npm - @sonicjs-cms/core - Versions diffs - 2.0.0-alpha.1 → 2.0.0-alpha.11 - Mend

@sonicjs-cms/core 2.0.0-alpha.1 → 2.0.0-alpha.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (98) hide show

package/dist/chunk-3MNMOLSA.js +133 -0
package/dist/chunk-3MNMOLSA.js.map +1 -0
package/dist/{chunk-BRC3F4CG.cjs → chunk-6BHDKYLU.cjs} +8 -2
package/dist/{chunk-KRJMGD4E.js.map → chunk-6BHDKYLU.cjs.map} +1 -1
package/dist/{chunk-CXZDAR6S.js → chunk-7N3HK7ZK.js} +3 -3
package/dist/{chunk-CXZDAR6S.js.map → chunk-7N3HK7ZK.js.map} +1 -1
package/dist/chunk-AGOE25LF.cjs +137 -0
package/dist/chunk-AGOE25LF.cjs.map +1 -0
package/dist/{chunk-NRSL6BQI.js → chunk-BITQ4MFX.js} +3 -3
package/dist/{chunk-NRSL6BQI.js.map → chunk-BITQ4MFX.js.map} +1 -1
package/dist/{chunk-24PWAFUT.cjs → chunk-BUKT6HP5.cjs} +13 -13
package/dist/{chunk-24PWAFUT.cjs.map → chunk-BUKT6HP5.cjs.map} +1 -1
package/dist/chunk-DG4INX36.cjs +14246 -0
package/dist/chunk-DG4INX36.cjs.map +1 -0
package/dist/chunk-FDUDHGI6.js +14233 -0
package/dist/chunk-FDUDHGI6.js.map +1 -0
package/dist/{chunk-L3NXO7Y4.cjs → chunk-FVMV5DKA.cjs} +49 -49
package/dist/{chunk-L3NXO7Y4.cjs.map → chunk-FVMV5DKA.cjs.map} +1 -1
package/dist/{chunk-KRJMGD4E.js → chunk-FZYF43TN.js} +8 -2
package/dist/chunk-FZYF43TN.js.map +1 -0
package/dist/chunk-G4JGVZAF.js +1337 -0
package/dist/chunk-G4JGVZAF.js.map +1 -0
package/dist/{chunk-EMMSS5I5.cjs → chunk-IGJUBJBW.cjs} +8 -2
package/dist/{chunk-ALTMI5Y2.cjs.map → chunk-IGJUBJBW.cjs.map} +1 -1
package/dist/chunk-LEGKJ5DI.cjs +1344 -0
package/dist/chunk-LEGKJ5DI.cjs.map +1 -0
package/dist/{chunk-WJ7QYVR2.cjs → chunk-RNR4HA23.cjs} +4 -4
package/dist/{chunk-WJ7QYVR2.cjs.map → chunk-RNR4HA23.cjs.map} +1 -1
package/dist/{chunk-G3PMV62Z.js → chunk-V4OQ3NZ2.js} +7 -3
package/dist/{chunk-G3PMV62Z.js.map → chunk-V4OQ3NZ2.js.map} +1 -1
package/dist/{chunk-PTQZ5FEI.js → chunk-WESS2U3K.js} +3 -3
package/dist/{chunk-PTQZ5FEI.js.map → chunk-WESS2U3K.js.map} +1 -1
package/dist/index.cjs +147 -101
package/dist/index.cjs.map +1 -1
package/dist/index.d.ts +5 -135
package/dist/index.js +24 -9
package/dist/index.js.map +1 -1
package/dist/middleware.cjs +23 -23
package/dist/middleware.d.ts +2 -206
package/dist/middleware.js +3 -3
package/dist/plugins.cjs +8 -8
package/dist/plugins.d.ts +2 -330
package/dist/plugins.js +2 -2
package/dist/routes.cjs +52 -3
package/dist/routes.d.ts +2 -17
package/dist/routes.js +7 -2
package/dist/services.cjs +31 -19
package/dist/services.d.ts +2 -5
package/dist/services.js +3 -3
package/dist/templates.cjs +23 -10
package/dist/templates.d.ts +2 -140
package/dist/templates.js +3 -2
package/dist/types.cjs +1 -1
package/dist/types.d.ts +2 -41
package/dist/types.js +1 -1
package/dist/utils.cjs +1 -1
package/dist/utils.d.ts +2 -184
package/dist/utils.js +1 -1
package/migrations/001_initial_schema.sql +198 -0
package/migrations/002_faq_plugin.sql +86 -0
package/migrations/003_stage5_enhancements.sql +121 -0
package/migrations/004_stage6_user_management.sql +183 -0
package/migrations/005_stage7_workflow_automation.sql +294 -0
package/migrations/006_plugin_system.sql +155 -0
package/migrations/007_demo_login_plugin.sql +23 -0
package/migrations/008_fix_slug_validation.sql +22 -0
package/migrations/009_system_logging.sql +57 -0
