npm - @structcms/api - Versions diffs - 0.1.0 → 0.1.1 - Mend

@structcms/api 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/README.md +2 -2
package/dist/index.cjs +266 -21
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +241 -12
package/dist/index.d.ts +241 -12
package/dist/index.js +250 -20
package/dist/index.js.map +1 -1
package/dist/next/index.cjs +147 -33
package/dist/next/index.cjs.map +1 -1
package/dist/next/index.d.cts +3 -2
package/dist/next/index.d.ts +3 -2
package/dist/next/index.js +147 -33
package/dist/next/index.js.map +1 -1
package/dist/supabase/index.cjs +37 -1
package/dist/supabase/index.cjs.map +1 -1
package/dist/supabase/index.d.cts +1 -1
package/dist/supabase/index.d.ts +1 -1
package/dist/supabase/index.js +37 -1
package/dist/supabase/index.js.map +1 -1
package/dist/{types-Zi0Iyow1.d.cts → types-Cdui_Ets.d.cts} +21 -2
package/dist/{types-Zi0Iyow1.d.ts → types-Cdui_Ets.d.ts} +21 -2
package/package.json +3 -2

package/dist/index.d.cts CHANGED Viewed

@@ -1,6 +1,7 @@
-import { S as StorageAdapter, P as Page, C as CreatePageInput, U as UpdatePageInput, a as PageFilter, N as Navigation, b as CreateNavigationInput, c as UpdateNavigationInput, d as NavigationItem, e as PageSection, M as MediaAdapter, f as UploadMediaInput, g as MediaFile, h as MediaFilter, A as AuthAdapter, i as SignInWithOAuthInput, O as OAuthResponse, j as SignInWithPasswordInput, k as AuthSession, V as VerifySessionInput, l as AuthUser } from './types-Zi0Iyow1.cjs';
-export { m as ALLOWED_MIME_TYPES, n as AllowedMimeType } from './types-Zi0Iyow1.cjs';
+import { S as StorageAdapter, P as Page, C as CreatePageInput$1, U as UpdatePageInput$1, a as PageFilter, N as Navigation, b as CreateNavigationInput$1, c as UpdateNavigationInput$1, d as NavigationItem, e as PageSection, M as MediaAdapter, f as UploadMediaInput, g as MediaFile, h as MediaFilter, A as AuthAdapter, i as SignInWithOAuthInput, O as OAuthResponse, j as SignInWithPasswordInput, k as AuthSession, V as VerifySessionInput, l as AuthUser } from './types-Cdui_Ets.cjs';
+export { m as ALLOWED_DOCUMENT_MIME_TYPES, n as ALLOWED_MIME_TYPES, o as ALL_ALLOWED_MIME_TYPES, p as AllowedDocumentMimeType, q as AllowedMimeType, r as MAX_FILE_SIZE, s as MediaCategory } from './types-Cdui_Ets.cjs';
 import { SupabaseClient } from '@supabase/supabase-js';
+import { z } from 'zod';
 export { SupabaseAdapterFactoryConfig, SupabaseAdapterFactoryStorageConfig, SupabaseAdapters, createSupabaseAdapters } from './supabase/index.cjs';
 /**
@@ -25,14 +26,14 @@ declare class SupabaseStorageAdapter implements StorageAdapter {
     constructor(config: SupabaseStorageAdapterConfig);
     getPage(slug: string): Promise<Page | null>;
     getPageById(id: string): Promise<Page | null>;
-    createPage(input: CreatePageInput): Promise<Page>;
-    updatePage(input: UpdatePageInput): Promise<Page>;
+    createPage(input: CreatePageInput$1): Promise<Page>;
+    updatePage(input: UpdatePageInput$1): Promise<Page>;
     deletePage(id: string): Promise<void>;
     listPages(filter?: PageFilter): Promise<Page[]>;
     getNavigation(name: string): Promise<Navigation | null>;
     getNavigationById(id: string): Promise<Navigation | null>;
-    createNavigation(input: CreateNavigationInput): Promise<Navigation>;
-    updateNavigation(input: UpdateNavigationInput): Promise<Navigation>;
+    createNavigation(input: CreateNavigationInput$1): Promise<Navigation>;
+    updateNavigation(input: UpdateNavigationInput$1): Promise<Navigation>;
     deleteNavigation(id: string): Promise<void>;
     listNavigations(): Promise<Navigation[]>;
 }
@@ -52,11 +53,11 @@ declare class StorageValidationError extends Error {
  * Handler for creating a new page
  * Generates a slug from the title if not provided and ensures uniqueness
  */
-declare function handleCreatePage(adapter: StorageAdapter, input: CreatePageInput): Promise<Page>;
+declare function handleCreatePage(adapter: StorageAdapter, input: CreatePageInput$1): Promise<Page>;
 /**
  * Handler for updating an existing page
  */
