@sonicjs-cms/core 2.15.0 → 2.16.0

package/dist/{chunk-26HYU7MX.cjs → chunk-6ENX7QSA.cjs}

@@ -1,13 +1,13 @@
 'use strict';
 
 var chunkNZWFCUDA_cjs = require('./chunk-NZWFCUDA.cjs');
-var chunkUFPT5KCQ_cjs = require('./chunk-UFPT5KCQ.cjs');
-var chunk43AB4EH4_cjs = require('./chunk-43AB4EH4.cjs');
-var chunkRVD7PLMU_cjs = require('./chunk-RVD7PLMU.cjs');
+var chunkCZ6BVQZX_cjs = require('./chunk-CZ6BVQZX.cjs');
+var chunkQ5VFZUXV_cjs = require('./chunk-Q5VFZUXV.cjs');
+var chunkOCLUXJ7E_cjs = require('./chunk-OCLUXJ7E.cjs');
 var chunkOHYBNCVL_cjs = require('./chunk-OHYBNCVL.cjs');
 var chunkUYJ6TJHX_cjs = require('./chunk-UYJ6TJHX.cjs');
 var chunk635JAMSE_cjs = require('./chunk-635JAMSE.cjs');
-var chunkVUISYUHY_cjs = require('./chunk-VUISYUHY.cjs');
+var chunkYQW2GCJ3_cjs = require('./chunk-YQW2GCJ3.cjs');
 var chunkRCQ2HIQD_cjs = require('./chunk-RCQ2HIQD.cjs');
 var chunkMNWKYY5E_cjs = require('./chunk-MNWKYY5E.cjs');
 var hono = require('hono');
@@ -189,7 +189,7 @@ apiContentCrudRoutes.get("/:id", async (c) => {
     }, 500);
   }
 });
-apiContentCrudRoutes.post("/", chunkUFPT5KCQ_cjs.requireAuth(), chunkUFPT5KCQ_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
+apiContentCrudRoutes.post("/", chunkCZ6BVQZX_cjs.requireAuth(), chunkCZ6BVQZX_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
   try {
     const db = c.env.DB;
     const user = c.get("user");
@@ -255,7 +255,7 @@ apiContentCrudRoutes.post("/", chunkUFPT5KCQ_cjs.requireAuth(), chunkUFPT5KCQ_cj
     }, 500);
   }
 });
-apiContentCrudRoutes.put("/:id", chunkUFPT5KCQ_cjs.requireAuth(), chunkUFPT5KCQ_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
+apiContentCrudRoutes.put("/:id", chunkCZ6BVQZX_cjs.requireAuth(), chunkCZ6BVQZX_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
   try {
     const id = c.req.param("id");
     const db = c.env.DB;
@@ -319,7 +319,7 @@ apiContentCrudRoutes.put("/:id", chunkUFPT5KCQ_cjs.requireAuth(), chunkUFPT5KCQ_
     }, 500);
   }
 });
-apiContentCrudRoutes.delete("/:id", chunkUFPT5KCQ_cjs.requireAuth(), chunkUFPT5KCQ_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
+apiContentCrudRoutes.delete("/:id", chunkCZ6BVQZX_cjs.requireAuth(), chunkCZ6BVQZX_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
   try {
     const id = c.req.param("id");
     const db = c.env.DB;
@@ -355,7 +355,7 @@ apiRoutes.use("*", async (c, next) => {
   c.header("X-Response-Time", `${totalTime}ms`);
 });
 apiRoutes.use("*", async (c, next) => {
-  const cacheEnabled = await chunkUFPT5KCQ_cjs.isPluginActive(c.env.DB, "core-cache");
+  const cacheEnabled = await chunkCZ6BVQZX_cjs.isPluginActive(c.env.DB, "core-cache");
   c.set("cacheEnabled", cacheEnabled);
   await next();
 });
@@ -846,7 +846,7 @@ apiRoutes.get("/collections", async (c) => {
     return c.json({ error: "Failed to fetch collections" }, 500);
   }
 });
-apiRoutes.get("/content", chunkUFPT5KCQ_cjs.optionalAuth(), async (c) => {
+apiRoutes.get("/content", chunkCZ6BVQZX_cjs.optionalAuth(), async (c) => {
   const executionStart = Date.now();
   try {
     const db = c.env.DB;
@@ -869,13 +869,13 @@ apiRoutes.get("/content", chunkUFPT5KCQ_cjs.optionalAuth(), async (c) => {
         });
       }
     }
-    const filter = chunkVUISYUHY_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
+    const filter = chunkYQW2GCJ3_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
     const normalizedFilter = normalizePublicContentFilter(filter, c.get("user")?.role);
     if (!normalizedFilter.limit) {
       normalizedFilter.limit = 50;
     }
     normalizedFilter.limit = Math.min(normalizedFilter.limit, 1e3);
-    const builder3 = new chunkVUISYUHY_cjs.QueryFilterBuilder();
+    const builder3 = new chunkYQW2GCJ3_cjs.QueryFilterBuilder();
     const queryResult = builder3.build("content", normalizedFilter);
     if (queryResult.errors.length > 0) {
       return c.json({
@@ -947,7 +947,7 @@ apiRoutes.get("/content", chunkUFPT5KCQ_cjs.optionalAuth(), async (c) => {
     }, 500);
   }
 });
-apiRoutes.get("/collections/:collection/content", chunkUFPT5KCQ_cjs.optionalAuth(), async (c) => {
+apiRoutes.get("/collections/:collection/content", chunkCZ6BVQZX_cjs.optionalAuth(), async (c) => {
   const executionStart = Date.now();
   try {
     const collection = c.req.param("collection");
@@ -958,7 +958,7 @@ apiRoutes.get("/collections/:collection/content", chunkUFPT5KCQ_cjs.optionalAuth
     if (!collectionResult) {
       return c.json({ error: "Collection not found" }, 404);
     }
-    const filter = chunkVUISYUHY_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
+    const filter = chunkYQW2GCJ3_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
     const normalizedFilter = normalizePublicContentFilter(filter, c.get("user")?.role);
     if (!normalizedFilter.where) {
       normalizedFilter.where = { and: [] };
@@ -975,7 +975,7 @@ apiRoutes.get("/collections/:collection/content", chunkUFPT5KCQ_cjs.optionalAuth
       normalizedFilter.limit = 50;
     }
     normalizedFilter.limit = Math.min(normalizedFilter.limit, 1e3);
-    const builder3 = new chunkVUISYUHY_cjs.QueryFilterBuilder();
+    const builder3 = new chunkYQW2GCJ3_cjs.QueryFilterBuilder();
