@sonicjs-cms/core 2.18.0 → 2.19.0

package/dist/{chunk-LTJ7P7RT.cjs → chunk-R4FOLLFB.cjs}

@@ -1,13 +1,13 @@
 'use strict';
 
 var chunkWAEQXGCX_cjs = require('./chunk-WAEQXGCX.cjs');
-var chunk3XP76LM7_cjs = require('./chunk-3XP76LM7.cjs');
-var chunk56PLLVDG_cjs = require('./chunk-56PLLVDG.cjs');
-var chunkDAESIIWY_cjs = require('./chunk-DAESIIWY.cjs');
+var chunk7A4CB7T3_cjs = require('./chunk-7A4CB7T3.cjs');
+var chunkE4YFJBM2_cjs = require('./chunk-E4YFJBM2.cjs');
+var chunkRLMUFFUD_cjs = require('./chunk-RLMUFFUD.cjs');
 var chunkOHYBNCVL_cjs = require('./chunk-OHYBNCVL.cjs');
 var chunkUYJ6TJHX_cjs = require('./chunk-UYJ6TJHX.cjs');
 var chunk635JAMSE_cjs = require('./chunk-635JAMSE.cjs');
-var chunk74BFRAQS_cjs = require('./chunk-74BFRAQS.cjs');
+var chunkJZVHLLSI_cjs = require('./chunk-JZVHLLSI.cjs');
 var chunkRCQ2HIQD_cjs = require('./chunk-RCQ2HIQD.cjs');
 var chunkMNWKYY5E_cjs = require('./chunk-MNWKYY5E.cjs');
 var hono = require('hono');
@@ -189,7 +189,7 @@ apiContentCrudRoutes.get("/:id", async (c) => {
     }, 500);
   }
 });
-apiContentCrudRoutes.post("/", chunk3XP76LM7_cjs.requireAuth(), chunk3XP76LM7_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
+apiContentCrudRoutes.post("/", chunk7A4CB7T3_cjs.requireAuth(), chunk7A4CB7T3_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
   try {
     const db = c.env.DB;
     const user = c.get("user");
@@ -255,7 +255,7 @@ apiContentCrudRoutes.post("/", chunk3XP76LM7_cjs.requireAuth(), chunk3XP76LM7_cj
     }, 500);
   }
 });
-apiContentCrudRoutes.put("/:id", chunk3XP76LM7_cjs.requireAuth(), chunk3XP76LM7_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
+apiContentCrudRoutes.put("/:id", chunk7A4CB7T3_cjs.requireAuth(), chunk7A4CB7T3_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
   try {
     const id = c.req.param("id");
     const db = c.env.DB;
@@ -319,7 +319,7 @@ apiContentCrudRoutes.put("/:id", chunk3XP76LM7_cjs.requireAuth(), chunk3XP76LM7_
     }, 500);
   }
 });
-apiContentCrudRoutes.delete("/:id", chunk3XP76LM7_cjs.requireAuth(), chunk3XP76LM7_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
+apiContentCrudRoutes.delete("/:id", chunk7A4CB7T3_cjs.requireAuth(), chunk7A4CB7T3_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
   try {
     const id = c.req.param("id");
     const db = c.env.DB;
@@ -355,7 +355,7 @@ apiRoutes.use("*", async (c, next) => {
   c.header("X-Response-Time", `${totalTime}ms`);
 });
 apiRoutes.use("*", async (c, next) => {
-  const cacheEnabled = await chunk3XP76LM7_cjs.isPluginActive(c.env.DB, "core-cache");
+  const cacheEnabled = await chunk7A4CB7T3_cjs.isPluginActive(c.env.DB, "core-cache");
   c.set("cacheEnabled", cacheEnabled);
   await next();
 });
@@ -846,7 +846,7 @@ apiRoutes.get("/collections", async (c) => {
     return c.json({ error: "Failed to fetch collections" }, 500);
   }
 });
-apiRoutes.get("/content", chunk3XP76LM7_cjs.optionalAuth(), async (c) => {
+apiRoutes.get("/content", chunk7A4CB7T3_cjs.optionalAuth(), async (c) => {
   const executionStart = Date.now();
   try {
     const db = c.env.DB;
@@ -869,13 +869,13 @@ apiRoutes.get("/content", chunk3XP76LM7_cjs.optionalAuth(), async (c) => {
         });
       }
     }
-    const filter = chunk74BFRAQS_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
+    const filter = chunkJZVHLLSI_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
     const normalizedFilter = normalizePublicContentFilter(filter, c.get("user")?.role);
     if (!normalizedFilter.limit) {
       normalizedFilter.limit = 50;
     }
     normalizedFilter.limit = Math.min(normalizedFilter.limit, 1e3);
-    const builder3 = new chunk74BFRAQS_cjs.QueryFilterBuilder();
+    const builder3 = new chunkJZVHLLSI_cjs.QueryFilterBuilder();
     const queryResult = builder3.build("content", normalizedFilter);
     if (queryResult.errors.length > 0) {
       return c.json({
@@ -947,7 +947,7 @@ apiRoutes.get("/content", chunk3XP76LM7_cjs.optionalAuth(), async (c) => {
     }, 500);
   }
 });
-apiRoutes.get("/collections/:collection/content", chunk3XP76LM7_cjs.optionalAuth(), async (c) => {
+apiRoutes.get("/collections/:collection/content", chunk7A4CB7T3_cjs.optionalAuth(), async (c) => {
   const executionStart = Date.now();
   try {
     const collection = c.req.param("collection");
@@ -958,7 +958,7 @@ apiRoutes.get("/collections/:collection/content", chunk3XP76LM7_cjs.optionalAuth
     if (!collectionResult) {
       return c.json({ error: "Collection not found" }, 404);
     }
-    const filter = chunk74BFRAQS_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
+    const filter = chunkJZVHLLSI_cjs.QueryFilterBuilder.parseFromQuery(queryParams);
     const normalizedFilter = normalizePublicContentFilter(filter, c.get("user")?.role);
     if (!normalizedFilter.where) {
       normalizedFilter.where = { and: [] };
@@ -975,7 +975,7 @@ apiRoutes.get("/collections/:collection/content", chunk3XP76LM7_cjs.optionalAuth
       normalizedFilter.limit = 50;
     }
     normalizedFilter.limit = Math.min(normalizedFilter.limit, 1e3);
-    const builder3 = new chunk74BFRAQS_cjs.QueryFilterBuilder();
+    const builder3 = new chunkJZVHLLSI_cjs.QueryFilterBuilder();
     const queryResult = builder3.build("content", normalizedFilter);
     if (queryResult.errors.length > 0) {
       return c.json({
@@ -1096,7 +1096,7 @@ var fileValidationSchema = zod.z.object({
   // 50MB max
 });
 var apiMediaRoutes = new hono.Hono();
-apiMediaRoutes.use("*", chunk3XP76LM7_cjs.requireAuth());
+apiMediaRoutes.use("*", chunk7A4CB7T3_cjs.requireAuth());
 apiMediaRoutes.post("/upload", async (c) => {
   try {
     const user = c.get("user");
@@ -1840,8 +1840,8 @@ apiSystemRoutes.get("/env", (c) => {
 });
 var api_system_default = apiSystemRoutes;
 var adminApiRoutes = new hono.Hono();
-adminApiRoutes.use("*", chunk3XP76LM7_cjs.requireAuth());
-adminApiRoutes.use("*", chunk3XP76LM7_cjs.requireRole(["admin", "editor"]));
+adminApiRoutes.use("*", chunk7A4CB7T3_cjs.requireAuth());
+adminApiRoutes.use("*", chunk7A4CB7T3_cjs.requireRole(["admin", "editor"]));
 adminApiRoutes.get("/stats", async (c) => {
   try {
     const db = c.env.DB;
@@ -2353,7 +2353,7 @@ adminApiRoutes.delete("/collections/:id", async (c) => {
 });
 adminApiRoutes.get("/migrations/status", async (c) => {
   try {
-    const { MigrationService: MigrationService2 } = await import('./migrations-CW2IT5YP.cjs');
+    const { MigrationService: MigrationService2 } = await import('./migrations-566IIPS2.cjs');
     const db = c.env.DB;
     const migrationService = new MigrationService2(db);
     const status = await migrationService.getMigrationStatus();
@@ -2378,7 +2378,7 @@ adminApiRoutes.post("/migrations/run", async (c) => {
         error: "Unauthorized. Admin access required."