-declare function handleUpdatePage(adapter: StorageAdapter, input: UpdatePageInput): Promise<Page>;
+declare function handleUpdatePage(adapter: StorageAdapter, input: UpdatePageInput$1): Promise<Page>;
 /**
  * Handler for deleting a page by ID
  */
@@ -65,11 +66,11 @@ declare function handleDeletePage(adapter: StorageAdapter, id: string): Promise<
  * Handler for creating a new navigation
  * Validates that the name is non-empty and unique
  */
-declare function handleCreateNavigation(adapter: StorageAdapter, input: CreateNavigationInput): Promise<Navigation>;
+declare function handleCreateNavigation(adapter: StorageAdapter, input: CreateNavigationInput$1): Promise<Navigation>;
 /**
  * Handler for updating an existing navigation
  */
-declare function handleUpdateNavigation(adapter: StorageAdapter, input: UpdateNavigationInput): Promise<Navigation>;
+declare function handleUpdateNavigation(adapter: StorageAdapter, input: UpdateNavigationInput$1): Promise<Navigation>;
 /**
  * Handler for deleting a navigation by ID
  */
@@ -101,6 +102,157 @@ declare function generateSlug(title: string): string;
  */
 declare function ensureUniqueSlug(slug: string, existingSlugs: string[]): string;
+/**
+ * Strip all HTML tags from a string (for plain text fields like titles, names)
+ */
+declare function stripTags(value: string): string;
+/**
+ * Schema for creating a new page
+ */
+declare const CreatePageSchema: z.ZodObject<{
+    title: z.ZodString;
+    pageType: z.ZodString;
+    slug: z.ZodOptional<z.ZodString>;
+    sections: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        id: z.ZodOptional<z.ZodString>;
+        type: z.ZodString;
+        data: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+    }, "strip", z.ZodTypeAny, {
+        type: string;
+        data: Record<string, unknown>;
+        id?: string | undefined;
+    }, {
+        type: string;
+        data: Record<string, unknown>;
+        id?: string | undefined;
+    }>, "many">>;
+}, "strip", z.ZodTypeAny, {
+    title: string;
+    pageType: string;
+    slug?: string | undefined;
+    sections?: {
+        type: string;
+        data: Record<string, unknown>;
+        id?: string | undefined;
+    }[] | undefined;
+}, {
+    title: string;
+    pageType: string;
+    slug?: string | undefined;
+    sections?: {
+        type: string;
+        data: Record<string, unknown>;
+        id?: string | undefined;
+    }[] | undefined;
+}>;
+/**
+ * Schema for updating an existing page
+ */
+declare const UpdatePageSchema: z.ZodObject<{
+    title: z.ZodOptional<z.ZodString>;
+    pageType: z.ZodOptional<z.ZodString>;
+    slug: z.ZodOptional<z.ZodOptional<z.ZodString>>;
+    sections: z.ZodOptional<z.ZodOptional<z.ZodArray<z.ZodObject<{
+        id: z.ZodOptional<z.ZodString>;
+        type: z.ZodString;
+        data: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+    }, "strip", z.ZodTypeAny, {
+        type: string;
+        data: Record<string, unknown>;
+        id?: string | undefined;
+    }, {
+        type: string;
+        data: Record<string, unknown>;
+        id?: string | undefined;
+    }>, "many">>>;
+}, "strip", z.ZodTypeAny, {
+    slug?: string | undefined;
+    title?: string | undefined;
+    sections?: {
+        type: string;
+        data: Record<string, unknown>;
+        id?: string | undefined;
+    }[] | undefined;
+    pageType?: string | undefined;
+}, {
+    slug?: string | undefined;
+    title?: string | undefined;
+    sections?: {
+        type: string;
+        data: Record<string, unknown>;
+        id?: string | undefined;
+    }[] | undefined;
+    pageType?: string | undefined;
+}>;
+/**
+ * Schema for creating a new navigation
+ */
+declare const CreateNavigationSchema: z.ZodObject<{
+    name: z.ZodString;
+    items: z.ZodArray<z.ZodType<any, z.ZodTypeDef, any>, "many">;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    items: any[];
+}, {
+    name: string;
+    items: any[];
+}>;
+/**
+ * Schema for updating an existing navigation
+ */
+declare const UpdateNavigationSchema: z.ZodObject<{