     const queryResult = builder3.build("content", normalizedFilter);
     if (queryResult.errors.length > 0) {
       return c.json({
@@ -1096,7 +1096,7 @@ var fileValidationSchema = zod.z.object({
   // 50MB max
 });
 var apiMediaRoutes = new hono.Hono();
-apiMediaRoutes.use("*", chunkUFPT5KCQ_cjs.requireAuth());
+apiMediaRoutes.use("*", chunkCZ6BVQZX_cjs.requireAuth());
 apiMediaRoutes.post("/upload", async (c) => {
   try {
     const user = c.get("user");
@@ -1840,8 +1840,8 @@ apiSystemRoutes.get("/env", (c) => {
 });
 var api_system_default = apiSystemRoutes;
 var adminApiRoutes = new hono.Hono();
-adminApiRoutes.use("*", chunkUFPT5KCQ_cjs.requireAuth());
-adminApiRoutes.use("*", chunkUFPT5KCQ_cjs.requireRole(["admin", "editor"]));
+adminApiRoutes.use("*", chunkCZ6BVQZX_cjs.requireAuth());
+adminApiRoutes.use("*", chunkCZ6BVQZX_cjs.requireRole(["admin", "editor"]));
 adminApiRoutes.get("/stats", async (c) => {
   try {
     const db = c.env.DB;
@@ -2353,7 +2353,7 @@ adminApiRoutes.delete("/collections/:id", async (c) => {
 });
 adminApiRoutes.get("/migrations/status", async (c) => {
   try {
-    const { MigrationService: MigrationService2 } = await import('./migrations-APFGYCB6.cjs');
+    const { MigrationService: MigrationService2 } = await import('./migrations-SVQTT7NV.cjs');
     const db = c.env.DB;
     const migrationService = new MigrationService2(db);
     const status = await migrationService.getMigrationStatus();
@@ -2378,7 +2378,7 @@ adminApiRoutes.post("/migrations/run", async (c) => {
         error: "Unauthorized. Admin access required."
       }, 403);
     }
-    const { MigrationService: MigrationService2 } = await import('./migrations-APFGYCB6.cjs');
+    const { MigrationService: MigrationService2 } = await import('./migrations-SVQTT7NV.cjs');
     const db = c.env.DB;
     const migrationService = new MigrationService2(db);
     const result = await migrationService.runPendingMigrations();
@@ -2400,7 +2400,7 @@ adminApiRoutes.post("/migrations/run", async (c) => {
 });
 adminApiRoutes.get("/migrations/validate", async (c) => {
   try {
-    const { MigrationService: MigrationService2 } = await import('./migrations-APFGYCB6.cjs');
+    const { MigrationService: MigrationService2 } = await import('./migrations-SVQTT7NV.cjs');
     const db = c.env.DB;
     const migrationService = new MigrationService2(db);
     const validation = await migrationService.validateSchema();
@@ -5153,7 +5153,7 @@ var JWT_SECRET_FALLBACK = "your-super-secret-jwt-key-change-in-production";
 async function setCsrfCookie(c) {
   const secret = c.env?.JWT_SECRET || JWT_SECRET_FALLBACK;
   const isDev = c.env?.ENVIRONMENT === "development" || !c.env?.ENVIRONMENT;
-  const csrfToken = await chunkUFPT5KCQ_cjs.generateCsrfToken(secret);
+  const csrfToken = await chunkCZ6BVQZX_cjs.generateCsrfToken(secret);
   cookie.setCookie(c, "csrf_token", csrfToken, {
     httpOnly: false,
     secure: !isDev,
@@ -5210,7 +5210,7 @@ var loginSchema = zod.z.object({
 });
 authRoutes.post(
   "/register",
-  chunkUFPT5KCQ_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "register" }),
+  chunkCZ6BVQZX_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "register" }),
   async (c) => {
     try {
       const db = c.env.DB;
@@ -5247,7 +5247,7 @@ authRoutes.post(
       if (existingUser) {
         return c.json({ error: "User with this email or username already exists" }, 400);
       }
-      const passwordHash = await chunkUFPT5KCQ_cjs.AuthManager.hashPassword(password);
+      const passwordHash = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword(password);
       const userId = crypto.randomUUID();
       const now = /* @__PURE__ */ new Date();
       await db.prepare(`
@@ -5281,7 +5281,7 @@ authRoutes.post(
           await saveCustomData(db, userId, sanitized);
         }
       }
-      const token = await chunkUFPT5KCQ_cjs.AuthManager.generateToken(userId, normalizedEmail, "viewer", c.env.JWT_SECRET);
+      const token = await chunkCZ6BVQZX_cjs.AuthManager.generateToken(userId, normalizedEmail, "viewer", c.env.JWT_SECRET);
       cookie.setCookie(c, "auth_token", token, {
         httpOnly: true,
         secure: true,
@@ -5315,7 +5315,7 @@ authRoutes.post(
 );
 authRoutes.post(
   "/login",
-  chunkUFPT5KCQ_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "login" }),
+  chunkCZ6BVQZX_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "login" }),
   async (c) => {
     try {
       const body = await c.req.json();
@@ -5338,19 +5338,19 @@ authRoutes.post(
       if (!user) {
         return c.json({ error: "Invalid email or password" }, 401);
       }
-      const isValidPassword = await chunkUFPT5KCQ_cjs.AuthManager.verifyPassword(password, user.password_hash);
+      const isValidPassword = await chunkCZ6BVQZX_cjs.AuthManager.verifyPassword(password, user.password_hash);
       if (!isValidPassword) {
         return c.json({ error: "Invalid email or password" }, 401);
       }
-      if (chunkUFPT5KCQ_cjs.AuthManager.isLegacyHash(user.password_hash)) {
+      if (chunkCZ6BVQZX_cjs.AuthManager.isLegacyHash(user.password_hash)) {
         try {