       }, 403);
     }
-    const { MigrationService: MigrationService2 } = await import('./migrations-CW2IT5YP.cjs');
+    const { MigrationService: MigrationService2 } = await import('./migrations-566IIPS2.cjs');
     const db = c.env.DB;
     const migrationService = new MigrationService2(db);
     const result = await migrationService.runPendingMigrations();
@@ -2400,7 +2400,7 @@ adminApiRoutes.post("/migrations/run", async (c) => {
 });
 adminApiRoutes.get("/migrations/validate", async (c) => {
   try {
-    const { MigrationService: MigrationService2 } = await import('./migrations-CW2IT5YP.cjs');
+    const { MigrationService: MigrationService2 } = await import('./migrations-566IIPS2.cjs');
     const db = c.env.DB;
     const migrationService = new MigrationService2(db);
     const validation = await migrationService.validateSchema();
@@ -3745,13 +3745,15 @@ function renderDynamicField(field, options = {}) {
       break;
     case "media":
       const isMultiple = opts.multiple === true;
-      const mediaValues = isMultiple && value ? Array.isArray(value) ? value : String(value).split(",").filter(Boolean) : [];
-      const singleValue = !isMultiple ? value : "";
+      const mediaValues = isMultiple && value ? Array.isArray(value) ? value.filter((url) => typeof url === "string" && url !== "") : String(value).split(",").filter(Boolean) : [];
+      const singleValue = !isMultiple && typeof value === "string" ? value : "";
       const isVideoUrl = (url) => {
+        if (typeof url !== "string") return false;
         const videoExtensions = [".mp4", ".webm", ".ogg", ".mov", ".avi"];
         return videoExtensions.some((ext) => url.toLowerCase().endsWith(ext));
       };
       const renderMediaPreview = (url, alt, classes) => {
+        if (typeof url !== "string" || url === "") return "";
         if (isVideoUrl(url)) {
           return `<video src="${url}" class="${classes}" muted></video>`;
         }
@@ -4123,7 +4125,8 @@ function renderStructuredItemFields(field, itemConfig, index, itemValue, pluginS
     ).join("");
   }
   const normalizedField = normalizeBlockField(itemConfig, "Item");
-  const fieldValue = itemValue ?? normalizedField.defaultValue ?? "";
+  const isEmptyPlainObject = itemValue !== null && typeof itemValue === "object" && !Array.isArray(itemValue) && Object.keys(itemValue).length === 0;
+  const fieldValue = isEmptyPlainObject ? normalizedField.defaultValue ?? "" : itemValue ?? normalizedField.defaultValue ?? "";
   const fieldDefinition = {
     id: `array-${field.field_name}-${index}-value`,
     field_name: `array-${field.field_name}-${index}-value`,
@@ -5153,8 +5156,8 @@ var JWT_SECRET_FALLBACK = "your-super-secret-jwt-key-change-in-production";
 async function setCsrfCookie(c, maxAge) {
   const secret = c.env?.JWT_SECRET || JWT_SECRET_FALLBACK;
   const isDev = c.env?.ENVIRONMENT === "development" || !c.env?.ENVIRONMENT;
-  const csrfToken = await chunk3XP76LM7_cjs.generateCsrfToken(secret);
-  const cookieMaxAge = await chunk3XP76LM7_cjs.getJwtExpirySecondsFromDb(c.env?.DB, c.env);
+  const csrfToken = await chunk7A4CB7T3_cjs.generateCsrfToken(secret);
+  const cookieMaxAge = await chunk7A4CB7T3_cjs.getJwtExpirySecondsFromDb(c.env?.DB, c.env);
   cookie.setCookie(c, "csrf_token", csrfToken, {
     httpOnly: false,
     secure: !isDev,
@@ -5211,7 +5214,7 @@ var loginSchema = zod.z.object({
 });
 authRoutes.post(
   "/register",
-  chunk3XP76LM7_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "register" }),
+  chunk7A4CB7T3_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "register" }),
   async (c) => {
     try {
       const db = c.env.DB;
@@ -5248,7 +5251,7 @@ authRoutes.post(
       if (existingUser) {
         return c.json({ error: "User with this email or username already exists" }, 400);
       }
-      const passwordHash = await chunk3XP76LM7_cjs.AuthManager.hashPassword(password);
+      const passwordHash = await chunk7A4CB7T3_cjs.AuthManager.hashPassword(password);
       const userId = crypto.randomUUID();
       const now = /* @__PURE__ */ new Date();
       await db.prepare(`
@@ -5282,8 +5285,8 @@ authRoutes.post(
           await saveCustomData(db, userId, sanitized);
         }
       }
-      const tokenTtl = await chunk3XP76LM7_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
-      const token = await chunk3XP76LM7_cjs.AuthManager.generateToken(userId, normalizedEmail, "viewer", c.env.JWT_SECRET, tokenTtl);
+      const tokenTtl = await chunk7A4CB7T3_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
+      const token = await chunk7A4CB7T3_cjs.AuthManager.generateToken(userId, normalizedEmail, "viewer", c.env.JWT_SECRET, tokenTtl);
       cookie.setCookie(c, "auth_token", token, {
         httpOnly: true,
         secure: true,
@@ -5316,7 +5319,7 @@ authRoutes.post(
 );
 authRoutes.post(
   "/login",
-  chunk3XP76LM7_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "login" }),
+  chunk7A4CB7T3_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "login" }),
   async (c) => {
     try {
       const body = await c.req.json();
@@ -5339,20 +5342,20 @@ authRoutes.post(
       if (!user) {
         return c.json({ error: "Invalid email or password" }, 401);
       }
-      const isValidPassword = await chunk3XP76LM7_cjs.AuthManager.verifyPassword(password, user.password_hash);
+      const isValidPassword = await chunk7A4CB7T3_cjs.AuthManager.verifyPassword(password, user.password_hash);
       if (!isValidPassword) {
         return c.json({ error: "Invalid email or password" }, 401);
       }
-      if (chunk3XP76LM7_cjs.AuthManager.isLegacyHash(user.password_hash)) {
+      if (chunk7A4CB7T3_cjs.AuthManager.isLegacyHash(user.password_hash)) {
         try {
-          const newHash = await chunk3XP76LM7_cjs.AuthManager.hashPassword(password);
+          const newHash = await chunk7A4CB7T3_cjs.AuthManager.hashPassword(password);
           await db.prepare("UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?").bind(newHash, Date.now(), user.id).run();
         } catch (rehashError) {
           console.error("Password rehash failed (non-fatal):", rehashError);
         }
       }
-      const tokenTtl = await chunk3XP76LM7_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
-      const token = await chunk3XP76LM7_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET, tokenTtl);
+      const tokenTtl = await chunk7A4CB7T3_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
+      const token = await chunk7A4CB7T3_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET, tokenTtl);
       cookie.setCookie(c, "auth_token", token, {
         httpOnly: true,
         secure: true,
@@ -5404,7 +5407,7 @@ authRoutes.get("/logout", (c) => {
   clearCsrfCookie(c);
   return c.redirect("/auth/login?message=You have been logged out successfully");
 });
-authRoutes.get("/me", chunk3XP76LM7_cjs.requireAuth(), async (c) => {
+authRoutes.get("/me", chunk7A4CB7T3_cjs.requireAuth(), async (c) => {
   try {
     const user = c.get("user");
     if (!user) {
@@ -5415,7 +5418,8 @@ authRoutes.get("/me", chunk3XP76LM7_cjs.requireAuth(), async (c) => {
     if (!userData) {
       return c.json({ error: "User not found" }, 404);
     }
-    return c.json({ user: userData });
+    const customData = await getCustomData(db, user.userId);
+    return c.json({ user: { ...userData, ...customData } });
   } catch (error) {
     console.error("Get user error:", error);