package/migrations/011_config_managed_collections.sql +14 -0
package/migrations/012_testimonials_plugin.sql +80 -0
package/migrations/013_code_examples_plugin.sql +177 -0
package/migrations/014_fix_plugin_registry.sql +88 -0
package/migrations/015_add_remaining_plugins.sql +89 -0
package/migrations/016_remove_duplicate_cache_plugin.sql +17 -0
package/migrations/017_auth_configurable_fields.sql +49 -0
package/package.json +2 -2
package/dist/chunk-4URGXJP7.js +0 -3
package/dist/chunk-4URGXJP7.js.map +0 -1
package/dist/chunk-ALTMI5Y2.cjs +0 -4
package/dist/chunk-BOLQHE4J.cjs +0 -11
package/dist/chunk-BOLQHE4J.cjs.map +0 -1
package/dist/chunk-BRC3F4CG.cjs.map +0 -1
package/dist/chunk-EMMSS5I5.cjs.map +0 -1
package/dist/chunk-HD7R6T6I.js +0 -9
package/dist/chunk-HD7R6T6I.js.map +0 -1
package/dist/collection-config-FLlGtsh9.d.cts +0 -107
package/dist/collection-config-FLlGtsh9.d.ts +0 -107
package/dist/index-BlsY5XNH.d.ts +0 -8333
package/dist/index-D45jaIlr.d.cts +0 -8333
package/dist/index.d.cts +0 -136
package/dist/middleware.d.cts +0 -206
package/dist/plugin-UzmDImQc.d.cts +0 -357
package/dist/plugin-UzmDImQc.d.ts +0 -357
package/dist/plugins.d.cts +0 -330
package/dist/routes.d.cts +0 -17
package/dist/services.d.cts +0 -5
package/dist/templates.d.cts +0 -140
package/dist/types.d.cts +0 -41
package/dist/utils.d.cts +0 -184

package/migrations/002_faq_plugin.sql ADDED Viewed

@@ -0,0 +1,86 @@
+-- FAQ Plugin Migration (DEPRECATED - Now managed by third-party plugin)
+-- Creates FAQ table for the FAQ plugin
+-- NOTE: This migration is kept for historical purposes.
+-- The FAQ functionality is now provided by the faq-plugin third-party plugin.
+CREATE TABLE IF NOT EXISTS faqs (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  question TEXT NOT NULL,
+  answer TEXT NOT NULL,
+  category TEXT,
+  tags TEXT,
+  isPublished INTEGER NOT NULL DEFAULT 1,
+  sortOrder INTEGER NOT NULL DEFAULT 0,
+  created_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now')),
+  updated_at INTEGER NOT NULL DEFAULT (strftime('%s', 'now'))
+);
+-- Create indexes for better performance
+CREATE INDEX IF NOT EXISTS idx_faqs_category ON faqs(category);
+CREATE INDEX IF NOT EXISTS idx_faqs_published ON faqs(isPublished);
+CREATE INDEX IF NOT EXISTS idx_faqs_sort_order ON faqs(sortOrder);
+-- Create trigger to update updated_at timestamp
+CREATE TRIGGER IF NOT EXISTS faqs_updated_at
+  AFTER UPDATE ON faqs
+BEGIN
+  UPDATE faqs SET updated_at = strftime('%s', 'now') WHERE id = NEW.id;
+END;
+-- Insert sample FAQ data
+INSERT OR IGNORE INTO faqs (question, answer, category, tags, isPublished, sortOrder) VALUES
+('What is SonicJS AI?',
+'SonicJS AI is a modern, TypeScript-first headless CMS built for Cloudflare''s edge platform. It provides a complete content management system with admin interface, API endpoints, and plugin architecture.',
+'general',
+'sonicjs, cms, cloudflare',
+1,
+1),
+('How do I get started with SonicJS AI?',
+'To get started: 1) Clone the repository, 2) Install dependencies with npm install, 3) Set up your Cloudflare account and services, 4) Run the development server with npm run dev, 5) Access the admin interface at /admin.',
+'general',
+'getting-started, setup',
+1,
+2),
+('What technologies does SonicJS AI use?',