-          const newHash = await chunkUFPT5KCQ_cjs.AuthManager.hashPassword(password);
+          const newHash = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword(password);
           await db.prepare("UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?").bind(newHash, Date.now(), user.id).run();
         } catch (rehashError) {
           console.error("Password rehash failed (non-fatal):", rehashError);
         }
       }
-      const token = await chunkUFPT5KCQ_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET);
+      const token = await chunkCZ6BVQZX_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET);
       cookie.setCookie(c, "auth_token", token, {
         httpOnly: true,
         secure: true,
@@ -5403,7 +5403,7 @@ authRoutes.get("/logout", (c) => {
   clearCsrfCookie(c);
   return c.redirect("/auth/login?message=You have been logged out successfully");
 });
-authRoutes.get("/me", chunkUFPT5KCQ_cjs.requireAuth(), async (c) => {
+authRoutes.get("/me", chunkCZ6BVQZX_cjs.requireAuth(), async (c) => {
   try {
     const user = c.get("user");
     if (!user) {
@@ -5420,13 +5420,13 @@ authRoutes.get("/me", chunkUFPT5KCQ_cjs.requireAuth(), async (c) => {
     return c.json({ error: "Failed to get user" }, 500);
   }
 });
-authRoutes.post("/refresh", chunkUFPT5KCQ_cjs.requireAuth(), async (c) => {
+authRoutes.post("/refresh", chunkCZ6BVQZX_cjs.requireAuth(), async (c) => {
   try {
     const user = c.get("user");
     if (!user) {
       return c.json({ error: "Not authenticated" }, 401);
     }
-    const token = await chunkUFPT5KCQ_cjs.AuthManager.generateToken(user.userId, user.email, user.role, c.env.JWT_SECRET);
+    const token = await chunkCZ6BVQZX_cjs.AuthManager.generateToken(user.userId, user.email, user.role, c.env.JWT_SECRET);
     cookie.setCookie(c, "auth_token", token, {
       httpOnly: true,
       secure: true,
@@ -5443,7 +5443,7 @@ authRoutes.post("/refresh", chunkUFPT5KCQ_cjs.requireAuth(), async (c) => {
 });
 authRoutes.post(
   "/register/form",
-  chunkUFPT5KCQ_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "register" }),
+  chunkCZ6BVQZX_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "register" }),
   async (c) => {
     try {
       const db = c.env.DB;
@@ -5490,7 +5490,7 @@ authRoutes.post(
         </div>
       `);
       }
-      const passwordHash = await chunkUFPT5KCQ_cjs.AuthManager.hashPassword(password);
+      const passwordHash = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword(password);
       const role = isFirstUser ? "admin" : "viewer";
       const userId = crypto.randomUUID();
       const now = /* @__PURE__ */ new Date();
@@ -5525,7 +5525,7 @@ authRoutes.post(
           await saveCustomData(db, userId, sanitized);
         }
       }
-      const token = await chunkUFPT5KCQ_cjs.AuthManager.generateToken(userId, normalizedEmail, role, c.env.JWT_SECRET);
+      const token = await chunkCZ6BVQZX_cjs.AuthManager.generateToken(userId, normalizedEmail, role, c.env.JWT_SECRET);
       cookie.setCookie(c, "auth_token", token, {
         httpOnly: true,
         secure: false,
@@ -5558,7 +5558,7 @@ authRoutes.post(
 );
 authRoutes.post(
   "/login/form",
-  chunkUFPT5KCQ_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "login" }),
+  chunkCZ6BVQZX_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "login" }),
   async (c) => {
     try {
       const formData = await c.req.formData();
@@ -5582,7 +5582,7 @@ authRoutes.post(
         </div>
       `);
       }
-      const isValidPassword = await chunkUFPT5KCQ_cjs.AuthManager.verifyPassword(password, user.password_hash);
+      const isValidPassword = await chunkCZ6BVQZX_cjs.AuthManager.verifyPassword(password, user.password_hash);
       if (!isValidPassword) {
         return c.html(html.html`
         <div class="bg-red-100 border border-red-400 text-red-700 px-4 py-3 rounded">
@@ -5590,15 +5590,15 @@ authRoutes.post(
         </div>
       `);
       }
-      if (chunkUFPT5KCQ_cjs.AuthManager.isLegacyHash(user.password_hash)) {
+      if (chunkCZ6BVQZX_cjs.AuthManager.isLegacyHash(user.password_hash)) {
         try {
-          const newHash = await chunkUFPT5KCQ_cjs.AuthManager.hashPassword(password);
+          const newHash = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword(password);
           await db.prepare("UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?").bind(newHash, Date.now(), user.id).run();
         } catch (rehashError) {
           console.error("Password rehash failed (non-fatal):", rehashError);
         }
       }
-      const token = await chunkUFPT5KCQ_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET);
+      const token = await chunkCZ6BVQZX_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET);
       cookie.setCookie(c, "auth_token", token, {
         httpOnly: true,
         secure: false,
@@ -5640,7 +5640,7 @@ authRoutes.post(
 );
 authRoutes.post(
   "/seed-admin",
-  chunkUFPT5KCQ_cjs.rateLimit({ max: 10, windowMs: 60 * 1e3, keyPrefix: "seed-admin" }),
+  chunkCZ6BVQZX_cjs.rateLimit({ max: 10, windowMs: 60 * 1e3, keyPrefix: "seed-admin" }),
   async (c) => {
     try {
       const db = c.env.DB;
@@ -5662,7 +5662,7 @@ authRoutes.post(