+    name: z.ZodOptional<z.ZodString>;
+    items: z.ZodOptional<z.ZodArray<z.ZodType<any, z.ZodTypeDef, any>, "many">>;
+}, "strip", z.ZodTypeAny, {
+    name?: string | undefined;
+    items?: any[] | undefined;
+}, {
+    name?: string | undefined;
+    items?: any[] | undefined;
+}>;
+/**
+ * Schema for sign in
+ */
+declare const SignInSchema: z.ZodObject<{
+    email: z.ZodString;
+    password: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    email: string;
+    password: string;
+}, {
+    email: string;
+    password: string;
+}>;
+/**
+ * Schema for media upload
+ */
+declare const MediaUploadSchema: z.ZodObject<{
+    filename: z.ZodString;
+    mimeType: z.ZodString;
+    size: z.ZodNumber;
+    data: z.ZodType<ArrayBuffer, z.ZodTypeDef, ArrayBuffer>;
+}, "strip", z.ZodTypeAny, {
+    data: ArrayBuffer;
+    filename: string;
+    mimeType: string;
+    size: number;
+}, {
+    data: ArrayBuffer;
+    filename: string;
+    mimeType: string;
+    size: number;
+}>;
+/**
+ * Type exports for TypeScript
+ */
+type CreatePageInput = z.infer<typeof CreatePageSchema>;
+type UpdatePageInput = z.infer<typeof UpdatePageSchema>;
+type CreateNavigationInput = z.infer<typeof CreateNavigationSchema>;
+type UpdateNavigationInput = z.infer<typeof UpdateNavigationSchema>;
+type SignInInput = z.infer<typeof SignInSchema>;
+type MediaUploadInput = z.infer<typeof MediaUploadSchema>;
 /**
  * Page response for delivery API
  * Dates are serialized as ISO strings for JSON transport
@@ -205,7 +357,7 @@ declare class MediaValidationError extends Error {
 }
 /**
  * Handler for uploading a media file
- * Validates the file type and delegates to the adapter
+ * Validates the file type, size, and delegates to the adapter
  */
 declare function handleUploadMedia(adapter: MediaAdapter, input: UploadMediaInput): Promise<MediaFile>;
 /**
@@ -273,6 +425,62 @@ interface AuthMiddlewareConfig {
 }
 declare function createAuthMiddleware(config: AuthMiddlewareConfig): (headers: Record<string, string | undefined>) => Promise<AuthenticatedRequest>;
+/**
+ * Generates a cryptographically secure random CSRF token
+ * @returns A hex-encoded random token (32 bytes = 64 hex characters)
+ */
+declare function generateCsrfToken(): string;
+/**
+ * Validates CSRF tokens using double-submit cookie pattern
+ * Compares the token from the cookie with the token from the request header
+ *
+ * @param cookieToken - Token from the cookie
+ * @param headerToken - Token from the X-CSRF-Token header
+ * @returns true if tokens match and are valid, false otherwise
+ */
+declare function validateCsrfToken(cookieToken: string | undefined, headerToken: string | undefined): boolean;
+/**
+ * Configuration for rate limiter
+ */
+interface RateLimiterConfig {
+    /** Time window in milliseconds */
+    windowMs: number;
+    /** Maximum number of requests allowed in the time window */
+    maxRequests: number;
+}
+/**
+ * Result of rate limit check
+ */
+interface RateLimitResult {
+    /** Whether the request is allowed */
+    allowed: boolean;
+    /** Number of seconds to wait before retrying (only set if not allowed) */
+    retryAfter?: number;
+}
+/**
+ * Rate limiter using sliding window algorithm with in-memory storage
+ */
+interface RateLimiter {
+    /**
+     * Check if a request from the given key is allowed
+     * @param key - Unique identifier for the requester (e.g., IP address, user ID)
+     * @returns Result indicating if request is allowed and retry time if not
+     */
+    check(key: string): RateLimitResult;
+    /**
+     * Reset the rate limit for a specific key
+     * @param key - The key to reset
+     */
+    reset(key: string): void;
+}
+/**
+ * Creates a new rate limiter instance
+ * @param config - Configuration for the rate limiter
+ * @returns A new RateLimiter instance
+ */
+declare function createRateLimiter(config: RateLimiterConfig): RateLimiter;
 /**
  * Export response for a single page with resolved media URLs
  */