+'SonicJS AI is built with: TypeScript for type safety, Hono.js as the web framework, Cloudflare D1 for the database, Cloudflare R2 for media storage, Cloudflare Workers for serverless execution, and Tailwind CSS for styling.',
+'technical',
+'technology-stack, typescript, cloudflare',
+1,
+3),
+('How do I create content in SonicJS AI?',
+'Content creation is done through the admin interface. Navigate to /admin, log in with your credentials, go to Content section, select a collection, and click "New Content" to create articles, pages, or other content types.',
+'general',
+'content-creation, admin',
+1,
+4),
+('Is SonicJS AI free to use?',
+'SonicJS AI is open source and free to use. You only pay for the Cloudflare services you consume (D1 database, R2 storage, Workers execution time). Cloudflare offers generous free tiers for development and small projects.',
+'billing',
+'pricing, open-source, cloudflare',
+1,
+5),
+('How do I add custom functionality?',
+'SonicJS AI features a plugin system that allows you to extend functionality. You can create plugins using the PluginBuilder API, add custom routes, models, admin pages, and integrate with external services.',
+'technical',
+'plugins, customization, development',
+1,
+6),
+('Can I customize the admin interface?',
+'Yes! The admin interface is built with TypeScript templates and can be customized. You can modify existing templates, create new components, add custom pages, and integrate your own styling while maintaining the dark theme.',
+'technical',
+'admin-interface, customization, templates',
+1,
+7),
+('How does authentication work?',
+'SonicJS AI includes a built-in authentication system with JWT tokens, role-based access control (admin, editor, viewer), secure password hashing, and session management. Users can be managed through the admin interface.',
+'technical',
+'authentication, security, users',
+1,
+8);

package/migrations/003_stage5_enhancements.sql ADDED Viewed

@@ -0,0 +1,121 @@
+-- Stage 5: Advanced Content Management enhancements
+-- Add scheduling and workflow features to content table
+-- Add content scheduling columns
+ALTER TABLE content ADD COLUMN scheduled_publish_at INTEGER;
+ALTER TABLE content ADD COLUMN scheduled_unpublish_at INTEGER;
+-- Add workflow and review columns
+ALTER TABLE content ADD COLUMN review_status TEXT DEFAULT 'none'; -- none, pending, approved, rejected
+ALTER TABLE content ADD COLUMN reviewer_id TEXT REFERENCES users(id);
+ALTER TABLE content ADD COLUMN reviewed_at INTEGER;
+ALTER TABLE content ADD COLUMN review_notes TEXT;
+-- Add content metadata
+ALTER TABLE content ADD COLUMN meta_title TEXT;
+ALTER TABLE content ADD COLUMN meta_description TEXT;
+ALTER TABLE content ADD COLUMN featured_image_id TEXT REFERENCES media(id);
+ALTER TABLE content ADD COLUMN content_type TEXT DEFAULT 'standard'; -- standard, template, component
+-- Create content_fields table for dynamic field definitions
+CREATE TABLE IF NOT EXISTS content_fields (
+  id TEXT PRIMARY KEY,
+  collection_id TEXT NOT NULL REFERENCES collections(id),
+  field_name TEXT NOT NULL,
+  field_type TEXT NOT NULL, -- text, richtext, number, boolean, date, select, media, relationship
+  field_label TEXT NOT NULL,
+  field_options TEXT, -- JSON for select options, validation rules, etc.
