@sonicjs-cms/core 2.0.4 → 2.0.5

package/dist/{chunk-RZW752PE.cjs → chunk-NPWWR6RI.cjs}

@@ -1,10 +1,10 @@
 'use strict';
 
-var chunk3NVJ6W27_cjs = require('./chunk-3NVJ6W27.cjs');
-var chunk4BJGEGX5_cjs = require('./chunk-4BJGEGX5.cjs');
-var chunkLEG4KNFP_cjs = require('./chunk-LEG4KNFP.cjs');
+var chunkDOR2IU73_cjs = require('./chunk-DOR2IU73.cjs');
+var chunkIM5SDXOE_cjs = require('./chunk-IM5SDXOE.cjs');
+var chunk3JMOWGUU_cjs = require('./chunk-3JMOWGUU.cjs');
 var chunk3SPQ3J4N_cjs = require('./chunk-3SPQ3J4N.cjs');
-var chunkBRPONFW6_cjs = require('./chunk-BRPONFW6.cjs');
+var chunkTRSHFTF6_cjs = require('./chunk-TRSHFTF6.cjs');
 var chunkRCQ2HIQD_cjs = require('./chunk-RCQ2HIQD.cjs');
 var hono = require('hono');
 var cors = require('hono/cors');
@@ -43,7 +43,7 @@ apiContentCrudRoutes.get("/:id", async (c) => {
     }, 500);
   }
 });
-apiContentCrudRoutes.post("/", chunk4BJGEGX5_cjs.requireAuth(), async (c) => {
+apiContentCrudRoutes.post("/", chunkIM5SDXOE_cjs.requireAuth(), async (c) => {
   try {
     const db = c.env.DB;
     const user = c.get("user");
@@ -80,11 +80,11 @@ apiContentCrudRoutes.post("/", chunk4BJGEGX5_cjs.requireAuth(), async (c) => {
       title,
       JSON.stringify(data || {}),
       status || "draft",
-      user?.userId || "unknown",
+      user?.userId || "system",
       now,
       now
     ).run();
-    const cache = chunk3NVJ6W27_cjs.getCacheService(chunk3NVJ6W27_cjs.CACHE_CONFIGS.api);
+    const cache = chunkDOR2IU73_cjs.getCacheService(chunkDOR2IU73_cjs.CACHE_CONFIGS.api);
     await cache.invalidate(`content:list:${collectionId}:*`);
     await cache.invalidate("content-filtered:*");
     const getStmt = db.prepare("SELECT * FROM content WHERE id = ?");
@@ -109,7 +109,7 @@ apiContentCrudRoutes.post("/", chunk4BJGEGX5_cjs.requireAuth(), async (c) => {
     }, 500);
   }
 });
-apiContentCrudRoutes.put("/:id", chunk4BJGEGX5_cjs.requireAuth(), async (c) => {
+apiContentCrudRoutes.put("/:id", chunkIM5SDXOE_cjs.requireAuth(), async (c) => {
   try {
     const id = c.req.param("id");
     const db = c.env.DB;
@@ -147,7 +147,7 @@ apiContentCrudRoutes.put("/:id", chunk4BJGEGX5_cjs.requireAuth(), async (c) => {
       WHERE id = ?
     `);
     await updateStmt.bind(...params).run();
-    const cache = chunk3NVJ6W27_cjs.getCacheService(chunk3NVJ6W27_cjs.CACHE_CONFIGS.api);
+    const cache = chunkDOR2IU73_cjs.getCacheService(chunkDOR2IU73_cjs.CACHE_CONFIGS.api);
     await cache.delete(cache.generateKey("content", id));
     await cache.invalidate(`content:list:${existing.collection_id}:*`);
     await cache.invalidate("content-filtered:*");
@@ -173,7 +173,7 @@ apiContentCrudRoutes.put("/:id", chunk4BJGEGX5_cjs.requireAuth(), async (c) => {
     }, 500);
   }
 });
-apiContentCrudRoutes.delete("/:id", chunk4BJGEGX5_cjs.requireAuth(), async (c) => {
+apiContentCrudRoutes.delete("/:id", chunkIM5SDXOE_cjs.requireAuth(), async (c) => {
   try {
     const id = c.req.param("id");
     const db = c.env.DB;
@@ -184,7 +184,7 @@ apiContentCrudRoutes.delete("/:id", chunk4BJGEGX5_cjs.requireAuth(), async (c) =
     }
     const deleteStmt = db.prepare("DELETE FROM content WHERE id = ?");
     await deleteStmt.bind(id).run();
-    const cache = chunk3NVJ6W27_cjs.getCacheService(chunk3NVJ6W27_cjs.CACHE_CONFIGS.api);
+    const cache = chunkDOR2IU73_cjs.getCacheService(chunkDOR2IU73_cjs.CACHE_CONFIGS.api);
     await cache.delete(cache.generateKey("content", id));
     await cache.invalidate(`content:list:${existing.collection_id}:*`);
     await cache.invalidate("content-filtered:*");
@@ -209,7 +209,7 @@ apiRoutes.use("*", async (c, next) => {
   c.header("X-Response-Time", `${totalTime}ms`);
 });
 apiRoutes.use("*", async (c, next) => {
-  const cacheEnabled = await chunk4BJGEGX5_cjs.isPluginActive(c.env.DB, "core-cache");
+  const cacheEnabled = await chunkIM5SDXOE_cjs.isPluginActive(c.env.DB, "core-cache");
   c.set("cacheEnabled", cacheEnabled);
   await next();
 });
@@ -257,7 +257,7 @@ apiRoutes.get("/collections", async (c) => {
   try {
     const db = c.env.DB;
     const cacheEnabled = c.get("cacheEnabled");
-    const cache = chunk3NVJ6W27_cjs.getCacheService(chunk3NVJ6W27_cjs.CACHE_CONFIGS.api);
+    const cache = chunkDOR2IU73_cjs.getCacheService(chunkDOR2IU73_cjs.CACHE_CONFIGS.api);
     const cacheKey = cache.generateKey("collections", "all");
     if (cacheEnabled) {
       const cacheResult = await cache.getWithSource(cacheKey);
@@ -334,12 +334,12 @@ apiRoutes.get("/content", async (c) => {
         });
       }
     }
-    const filter = chunkBRPONFW6_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
+    const filter = chunkTRSHFTF6_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
     if (!filter.limit) {
       filter.limit = 50;
     }
     filter.limit = Math.min(filter.limit, 1e3);
-    const builder = new chunkBRPONFW6_cjs.QueryFilterBuilder();
+    const builder = new chunkTRSHFTF6_cjs.QueryFilterBuilder();
     const queryResult = builder.build("content", filter);
     if (queryResult.errors.length > 0) {
       return c.json({
@@ -348,7 +348,7 @@ apiRoutes.get("/content", async (c) => {
       }, 400);
     }
     const cacheEnabled = c.get("cacheEnabled");
-    const cache = chunk3NVJ6W27_cjs.getCacheService(chunk3NVJ6W27_cjs.CACHE_CONFIGS.api);
+    const cache = chunkDOR2IU73_cjs.getCacheService(chunkDOR2IU73_cjs.CACHE_CONFIGS.api);
     const cacheKey = cache.generateKey("content-filtered", JSON.stringify({ filter, query: queryResult.sql }));
     if (cacheEnabled) {
       const cacheResult = await cache.getWithSource(cacheKey);
@@ -426,7 +426,7 @@ apiRoutes.get("/collections/:collection/content", async (c) => {
     if (!collectionResult) {
       return c.json({ error: "Collection not found" }, 404);
     }
-    const filter = chunkBRPONFW6_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
+    const filter = chunkTRSHFTF6_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
     if (!filter.where) {
       filter.where = { and: [] };
     }
@@ -442,7 +442,7 @@ apiRoutes.get("/collections/:collection/content", async (c) => {
       filter.limit = 50;
     }
     filter.limit = Math.min(filter.limit, 1e3);
-    const builder = new chunkBRPONFW6_cjs.QueryFilterBuilder();
+    const builder = new chunkTRSHFTF6_cjs.QueryFilterBuilder();
     const queryResult = builder.build("content", filter);
     if (queryResult.errors.length > 0) {
       return c.json({
@@ -451,7 +451,7 @@ apiRoutes.get("/collections/:collection/content", async (c) => {
       }, 400);
     }
     const cacheEnabled = c.get("cacheEnabled");
-    const cache = chunk3NVJ6W27_cjs.getCacheService(chunk3NVJ6W27_cjs.CACHE_CONFIGS.api);
+    const cache = chunkDOR2IU73_cjs.getCacheService(chunkDOR2IU73_cjs.CACHE_CONFIGS.api);
     const cacheKey = cache.generateKey("collection-content-filtered", `${collection}:${JSON.stringify({ filter, query: queryResult.sql })}`);
     if (cacheEnabled) {
       const cacheResult = await cache.getWithSource(cacheKey);
@@ -567,7 +567,7 @@ var fileValidationSchema = zod.z.object({
   // 50MB max
 });
 var apiMediaRoutes = new hono.Hono();
-apiMediaRoutes.use("*", chunk4BJGEGX5_cjs.requireAuth());
+apiMediaRoutes.use("*", chunkIM5SDXOE_cjs.requireAuth());
 apiMediaRoutes.post("/upload", async (c) => {
   try {
     const user = c.get("user");
@@ -673,6 +673,7 @@ apiMediaRoutes.post("/upload", async (c) => {
         size: mediaRecord.size,
         width: mediaRecord.width,
         height: mediaRecord.height,
+        r2_key: mediaRecord.r2_key,
         publicUrl: mediaRecord.public_url,
         thumbnailUrl: mediaRecord.thumbnail_url,
         uploadedAt: new Date(mediaRecord.uploaded_at * 1e3).toISOString()
@@ -799,6 +800,7 @@ apiMediaRoutes.post("/upload-multiple", async (c) => {
           size: mediaRecord.size,
           width: mediaRecord.width,
           height: mediaRecord.height,
+          r2_key: mediaRecord.r2_key,
           publicUrl: mediaRecord.public_url,
           thumbnailUrl: mediaRecord.thumbnail_url,
           uploadedAt: new Date(mediaRecord.uploaded_at * 1e3).toISOString()
@@ -1309,8 +1311,8 @@ apiSystemRoutes.get("/env", (c) => {
 });
 var api_system_default = apiSystemRoutes;
 var adminApiRoutes = new hono.Hono();
-adminApiRoutes.use("*", chunk4BJGEGX5_cjs.requireAuth());
-adminApiRoutes.use("*", chunk4BJGEGX5_cjs.requireRole(["admin", "editor"]));
+adminApiRoutes.use("*", chunkIM5SDXOE_cjs.requireAuth());
+adminApiRoutes.use("*", chunkIM5SDXOE_cjs.requireRole(["admin", "editor"]));
 adminApiRoutes.get("/stats", async (c) => {
   try {
     const db = c.env.DB;
@@ -1442,8 +1444,12 @@ adminApiRoutes.get("/activity", async (c) => {
 });
 var createCollectionSchema = zod.z.object({
   name: zod.z.string().min(1).max(255).regex(/^[a-z0-9_]+$/, "Must contain only lowercase letters, numbers, and underscores"),
-  display_name: zod.z.string().min(1).max(255),
+  displayName: zod.z.string().min(1).max(255).optional(),
+  display_name: zod.z.string().min(1).max(255).optional(),
   description: zod.z.string().optional()
+}).refine((data) => data.displayName || data.display_name, {
+  message: "Either displayName or display_name is required",
+  path: ["displayName"]
 });
 var updateCollectionSchema = zod.z.object({
   display_name: zod.z.string().min(1).max(255).optional(),
@@ -1530,15 +1536,16 @@ adminApiRoutes.get("/collections/:id", async (c) => {
       updated_at: Number(row.updated_at)
     }));
     return c.json({
-      data: {
-        ...collection,
-        is_active: collection.is_active === 1,
-        managed: collection.managed === 1,
-        schema: collection.schema ? JSON.parse(collection.schema) : null,
-        created_at: Number(collection.created_at),
-        updated_at: Number(collection.updated_at),
-        fields
-      }
+      id: collection.id,
+      name: collection.name,
+      display_name: collection.display_name,
+      description: collection.description,
+      is_active: collection.is_active === 1,
+      managed: collection.managed === 1,
+      schema: collection.schema ? JSON.parse(collection.schema) : null,
+      created_at: Number(collection.created_at),
+      updated_at: Number(collection.updated_at),
+      fields
     });
   } catch (error) {
     console.error("Error fetching collection:", error);
@@ -1547,7 +1554,16 @@ adminApiRoutes.get("/collections/:id", async (c) => {
 });
 adminApiRoutes.post("/collections", async (c) => {
