agent-cms 0.1.0 → 0.3.0

package/dist/index.mjs

@@ -1,9 +1,183 @@
-import { $ as listRecords, A as scheduleUnpublish, B as getAsset, C as SearchInput, D as clearSchedule, E as UpdateModelInput, G as updateAssetMetadata, H as listAssets, J as publishRecord, M as deleteLocale, N as listLocales, O as runScheduledTransitions, Q as getRecord, R as createAsset, S as SearchAssetsInput, T as UpdateFieldInput, U as replaceAsset, W as searchAssets, X as bulkCreateRecords, Y as unpublishRecord, Z as createRecord, _ as PatchBlocksInput, _t as updateModel, a as exportSchema, at as getVersion, b as ReorderInput, bt as VectorizeContext, c as CreateAssetInput, ct as HooksContext, d as CreateLocaleInput, dt as listFields, et as patchBlocksForField, f as CreateModelInput, ft as updateField, g as ImportSchemaInput, gt as listModels, ht as getModel, i as validateEditorToken, j as createLocale, k as schedulePublish, l as CreateEditorTokenInput, lt as createField, m as CreateUploadUrlInput, mt as deleteModel, n as listEditorTokens, nt as removeRecord, o as importSchema, ot as listVersions, p as CreateRecordInput, pt as createModel, r as revokeEditorToken, rt as reorderRecords, s as BulkCreateRecordsInput, st as restoreVersion, t as createEditorToken, tt as patchRecord, u as CreateFieldInput, ut as deleteField, v as PatchRecordInput, vt as reindexAll, w as UpdateAssetMetadataInput, x as ScheduleRecordInput, y as ReindexSearchInput, yt as search, z as deleteAsset } from "./token-service-BDjccMmz.mjs";
-import { J as ValidationError, X as isCmsError, Y as errorToResponse, q as UnauthorizedError } from "./structured-text-service-B4xSlUg_.mjs";
+import { $ as bulkCreateRecords, A as clearSchedule, C as ReorderInput, Ct as search, D as UpdateAssetMetadataInput, E as SearchInput, F as deleteLocale, G as listAssets, H as deleteAsset, I as listLocales, J as updateAssetMetadata, K as replaceAsset, M as schedulePublish, N as scheduleUnpublish, O as UpdateFieldInput, P as createLocale, Q as unpublishRecord, S as ReindexSearchInput, St as reindexAll, T as SearchAssetsInput, U as getAsset, V as createAsset, Z as publishRecord, _ as CreateUploadUrlInput, _t as deleteModel, a as listEditorTokens, at as removeRecord, b as PatchBlocksInput, bt as listModels, c as exportSchema, ct as getVersion, d as CreateAssetInput, dt as HooksContext, et as createRecord, f as CreateEditorTokenInput, ft as createField, g as CreateRecordInput, gt as createModel, h as CreateModelInput, ht as updateField, i as createEditorToken, it as patchRecord, j as runScheduledTransitions, k as UpdateModelInput, l as importSchema, lt as listVersions, m as CreateLocaleInput, mt as listFields, nt as listRecords, o as revokeEditorToken, ot as reorderRecords, p as CreateFieldInput, pt as deleteField, q as searchAssets, r as validatePreviewToken, rt as patchBlocksForField, s as validateEditorToken, t as createPreviewToken, tt as getRecord, u as BulkCreateRecordsInput, ut as restoreVersion, vt as getModel, w as ScheduleRecordInput, wt as VectorizeContext, x as PatchRecordInput, xt as updateModel, y as ImportSchemaInput } from "./preview-service-C9Tmhdye.mjs";
+import { E as getLinkTargets, J as ValidationError, L as decodeJsonRecordStringOr, W as NotFoundError, X as isCmsError, Y as errorToResponse, q as UnauthorizedError } from "./structured-text-service-BJkqWRkq.mjs";
 import { D1Client } from "@effect/sql-d1";
 import { Cause, Effect, Layer, Logger, Option, ParseResult, Schema } from "effect";
-import { HttpApp, HttpRouter, HttpServerError, HttpServerRequest, HttpServerResponse } from "@effect/platform";
+import { HttpApi, HttpApiEndpoint, HttpApiGroup, HttpApp, HttpRouter, HttpServerError, HttpServerRequest, HttpServerResponse, OpenApi } from "@effect/platform";
 import { SqlClient } from "@effect/sql";
+//#region src/services/path-service.ts
+/**
+* Canonical path resolver — batch-resolves canonical_path_template for all
+* published records of a model, traversing link fields via dot notation.
+*
+* Template examples:
+*   /blog/{slug}                         — flat field
+*   /blog/{category.slug}/{slug}         — one-hop link traversal
+*   /{category.parent.slug}/{category.slug}/{slug} — multi-hop
+*
+* Unresolvable tokens (null link, missing field) are left as-is: {token}.
+*/
+const MAX_DEPTH = 10;
+function parseTemplateTokens(template) {
+	const tokens = [];
+	const re = /\{([^}]+)\}/g;
+	let match;
+	while ((match = re.exec(template)) !== null) tokens.push({
+		raw: match[1],
+		segments: match[1].split(".")
+	});
+	return tokens;
+}
+function parseValidators(raw) {
+	if (!raw || raw === "") return {};
+	return decodeJsonRecordStringOr(raw, {});
+}
+/**
+* Resolve canonical paths for all published records of a model.
+* Returns array of { id, path, lastmod }.
