@setzkasten-cms/astro-admin 1.4.2 → 1.5.0

package/dist/api-routes/init-apply.js

@@ -1,15 +1,27 @@
 import {
   patchTemplateForFields
-} from "../chunk-RHJONMLK.js";
+} from "../chunk-CDXCYYQR.js";
+import {
+  requireAdmin
+} from "../chunk-Q5HV47DW.js";
+import "../chunk-QVCW6EF3.js";
+import "../chunk-KENFINT4.js";
+import "../chunk-6UIKVKED.js";
+import "../chunk-ONP6BRZO.js";
+import "../chunk-5PIMDP4N.js";
+import "../chunk-45ARVNT3.js";
 import {
   resolveGitHubTokenForRequest
-} from "../chunk-NKDATSPA.js";
+} from "../chunk-DP6RTINQ.js";
+import "../chunk-TJNJKPUL.js";
 import {
   withTrailers
 } from "../chunk-KH22FJO5.js";
 
 // src/api-routes/init-apply.ts
-import { generateConfigFile } from "@setzkasten-cms/core/init";
+import {
+  generateConfigFile
+} from "@setzkasten-cms/core/init";
 
 // src/init/astro-config-patcher.ts
 function patchAstroConfig(source) {
@@ -59,10 +71,8 @@ function addToIntegrations(source) {
 
 // src/api-routes/init-apply.ts
 var POST = async ({ request, cookies }) => {
-  const session = cookies.get("setzkasten_session")?.value;
-  if (!session) {
-    return new Response("Unauthorized", { status: 401 });
-  }
+  const denied = requireAdmin(cookies.get("setzkasten_session")?.value);
+  if (denied) return denied;
   const tokenResult = await resolveGitHubTokenForRequest(request);
   if (!tokenResult.ok) {
     return new Response(tokenResult.error.message, { status: 500 });
@@ -82,7 +92,13 @@ var POST = async ({ request, cookies }) => {
     const configPath = projectRoot ? `${projectRoot}/setzkasten.config.ts` : "setzkasten.config.ts";
     filesToCommit.push({ path: configPath, content: configContent });
     if (astroConfigPath) {
-      const astroConfigSource = await fetchFileContent(owner, repo, branch, astroConfigPath, githubToken);
+      const astroConfigSource = await fetchFileContent(
+        owner,
+        repo,
+        branch,
+        astroConfigPath,
+        githubToken
+      );
       if (astroConfigSource) {
         const patched = patchAstroConfig(astroConfigSource);
         if (patched) {
@@ -103,7 +119,13 @@ var POST = async ({ request, cookies }) => {
     }
     for (const section of sections) {
       if (!section.componentPath) continue;
-      const componentSource = await fetchFileContent(owner, repo, branch, section.componentPath, githubToken);
+      const componentSource = await fetchFileContent(
+        owner,
+        repo,
+        branch,
+        section.componentPath,
+        githubToken
+      );
       if (!componentSource) continue;
       const patched = await patchTemplateForFields(componentSource, section.key, section.fields);
       if (patched !== componentSource) {
@@ -134,10 +156,7 @@ var POST = async ({ request, cookies }) => {
       githubToken
     );
     if (!commitResult.ok) {
-      return Response.json(
-        { error: commitResult.error },
-        { status: 500 }
-      );
+      return Response.json({ error: commitResult.error }, { status: 500 });
     }
     return Response.json({
       success: true,
@@ -215,37 +234,32 @@ async function batchCommit(owner, repo, branch, files, message, token) {
     if (!commitRes.ok) return { ok: false, error: `Failed to get commit: ${commitRes.status}` };
     const commitData = await commitRes.json();
     const baseTreeSha = commitData.tree.sha;
-    const treeRes = await fetch(
-      `https://api.github.com/repos/${owner}/${repo}/git/trees`,
-      {
-        method: "POST",
-        headers,
-        body: JSON.stringify({
-          base_tree: baseTreeSha,
-          tree: files.map((f) => ({
-            path: f.path,
-            mode: "100644",
-            type: "blob",
-            content: f.content
-          }))
-        })
-      }
-    );
+    const treeRes = await fetch(`https://api.github.com/repos/${owner}/${repo}/git/trees`, {
+      method: "POST",
+      headers,
+      body: JSON.stringify({
+        base_tree: baseTreeSha,
+        tree: files.map((f) => ({
+          path: f.path,
+          mode: "100644",
+          type: "blob",
+          content: f.content
+        }))
+      })
+    });
     if (!treeRes.ok) return { ok: false, error: `Failed to create tree: ${treeRes.status}` };
     const treeData = await treeRes.json();
-    const newCommitRes = await fetch(
-      `https://api.github.com/repos/${owner}/${repo}/git/commits`,
-      {
-        method: "POST",
-        headers,
-        body: JSON.stringify({
-          tree: treeData.sha,
-          parents: [headSha],
-          message
-        })
-      }
-    );
-    if (!newCommitRes.ok) return { ok: false, error: `Failed to create commit: ${newCommitRes.status}` };
+    const newCommitRes = await fetch(`https://api.github.com/repos/${owner}/${repo}/git/commits`, {
+      method: "POST",
+      headers,
+      body: JSON.stringify({
+        tree: treeData.sha,
+        parents: [headSha],
+        message
+      })
+    });
+    if (!newCommitRes.ok)
+      return { ok: false, error: `Failed to create commit: ${newCommitRes.status}` };
     const newCommitData = await newCommitRes.json();
     const updateRes = await fetch(
       `https://api.github.com/repos/${owner}/${repo}/git/refs/heads/${branch}`,

