agent-cms 0.1.0

package/dist/token-service-BDjccMmz.mjs

@@ -0,0 +1,3820 @@
+import { A as isSearchable, B as encodeJson, C as findUniqueConstraintViolations, D as getLinksTargets, E as getLinkTargets, F as parseMediaGalleryReferences, G as ReferenceConflictError, H as getFieldTypeDef, I as decodeJsonIfString, J as ValidationError, L as decodeJsonRecordStringOr, M as supportsUniqueValidation, O as getSlugSource, P as parseMediaFieldReference, R as decodeJsonString, S as computeIsValid, T as getBlocksOnly, U as DuplicateError, W as NotFoundError, a as materializeStructuredTextValue, b as isContentRow, c as FIELD_TYPES, i as materializeRecordStructuredTextFields, j as isUnique, k as isRequired, l as isFieldType, n as deleteBlocksForField, q as UnauthorizedError, r as getStructuredTextStorageKey, s as writeStructuredText, t as deleteBlockSubtrees, v as pruneBlockNodes, w as getBlockWhitelist, x as parseFieldValidators, y as StructuredTextWriteInput } from "./structured-text-service-B4xSlUg_.mjs";
+import { Context, Data, Effect, Option, Schema } from "effect";
+import { SqlClient } from "@effect/sql";
+import { customAlphabet } from "nanoid";
+import slugify from "slugify";
+const generateId = customAlphabet("0123456789abcdefghijklmnopqrstuvwxyz", 10);
+//#endregion
+//#region src/schema-engine/sql-ddl.ts
+/** Map CMS field type to SQLite column type */
+function fieldTypeToSQLite(fieldType) {
+	return getFieldTypeDef(fieldType).sqliteType;
+}
+/** System columns for content tables */
+const CONTENT_SYSTEM_COLUMNS = [
+	`"id" TEXT PRIMARY KEY`,
+	`"_status" TEXT NOT NULL DEFAULT 'draft'`,
+	`"_published_at" TEXT`,
+	`"_first_published_at" TEXT`,
+	`"_published_snapshot" TEXT`,
+	`"_created_at" TEXT NOT NULL`,
+	`"_updated_at" TEXT NOT NULL`,
+	`"_created_by" TEXT`,
+	`"_updated_by" TEXT`,
+	`"_published_by" TEXT`,
+	`"_scheduled_publish_at" TEXT`,
+	`"_scheduled_unpublish_at" TEXT`
+];
+/** System columns for block tables */
+const BLOCK_SYSTEM_COLUMNS = [
+	`"id" TEXT PRIMARY KEY`,
+	`"_root_record_id" TEXT NOT NULL`,
+	`"_root_field_api_key" TEXT NOT NULL`,
+	`"_parent_container_model_api_key" TEXT NOT NULL`,
+	`"_parent_block_id" TEXT`,
+	`"_parent_field_api_key" TEXT NOT NULL`,
+	`"_depth" INTEGER NOT NULL DEFAULT 0`
+];
+function blockLookupIndexName(blockApiKey) {
+	return `idx_block_${blockApiKey}_lookup`;
+}
+function ensureBlockLookupIndex(blockApiKey) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const tableName = `block_${blockApiKey}`;
+		const indexName = blockLookupIndexName(blockApiKey);
+		yield* sql.unsafe(`CREATE INDEX IF NOT EXISTS "${indexName}"
+       ON "${tableName}" (
+         "_root_record_id",
+         "_root_field_api_key",
+         "_parent_container_model_api_key",
+         "_parent_field_api_key",
+         "_parent_block_id"
+       )`);
+	});
+}
+function shouldIndexField(fieldType) {
+	return fieldType === "slug" || fieldType === "link" || fieldType === "date" || fieldType === "date_time" || fieldType === "integer";
+}
+function contentFieldIndexName(modelApiKey, fieldApiKey) {
+	return `idx_content_${modelApiKey}_${fieldApiKey}`;
+}
+function contentCompositeIndexName(modelApiKey, leftFieldApiKey, rightFieldApiKey) {
+	return `idx_content_${modelApiKey}_${leftFieldApiKey}_${rightFieldApiKey}`;
+}
+function ensureContentFieldIndexes(modelApiKey, fields) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const tableName = `content_${modelApiKey}`;
+		for (const field of fields) {
+			if (!shouldIndexField(field.fieldType)) continue;
+			yield* sql.unsafe(`CREATE INDEX IF NOT EXISTS "${contentFieldIndexName(modelApiKey, field.apiKey)}"
+         ON "${tableName}" ("${field.apiKey}")`);
+		}
+		const linkFields = fields.filter((field) => field.fieldType === "link");
+		const temporalFields = fields.filter((field) => field.fieldType === "date" || field.fieldType === "date_time");
+		for (const linkField of linkFields) for (const temporalField of temporalFields) yield* sql.unsafe(`CREATE INDEX IF NOT EXISTS "${contentCompositeIndexName(modelApiKey, linkField.apiKey, temporalField.apiKey)}"
+           ON "${tableName}" ("${linkField.apiKey}", "${temporalField.apiKey}" DESC)`);
+	});
+}
+/**
+* Create a content table for a model using @effect/sql.