+*/
+function resolveCanonicalPaths(modelApiKey) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const models = yield* sql.unsafe("SELECT * FROM models WHERE api_key = ?", [modelApiKey]);
+		if (models.length === 0) return yield* new NotFoundError({
+			entity: "Model",
+			id: modelApiKey
+		});
+		const model = models[0];
+		const template = model.canonical_path_template;
+		if (!template) return yield* new ValidationError({ message: `Model "${modelApiKey}" has no canonical_path_template. Set one via update_model before resolving paths.` });
+		const tokens = parseTemplateTokens(template);
+		if (tokens.length === 0) return yield* new ValidationError({ message: `Template "${template}" contains no {field} tokens.` });
+		const fields = yield* sql.unsafe("SELECT * FROM fields WHERE model_id = ? ORDER BY position", [model.id]);
+		const fieldsByApiKey = new Map(fields.map((f) => [f.api_key, f]));
+		const neededColumns = new Set([
+			"id",
+			"_published_at",
+			"_updated_at"
+		]);
+		for (const token of tokens) neededColumns.add(token.segments[0]);
+		const columnList = [...neededColumns].map((c) => `"${c}"`).join(", ");
+		const records = yield* sql.unsafe(`SELECT ${columnList} FROM "content_${modelApiKey}" WHERE "_status" IN ('published', 'updated')`);
+		if (records.length === 0) return [];
+		const linkTokens = tokens.filter((t) => t.segments.length > 1);
+		const resolvedValues = /* @__PURE__ */ new Map();
+		for (const rec of records) resolvedValues.set(rec.id, /* @__PURE__ */ new Map());
+		for (const token of tokens) if (token.segments.length === 1) {
+			const fieldName = token.segments[0];
+			for (const rec of records) {
+				const value = rec[fieldName];
+				if (value !== null && value !== void 0) resolvedValues.get(rec.id).set(token.raw, String(value));
+			}
+		}
+		if (linkTokens.length > 0) yield* resolveLinkedTokens(sql, linkTokens, records, fieldsByApiKey, resolvedValues);
+		const results = [];
+		for (const rec of records) {
+			const recId = rec.id;
+			const values = resolvedValues.get(recId);
+			const path = template.replace(/\{([^}]+)\}/g, (_match, tokenRaw) => {
+				const resolved = values.get(tokenRaw);
+				if (resolved !== void 0) return encodeURIComponent(resolved);
+				return `{${tokenRaw}}`;
+			});
+			const publishedAt = rec._published_at;
+			const updatedAt = rec._updated_at;
+			const lastmod = laterTimestamp(publishedAt, updatedAt) ?? (/* @__PURE__ */ new Date()).toISOString();
+			results.push({
+				id: recId,
+				path,
+				lastmod
+			});
+		}
+		return results;
+	});
+}
+function laterTimestamp(a, b) {
+	if (!a && !b) return null;
+	if (!a) return b;
+	if (!b) return a;
+	return a > b ? a : b;
+}
+/**
+* Resolve multi-segment tokens by traversing link fields breadth-first.
+*
+* For each hop level, we:
+* 1. Collect all link IDs we need to fetch
+* 2. Look up the target model from field validators
+* 3. Batch-fetch all linked records
+* 4. Continue to next hop with the linked records
+*/
+function resolveLinkedTokens(sql, tokens, records, fieldsByApiKey, resolvedValues) {
+	return Effect.gen(function* () {
+		const tokenFrontiers = /* @__PURE__ */ new Map();
+		for (const token of tokens) {
+			const frontierMap = /* @__PURE__ */ new Map();
+			for (const rec of records) {
+				const recId = rec.id;
+				const frontier = /* @__PURE__ */ new Map();
+				frontier.set(recId, rec);
+				frontierMap.set(recId, frontier);
+			}
+			tokenFrontiers.set(token.raw, frontierMap);
+		}
+		for (const token of tokens) {
+			const segments = token.segments;
+			let currentRecords = /* @__PURE__ */ new Map();
+			for (const rec of records) currentRecords.set(rec.id, rec);
+			let currentFieldsByApiKey = fieldsByApiKey;
+			let hopsCompleted = 0;
+			const hopsNeeded = segments.length - 1;
+			for (let hop = 0; hop < hopsNeeded; hop++) {
+				if (hop >= MAX_DEPTH) break;
+				const fieldName = segments[hop];
+				const field = currentFieldsByApiKey.get(fieldName);
+				if (!field || field.field_type !== "link") break;
+				const targetApiKeys = getLinkTargets(parseValidators(field.validators));
+				if (!targetApiKeys || targetApiKeys.length === 0) break;
+				const linkIdToOriginalRecords = /* @__PURE__ */ new Map();
+				for (const [origId, rec] of currentRecords) {
+					const linkId = rec[fieldName];
+					if (typeof linkId === "string" && linkId) {
+						const list = linkIdToOriginalRecords.get(linkId) ?? [];
+						list.push(origId);
+						linkIdToOriginalRecords.set(linkId, list);
+					}
+				}
+				const linkedRecords = /* @__PURE__ */ new Map();
+				if (linkIdToOriginalRecords.size > 0) {
+					const idsToFetch = [...linkIdToOriginalRecords.keys()];
+					for (const targetApiKey of targetApiKeys) {
+						if (idsToFetch.length === 0) break;
+						const placeholders = idsToFetch.map(() => "?").join(", ");
+						const rows = yield* sql.unsafe(`SELECT * FROM "content_${targetApiKey}" WHERE "id" IN (${placeholders})`, idsToFetch);
+						for (const row of rows) linkedRecords.set(row.id, row);
+					}
+				}
+				const nextRecords = /* @__PURE__ */ new Map();
+				for (const [origId, rec] of currentRecords) {
+					const linkId = rec[fieldName];
+					if (typeof linkId === "string" && linkId) {
+						const linked = linkedRecords.get(linkId);
+						if (linked) nextRecords.set(origId, linked);
+					}
+				}
+				currentRecords = nextRecords;
+				const targetModel = yield* sql.unsafe(`SELECT * FROM "models" WHERE "api_key" = ?`, [targetApiKeys[0]]);
+				if (targetModel.length === 0) break;
+				const targetFields = yield* sql.unsafe(`SELECT * FROM "fields" WHERE "model_id" = ? ORDER BY position`, [targetModel[0].id]);
+				currentFieldsByApiKey = new Map(targetFields.map((f) => [f.api_key, f]));
+				hopsCompleted++;
+			}
+			if (hopsCompleted === hopsNeeded) {
+				const leafField = segments[segments.length - 1];
+				for (const [origId, linkedRec] of currentRecords) {
+					const value = linkedRec[leafField];
+					if (value !== null && value !== void 0) resolvedValues.get(origId).set(token.raw, String(value));
+				}
+			}
+		}
+	});
+}
+//#endregion
 //#region src/migrations.ts
 /**
 * Embedded schema migrations — runs automatically on first request.