package/dist/api-routes/init-migrate.js

@@ -1,23 +1,30 @@
 import {
   patchTemplateForFields
-} from "../chunk-RHJONMLK.js";
+} from "../chunk-CDXCYYQR.js";
+import {
+  requireAdmin
+} from "../chunk-Q5HV47DW.js";
+import "../chunk-QVCW6EF3.js";
+import "../chunk-KENFINT4.js";
 import {
   prefixPath,
   resolveStorageConfigForRequest
 } from "../chunk-6UIKVKED.js";
+import "../chunk-ONP6BRZO.js";
+import "../chunk-5PIMDP4N.js";
+import "../chunk-45ARVNT3.js";
 import {
   resolveGitHubTokenForRequest
-} from "../chunk-NKDATSPA.js";
+} from "../chunk-DP6RTINQ.js";
+import "../chunk-TJNJKPUL.js";
 import {
   withTrailers
 } from "../chunk-KH22FJO5.js";
 
 // src/api-routes/init-migrate.ts
 var POST = async ({ request, cookies }) => {
-  const session = cookies.get("setzkasten_session")?.value;
-  if (!session) {
-    return new Response("Unauthorized", { status: 401 });
-  }
+  const denied = requireAdmin(cookies.get("setzkasten_session")?.value);
+  if (denied) return denied;
   const tokenResult = await resolveGitHubTokenForRequest(request);
   if (!tokenResult.ok) {
     return new Response(tokenResult.error.message, { status: 500 });
@@ -27,7 +34,12 @@ var POST = async ({ request, cookies }) => {
     const body = await request.json();
     const storage = await resolveStorageConfigForRequest(request, body);
     if (!storage) {
-      return Response.json({ error: "Could not resolve owner/repo. Set SETZKASTEN_OWNER and SETZKASTEN_REPO env vars." }, { status: 400 });
+      return Response.json(
+        {
+          error: "Could not resolve owner/repo. Set SETZKASTEN_OWNER and SETZKASTEN_REPO env vars."
+        },
+        { status: 400 }
+      );
     }
     const { owner, repo, branch, projectPrefix } = storage;
     const { sectionKey } = body;
@@ -154,37 +166,32 @@ async function batchCommit(owner, repo, branch, files, message, headers) {
     );
     if (!commitRes.ok) return { ok: false, error: `Failed to get commit: ${commitRes.status}` };
     const commitData = await commitRes.json();
-    const treeRes = await fetch(
-      `https://api.github.com/repos/${owner}/${repo}/git/trees`,
-      {
-        method: "POST",
-        headers,
-        body: JSON.stringify({
-          base_tree: commitData.tree.sha,
-          tree: files.map((f) => ({
-            path: f.path,
-            mode: "100644",
-            type: "blob",
-            content: f.content
-          }))
-        })
-      }
-    );
+    const treeRes = await fetch(`https://api.github.com/repos/${owner}/${repo}/git/trees`, {
+      method: "POST",
+      headers,
+      body: JSON.stringify({
+        base_tree: commitData.tree.sha,
+        tree: files.map((f) => ({
+          path: f.path,
+          mode: "100644",
+          type: "blob",
+          content: f.content
+        }))
+      })
+    });
     if (!treeRes.ok) return { ok: false, error: `Failed to create tree: ${treeRes.status}` };
     const treeData = await treeRes.json();
-    const newCommitRes = await fetch(
-      `https://api.github.com/repos/${owner}/${repo}/git/commits`,
-      {
-        method: "POST",
-        headers,
-        body: JSON.stringify({
-          tree: treeData.sha,
-          parents: [headSha],
-          message
-        })
-      }
-    );
-    if (!newCommitRes.ok) return { ok: false, error: `Failed to create commit: ${newCommitRes.status}` };
+    const newCommitRes = await fetch(`https://api.github.com/repos/${owner}/${repo}/git/commits`, {
+      method: "POST",
+      headers,
+      body: JSON.stringify({
+        tree: treeData.sha,
+        parents: [headSha],
+        message
+      })
+    });
+    if (!newCommitRes.ok)
+      return { ok: false, error: `Failed to create commit: ${newCommitRes.status}` };
     const newCommitData = await newCommitRes.json();
     const updateRes = await fetch(
       `https://api.github.com/repos/${owner}/${repo}/git/refs/heads/${branch}`,

package/dist/api-routes/init-scan-page.d.ts

@@ -1,5 +1,5 @@
-import { APIRoute } from 'astro';
 import { SetzKastenConfig } from '@setzkasten-cms/core';
+import { APIRoute } from 'astro';
 
 /**
  * Resolves the full Setzkasten config.

package/dist/api-routes/init-scan-page.js

@@ -2,14 +2,24 @@ import {
   analyzeAstroSection,
   extractLayoutImport,
   extractSectionImports
-} from "../chunk-K22A4ZBS.js";
+} from "../chunk-UHI6323G.js";
+import {
+  requireAdmin
+} from "../chunk-Q5HV47DW.js";
+import "../chunk-QVCW6EF3.js";
+import "../chunk-KENFINT4.js";
 import {
   prefixPath,
   resolveStorageConfigForRequest
 } from "../chunk-6UIKVKED.js";
+import "../chunk-ONP6BRZO.js";
+import "../chunk-5PIMDP4N.js";
+import "../chunk-45ARVNT3.js";
 import {
   resolveGitHubTokenForRequest
-} from "../chunk-NKDATSPA.js";
+} from "../chunk-DP6RTINQ.js";
+import "../chunk-TJNJKPUL.js";
+import "../chunk-KH22FJO5.js";
 