@@ -362,4 +570,25 @@ declare function handleExportSite(storageAdapter: StorageAdapter, mediaAdapter:
     contentDisposition: string;
 }>;
-export { type AllNavigationsExportResponse, type AllPagesExportResponse, AuthAdapter, AuthError, type AuthMiddlewareConfig, AuthSession, AuthUser, AuthValidationError, type AuthenticatedRequest, CreateNavigationInput, CreatePageInput, type ListPagesOptions, MediaAdapter, MediaError, type MediaExportEntry, MediaFile, MediaFilter, MediaValidationError, Navigation, type NavigationExportResponse, NavigationItem, type NavigationResponse, OAuthResponse, Page, type PageExportResponse, PageFilter, type PageResponse, PageSection, SignInWithOAuthInput, SignInWithPasswordInput, type SiteExportResponse, StorageAdapter, StorageError, StorageValidationError, SupabaseAuthAdapter, type SupabaseAuthAdapterConfig, SupabaseMediaAdapter, type SupabaseMediaAdapterConfig, SupabaseStorageAdapter, type SupabaseStorageAdapterConfig, UpdateNavigationInput, UpdatePageInput, UploadMediaInput, VerifySessionInput, createAuthAdapter, createAuthMiddleware, createMediaAdapter, createStorageAdapter, ensureUniqueSlug, generateSlug, handleCreateNavigation, handleCreatePage, handleDeleteMedia, handleDeleteNavigation, handleDeletePage, handleExportAllPages, handleExportNavigations, handleExportPage, handleExportSite, handleGetCurrentUser, handleGetMedia, handleGetNavigation, handleGetPageBySlug, handleListMedia, handleListPages, handleRefreshSession, handleSignInWithOAuth, handleSignInWithPassword, handleSignOut, handleUpdateNavigation, handleUpdatePage, handleUploadMedia, handleVerifySession, resolveMediaReferences };
+interface AuditEntry {
+    action: string;
+    entity: string;
+    entityId: string;
+    userId?: string;
+    timestamp: Date;
+    metadata?: Record<string, unknown>;
+}
+type AuditSink = (entry: AuditEntry) => void | Promise<void>;
+declare function createAuditLogger(sink?: AuditSink): {
+    log: (entry: Omit<AuditEntry, "timestamp">) => Promise<void>;
+};
+interface WithAuditLogOptions {
+    action: string;
+    entity: string;
+    extractEntityId: (args: unknown[]) => string;
+    extractUserId?: (args: unknown[]) => string | undefined;
+    metadata?: (args: unknown[]) => Record<string, unknown> | undefined;
+}
+declare function withAuditLog<T extends (...args: any[]) => any>(handler: T, options: WithAuditLogOptions, sink?: AuditSink): T;
+export { type AllNavigationsExportResponse, type AllPagesExportResponse, type AuditEntry, AuthAdapter, AuthError, type AuthMiddlewareConfig, AuthSession, AuthUser, AuthValidationError, type AuthenticatedRequest, CreateNavigationInput$1 as CreateNavigationInput, CreateNavigationSchema, type CreateNavigationInput as CreateNavigationSchemaType, CreatePageInput$1 as CreatePageInput, CreatePageSchema, type CreatePageInput as CreatePageSchemaType, type ListPagesOptions, MediaAdapter, MediaError, type MediaExportEntry, MediaFile, MediaFilter, MediaUploadSchema, type MediaUploadInput as MediaUploadSchemaType, MediaValidationError, Navigation, type NavigationExportResponse, NavigationItem, type NavigationResponse, OAuthResponse, Page, type PageExportResponse, PageFilter, type PageResponse, PageSection, type RateLimitResult, type RateLimiter, type RateLimiterConfig, type SignInInput, SignInSchema, SignInWithOAuthInput, SignInWithPasswordInput, type SiteExportResponse, StorageAdapter, StorageError, StorageValidationError, SupabaseAuthAdapter, type SupabaseAuthAdapterConfig, SupabaseMediaAdapter, type SupabaseMediaAdapterConfig, SupabaseStorageAdapter, type SupabaseStorageAdapterConfig, UpdateNavigationInput$1 as UpdateNavigationInput, UpdateNavigationSchema, type UpdateNavigationInput as UpdateNavigationSchemaType, UpdatePageInput$1 as UpdatePageInput, UpdatePageSchema, type UpdatePageInput as UpdatePageSchemaType, UploadMediaInput, VerifySessionInput, createAuditLogger, createAuthAdapter, createAuthMiddleware, createMediaAdapter, createRateLimiter, createStorageAdapter, ensureUniqueSlug, generateCsrfToken, generateSlug, handleCreateNavigation, handleCreatePage, handleDeleteMedia, handleDeleteNavigation, handleDeletePage, handleExportAllPages, handleExportNavigations, handleExportPage, handleExportSite, handleGetCurrentUser, handleGetMedia, handleGetNavigation, handleGetPageBySlug, handleListMedia, handleListPages, handleRefreshSession, handleSignInWithOAuth, handleSignInWithPassword, handleSignOut, handleUpdateNavigation, handleUpdatePage, handleUploadMedia, handleVerifySession, resolveMediaReferences, stripTags, validateCsrfToken, withAuditLog };