+  field_order INTEGER NOT NULL DEFAULT 0,
+  is_required INTEGER NOT NULL DEFAULT 0,
+  is_searchable INTEGER NOT NULL DEFAULT 0,
+  created_at INTEGER NOT NULL,
+  updated_at INTEGER NOT NULL,
+  UNIQUE(collection_id, field_name)
+);
+-- Create content_relationships table for content relationships
+CREATE TABLE IF NOT EXISTS content_relationships (
+  id TEXT PRIMARY KEY,
+  source_content_id TEXT NOT NULL REFERENCES content(id),
+  target_content_id TEXT NOT NULL REFERENCES content(id),
+  relationship_type TEXT NOT NULL, -- references, tags, categories
+  created_at INTEGER NOT NULL,
+  UNIQUE(source_content_id, target_content_id, relationship_type)
+);
+-- Create workflow_templates table for reusable workflows
+CREATE TABLE IF NOT EXISTS workflow_templates (
+  id TEXT PRIMARY KEY,
+  name TEXT NOT NULL,
+  description TEXT,
+  collection_id TEXT REFERENCES collections(id), -- null means applies to all collections
+  workflow_steps TEXT NOT NULL, -- JSON array of workflow steps
+  is_active INTEGER NOT NULL DEFAULT 1,
+  created_at INTEGER NOT NULL,
+  updated_at INTEGER NOT NULL
+);
+-- Add indexes for new columns
+CREATE INDEX IF NOT EXISTS idx_content_scheduled_publish ON content(scheduled_publish_at);
+CREATE INDEX IF NOT EXISTS idx_content_scheduled_unpublish ON content(scheduled_unpublish_at);
+CREATE INDEX IF NOT EXISTS idx_content_review_status ON content(review_status);
+CREATE INDEX IF NOT EXISTS idx_content_reviewer ON content(reviewer_id);
+CREATE INDEX IF NOT EXISTS idx_content_content_type ON content(content_type);
+CREATE INDEX IF NOT EXISTS idx_content_fields_collection ON content_fields(collection_id);
+CREATE INDEX IF NOT EXISTS idx_content_fields_name ON content_fields(field_name);
+CREATE INDEX IF NOT EXISTS idx_content_fields_type ON content_fields(field_type);
+CREATE INDEX IF NOT EXISTS idx_content_fields_order ON content_fields(field_order);
+CREATE INDEX IF NOT EXISTS idx_content_relationships_source ON content_relationships(source_content_id);
+CREATE INDEX IF NOT EXISTS idx_content_relationships_target ON content_relationships(target_content_id);
+CREATE INDEX IF NOT EXISTS idx_content_relationships_type ON content_relationships(relationship_type);
+CREATE INDEX IF NOT EXISTS idx_workflow_templates_collection ON workflow_templates(collection_id);
+CREATE INDEX IF NOT EXISTS idx_workflow_templates_active ON workflow_templates(is_active);
+-- Insert default workflow template
+INSERT OR IGNORE INTO workflow_templates (
+  id, name, description, workflow_steps, is_active, created_at, updated_at
+) VALUES (
+  'default-content-workflow',
+  'Default Content Workflow',
+  'Standard content workflow: Draft → Review → Published',
+  '[
+    {"step": "draft", "name": "Draft", "description": "Content is being created", "permissions": ["author", "editor", "admin"]},
+    {"step": "review", "name": "Under Review", "description": "Content is pending review", "permissions": ["editor", "admin"]},
+    {"step": "published", "name": "Published", "description": "Content is live", "permissions": ["editor", "admin"]},
+    {"step": "archived", "name": "Archived", "description": "Content is archived", "permissions": ["admin"]}
+  ]',
+  1,
+  strftime('%s', 'now') * 1000,
+  strftime('%s', 'now') * 1000
+);
+-- Insert enhanced field definitions for existing collections
+INSERT OR IGNORE INTO content_fields (
+  id, collection_id, field_name, field_type, field_label, field_options, field_order, is_required, is_searchable, created_at, updated_at
+) VALUES
+-- Blog Posts fields