@@ -15,6 +189,8 @@ const MIGRATIONS = [{
 		`CREATE TABLE IF NOT EXISTS "assets" (
         "id" text PRIMARY KEY,
         "filename" text NOT NULL,
+        "basename" text,
+        "format" text,
         "mime_type" text NOT NULL,
         "size" integer NOT NULL,
         "width" integer,
@@ -43,6 +219,7 @@ const MIGRATIONS = [{
         "has_draft" integer DEFAULT true NOT NULL,
         "all_locales_required" integer DEFAULT 0 NOT NULL,
         "ordering" text,
+        "canonical_path_template" text,
         "created_at" text NOT NULL,
         "updated_at" text NOT NULL
       )`,
@@ -117,24 +294,14 @@ const MIGRATIONS = [{
         "last_used_at" TEXT,
         "expires_at" TEXT
       )`,
-		`CREATE UNIQUE INDEX IF NOT EXISTS "idx_editor_tokens_secret_hash" ON "editor_tokens" ("secret_hash")`
-	]
-}, {
-	version: 2,
-	statements: [
-		`ALTER TABLE "assets" ADD COLUMN "basename" text`,
-		`ALTER TABLE "assets" ADD COLUMN "format" text`,
-		`UPDATE "assets"
-       SET "basename" = CASE
-         WHEN instr("filename", '.') > 0 THEN substr("filename", 1, length("filename") - length(substr("filename", instr("filename", '.') + 1)) - 1)
-         ELSE "filename"
-       END`,
-		`UPDATE "assets"
-       SET "format" = lower(CASE
-         WHEN instr("filename", '.') > 0 THEN substr("filename", instr("filename", '.') + 1)
-         WHEN instr("mime_type", '/') > 0 THEN substr("mime_type", instr("mime_type", '/') + 1)
-         ELSE 'bin'
-       END)`,
+		`CREATE UNIQUE INDEX IF NOT EXISTS "idx_editor_tokens_secret_hash" ON "editor_tokens" ("secret_hash")`,
+		`CREATE TABLE IF NOT EXISTS "preview_tokens" (
+        "id" text PRIMARY KEY,
+        "token_hash" text NOT NULL UNIQUE,
+        "expires_at" text NOT NULL,
+        "created_at" text NOT NULL DEFAULT (datetime('now'))
+      )`,
+		`CREATE INDEX IF NOT EXISTS "idx_preview_tokens_hash" ON "preview_tokens" ("token_hash")`,
 		`CREATE INDEX IF NOT EXISTS "idx_assets_basename" ON "assets" ("basename")`,
 		`CREATE INDEX IF NOT EXISTS "idx_assets_format" ON "assets" ("format")`
 	]
@@ -182,6 +349,159 @@ function actorFromHeaders(headers) {
 	};
 }
 //#endregion
+//#region src/http/api/models.ts
+/**
+* HttpApiGroup for content model endpoints.
+*
+* Defines the declarative API shape — handlers are implemented separately
+* via HttpApiBuilder.group().
+*/
+const ModelResponse = Schema.Struct({
+	id: Schema.String,
+	name: Schema.String,
+	apiKey: Schema.String,
+	isBlock: Schema.Boolean,
+	singleton: Schema.Boolean,
+	sortable: Schema.Boolean,
+	tree: Schema.Boolean,
+	hasDraft: Schema.Boolean,
+	allLocalesRequired: Schema.Boolean,
+	ordering: Schema.NullOr(Schema.String),
+	canonicalPathTemplate: Schema.NullOr(Schema.String),
+	createdAt: Schema.String,
+	updatedAt: Schema.String
+});
+const ModelWithFieldsResponse = Schema.Struct({
+	id: Schema.String,
+	name: Schema.String,
+	api_key: Schema.String,
+	is_block: Schema.Number,
+	singleton: Schema.Number,
+	sortable: Schema.Number,
+	tree: Schema.Number,
+	has_draft: Schema.Number,
+	all_locales_required: Schema.Number,
+	ordering: Schema.NullOr(Schema.String),
+	canonical_path_template: Schema.NullOr(Schema.String),
+	created_at: Schema.String,
+	updated_at: Schema.String,
+	fields: Schema.Array(Schema.Unknown)
+});
+const DeleteModelResponse = Schema.Struct({
+	deleted: Schema.Boolean,
+	recordsDestroyed: Schema.Number
+});
+const modelsGroup = HttpApiGroup.make("models").annotate(OpenApi.Title, "Models").annotate(OpenApi.Description, "Content model management").add(HttpApiEndpoint.get("listModels", "/models").annotate(OpenApi.Summary, "List all content models").addSuccess(Schema.Array(ModelResponse))).add(HttpApiEndpoint.post("createModel", "/models").annotate(OpenApi.Summary, "Create a new content model").setPayload(CreateModelInput).addSuccess(ModelResponse, { status: 201 })).add(HttpApiEndpoint.get("getModel", "/models/:id").annotate(OpenApi.Summary, "Get a content model by ID or api_key").setPath(Schema.Struct({ id: Schema.String })).addSuccess(ModelWithFieldsResponse)).add(HttpApiEndpoint.patch("updateModel", "/models/:id").annotate(OpenApi.Summary, "Update a content model").setPath(Schema.Struct({ id: Schema.String })).setPayload(UpdateModelInput).addSuccess(ModelResponse)).add(HttpApiEndpoint.del("deleteModel", "/models/:id").annotate(OpenApi.Summary, "Delete a content model").setPath(Schema.Struct({ id: Schema.String })).addSuccess(DeleteModelResponse));
+//#endregion
+//#region src/http/api/fields.ts
+/**
+* HttpApiGroup for field endpoints.