+*/
+function createContentTable(modelApiKey, fields, options) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const tableName = `content_${modelApiKey}`;
+		const fieldCols = fields.map((f) => `"${f.apiKey}" ${fieldTypeToSQLite(f.fieldType)}`);
+		const systemCols = [...CONTENT_SYSTEM_COLUMNS];
+		if (options?.sortable || options?.tree) systemCols.push(`"_position" INTEGER NOT NULL DEFAULT 0`);
+		if (options?.tree) systemCols.push(`"_parent_id" TEXT`);
+		const allCols = [...systemCols, ...fieldCols].join(", ");
+		yield* sql.unsafe(`CREATE TABLE IF NOT EXISTS "${tableName}" (${allCols})`);
+		yield* ensureContentFieldIndexes(modelApiKey, fields);
+		return tableName;
+	});
+}
+/**
+* Create a block table for a block type using @effect/sql.
+*/
+function createBlockTable(blockApiKey, fields) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const tableName = `block_${blockApiKey}`;
+		const fieldCols = fields.map((f) => `"${f.apiKey}" ${fieldTypeToSQLite(f.fieldType)}`);
+		const allCols = [...BLOCK_SYSTEM_COLUMNS, ...fieldCols].join(", ");
+		yield* sql.unsafe(`CREATE TABLE IF NOT EXISTS "${tableName}" (${allCols})`);
+		yield* ensureBlockLookupIndex(blockApiKey);
+		return tableName;
+	});
+}
+/**
+* Add a column to a dynamic table.
+*/
+function addColumn(tableName, apiKey, fieldType) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const colType = fieldTypeToSQLite(fieldType);
+		yield* sql.unsafe(`ALTER TABLE "${tableName}" ADD COLUMN "${apiKey}" ${colType}`);
+	});
+}
+/**
+* Drop a column from a dynamic table.
+*/
+function dropColumn(tableName, apiKey) {
+	return Effect.gen(function* () {
+		yield* (yield* SqlClient.SqlClient).unsafe(`ALTER TABLE "${tableName}" DROP COLUMN "${apiKey}"`);
+	});
+}
+/**
+* Drop an entire table.
+*/
+function dropTableSql(tableName) {
+	return Effect.gen(function* () {
+		yield* (yield* SqlClient.SqlClient).unsafe(`DROP TABLE IF EXISTS "${tableName}"`);
+	});
+}
+/**
+* Check if a table exists.
+*/
+function tableExists(tableName) {
+	return Effect.gen(function* () {
+		return (yield* (yield* SqlClient.SqlClient).unsafe(`SELECT name FROM sqlite_master WHERE type='table' AND name='${tableName}'`)).length > 0;
+	});
+}
+/**
+* Get existing column names for a table.
+*/
+function getTableColumns(tableName) {
+	return Effect.gen(function* () {
+		return (yield* (yield* SqlClient.SqlClient).unsafe(`PRAGMA table_info("${tableName}")`)).map((r) => ({
+			name: r.name,
+			type: r.type
+		}));
+	});
+}
+/**
+* Migrate a dynamic table: create if missing, add/drop columns as needed.
+*/
+function migrateContentTable(modelApiKey, isBlock, fields, options) {
+	return Effect.gen(function* () {
+		const tableName = isBlock ? `block_${modelApiKey}` : `content_${modelApiKey}`;
+		if (!(yield* tableExists(tableName))) {
+			if (isBlock) yield* createBlockTable(modelApiKey, fields);
+			else yield* createContentTable(modelApiKey, fields, options);
+			return {
+				created: true,
+				columnsAdded: [],
+				columnsDropped: []
+			};
+		}
+		const existingCols = yield* getTableColumns(tableName);
+		const existingColNames = new Set(existingCols.map((c) => c.name));
+		const systemColNames = isBlock ? new Set([
+			"id",
+			"_root_record_id",
+			"_root_field_api_key",
+			"_parent_container_model_api_key",
+			"_parent_block_id",
+			"_parent_field_api_key",
+			"_depth"
+		]) : new Set([
+			"id",
+			"_status",
+			"_published_at",
+			"_first_published_at",
+			"_published_snapshot",
+			"_created_at",
+			"_updated_at",
+			"_created_by",
+			"_updated_by",
+			"_published_by",
+			"_scheduled_publish_at",
+			"_scheduled_unpublish_at",
+			"_position",
+			"_parent_id"
+		]);
+		const desiredFieldNames = new Set(fields.map((f) => f.apiKey));
+		const columnsAdded = [];
+		const columnsDropped = [];
+		for (const field of fields) if (!existingColNames.has(field.apiKey)) {
+			yield* addColumn(tableName, field.apiKey, field.fieldType);
+			columnsAdded.push(field.apiKey);
+		}
+		for (const col of existingCols) if (!systemColNames.has(col.name) && !desiredFieldNames.has(col.name)) {
+			yield* dropColumn(tableName, col.name);
+			columnsDropped.push(col.name);
+		}
+		if (isBlock) yield* ensureBlockLookupIndex(modelApiKey);
+		else yield* ensureContentFieldIndexes(modelApiKey, fields);
+		return {
+			created: false,
+			columnsAdded,
+			columnsDropped
+		};
+	});
+}
+//#endregion
+//#region src/search/extract-text.ts
+/**
+* Extract plain text from a DAST document.