+('blog-title-field', 'blog-posts-collection', 'title', 'text', 'Title', '{"maxLength": 200, "placeholder": "Enter blog post title"}', 1, 1, 1, strftime('%s', 'now') * 1000, strftime('%s', 'now') * 1000),
+('blog-content-field', 'blog-posts-collection', 'content', 'richtext', 'Content', '{"toolbar": "full", "height": 400}', 2, 1, 1, strftime('%s', 'now') * 1000, strftime('%s', 'now') * 1000),
+('blog-excerpt-field', 'blog-posts-collection', 'excerpt', 'text', 'Excerpt', '{"maxLength": 500, "rows": 3, "placeholder": "Brief description of the post"}', 3, 0, 1, strftime('%s', 'now') * 1000, strftime('%s', 'now') * 1000),
+('blog-tags-field', 'blog-posts-collection', 'tags', 'select', 'Tags', '{"multiple": true, "options": ["technology", "business", "tutorial", "news", "update"], "allowCustom": true}', 4, 0, 1, strftime('%s', 'now') * 1000, strftime('%s', 'now') * 1000),
+('blog-featured-image-field', 'blog-posts-collection', 'featured_image', 'media', 'Featured Image', '{"accept": "image/*", "maxSize": "5MB"}', 5, 0, 0, strftime('%s', 'now') * 1000, strftime('%s', 'now') * 1000),
+('blog-publish-date-field', 'blog-posts-collection', 'publish_date', 'date', 'Publish Date', '{"format": "YYYY-MM-DD", "defaultToday": true}', 6, 0, 0, strftime('%s', 'now') * 1000, strftime('%s', 'now') * 1000),
+('blog-featured-field', 'blog-posts-collection', 'is_featured', 'boolean', 'Featured Post', '{"default": false}', 7, 0, 0, strftime('%s', 'now') * 1000, strftime('%s', 'now') * 1000),
+-- Pages fields
+('pages-title-field', 'pages-collection', 'title', 'text', 'Title', '{"maxLength": 200, "placeholder": "Enter page title"}', 1, 1, 1, strftime('%s', 'now') * 1000, strftime('%s', 'now') * 1000),
+('pages-content-field', 'pages-collection', 'content', 'richtext', 'Content', '{"toolbar": "full", "height": 500}', 2, 1, 1, strftime('%s', 'now') * 1000, strftime('%s', 'now') * 1000),
+('pages-slug-field', 'pages-collection', 'slug', 'text', 'URL Slug', '{"pattern": "^[a-z0-9-]+$", "placeholder": "url-friendly-slug"}', 3, 1, 0, strftime('%s', 'now') * 1000, strftime('%s', 'now') * 1000),
+('pages-meta-desc-field', 'pages-collection', 'meta_description', 'text', 'Meta Description', '{"maxLength": 160, "rows": 2, "placeholder": "SEO description for search engines"}', 4, 0, 0, strftime('%s', 'now') * 1000, strftime('%s', 'now') * 1000),
+('pages-template-field', 'pages-collection', 'template', 'select', 'Page Template', '{"options": ["default", "landing", "contact", "about"], "default": "default"}', 5, 0, 0, strftime('%s', 'now') * 1000, strftime('%s', 'now') * 1000),
+-- News fields
+('news-title-field', 'news-collection', 'title', 'text', 'Title', '{"maxLength": 200, "placeholder": "Enter news title"}', 1, 1, 1, strftime('%s', 'now') * 1000, strftime('%s', 'now') * 1000),
+('news-content-field', 'news-collection', 'content', 'richtext', 'Content', '{"toolbar": "news", "height": 400}', 2, 1, 1, strftime('%s', 'now') * 1000, strftime('%s', 'now') * 1000),
+('news-category-field', 'news-collection', 'category', 'select', 'Category', '{"options": ["technology", "business", "politics", "sports", "entertainment", "health"], "required": true}', 3, 1, 1, strftime('%s', 'now') * 1000, strftime('%s', 'now') * 1000),
+('news-author-field', 'news-collection', 'author', 'text', 'Author', '{"placeholder": "Author name"}', 4, 1, 1, strftime('%s', 'now') * 1000, strftime('%s', 'now') * 1000),
+('news-source-field', 'news-collection', 'source', 'text', 'Source', '{"placeholder": "News source"}', 5, 0, 1, strftime('%s', 'now') * 1000, strftime('%s', 'now') * 1000),