+*
+* Defines the declarative API shape — handlers are implemented separately
+* via HttpApiBuilder.group().
+*/
+const fieldsGroup = HttpApiGroup.make("fields").annotate(OpenApi.Title, "Fields").annotate(OpenApi.Description, "Content model field management").add(HttpApiEndpoint.get("listFields", "/models/:modelId/fields").annotate(OpenApi.Summary, "List all fields for a model").setPath(Schema.Struct({ modelId: Schema.String })).addSuccess(Schema.Array(Schema.Unknown))).add(HttpApiEndpoint.post("createField", "/models/:modelId/fields").annotate(OpenApi.Summary, "Create a new field on a model").setPath(Schema.Struct({ modelId: Schema.String })).setPayload(CreateFieldInput).addSuccess(Schema.Unknown, { status: 201 })).add(HttpApiEndpoint.patch("updateField", "/models/:modelId/fields/:fieldId").annotate(OpenApi.Summary, "Update a field").setPath(Schema.Struct({
+	modelId: Schema.String,
+	fieldId: Schema.String
+})).setPayload(UpdateFieldInput).addSuccess(Schema.Unknown)).add(HttpApiEndpoint.del("deleteField", "/models/:modelId/fields/:fieldId").annotate(OpenApi.Summary, "Delete a field").setPath(Schema.Struct({
+	modelId: Schema.String,
+	fieldId: Schema.String
+})).addSuccess(Schema.Unknown));
+//#endregion
+//#region src/http/api/records.ts
+/**
+* HttpApiGroup for record endpoints.
+*
+* Defines the declarative API shape — handlers are implemented separately
+* via HttpApiBuilder.group().
+*/
+const ModelApiKeyParams = Schema.Struct({ modelApiKey: Schema.String });
+const IdPath = Schema.Struct({ id: Schema.String });
+const IdVersionPath = Schema.Struct({
+	id: Schema.String,
+	versionId: Schema.String
+});
+const recordsGroup = HttpApiGroup.make("records").annotate(OpenApi.Title, "Records").annotate(OpenApi.Description, "Content record management").add(HttpApiEndpoint.post("bulkCreateRecords", "/records/bulk").annotate(OpenApi.Summary, "Bulk create records").setPayload(BulkCreateRecordsInput).addSuccess(Schema.Unknown, { status: 201 })).add(HttpApiEndpoint.post("createRecord", "/records").annotate(OpenApi.Summary, "Create a record").setPayload(CreateRecordInput).addSuccess(Schema.Unknown, { status: 201 })).add(HttpApiEndpoint.get("listRecords", "/records").annotate(OpenApi.Summary, "List records for a model").setUrlParams(ModelApiKeyParams).addSuccess(Schema.Unknown)).add(HttpApiEndpoint.get("listVersions", "/records/:id/versions").annotate(OpenApi.Summary, "List versions for a record").setPath(IdPath).setUrlParams(ModelApiKeyParams).addSuccess(Schema.Unknown)).add(HttpApiEndpoint.get("getVersion", "/records/:id/versions/:versionId").annotate(OpenApi.Summary, "Get a specific version").setPath(IdVersionPath).addSuccess(Schema.Unknown)).add(HttpApiEndpoint.post("restoreVersion", "/records/:id/versions/:versionId/restore").annotate(OpenApi.Summary, "Restore a record to a previous version").setPath(IdVersionPath).setUrlParams(ModelApiKeyParams).addSuccess(Schema.Unknown)).add(HttpApiEndpoint.get("getRecord", "/records/:id").annotate(OpenApi.Summary, "Get a record by ID").setPath(IdPath).setUrlParams(ModelApiKeyParams).addSuccess(Schema.Unknown)).add(HttpApiEndpoint.patch("updateRecord", "/records/:id").annotate(OpenApi.Summary, "Update a record").setPath(IdPath).setPayload(PatchRecordInput).addSuccess(Schema.Unknown)).add(HttpApiEndpoint.patch("patchBlocks", "/records/:id/blocks").annotate(OpenApi.Summary, "Patch structured text blocks on a record").setPath(IdPath).setPayload(PatchBlocksInput).addSuccess(Schema.Unknown)).add(HttpApiEndpoint.del("deleteRecord", "/records/:id").annotate(OpenApi.Summary, "Delete a record").setPath(IdPath).setUrlParams(ModelApiKeyParams).addSuccess(Schema.Unknown)).add(HttpApiEndpoint.post("publishRecord", "/records/:id/publish").annotate(OpenApi.Summary, "Publish a record").setPath(IdPath).setUrlParams(ModelApiKeyParams).addSuccess(Schema.Unknown)).add(HttpApiEndpoint.post("unpublishRecord", "/records/:id/unpublish").annotate(OpenApi.Summary, "Unpublish a record").setPath(IdPath).setUrlParams(ModelApiKeyParams).addSuccess(Schema.Unknown)).add(HttpApiEndpoint.post("schedulePublish", "/records/:id/schedule-publish").annotate(OpenApi.Summary, "Schedule a record for publishing").setPath(IdPath).setPayload(ScheduleRecordInput).addSuccess(Schema.Unknown)).add(HttpApiEndpoint.post("scheduleUnpublish", "/records/:id/schedule-unpublish").annotate(OpenApi.Summary, "Schedule a record for unpublishing").setPath(IdPath).setPayload(ScheduleRecordInput).addSuccess(Schema.Unknown)).add(HttpApiEndpoint.post("clearSchedule", "/records/:id/clear-schedule").annotate(OpenApi.Summary, "Clear scheduled publish/unpublish").setPath(IdPath).setPayload(Schema.Struct({ modelApiKey: Schema.NonEmptyString })).addSuccess(Schema.Unknown)).add(HttpApiEndpoint.post("reorderRecords", "/reorder").annotate(OpenApi.Summary, "Reorder records within a model").setPayload(ReorderInput).addSuccess(Schema.Unknown));
+//#endregion
+//#region src/http/api/assets.ts
+/**
+* HttpApiGroup for asset endpoints.