package/dist/index.d.ts CHANGED Viewed

@@ -1,6 +1,7 @@
-import { S as StorageAdapter, P as Page, C as CreatePageInput, U as UpdatePageInput, a as PageFilter, N as Navigation, b as CreateNavigationInput, c as UpdateNavigationInput, d as NavigationItem, e as PageSection, M as MediaAdapter, f as UploadMediaInput, g as MediaFile, h as MediaFilter, A as AuthAdapter, i as SignInWithOAuthInput, O as OAuthResponse, j as SignInWithPasswordInput, k as AuthSession, V as VerifySessionInput, l as AuthUser } from './types-Zi0Iyow1.js';
-export { m as ALLOWED_MIME_TYPES, n as AllowedMimeType } from './types-Zi0Iyow1.js';
+import { S as StorageAdapter, P as Page, C as CreatePageInput$1, U as UpdatePageInput$1, a as PageFilter, N as Navigation, b as CreateNavigationInput$1, c as UpdateNavigationInput$1, d as NavigationItem, e as PageSection, M as MediaAdapter, f as UploadMediaInput, g as MediaFile, h as MediaFilter, A as AuthAdapter, i as SignInWithOAuthInput, O as OAuthResponse, j as SignInWithPasswordInput, k as AuthSession, V as VerifySessionInput, l as AuthUser } from './types-Cdui_Ets.js';
+export { m as ALLOWED_DOCUMENT_MIME_TYPES, n as ALLOWED_MIME_TYPES, o as ALL_ALLOWED_MIME_TYPES, p as AllowedDocumentMimeType, q as AllowedMimeType, r as MAX_FILE_SIZE, s as MediaCategory } from './types-Cdui_Ets.js';
 import { SupabaseClient } from '@supabase/supabase-js';
+import { z } from 'zod';
 export { SupabaseAdapterFactoryConfig, SupabaseAdapterFactoryStorageConfig, SupabaseAdapters, createSupabaseAdapters } from './supabase/index.js';
 /**
@@ -25,14 +26,14 @@ declare class SupabaseStorageAdapter implements StorageAdapter {
     constructor(config: SupabaseStorageAdapterConfig);
     getPage(slug: string): Promise<Page | null>;
     getPageById(id: string): Promise<Page | null>;
-    createPage(input: CreatePageInput): Promise<Page>;
-    updatePage(input: UpdatePageInput): Promise<Page>;
+    createPage(input: CreatePageInput$1): Promise<Page>;
+    updatePage(input: UpdatePageInput$1): Promise<Page>;
     deletePage(id: string): Promise<void>;
     listPages(filter?: PageFilter): Promise<Page[]>;
     getNavigation(name: string): Promise<Navigation | null>;
     getNavigationById(id: string): Promise<Navigation | null>;
-    createNavigation(input: CreateNavigationInput): Promise<Navigation>;
-    updateNavigation(input: UpdateNavigationInput): Promise<Navigation>;
+    createNavigation(input: CreateNavigationInput$1): Promise<Navigation>;
+    updateNavigation(input: UpdateNavigationInput$1): Promise<Navigation>;
     deleteNavigation(id: string): Promise<void>;
     listNavigations(): Promise<Navigation[]>;
 }
@@ -52,11 +53,11 @@ declare class StorageValidationError extends Error {
  * Handler for creating a new page
  * Generates a slug from the title if not provided and ensures uniqueness
  */
-declare function handleCreatePage(adapter: StorageAdapter, input: CreatePageInput): Promise<Page>;
+declare function handleCreatePage(adapter: StorageAdapter, input: CreatePageInput$1): Promise<Page>;
 /**
  * Handler for updating an existing page
  */
-declare function handleUpdatePage(adapter: StorageAdapter, input: UpdatePageInput): Promise<Page>;
+declare function handleUpdatePage(adapter: StorageAdapter, input: UpdatePageInput$1): Promise<Page>;
 /**
  * Handler for deleting a page by ID
  */
@@ -65,11 +66,11 @@ declare function handleDeletePage(adapter: StorageAdapter, id: string): Promise<
  * Handler for creating a new navigation
  * Validates that the name is non-empty and unique
  */
