@roottale/cms-client 0.1.0 → 0.1.1

package/CHANGELOG.md

@@ -1,5 +1,28 @@
 # @roottale/cms-client
 
+## 0.1.1
+
+### Patch Changes
+
+- dist build 도입 — `.ts` 소스 직접 publish 폐기.
+
+  기존 (0.1.0/0.2.0): `exports` 가 `./src/server.ts` 가리킴 → 외부 Next.js
+  Turbopack/Webpack 이 npm 모듈에서 TS 자동 컴파일 안 해 build 실패 (customer
+  site 가 `transpilePackages` 명시해야 했음).
+
+  수정: `tsup` 으로 `dist/*.js` + `dist/*.d.ts` (ESM) 출력. `exports` 가 dist
+  가리킴. customer site 측 `transpilePackages` 불필요.
+  - `cms-client@0.1.1` — ESM `dist/server.js` + types
+  - `cms-core@0.2.1` — ESM `dist/index.js` + types
+  - `cms-renderer-next@0.2.1` — ESM `dist/{server,index}.js` + types + `dist/cms-public.css`
+    - `server.tsx` 의 `import "./styles/cms-public.css"` 제거 — customer 가
+      `@roottale/cms-renderer-next/styles` 로 명시 import (README 정합).
+  - `cms-renderer-astro@0.2.1` — ESM `dist/index.js` + types
+
+  후속 (customer site PR):
+  - roottale-web / kjmtax / theoneulsan 의 `next.config` 의 `transpilePackages`
+    에서 `@roottale/cms-*` 제거. `pnpm update @roottale/cms-client @roottale/cms-renderer-next` 로 patch 적용.
+
 ## 0.1.0
 
 ### Minor Changes

package/dist/server.d.ts

@@ -0,0 +1,88 @@
+/**
+ * `@roottale/cms-client/server` — RootTale CMS Public API server-side fetch client.
+ *
+ * 외부 고객사 사이트가 RootTale CMS 콘텐츠를 fetch 하기 위한 SSR-only client.
+ * Bearer (`rtlk_cust_*`) 인증, 브라우저 직접 호출 금지 (ADR-0023 §5.1 #15).
+ *
+ * 사용 예 (Next.js server component):
+ * ```ts
+ * import { fetchPosts } from "@roottale/cms-client/server";
+ *
+ * const posts = await fetchPosts({
+ *   apiKey: process.env.ROOTTALE_API_KEY!,
+ *   limit: 10,
+ * });
+ * ```
+ *
+ * 데이터 모델 = ADR-0034 `posts` (WP 7.0-aligned, type=post|page).
+ * Phase 1 scope: list + get. WP import/export, draft preview = 별도 PR.
+ */
+type CmsPostType = "post" | "page";
+interface CmsPostContent {
+    /** UUIDv7. */
+    id: string;
+    /** Owning tenant id. */
+    tenantId: string;
+    /** Owning site id (ADR-0034 P4 dual-key). */
+    siteId: string;
+    /** WP post type. */
+    type: CmsPostType;
+    /** Lowercase kebab-case slug (1-120 chars). */
+    slug: string;
+    title: string;
+    excerpt: string | null;
+    /** Media id (resolved by renderer / consumer to URL). */
+    featuredMediaId: string | null;
+    authorId: string | null;
+    /** Tiptap / Gutenberg-compatible Block JSON. Sanitization is renderer's responsibility. */
+    bodyJson: Record<string, unknown>;
+    /** Public API only exposes `published`. */
+    status: "published";
+    /** Per-post meta (SEO overrides, canonical, og, ...). */
+    metaJson: Record<string, unknown>;
+    /** ISO 8601. */
+    publishedAt: string;
+    /** ISO 8601. */
+    createdAt: string;
+    /** ISO 8601. */
+    updatedAt: string;
+}
+interface CmsPostContentPage {
+    items: CmsPostContent[];
+    nextCursor: string | null;
+    hasMore: boolean;
+}
+interface FetchPostsOptions {
+    /** `rtlk_cust_*` API key. Required. */
+    apiKey: string;
+    /** Override the API base URL. Defaults to `https://api.roottale.com`. */
+    baseUrl?: string;
+    /** Page size, 1-100, default 20. */
+    limit?: number;
+    /** Opaque pagination cursor returned from previous call. */
+    cursor?: string;
+    /** Filter by post type (`post` or `page`). Default = both. */
+    type?: CmsPostType;
+    /** Override the auto-resolved site id (Phase 1 = 1 site/tenant, usually omitted). */
+    siteId?: string;
+    /** Optional AbortSignal. */
+    signal?: AbortSignal;
+}
+interface FetchPostOptions {
+    apiKey: string;
+    baseUrl?: string;
+    /** Slug (kebab-case) or UUIDv7 id. */
+    slugOrId: string;
+    /** Override the auto-resolved site id. */
+    siteId?: string;
+    signal?: AbortSignal;
+}
+declare class CmsApiError extends Error {
+    readonly status: number;
+    readonly code: string;
+    constructor(message: string, status: number, code: string);
+}
+declare function fetchPosts(options: FetchPostsOptions): Promise<CmsPostContentPage>;
+declare function fetchPost(options: FetchPostOptions): Promise<CmsPostContent | null>;
+
+export { CmsApiError, type CmsPostContent, type CmsPostContentPage, type CmsPostType, type FetchPostOptions, type FetchPostsOptions, fetchPost, fetchPosts };