+*
+* Defines the declarative API shape — handlers are implemented separately
+* via HttpApiBuilder.group().
+*/
+const assetsGroup = HttpApiGroup.make("assets").annotate(OpenApi.Title, "Assets").annotate(OpenApi.Description, "Asset management").add(HttpApiEndpoint.get("listAssets", "/assets").annotate(OpenApi.Summary, "List or search assets").setUrlParams(Schema.Struct({
+	q: Schema.optional(Schema.String),
+	limit: Schema.optional(Schema.String),
+	offset: Schema.optional(Schema.String)
+})).addSuccess(Schema.Unknown)).add(HttpApiEndpoint.post("createAsset", "/assets").annotate(OpenApi.Summary, "Create a new asset").setPayload(CreateAssetInput).addSuccess(Schema.Unknown, { status: 201 })).add(HttpApiEndpoint.get("getAsset", "/assets/:id").annotate(OpenApi.Summary, "Get an asset by ID").setPath(Schema.Struct({ id: Schema.String })).addSuccess(Schema.Unknown)).add(HttpApiEndpoint.put("replaceAsset", "/assets/:id").annotate(OpenApi.Summary, "Replace an asset").setPath(Schema.Struct({ id: Schema.String })).setPayload(CreateAssetInput).addSuccess(Schema.Unknown)).add(HttpApiEndpoint.patch("updateAssetMetadata", "/assets/:id").annotate(OpenApi.Summary, "Update asset metadata").setPath(Schema.Struct({ id: Schema.String })).setPayload(UpdateAssetMetadataInput).addSuccess(Schema.Unknown)).add(HttpApiEndpoint.del("deleteAsset", "/assets/:id").annotate(OpenApi.Summary, "Delete an asset").setPath(Schema.Struct({ id: Schema.String })).addSuccess(Schema.Unknown)).add(HttpApiEndpoint.post("createUploadUrl", "/assets/upload-url").annotate(OpenApi.Summary, "Create a presigned upload URL").setPayload(CreateUploadUrlInput).addSuccess(Schema.Unknown));
+//#endregion
+//#region src/http/api/locales.ts
+/**
+* HttpApiGroup for locale endpoints.
+*
+* Defines the declarative API shape — handlers are implemented separately
+* via HttpApiBuilder.group().
+*/
+const localesGroup = HttpApiGroup.make("locales").annotate(OpenApi.Title, "Locales").annotate(OpenApi.Description, "Locale management").add(HttpApiEndpoint.get("listLocales", "/locales").annotate(OpenApi.Summary, "List all locales").addSuccess(Schema.Unknown)).add(HttpApiEndpoint.post("createLocale", "/locales").annotate(OpenApi.Summary, "Create a new locale").setPayload(CreateLocaleInput).addSuccess(Schema.Unknown, { status: 201 })).add(HttpApiEndpoint.del("deleteLocale", "/locales/:id").annotate(OpenApi.Summary, "Delete a locale").setPath(Schema.Struct({ id: Schema.String })).addSuccess(Schema.Unknown));
+//#endregion
+//#region src/http/api/schema-io.ts
+/**
+* HttpApiGroup for schema import/export endpoints.
+*
+* Defines the declarative API shape — handlers are implemented separately
+* via HttpApiBuilder.group().
+*/
+const schemaGroup = HttpApiGroup.make("schema").annotate(OpenApi.Title, "Schema").annotate(OpenApi.Description, "Schema import and export").add(HttpApiEndpoint.get("exportSchema", "/schema").annotate(OpenApi.Summary, "Export the full schema").addSuccess(Schema.Unknown)).add(HttpApiEndpoint.post("importSchema", "/schema").annotate(OpenApi.Summary, "Import a schema").setPayload(ImportSchemaInput).addSuccess(Schema.Unknown, { status: 201 }));
+//#endregion
+//#region src/http/api/search.ts
+/**
+* HttpApiGroup for search endpoints.
+*
+* Defines the declarative API shape — handlers are implemented separately
+* via HttpApiBuilder.group().
+*/
+const searchGroup = HttpApiGroup.make("search").annotate(OpenApi.Title, "Search").annotate(OpenApi.Description, "Full-text and vector search").add(HttpApiEndpoint.post("search", "/search").annotate(OpenApi.Summary, "Search content").setPayload(SearchInput).addSuccess(Schema.Unknown)).add(HttpApiEndpoint.post("reindexSearch", "/search/reindex").annotate(OpenApi.Summary, "Reindex search").setPayload(ReindexSearchInput).addSuccess(Schema.Unknown));
+//#endregion
+//#region src/http/api/tokens.ts
+/**
+* HttpApiGroup for editor token endpoints.
+*
+* Defines the declarative API shape — handlers are implemented separately
+* via HttpApiBuilder.group().