-declare function handleCreateNavigation(adapter: StorageAdapter, input: CreateNavigationInput): Promise<Navigation>;
+declare function handleCreateNavigation(adapter: StorageAdapter, input: CreateNavigationInput$1): Promise<Navigation>;
 /**
  * Handler for updating an existing navigation
  */
-declare function handleUpdateNavigation(adapter: StorageAdapter, input: UpdateNavigationInput): Promise<Navigation>;
+declare function handleUpdateNavigation(adapter: StorageAdapter, input: UpdateNavigationInput$1): Promise<Navigation>;
 /**
  * Handler for deleting a navigation by ID
  */
@@ -101,6 +102,157 @@ declare function generateSlug(title: string): string;
  */
 declare function ensureUniqueSlug(slug: string, existingSlugs: string[]): string;
+/**
+ * Strip all HTML tags from a string (for plain text fields like titles, names)
+ */
+declare function stripTags(value: string): string;
+/**
+ * Schema for creating a new page
+ */
+declare const CreatePageSchema: z.ZodObject<{
+    title: z.ZodString;
+    pageType: z.ZodString;
+    slug: z.ZodOptional<z.ZodString>;
+    sections: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        id: z.ZodOptional<z.ZodString>;
+        type: z.ZodString;
+        data: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+    }, "strip", z.ZodTypeAny, {
+        type: string;
+        data: Record<string, unknown>;
+        id?: string | undefined;
+    }, {
+        type: string;
+        data: Record<string, unknown>;
+        id?: string | undefined;
+    }>, "many">>;
+}, "strip", z.ZodTypeAny, {
+    title: string;
+    pageType: string;
+    slug?: string | undefined;
+    sections?: {
+        type: string;
+        data: Record<string, unknown>;
+        id?: string | undefined;
+    }[] | undefined;
+}, {
+    title: string;
+    pageType: string;
+    slug?: string | undefined;
+    sections?: {
+        type: string;
+        data: Record<string, unknown>;
+        id?: string | undefined;
+    }[] | undefined;
+}>;
+/**
+ * Schema for updating an existing page
+ */
+declare const UpdatePageSchema: z.ZodObject<{
+    title: z.ZodOptional<z.ZodString>;
+    pageType: z.ZodOptional<z.ZodString>;
+    slug: z.ZodOptional<z.ZodOptional<z.ZodString>>;
+    sections: z.ZodOptional<z.ZodOptional<z.ZodArray<z.ZodObject<{
+        id: z.ZodOptional<z.ZodString>;
+        type: z.ZodString;
+        data: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+    }, "strip", z.ZodTypeAny, {
+        type: string;
+        data: Record<string, unknown>;
+        id?: string | undefined;
+    }, {
+        type: string;
+        data: Record<string, unknown>;
+        id?: string | undefined;
+    }>, "many">>>;
+}, "strip", z.ZodTypeAny, {
+    slug?: string | undefined;
+    title?: string | undefined;
+    sections?: {
+        type: string;
+        data: Record<string, unknown>;
+        id?: string | undefined;
+    }[] | undefined;
+    pageType?: string | undefined;
+}, {
+    slug?: string | undefined;
+    title?: string | undefined;
+    sections?: {
+        type: string;
+        data: Record<string, unknown>;
+        id?: string | undefined;
+    }[] | undefined;
+    pageType?: string | undefined;
+}>;
+/**
+ * Schema for creating a new navigation
+ */
+declare const CreateNavigationSchema: z.ZodObject<{
+    name: z.ZodString;
+    items: z.ZodArray<z.ZodType<any, z.ZodTypeDef, any>, "many">;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    items: any[];
+}, {
+    name: string;
+    items: any[];
+}>;
+/**
+ * Schema for updating an existing navigation
+ */
+declare const UpdateNavigationSchema: z.ZodObject<{
+    name: z.ZodOptional<z.ZodString>;
+    items: z.ZodOptional<z.ZodArray<z.ZodType<any, z.ZodTypeDef, any>, "many">>;
+}, "strip", z.ZodTypeAny, {
+    name?: string | undefined;
+    items?: any[] | undefined;
+}, {
+    name?: string | undefined;
+    items?: any[] | undefined;
+}>;
+/**
+ * Schema for sign in
+ */
+declare const SignInSchema: z.ZodObject<{
+    email: z.ZodString;
+    password: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    email: string;
