAAC;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,IAAI,CAAC;IACrB,MAAM,EAAE,CAAC,GAAG,EAAE,cAAc,KAAK,IAAI,CAAC;IACtC,QAAQ,EAAE,CAAC,GAAG,EAAE,cAAc,KAAK,IAAI,CAAC;IACxC,YAAY,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;IACrC,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,wBAAgB,cAAc,CAAC,EAC7B,UAAU,EACV,SAAS,EACT,SAAS,EACT,IAAI,EACJ,UAAU,EACV,QAAQ,EACR,MAAM,EACN,QAAQ,EACR,YAAY,EACZ,QAAQ,GACT,EAAE,mBAAmB,2CAqKrB"}
+{"version":3,"file":"CollectionList.d.ts","sourceRoot":"","sources":["../../../../src/client/admin/components/CollectionList.tsx"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,sBAAsB,EACtB,cAAc,EAEf,MAAM,yBAAyB,CAAC;AAoCjC,UAAU,mBAAmB;IAC3B,UAAU,EAAE,sBAAsB,CAAC;IACnC,SAAS,EAAE,cAAc,EAAE,CAAC;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,IAAI,CAAC;IACrB,MAAM,EAAE,CAAC,GAAG,EAAE,cAAc,KAAK,IAAI,CAAC;IACtC,QAAQ,EAAE,CAAC,GAAG,EAAE,cAAc,KAAK,IAAI,CAAC;IACxC,YAAY,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;IACrC,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,YAAY,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,IAAI,CAAC;IACvC,aAAa,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,IAAI,CAAC;CACzC;AAED,wBAAgB,cAAc,CAAC,EAC7B,UAAU,EACV,SAAS,EACT,SAAS,EACT,IAAI,EACJ,UAAU,EACV,QAAQ,EACR,MAAM,EACN,QAAQ,EACR,YAAY,EACZ,QAAQ,EACR,YAAY,EACZ,aAAa,GACd,EAAE,mBAAmB,2CA6QrB"}