     return c.json({ error: "Failed to get user" }, 500);
@@ -5423,7 +5427,7 @@ authRoutes.get("/me", chunk3XP76LM7_cjs.requireAuth(), async (c) => {
 });
 authRoutes.post(
   "/refresh",
-  chunk3XP76LM7_cjs.rateLimit({ max: 60, windowMs: 60 * 1e3, keyPrefix: "refresh" }),
+  chunk7A4CB7T3_cjs.rateLimit({ max: 60, windowMs: 60 * 1e3, keyPrefix: "refresh" }),
   async (c) => {
     try {
       let token = c.req.header("Authorization")?.replace("Bearer ", "");
@@ -5432,8 +5436,8 @@ authRoutes.post(
         return c.json({ error: "Authentication required" }, 401);
       }
       const db = c.env.DB;
-      const grace = await chunk3XP76LM7_cjs.getJwtRefreshGraceSecondsFromDb(db, c.env);
-      const payload = await chunk3XP76LM7_cjs.AuthManager.verifyToken(token, c.env.JWT_SECRET, grace);
+      const grace = await chunk7A4CB7T3_cjs.getJwtRefreshGraceSecondsFromDb(db, c.env);
+      const payload = await chunk7A4CB7T3_cjs.AuthManager.verifyToken(token, c.env.JWT_SECRET, grace);
       if (!payload) {
         return c.json({ error: "Invalid or expired token" }, 401);
       }
@@ -5441,8 +5445,8 @@ authRoutes.post(
       if (!row || !row.is_active) {
         return c.json({ error: "User is not active" }, 401);
       }
-      const tokenTtl = await chunk3XP76LM7_cjs.getJwtExpirySecondsFromDb(db, c.env);
-      const newToken = await chunk3XP76LM7_cjs.AuthManager.generateToken(row.id, row.email, row.role, c.env.JWT_SECRET, tokenTtl);
+      const tokenTtl = await chunk7A4CB7T3_cjs.getJwtExpirySecondsFromDb(db, c.env);
+      const newToken = await chunk7A4CB7T3_cjs.AuthManager.generateToken(row.id, row.email, row.role, c.env.JWT_SECRET, tokenTtl);
       cookie.setCookie(c, "auth_token", newToken, {
         httpOnly: true,
         secure: true,
@@ -5462,7 +5466,7 @@ authRoutes.post(
 );
 authRoutes.post(
   "/register/form",
-  chunk3XP76LM7_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "register" }),
+  chunk7A4CB7T3_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "register" }),
   async (c) => {
     try {
       const db = c.env.DB;
@@ -5509,7 +5513,7 @@ authRoutes.post(
         </div>
       `);
       }
-      const passwordHash = await chunk3XP76LM7_cjs.AuthManager.hashPassword(password);
+      const passwordHash = await chunk7A4CB7T3_cjs.AuthManager.hashPassword(password);
       const role = isFirstUser ? "admin" : "viewer";
       const userId = crypto.randomUUID();
       const now = /* @__PURE__ */ new Date();
@@ -5544,8 +5548,8 @@ authRoutes.post(
           await saveCustomData(db, userId, sanitized);
         }
       }
-      const tokenTtl = await chunk3XP76LM7_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
-      const token = await chunk3XP76LM7_cjs.AuthManager.generateToken(userId, normalizedEmail, role, c.env.JWT_SECRET, tokenTtl);
+      const tokenTtl = await chunk7A4CB7T3_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
+      const token = await chunk7A4CB7T3_cjs.AuthManager.generateToken(userId, normalizedEmail, role, c.env.JWT_SECRET, tokenTtl);
       cookie.setCookie(c, "auth_token", token, {
         httpOnly: true,
         secure: false,
@@ -5577,7 +5581,7 @@ authRoutes.post(
 );
 authRoutes.post(
   "/login/form",
-  chunk3XP76LM7_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "login" }),
+  chunk7A4CB7T3_cjs.rateLimit({ max: 30, windowMs: 60 * 1e3, keyPrefix: "login" }),
   async (c) => {
     try {
       const formData = await c.req.formData();
@@ -5601,7 +5605,7 @@ authRoutes.post(
         </div>
       `);
       }
-      const isValidPassword = await chunk3XP76LM7_cjs.AuthManager.verifyPassword(password, user.password_hash);
+      const isValidPassword = await chunk7A4CB7T3_cjs.AuthManager.verifyPassword(password, user.password_hash);
       if (!isValidPassword) {
         return c.html(html.html`
         <div class="bg-red-100 border border-red-400 text-red-700 px-4 py-3 rounded">
@@ -5609,16 +5613,16 @@ authRoutes.post(
         </div>
       `);
       }
-      if (chunk3XP76LM7_cjs.AuthManager.isLegacyHash(user.password_hash)) {
+      if (chunk7A4CB7T3_cjs.AuthManager.isLegacyHash(user.password_hash)) {
         try {
-          const newHash = await chunk3XP76LM7_cjs.AuthManager.hashPassword(password);
+          const newHash = await chunk7A4CB7T3_cjs.AuthManager.hashPassword(password);
           await db.prepare("UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?").bind(newHash, Date.now(), user.id).run();
         } catch (rehashError) {
           console.error("Password rehash failed (non-fatal):", rehashError);
         }
       }
-      const tokenTtl = await chunk3XP76LM7_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
-      const token = await chunk3XP76LM7_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET, tokenTtl);
+      const tokenTtl = await chunk7A4CB7T3_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
+      const token = await chunk7A4CB7T3_cjs.AuthManager.generateToken(user.id, user.email, user.role, c.env.JWT_SECRET, tokenTtl);
       cookie.setCookie(c, "auth_token", token, {
         httpOnly: true,
         secure: false,
@@ -5659,7 +5663,7 @@ authRoutes.post(
 );
 authRoutes.post(
   "/seed-admin",
-  chunk3XP76LM7_cjs.rateLimit({ max: 10, windowMs: 60 * 1e3, keyPrefix: "seed-admin" }),
+  chunk7A4CB7T3_cjs.rateLimit({ max: 10, windowMs: 60 * 1e3, keyPrefix: "seed-admin" }),
   async (c) => {
     try {
       const db = c.env.DB;
@@ -5681,7 +5685,7 @@ authRoutes.post(
     `).run();
       const existingAdmin = await db.prepare("SELECT id FROM users WHERE email = ? OR username = ?").bind("admin@sonicjs.com", "admin").first();
       if (existingAdmin) {
-        const passwordHash2 = await chunk3XP76LM7_cjs.AuthManager.hashPassword("sonicjs!");
+        const passwordHash2 = await chunk7A4CB7T3_cjs.AuthManager.hashPassword("sonicjs!");
         await db.prepare("UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?").bind(passwordHash2, Date.now(), existingAdmin.id).run();
         return c.json({
           message: "Admin user already exists (password updated)",
@@ -5693,7 +5697,7 @@ authRoutes.post(
           }
         });
       }
-      const passwordHash = await chunk3XP76LM7_cjs.AuthManager.hashPassword("sonicjs!");
+      const passwordHash = await chunk7A4CB7T3_cjs.AuthManager.hashPassword("sonicjs!");
       const userId = "admin-user-id";
       const now = Date.now();
       const adminEmail = "admin@sonicjs.com".toLowerCase();
@@ -5914,7 +5918,7 @@ authRoutes.post("/accept-invitation", async (c) => {
     if (existingUsername) {
       return c.json({ error: "Username is already taken" }, 400);
     }
-    const passwordHash = await chunk3XP76LM7_cjs.AuthManager.hashPassword(password);
+    const passwordHash = await chunk7A4CB7T3_cjs.AuthManager.hashPassword(password);
     const updateStmt = db.prepare(`
       UPDATE users SET 
         username = ?,
@@ -5933,8 +5937,8 @@ authRoutes.post("/accept-invitation", async (c) => {
       Date.now(),
       invitedUser.id
     ).run();
-    const tokenTtl = await chunk3XP76LM7_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
-    const authToken = await chunk3XP76LM7_cjs.AuthManager.generateToken(invitedUser.id, invitedUser.email, invitedUser.role, c.env.JWT_SECRET, tokenTtl);
+    const tokenTtl = await chunk7A4CB7T3_cjs.getJwtExpirySecondsFromDb(c.env.DB, c.env);