 // src/api-routes/init-scan-page.ts
 function resolveFullConfig() {
@@ -17,10 +27,8 @@ function resolveFullConfig() {
   return buildConfig ?? globalThis.__SETZKASTEN_FULL_CONFIG__;
 }
 var POST = async ({ request, cookies }) => {
-  const session = cookies.get("setzkasten_session")?.value;
-  if (!session) {
-    return new Response("Unauthorized", { status: 401 });
-  }
+  const denied = requireAdmin(cookies.get("setzkasten_session")?.value);
+  if (denied) return denied;
   const tokenResult = await resolveGitHubTokenForRequest(request);
   if (!tokenResult.ok) {
     return new Response(tokenResult.error.message, { status: 500 });
@@ -30,7 +38,12 @@ var POST = async ({ request, cookies }) => {
     const body = await request.json();
     const storage = await resolveStorageConfigForRequest(request, body);
     if (!storage) {
-      return Response.json({ error: "Could not resolve owner/repo. Set SETZKASTEN_OWNER and SETZKASTEN_REPO env vars." }, { status: 400 });
+      return Response.json(
+        {
+          error: "Could not resolve owner/repo. Set SETZKASTEN_OWNER and SETZKASTEN_REPO env vars."
+        },
+        { status: 400 }
+      );
     }
     const { owner, repo, branch, projectPrefix } = storage;
     const { pagePath } = body;
@@ -69,7 +82,10 @@ var POST = async ({ request, cookies }) => {
       pageSource = await fetchFileContent(owner, repo, branch, fullPagePath, githubToken);
     }
     if (!pageSource) {
-      return Response.json({ error: `Could not read page source: ${fullPagePath}` }, { status: 404 });
+      return Response.json(
+        { error: `Could not read page source: ${fullPagePath}` },
+        { status: 404 }
+      );
     }
     const imports = extractSectionImports(pageSource, fullPagePath, files, projectPrefix);
     const serverConfig = globalThis.__SETZKASTEN_CONFIG__;
@@ -79,7 +95,13 @@ var POST = async ({ request, cookies }) => {
     for (const imp of imports) {
       if (!imp.resolvedPath) continue;
       if (!managedSections.has(imp.sectionKey)) {
-        const sectionSource = await fetchFileContent(owner, repo, branch, imp.resolvedPath, githubToken);
+        const sectionSource = await fetchFileContent(
+          owner,
+          repo,
+          branch,
+          imp.resolvedPath,
+          githubToken
+        );
         if (!sectionSource) continue;
         const section = await analyzeAstroSection(
           sectionSource,
@@ -90,7 +112,13 @@ var POST = async ({ request, cookies }) => {
         unmanagedSections.push(section);
       } else {
         const existingFieldKeys = managedSections.get(imp.sectionKey);
-        const sectionSource = await fetchFileContent(owner, repo, branch, imp.resolvedPath, githubToken);
+        const sectionSource = await fetchFileContent(
+          owner,
+          repo,
+          branch,
+          imp.resolvedPath,
+          githubToken
+        );
         if (!sectionSource) continue;
         const inferred = await analyzeAstroSection(
           sectionSource,
@@ -99,7 +127,13 @@ var POST = async ({ request, cookies }) => {
           imp.resolvedPath
         );
         const sectionJsonPath = `${contentPath}/_sections/${imp.sectionKey}.json`;
-        const sectionJson = await fetchFileContent(owner, repo, branch, sectionJsonPath, githubToken);
+        const sectionJson = await fetchFileContent(
+          owner,
+          repo,
+          branch,
+          sectionJsonPath,
+          githubToken
+        );
         const existingValues = /* @__PURE__ */ new Set();
         if (sectionJson) {
           try {
@@ -144,7 +178,13 @@ var POST = async ({ request, cookies }) => {
       } else {
         const existingFieldKeys = managedSections.get(sectionKey);
         const sectionJsonPath = `${contentPath}/_sections/${sectionKey}.json`;
-        const sectionJson = await fetchFileContent(owner, repo, branch, sectionJsonPath, githubToken);
+        const sectionJson = await fetchFileContent(
+          owner,
+          repo,
+          branch,
+          sectionJsonPath,
+          githubToken
+        );
         const existingValues = /* @__PURE__ */ new Set();
         if (sectionJson) {
           try {
@@ -174,7 +214,13 @@ var POST = async ({ request, cookies }) => {
     {
       const layoutImport = extractLayoutImport(pageSource, fullPagePath, files, projectPrefix);
       if (layoutImport?.resolvedPath) {
-        const layoutSource = await fetchFileContent(owner, repo, branch, layoutImport.resolvedPath, githubToken);
+        const layoutSource = await fetchFileContent(
+          owner,
+          repo,
+          branch,
+          layoutImport.resolvedPath,
+          githubToken
+        );
         if (layoutSource) {
           for (const region of extractLayoutRegions(layoutSource)) {
             const sectionKey = `_layout_${region.name}`;