package/dist/server.js

@@ -0,0 +1,99 @@
+// src/server.ts
+var DEFAULT_BASE_URL = "https://api.roottale.com";
+var CmsApiError = class extends Error {
+  status;
+  code;
+  constructor(message, status, code) {
+    super(message);
+    this.name = "CmsApiError";
+    this.status = status;
+    this.code = code;
+  }
+};
+async function fetchPosts(options) {
+  assertServer();
+  const baseUrl = (options.baseUrl ?? DEFAULT_BASE_URL).replace(/\/+$/, "");
+  const params = new URLSearchParams();
+  if (options.limit !== void 0) params.set("limit", String(options.limit));
+  if (options.cursor) params.set("cursor", options.cursor);
+  if (options.type) params.set("type", options.type);
+  if (options.siteId) params.set("site_id", options.siteId);
+  const qs = params.toString();
+  const url = `${baseUrl}/v1/cms/public/posts${qs ? `?${qs}` : ""}`;
+  const response = await fetch(url, {
+    method: "GET",
+    headers: { authorization: `Bearer ${options.apiKey}` },
+    signal: options.signal
+  });
+  if (!response.ok) {
+    throw await toApiError(response);
+  }
+  const json = await response.json();
+  return {
+    items: json.items.map(fromWire),
+    hasMore: json.has_more,
+    nextCursor: json.next_cursor
+  };
+}
+async function fetchPost(options) {
+  assertServer();
+  const baseUrl = (options.baseUrl ?? DEFAULT_BASE_URL).replace(/\/+$/, "");
+  const params = new URLSearchParams();
+  if (options.siteId) params.set("site_id", options.siteId);
+  const qs = params.toString();
+  const url = `${baseUrl}/v1/cms/public/posts/${encodeURIComponent(options.slugOrId)}${qs ? `?${qs}` : ""}`;
+  const response = await fetch(url, {
+    method: "GET",
+    headers: { authorization: `Bearer ${options.apiKey}` },
+    signal: options.signal
+  });
+  if (response.status === 404) return null;
+  if (!response.ok) {
+    throw await toApiError(response);
+  }
+  const json = await response.json();
+  return fromWire(json);
+}
+function fromWire(wire) {
+  return {
+    id: wire.id,
+    tenantId: wire.tenant_id,
+    siteId: wire.site_id,
+    type: wire.type,
+    slug: wire.slug,
+    title: wire.title,
+    excerpt: wire.excerpt,
+    featuredMediaId: wire.featured_media_id,
+    authorId: wire.author_id,
+    bodyJson: wire.body_json,
+    status: wire.status,
+    metaJson: wire.meta_json,
+    publishedAt: wire.published_at,
+    createdAt: wire.created_at,
+    updatedAt: wire.updated_at
+  };
+}
+async function toApiError(response) {
+  let code = "request_failed";
+  let message = `RootTale CMS API error: ${response.status}`;
+  try {
+    const body = await response.json();
+    if (body.code) code = body.code;
+    if (body.message) message = body.message;
+  } catch {
+  }
+  return new CmsApiError(message, response.status, code);
+}
+function assertServer() {
+  if (typeof window !== "undefined") {
+    throw new Error(
+      "@roottale/cms-client/server must not run in the browser. Move this call to a Server Component, getServerSideProps, or a Route Handler. Shipping API keys to the browser breaks the security model (ADR-0023 \xA75.1 #15)."
+    );
+  }
+}
+export {
+  CmsApiError,
+  fetchPost,
+  fetchPosts
+};
+//# sourceMappingURL=server.js.map