+    const authToken = await chunk7A4CB7T3_cjs.AuthManager.generateToken(invitedUser.id, invitedUser.email, invitedUser.role, c.env.JWT_SECRET, tokenTtl);
     cookie.setCookie(c, "auth_token", authToken, {
       httpOnly: true,
       secure: true,
@@ -5950,7 +5954,7 @@ authRoutes.post("/accept-invitation", async (c) => {
 });
 authRoutes.post(
   "/request-password-reset",
-  chunk3XP76LM7_cjs.rateLimit({ max: 3, windowMs: 15 * 60 * 1e3, keyPrefix: "password-reset" }),
+  chunk7A4CB7T3_cjs.rateLimit({ max: 3, windowMs: 15 * 60 * 1e3, keyPrefix: "password-reset" }),
   async (c) => {
     try {
       const formData = await c.req.formData();
@@ -6168,7 +6172,7 @@ authRoutes.post("/reset-password", async (c) => {
     if (Date.now() > user.password_reset_expires) {
       return c.json({ error: "Reset token has expired" }, 400);
     }
-    const newPasswordHash = await chunk3XP76LM7_cjs.AuthManager.hashPassword(password);
+    const newPasswordHash = await chunk7A4CB7T3_cjs.AuthManager.hashPassword(password);
     try {
       const historyStmt = db.prepare(`
         INSERT INTO password_history (id, user_id, password_hash, created_at)
@@ -9544,9 +9548,9 @@ function parseFieldValue(field, formData, options = {}) {
   const { skipValidation = false } = options;
   const value = formData.get(field.field_name);
   const errors = [];
-  const blocksConfig = chunk74BFRAQS_cjs.getBlocksFieldConfig(field.field_options);
+  const blocksConfig = chunkJZVHLLSI_cjs.getBlocksFieldConfig(field.field_options);
   if (blocksConfig) {
-    const parsed = chunk74BFRAQS_cjs.parseBlocksValue(value, blocksConfig);
+    const parsed = chunkJZVHLLSI_cjs.parseBlocksValue(value, blocksConfig);
     if (!skipValidation && field.is_required && parsed.value.length === 0) {
       parsed.errors.push(`${field.field_label} is required`);
     }
@@ -9656,7 +9660,7 @@ function extractFieldData(fields, formData, options = {}) {
   }
   return { data, errors };
 }
-adminContentRoutes.use("*", chunk3XP76LM7_cjs.requireAuth());
+adminContentRoutes.use("*", chunk7A4CB7T3_cjs.requireAuth());
 async function getCollectionFields(db, collectionId) {
   const cache = chunkWAEQXGCX_cjs.getCacheService(chunkWAEQXGCX_cjs.CACHE_CONFIGS.collection);
   return cache.getOrSet(
@@ -9933,21 +9937,21 @@ adminContentRoutes.get("/new", async (c) => {
     const tinymceEnabled = await isPluginActive2(db, "tinymce-plugin");
     let tinymceSettings;
     if (tinymceEnabled) {
-      const pluginService = new chunk56PLLVDG_cjs.PluginService(db);
+      const pluginService = new chunkE4YFJBM2_cjs.PluginService(db);
       const tinymcePlugin2 = await pluginService.getPlugin("tinymce-plugin");
       tinymceSettings = tinymcePlugin2?.settings;
     }
     const quillEnabled = await isPluginActive2(db, "quill-editor");
     let quillSettings;
     if (quillEnabled) {
-      const pluginService = new chunk56PLLVDG_cjs.PluginService(db);
+      const pluginService = new chunkE4YFJBM2_cjs.PluginService(db);
       const quillPlugin = await pluginService.getPlugin("quill-editor");
       quillSettings = quillPlugin?.settings;
     }
     const mdxeditorEnabled = await isPluginActive2(db, "easy-mdx");
     let mdxeditorSettings;
     if (mdxeditorEnabled) {
-      const pluginService = new chunk56PLLVDG_cjs.PluginService(db);
+      const pluginService = new chunkE4YFJBM2_cjs.PluginService(db);
       const mdxeditorPlugin = await pluginService.getPlugin("easy-mdx");
       mdxeditorSettings = mdxeditorPlugin?.settings;
     }
@@ -10038,21 +10042,21 @@ adminContentRoutes.get("/:id/edit", async (c) => {
     const tinymceEnabled = await isPluginActive2(db, "tinymce-plugin");
     let tinymceSettings;
     if (tinymceEnabled) {
-      const pluginService = new chunk56PLLVDG_cjs.PluginService(db);
+      const pluginService = new chunkE4YFJBM2_cjs.PluginService(db);
       const tinymcePlugin2 = await pluginService.getPlugin("tinymce-plugin");
       tinymceSettings = tinymcePlugin2?.settings;
     }
     const quillEnabled = await isPluginActive2(db, "quill-editor");
     let quillSettings;
     if (quillEnabled) {
-      const pluginService = new chunk56PLLVDG_cjs.PluginService(db);
+      const pluginService = new chunkE4YFJBM2_cjs.PluginService(db);
       const quillPlugin = await pluginService.getPlugin("quill-editor");
       quillSettings = quillPlugin?.settings;
     }
     const mdxeditorEnabled = await isPluginActive2(db, "easy-mdx");
     let mdxeditorSettings;
     if (mdxeditorEnabled) {
-      const pluginService = new chunk56PLLVDG_cjs.PluginService(db);
+      const pluginService = new chunkE4YFJBM2_cjs.PluginService(db);
       const mdxeditorPlugin = await pluginService.getPlugin("easy-mdx");
       mdxeditorSettings = mdxeditorPlugin?.settings;
     }
@@ -10347,7 +10351,7 @@ adminContentRoutes.put("/:id", async (c) => {
     `);
   }
 });
-adminContentRoutes.post("/preview", chunk3XP76LM7_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
+adminContentRoutes.post("/preview", chunk7A4CB7T3_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
   try {
     const formData = await c.req.formData();
     const collectionId = formData.get("collection_id");
@@ -10725,7 +10729,7 @@ adminContentRoutes.post("/:id/restore/:version", async (c) => {
     return c.json({ success: false, error: "Failed to restore version" });
   }
 });
-adminContentRoutes.get("/:id/version/:version/preview", chunk3XP76LM7_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
+adminContentRoutes.get("/:id/version/:version/preview", chunk7A4CB7T3_cjs.requireRole(["admin", "editor", "author"]), async (c) => {
   try {
     const id = c.req.param("id");
     const version = parseInt(c.req.param("version") || "0");
@@ -12724,14 +12728,14 @@ function renderUsersListPage(data) {
 
 // src/routes/admin-users.ts
 var userRoutes = new hono.Hono();
-userRoutes.use("*", chunk3XP76LM7_cjs.requireAuth());
-userRoutes.use("/users/*", chunk3XP76LM7_cjs.requireRole(["admin"]));
-userRoutes.use("/users", chunk3XP76LM7_cjs.requireRole(["admin"]));
-userRoutes.use("/invite-user", chunk3XP76LM7_cjs.requireRole(["admin"]));
-userRoutes.use("/resend-invitation/*", chunk3XP76LM7_cjs.requireRole(["admin"]));
-userRoutes.use("/cancel-invitation/*", chunk3XP76LM7_cjs.requireRole(["admin"]));
-userRoutes.use("/activity-logs", chunk3XP76LM7_cjs.requireRole(["admin"]));
-userRoutes.use("/activity-logs/*", chunk3XP76LM7_cjs.requireRole(["admin"]));
+userRoutes.use("*", chunk7A4CB7T3_cjs.requireAuth());
+userRoutes.use("/users/*", chunk7A4CB7T3_cjs.requireRole(["admin"]));
+userRoutes.use("/users", chunk7A4CB7T3_cjs.requireRole(["admin"]));
+userRoutes.use("/invite-user", chunk7A4CB7T3_cjs.requireRole(["admin"]));
+userRoutes.use("/resend-invitation/*", chunk7A4CB7T3_cjs.requireRole(["admin"]));
+userRoutes.use("/cancel-invitation/*", chunk7A4CB7T3_cjs.requireRole(["admin"]));
+userRoutes.use("/activity-logs", chunk7A4CB7T3_cjs.requireRole(["admin"]));
+userRoutes.use("/activity-logs/*", chunk7A4CB7T3_cjs.requireRole(["admin"]));
 userRoutes.get("/", (c) => {
   return c.redirect("/admin/dashboard");
 });
@@ -12901,7 +12905,7 @@ userRoutes.put("/profile", async (c) => {
       }
       await saveCustomData(db, user.userId, sanitized);
     }
-    await chunk3XP76LM7_cjs.logActivity(
+    await chunk7A4CB7T3_cjs.logActivity(
       db,
       user.userId,
       "profile.update",
@@ -12964,7 +12968,7 @@ userRoutes.post("/profile/avatar", async (c) => {
       SELECT first_name, last_name FROM users WHERE id = ?