+    password: string;
+}, {
+    email: string;
+    password: string;
+}>;
+/**
+ * Schema for media upload
+ */
+declare const MediaUploadSchema: z.ZodObject<{
+    filename: z.ZodString;
+    mimeType: z.ZodString;
+    size: z.ZodNumber;
+    data: z.ZodType<ArrayBuffer, z.ZodTypeDef, ArrayBuffer>;
+}, "strip", z.ZodTypeAny, {
+    data: ArrayBuffer;
+    filename: string;
+    mimeType: string;
+    size: number;
+}, {
+    data: ArrayBuffer;
+    filename: string;
+    mimeType: string;
+    size: number;
+}>;
+/**
+ * Type exports for TypeScript
+ */
+type CreatePageInput = z.infer<typeof CreatePageSchema>;
+type UpdatePageInput = z.infer<typeof UpdatePageSchema>;
+type CreateNavigationInput = z.infer<typeof CreateNavigationSchema>;
+type UpdateNavigationInput = z.infer<typeof UpdateNavigationSchema>;
+type SignInInput = z.infer<typeof SignInSchema>;
+type MediaUploadInput = z.infer<typeof MediaUploadSchema>;
 /**
  * Page response for delivery API
  * Dates are serialized as ISO strings for JSON transport
@@ -205,7 +357,7 @@ declare class MediaValidationError extends Error {
 }
 /**
  * Handler for uploading a media file
- * Validates the file type and delegates to the adapter
+ * Validates the file type, size, and delegates to the adapter
  */
 declare function handleUploadMedia(adapter: MediaAdapter, input: UploadMediaInput): Promise<MediaFile>;
 /**
@@ -273,6 +425,62 @@ interface AuthMiddlewareConfig {
 }
 declare function createAuthMiddleware(config: AuthMiddlewareConfig): (headers: Record<string, string | undefined>) => Promise<AuthenticatedRequest>;
+/**
+ * Generates a cryptographically secure random CSRF token
+ * @returns A hex-encoded random token (32 bytes = 64 hex characters)
+ */
+declare function generateCsrfToken(): string;
+/**
+ * Validates CSRF tokens using double-submit cookie pattern
+ * Compares the token from the cookie with the token from the request header
+ *
+ * @param cookieToken - Token from the cookie
+ * @param headerToken - Token from the X-CSRF-Token header
+ * @returns true if tokens match and are valid, false otherwise
+ */
+declare function validateCsrfToken(cookieToken: string | undefined, headerToken: string | undefined): boolean;
+/**
+ * Configuration for rate limiter
+ */
+interface RateLimiterConfig {
+    /** Time window in milliseconds */
+    windowMs: number;
+    /** Maximum number of requests allowed in the time window */
+    maxRequests: number;
+}
+/**
+ * Result of rate limit check
+ */
+interface RateLimitResult {
+    /** Whether the request is allowed */
+    allowed: boolean;
+    /** Number of seconds to wait before retrying (only set if not allowed) */
+    retryAfter?: number;
+}
+/**
+ * Rate limiter using sliding window algorithm with in-memory storage
+ */
+interface RateLimiter {
+    /**
+     * Check if a request from the given key is allowed
+     * @param key - Unique identifier for the requester (e.g., IP address, user ID)
+     * @returns Result indicating if request is allowed and retry time if not
+     */
+    check(key: string): RateLimitResult;
+    /**
+     * Reset the rate limit for a specific key
+     * @param key - The key to reset
+     */
+    reset(key: string): void;
+}
+/**
+ * Creates a new rate limiter instance
+ * @param config - Configuration for the rate limiter
+ * @returns A new RateLimiter instance
+ */
+declare function createRateLimiter(config: RateLimiterConfig): RateLimiter;
 /**
  * Export response for a single page with resolved media URLs
  */
@@ -362,4 +570,25 @@ declare function handleExportSite(storageAdapter: StorageAdapter, mediaAdapter:
     contentDisposition: string;
 }>;