   try {
-    const body = await c.req.json();
+    const contentType = c.req.header("Content-Type");
+    if (!contentType || !contentType.includes("application/json")) {
+      return c.json({ error: "Content-Type must be application/json" }, 400);
+    }
+    let body;
+    try {
+      body = await c.req.json();
+    } catch (e) {
+      return c.json({ error: "Invalid JSON in request body" }, 400);
+    }
     const validation = createCollectionSchema.safeParse(body);
     if (!validation.success) {
       return c.json({ error: "Validation failed", details: validation.error.errors }, 400);
@@ -1555,6 +1571,7 @@ adminApiRoutes.post("/collections", async (c) => {
     const validatedData = validation.data;
     const db = c.env.DB;
     const user = c.get("user");
+    const displayName = validatedData.displayName || validatedData.display_name || "";
     const existingStmt = db.prepare("SELECT id FROM collections WHERE name = ?");
     const existing = await existingStmt.bind(validatedData.name).first();
     if (existing) {
@@ -1591,7 +1608,7 @@ adminApiRoutes.post("/collections", async (c) => {
     await insertStmt.bind(
       collectionId,
       validatedData.name,
-      validatedData.display_name,
+      displayName,
       validatedData.description || null,
       JSON.stringify(basicSchema),
       1,
@@ -1606,13 +1623,11 @@ adminApiRoutes.post("/collections", async (c) => {
       console.error("Error clearing cache:", e);
     }
     return c.json({
-      data: {
-        id: collectionId,
-        name: validatedData.name,
-        display_name: validatedData.display_name,
-        description: validatedData.description,
-        created_at: now
-      }
+      id: collectionId,
+      name: validatedData.name,
+      displayName,
+      description: validatedData.description,
+      created_at: now
     }, 201);
   } catch (error) {
     console.error("Error creating collection:", error);
@@ -1676,6 +1691,11 @@ adminApiRoutes.delete("/collections/:id", async (c) => {
   try {
     const id = c.req.param("id");
     const db = c.env.DB;
+    const collectionStmt = db.prepare("SELECT name FROM collections WHERE id = ?");
+    const collection = await collectionStmt.bind(id).first();
+    if (!collection) {
+      return c.json({ error: "Collection not found" }, 404);
+    }
     const contentStmt = db.prepare("SELECT COUNT(*) as count FROM content WHERE collection_id = ?");
     const contentResult = await contentStmt.bind(id).first();
     if (contentResult && contentResult.count > 0) {
@@ -1683,17 +1703,13 @@ adminApiRoutes.delete("/collections/:id", async (c) => {
         error: `Cannot delete collection: it contains ${contentResult.count} content item(s). Delete all content first.`
       }, 400);
     }
-    const collectionStmt = db.prepare("SELECT name FROM collections WHERE id = ?");
-    const collection = await collectionStmt.bind(id).first();
     const deleteFieldsStmt = db.prepare("DELETE FROM content_fields WHERE collection_id = ?");
     await deleteFieldsStmt.bind(id).run();
     const deleteStmt = db.prepare("DELETE FROM collections WHERE id = ?");
     await deleteStmt.bind(id).run();
     try {
       await c.env.CACHE_KV.delete("cache:collections:all");
-      if (collection) {
-        await c.env.CACHE_KV.delete(`cache:collection:${collection.name}`);
-      }
+      await c.env.CACHE_KV.delete(`cache:collection:${collection.name}`);
     } catch (e) {
       console.error("Error clearing cache:", e);
     }
@@ -2126,7 +2142,7 @@ authRoutes.post(
       if (existingUser) {
         return c.json({ error: "User with this email or username already exists" }, 400);
       }
-      const passwordHash = await chunk4BJGEGX5_cjs.AuthManager.hashPassword(password);
+      const passwordHash = await chunkIM5SDXOE_cjs.AuthManager.hashPassword(password);
       const userId = crypto.randomUUID();
       const now = /* @__PURE__ */ new Date();
       await db.prepare(`
@@ -2146,7 +2162,7 @@ authRoutes.post(
         now.getTime(),
         now.getTime()
       ).run();
-      const token = await chunk4BJGEGX5_cjs.AuthManager.generateToken(userId, normalizedEmail, "viewer");
+      const token = await chunkIM5SDXOE_cjs.AuthManager.generateToken(userId, normalizedEmail, "viewer");
       cookie.setCookie(c, "auth_token", token, {
         httpOnly: true,
         secure: true,
@@ -2181,7 +2197,7 @@ authRoutes.post("/login", async (c) => {
     const { email, password } = validation.data;
     const db = c.env.DB;
     const normalizedEmail = email.toLowerCase();
-    const cache = chunk3NVJ6W27_cjs.getCacheService(chunk3NVJ6W27_cjs.CACHE_CONFIGS.user);
+    const cache = chunkDOR2IU73_cjs.getCacheService(chunkDOR2IU73_cjs.CACHE_CONFIGS.user);
     let user = await cache.get(cache.generateKey("user", `email:${normalizedEmail}`));
     if (!user) {
       user = await db.prepare("SELECT * FROM users WHERE email = ? AND is_active = 1").bind(normalizedEmail).first();
@@ -2193,11 +2209,11 @@ authRoutes.post("/login", async (c) => {
     if (!user) {
       return c.json({ error: "Invalid email or password" }, 401);
     }
-    const isValidPassword = await chunk4BJGEGX5_cjs.AuthManager.verifyPassword(password, user.password_hash);
+    const isValidPassword = await chunkIM5SDXOE_cjs.AuthManager.verifyPassword(password, user.password_hash);
     if (!isValidPassword) {
       return c.json({ error: "Invalid email or password" }, 401);
     }
-    const token = await chunk4BJGEGX5_cjs.AuthManager.generateToken(user.id, user.email, user.role);
+    const token = await chunkIM5SDXOE_cjs.AuthManager.generateToken(user.id, user.email, user.role);
     cookie.setCookie(c, "auth_token", token, {
       httpOnly: true,
       secure: true,
@@ -2246,7 +2262,7 @@ authRoutes.get("/logout", (c) => {
   });
   return c.redirect("/auth/login?message=You have been logged out successfully");
 });
-authRoutes.get("/me", chunk4BJGEGX5_cjs.requireAuth(), async (c) => {
+authRoutes.get("/me", chunkIM5SDXOE_cjs.requireAuth(), async (c) => {
   try {
     const user = c.get("user");
     if (!user) {
@@ -2263,13 +2279,13 @@ authRoutes.get("/me", chunk4BJGEGX5_cjs.requireAuth(), async (c) => {
     return c.json({ error: "Failed to get user" }, 500);
   }
 });
-authRoutes.post("/refresh", chunk4BJGEGX5_cjs.requireAuth(), async (c) => {
+authRoutes.post("/refresh", chunkIM5SDXOE_cjs.requireAuth(), async (c) => {
   try {
     const user = c.get("user");
     if (!user) {
       return c.json({ error: "Not authenticated" }, 401);
     }
-    const token = await chunk4BJGEGX5_cjs.AuthManager.generateToken(user.userId, user.email, user.role);
+    const token = await chunkIM5SDXOE_cjs.AuthManager.generateToken(user.userId, user.email, user.role);
     cookie.setCookie(c, "auth_token", token, {
       httpOnly: true,
       secure: true,
@@ -2319,7 +2335,7 @@ authRoutes.post("/register/form", async (c) => {
         </div>
       `);
     }
-    const passwordHash = await chunk4BJGEGX5_cjs.AuthManager.hashPassword(password);
+    const passwordHash = await chunkIM5SDXOE_cjs.AuthManager.hashPassword(password);
     const userId = crypto.randomUUID();
     const now = /* @__PURE__ */ new Date();
     await db.prepare(`
@@ -2339,7 +2355,7 @@ authRoutes.post("/register/form", async (c) => {
       now.getTime(),
       now.getTime()
     ).run();
-    const token = await chunk4BJGEGX5_cjs.AuthManager.generateToken(userId, normalizedEmail, "admin");
+    const token = await chunkIM5SDXOE_cjs.AuthManager.generateToken(userId, normalizedEmail, "admin");
     cookie.setCookie(c, "auth_token", token, {
       httpOnly: true,
       secure: false,
@@ -2390,7 +2406,7 @@ authRoutes.post("/login/form", async (c) => {
         </div>
       `);
     }
-    const isValidPassword = await chunk4BJGEGX5_cjs.AuthManager.verifyPassword(password, user.password_hash);
+    const isValidPassword = await chunkIM5SDXOE_cjs.AuthManager.verifyPassword(password, user.password_hash);
     if (!isValidPassword) {
       return c.html(html.html`
         <div class="bg-red-100 border border-red-400 text-red-700 px-4 py-3 rounded">
@@ -2398,7 +2414,7 @@ authRoutes.post("/login/form", async (c) => {
         </div>
       `);
     }
-    const token = await chunk4BJGEGX5_cjs.AuthManager.generateToken(user.id, user.email, user.role);
+    const token = await chunkIM5SDXOE_cjs.AuthManager.generateToken(user.id, user.email, user.role);
     cookie.setCookie(c, "auth_token", token, {
       httpOnly: true,
       secure: false,
@@ -2467,7 +2483,7 @@ authRoutes.post("/seed-admin", async (c) => {
         }
       });
     }
-    const passwordHash = await chunk4BJGEGX5_cjs.AuthManager.hashPassword("admin123");
+    const passwordHash = await chunkIM5SDXOE_cjs.AuthManager.hashPassword("admin123");
     const userId = "admin-user-id";
     const now = Date.now();
     const adminEmail = "admin@sonicjs.com".toLowerCase();
@@ -2687,7 +2703,7 @@ authRoutes.post("/accept-invitation", async (c) => {
     if (existingUsername) {
       return c.json({ error: "Username is already taken" }, 400);
     }
-    const passwordHash = await chunk4BJGEGX5_cjs.AuthManager.hashPassword(password);
+    const passwordHash = await chunkIM5SDXOE_cjs.AuthManager.hashPassword(password);
     const updateStmt = db.prepare(`
       UPDATE users SET 
         username = ?,
@@ -2706,7 +2722,7 @@ authRoutes.post("/accept-invitation", async (c) => {
       Date.now(),
       invitedUser.id
     ).run();
-    const authToken = await chunk4BJGEGX5_cjs.AuthManager.generateToken(invitedUser.id, invitedUser.email, invitedUser.role);
+    const authToken = await chunkIM5SDXOE_cjs.AuthManager.generateToken(invitedUser.id, invitedUser.email, invitedUser.role);
     cookie.setCookie(c, "auth_token", authToken, {
       httpOnly: true,
       secure: true,
@@ -2936,7 +2952,7 @@ authRoutes.post("/reset-password", async (c) => {
     if (Date.now() > user.password_reset_expires) {
       return c.json({ error: "Reset token has expired" }, 400);
     }
-    const newPasswordHash = await chunk4BJGEGX5_cjs.AuthManager.hashPassword(password);
+    const newPasswordHash = await chunkIM5SDXOE_cjs.AuthManager.hashPassword(password);
     try {
       const historyStmt = db.prepare(`
         INSERT INTO password_history (id, user_id, password_hash, created_at)
@@ -4741,9 +4757,9 @@ var isPluginActive2 = () => false;
 