     `);
     const userData = await userStmt.bind(user.userId).first();
-    await chunk3XP76LM7_cjs.logActivity(
+    await chunk7A4CB7T3_cjs.logActivity(
       db,
       user.userId,
       "profile.avatar_update",
@@ -13035,7 +13039,7 @@ userRoutes.post("/profile/password", async (c) => {
         dismissible: true
       }));
     }
-    const validPassword = await chunk3XP76LM7_cjs.AuthManager.verifyPassword(currentPassword, userData.password_hash);
+    const validPassword = await chunk7A4CB7T3_cjs.AuthManager.verifyPassword(currentPassword, userData.password_hash);
     if (!validPassword) {
       return c.html(renderAlert2({
         type: "error",
@@ -13043,7 +13047,7 @@ userRoutes.post("/profile/password", async (c) => {
         dismissible: true
       }));
     }
-    const newPasswordHash = await chunk3XP76LM7_cjs.AuthManager.hashPassword(newPassword);
+    const newPasswordHash = await chunk7A4CB7T3_cjs.AuthManager.hashPassword(newPassword);
     const historyStmt = db.prepare(`
       INSERT INTO password_history (id, user_id, password_hash, created_at)
       VALUES (?, ?, ?, ?)
@@ -13059,7 +13063,7 @@ userRoutes.post("/profile/password", async (c) => {
       WHERE id = ?
     `);
     await updateStmt.bind(newPasswordHash, Date.now(), user.userId).run();
-    await chunk3XP76LM7_cjs.logActivity(
+    await chunk7A4CB7T3_cjs.logActivity(
       db,
       user.userId,
       "profile.password_change",
@@ -13126,7 +13130,7 @@ userRoutes.get("/users", async (c) => {
     `);
     const countResult = await countStmt.bind(...params).first();
     const totalUsers = countResult?.total || 0;
-    await chunk3XP76LM7_cjs.logActivity(
+    await chunk7A4CB7T3_cjs.logActivity(
       db,
       user.userId,
       "users.list_view",
@@ -13284,7 +13288,7 @@ userRoutes.post("/users/new", async (c) => {
         dismissible: true
       }));
     }
-    const passwordHash = await chunk3XP76LM7_cjs.AuthManager.hashPassword(password);
+    const passwordHash = await chunk7A4CB7T3_cjs.AuthManager.hashPassword(password);
     const userId = crypto.randomUUID();
     const createStmt = db.prepare(`
       INSERT INTO users (
@@ -13307,7 +13311,7 @@ userRoutes.post("/users/new", async (c) => {
       Date.now(),
       Date.now()
     ).run();
-    await chunk3XP76LM7_cjs.logActivity(
+    await chunk7A4CB7T3_cjs.logActivity(
       db,
       user.userId,
       "user!.create",
@@ -13346,7 +13350,7 @@ userRoutes.get("/users/:id", async (c) => {
     if (!userRecord) {
       return c.json({ error: "User not found" }, 404);
     }
-    await chunk3XP76LM7_cjs.logActivity(
+    await chunk7A4CB7T3_cjs.logActivity(
       db,
       user.userId,
       "user!.view",
@@ -13572,7 +13576,7 @@ userRoutes.put("/users/:id", async (c) => {
       userId
     ).run();
     if (newPassword) {
-      const passwordHash = await chunk3XP76LM7_cjs.AuthManager.hashPassword(newPassword);
+      const passwordHash = await chunk7A4CB7T3_cjs.AuthManager.hashPassword(newPassword);
       const updatePasswordStmt = db.prepare(`
         UPDATE users SET password_hash = ?, updated_at = ? WHERE id = ?
       `);
@@ -13626,7 +13630,7 @@ userRoutes.put("/users/:id", async (c) => {
         ).run();
       }
     }
-    await chunk3XP76LM7_cjs.logActivity(
+    await chunk7A4CB7T3_cjs.logActivity(
       db,
       user.userId,
       "user.update",
@@ -13671,7 +13675,7 @@ userRoutes.post("/users/:id/toggle", async (c) => {
       UPDATE users SET is_active = ?, updated_at = ? WHERE id = ?
     `);
     await toggleStmt.bind(active ? 1 : 0, Date.now(), userId).run();
-    await chunk3XP76LM7_cjs.logActivity(
+    await chunk7A4CB7T3_cjs.logActivity(
       db,
       user.userId,
       active ? "user.activate" : "user.deactivate",
@@ -13712,7 +13716,7 @@ userRoutes.delete("/users/:id", async (c) => {
         DELETE FROM users WHERE id = ?
       `);
       await deleteStmt.bind(userId).run();
-      await chunk3XP76LM7_cjs.logActivity(
+      await chunk7A4CB7T3_cjs.logActivity(
         db,
         user.userId,
         "user!.hard_delete",
@@ -13731,7 +13735,7 @@ userRoutes.delete("/users/:id", async (c) => {
         UPDATE users SET is_active = 0, updated_at = ? WHERE id = ?