     `).run();
       const existingAdmin = await db.prepare("SELECT id FROM users WHERE email = ? OR username = ?").bind("admin@sonicjs.com", "admin").first();
       if (existingAdmin) {
-        const passwordHash2 = await chunkUFPT5KCQ_cjs.AuthManager.hashPassword("sonicjs!");
+        const passwordHash2 = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword("sonicjs!");
         await db.prepare("UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?").bind(passwordHash2, Date.now(), existingAdmin.id).run();
         return c.json({
           message: "Admin user already exists (password updated)",
@@ -5674,7 +5674,7 @@ authRoutes.post(
           }
         });
       }
-      const passwordHash = await chunkUFPT5KCQ_cjs.AuthManager.hashPassword("sonicjs!");
+      const passwordHash = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword("sonicjs!");
       const userId = "admin-user-id";
       const now = Date.now();
       const adminEmail = "admin@sonicjs.com".toLowerCase();
@@ -5895,7 +5895,7 @@ authRoutes.post("/accept-invitation", async (c) => {
     if (existingUsername) {
       return c.json({ error: "Username is already taken" }, 400);
     }
-    const passwordHash = await chunkUFPT5KCQ_cjs.AuthManager.hashPassword(password);
+    const passwordHash = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword(password);
     const updateStmt = db.prepare(`
       UPDATE users SET 
         username = ?,
@@ -5914,7 +5914,7 @@ authRoutes.post("/accept-invitation", async (c) => {
       Date.now(),
       invitedUser.id
     ).run();
-    const authToken = await chunkUFPT5KCQ_cjs.AuthManager.generateToken(invitedUser.id, invitedUser.email, invitedUser.role, c.env.JWT_SECRET);
+    const authToken = await chunkCZ6BVQZX_cjs.AuthManager.generateToken(invitedUser.id, invitedUser.email, invitedUser.role, c.env.JWT_SECRET);
     cookie.setCookie(c, "auth_token", authToken, {
       httpOnly: true,
       secure: true,
@@ -5931,7 +5931,7 @@ authRoutes.post("/accept-invitation", async (c) => {
 });
 authRoutes.post(
   "/request-password-reset",
-  chunkUFPT5KCQ_cjs.rateLimit({ max: 3, windowMs: 15 * 60 * 1e3, keyPrefix: "password-reset" }),
+  chunkCZ6BVQZX_cjs.rateLimit({ max: 3, windowMs: 15 * 60 * 1e3, keyPrefix: "password-reset" }),
   async (c) => {
     try {
       const formData = await c.req.formData();
@@ -6149,7 +6149,7 @@ authRoutes.post("/reset-password", async (c) => {
     if (Date.now() > user.password_reset_expires) {
       return c.json({ error: "Reset token has expired" }, 400);
     }
-    const newPasswordHash = await chunkUFPT5KCQ_cjs.AuthManager.hashPassword(password);
+    const newPasswordHash = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword(password);
     try {
       const historyStmt = db.prepare(`
         INSERT INTO password_history (id, user_id, password_hash, created_at)
@@ -9525,9 +9525,9 @@ function parseFieldValue(field, formData, options = {}) {
   const { skipValidation = false } = options;
   const value = formData.get(field.field_name);
   const errors = [];
-  const blocksConfig = chunkVUISYUHY_cjs.getBlocksFieldConfig(field.field_options);
+  const blocksConfig = chunkYQW2GCJ3_cjs.getBlocksFieldConfig(field.field_options);
   if (blocksConfig) {
-    const parsed = chunkVUISYUHY_cjs.parseBlocksValue(value, blocksConfig);
+    const parsed = chunkYQW2GCJ3_cjs.parseBlocksValue(value, blocksConfig);
     if (!skipValidation && field.is_required && parsed.value.length === 0) {
       parsed.errors.push(`${field.field_label} is required`);
     }
@@ -9637,7 +9637,7 @@ function extractFieldData(fields, formData, options = {}) {
   }
   return { data, errors };
 }
-adminContentRoutes.use("*", chunkUFPT5KCQ_cjs.requireAuth());
+adminContentRoutes.use("*", chunkCZ6BVQZX_cjs.requireAuth());
 async function getCollectionFields(db, collectionId) {
   const cache = chunkNZWFCUDA_cjs.getCacheService(chunkNZWFCUDA_cjs.CACHE_CONFIGS.collection);
   return cache.getOrSet(
@@ -9914,21 +9914,21 @@ adminContentRoutes.get("/new", async (c) => {
     const tinymceEnabled = await isPluginActive2(db, "tinymce-plugin");
     let tinymceSettings;
     if (tinymceEnabled) {
-      const pluginService = new chunk43AB4EH4_cjs.PluginService(db);
+      const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
       const tinymcePlugin2 = await pluginService.getPlugin("tinymce-plugin");
       tinymceSettings = tinymcePlugin2?.settings;
     }
     const quillEnabled = await isPluginActive2(db, "quill-editor");
     let quillSettings;
     if (quillEnabled) {
-      const pluginService = new chunk43AB4EH4_cjs.PluginService(db);
+      const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
       const quillPlugin = await pluginService.getPlugin("quill-editor");
       quillSettings = quillPlugin?.settings;
     }
     const mdxeditorEnabled = await isPluginActive2(db, "easy-mdx");
     let mdxeditorSettings;
     if (mdxeditorEnabled) {
-      const pluginService = new chunk43AB4EH4_cjs.PluginService(db);
+      const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
       const mdxeditorPlugin = await pluginService.getPlugin("easy-mdx");