 // src/routes/admin-content.ts
 var adminContentRoutes = new hono.Hono();
-adminContentRoutes.use("*", chunk4BJGEGX5_cjs.requireAuth());
+adminContentRoutes.use("*", chunkIM5SDXOE_cjs.requireAuth());
 async function getCollectionFields(db, collectionId) {
-  const cache = chunk3NVJ6W27_cjs.getCacheService(chunk3NVJ6W27_cjs.CACHE_CONFIGS.collection);
+  const cache = chunkDOR2IU73_cjs.getCacheService(chunkDOR2IU73_cjs.CACHE_CONFIGS.collection);
   return cache.getOrSet(
     cache.generateKey("fields", collectionId),
     async () => {
@@ -4767,7 +4783,7 @@ async function getCollectionFields(db, collectionId) {
   );
 }
 async function getCollection(db, collectionId) {
-  const cache = chunk3NVJ6W27_cjs.getCacheService(chunk3NVJ6W27_cjs.CACHE_CONFIGS.collection);
+  const cache = chunkDOR2IU73_cjs.getCacheService(chunkDOR2IU73_cjs.CACHE_CONFIGS.collection);
   return cache.getOrSet(
     cache.generateKey("collection", collectionId),
     async () => {
@@ -5023,7 +5039,7 @@ adminContentRoutes.get("/:id/edit", async (c) => {
     const db = c.env.DB;
     const url = new URL(c.req.url);
     const referrerParams = url.searchParams.get("ref") || "";
-    const cache = chunk3NVJ6W27_cjs.getCacheService(chunk3NVJ6W27_cjs.CACHE_CONFIGS.content);
+    const cache = chunkDOR2IU73_cjs.getCacheService(chunkDOR2IU73_cjs.CACHE_CONFIGS.content);
     const content = await cache.getOrSet(
       cache.generateKey("content", id),
       async () => {
@@ -5192,11 +5208,11 @@ adminContentRoutes.post("/", async (c) => {
     const now = Date.now();
     const insertStmt = db.prepare(`
       INSERT INTO content (
-        id, collection_id, slug, title, data, status, 
+        id, collection_id, slug, title, data, status,
         scheduled_publish_at, scheduled_unpublish_at,
-        meta_title, meta_description, author_id, created_at, updated_at
+        meta_title, meta_description, author_id, created_by, created_at, updated_at
       )
-      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
     `);
     await insertStmt.bind(
       contentId,
@@ -5210,10 +5226,11 @@ adminContentRoutes.post("/", async (c) => {
       data.meta_title || null,
       data.meta_description || null,
       user?.userId || "unknown",
+      user?.userId || "unknown",
       now,
       now
     ).run();
-    const cache = chunk3NVJ6W27_cjs.getCacheService(chunk3NVJ6W27_cjs.CACHE_CONFIGS.content);
+    const cache = chunkDOR2IU73_cjs.getCacheService(chunkDOR2IU73_cjs.CACHE_CONFIGS.content);
     await cache.invalidate(`content:list:${collectionId}:*`);
     const versionStmt = db.prepare(`
       INSERT INTO content_versions (id, content_id, version, data, author_id, created_at)
@@ -5361,7 +5378,7 @@ adminContentRoutes.put("/:id", async (c) => {
       now,
       id
     ).run();
-    const cache = chunk3NVJ6W27_cjs.getCacheService(chunk3NVJ6W27_cjs.CACHE_CONFIGS.content);
+    const cache = chunkDOR2IU73_cjs.getCacheService(chunkDOR2IU73_cjs.CACHE_CONFIGS.content);
     await cache.delete(cache.generateKey("content", id));
     await cache.invalidate(`content:list:${existingContent.collection_id}:*`);
     const existingData = JSON.parse(existingContent.data || "{}");
@@ -5511,10 +5528,10 @@ adminContentRoutes.post("/duplicate", async (c) => {
     originalData.title = `${originalData.title || "Untitled"} (Copy)`;
     const insertStmt = db.prepare(`
       INSERT INTO content (
-        id, collection_id, slug, title, data, status, 
-        author_id, created_at, updated_at
+        id, collection_id, slug, title, data, status,
+        author_id, created_by, created_at, updated_at
       )
-      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
     `);
     await insertStmt.bind(
       newId,
@@ -5525,6 +5542,7 @@ adminContentRoutes.post("/duplicate", async (c) => {
       "draft",
       // Always start as draft
       user?.userId || "unknown",
+      user?.userId || "unknown",
       now,
       now
     ).run();
@@ -5654,7 +5672,7 @@ adminContentRoutes.post("/bulk-action", async (c) => {
     } else {
       return c.json({ success: false, error: "Invalid action" });
     }
-    const cache = chunk3NVJ6W27_cjs.getCacheService(chunk3NVJ6W27_cjs.CACHE_CONFIGS.content);
+    const cache = chunkDOR2IU73_cjs.getCacheService(chunkDOR2IU73_cjs.CACHE_CONFIGS.content);
     for (const contentId of ids) {
       await cache.delete(cache.generateKey("content", contentId));
     }
@@ -5682,7 +5700,7 @@ adminContentRoutes.delete("/:id", async (c) => {
       WHERE id = ?
     `);
     await deleteStmt.bind(now, id).run();
-    const cache = chunk3NVJ6W27_cjs.getCacheService(chunk3NVJ6W27_cjs.CACHE_CONFIGS.content);
+    const cache = chunkDOR2IU73_cjs.getCacheService(chunkDOR2IU73_cjs.CACHE_CONFIGS.content);
     await cache.delete(cache.generateKey("content", id));
     await cache.invalidate("content:list:*");
     return c.html(`
@@ -5875,6 +5893,11 @@ var admin_content_default = adminContentRoutes;
 