+('news-priority-field', 'news-collection', 'priority', 'select', 'Priority', '{"options": ["low", "normal", "high", "breaking"], "default": "normal"}', 6, 0, 0, strftime('%s', 'now') * 1000, strftime('%s', 'now') * 1000);

package/migrations/004_stage6_user_management.sql ADDED Viewed

@@ -0,0 +1,183 @@
+-- Stage 6: User Management & Permissions enhancements
+-- Enhanced user system with profiles, teams, permissions, and activity logging
+-- Add user profile and preferences columns
+ALTER TABLE users ADD COLUMN phone TEXT;
+ALTER TABLE users ADD COLUMN bio TEXT;
+ALTER TABLE users ADD COLUMN avatar_url TEXT;
+ALTER TABLE users ADD COLUMN timezone TEXT DEFAULT 'UTC';
+ALTER TABLE users ADD COLUMN language TEXT DEFAULT 'en';
+ALTER TABLE users ADD COLUMN email_notifications INTEGER DEFAULT 1;
+ALTER TABLE users ADD COLUMN theme TEXT DEFAULT 'dark';
+ALTER TABLE users ADD COLUMN two_factor_enabled INTEGER DEFAULT 0;
+ALTER TABLE users ADD COLUMN two_factor_secret TEXT;
+ALTER TABLE users ADD COLUMN password_reset_token TEXT;
+ALTER TABLE users ADD COLUMN password_reset_expires INTEGER;
+ALTER TABLE users ADD COLUMN email_verified INTEGER DEFAULT 0;
+ALTER TABLE users ADD COLUMN email_verification_token TEXT;
+ALTER TABLE users ADD COLUMN invitation_token TEXT;
+ALTER TABLE users ADD COLUMN invited_by TEXT REFERENCES users(id);
+ALTER TABLE users ADD COLUMN invited_at INTEGER;
+ALTER TABLE users ADD COLUMN accepted_invitation_at INTEGER;
+-- Create teams table for team-based collaboration
+CREATE TABLE IF NOT EXISTS teams (
+  id TEXT PRIMARY KEY,
+  name TEXT NOT NULL,
+  description TEXT,
+  slug TEXT NOT NULL UNIQUE,
+  owner_id TEXT NOT NULL REFERENCES users(id),
+  settings TEXT, -- JSON for team settings
+  is_active INTEGER NOT NULL DEFAULT 1,
+  created_at INTEGER NOT NULL,
+  updated_at INTEGER NOT NULL
+);
+-- Create team memberships table
+CREATE TABLE IF NOT EXISTS team_memberships (
+  id TEXT PRIMARY KEY,
+  team_id TEXT NOT NULL REFERENCES teams(id) ON DELETE CASCADE,
+  user_id TEXT NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+  role TEXT NOT NULL DEFAULT 'member', -- owner, admin, editor, member, viewer
+  permissions TEXT, -- JSON for specific permissions
+  joined_at INTEGER NOT NULL,
+  updated_at INTEGER NOT NULL,
+  UNIQUE(team_id, user_id)
+);
+-- Create permissions table for granular access control
+CREATE TABLE IF NOT EXISTS permissions (
+  id TEXT PRIMARY KEY,
+  name TEXT NOT NULL UNIQUE,
+  description TEXT,
+  category TEXT NOT NULL, -- content, users, collections, media, settings
+  created_at INTEGER NOT NULL
+);
+-- Create role permissions mapping
+CREATE TABLE IF NOT EXISTS role_permissions (
+  id TEXT PRIMARY KEY,
+  role TEXT NOT NULL,
+  permission_id TEXT NOT NULL REFERENCES permissions(id),
+  created_at INTEGER NOT NULL,
+  UNIQUE(role, permission_id)
+);
+-- Create user sessions table for better session management
+CREATE TABLE IF NOT EXISTS user_sessions (
+  id TEXT PRIMARY KEY,
+  user_id TEXT NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+  token_hash TEXT NOT NULL,
+  ip_address TEXT,
+  user_agent TEXT,
+  is_active INTEGER NOT NULL DEFAULT 1,
+  expires_at INTEGER NOT NULL,
+  created_at INTEGER NOT NULL,
+  last_used_at INTEGER
+);
+-- Create activity log table for audit trails
+CREATE TABLE IF NOT EXISTS activity_logs (
+  id TEXT PRIMARY KEY,
+  user_id TEXT REFERENCES users(id),
+  action TEXT NOT NULL,
+  resource_type TEXT, -- users, content, collections, media, etc.