-export { type AllNavigationsExportResponse, type AllPagesExportResponse, AuthAdapter, AuthError, type AuthMiddlewareConfig, AuthSession, AuthUser, AuthValidationError, type AuthenticatedRequest, CreateNavigationInput, CreatePageInput, type ListPagesOptions, MediaAdapter, MediaError, type MediaExportEntry, MediaFile, MediaFilter, MediaValidationError, Navigation, type NavigationExportResponse, NavigationItem, type NavigationResponse, OAuthResponse, Page, type PageExportResponse, PageFilter, type PageResponse, PageSection, SignInWithOAuthInput, SignInWithPasswordInput, type SiteExportResponse, StorageAdapter, StorageError, StorageValidationError, SupabaseAuthAdapter, type SupabaseAuthAdapterConfig, SupabaseMediaAdapter, type SupabaseMediaAdapterConfig, SupabaseStorageAdapter, type SupabaseStorageAdapterConfig, UpdateNavigationInput, UpdatePageInput, UploadMediaInput, VerifySessionInput, createAuthAdapter, createAuthMiddleware, createMediaAdapter, createStorageAdapter, ensureUniqueSlug, generateSlug, handleCreateNavigation, handleCreatePage, handleDeleteMedia, handleDeleteNavigation, handleDeletePage, handleExportAllPages, handleExportNavigations, handleExportPage, handleExportSite, handleGetCurrentUser, handleGetMedia, handleGetNavigation, handleGetPageBySlug, handleListMedia, handleListPages, handleRefreshSession, handleSignInWithOAuth, handleSignInWithPassword, handleSignOut, handleUpdateNavigation, handleUpdatePage, handleUploadMedia, handleVerifySession, resolveMediaReferences };
+interface AuditEntry {
+    action: string;
+    entity: string;
+    entityId: string;
+    userId?: string;
+    timestamp: Date;
+    metadata?: Record<string, unknown>;
+}
+type AuditSink = (entry: AuditEntry) => void | Promise<void>;
+declare function createAuditLogger(sink?: AuditSink): {
+    log: (entry: Omit<AuditEntry, "timestamp">) => Promise<void>;
+};
+interface WithAuditLogOptions {
+    action: string;
+    entity: string;
+    extractEntityId: (args: unknown[]) => string;
+    extractUserId?: (args: unknown[]) => string | undefined;
+    metadata?: (args: unknown[]) => Record<string, unknown> | undefined;
+}
+declare function withAuditLog<T extends (...args: any[]) => any>(handler: T, options: WithAuditLogOptions, sink?: AuditSink): T;
+export { type AllNavigationsExportResponse, type AllPagesExportResponse, type AuditEntry, AuthAdapter, AuthError, type AuthMiddlewareConfig, AuthSession, AuthUser, AuthValidationError, type AuthenticatedRequest, CreateNavigationInput$1 as CreateNavigationInput, CreateNavigationSchema, type CreateNavigationInput as CreateNavigationSchemaType, CreatePageInput$1 as CreatePageInput, CreatePageSchema, type CreatePageInput as CreatePageSchemaType, type ListPagesOptions, MediaAdapter, MediaError, type MediaExportEntry, MediaFile, MediaFilter, MediaUploadSchema, type MediaUploadInput as MediaUploadSchemaType, MediaValidationError, Navigation, type NavigationExportResponse, NavigationItem, type NavigationResponse, OAuthResponse, Page, type PageExportResponse, PageFilter, type PageResponse, PageSection, type RateLimitResult, type RateLimiter, type RateLimiterConfig, type SignInInput, SignInSchema, SignInWithOAuthInput, SignInWithPasswordInput, type SiteExportResponse, StorageAdapter, StorageError, StorageValidationError, SupabaseAuthAdapter, type SupabaseAuthAdapterConfig, SupabaseMediaAdapter, type SupabaseMediaAdapterConfig, SupabaseStorageAdapter, type SupabaseStorageAdapterConfig, UpdateNavigationInput$1 as UpdateNavigationInput, UpdateNavigationSchema, type UpdateNavigationInput as UpdateNavigationSchemaType, UpdatePageInput$1 as UpdatePageInput, UpdatePageSchema, type UpdatePageInput as UpdatePageSchemaType, UploadMediaInput, VerifySessionInput, createAuditLogger, createAuthAdapter, createAuthMiddleware, createMediaAdapter, createRateLimiter, createStorageAdapter, ensureUniqueSlug, generateCsrfToken, generateSlug, handleCreateNavigation, handleCreatePage, handleDeleteMedia, handleDeleteNavigation, handleDeletePage, handleExportAllPages, handleExportNavigations, handleExportPage, handleExportSite, handleGetCurrentUser, handleGetMedia, handleGetNavigation, handleGetPageBySlug, handleListMedia, handleListPages, handleRefreshSession, handleSignInWithOAuth, handleSignInWithPassword, handleSignOut, handleUpdateNavigation, handleUpdatePage, handleUploadMedia, handleVerifySession, resolveMediaReferences, stripTags, validateCsrfToken, withAuditLog };