 // src/templates/pages/admin-profile.template.ts
 chunk3SPQ3J4N_cjs.init_admin_layout_catalyst_template();
+function renderAvatarImage(avatarUrl, firstName, lastName) {
+  return `<div id="avatar-image-container" class="w-24 h-24 rounded-full mx-auto mb-4 overflow-hidden bg-gradient-to-br from-cyan-400 to-purple-400 flex items-center justify-center ring-4 ring-zinc-950/5 dark:ring-white/10">
+    ${avatarUrl ? `<img src="${avatarUrl}" alt="Profile picture" class="w-full h-full object-cover">` : `<span class="text-2xl font-bold text-white">${firstName.charAt(0)}${lastName.charAt(0)}</span>`}
+  </div>`;
+}
 function renderProfilePage(data) {
   const pageContent = `
     <div class="space-y-8">
@@ -6073,9 +6096,7 @@ function renderProfilePage(data) {
             <h3 class="text-base font-semibold text-zinc-950 dark:text-white mb-4">Profile Picture</h3>
 
             <div class="text-center">
-              <div class="w-24 h-24 rounded-full mx-auto mb-4 overflow-hidden bg-gradient-to-br from-cyan-400 to-purple-400 flex items-center justify-center ring-4 ring-zinc-950/5 dark:ring-white/10">
-                ${data.profile.avatar_url ? `<img src="${data.profile.avatar_url}" alt="Profile picture" class="w-full h-full object-cover">` : `<span class="text-2xl font-bold text-white">${data.profile.first_name.charAt(0)}${data.profile.last_name.charAt(0)}</span>`}
-              </div>
+              ${renderAvatarImage(data.profile.avatar_url, data.profile.first_name, data.profile.last_name)}
 
               <form id="avatar-form" hx-post="/admin/profile/avatar" hx-target="#avatar-messages" hx-encoding="multipart/form-data">
                 <input
@@ -6723,7 +6744,7 @@ function renderUserEditPage(data) {
                     <input
                       type="text"
                       name="first_name"
-                      value="${chunkBRPONFW6_cjs.escapeHtml(data.userToEdit.firstName || "")}"
+                      value="${chunkTRSHFTF6_cjs.escapeHtml(data.userToEdit.firstName || "")}"
                       required
                       class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
                     />
@@ -6734,7 +6755,7 @@ function renderUserEditPage(data) {
                     <input
                       type="text"
                       name="last_name"
-                      value="${chunkBRPONFW6_cjs.escapeHtml(data.userToEdit.lastName || "")}"
+                      value="${chunkTRSHFTF6_cjs.escapeHtml(data.userToEdit.lastName || "")}"
                       required
                       class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
                     />
@@ -6745,7 +6766,7 @@ function renderUserEditPage(data) {
                     <input
                       type="text"
                       name="username"
-                      value="${chunkBRPONFW6_cjs.escapeHtml(data.userToEdit.username || "")}"
+                      value="${chunkTRSHFTF6_cjs.escapeHtml(data.userToEdit.username || "")}"
                       required
                       class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
                     />
@@ -6756,7 +6777,7 @@ function renderUserEditPage(data) {
                     <input
                       type="email"
                       name="email"
-                      value="${chunkBRPONFW6_cjs.escapeHtml(data.userToEdit.email || "")}"
+                      value="${chunkTRSHFTF6_cjs.escapeHtml(data.userToEdit.email || "")}"
                       required
                       class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
                     />
@@ -6767,7 +6788,7 @@ function renderUserEditPage(data) {
                     <input
                       type="tel"
                       name="phone"
-                      value="${chunkBRPONFW6_cjs.escapeHtml(data.userToEdit.phone || "")}"
+                      value="${chunkTRSHFTF6_cjs.escapeHtml(data.userToEdit.phone || "")}"
                       class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
                     />
                   </div>
@@ -6781,7 +6802,7 @@ function renderUserEditPage(data) {
                         class="col-start-1 row-start-1 w-full appearance-none rounded-md bg-white/5 dark:bg-white/5 py-1.5 pl-3 pr-8 text-base text-zinc-950 dark:text-white outline outline-1 -outline-offset-1 outline-zinc-500/30 dark:outline-zinc-400/30 *:bg-white dark:*:bg-zinc-800 focus-visible:outline focus-visible:outline-2 focus-visible:-outline-offset-2 focus-visible:outline-zinc-500 dark:focus-visible:outline-zinc-400 sm:text-sm/6"
                       >
                         ${data.roles.map((role) => `
-                          <option value="${chunkBRPONFW6_cjs.escapeHtml(role.value)}" ${data.userToEdit.role === role.value ? "selected" : ""}>${chunkBRPONFW6_cjs.escapeHtml(role.label)}</option>
+                          <option value="${chunkTRSHFTF6_cjs.escapeHtml(role.value)}" ${data.userToEdit.role === role.value ? "selected" : ""}>${chunkTRSHFTF6_cjs.escapeHtml(role.label)}</option>
                         `).join("")}
                       </select>
                       <svg viewBox="0 0 16 16" fill="currentColor" data-slot="icon" aria-hidden="true" class="pointer-events-none col-start-1 row-start-1 mr-2 size-5 self-center justify-self-end text-zinc-600 dark:text-zinc-400 sm:size-4">
@@ -6797,7 +6818,7 @@ function renderUserEditPage(data) {
                     name="bio"
                     rows="3"
                     class="w-full rounded-lg bg-white dark:bg-zinc-800 px-3 py-2 text-sm text-zinc-950 dark:text-white shadow-sm ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 placeholder:text-zinc-400 dark:placeholder:text-zinc-500 focus:outline-none focus:ring-2 focus:ring-zinc-950 dark:focus:ring-white transition-shadow"
-                  >${chunkBRPONFW6_cjs.escapeHtml(data.userToEdit.bio || "")}</textarea>
+                  >${chunkTRSHFTF6_cjs.escapeHtml(data.userToEdit.bio || "")}</textarea>
                 </div>
               </div>
 