+* Walks the tree collecting span.value strings.
+*/
+function extractDastText(dast) {
+	if (!isRecord(dast)) return "";
+	const children = getArray(isRecord(dast.document) ? dast.document : dast, "children");
+	if (!children) return "";
+	const parts = [];
+	collectText(children, parts);
+	return parts.join(" ").replace(/\s+/g, " ").trim();
+}
+/**
+* Extract searchable text from all fields of a record.
+* Returns title (for higher BM25 weight) and body (concatenated text).
+*/
+function extractRecordText(record, fields) {
+	let title = "";
+	const bodyParts = [];
+	const titleField = fields.find((f) => f.api_key === "title") ?? fields.find((f) => f.api_key === "name") ?? fields.find((f) => f.field_type === "string");
+	for (const field of fields) {
+		if (!isSearchable(field.validators)) continue;
+		const value = record[field.api_key];
+		if (value === void 0 || value === null) continue;
+		const texts = extractFieldText(field, value);
+		if (texts.length === 0) continue;
+		const joined = texts.join(" ");
+		if (titleField && field.api_key === titleField.api_key) title = joined;
+		else bodyParts.push(joined);
+	}
+	return {
+		title: title.replace(/\s+/g, " ").trim(),
+		body: bodyParts.join(" ").replace(/\s+/g, " ").trim()
+	};
+}
+function extractFieldText(field, value) {
+	if (field.localized && isRecord(value)) {
+		const texts = [];
+		for (const localeValue of Object.values(value)) texts.push(...extractFieldText({
+			...field,
+			localized: 0
+		}, localeValue));
+		return texts;
+	}
+	switch (field.field_type) {
+		case "structured_text": {
+			const parsed = typeof value === "string" ? safeParse(value) : value;
+			if (!isRecord(parsed)) return [];
+			const dast = isRecord(parsed.value) ? parsed.value : parsed;
+			const parts = [];
+			const text = extractDastText(dast);
+			if (text) parts.push(text);
+			if (isRecord(parsed.blocks)) parts.push(...extractGenericText(parsed.blocks));
+			return parts;
+		}
+		case "seo": {
+			const parsed = typeof value === "string" ? safeParse(value) : value;
+			if (!isRecord(parsed)) return [];
+			const parts = [];
+			if (typeof parsed.title === "string") parts.push(parsed.title);
+			if (typeof parsed.description === "string") parts.push(parsed.description);
+			return parts;
+		}
+		default: return extractGenericText(value);
+	}
+}
+/** Extract text from any value — strings directly, JSON objects recursively. */
+function extractGenericText(value) {
+	if (typeof value === "string") {
+		if (/^[0-9a-z]{10}$/.test(value)) return [];
+		if (/^[0-9A-HJKMNP-TV-Z]{26}$/i.test(value)) return [];
+		if (/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(value)) return [];
+		return value.length > 0 ? [value] : [];
+	}
+	if (typeof value === "number" || typeof value === "boolean") return [];
+	if (Array.isArray(value)) {
+		const texts = [];
+		for (const item of value) texts.push(...extractGenericText(item));
+		return texts;
+	}
+	if (isRecord(value)) {
+		const texts = [];
+		for (const [key, v] of Object.entries(value)) {
+			if (key.startsWith("_")) continue;
+			texts.push(...extractGenericText(v));
+		}
+		return texts;
+	}
+	return [];
+}
+function isRecord(v) {
+	return typeof v === "object" && v !== null && !Array.isArray(v);
+}
+function getArray(obj, key) {
+	const v = obj[key];
+	return Array.isArray(v) ? v : void 0;
+}
+function collectText(nodes, parts) {
+	for (const node of nodes) {
+		if (!isRecord(node)) continue;
+		if (node.type === "span" && typeof node.value === "string") parts.push(node.value);
+		if (node.type === "code" && typeof node.code === "string") parts.push(node.code);
+		const children = getArray(node, "children");
+		if (children) collectText(children, parts);
+	}
+}
+function safeParse(json) {
+	try {
+		return JSON.parse(json);
+	} catch {
+		return null;
+	}
+}
+//#endregion
+//#region src/search/fts5.ts
+/**
+* Create FTS5 virtual table for a model.