package/dist/server.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/server.ts"],"sourcesContent":["/**\n * `@roottale/cms-client/server` — RootTale CMS Public API server-side fetch client.\n *\n * 외부 고객사 사이트가 RootTale CMS 콘텐츠를 fetch 하기 위한 SSR-only client.\n * Bearer (`rtlk_cust_*`) 인증, 브라우저 직접 호출 금지 (ADR-0023 §5.1 #15).\n *\n * 사용 예 (Next.js server component):\n * ```ts\n * import { fetchPosts } from \"@roottale/cms-client/server\";\n *\n * const posts = await fetchPosts({\n *   apiKey: process.env.ROOTTALE_API_KEY!,\n *   limit: 10,\n * });\n * ```\n *\n * 데이터 모델 = ADR-0034 `posts` (WP 7.0-aligned, type=post|page).\n * Phase 1 scope: list + get. WP import/export, draft preview = 별도 PR.\n */\n\nexport type CmsPostType = \"post\" | \"page\";\n\nexport interface CmsPostContent {\n  /** UUIDv7. */\n  id: string;\n  /** Owning tenant id. */\n  tenantId: string;\n  /** Owning site id (ADR-0034 P4 dual-key). */\n  siteId: string;\n  /** WP post type. */\n  type: CmsPostType;\n  /** Lowercase kebab-case slug (1-120 chars). */\n  slug: string;\n  title: string;\n  excerpt: string | null;\n  /** Media id (resolved by renderer / consumer to URL). */\n  featuredMediaId: string | null;\n  authorId: string | null;\n  /** Tiptap / Gutenberg-compatible Block JSON. Sanitization is renderer's responsibility. */\n  bodyJson: Record<string, unknown>;\n  /** Public API only exposes `published`. */\n  status: \"published\";\n  /** Per-post meta (SEO overrides, canonical, og, ...). */\n  metaJson: Record<string, unknown>;\n  /** ISO 8601. */\n  publishedAt: string;\n  /** ISO 8601. */\n  createdAt: string;\n  /** ISO 8601. */\n  updatedAt: string;\n}\n\nexport interface CmsPostContentPage {\n  items: CmsPostContent[];\n  nextCursor: string | null;\n  hasMore: boolean;\n}\n\nconst DEFAULT_BASE_URL = \"https://api.roottale.com\";\n\nexport interface FetchPostsOptions {\n  /** `rtlk_cust_*` API key. Required. */\n  apiKey: string;\n  /** Override the API base URL. Defaults to `https://api.roottale.com`. */\n  baseUrl?: string;\n  /** Page size, 1-100, default 20. */\n  limit?: number;\n  /** Opaque pagination cursor returned from previous call. */\n  cursor?: string;\n  /** Filter by post type (`post` or `page`). Default = both. */\n  type?: CmsPostType;\n  /** Override the auto-resolved site id (Phase 1 = 1 site/tenant, usually omitted). */\n  siteId?: string;\n  /** Optional AbortSignal. */\n  signal?: AbortSignal;\n}\n\nexport interface FetchPostOptions {\n  apiKey: string;\n  baseUrl?: string;\n  /** Slug (kebab-case) or UUIDv7 id. */\n  slugOrId: string;\n  /** Override the auto-resolved site id. */\n  siteId?: string;\n  signal?: AbortSignal;\n}\n\nexport class CmsApiError extends Error {\n  readonly status: number;\n  readonly code: string;\n  constructor(message: string, status: number, code: string) {\n    super(message);\n    this.name = \"CmsApiError\";\n    this.status = status;\n    this.code = code;\n  }\n}\n\nexport async function fetchPosts(options: FetchPostsOptions): Promise<CmsPostContentPage> {\n  assertServer();\n  const baseUrl = (options.baseUrl ?? DEFAULT_BASE_URL).replace(/\\/+$/, \"\");\n  const params = new URLSearchParams();\n  if (options.limit !