@@ -7697,7 +7718,7 @@ function renderUsersListPage(data) {
 
 // src/routes/admin-users.ts
 var userRoutes = new hono.Hono();
-userRoutes.use("*", chunk4BJGEGX5_cjs.requireAuth());
+userRoutes.use("*", chunkIM5SDXOE_cjs.requireAuth());
 userRoutes.get("/", (c) => {
   return c.redirect("/admin/dashboard");
 });
@@ -7796,12 +7817,12 @@ userRoutes.put("/profile", async (c) => {
   const db = c.env.DB;
   try {
     const formData = await c.req.formData();
-    const firstName = chunkBRPONFW6_cjs.sanitizeInput(formData.get("first_name")?.toString());
-    const lastName = chunkBRPONFW6_cjs.sanitizeInput(formData.get("last_name")?.toString());
-    const username = chunkBRPONFW6_cjs.sanitizeInput(formData.get("username")?.toString());
+    const firstName = chunkTRSHFTF6_cjs.sanitizeInput(formData.get("first_name")?.toString());
+    const lastName = chunkTRSHFTF6_cjs.sanitizeInput(formData.get("last_name")?.toString());
+    const username = chunkTRSHFTF6_cjs.sanitizeInput(formData.get("username")?.toString());
     const email = formData.get("email")?.toString()?.trim().toLowerCase() || "";
-    const phone = chunkBRPONFW6_cjs.sanitizeInput(formData.get("phone")?.toString()) || null;
-    const bio = chunkBRPONFW6_cjs.sanitizeInput(formData.get("bio")?.toString()) || null;
+    const phone = chunkTRSHFTF6_cjs.sanitizeInput(formData.get("phone")?.toString()) || null;
+    const bio = chunkTRSHFTF6_cjs.sanitizeInput(formData.get("bio")?.toString()) || null;
     const timezone = formData.get("timezone")?.toString() || "UTC";
     const language = formData.get("language")?.toString() || "en";
     const emailNotifications = formData.get("email_notifications") === "1";
@@ -7852,7 +7873,7 @@ userRoutes.put("/profile", async (c) => {
       Date.now(),
       user.userId
     ).run();
-    await chunk4BJGEGX5_cjs.logActivity(
+    await chunkIM5SDXOE_cjs.logActivity(
       db,
       user.userId,
       "profile.update",
@@ -7911,7 +7932,11 @@ userRoutes.post("/profile/avatar", async (c) => {
       WHERE id = ?
     `);
     await updateStmt.bind(avatarUrl, Date.now(), user.userId).run();
-    await chunk4BJGEGX5_cjs.logActivity(
+    const userStmt = db.prepare(`
+      SELECT first_name, last_name FROM users WHERE id = ?
+    `);
+    const userData = await userStmt.bind(user.userId).first();
+    await chunkIM5SDXOE_cjs.logActivity(
       db,
       user.userId,
       "profile.avatar_update",
@@ -7921,11 +7946,18 @@ userRoutes.post("/profile/avatar", async (c) => {
       c.req.header("x-forwarded-for") || c.req.header("cf-connecting-ip"),
       c.req.header("user-agent")
     );
-    return c.html(renderAlert2({
+    const alertHtml = renderAlert2({
       type: "success",
       message: "Profile picture updated successfully!",
       dismissible: true
-    }));
+    });
+    const avatarUrlWithCache = `${avatarUrl}?t=${Date.now()}`;
+    const avatarImageHtml = renderAvatarImage(avatarUrlWithCache, userData.first_name, userData.last_name);
+    const avatarImageWithOob = avatarImageHtml.replace(
+      'id="avatar-image-container"',
+      'id="avatar-image-container" hx-swap-oob="true"'
+    );
+    return c.html(alertHtml + avatarImageWithOob);
   } catch (error) {
     console.error("Avatar upload error:", error);
     return c.html(renderAlert2({
@@ -7975,7 +8007,7 @@ userRoutes.post("/profile/password", async (c) => {
         dismissible: true
       }));
     }
-    const validPassword = await chunk4BJGEGX5_cjs.AuthManager.verifyPassword(currentPassword, userData.password_hash);
+    const validPassword = await chunkIM5SDXOE_cjs.AuthManager.verifyPassword(currentPassword, userData.password_hash);
     if (!validPassword) {
       return c.html(renderAlert2({
         type: "error",
@@ -7983,7 +8015,7 @@ userRoutes.post("/profile/password", async (c) => {
         dismissible: true
       }));
     }
-    const newPasswordHash = await chunk4BJGEGX5_cjs.AuthManager.hashPassword(newPassword);
+    const newPasswordHash = await chunkIM5SDXOE_cjs.AuthManager.hashPassword(newPassword);
     const historyStmt = db.prepare(`
       INSERT INTO password_history (id, user_id, password_hash, created_at)
       VALUES (?, ?, ?, ?)
@@ -7999,7 +8031,7 @@ userRoutes.post("/profile/password", async (c) => {
       WHERE id = ?
     `);
     await updateStmt.bind(newPasswordHash, Date.now(), user.userId).run();
-    await chunk4BJGEGX5_cjs.logActivity(
+    await chunkIM5SDXOE_cjs.logActivity(
       db,
       user.userId,
       "profile.password_change",
@@ -8066,7 +8098,7 @@ userRoutes.get("/users", async (c) => {
     `);
     const countResult = await countStmt.bind(...params).first();
     const totalUsers = countResult?.total || 0;
-    await chunk4BJGEGX5_cjs.logActivity(
+    await chunkIM5SDXOE_cjs.logActivity(
       db,
       user.userId,
       "users.list_view",
@@ -8168,12 +8200,12 @@ userRoutes.post("/users/new", async (c) => {
   const user = c.get("user");
   try {
     const formData = await c.req.formData();
-    const firstName = chunkBRPONFW6_cjs.sanitizeInput(formData.get("first_name")?.toString());
-    const lastName = chunkBRPONFW6_cjs.sanitizeInput(formData.get("last_name")?.toString());
-    const username = chunkBRPONFW6_cjs.sanitizeInput(formData.get("username")?.toString());
+    const firstName = chunkTRSHFTF6_cjs.sanitizeInput(formData.get("first_name")?.toString());
+    const lastName = chunkTRSHFTF6_cjs.sanitizeInput(formData.get("last_name")?.toString());
+    const username = chunkTRSHFTF6_cjs.sanitizeInput(formData.get("username")?.toString());
     const email = formData.get("email")?.toString()?.trim().toLowerCase() || "";
-    const phone = chunkBRPONFW6_cjs.sanitizeInput(formData.get("phone")?.toString()) || null;
-    const bio = chunkBRPONFW6_cjs.sanitizeInput(formData.get("bio")?.toString()) || null;
+    const phone = chunkTRSHFTF6_cjs.sanitizeInput(formData.get("phone")?.toString()) || null;
+    const bio = chunkTRSHFTF6_cjs.sanitizeInput(formData.get("bio")?.toString()) || null;
     const role = formData.get("role")?.toString() || "viewer";
     const password = formData.get("password")?.toString() || "";
     const confirmPassword = formData.get("confirm_password")?.toString() || "";
@@ -8220,7 +8252,7 @@ userRoutes.post("/users/new", async (c) => {
         dismissible: true
       }));
     }
-    const passwordHash = await chunk4BJGEGX5_cjs.AuthManager.hashPassword(password);
+    const passwordHash = await chunkIM5SDXOE_cjs.AuthManager.hashPassword(password);
     const userId = globalThis.crypto.randomUUID();
     const createStmt = db.prepare(`
       INSERT INTO users (
@@ -8243,7 +8275,7 @@ userRoutes.post("/users/new", async (c) => {
       Date.now(),
       Date.now()
     ).run();
-    await chunk4BJGEGX5_cjs.logActivity(
+    await chunkIM5SDXOE_cjs.logActivity(
       db,
       user.userId,
       "user!.create",
@@ -8281,7 +8313,7 @@ userRoutes.get("/users/:id", async (c) => {
     if (!userRecord) {
       return c.json({ error: "User not found" }, 404);
     }
-    await chunk4BJGEGX5_cjs.logActivity(
+    await chunkIM5SDXOE_cjs.logActivity(
       db,
       user.userId,
       "user!.view",
@@ -8374,12 +8406,12 @@ userRoutes.put("/users/:id", async (c) => {
   const userId = c.req.param("id");
   try {
     const formData = await c.req.formData();
-    const firstName = chunkBRPONFW6_cjs.sanitizeInput(formData.get("first_name")?.toString());
-    const lastName = chunkBRPONFW6_cjs.sanitizeInput(formData.get("last_name")?.toString());
-    const username = chunkBRPONFW6_cjs.sanitizeInput(formData.get("username")?.toString());
+    const firstName = chunkTRSHFTF6_cjs.sanitizeInput(formData.get("first_name")?.toString());
+    const lastName = chunkTRSHFTF6_cjs.sanitizeInput(formData.get("last_name")?.toString());
+    const username = chunkTRSHFTF6_cjs.sanitizeInput(formData.get("username")?.toString());
     const email = formData.get("email")?.toString()?.trim().toLowerCase() || "";
-    const phone = chunkBRPONFW6_cjs.sanitizeInput(formData.get("phone")?.toString()) || null;
-    const bio = chunkBRPONFW6_cjs.sanitizeInput(formData.get("bio")?.toString()) || null;
+    const phone = chunkTRSHFTF6_cjs.sanitizeInput(formData.get("phone")?.toString()) || null;
+    const bio = chunkTRSHFTF6_cjs.sanitizeInput(formData.get("bio")?.toString()) || null;
     const role = formData.get("role")?.toString() || "viewer";
     const isActive = formData.get("is_active") === "1";
     const emailVerified = formData.get("email_verified") === "1";
@@ -8430,7 +8462,7 @@ userRoutes.put("/users/:id", async (c) => {
       Date.now(),
       userId
     ).run();
-    await chunk4BJGEGX5_cjs.logActivity(
+    await chunkIM5SDXOE_cjs.logActivity(
       db,
       user.userId,
       "user!.update",
@@ -8476,7 +8508,7 @@ userRoutes.delete("/users/:id", async (c) => {
         DELETE FROM users WHERE id = ?
       `);
       await deleteStmt.bind(userId).run();
-      await chunk4BJGEGX5_cjs.logActivity(
+      await chunkIM5SDXOE_cjs.logActivity(
         db,
         user.userId,
         "user!.hard_delete",
@@ -8495,7 +8527,7 @@ userRoutes.delete("/users/:id", async (c) => {
         UPDATE users SET is_active = 0, updated_at = ? WHERE id = ?
       `);
       await deleteStmt.bind(Date.now(), userId).run();
-      await chunk4BJGEGX5_cjs.logActivity(
+      await chunkIM5SDXOE_cjs.logActivity(
         db,
         user.userId,
         "user!.soft_delete",
@@ -8522,8 +8554,8 @@ userRoutes.post("/invite-user", async (c) => {
     const formData = await c.req.formData();
     const email = formData.get("email")?.toString()?.trim().toLowerCase() || "";
     const role = formData.get("role")?.toString()?.trim() || "viewer";
-    const firstName = chunkBRPONFW6_cjs.sanitizeInput(formData.get("first_name")?.toString());
-    const lastName = chunkBRPONFW6_cjs.sanitizeInput(formData.get("last_name")?.toString());
+    const firstName = chunkTRSHFTF6_cjs.sanitizeInput(formData.get("first_name")?.toString());
+    const lastName = chunkTRSHFTF6_cjs.sanitizeInput(formData.get("last_name")?.toString());
     if (!email || !firstName || !lastName) {
       return c.json({ error: "Email, first name, and last name are required" }, 400);
     }
@@ -8562,7 +8594,7 @@ userRoutes.post("/invite-user", async (c) => {
       Date.now(),
       Date.now()
     ).run();
-    await chunk4BJGEGX5_cjs.logActivity(
+    await chunkIM5SDXOE_cjs.logActivity(
       db,
       user.userId,
       "user!.invite_sent",
@@ -8619,7 +8651,7 @@ userRoutes.post("/resend-invitation/:id", async (c) => {
       Date.now(),
       userId
     ).run();
-    await chunk4BJGEGX5_cjs.logActivity(
+    await chunkIM5SDXOE_cjs.logActivity(
       db,
       user.userId,
       "user!.invitation_resent",
@@ -8655,7 +8687,7 @@ userRoutes.delete("/cancel-invitation/:id", async (c) => {
     }
     const deleteStmt = db.prepare(`DELETE FROM users WHERE id = ?`);
     await deleteStmt.bind(userId).run();
-    await chunk4BJGEGX5_cjs.logActivity(
+    await chunkIM5SDXOE_cjs.logActivity(
       db,
       user.userId,
       "user!.invitation_cancelled",
@@ -8738,7 +8770,7 @@ userRoutes.get("/activity-logs", async (c) => {
       ...log,
       details: log.details ? JSON.parse(log.details) : null
     }));
-    await chunk4BJGEGX5_cjs.logActivity(
+    await chunkIM5SDXOE_cjs.logActivity(
       db,
       user.userId,
       "activity.logs_viewed",
@@ -8845,7 +8877,7 @@ userRoutes.get("/activity-logs/export", async (c) => {
       csvRows.push(row.join(","));
     }
     const csvContent = csvRows.join("\n");
-    await chunk4BJGEGX5_cjs.logActivity(
+    await chunkIM5SDXOE_cjs.logActivity(
       db,
       user.userId,
       "activity.logs_exported",
@@ -9157,8 +9189,10 @@ function renderMediaLibraryPage(data) {
                 </button>
                 <button
                   class="w-full text-left px-3 py-2 text-sm text-zinc-700 dark:text-zinc-300 hover:text-zinc-950 dark:hover:text-white hover:bg-zinc-50 dark:hover:bg-zinc-800/50 rounded-lg transition-colors"
-                  hx-delete="/media/cleanup"
+                  hx-delete="/admin/media/cleanup"
                   hx-confirm="Delete unused files?"
+                  hx-target="body"
+                  hx-swap="beforeend"
                 >
                   Cleanup Unused
                 </button>
@@ -10182,7 +10216,7 @@ var fileValidationSchema2 = zod.z.object({
   // 50MB max
 });
 var adminMediaRoutes = new hono.Hono();
-adminMediaRoutes.use("*", chunk4BJGEGX5_cjs.requireAuth());
+adminMediaRoutes.use("*", chunkIM5SDXOE_cjs.requireAuth());
 adminMediaRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -10761,6 +10795,87 @@ adminMediaRoutes.put("/:id", async (c) => {
     `);
   }
 });
+adminMediaRoutes.delete("/cleanup", chunkIM5SDXOE_cjs.requireRole("admin"), async (c) => {
+  try {
+    const db = c.env.DB;
+    const allMediaStmt = db.prepare("SELECT id, r2_key, filename FROM media WHERE deleted_at IS NULL");
+    const { results: allMedia } = await allMediaStmt.all();
+    const contentStmt = db.prepare("SELECT data FROM content");
+    const { results: contentRecords } = await contentStmt.all();
+    const referencedUrls = /* @__PURE__ */ new Set();
+    for (const record of contentRecords) {
+      if (record.data) {
+        const dataStr = typeof record.data === "string" ? record.data : JSON.stringify(record.data);
+        const urlMatches = dataStr.matchAll(/\/files\/([^\s"',]+)/g);
+        for (const match of urlMatches) {
+          referencedUrls.add(match[1]);
+        }
+      }
+    }
+    const unusedFiles = allMedia.filter((file) => !referencedUrls.has(file.r2_key));
+    if (unusedFiles.length === 0) {
+      return c.html(html.html`
+        <div class="bg-blue-100 border border-blue-400 text-blue-700 px-4 py-3 rounded">
+          No unused media files found. All files are referenced in content.
+        </div>
+        <script>
+          setTimeout(() => {
+            window.location.href = '/admin/media?t=' + Date.now();
+          }, 2000);
+        </script>
+      `);
+    }
+    let deletedCount = 0;
+    const errors = [];
+    for (const file of unusedFiles) {
+      try {
+        await c.env.MEDIA_BUCKET.delete(file.r2_key);
+        const deleteStmt = db.prepare("UPDATE media SET deleted_at = ? WHERE id = ?");
+        await deleteStmt.bind(Math.floor(Date.now() / 1e3), file.id).run();
+        deletedCount++;
+      } catch (error) {
+        console.error(`Failed to delete ${file.filename}:`, error);
+        errors.push({
+          filename: file.filename,
+          error: error instanceof Error ? error.message : "Unknown error"
+        });
+      }
+    }
+    return c.html(html.html`
+      <div class="bg-green-100 border border-green-400 text-green-700 px-4 py-3 rounded mb-4">
+        Successfully cleaned up ${deletedCount} unused media file${deletedCount !== 1 ? "s" : ""}.
+        ${errors.length > 0 ? html.html`
+          <br><span class="text-sm">Failed to delete ${errors.length} file${errors.length !== 1 ? "s" : ""}.</span>
+        ` : ""}
+      </div>
+
+      ${errors.length > 0 ? html.html`
+        <div class="bg-red-100 border border-red-400 text-red-700 px-4 py-3 rounded">
+          <p class="font-medium">Cleanup errors:</p>
+          <ul class="list-disc list-inside mt-2 text-sm">
+            ${errors.map((error) => html.html`
+              <li>${error.filename}: ${error.error}</li>
+            `)}
+          </ul>
+        </div>
+      ` : ""}
+
+      <script>
+        // Refresh media library after cleanup
+        setTimeout(() => {
+          window.location.href = '/admin/media?t=' + Date.now();
+        }, 2500);
+      </script>
+    `);
+  } catch (error) {
+    console.error("Cleanup error:", error);
+    return c.html(html.html`
+      <div class="bg-red-100 border border-red-400 text-red-700 px-4 py-3 rounded">
+        Cleanup failed: ${error instanceof Error ? error.message : "Unknown error"}
+      </div>
+    `);
+  }
+});
 adminMediaRoutes.delete("/:id", async (c) => {
   try {
     const user = c.get("user");
@@ -12216,7 +12331,7 @@ function formatTimestamp(timestamp) {
 