       mdxeditorSettings = mdxeditorPlugin?.settings;
     }
@@ -10019,21 +10019,21 @@ adminContentRoutes.get("/:id/edit", async (c) => {
     const tinymceEnabled = await isPluginActive2(db, "tinymce-plugin");
     let tinymceSettings;
     if (tinymceEnabled) {
-      const pluginService = new chunk43AB4EH4_cjs.PluginService(db);
+      const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
       const tinymcePlugin2 = await pluginService.getPlugin("tinymce-plugin");
       tinymceSettings = tinymcePlugin2?.settings;
     }
     const quillEnabled = await isPluginActive2(db, "quill-editor");
     let quillSettings;
     if (quillEnabled) {
-      const pluginService = new chunk43AB4EH4_cjs.PluginService(db);
+      const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
       const quillPlugin = await pluginService.getPlugin("quill-editor");
       quillSettings = quillPlugin?.settings;
     }
     const mdxeditorEnabled = await isPluginActive2(db, "easy-mdx");
     let mdxeditorSettings;
     if (mdxeditorEnabled) {
-      const pluginService = new chunk43AB4EH4_cjs.PluginService(db);
+      const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
       const mdxeditorPlugin = await pluginService.getPlugin("easy-mdx");
       mdxeditorSettings = mdxeditorPlugin?.settings;
     }
@@ -10328,7 +10328,7 @@ adminContentRoutes.put("/:id", async (c) => {
     `);
   }
 });
-adminContentRoutes.post("/preview", chunkUFPT5KCQ_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
+adminContentRoutes.post("/preview", chunkCZ6BVQZX_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
   try {
     const formData = await c.req.formData();
     const collectionId = formData.get("collection_id");
@@ -10706,7 +10706,7 @@ adminContentRoutes.post("/:id/restore/:version", async (c) => {
     return c.json({ success: false, error: "Failed to restore version" });
   }
 });
-adminContentRoutes.get("/:id/version/:version/preview", chunkUFPT5KCQ_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
+adminContentRoutes.get("/:id/version/:version/preview", chunkCZ6BVQZX_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
   try {
     const id = c.req.param("id");
     const version = parseInt(c.req.param("version") || "0");
@@ -12707,14 +12707,14 @@ function renderUsersListPage(data) {
 
 // src/routes/admin-users.ts
 var userRoutes = new hono.Hono();
-userRoutes.use("*", chunkUFPT5KCQ_cjs.requireAuth());
-userRoutes.use("/users/*", chunkUFPT5KCQ_cjs.requireRole(["admin"]));
-userRoutes.use("/users", chunkUFPT5KCQ_cjs.requireRole(["admin"]));
-userRoutes.use("/invite-user", chunkUFPT5KCQ_cjs.requireRole(["admin"]));
-userRoutes.use("/resend-invitation/*", chunkUFPT5KCQ_cjs.requireRole(["admin"]));
-userRoutes.use("/cancel-invitation/*", chunkUFPT5KCQ_cjs.requireRole(["admin"]));
-userRoutes.use("/activity-logs", chunkUFPT5KCQ_cjs.requireRole(["admin"]));
-userRoutes.use("/activity-logs/*", chunkUFPT5KCQ_cjs.requireRole(["admin"]));
+userRoutes.use("*", chunkCZ6BVQZX_cjs.requireAuth());
+userRoutes.use("/users/*", chunkCZ6BVQZX_cjs.requireRole(["admin"]));
+userRoutes.use("/users", chunkCZ6BVQZX_cjs.requireRole(["admin"]));
+userRoutes.use("/invite-user", chunkCZ6BVQZX_cjs.requireRole(["admin"]));
+userRoutes.use("/resend-invitation/*", chunkCZ6BVQZX_cjs.requireRole(["admin"]));
+userRoutes.use("/cancel-invitation/*", chunkCZ6BVQZX_cjs.requireRole(["admin"]));
+userRoutes.use("/activity-logs", chunkCZ6BVQZX_cjs.requireRole(["admin"]));
+userRoutes.use("/activity-logs/*", chunkCZ6BVQZX_cjs.requireRole(["admin"]));
 userRoutes.get("/", (c) => {
   return c.redirect("/admin/dashboard");
 });
@@ -12884,7 +12884,7 @@ userRoutes.put("/profile", async (c) => {
       }
       await saveCustomData(db, user.userId, sanitized);
     }
-    await chunkUFPT5KCQ_cjs.logActivity(
+    await chunkCZ6BVQZX_cjs.logActivity(
       db,
       user.userId,
       "profile.update",
@@ -12947,7 +12947,7 @@ userRoutes.post("/profile/avatar", async (c) => {
       SELECT first_name, last_name FROM users WHERE id = ?
     `);
     const userData = await userStmt.bind(user.userId).first();
-    await chunkUFPT5KCQ_cjs.logActivity(
+    await chunkCZ6BVQZX_cjs.logActivity(
       db,
       user.userId,
       "profile.avatar_update",
@@ -13018,7 +13018,7 @@ userRoutes.post("/profile/password", async (c) => {
         dismissible: true
       }));
     }
-    const validPassword = await chunkUFPT5KCQ_cjs.AuthManager.verifyPassword(currentPassword, userData.password_hash);
+    const validPassword = await chunkCZ6BVQZX_cjs.AuthManager.verifyPassword(currentPassword, userData.password_hash);
     if (!validPassword) {
       return c.html(renderAlert2({
         type: "error",
@@ -13026,7 +13026,7 @@ userRoutes.post("/profile/password", async (c) => {
         dismissible: true
       }));
     }
-    const newPasswordHash = await chunkUFPT5KCQ_cjs.AuthManager.hashPassword(newPassword);
+    const newPasswordHash = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword(newPassword);
     const historyStmt = db.prepare(`
       INSERT INTO password_history (id, user_id, password_hash, created_at)
       VALUES (?, ?, ?, ?)