+  resource_id TEXT,
+  details TEXT, -- JSON with additional details
+  ip_address TEXT,
+  user_agent TEXT,
+  created_at INTEGER NOT NULL
+);
+-- Create password history table for security
+CREATE TABLE IF NOT EXISTS password_history (
+  id TEXT PRIMARY KEY,
+  user_id TEXT NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+  password_hash TEXT NOT NULL,
+  created_at INTEGER NOT NULL
+);
+-- Insert default permissions
+INSERT OR IGNORE INTO permissions (id, name, description, category, created_at) VALUES
+  ('perm_content_create', 'content.create', 'Create new content', 'content', strftime('%s', 'now') * 1000),
+  ('perm_content_read', 'content.read', 'View content', 'content', strftime('%s', 'now') * 1000),
+  ('perm_content_update', 'content.update', 'Edit existing content', 'content', strftime('%s', 'now') * 1000),
+  ('perm_content_delete', 'content.delete', 'Delete content', 'content', strftime('%s', 'now') * 1000),
+  ('perm_content_publish', 'content.publish', 'Publish/unpublish content', 'content', strftime('%s', 'now') * 1000),
+  ('perm_collections_create', 'collections.create', 'Create new collections', 'collections', strftime('%s', 'now') * 1000),
+  ('perm_collections_read', 'collections.read', 'View collections', 'collections', strftime('%s', 'now') * 1000),
+  ('perm_collections_update', 'collections.update', 'Edit collections', 'collections', strftime('%s', 'now') * 1000),
+  ('perm_collections_delete', 'collections.delete', 'Delete collections', 'collections', strftime('%s', 'now') * 1000),
+  ('perm_collections_fields', 'collections.fields', 'Manage collection fields', 'collections', strftime('%s', 'now') * 1000),
+  ('perm_media_upload', 'media.upload', 'Upload media files', 'media', strftime('%s', 'now') * 1000),
+  ('perm_media_read', 'media.read', 'View media files', 'media', strftime('%s', 'now') * 1000),
+  ('perm_media_update', 'media.update', 'Edit media metadata', 'media', strftime('%s', 'now') * 1000),
+  ('perm_media_delete', 'media.delete', 'Delete media files', 'media', strftime('%s', 'now') * 1000),
+  ('perm_users_create', 'users.create', 'Invite new users', 'users', strftime('%s', 'now') * 1000),
+  ('perm_users_read', 'users.read', 'View user profiles', 'users', strftime('%s', 'now') * 1000),
+  ('perm_users_update', 'users.update', 'Edit user profiles', 'users', strftime('%s', 'now') * 1000),
+  ('perm_users_delete', 'users.delete', 'Deactivate users', 'users', strftime('%s', 'now') * 1000),
+  ('perm_users_roles', 'users.roles', 'Manage user roles', 'users', strftime('%s', 'now') * 1000),
+  ('perm_settings_read', 'settings.read', 'View system settings', 'settings', strftime('%s', 'now') * 1000),
+  ('perm_settings_update', 'settings.update', 'Modify system settings', 'settings', strftime('%s', 'now') * 1000),
+  ('perm_activity_read', 'activity.read', 'View activity logs', 'settings', strftime('%s', 'now') * 1000);
+-- Assign permissions to default roles
+INSERT OR IGNORE INTO role_permissions (id, role, permission_id, created_at) VALUES
+  -- Admin has all permissions
+  ('rp_admin_content_create', 'admin', 'perm_content_create', strftime('%s', 'now') * 1000),
+  ('rp_admin_content_read', 'admin', 'perm_content_read', strftime('%s', 'now') * 1000),
+  ('rp_admin_content_update', 'admin', 'perm_content_update', strftime('%s', 'now') * 1000),
+  ('rp_admin_content_delete', 'admin', 'perm_content_delete', strftime('%s', 'now') * 1000),
+  ('rp_admin_content_publish', 'admin', 'perm_content_publish', strftime('%s', 'now') * 1000),
+  ('rp_admin_collections_create', 'admin', 'perm_collections_create', strftime('%s', 'now') * 1000),
+  ('rp_admin_collections_read', 'admin', 'perm_collections_read', strftime('%s', 'now') * 1000),