 // src/routes/admin-plugins.ts
 var adminPluginRoutes = new hono.Hono();
-adminPluginRoutes.use("*", chunk4BJGEGX5_cjs.requireAuth());
+adminPluginRoutes.use("*", chunkIM5SDXOE_cjs.requireAuth());
 adminPluginRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -12224,7 +12339,7 @@ adminPluginRoutes.get("/", async (c) => {
     if (user?.role !== "admin") {
       return c.text("Access denied", 403);
     }
-    const pluginService = new chunkLEG4KNFP_cjs.PluginService(db);
+    const pluginService = new chunk3JMOWGUU_cjs.PluginService(db);
     let plugins = [];
     let stats = { total: 0, active: 0, inactive: 0, errors: 0 };
     try {
@@ -12274,7 +12389,7 @@ adminPluginRoutes.get("/:id", async (c) => {
     if (user?.role !== "admin") {
       return c.redirect("/admin/plugins");
     }
-    const pluginService = new chunkLEG4KNFP_cjs.PluginService(db);
+    const pluginService = new chunk3JMOWGUU_cjs.PluginService(db);
     const plugin = await pluginService.getPlugin(pluginId);
     if (!plugin) {
       return c.text("Plugin not found", 404);
@@ -12328,7 +12443,7 @@ adminPluginRoutes.post("/:id/activate", async (c) => {
     if (user?.role !== "admin") {
       return c.json({ error: "Access denied" }, 403);
     }
-    const pluginService = new chunkLEG4KNFP_cjs.PluginService(db);
+    const pluginService = new chunk3JMOWGUU_cjs.PluginService(db);
     await pluginService.activatePlugin(pluginId);
     return c.json({ success: true });
   } catch (error) {
@@ -12345,7 +12460,7 @@ adminPluginRoutes.post("/:id/deactivate", async (c) => {
     if (user?.role !== "admin") {
       return c.json({ error: "Access denied" }, 403);
     }
-    const pluginService = new chunkLEG4KNFP_cjs.PluginService(db);
+    const pluginService = new chunk3JMOWGUU_cjs.PluginService(db);
     await pluginService.deactivatePlugin(pluginId);
     return c.json({ success: true });
   } catch (error) {
@@ -12362,7 +12477,7 @@ adminPluginRoutes.post("/install", async (c) => {
       return c.json({ error: "Access denied" }, 403);
     }
     const body = await c.req.json();
-    const pluginService = new chunkLEG4KNFP_cjs.PluginService(db);
+    const pluginService = new chunk3JMOWGUU_cjs.PluginService(db);
     if (body.name === "faq-plugin") {
       const faqPlugin = await pluginService.installPlugin({
         id: "third-party-faq",
@@ -12512,7 +12627,7 @@ adminPluginRoutes.post("/:id/uninstall", async (c) => {
     if (user?.role !== "admin") {
       return c.json({ error: "Access denied" }, 403);
     }
-    const pluginService = new chunkLEG4KNFP_cjs.PluginService(db);
+    const pluginService = new chunk3JMOWGUU_cjs.PluginService(db);
     await pluginService.uninstallPlugin(pluginId);
     return c.json({ success: true });
   } catch (error) {
@@ -12530,7 +12645,7 @@ adminPluginRoutes.post("/:id/settings", async (c) => {
       return c.json({ error: "Access denied" }, 403);
     }
     const settings = await c.req.json();
-    const pluginService = new chunkLEG4KNFP_cjs.PluginService(db);
+    const pluginService = new chunk3JMOWGUU_cjs.PluginService(db);
     await pluginService.updatePluginSettings(pluginId, settings);
     return c.json({ success: true });
   } catch (error) {
@@ -13326,11 +13441,11 @@ function renderLogConfigPage(data) {
 