@@ -13042,7 +13042,7 @@ userRoutes.post("/profile/password", async (c) => {
       WHERE id = ?
     `);
     await updateStmt.bind(newPasswordHash, Date.now(), user.userId).run();
-    await chunkUFPT5KCQ_cjs.logActivity(
+    await chunkCZ6BVQZX_cjs.logActivity(
       db,
       user.userId,
       "profile.password_change",
@@ -13109,7 +13109,7 @@ userRoutes.get("/users", async (c) => {
     `);
     const countResult = await countStmt.bind(...params).first();
     const totalUsers = countResult?.total || 0;
-    await chunkUFPT5KCQ_cjs.logActivity(
+    await chunkCZ6BVQZX_cjs.logActivity(
       db,
       user.userId,
       "users.list_view",
@@ -13267,7 +13267,7 @@ userRoutes.post("/users/new", async (c) => {
         dismissible: true
       }));
     }
-    const passwordHash = await chunkUFPT5KCQ_cjs.AuthManager.hashPassword(password);
+    const passwordHash = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword(password);
     const userId = crypto.randomUUID();
     const createStmt = db.prepare(`
       INSERT INTO users (
@@ -13290,7 +13290,7 @@ userRoutes.post("/users/new", async (c) => {
       Date.now(),
       Date.now()
     ).run();
-    await chunkUFPT5KCQ_cjs.logActivity(
+    await chunkCZ6BVQZX_cjs.logActivity(
       db,
       user.userId,
       "user!.create",
@@ -13329,7 +13329,7 @@ userRoutes.get("/users/:id", async (c) => {
     if (!userRecord) {
       return c.json({ error: "User not found" }, 404);
     }
-    await chunkUFPT5KCQ_cjs.logActivity(
+    await chunkCZ6BVQZX_cjs.logActivity(
       db,
       user.userId,
       "user!.view",
@@ -13555,7 +13555,7 @@ userRoutes.put("/users/:id", async (c) => {
       userId
     ).run();
     if (newPassword) {
-      const passwordHash = await chunkUFPT5KCQ_cjs.AuthManager.hashPassword(newPassword);
+      const passwordHash = await chunkCZ6BVQZX_cjs.AuthManager.hashPassword(newPassword);
       const updatePasswordStmt = db.prepare(`
         UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?
       `);
@@ -13609,7 +13609,7 @@ userRoutes.put("/users/:id", async (c) => {
         ).run();
       }
     }
-    await chunkUFPT5KCQ_cjs.logActivity(
+    await chunkCZ6BVQZX_cjs.logActivity(
       db,
       user.userId,
       "user.update",
@@ -13654,7 +13654,7 @@ userRoutes.post("/users/:id/toggle", async (c) => {
       UPDATE users SET is_active = ?, updated_at = ? WHERE id = ?
     `);
     await toggleStmt.bind(active ? 1 : 0, Date.now(), userId).run();
-    await chunkUFPT5KCQ_cjs.logActivity(
+    await chunkCZ6BVQZX_cjs.logActivity(
       db,
       user.userId,
       active ? "user.activate" : "user.deactivate",
@@ -13695,7 +13695,7 @@ userRoutes.delete("/users/:id", async (c) => {
         DELETE FROM users WHERE id = ?
       `);
       await deleteStmt.bind(userId).run();
-      await chunkUFPT5KCQ_cjs.logActivity(
+      await chunkCZ6BVQZX_cjs.logActivity(
         db,
         user.userId,
         "user!.hard_delete",
@@ -13714,7 +13714,7 @@ userRoutes.delete("/users/:id", async (c) => {
         UPDATE users SET is_active = 0, updated_at = ? WHERE id = ?