== undefined) params.set(\"limit\", String(options.limit));\n  if (options.cursor) params.set(\"cursor\", options.cursor);\n  if (options.type) params.set(\"type\", options.type);\n  if (options.siteId) params.set(\"site_id\", options.siteId);\n  const qs = params.toString();\n  const url = `${baseUrl}/v1/cms/public/posts${qs ? `?${qs}` : \"\"}`;\n\n  const response = await fetch(url, {\n    method: \"GET\",\n    headers: { authorization: `Bearer ${options.apiKey}` },\n    signal: options.signal,\n  });\n\n  if (!response.ok) {\n    throw await toApiError(response);\n  }\n\n  const json = (await response.json()) as {\n    items: CmsPostWire[];\n    has_more: boolean;\n    next_cursor: string | null;\n  };\n  return {\n    items: json.items.map(fromWire),\n    hasMore: json.has_more,\n    nextCursor: json.next_cursor,\n  };\n}\n\nexport async function fetchPost(options: FetchPostOptions): Promise<CmsPostContent | null> {\n  assertServer();\n  const baseUrl = (options.baseUrl ?? DEFAULT_BASE_URL).replace(/\\/+$/, \"\");\n  const params = new URLSearchParams();\n  if (options.siteId) params.set(\"site_id\", options.siteId);\n  const qs = params.toString();\n  const url = `${baseUrl}/v1/cms/public/posts/${encodeURIComponent(options.slugOrId)}${qs ? `?${qs}` : \"\"}`;\n\n  const response = await fetch(url, {\n    method: \"GET\",\n    headers: { authorization: `Bearer ${options.apiKey}` },\n    signal: options.signal,\n  });\n\n  if (response.status === 404) return null;\n  if (!response.ok) {\n    throw await toApiError(response);\n  }\n\n  const json = (await response.json()) as CmsPostWire;\n  return fromWire(json);\n}\n\ntype CmsPostWire = {\n  id: string;\n  tenant_id: string;\n  site_id: string;\n  type: CmsPostType;\n  slug: string;\n  title: string;\n  excerpt: string | null;\n  featured_media_id: string | null;\n  author_id: string | null;\n  body_json: Record<string, unknown>;\n  status: \"published\";\n  meta_json: Record<string, unknown>;\n  published_at: string;\n  created_at: string;\n  updated_at: string;\n};\n\nfunction fromWire(wire: CmsPostWire): CmsPostContent {\n  return {\n    id: wire.id,\n    tenantId: wire.tenant_id,\n    siteId: wire.site_id,\n    type: wire.type,\n    slug: wire.slug,\n    title: wire.title,\n    excerpt: wire.excerpt,\n    featuredMediaId: wire.featured_media_id,\n    authorId: wire.author_id,\n    bodyJson: wire.body_json,\n    status: wire.status,\n    metaJson: wire.meta_json,\n    publishedAt: wire.published_at,\n    createdAt: wire.created_at,\n    updatedAt: wire.updated_at,\n  };\n}\n\nasync function toApiError(response: Response): Promise<CmsApiError> {\n  let code = \"request_failed\";\n  let message = `RootTale CMS API error: ${response.status}`;\n  try {\n    const body = (await response.json()) as { code?: string; message?: string };\n    if (body.code) code = body.code;\n    if (body.message) message = body.message;\n  } catch {\n    /* ignore body parse */\n  }\n  return new CmsApiError(message, response.status, code);\n}\n\nfunction assertServer(): void {\n  if (typeof window !