 // src/routes/admin-logs.ts
 var adminLogsRoutes = new hono.Hono();
-adminLogsRoutes.use("*", chunk4BJGEGX5_cjs.requireAuth());
+adminLogsRoutes.use("*", chunkIM5SDXOE_cjs.requireAuth());
 adminLogsRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
-    const logger = chunk3NVJ6W27_cjs.getLogger(c.env.DB);
+    const logger = chunkDOR2IU73_cjs.getLogger(c.env.DB);
     const query = c.req.query();
     const page = parseInt(query.page || "1");
     const limit = parseInt(query.limit || "50");
@@ -13410,7 +13525,7 @@ adminLogsRoutes.get("/:id", async (c) => {
   try {
     const id = c.req.param("id");
     const user = c.get("user");
-    const logger = chunk3NVJ6W27_cjs.getLogger(c.env.DB);
+    const logger = chunkDOR2IU73_cjs.getLogger(c.env.DB);
     const { logs } = await logger.getLogs({
       limit: 1,
       offset: 0,
@@ -13447,7 +13562,7 @@ adminLogsRoutes.get("/:id", async (c) => {
 adminLogsRoutes.get("/config", async (c) => {
   try {
     const user = c.get("user");
-    const logger = chunk3NVJ6W27_cjs.getLogger(c.env.DB);
+    const logger = chunkDOR2IU73_cjs.getLogger(c.env.DB);
     const configs = await logger.getAllConfigs();
     const pageData = {
       configs,
@@ -13471,7 +13586,7 @@ adminLogsRoutes.post("/config/:category", async (c) => {
     const level = formData.get("level");
     const retention = parseInt(formData.get("retention"));
     const maxSize = parseInt(formData.get("max_size"));
-    const logger = chunk3NVJ6W27_cjs.getLogger(c.env.DB);
+    const logger = chunkDOR2IU73_cjs.getLogger(c.env.DB);
     await logger.updateConfig(category, {
       enabled,
       level,
@@ -13500,7 +13615,7 @@ adminLogsRoutes.get("/export", async (c) => {
     const category = query.category;
     const startDate = query.start_date;
     const endDate = query.end_date;
-    const logger = chunk3NVJ6W27_cjs.getLogger(c.env.DB);
+    const logger = chunkDOR2IU73_cjs.getLogger(c.env.DB);
     const filter = {
       limit: 1e4,
       // Export up to 10k logs
@@ -13581,7 +13696,7 @@ adminLogsRoutes.post("/cleanup", async (c) => {
         error: "Unauthorized. Admin access required."
       }, 403);
     }
-    const logger = chunk3NVJ6W27_cjs.getLogger(c.env.DB);
+    const logger = chunkDOR2IU73_cjs.getLogger(c.env.DB);
     await logger.cleanupByRetention();
     return c.html(html.html`
       <div class="bg-green-100 border border-green-400 text-green-700 px-4 py-3 rounded">
@@ -13603,7 +13718,7 @@ adminLogsRoutes.post("/search", async (c) => {
     const search = formData.get("search");
     const level = formData.get("level");
     const category = formData.get("category");
-    const logger = chunk3NVJ6W27_cjs.getLogger(c.env.DB);
+    const logger = chunkDOR2IU73_cjs.getLogger(c.env.DB);
     const filter = {
       limit: 20,
       offset: 0,
@@ -16259,9 +16374,9 @@ function renderStorageUsage(databaseSizeBytes, mediaSizeBytes) {
 }
 
 // src/routes/admin-dashboard.ts
-var VERSION = chunkBRPONFW6_cjs.getCoreVersion();
+var VERSION = chunkTRSHFTF6_cjs.getCoreVersion();
 var router = new hono.Hono();
-router.use("*", chunk4BJGEGX5_cjs.requireAuth());
+router.use("*", chunkIM5SDXOE_cjs.requireAuth());
 router.get("/", async (c) => {
   const user = c.get("user");
   try {
@@ -16324,14 +16439,14 @@ router.get("/stats", async (c) => {
     } catch (error) {
       console.error("Error fetching users count:", error);
     }
-    const html9 = renderStatsCards({
+    const html8 = renderStatsCards({
       collections: collectionsCount,
       contentItems: contentCount,
       mediaFiles: mediaCount,
       users: usersCount,
       mediaSize
     });
-    return c.html(html9);
+    return c.html(html8);
   } catch (error) {
     console.error("Error fetching stats:", error);
     return c.html('<div class="text-red-500">Failed to load statistics</div>');
@@ -16355,8 +16470,8 @@ router.get("/storage", async (c) => {
     } catch (error) {
       console.error("Error fetching media size:", error);
     }
-    const html9 = renderStorageUsage(databaseSize, mediaSize);
-    return c.html(html9);
+    const html8 = renderStorageUsage(databaseSize, mediaSize);
+    return c.html(html8);
   } catch (error) {
     console.error("Error fetching storage usage:", error);
     return c.html('<div class="text-red-500">Failed to load storage information</div>');
@@ -16405,12 +16520,12 @@ router.get("/recent-activity", async (c) => {
         user: userName
       };
     });
-    const html9 = renderRecentActivity(activities);
-    return c.html(html9);
+    const html8 = renderRecentActivity(activities);
+    return c.html(html8);
   } catch (error) {
     console.error("Error fetching recent activity:", error);
-    const html9 = renderRecentActivity([]);
-    return c.html(html9);
+    const html8 = renderRecentActivity([]);
+    return c.html(html8);
   }
 });
 router.get("/api/metrics", async (c) => {
@@ -16423,7 +16538,7 @@ router.get("/api/metrics", async (c) => {
 });
 router.get("/system-status", async (c) => {
   try {
-    const html9 = `
+    const html8 = `
       <div class="grid grid-cols-1 sm:grid-cols-2 gap-4">
         <div class="relative group">
           <div class="absolute inset-0 bg-gradient-to-br from-blue-500/20 to-cyan-500/20 dark:from-blue-500/10 dark:to-cyan-500/10 rounded-xl opacity-0 group-hover:opacity-100 transition-opacity duration-300"></div>
@@ -16478,7 +16593,7 @@ router.get("/system-status", async (c) => {
         </div>
       </div>
     `;
-    return c.html(html9);
+    return c.html(html8);
   } catch (error) {
     console.error("Error fetching system status:", error);
     return c.html('<div class="text-red-500">Failed to load system status</div>');
@@ -17742,7 +17857,7 @@ function renderCollectionFormPage(data) {
 