       `);
       await deleteStmt.bind(Date.now(), userId).run();
-      await chunk3XP76LM7_cjs.logActivity(
+      await chunk7A4CB7T3_cjs.logActivity(
         db,
         user.userId,
         "user!.soft_delete",
@@ -13797,7 +13801,7 @@ userRoutes.post("/invite-user", async (c) => {
       Date.now(),
       Date.now()
     ).run();
-    await chunk3XP76LM7_cjs.logActivity(
+    await chunk7A4CB7T3_cjs.logActivity(
       db,
       user.userId,
       "user!.invite_sent",
@@ -13854,7 +13858,7 @@ userRoutes.post("/resend-invitation/:id", async (c) => {
       Date.now(),
       userId
     ).run();
-    await chunk3XP76LM7_cjs.logActivity(
+    await chunk7A4CB7T3_cjs.logActivity(
       db,
       user.userId,
       "user!.invitation_resent",
@@ -13890,7 +13894,7 @@ userRoutes.delete("/cancel-invitation/:id", async (c) => {
     }
     const deleteStmt = db.prepare(`DELETE FROM users WHERE id = ?`);
     await deleteStmt.bind(userId).run();
-    await chunk3XP76LM7_cjs.logActivity(
+    await chunk7A4CB7T3_cjs.logActivity(
       db,
       user.userId,
       "user!.invitation_cancelled",
@@ -13973,7 +13977,7 @@ userRoutes.get("/activity-logs", async (c) => {
       ...log,
       details: log.details ? JSON.parse(log.details) : null
     }));
-    await chunk3XP76LM7_cjs.logActivity(
+    await chunk7A4CB7T3_cjs.logActivity(
       db,
       user.userId,
       "activity.logs_viewed",
@@ -14080,7 +14084,7 @@ userRoutes.get("/activity-logs/export", async (c) => {
       csvRows.push(row.join(","));
     }
     const csvContent = csvRows.join("\n");
-    await chunk3XP76LM7_cjs.logActivity(
+    await chunk7A4CB7T3_cjs.logActivity(
       db,
       user.userId,
       "activity.logs_exported",
@@ -15419,7 +15423,7 @@ var fileValidationSchema2 = zod.z.object({
   // 50MB max
 });
 var adminMediaRoutes = new hono.Hono();
-adminMediaRoutes.use("*", chunk3XP76LM7_cjs.requireAuth());
+adminMediaRoutes.use("*", chunk7A4CB7T3_cjs.requireAuth());
 adminMediaRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -15811,8 +15815,8 @@ adminMediaRoutes.post("/upload", async (c) => {
           });
           continue;
         }
-        let width;
-        let height;
+        let width = null;
+        let height = null;
         if (file.type.startsWith("image/") && !file.type.includes("svg")) {
           try {
             const dimensions = await getImageDimensions2(arrayBuffer);
@@ -15823,7 +15827,7 @@ adminMediaRoutes.post("/upload", async (c) => {
           }
         }
         const publicUrl = `/files/${r2Key}`;
-        const thumbnailUrl = file.type.startsWith("image/") ? publicUrl : void 0;
+        const thumbnailUrl = file.type.startsWith("image/") ? publicUrl : null;
         const stmt = c.env.DB.prepare(`
           INSERT INTO media (
             id, filename, original_name, mime_type, size, width, height, 
@@ -16005,7 +16009,7 @@ adminMediaRoutes.put("/:id", async (c) => {
     `);
   }
 });
-adminMediaRoutes.delete("/cleanup", chunk3XP76LM7_cjs.requireRole("admin"), async (c) => {
+adminMediaRoutes.delete("/cleanup", chunk7A4CB7T3_cjs.requireRole("admin"), async (c) => {
   try {
     const db = c.env.DB;
     const allMediaStmt = db.prepare("SELECT id, r2_key, filename FROM media WHERE deleted_at IS NULL");
@@ -18348,8 +18352,8 @@ function renderEmailSettingsContent(plugin, settings) {
 
 // src/routes/admin-plugins.ts
 var adminPluginRoutes = new hono.Hono();
-adminPluginRoutes.use("*", chunk3XP76LM7_cjs.requireAuth());
-var AVAILABLE_PLUGINS = Object.values(chunk56PLLVDG_cjs.PLUGIN_REGISTRY).map((p) => ({
+adminPluginRoutes.use("*", chunk7A4CB7T3_cjs.requireAuth());
+var AVAILABLE_PLUGINS = Object.values(chunkE4YFJBM2_cjs.PLUGIN_REGISTRY).map((p) => ({
   id: p.id,
   name: p.codeName,
   display_name: p.displayName,
@@ -18369,7 +18373,7 @@ adminPluginRoutes.get("/", async (c) => {
     if (user?.role !== "admin") {
       return c.text("Access denied", 403);
     }
-    const pluginService = new chunk56PLLVDG_cjs.PluginService(db);
+    const pluginService = new chunkE4YFJBM2_cjs.PluginService(db);
     let installedPlugins = [];
     let stats = { total: 0, active: 0, inactive: 0, errors: 0, uninstalled: 0 };
     try {
@@ -18441,7 +18445,7 @@ adminPluginRoutes.get("/:id", async (c) => {
     if (user?.role !== "admin") {
       return c.redirect("/admin/plugins");
     }
-    const pluginService = new chunk56PLLVDG_cjs.PluginService(db);
+    const pluginService = new chunkE4YFJBM2_cjs.PluginService(db);
     const plugin = await pluginService.getPlugin(pluginId);
     if (!plugin) {
       return c.text("Plugin not found", 404);
@@ -18517,7 +18521,7 @@ adminPluginRoutes.post("/:id/activate", async (c) => {
     if (user?.role !== "admin") {
       return c.json({ error: "Access denied" }, 403);
     }
-    const pluginService = new chunk56PLLVDG_cjs.PluginService(db);
+    const pluginService = new chunkE4YFJBM2_cjs.PluginService(db);
     await pluginService.activatePlugin(pluginId);
     return c.json({ success: true });
   } catch (error) {
@@ -18534,7 +18538,7 @@ adminPluginRoutes.post("/:id/deactivate", async (c) => {
     if (user?.role !== "admin") {
       return c.json({ error: "Access denied" }, 403);
     }
-    const pluginService = new chunk56PLLVDG_cjs.PluginService(db);
+    const pluginService = new chunkE4YFJBM2_cjs.PluginService(db);
     await pluginService.deactivatePlugin(pluginId);
     return c.json({ success: true });
   } catch (error) {
@@ -18551,8 +18555,8 @@ adminPluginRoutes.post("/install", async (c) => {
       return c.json({ error: "Access denied" }, 403);
     }
     const body = await c.req.json();
-    const pluginService = new chunk56PLLVDG_cjs.PluginService(db);
-    const registryEntry = chunk56PLLVDG_cjs.findPluginByCodeName(body.name) || chunk56PLLVDG_cjs.PLUGIN_REGISTRY[body.name] || chunk56PLLVDG_cjs.PLUGIN_REGISTRY[body.id];
+    const pluginService = new chunkE4YFJBM2_cjs.PluginService(db);
+    const registryEntry = chunkE4YFJBM2_cjs.findPluginByCodeName(body.name) || chunkE4YFJBM2_cjs.PLUGIN_REGISTRY[body.name] || chunkE4YFJBM2_cjs.PLUGIN_REGISTRY[body.id];
     if (!registryEntry) {
       return c.json({ error: "Plugin not found in registry" }, 404);
     }
@@ -18585,7 +18589,7 @@ adminPluginRoutes.post("/:id/uninstall", async (c) => {
     if (user?.role !== "admin") {
       return c.json({ error: "Access denied" }, 403);
     }
-    const pluginService = new chunk56PLLVDG_cjs.PluginService(db);
+    const pluginService = new chunkE4YFJBM2_cjs.PluginService(db);
     await pluginService.uninstallPlugin(pluginId);
     return c.json({ success: true });
   } catch (error) {
@@ -18603,7 +18607,7 @@ adminPluginRoutes.post("/:id/settings", async (c) => {
       return c.json({ error: "Access denied" }, 403);
     }
     const settings = await c.req.json();
-    const pluginService = new chunk56PLLVDG_cjs.PluginService(db);
+    const pluginService = new chunkE4YFJBM2_cjs.PluginService(db);
     await pluginService.updatePluginSettings(pluginId, settings);
     if (pluginId === "core-auth") {
       try {
@@ -19411,7 +19415,7 @@ function renderLogConfigPage(data) {
 
 // src/routes/admin-logs.ts
 var adminLogsRoutes = new hono.Hono();
-adminLogsRoutes.use("*", chunk3XP76LM7_cjs.requireAuth());
+adminLogsRoutes.use("*", chunk7A4CB7T3_cjs.requireAuth());
 adminLogsRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -21739,9 +21743,9 @@ function renderStorageUsage(databaseSizeBytes, mediaSizeBytes) {
 }
 
 // src/routes/admin-dashboard.ts
-var VERSION = chunk74BFRAQS_cjs.getCoreVersion();
+var VERSION = chunkJZVHLLSI_cjs.getCoreVersion();
 var router = new hono.Hono();
-router.use("*", chunk3XP76LM7_cjs.requireAuth());
+router.use("*", chunk7A4CB7T3_cjs.requireAuth());
 router.get("/", async (c) => {
   const user = c.get("user");
   try {
@@ -22609,6 +22613,22 @@ function renderCollectionFormPage(data) {
               <h2 class="text-base/7 font-semibold text-zinc-950 dark:text-white">Collection Details</h2>
               <p class="text-sm/6 text-zinc-500 dark:text-zinc-400">Configure your collection settings below</p>
             </div>
+
+            ${isEdit && data.name ? `
+            <!-- Export Button: only on edit (need a collection name to fetch) -->
+            <div class="ml-auto">
+              <button
+                type="button"
+                id="export-collection-btn"
+                title="Export as code"
+                class="inline-flex items-center gap-x-1.5 px-3.5 py-2.5 bg-zinc-950 dark:bg-white text-white dark:text-zinc-950 font-semibold text-sm rounded-lg hover:bg-zinc-800 dark:hover:bg-zinc-100 transition-colors shadow-sm"
+              >
+                <svg class="h-5 w-5" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
+                  <path d="M7 8L3 11.6923L7 16M17 8L21 11.6923L17 16M14 4L10 20" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+                </svg>
+              </button>
+            </div>
+            ` : ""}
           </div>
         </div>
 
@@ -23068,6 +23088,176 @@ function renderCollectionFormPage(data) {
       </div>
     </div>
 
+    ${isEdit && data.name ? `
+    <!-- Code Export Modal -->
+    <div id="code-export-modal" class="fixed inset-0 bg-black/50 backdrop-blur-sm flex items-center justify-center z-50 hidden">
+      <div class="rounded-xl bg-white dark:bg-zinc-900 shadow-xl ring-1 ring-zinc-950/5 dark:ring-white/10 w-full max-w-2xl mx-4">
+        <div class="px-6 py-4 border-b border-zinc-950/5 dark:border-white/10">
+          <div class="flex items-center justify-between">
+            <h3 id="code-export-modal-title" class="text-lg font-semibold text-zinc-950 dark:text-white">
+              Code-Based version of ${chunkMNWKYY5E_cjs.escapeHtml(data.display_name || "this collection")}
+            </h3>
+            <button onclick="toggleCodeExportModal()" class="text-zinc-500 dark:text-zinc-400 hover:text-zinc-950 dark:hover:text-white transition-colors">
+              <svg class="w-6 h-6" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M6 18L18 6M6 6l12 12"></path>
+              </svg>
+            </button>
+          </div>
+        </div>
+
+        <div id="code-export-form" class="p-6 space-y-4">
+          <div id="code-export-options-container">
+            <div class="relative">
+              <textarea
+                id="code-export-options"
+                name="code_export_options"
+                rows="8"
+                class="w-full rounded-lg bg-white dark:bg-zinc-800 px-4 py-3 text-sm text-zinc-950 dark:text-white placeholder-zinc-500 dark:placeholder-zinc-400 ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 focus:ring-2 focus:ring-blue-600 dark:focus:ring-blue-500 focus:outline-none transition-colors font-mono"
+                readonly
+              ></textarea>
+              <button
+                id="copy-options-btn"
+                type="button"
+                class="absolute top-2 right-4 p-1 rounded bg-white/10 dark:bg-zinc-800/10 text-zinc-500 dark:text-zinc-400 hover:text-zinc-950 dark:hover:text-white hover:bg-zinc-100 dark:hover:bg-zinc-700 transition-colors cursor-copy"
+                title="Copy to clipboard"
+              >
+                <svg class="w-5 h-5" viewBox="0 0 20 20" xmlns="http://www.w3.org/2000/svg" fill="none">
+                  <path fill="currentColor" fill-rule="evenodd" d="M4 2a2 2 0 00-2 2v9a2 2 0 002 2h2v2a2 2 0 002 2h9a2 2 0 002-2V8a2 2 0 00-2-2h-2V4a2 2 0 00-2-2H4zm9 4V4H4v9h2V8a2 2 0 012-2h5zM8 8h9v9H8V8z"/>
+                </svg>
+              </button>
+            </div>
+            <div class="flex items-center justify-between mt-1 gap-x-4">
+              <p class="text-xs text-zinc-500 dark:text-zinc-400">
+                This is a code-based representation of ${data.display_name ? `the ${chunkMNWKYY5E_cjs.escapeHtml(data.display_name)}` : "this"} collection.
+                Learn more about
+                <a href="https://sonicjs.com/collections" target="_blank" class="text-blue-600 dark:text-blue-400 hover:underline">
+                  collections here.
+                </a>
+              </p>
+              <span id="copy-options-feedback" class="invisible text-xs text-green-600 dark:text-green-400">Copied!</span>
+            </div>
+          </div>
+
+          <div class="flex justify-end space-x-3 pt-4 border-t border-zinc-950/5 dark:border-white/10">
+            <button
+              type="button"
+              onclick="toggleCodeExportModal()"
+              class="rounded-lg bg-white dark:bg-zinc-800 px-4 py-2 text-sm font-semibold text-zinc-950 dark:text-white ring-1 ring-inset ring-zinc-950/10 dark:ring-white/10 hover:bg-zinc-50 dark:hover:bg-zinc-700 transition-colors"
+            >
+              Close
+            </button>
+          </div>
+        </div>
+      </div>
+    </div>
+
+    <script>
+      (function() {
+        const collectionName = ${JSON.stringify(data.name || "")};
+
+        // Fields returned by the collections API that aren't part of CollectionConfig.
+        const unwantedKeys = ['id', 'source_type', 'source_id', 'created_at', 'updated_at'];
+
+        function normalizeCollectionObject(obj) {
+          if (Array.isArray(obj)) {
+            return obj.map(normalizeCollectionObject);
+          } else if (obj !== null && typeof obj === 'object') {
+            return Object.keys(obj).reduce((acc, key) => {
+              if (unwantedKeys.includes(key)) return acc;
+              const camelCaseKey = key.replace(/_([a-z])/g, g => g[1].toUpperCase());
+              acc[camelCaseKey] = normalizeCollectionObject(obj[key]);
+              return acc;
+            }, {});
+          }
+          return obj;
+        }
+
+        function generateCollectionTemplate(data) {
+          const normalizedData = normalizeCollectionObject(data);
+          return "import type { CollectionConfig } from '@sonicjs-cms/core';\\n\\n" +
+            \`export default \${JSON.stringify(normalizedData, null, 2)} satisfies CollectionConfig;\`;
+        }
+
+        const modal = document.getElementById('code-export-modal');
+        const triggerBtn = document.getElementById('export-collection-btn');
+        if (!modal || !triggerBtn) return;
+
+        function isOpen() {
+          return !modal.classList.contains('hidden');
+        }
+
+        function toggleModal() {
+          modal.classList.toggle('hidden');
+          if (!isOpen()) {
+            modal.querySelector('#code-export-options').value = '';
+          }
+        }
+        // Exposed for inline onclick handlers in the modal markup.