== \"undefined\") {\n    throw new Error(\n      \"@roottale/cms-client/server must not run in the browser. \" +\n        \"Move this call to a Server Component, getServerSideProps, or a Route Handler. \" +\n        \"Shipping API keys to the browser breaks the security model (ADR-0023 §5.1 #15).\",\n    );\n  }\n}\n"],"mappings":";AA0DA,IAAM,mBAAmB;AA6BlB,IAAM,cAAN,cAA0B,MAAM;AAAA,EAC5B;AAAA,EACA;AAAA,EACT,YAAY,SAAiB,QAAgB,MAAc;AACzD,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,OAAO;AAAA,EACd;AACF;AAEA,eAAsB,WAAW,SAAyD;AACxF,eAAa;AACb,QAAM,WAAW,QAAQ,WAAW,kBAAkB,QAAQ,QAAQ,EAAE;AACxE,QAAM,SAAS,IAAI,gBAAgB;AACnC,MAAI,QAAQ,UAAU,OAAW,QAAO,IAAI,SAAS,OAAO,QAAQ,KAAK,CAAC;AAC1E,MAAI,QAAQ,OAAQ,QAAO,IAAI,UAAU,QAAQ,MAAM;AACvD,MAAI,QAAQ,KAAM,QAAO,IAAI,QAAQ,QAAQ,IAAI;AACjD,MAAI,QAAQ,OAAQ,QAAO,IAAI,WAAW,QAAQ,MAAM;AACxD,QAAM,KAAK,OAAO,SAAS;AAC3B,QAAM,MAAM,GAAG,OAAO,uBAAuB,KAAK,IAAI,EAAE,KAAK,EAAE;AAE/D,QAAM,WAAW,MAAM,MAAM,KAAK;AAAA,IAChC,QAAQ;AAAA,IACR,SAAS,EAAE,eAAe,UAAU,QAAQ,MAAM,GAAG;AAAA,IACrD,QAAQ,QAAQ;AAAA,EAClB,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,MAAM,WAAW,QAAQ;AAAA,EACjC;AAEA,QAAM,OAAQ,MAAM,SAAS,KAAK;AAKlC,SAAO;AAAA,IACL,OAAO,KAAK,MAAM,IAAI,QAAQ;AAAA,IAC9B,SAAS,KAAK;AAAA,IACd,YAAY,KAAK;AAAA,EACnB;AACF;AAEA,eAAsB,UAAU,SAA2D;AACzF,eAAa;AACb,QAAM,WAAW,QAAQ,WAAW,kBAAkB,QAAQ,QAAQ,EAAE;AACxE,QAAM,SAAS,IAAI,gBAAgB;AACnC,MAAI,QAAQ,OAAQ,QAAO,IAAI,WAAW,QAAQ,MAAM;AACxD,QAAM,KAAK,OAAO,SAAS;AAC3B,QAAM,MAAM,GAAG,OAAO,wBAAwB,mBAAmB,QAAQ,QAAQ,CAAC,GAAG,KAAK,IAAI,EAAE,KAAK,EAAE;AAEvG,QAAM,WAAW,MAAM,MAAM,KAAK;AAAA,IAChC,QAAQ;AAAA,IACR,SAAS,EAAE,eAAe,UAAU,QAAQ,MAAM,GAAG;AAAA,IACrD,QAAQ,QAAQ;AAAA,EAClB,CAAC;AAED,MAAI,SAAS,WAAW,IAAK,QAAO;AACpC,MAAI,CAAC,SAAS,IAAI;AAChB,UAAM,MAAM,WAAW,QAAQ;AAAA,EACjC;AAEA,QAAM,OAAQ,MAAM,SAAS,KAAK;AAClC,SAAO,SAAS,IAAI;AACtB;AAoBA,SAAS,SAAS,MAAmC;AACnD,SAAO;AAAA,IACL,IAAI,KAAK;AAAA,IACT,UAAU,KAAK;AAAA,IACf,QAAQ,KAAK;AAAA,IACb,MAAM,KAAK;AAAA,IACX,MAAM,KAAK;AAAA,IACX,OAAO,KAAK;AAAA,IACZ,SAAS,KAAK;AAAA,IACd,iBAAiB,KAAK;AAAA,IACtB,UAAU,KAAK;AAAA,IACf,UAAU,KAAK;AAAA,IACf,QAAQ,KAAK;AAAA,IACb,UAAU,KAAK;AAAA,IACf,aAAa,KAAK;AAAA,IAClB,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,EAClB;AACF;AAEA,eAAe,WAAW,UAA0C;AAClE,MAAI,OAAO;AACX,MAAI,UAAU,2BAA2B,SAAS,MAAM;AACxD,MAAI;AACF,UAAM,OAAQ,MAAM,SAAS,KAAK;AAClC,QAAI,KAAK,KAAM,QAAO,KAAK;AAC3B,QAAI,KAAK,QAAS,WAAU,KAAK;AAAA,EACnC,QAAQ;AAAA,EAER;AACA,SAAO,IAAI,YAAY,SAAS,SAAS,QAAQ,IAAI;AACvD;AAEA,SAAS,eAAqB;AAC5B,MAAI,OAAO,WAAW,aAAa;AACjC,UAAM,IAAI;AAAA,MACR;AAAA,IAGF;AAAA,EACF;AACF;","names":[]}