 // src/routes/admin-collections.ts
 var adminCollectionsRoutes = new hono.Hono();
-adminCollectionsRoutes.use("*", chunk4BJGEGX5_cjs.requireAuth());
+adminCollectionsRoutes.use("*", chunkIM5SDXOE_cjs.requireAuth());
 adminCollectionsRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -18234,31 +18349,52 @@ function renderSettingsPage(data) {
       // Initialize tab-specific features on page load
       const currentTab = '${activeTab}';
 
-      function saveAllSettings() {
+      async function saveAllSettings() {
         // Collect all form data
         const formData = new FormData();
-        
-        // Get all form inputs
-        document.querySelectorAll('input, select, textarea').forEach(input => {
+
+        // Get all form inputs in the settings content area
+        document.querySelectorAll('#settings-content input, #settings-content select, #settings-content textarea').forEach(input => {
           if (input.type === 'checkbox') {
-            formData.append(input.name, input.checked);
+            formData.append(input.name, input.checked ? 'true' : 'false');
           } else if (input.name) {
             formData.append(input.name, input.value);
           }
         });
-        
+
         // Show loading state
         const saveBtn = document.querySelector('button[onclick="saveAllSettings()"]');
         const originalText = saveBtn.innerHTML;
-        saveBtn.innerHTML = 'Saving...';
+        saveBtn.innerHTML = '<svg class="animate-spin -ml-0.5 mr-1.5 h-5 w-5 inline" fill="none" stroke="currentColor" viewBox="0 0 24 24"><circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"></circle><path class="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4z"></path></svg>Saving...';
         saveBtn.disabled = true;
-        
-        // Simulate save (replace with actual API call)
-        setTimeout(() => {
+
+        try {
+          // Determine which endpoint to call based on current tab
+          let endpoint = '/admin/settings/general';
+          if (currentTab === 'general') {
+            endpoint = '/admin/settings/general';
+          }
+          // Add more endpoints for other tabs when implemented
+
+          const response = await fetch(endpoint, {
+            method: 'POST',
+            body: formData
+          });
+
+          const result = await response.json();
+
+          if (result.success) {
+            showNotification(result.message || 'Settings saved successfully!', 'success');
+          } else {
+            showNotification(result.error || 'Failed to save settings', 'error');
+          }
+        } catch (error) {
+          console.error('Error saving settings:', error);
+          showNotification('Failed to save settings. Please try again.', 'error');
+        } finally {
           saveBtn.innerHTML = originalText;
           saveBtn.disabled = false;
-          showNotification('Settings saved successfully!', 'success');
-        }, 1000);
+        }
       }
       
       function resetSettings() {
@@ -19601,7 +19737,7 @@ function renderDatabaseToolsSettings(settings) {
 
 // src/routes/admin-settings.ts
 var adminSettingsRoutes = new hono.Hono();
-adminSettingsRoutes.use("*", chunk4BJGEGX5_cjs.requireAuth());
+adminSettingsRoutes.use("*", chunkIM5SDXOE_cjs.requireAuth());
 function getMockSettings(user) {
   return {
     general: {
@@ -19663,15 +19799,20 @@ function getMockSettings(user) {
 adminSettingsRoutes.get("/", (c) => {
   return c.redirect("/admin/settings/general");
 });
-adminSettingsRoutes.get("/general", (c) => {
+adminSettingsRoutes.get("/general", async (c) => {
   const user = c.get("user");
+  const db = c.env.DB;
+  const settingsService = new chunkDOR2IU73_cjs.SettingsService(db);
+  const generalSettings = await settingsService.getGeneralSettings(user?.email);
+  const mockSettings = getMockSettings(user);
+  mockSettings.general = generalSettings;
   const pageData = {
     user: user ? {
       name: user.email,
       email: user.email,
       role: user.role
     } : void 0,
-    settings: getMockSettings(user),
+    settings: mockSettings,
     activeTab: "general",
     version: c.get("appVersion")
   };
@@ -19764,7 +19905,7 @@ adminSettingsRoutes.get("/database-tools", (c) => {
 adminSettingsRoutes.get("/api/migrations/status", async (c) => {
   try {
     const db = c.env.DB;
-    const migrationService = new chunkLEG4KNFP_cjs.MigrationService(db);
+    const migrationService = new chunk3JMOWGUU_cjs.MigrationService(db);
     const status = await migrationService.getMigrationStatus();
     return c.json({
       success: true,
@@ -19788,7 +19929,7 @@ adminSettingsRoutes.post("/api/migrations/run", async (c) => {
       }, 403);
     }
     const db = c.env.DB;
-    const migrationService = new chunkLEG4KNFP_cjs.MigrationService(db);
+    const migrationService = new chunk3JMOWGUU_cjs.MigrationService(db);
     const result = await migrationService.runPendingMigrations();
     return c.json({
       success: result.success,
@@ -19806,7 +19947,7 @@ adminSettingsRoutes.post("/api/migrations/run", async (c) => {
 adminSettingsRoutes.get("/api/migrations/validate", async (c) => {
   try {
     const db = c.env.DB;
-    const migrationService = new chunkLEG4KNFP_cjs.MigrationService(db);
+    const migrationService = new chunk3JMOWGUU_cjs.MigrationService(db);
     const validation = await migrationService.validateSchema();
     return c.json({
       success: true,
@@ -19952,28 +20093,55 @@ adminSettingsRoutes.post("/api/database-tools/truncate", async (c) => {
     }, 500);
   }
 });
-adminSettingsRoutes.post("/", async (c) => {
+adminSettingsRoutes.post("/general", async (c) => {
   try {
+    const user = c.get("user");
+    if (!user || user.role !== "admin") {
+      return c.json({
+        success: false,
+        error: "Unauthorized. Admin access required."
+      }, 403);
+    }
     const formData = await c.req.formData();
-    return c.html(html.html`
-      <div class="bg-green-100 border border-green-400 text-green-700 px-4 py-3 rounded">
-        Settings saved successfully!
-        <script>
-          setTimeout(() => {
-            showNotification('Settings saved successfully!', 'success');
-          }, 100);
-        </script>
-      </div>
-    `);
+    const db = c.env.DB;
+    const settingsService = new chunkDOR2IU73_cjs.SettingsService(db);
+    const settings = {
+      siteName: formData.get("siteName"),
+      siteDescription: formData.get("siteDescription"),
+      adminEmail: formData.get("adminEmail"),
+      timezone: formData.get("timezone"),
+      language: formData.get("language"),
+      maintenanceMode: formData.get("maintenanceMode") === "true"
+    };
+    if (!settings.siteName || !settings.siteDescription) {
+      return c.json({
+        success: false,
+        error: "Site name and description are required"
+      }, 400);
+    }
+    const success = await settingsService.saveGeneralSettings(settings);
+    if (success) {
+      return c.json({
+        success: true,
+        message: "General settings saved successfully!"
+      });
+    } else {
+      return c.json({
+        success: false,
+        error: "Failed to save settings"
+      }, 500);
+    }
   } catch (error) {
-    console.error("Error saving settings:", error);
-    return c.html(html.html`
-      <div class="bg-red-100 border border-red-400 text-red-700 px-4 py-3 rounded">
-        Failed to save settings. Please try again.
-      </div>
-    `);
+    console.error("Error saving general settings:", error);
+    return c.json({
+      success: false,
+      error: "Failed to save settings. Please try again."
+    }, 500);
   }
 });
+adminSettingsRoutes.post("/", async (c) => {
+  return c.redirect("/admin/settings/general");
+});
 
 // src/routes/index.ts
 var ROUTES_INFO = {
@@ -20023,5 +20191,5 @@ exports.api_system_default = api_system_default;
 exports.auth_default = auth_default;
 exports.router = router;
 exports.userRoutes = userRoutes;
-//# sourceMappingURL=chunk-RZW752PE.cjs.map
-//# sourceMappingURL=chunk-RZW752PE.cjs.map
+//# sourceMappingURL=chunk-NPWWR6RI.cjs.map
+//# sourceMappingURL=chunk-NPWWR6RI.cjs.map