package/dist/api-routes/init-scan.js

@@ -2,18 +2,27 @@ import {
   analyzeAstroSection,
   extractSectionImports,
   findAstroPages
-} from "../chunk-K22A4ZBS.js";
+} from "../chunk-UHI6323G.js";
+import {
+  requireAdmin
+} from "../chunk-Q5HV47DW.js";
+import "../chunk-QVCW6EF3.js";
+import "../chunk-KENFINT4.js";
+import "../chunk-6UIKVKED.js";
+import "../chunk-ONP6BRZO.js";
+import "../chunk-5PIMDP4N.js";
+import "../chunk-45ARVNT3.js";
 import {
   resolveGitHubTokenForRequest
-} from "../chunk-NKDATSPA.js";
+} from "../chunk-DP6RTINQ.js";
+import "../chunk-TJNJKPUL.js";
+import "../chunk-KH22FJO5.js";
 
 // src/api-routes/init-scan.ts
 import { analyzeProject } from "@setzkasten-cms/core/init";
 var POST = async ({ request, cookies }) => {
-  const session = cookies.get("setzkasten_session")?.value;
-  if (!session) {
-    return new Response("Unauthorized", { status: 401 });
-  }
+  const denied = requireAdmin(cookies.get("setzkasten_session")?.value);
+  if (denied) return denied;
   const tokenResult = await resolveGitHubTokenForRequest(request);
   if (!tokenResult.ok) {
     return new Response(tokenResult.error.message, { status: 500 });
@@ -62,7 +71,13 @@ var POST = async ({ request, cookies }) => {
       for (const imp of imports) {
         if (allSections.has(imp.sectionKey)) continue;
         if (!imp.resolvedPath) continue;
-        const sectionSource = await fetchFileContent(owner, repo, branch, imp.resolvedPath, githubToken);
+        const sectionSource = await fetchFileContent(
+          owner,
+          repo,
+          branch,
+          imp.resolvedPath,
+          githubToken
+        );
         if (!sectionSource) continue;
         const section = await analyzeAstroSection(
           sectionSource,

package/dist/api-routes/migrate-to-multi.js

@@ -1,14 +1,17 @@
 import {
   parseSession
-} from "../chunk-INIWFKQ3.js";
+} from "../chunk-Q5HV47DW.js";
+import "../chunk-QVCW6EF3.js";
+import "../chunk-KENFINT4.js";
 import {
   resolveStorageConfig
 } from "../chunk-6UIKVKED.js";
+import "../chunk-ONP6BRZO.js";
 import "../chunk-5PIMDP4N.js";
 import "../chunk-45ARVNT3.js";
 import {
   resolveConfigRepoToken
-} from "../chunk-NKDATSPA.js";
+} from "../chunk-DP6RTINQ.js";
 import {
   resolveLicenseTier
 } from "../chunk-TJNJKPUL.js";

package/dist/api-routes/pages.js

@@ -1,15 +1,23 @@
 import {
-  readPagesMeta
-} from "../chunk-FXNOTESI.js";
+  parseSession
+} from "../chunk-Q5HV47DW.js";
+import "../chunk-QVCW6EF3.js";
+import "../chunk-KENFINT4.js";
 import {
   resolveStorageConfigForRequest
 } from "../chunk-6UIKVKED.js";
+import "../chunk-ONP6BRZO.js";
+import "../chunk-5PIMDP4N.js";
 import {
   cachedFetch
 } from "../chunk-45ARVNT3.js";
 import {
   resolveGitHubTokenForRequest
-} from "../chunk-NKDATSPA.js";
+} from "../chunk-DP6RTINQ.js";
+import "../chunk-TJNJKPUL.js";
+import {
+  readPagesMeta
+} from "../chunk-FXNOTESI.js";
 import "../chunk-KH22FJO5.js";
 