package/package.json

@@ -1,15 +1,20 @@
 {
   "name": "@roottale/cms-client",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "type": "module",
   "description": "RootTale CMS Public API server-side fetch client (Bearer rtlk_cust_* auth). SSR-only — refuses to run in the browser to prevent key leak (ADR-0023 §5.1 #15). Pairs with @roottale/cms-renderer-next / @roottale/cms-renderer-astro.",
-  "main": "./src/server.ts",
+  "main": "./dist/server.js",
+  "types": "./dist/server.d.ts",
   "exports": {
-    "./server": "./src/server.ts",
+    "./server": {
+      "types": "./dist/server.d.ts",
+      "import": "./dist/server.js",
+      "default": "./dist/server.js"
+    },
     "./package.json": "./package.json"
   },
   "files": [
-    "src/",
+    "dist/",
     "README.md",
     "CHANGELOG.md"
   ],
@@ -37,7 +42,7 @@
     "directory": "packages/cms-client"
   },
   "scripts": {
-    "build": "tsc --noEmit",
+    "build": "tsup",
     "type-check": "tsc --noEmit",
     "test": "vitest run --passWithNoTests"
   }

package/src/server.ts

@@ -1,214 +0,0 @@
-/**
- * `@roottale/cms-client/server` — RootTale CMS Public API server-side fetch client.
- *
- * 외부 고객사 사이트가 RootTale CMS 콘텐츠를 fetch 하기 위한 SSR-only client.
- * Bearer (`rtlk_cust_*`) 인증, 브라우저 직접 호출 금지 (ADR-0023 §5.1 #15).
- *
- * 사용 예 (Next.js server component):
- * ```ts
- * import { fetchPosts } from "@roottale/cms-client/server";
- *
- * const posts = await fetchPosts({
- *   apiKey: process.env.ROOTTALE_API_KEY!,
- *   limit: 10,
- * });
- * ```
- *
- * 데이터 모델 = ADR-0034 `posts` (WP 7.0-aligned, type=post|page).
- * Phase 1 scope: list + get. WP import/export, draft preview = 별도 PR.
- */
-
-export type CmsPostType = "post" | "page";
-
-export interface CmsPostContent {
-  /** UUIDv7. */
-  id: string;
-  /** Owning tenant id. */
-  tenantId: string;
-  /** Owning site id (ADR-0034 P4 dual-key). */
-  siteId: string;
-  /** WP post type. */
-  type: CmsPostType;
-  /** Lowercase kebab-case slug (1-120 chars). */
-  slug: string;
-  title: string;
-  excerpt: string | null;
-  /** Media id (resolved by renderer / consumer to URL). */
-  featuredMediaId: string | null;
-  authorId: string | null;
-  /** Tiptap / Gutenberg-compatible Block JSON. Sanitization is renderer's responsibility. */
-  bodyJson: Record<string, unknown>;
-  /** Public API only exposes `published`. */
-  status: "published";
-  /** Per-post meta (SEO overrides, canonical, og, ...). */
-  metaJson: Record<string, unknown>;
-  /** ISO 8601. */
-  publishedAt: string;
-  /** ISO 8601. */
-  createdAt: string;
-  /** ISO 8601. */
-  updatedAt: string;
-}
-
-export interface CmsPostContentPage {
-  items: CmsPostContent[];
-  nextCursor: string | null;
-  hasMore: boolean;
-}
-
-const DEFAULT_BASE_URL = "https://api.roottale.com";
-
-export interface FetchPostsOptions {
-  /** `rtlk_cust_*` API key. Required. */
-  apiKey: string;
-  /** Override the API base URL. Defaults to `https://api.roottale.com`. */
-  baseUrl?: string;
-  /** Page size, 1-100, default 20. */
-  limit?: number;
-  /** Opaque pagination cursor returned from previous call. */
-  cursor?: string;
-  /** Filter by post type (`post` or `page`). Default = both. */
-  type?: CmsPostType;
-  /** Override the auto-resolved site id (Phase 1 = 1 site/tenant, usually omitted). */
-  siteId?: string;
-  /** Optional AbortSignal. */
-  signal?: AbortSignal;
-}
-
-export interface FetchPostOptions {
-  apiKey: string;
-  baseUrl?: string;
-  /** Slug (kebab-case) or UUIDv7 id. */
-  slugOrId: string;
-  /** Override the auto-resolved site id. */
-  siteId?: string;
-  signal?: AbortSignal;
-}
-
-export class CmsApiError extends Error {
-  readonly status: number;
-  readonly code: string;