+        window.toggleCodeExportModal = toggleModal;
+
+        async function fetchCollectionByName(name) {
+          try {
+            const response = await fetch(\`/api/collections/\${encodeURIComponent(name)}/content\`, {
+              headers: { 'Accept': 'application/json' }
+            });
+            if (!response.ok) throw new Error('Network response was not ok');
+            const res = await response.json();
+            return res.meta?.collection || {};
+          } catch (error) {
+            console.error('Error fetching collection data for export:', error);
+            alert('Failed to load collection data for export. Please try again.');
+            return null;
+          }
+        }
+
+        async function copyToClipboard(text) {
+          if (navigator.clipboard?.writeText) {
+            await navigator.clipboard.writeText(text);
+            return;
+          }
+          // Fallback for non-secure contexts.
+          const textarea = modal.querySelector('#code-export-options');
+          textarea.select();
+          textarea.setSelectionRange(0, 99999);
+          if (!document.execCommand('copy')) throw new Error('Copy command was unsuccessful');
+        }
+
+        triggerBtn.addEventListener('click', async function() {
+          if (!collectionName) return;
+          const res = await fetchCollectionByName(collectionName);
+          if (!res) return;
+          try {
+            modal.querySelector('#code-export-options').value = generateCollectionTemplate(res);
+            toggleModal();
+          } catch (e) {
+            console.error('Error preparing collection data for export:', e);
+            alert('Failed to prepare collection data for export. Please try again.');
+          }
+        });
+
+        modal.querySelector('#copy-options-btn').addEventListener('click', async function() {
+          const textarea = modal.querySelector('#code-export-options');
+          try {
+            await copyToClipboard(textarea.value);
+            const feedback = modal.querySelector('#copy-options-feedback');
+            feedback.classList.remove('invisible');
+            setTimeout(() => feedback.classList.add('invisible'), 2000);
+          } catch (err) {
+            console.error('Error copying to clipboard:', err);
+            alert('Failed to copy to clipboard. Please try copying manually.');
+          }
+        });
+
+        document.addEventListener('keydown', function(e) {
+          if (e.key === 'Escape' && isOpen()) toggleModal();
+        });
+
+        modal.addEventListener('click', function(e) {
+          if (e.target === modal) toggleModal();
+        });
+      })();
+    </script>
+    ` : ""}
     <script>
       const collectionId = '${data.id || ""}';
       
@@ -23560,10 +23750,10 @@ function renderCollectionFormPage(data) {
 
 // src/routes/admin-collections.ts
 var adminCollectionsRoutes = new hono.Hono();
-adminCollectionsRoutes.use("*", chunk3XP76LM7_cjs.requireAuth());
-adminCollectionsRoutes.post("*", chunk3XP76LM7_cjs.requireRole(["admin"]));
-adminCollectionsRoutes.put("*", chunk3XP76LM7_cjs.requireRole(["admin"]));
-adminCollectionsRoutes.delete("*", chunk3XP76LM7_cjs.requireRole(["admin"]));
+adminCollectionsRoutes.use("*", chunk7A4CB7T3_cjs.requireAuth());
+adminCollectionsRoutes.post("*", chunk7A4CB7T3_cjs.requireRole(["admin"]));
+adminCollectionsRoutes.put("*", chunk7A4CB7T3_cjs.requireRole(["admin"]));
+adminCollectionsRoutes.delete("*", chunk7A4CB7T3_cjs.requireRole(["admin"]));
 adminCollectionsRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -25858,7 +26048,7 @@ function renderDatabaseToolsSettings(settings) {
 
 // src/routes/admin-settings.ts
 var adminSettingsRoutes = new hono.Hono();
-adminSettingsRoutes.use("*", chunk3XP76LM7_cjs.requireAuth());
+adminSettingsRoutes.use("*", chunk7A4CB7T3_cjs.requireAuth());
 function getMockSettings(user) {
   return {
     general: {
@@ -26035,7 +26225,7 @@ adminSettingsRoutes.get("/database-tools", (c) => {
 adminSettingsRoutes.get("/api/migrations/status", async (c) => {
   try {
     const db = c.env.DB;
-    const migrationService = new chunkDAESIIWY_cjs.MigrationService(db);
+    const migrationService = new chunkRLMUFFUD_cjs.MigrationService(db);
     const status = await migrationService.getMigrationStatus();
     return c.json({
       success: true,
@@ -26059,7 +26249,7 @@ adminSettingsRoutes.post("/api/migrations/run", async (c) => {
       }, 403);
     }
     const db = c.env.DB;
-    const migrationService = new chunkDAESIIWY_cjs.MigrationService(db);
+    const migrationService = new chunkRLMUFFUD_cjs.MigrationService(db);
     const result = await migrationService.runPendingMigrations();
     return c.json({
       success: result.success,
@@ -26077,7 +26267,7 @@ adminSettingsRoutes.post("/api/migrations/run", async (c) => {
 adminSettingsRoutes.get("/api/migrations/validate", async (c) => {
   try {
     const db = c.env.DB;
-    const migrationService = new chunkDAESIIWY_cjs.MigrationService(db);
+    const migrationService = new chunkRLMUFFUD_cjs.MigrationService(db);
     const validation = await migrationService.validateSchema();
     return c.json({
       success: true,
@@ -28016,7 +28206,7 @@ function renderFormCreatePage(data) {
 
 // src/routes/admin-forms.ts
 var adminFormsRoutes = new hono.Hono();
-adminFormsRoutes.use("*", chunk3XP76LM7_cjs.requireAuth());
+adminFormsRoutes.use("*", chunk7A4CB7T3_cjs.requireAuth());
 adminFormsRoutes.get("/", async (c) => {
   try {
     const user = c.get("user");
@@ -28821,7 +29011,7 @@ publicFormsRoutes.post("/:identifier/submit", async (c) => {
     `).bind(now, form.id).run();
     let contentId = null;
     try {
-      contentId = await chunk56PLLVDG_cjs.createContentFromSubmission(
+      contentId = await chunkE4YFJBM2_cjs.createContentFromSubmission(
         db,
         sanitizedData,
         { id: form.id, name: form.name, display_name: form.display_name },
@@ -29189,9 +29379,9 @@ function renderAPIReferencePage(data) {
 }
 
 // src/routes/admin-api-reference.ts
-var VERSION2 = chunk74BFRAQS_cjs.getCoreVersion();
+var VERSION2 = chunkJZVHLLSI_cjs.getCoreVersion();
 var router2 = new hono.Hono();
-router2.use("*", chunk3XP76LM7_cjs.requireAuth());
+router2.use("*", chunk7A4CB7T3_cjs.requireAuth());
 router2.get("/", async (c) => {
   const user = c.get("user");
   try {
@@ -29274,6 +29464,7 @@ exports.auth_default = auth_default;
 exports.createUserProfilesPlugin = createUserProfilesPlugin;
 exports.defineUserProfile = defineUserProfile;
 exports.getConfirmationDialogScript = getConfirmationDialogScript2;
+exports.getCustomData = getCustomData;
 exports.getUserProfileConfig = getUserProfileConfig;
 exports.public_forms_default = public_forms_default;
 exports.renderConfirmationDialog = renderConfirmationDialog2;
@@ -29282,5 +29473,5 @@ exports.router2 = router2;
 exports.test_cleanup_default = test_cleanup_default;
 exports.userProfilesPlugin = userProfilesPlugin;
 exports.userRoutes = userRoutes;
-//# sourceMappingURL=chunk-LTJ7P7RT.cjs.map
-//# sourceMappingURL=chunk-LTJ7P7RT.cjs.map
+//# sourceMappingURL=chunk-R4FOLLFB.cjs.map
+//# sourceMappingURL=chunk-R4FOLLFB.cjs.map