       `);
       await deleteStmt.bind(Date.now(), userId).run();
-      await chunkUFPT5KCQ_cjs.logActivity(
+      await chunkCZ6BVQZX_cjs.logActivity(
         db,
         user.userId,
         "user!.soft_delete",
@@ -13780,7 +13780,7 @@ userRoutes.post("/invite-user", async (c) => {
       Date.now(),
       Date.now()
     ).run();
-    await chunkUFPT5KCQ_cjs.logActivity(
+    await chunkCZ6BVQZX_cjs.logActivity(
       db,
       user.userId,
       "user!.invite_sent",
@@ -13837,7 +13837,7 @@ userRoutes.post("/resend-invitation/:id", async (c) => {
       Date.now(),
       userId
     ).run();
-    await chunkUFPT5KCQ_cjs.logActivity(
+    await chunkCZ6BVQZX_cjs.logActivity(
       db,
       user.userId,
       "user!.invitation_resent",
@@ -13873,7 +13873,7 @@ userRoutes.delete("/cancel-invitation/:id", async (c) => {
     }
     const deleteStmt = db.prepare(`DELETE FROM users WHERE id = ?`);
     await deleteStmt.bind(userId).run();
-    await chunkUFPT5KCQ_cjs.logActivity(
+    await chunkCZ6BVQZX_cjs.logActivity(
       db,
       user.userId,
       "user!.invitation_cancelled",
@@ -13956,7 +13956,7 @@ userRoutes.get("/activity-logs", async (c) => {
       ...log,
       details: log.details ? JSON.parse(log.details) : null
     }));
-    await chunkUFPT5KCQ_cjs.logActivity(
+    await chunkCZ6BVQZX_cjs.logActivity(
       db,
       user.userId,
       "activity.logs_viewed",
@@ -14063,7 +14063,7 @@ userRoutes.get("/activity-logs/export", async (c) => {
       csvRows.push(row.join(","));
     }
     const csvContent = csvRows.join("\n");
-    await chunkUFPT5KCQ_cjs.logActivity(
+    await chunkCZ6BVQZX_cjs.logActivity(
       db,
       user.userId,
       "activity.logs_exported",
@@ -15402,7 +15402,7 @@ var fileValidationSchema2 = zod.z.object({
   // 50MB max
 });
 var adminMediaRoutes = new hono.Hono();
-adminMediaRoutes.use("*", chunkUFPT5KCQ_cjs.requireAuth());
+adminMediaRoutes.use("*", chunkCZ6BVQZX_cjs.requireAuth());
 adminMediaRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -15988,7 +15988,7 @@ adminMediaRoutes.put("/:id", async (c) => {
     `);
   }
 });
-adminMediaRoutes.delete("/cleanup", chunkUFPT5KCQ_cjs.requireRole("admin"), async (c) => {
+adminMediaRoutes.delete("/cleanup", chunkCZ6BVQZX_cjs.requireRole("admin"), async (c) => {
   try {
     const db = c.env.DB;
     const allMediaStmt = db.prepare("SELECT id, r2_key, filename FROM media WHERE deleted_at IS NULL");
@@ -18213,8 +18213,8 @@ function renderEmailSettingsContent(plugin, settings) {
 
 // src/routes/admin-plugins.ts
 var adminPluginRoutes = new hono.Hono();
-adminPluginRoutes.use("*", chunkUFPT5KCQ_cjs.requireAuth());
-var AVAILABLE_PLUGINS = Object.values(chunk43AB4EH4_cjs.PLUGIN_REGISTRY).map((p) => ({
+adminPluginRoutes.use("*", chunkCZ6BVQZX_cjs.requireAuth());
+var AVAILABLE_PLUGINS = Object.values(chunkQ5VFZUXV_cjs.PLUGIN_REGISTRY).map((p) => ({
   id: p.id,
   name: p.codeName,
   display_name: p.displayName,
@@ -18234,7 +18234,7 @@ adminPluginRoutes.get("/", async (c) => {
     if (user?.role !== "admin") {
       return c.text("Access denied", 403);
     }
-    const pluginService = new chunk43AB4EH4_cjs.PluginService(db);
+    const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
     let installedPlugins = [];
     let stats = { total: 0, active: 0, inactive: 0, errors: 0, uninstalled: 0 };
     try {
@@ -18306,7 +18306,7 @@ adminPluginRoutes.get("/:id", async (c) => {
     if (user?.role !== "admin") {
       return c.redirect("/admin/plugins");
     }
-    const pluginService = new chunk43AB4EH4_cjs.PluginService(db);
+    const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
     const plugin = await pluginService.getPlugin(pluginId);
     if (!plugin) {
       return c.text("Plugin not found", 404);
@@ -18382,7 +18382,7 @@ adminPluginRoutes.post("/:id/activate", async (c) => {
     if (user?.role !== "admin") {
       return c.json({ error: "Access denied" }, 403);
     }
-    const pluginService = new chunk43AB4EH4_cjs.PluginService(db);
+    const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
     await pluginService.activatePlugin(pluginId);
     return c.json({ success: true });
   } catch (error) {
@@ -18399,7 +18399,7 @@ adminPluginRoutes.post("/:id/deactivate", async (c) => {
     if (user?.role !== "admin") {
       return c.json({ error: "Access denied" }, 403);
     }
-    const pluginService = new chunk43AB4EH4_cjs.PluginService(db);
+    const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
     await pluginService.deactivatePlugin(pluginId);
     return c.json({ success: true });
   } catch (error) {
@@ -18416,8 +18416,8 @@ adminPluginRoutes.post("/install", async (c) => {
       return c.json({ error: "Access denied" }, 403);
     }
     const body = await c.req.json();
-    const pluginService = new chunk43AB4EH4_cjs.PluginService(db);
-    const registryEntry = chunk43AB4EH4_cjs.findPluginByCodeName(body.name) || chunk43AB4EH4_cjs.PLUGIN_REGISTRY[body.name] || chunk43AB4EH4_cjs.PLUGIN_REGISTRY[body.id];
+    const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
+    const registryEntry = chunkQ5VFZUXV_cjs.findPluginByCodeName(body.name) || chunkQ5VFZUXV_cjs.PLUGIN_REGISTRY[body.name] || chunkQ5VFZUXV_cjs.PLUGIN_REGISTRY[body.id];
     if (!registryEntry) {
       return c.json({ error: "Plugin not found in registry" }, 404);
     }
@@ -18450,7 +18450,7 @@ adminPluginRoutes.post("/:id/uninstall", async (c) => {