-  constructor(message: string, status: number, code: string) {
-    super(message);
-    this.name = "CmsApiError";
-    this.status = status;
-    this.code = code;
-  }
-}
-
-export async function fetchPosts(options: FetchPostsOptions): Promise<CmsPostContentPage> {
-  assertServer();
-  const baseUrl = (options.baseUrl ?? DEFAULT_BASE_URL).replace(/\/+$/, "");
-  const params = new URLSearchParams();
-  if (options.limit !== undefined) params.set("limit", String(options.limit));
-  if (options.cursor) params.set("cursor", options.cursor);
-  if (options.type) params.set("type", options.type);
-  if (options.siteId) params.set("site_id", options.siteId);
-  const qs = params.toString();
-  const url = `${baseUrl}/v1/cms/public/posts${qs ? `?${qs}` : ""}`;
-
-  const response = await fetch(url, {
-    method: "GET",
-    headers: { authorization: `Bearer ${options.apiKey}` },
-    signal: options.signal,
-  });
-
-  if (!response.ok) {
-    throw await toApiError(response);
-  }
-
-  const json = (await response.json()) as {
-    items: CmsPostWire[];
-    has_more: boolean;
-    next_cursor: string | null;
-  };
-  return {
-    items: json.items.map(fromWire),
-    hasMore: json.has_more,
-    nextCursor: json.next_cursor,
-  };
-}
-
-export async function fetchPost(options: FetchPostOptions): Promise<CmsPostContent | null> {
-  assertServer();
-  const baseUrl = (options.baseUrl ?? DEFAULT_BASE_URL).replace(/\/+$/, "");
-  const params = new URLSearchParams();
-  if (options.siteId) params.set("site_id", options.siteId);
-  const qs = params.toString();
-  const url = `${baseUrl}/v1/cms/public/posts/${encodeURIComponent(options.slugOrId)}${qs ? `?${qs}` : ""}`;
-
-  const response = await fetch(url, {
-    method: "GET",
-    headers: { authorization: `Bearer ${options.apiKey}` },
-    signal: options.signal,
-  });
-
-  if (response.status === 404) return null;
-  if (!response.ok) {
-    throw await toApiError(response);
-  }
-
-  const json = (await response.json()) as CmsPostWire;
-  return fromWire(json);
-}
-
-type CmsPostWire = {
-  id: string;
-  tenant_id: string;
-  site_id: string;
-  type: CmsPostType;
-  slug: string;
-  title: string;
-  excerpt: string | null;
-  featured_media_id: string | null;
-  author_id: string | null;
-  body_json: Record<string, unknown>;
-  status: "published";
-  meta_json: Record<string, unknown>;
-  published_at: string;
-  created_at: string;
-  updated_at: string;
-};
-
-function fromWire(wire: CmsPostWire): CmsPostContent {
-  return {
-    id: wire.id,
-    tenantId: wire.tenant_id,
-    siteId: wire.site_id,
-    type: wire.type,
-    slug: wire.slug,
-    title: wire.title,
-    excerpt: wire.excerpt,
-    featuredMediaId: wire.featured_media_id,
-    authorId: wire.author_id,
-    bodyJson: wire.body_json,
-    status: wire.status,
-    metaJson: wire.meta_json,
-    publishedAt: wire.published_at,
-    createdAt: wire.created_at,
-    updatedAt: wire.updated_at,
-  };
-}
-
-async function toApiError(response: Response): Promise<CmsApiError> {
-  let code = "request_failed";
-  let message = `RootTale CMS API error: ${response.status}`;
-  try {
-    const body = (await response.json()) as { code?: string; message?: string };
-    if (body.code) code = body.code;
-    if (body.message) message = body.message;
-  } catch {
-    /* ignore body parse */
-  }
-  return new CmsApiError(message, response.status, code);
-}
-
-function assertServer(): void {
-  if (typeof window !== "undefined") {
-    throw new Error(
-      "@roottale/cms-client/server must not run in the browser. " +
-        "Move this call to a Server Component, getServerSideProps, or a Route Handler. " +
-        "Shipping API keys to the browser breaks the security model (ADR-0023 §5.1 #15).",
-    );
-  }
-}