+*/
+const tokensGroup = HttpApiGroup.make("tokens").annotate(OpenApi.Title, "Tokens").annotate(OpenApi.Description, "Editor token management").add(HttpApiEndpoint.get("listEditorTokens", "/tokens").annotate(OpenApi.Summary, "List all editor tokens").addSuccess(Schema.Unknown)).add(HttpApiEndpoint.post("createEditorToken", "/tokens").annotate(OpenApi.Summary, "Create an editor token").setPayload(CreateEditorTokenInput).addSuccess(Schema.Unknown, { status: 201 })).add(HttpApiEndpoint.del("revokeEditorToken", "/tokens/:id").annotate(OpenApi.Summary, "Revoke an editor token").setPath(Schema.Struct({ id: Schema.String })).addSuccess(Schema.Unknown));
+//#endregion
+//#region src/http/api/preview-tokens.ts
+/**
+* HttpApiGroup for preview token endpoints.
+*
+* Defines the declarative API shape — handlers are implemented separately
+* via HttpApiBuilder.group().
+*/
+const previewTokensGroup = HttpApiGroup.make("preview-tokens").annotate(OpenApi.Title, "Preview Tokens").annotate(OpenApi.Description, "Preview token creation and validation").add(HttpApiEndpoint.post("createPreviewToken", "/preview-tokens").annotate(OpenApi.Summary, "Create a preview token").setPayload(Schema.Struct({ expiresIn: Schema.optional(Schema.Number) })).addSuccess(Schema.Unknown, { status: 201 })).add(HttpApiEndpoint.get("validatePreviewToken", "/preview-tokens/validate").annotate(OpenApi.Summary, "Validate a preview token").setUrlParams(Schema.Struct({ token: Schema.String })).addSuccess(Schema.Unknown));
+//#endregion
+//#region src/http/api/paths.ts
+/**
+* HttpApiGroup for canonical path resolution endpoints.
+*
+* Defines the declarative API shape — handlers are implemented separately
+* via HttpApiBuilder.group().
+*/
+const pathsGroup = HttpApiGroup.make("paths").annotate(OpenApi.Title, "Paths").annotate(OpenApi.Description, "Canonical path resolution").add(HttpApiEndpoint.get("resolveCanonicalPaths", "/paths/:modelApiKey").annotate(OpenApi.Summary, "Resolve canonical paths for a model").setPath(Schema.Struct({ modelApiKey: Schema.String })).addSuccess(Schema.Unknown));
+//#endregion
+//#region src/http/api/index.ts
+/**
+* Declarative HttpApi definition for the agent-cms REST API.
+*
+* Composes all endpoint groups and generates the OpenAPI 3.1.0 spec
+* via `OpenApi.fromApi()`. The spec is served at /openapi.json by
+* the router.
+*/
+const cmsApi = HttpApi.make("agent-cms").annotate(OpenApi.Title, "Agent CMS API").annotate(OpenApi.Version, "1.0.0").annotate(OpenApi.Description, "Headless CMS REST API for content management").add(modelsGroup).add(fieldsGroup).add(recordsGroup).add(assetsGroup).add(localesGroup).add(schemaGroup).add(searchGroup).add(tokensGroup).add(previewTokensGroup).add(pathsGroup);
+/** Pre-generated OpenAPI 3.1.0 specification */
+const openApiSpec = OpenApi.fromApi(cmsApi);
+//#endregion
 //#region src/http/router.ts
 function describeUnknown(error) {
 	if (error instanceof Error) return `${error.name}: ${error.message}`;
@@ -378,9 +698,19 @@ const tokensRouter = HttpRouter.empty.pipe(HttpRouter.get("/", handle(listEditor
 })), HttpRouter.del("/:id", Effect.gen(function* () {
 	return yield* handle(revokeEditorToken(param(yield* HttpRouter.params, "id")));
 })));
+const previewTokensRouter = HttpRouter.empty.pipe(HttpRouter.post("/", Effect.gen(function* () {
+	const body = yield* readJsonBody();
+	return yield* handle(createPreviewToken(typeof body === "object" && body !== null && "expiresIn" in body ? body.expiresIn : void 0), 201);
+})), HttpRouter.get("/validate", Effect.gen(function* () {
+	return yield* handle(validatePreviewToken(yield* queryParam("token")));
+})));
+const pathsRouter = HttpRouter.empty.pipe(HttpRouter.get("/:modelApiKey", Effect.gen(function* () {
+	return yield* handle(resolveCanonicalPaths(param(yield* HttpRouter.params, "modelApiKey")));
+})));
 const setupRouter = HttpRouter.empty.pipe(HttpRouter.post("/setup", handle(ensureSchema().pipe(Effect.as({ ok: true })))));
 const healthRouter = HttpRouter.empty.pipe(HttpRouter.get("/health", HttpServerResponse.json({ status: "ok" })));
-const appRouter = HttpRouter.empty.pipe(HttpRouter.concat(healthRouter), HttpRouter.concat(modelsRouter.pipe(HttpRouter.prefixAll("/api/models"))), HttpRouter.concat(fieldsRouter.pipe(HttpRouter.prefixAll("/api"))), HttpRouter.concat(recordsRouter.pipe(HttpRouter.prefixAll("/api"))), HttpRouter.concat(assetsRouter.pipe(HttpRouter.prefixAll("/api/assets"))), HttpRouter.concat(localesRouter.pipe(HttpRouter.prefixAll("/api/locales"))), HttpRouter.concat(schemaRouter.pipe(HttpRouter.prefixAll("/api/schema"))), HttpRouter.concat(searchRouter.pipe(HttpRouter.prefixAll("/api/search"))), HttpRouter.concat(tokensRouter.pipe(HttpRouter.prefixAll("/api/tokens"))), HttpRouter.concat(setupRouter.pipe(HttpRouter.prefixAll("/api"))));
+const openApiRouter = HttpRouter.empty.pipe(HttpRouter.get("/openapi.json", HttpServerResponse.json(openApiSpec)));