 // src/api-routes/pages.ts
@@ -17,7 +25,10 @@ function resolvePages() {
   const buildPages = typeof __SETZKASTEN_PAGES__ !== "undefined" ? __SETZKASTEN_PAGES__ : null;
   return buildPages ?? globalThis.__SETZKASTEN_PAGES__ ?? [];
 }
-var GET = async ({ request }) => {
+var GET = async ({ request, cookies }) => {
+  if (!parseSession(cookies.get("setzkasten_session")?.value)) {
+    return new Response("Unauthorized", { status: 401 });
+  }
   const isMulti = request.headers.get("x-sk-website") !== null;
   const pages = isMulti ? await fetchPagesFromGitHub(request).catch(() => []) : resolvePages();
   const enriched = await enrichWithLastModified(pages, request).catch(() => pages);

package/dist/api-routes/section-add.js

@@ -5,21 +5,25 @@ import {
 import {
   guardPageAccess,
   parseSession
-} from "../chunk-INIWFKQ3.js";
+} from "../chunk-Q5HV47DW.js";
+import "../chunk-QVCW6EF3.js";
+import "../chunk-KENFINT4.js";
 import {
   resolveStorageConfigForRequest
 } from "../chunk-6UIKVKED.js";
+import "../chunk-ONP6BRZO.js";
 import "../chunk-5PIMDP4N.js";
 import "../chunk-45ARVNT3.js";
 import {
   resolveGitHubTokenForRequest
-} from "../chunk-NKDATSPA.js";
+} from "../chunk-DP6RTINQ.js";
 import "../chunk-TJNJKPUL.js";
 import {
   withTrailers
 } from "../chunk-KH22FJO5.js";
 