     if (user?.role !== "admin") {
       return c.json({ error: "Access denied" }, 403);
     }
-    const pluginService = new chunk43AB4EH4_cjs.PluginService(db);
+    const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
     await pluginService.uninstallPlugin(pluginId);
     return c.json({ success: true });
   } catch (error) {
@@ -18468,7 +18468,7 @@ adminPluginRoutes.post("/:id/settings", async (c) => {
       return c.json({ error: "Access denied" }, 403);
     }
     const settings = await c.req.json();
-    const pluginService = new chunk43AB4EH4_cjs.PluginService(db);
+    const pluginService = new chunkQ5VFZUXV_cjs.PluginService(db);
     await pluginService.updatePluginSettings(pluginId, settings);
     if (pluginId === "core-auth") {
       try {
@@ -19276,7 +19276,7 @@ function renderLogConfigPage(data) {
 
 // src/routes/admin-logs.ts
 var adminLogsRoutes = new hono.Hono();
-adminLogsRoutes.use("*", chunkUFPT5KCQ_cjs.requireAuth());
+adminLogsRoutes.use("*", chunkCZ6BVQZX_cjs.requireAuth());
 adminLogsRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -21604,9 +21604,9 @@ function renderStorageUsage(databaseSizeBytes, mediaSizeBytes) {
 }
 
 // src/routes/admin-dashboard.ts
-var VERSION = chunkVUISYUHY_cjs.getCoreVersion();
+var VERSION = chunkYQW2GCJ3_cjs.getCoreVersion();
 var router = new hono.Hono();
-router.use("*", chunkUFPT5KCQ_cjs.requireAuth());
+router.use("*", chunkCZ6BVQZX_cjs.requireAuth());
 router.get("/", async (c) => {
   const user = c.get("user");
   try {
@@ -23425,10 +23425,10 @@ function renderCollectionFormPage(data) {
 
 // src/routes/admin-collections.ts
 var adminCollectionsRoutes = new hono.Hono();
-adminCollectionsRoutes.use("*", chunkUFPT5KCQ_cjs.requireAuth());
-adminCollectionsRoutes.post("*", chunkUFPT5KCQ_cjs.requireRole(["admin"]));
-adminCollectionsRoutes.put("*", chunkUFPT5KCQ_cjs.requireRole(["admin"]));
-adminCollectionsRoutes.delete("*", chunkUFPT5KCQ_cjs.requireRole(["admin"]));
+adminCollectionsRoutes.use("*", chunkCZ6BVQZX_cjs.requireAuth());
+adminCollectionsRoutes.post("*", chunkCZ6BVQZX_cjs.requireRole(["admin"]));
+adminCollectionsRoutes.put("*", chunkCZ6BVQZX_cjs.requireRole(["admin"]));
+adminCollectionsRoutes.delete("*", chunkCZ6BVQZX_cjs.requireRole(["admin"]));
 adminCollectionsRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -25624,7 +25624,7 @@ function renderDatabaseToolsSettings(settings) {
 
 // src/routes/admin-settings.ts
 var adminSettingsRoutes = new hono.Hono();
-adminSettingsRoutes.use("*", chunkUFPT5KCQ_cjs.requireAuth());
+adminSettingsRoutes.use("*", chunkCZ6BVQZX_cjs.requireAuth());
 function getMockSettings(user) {
   return {
     general: {
@@ -25792,7 +25792,7 @@ adminSettingsRoutes.get("/database-tools", (c) => {
 adminSettingsRoutes.get("/api/migrations/status", async (c) => {
   try {
     const db = c.env.DB;
-    const migrationService = new chunkRVD7PLMU_cjs.MigrationService(db);
+    const migrationService = new chunkOCLUXJ7E_cjs.MigrationService(db);
     const status = await migrationService.getMigrationStatus();
     return c.json({
       success: true,
@@ -25816,7 +25816,7 @@ adminSettingsRoutes.post("/api/migrations/run", async (c) => {
       }, 403);
     }
     const db = c.env.DB;
-    const migrationService = new chunkRVD7PLMU_cjs.MigrationService(db);
+    const migrationService = new chunkOCLUXJ7E_cjs.MigrationService(db);
     const result = await migrationService.runPendingMigrations();
     return c.json({
       success: result.success,
@@ -25834,7 +25834,7 @@ adminSettingsRoutes.post("/api/migrations/run", async (c) => {
 adminSettingsRoutes.get("/api/migrations/validate", async (c) => {
   try {
     const db = c.env.DB;
-    const migrationService = new chunkRVD7PLMU_cjs.MigrationService(db);
+    const migrationService = new chunkOCLUXJ7E_cjs.MigrationService(db);
     const validation = await migrationService.validateSchema();
     return c.json({
       success: true,
@@ -27724,7 +27724,7 @@ function renderFormCreatePage(data) {
 
 // src/routes/admin-forms.ts
 var adminFormsRoutes = new hono.Hono();
-adminFormsRoutes.use("*", chunkUFPT5KCQ_cjs.requireAuth());
+adminFormsRoutes.use("*", chunkCZ6BVQZX_cjs.requireAuth());
 adminFormsRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -28529,7 +28529,7 @@ publicFormsRoutes.post("/:identifier/submit", async (c) => {
     `).bind(now, form.id).run();
     let contentId = null;
     try {
-      contentId = await chunk43AB4EH4_cjs.createContentFromSubmission(
+      contentId = await chunkQ5VFZUXV_cjs.createContentFromSubmission(
         db,
         sanitizedData,
         { id: form.id, name: form.name, display_name: form.display_name },
@@ -28897,9 +28897,9 @@ function renderAPIReferencePage(data) {
 }
 
 // src/routes/admin-api-reference.ts
-var VERSION2 = chunkVUISYUHY_cjs.getCoreVersion();
+var VERSION2 = chunkYQW2GCJ3_cjs.getCoreVersion();
 var router2 = new hono.Hono();
-router2.use("*", chunkUFPT5KCQ_cjs.requireAuth());
+router2.use("*", chunkCZ6BVQZX_cjs.requireAuth());
 router2.get("/", async (c) => {
   const user = c.get("user");
   try {
@@ -28990,5 +28990,5 @@ exports.router2 = router2;
 exports.test_cleanup_default = test_cleanup_default;
 exports.userProfilesPlugin = userProfilesPlugin;
 exports.userRoutes = userRoutes;
-//# sourceMappingURL=chunk-26HYU7MX.cjs.map
-//# sourceMappingURL=chunk-26HYU7MX.cjs.map
+//# sourceMappingURL=chunk-6ENX7QSA.cjs.map
+//# sourceMappingURL=chunk-6ENX7QSA.cjs.map