+const appRouter = HttpRouter.empty.pipe(HttpRouter.concat(openApiRouter), HttpRouter.concat(healthRouter), HttpRouter.concat(modelsRouter.pipe(HttpRouter.prefixAll("/api/models"))), HttpRouter.concat(fieldsRouter.pipe(HttpRouter.prefixAll("/api"))), HttpRouter.concat(recordsRouter.pipe(HttpRouter.prefixAll("/api"))), HttpRouter.concat(assetsRouter.pipe(HttpRouter.prefixAll("/api/assets"))), HttpRouter.concat(localesRouter.pipe(HttpRouter.prefixAll("/api/locales"))), HttpRouter.concat(schemaRouter.pipe(HttpRouter.prefixAll("/api/schema"))), HttpRouter.concat(searchRouter.pipe(HttpRouter.prefixAll("/api/search"))), HttpRouter.concat(tokensRouter.pipe(HttpRouter.prefixAll("/api/tokens"))), HttpRouter.concat(previewTokensRouter.pipe(HttpRouter.prefixAll("/api/preview-tokens"))), HttpRouter.concat(setupRouter.pipe(HttpRouter.prefixAll("/api"))), HttpRouter.concat(pathsRouter.pipe(HttpRouter.prefixAll("/paths"))));
 function createWebHandler(sqlLayer, options) {
 	const vectorizeLayer = Layer.succeed(VectorizeContext, options?.ai && options.vectorize ? Option.some({
 		ai: options.ai,
@@ -415,7 +745,7 @@ function createWebHandler(sqlLayer, options) {
 	}
 	async function getGraphqlInstance() {
 		if (!graphqlInstance) {
-			if (!graphqlModulePromise) graphqlModulePromise = import("./handler-ClOW1ldA.mjs");
+			if (!graphqlModulePromise) graphqlModulePromise = import("./handler-B5jgfPOY.mjs");
 			graphqlInstance = (await graphqlModulePromise).createGraphQLHandler(sqlLayer, {
 				assetBaseUrl: options?.assetBaseUrl,
 				isProduction: options?.isProduction
@@ -442,7 +772,7 @@ function createWebHandler(sqlLayer, options) {
 		const headers = new Headers(response.headers);
 		headers.set("Access-Control-Allow-Origin", origin);
 		headers.set("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS");
-		headers.set("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Include-Drafts, X-Exclude-Invalid, X-Filename, X-Requested-With, Accept, User-Agent");
+		headers.set("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Include-Drafts, X-Exclude-Invalid, X-Filename, X-Requested-With, Accept, User-Agent, X-Preview-Token");
 		headers.set("Access-Control-Max-Age", "600");
 		return new Response(response.body, {
 			status: response.status,
@@ -559,6 +889,10 @@ function createWebHandler(sqlLayer, options) {
 				const h = new Headers(instrumentedRequest.headers);
 				if (credentialType) h.set("X-Credential-Type", credentialType);
 				else h.delete("X-Credential-Type");
+				const previewToken = instrumentedRequest.headers.get("X-Preview-Token");
+				if (previewToken) try {
+					if ((await Effect.runPromise(validatePreviewToken(previewToken).pipe(Effect.provide(fullLayer)))).valid) h.set("X-Include-Drafts", "true");
+				} catch {}
 				instrumentedRequest = new Request(instrumentedRequest, { headers: h });
 			} else if (url.pathname === "/mcp") {
 				if ((await getRequestActor(instrumentedRequest))?.type === "editor") return finish(new Response(JSON.stringify({ error: "Unauthorized. Editor tokens must use /mcp/editor." }), {
@@ -582,7 +916,7 @@ function createWebHandler(sqlLayer, options) {
 						headers: { "Content-Type": "application/json" }
 					}));
 				}
-			} else if (url.pathname.startsWith("/api/")) {
+			} else if (url.pathname === "/api/preview-tokens/validate") {} else if (url.pathname.startsWith("/api/")) {
 				const adminOnly = isSchemaMutationRequest(url, instrumentedRequest.method) || url.pathname.startsWith("/api/tokens");
 				const denied = await checkWriteAuth(instrumentedRequest, adminOnly);
 				if (denied) {
@@ -598,36 +932,88 @@ function createWebHandler(sqlLayer, options) {
 				instrumentedRequest = new Request(instrumentedRequest, { headers: h });
 			}
 			if (url.pathname === "/mcp") {
-				const { createMcpHttpHandler } = await import("./http-transport-DbFCI6Cs.mjs");
+				if (options?.loader) {
+					const { createMcpHttpHandler } = await import("./http-transport-DVKhbbe1.mjs");
+					const adminMcpHandler = mcpHandler ??= createMcpHttpHandler(fullLayer, {
+						mode: "admin",
+						path: "/mcp",
+						r2Bucket: options.r2Bucket,
+						assetBaseUrl: options.assetBaseUrl,
+						siteUrl: options.siteUrl,
+						actor: {
+							type: "admin",
+							label: "admin"
+						}
+					});
+					const { createCodeModeMcpServer } = await import("./codemode-handler-Bgu2utjN.mjs");
+					const { createMcpHandler } = await import("agents/mcp");
+					return finish(await createMcpHandler(await createCodeModeMcpServer({
+						loader: options.loader,
+						mcpHandler: adminMcpHandler
+					}), { route: "/mcp" })(instrumentedRequest, {}, {
+						waitUntil: () => {},
+						passThroughOnException: () => {}
+					}));
+				}
+				const { createMcpHttpHandler } = await import("./http-transport-DVKhbbe1.mjs");
 				const actor = await getRequestActor(instrumentedRequest);
 				return finish(await (actor?.type === "admin" ? mcpHandler ??= createMcpHttpHandler(fullLayer, {