 // src/api-routes/section-add.ts
+import { isSafeKey } from "@setzkasten-cms/core";
 var POST = async ({ request, cookies }) => {
   const session = cookies.get("setzkasten_session")?.value;
   if (!session) return new Response("Unauthorized", { status: 401 });
@@ -40,7 +44,24 @@ var POST = async ({ request, cookies }) => {
     if (!pageKey || !sectionType) {
       return Response.json({ error: "pageKey and sectionType are required" }, { status: 400 });
     }
-    const denied = await guardPageAccess(parseSession(cookies.get("setzkasten_session")?.value), pageKey, fullConfig, request);
+    if (!isSafeKey(pageKey)) {
+      return Response.json({ error: "invalid pageKey" }, { status: 400 });
+    }
+    if (!isSafeKey(sectionType)) {
+      return Response.json({ error: "invalid sectionType" }, { status: 400 });
+    }
+    if (body.sectionKey !== void 0 && !isSafeKey(body.sectionKey)) {
+      return Response.json({ error: "invalid sectionKey" }, { status: 400 });
+    }
+    if (sourcePage !== void 0 && !isSafeKey(sourcePage)) {
+      return Response.json({ error: "invalid sourcePage" }, { status: 400 });
+    }
+    const denied = await guardPageAccess(
+      parseSession(cookies.get("setzkasten_session")?.value),
+      pageKey,
+      fullConfig,
+      request
+    );
     if (denied) return denied;
     const headers = {
       Authorization: `Bearer ${githubToken}`,
@@ -56,7 +77,10 @@ var POST = async ({ request, cookies }) => {
     const existingKeys = (pageConfig.sections ?? []).map((s) => s.key);
     const newKey = body.sectionKey ?? generateAddKey(existingKeys, sectionType);
     if (existingKeys.includes(newKey)) {
-      return Response.json({ error: `Key "${newKey}" already exists on this page` }, { status: 409 });
+      return Response.json(
+        { error: `Key "${newKey}" already exists on this page` },
+        { status: 409 }
+      );
     }
     let defaultContent = {};
     if (sourcePage) {
@@ -126,7 +150,13 @@ async function fetchFileContent(owner, repo, branch, path, token) {
   try {
     const res = await fetch(
       `https://api.github.com/repos/${owner}/${repo}/contents/${path}?ref=${branch}`,
-      { headers: { Authorization: `Bearer ${token}`, Accept: "application/vnd.github+json", "X-GitHub-Api-Version": "2022-11-28" } }
+      {
+        headers: {
+          Authorization: `Bearer ${token}`,
+          Accept: "application/vnd.github+json",
+          "X-GitHub-Api-Version": "2022-11-28"
+        }
+      }
     );
     if (!res.ok) return null;
     const data = await res.json();
@@ -137,16 +167,34 @@ async function fetchFileContent(owner, repo, branch, path, token) {
 }
 async function batchCommit(owner, repo, branch, files, message, headers) {