+  ('rp_admin_collections_update', 'admin', 'perm_collections_update', strftime('%s', 'now') * 1000),
+  ('rp_admin_collections_delete', 'admin', 'perm_collections_delete', strftime('%s', 'now') * 1000),
+  ('rp_admin_collections_fields', 'admin', 'perm_collections_fields', strftime('%s', 'now') * 1000),
+  ('rp_admin_media_upload', 'admin', 'perm_media_upload', strftime('%s', 'now') * 1000),
+  ('rp_admin_media_read', 'admin', 'perm_media_read', strftime('%s', 'now') * 1000),
+  ('rp_admin_media_update', 'admin', 'perm_media_update', strftime('%s', 'now') * 1000),
+  ('rp_admin_media_delete', 'admin', 'perm_media_delete', strftime('%s', 'now') * 1000),
+  ('rp_admin_users_create', 'admin', 'perm_users_create', strftime('%s', 'now') * 1000),
+  ('rp_admin_users_read', 'admin', 'perm_users_read', strftime('%s', 'now') * 1000),
+  ('rp_admin_users_update', 'admin', 'perm_users_update', strftime('%s', 'now') * 1000),
+  ('rp_admin_users_delete', 'admin', 'perm_users_delete', strftime('%s', 'now') * 1000),
+  ('rp_admin_users_roles', 'admin', 'perm_users_roles', strftime('%s', 'now') * 1000),
+  ('rp_admin_settings_read', 'admin', 'perm_settings_read', strftime('%s', 'now') * 1000),
+  ('rp_admin_settings_update', 'admin', 'perm_settings_update', strftime('%s', 'now') * 1000),
+  ('rp_admin_activity_read', 'admin', 'perm_activity_read', strftime('%s', 'now') * 1000),
+  -- Editor permissions
+  ('rp_editor_content_create', 'editor', 'perm_content_create', strftime('%s', 'now') * 1000),
+  ('rp_editor_content_read', 'editor', 'perm_content_read', strftime('%s', 'now') * 1000),
+  ('rp_editor_content_update', 'editor', 'perm_content_update', strftime('%s', 'now') * 1000),
+  ('rp_editor_content_publish', 'editor', 'perm_content_publish', strftime('%s', 'now') * 1000),
+  ('rp_editor_collections_read', 'editor', 'perm_collections_read', strftime('%s', 'now') * 1000),
+  ('rp_editor_media_upload', 'editor', 'perm_media_upload', strftime('%s', 'now') * 1000),
+  ('rp_editor_media_read', 'editor', 'perm_media_read', strftime('%s', 'now') * 1000),
+  ('rp_editor_media_update', 'editor', 'perm_media_update', strftime('%s', 'now') * 1000),
+  ('rp_editor_users_read', 'editor', 'perm_users_read', strftime('%s', 'now') * 1000),
+  -- Viewer permissions
+  ('rp_viewer_content_read', 'viewer', 'perm_content_read', strftime('%s', 'now') * 1000),
+  ('rp_viewer_collections_read', 'viewer', 'perm_collections_read', strftime('%s', 'now') * 1000),
+  ('rp_viewer_media_read', 'viewer', 'perm_media_read', strftime('%s', 'now') * 1000),
+  ('rp_viewer_users_read', 'viewer', 'perm_users_read', strftime('%s', 'now') * 1000);
+-- Create indexes for performance
+CREATE INDEX IF NOT EXISTS idx_team_memberships_team_id ON team_memberships(team_id);
+CREATE INDEX IF NOT EXISTS idx_team_memberships_user_id ON team_memberships(user_id);
+CREATE INDEX IF NOT EXISTS idx_user_sessions_user_id ON user_sessions(user_id);
+CREATE INDEX IF NOT EXISTS idx_user_sessions_token_hash ON user_sessions(token_hash);
+CREATE INDEX IF NOT EXISTS idx_activity_logs_user_id ON activity_logs(user_id);
+CREATE INDEX IF NOT EXISTS idx_activity_logs_created_at ON activity_logs(created_at);
+CREATE INDEX IF NOT EXISTS idx_activity_logs_resource ON activity_logs(resource_type, resource_id);
+CREATE INDEX IF NOT EXISTS idx_password_history_user_id ON password_history(user_id);
+CREATE INDEX IF NOT EXISTS idx_users_email_verification_token ON users(email_verification_token);
+CREATE INDEX IF NOT EXISTS idx_users_password_reset_token ON users(password_reset_token);
+CREATE INDEX IF NOT EXISTS idx_users_invitation_token ON users(invitation_token);