 					mode: "admin",
 					path: "/mcp",
 					r2Bucket: options?.r2Bucket,
 					assetBaseUrl: options?.assetBaseUrl,
+					siteUrl: options?.siteUrl,
 					actor
 				}) : createMcpHttpHandler(fullLayer, {
 					mode: "admin",
 					path: "/mcp",
 					r2Bucket: options?.r2Bucket,
 					assetBaseUrl: options?.assetBaseUrl,
+					siteUrl: options?.siteUrl,
 					actor
 				}))(instrumentedRequest));
 			}
 			if (url.pathname === "/mcp/editor") {
-				const { createMcpHttpHandler } = await import("./http-transport-DbFCI6Cs.mjs");
+				if (options?.loader) {
+					const { createMcpHttpHandler } = await import("./http-transport-DVKhbbe1.mjs");
+					const editorMcpHandler = mcpEditorHandler ??= createMcpHttpHandler(fullLayer, {
+						mode: "editor",
+						path: "/mcp/editor",
+						r2Bucket: options.r2Bucket,
+						assetBaseUrl: options.assetBaseUrl,
+						siteUrl: options.siteUrl,
+						actor: {
+							type: "editor",
+							label: "editor"
+						}
+					});
+					const { createCodeModeMcpServer } = await import("./codemode-handler-Bgu2utjN.mjs");
+					const { createMcpHandler } = await import("agents/mcp");
+					return finish(await createMcpHandler(await createCodeModeMcpServer({
+						loader: options.loader,
+						mcpHandler: editorMcpHandler,
+						mode: "editor",
+						mcpPath: "/mcp/editor"
+					}), { route: "/mcp/editor" })(instrumentedRequest, {}, {
+						waitUntil: () => {},
+						passThroughOnException: () => {}
+					}));
+				}
+				const { createMcpHttpHandler } = await import("./http-transport-DVKhbbe1.mjs");
 				const actor = await getRequestActor(instrumentedRequest);
 				return finish(await (actor?.type === "editor" ? createMcpHttpHandler(fullLayer, {
 					mode: "editor",
 					path: "/mcp/editor",
 					r2Bucket: options?.r2Bucket,
 					assetBaseUrl: options?.assetBaseUrl,
+					siteUrl: options?.siteUrl,
 					actor
 				}) : mcpEditorHandler ??= createMcpHttpHandler(fullLayer, {
 					mode: "editor",
 					path: "/mcp/editor",
 					r2Bucket: options?.r2Bucket,
 					assetBaseUrl: options?.assetBaseUrl,
+					siteUrl: options?.siteUrl,
 					actor
 				}))(instrumentedRequest));
 			}
@@ -642,7 +1028,7 @@ function createWebHandler(sqlLayer, options) {
 					if (!graphqlModulePromise) {
 						graphqlImportCache = "miss";
 						const importStartedAt = performance.now();
-						graphqlModulePromise = import("./handler-ClOW1ldA.mjs").then((module) => {
+						graphqlModulePromise = import("./handler-B5jgfPOY.mjs").then((module) => {
 							graphqlImportMs = Number((performance.now() - importStartedAt).toFixed(3));
 							return module;
 						});
@@ -740,7 +1126,10 @@ function createWebHandler(sqlLayer, options) {
 		async execute(query, variables, context) {
 			return (await getGraphqlInstance()).execute(query, variables, context);
 		},
-		runScheduledTransitions: runScheduledTransitions$1
+		runScheduledTransitions: runScheduledTransitions$1,
+		resolveCanonicalPaths(modelApiKey) {
+			return Effect.runPromise(resolveCanonicalPaths(modelApiKey).pipe(Effect.provide(fullLayer)));
+		}
 	};
 }
 //#endregion
@@ -766,7 +1155,9 @@ const RawCmsBindingsSchema = Schema.Struct({
 	r2AccessKeyId: OptionalNonEmptyString,
 	r2SecretAccessKey: OptionalNonEmptyString,
 	r2BucketName: OptionalNonEmptyString,
-	cfAccountId: OptionalNonEmptyString
+	cfAccountId: OptionalNonEmptyString,
+	siteUrl: Schema.optional(Schema.String),
+	loader: Schema.optional(RuntimeObject)
 }).pipe(Schema.filter((bindings) => {
 	return bindings.ai !== void 0 === (bindings.vectorize !== void 0);
 }, { message: () => "ai and vectorize bindings must be configured together" }), Schema.filter((bindings) => {
@@ -799,7 +1190,9 @@ function decodeCmsBindings(input) {
 			secretAccessKey: bindings.r2SecretAccessKey,
 			bucketName: bindings.r2BucketName,
 			accountId: bindings.cfAccountId
-		} : void 0
+		} : void 0,
+		siteUrl: bindings.siteUrl,
+		loader: bindings.loader
 	};
 }
 //#endregion
@@ -1103,7 +1496,8 @@ function cacheKey(bindings, hooks) {
 		bindings.writeKey ?? "",
 		bindings.r2Credentials?.accessKeyId ?? "",
 		bindings.r2Credentials?.bucketName ?? "",
-		bindings.r2Credentials?.accountId ?? ""
+		bindings.r2Credentials?.accountId ?? "",
+		bindings.siteUrl ?? ""
 	].join("|");
 }
 /**
@@ -1156,12 +1550,15 @@ function createCMSHandlerUncached(bindings, hooks) {
 		ai: bindings.ai,
 		vectorize: bindings.vectorize,
 		hooks,
-		r2Credentials: bindings.r2Credentials
+		r2Credentials: bindings.r2Credentials,
+		siteUrl: bindings.siteUrl,
+		loader: bindings.loader
 	});
 	return {
 		fetch: (request) => webHandler.fetch(request),
 		execute: webHandler.execute,
-		runScheduledTransitions: (now) => webHandler.runScheduledTransitions(now)
+		runScheduledTransitions: (now) => webHandler.runScheduledTransitions(now),
+		resolveCanonicalPaths: (modelApiKey) => webHandler.resolveCanonicalPaths(modelApiKey)
 	};
 }
 //#endregion