   try {
-    const refRes = await fetch(`https://api.github.com/repos/${owner}/${repo}/git/refs/heads/${branch}`, { headers });
+    const refRes = await fetch(
+      `https://api.github.com/repos/${owner}/${repo}/git/refs/heads/${branch}`,
+      { headers }
+    );
     if (!refRes.ok) return { ok: false, error: `Failed to get HEAD: ${refRes.status}` };
-    const { object: { sha: headSha } } = await refRes.json();
-    const commitRes = await fetch(`https://api.github.com/repos/${owner}/${repo}/git/commits/${headSha}`, { headers });
+    const {
+      object: { sha: headSha }
+    } = await refRes.json();
+    const commitRes = await fetch(
+      `https://api.github.com/repos/${owner}/${repo}/git/commits/${headSha}`,
+      { headers }
+    );
     if (!commitRes.ok) return { ok: false, error: `Failed to get commit: ${commitRes.status}` };
-    const { tree: { sha: baseSha } } = await commitRes.json();
+    const {
+      tree: { sha: baseSha }
+    } = await commitRes.json();
     const treeRes = await fetch(`https://api.github.com/repos/${owner}/${repo}/git/trees`, {
       method: "POST",
       headers,
-      body: JSON.stringify({ base_tree: baseSha, tree: files.map((f) => ({ path: f.path, mode: "100644", type: "blob", content: f.content })) })
+      body: JSON.stringify({
+        base_tree: baseSha,
+        tree: files.map((f) => ({
+          path: f.path,
+          mode: "100644",
+          type: "blob",
+          content: f.content
+        }))
+      })
     });
     if (!treeRes.ok) return { ok: false, error: `Failed to create tree: ${treeRes.status}` };
     const { sha: treeSha } = await treeRes.json();
@@ -155,13 +203,17 @@ async function batchCommit(owner, repo, branch, files, message, headers) {
       headers,
       body: JSON.stringify({ tree: treeSha, parents: [headSha], message })
     });
-    if (!newCommitRes.ok) return { ok: false, error: `Failed to create commit: ${newCommitRes.status}` };
+    if (!newCommitRes.ok)
+      return { ok: false, error: `Failed to create commit: ${newCommitRes.status}` };
     const { sha: newSha } = await newCommitRes.json();
-    const updateRes = await fetch(`https://api.github.com/repos/${owner}/${repo}/git/refs/heads/${branch}`, {
-      method: "PATCH",
-      headers,
-      body: JSON.stringify({ sha: newSha })
-    });
+    const updateRes = await fetch(
+      `https://api.github.com/repos/${owner}/${repo}/git/refs/heads/${branch}`,
+      {
+        method: "PATCH",
+        headers,
+        body: JSON.stringify({ sha: newSha })
+      }
+    );
     if (!updateRes.ok) return { ok: false, error: `Failed to update ref: ${updateRes.status}` };
     return { ok: true, sha: newSha };
   } catch (error) {