+*/
+function createFtsTable$1(modelApiKey) {
+	return Effect.gen(function* () {
+		yield* (yield* SqlClient.SqlClient).unsafe(`CREATE VIRTUAL TABLE IF NOT EXISTS "fts_${modelApiKey}" USING fts5(record_id UNINDEXED, title, body)`);
+	});
+}
+/**
+* Drop FTS5 virtual table for a model.
+*/
+function dropFtsTable(modelApiKey) {
+	return Effect.gen(function* () {
+		yield* (yield* SqlClient.SqlClient).unsafe(`DROP TABLE IF EXISTS "fts_${modelApiKey}"`);
+	});
+}
+/**
+* Index a single record into the FTS5 table.
+*/
+function ftsIndex(modelApiKey, recordId, title, body) {
+	return Effect.gen(function* () {
+		yield* (yield* SqlClient.SqlClient).unsafe(`INSERT INTO "fts_${modelApiKey}"(record_id, title, body) VALUES (?, ?, ?)`, [
+			recordId,
+			title,
+			body
+		]);
+	});
+}
+/**
+* Remove a record from the FTS5 index.
+*/
+function ftsDeindex(modelApiKey, recordId) {
+	return Effect.gen(function* () {
+		yield* (yield* SqlClient.SqlClient).unsafe(`DELETE FROM "fts_${modelApiKey}" WHERE record_id = ?`, [recordId]);
+	});
+}
+/**
+* Query FTS5 with BM25 ranking and snippets.
+* When modelApiKey is not specified, searches across all FTS5 tables.
+*/
+function ftsSearch(query, options) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const limit = Math.min(options.first ?? 10, 100);
+		const offset = options.skip ?? 0;
+		if (options.modelApiKey) {
+			const modelApiKey = options.modelApiKey;
+			return (yield* sql.unsafe(`SELECT record_id, title, rank, snippet("fts_${modelApiKey}", 2, '<mark>', '</mark>', '...', 32) as snippet
+         FROM "fts_${modelApiKey}"
+         WHERE "fts_${modelApiKey}" MATCH ?
+         ORDER BY rank
+         LIMIT ? OFFSET ?`, [
+				query,
+				limit,
+				offset
+			])).map((r) => ({
+				recordId: r.record_id,
+				modelApiKey,
+				rank: r.rank,
+				title: r.title,
+				snippet: r.snippet
+			}));
+		}
+		const tables = yield* sql.unsafe(`SELECT name FROM sqlite_master WHERE type='table' AND name LIKE 'fts_%' AND sql LIKE 'CREATE VIRTUAL TABLE%'`);
+		if (tables.length === 0) return [];
+		const unionQuery = tables.map((t) => {
+			return `SELECT record_id, title, '${t.name.replace(/^fts_/, "")}' as model_api_key, rank, snippet("${t.name}", 2, '<mark>', '</mark>', '...', 32) as snippet FROM "${t.name}" WHERE "${t.name}" MATCH ?`;
+		}).join(" UNION ALL ") + " ORDER BY rank LIMIT ? OFFSET ?";
+		const params = [
+			...tables.map(() => query),
+			limit,
+			offset
+		];
+		return (yield* sql.unsafe(unionQuery, params)).map((r) => ({
+			recordId: r.record_id,
+			modelApiKey: r.model_api_key,
+			rank: r.rank,
+			title: r.title,
+			snippet: r.snippet
+		}));
+	});
+}
+//#endregion
+//#region src/search/vectorize.ts
+/**
+* Vectorize semantic search using Cloudflare Workers AI + Vectorize.
+* All functions return Effect — async boundaries use Effect.tryPromise.
+*/
+var VectorizeError = class extends Data.TaggedError("VectorizeError") {};
+function describeUnknown(error) {
+	if (error instanceof Error) return `${error.name}: ${error.message}`;
+	if (typeof error === "string") return error;
+	return JSON.stringify(error);
+}
+const EMBED_MODEL = "@cf/baai/bge-small-en-v1.5";
+/**
+* Generate embeddings for text chunks using Workers AI.
+*/
+function embedTexts(ai, texts) {
+	if (texts.length === 0) return Effect.succeed([]);
+	return Effect.tryPromise({
+		try: () => ai.run(EMBED_MODEL, { text: texts }),
+		catch: (error) => new VectorizeError({ message: `Embedding failed: ${describeUnknown(error)}` })
+	}).pipe(Effect.map((result) => result.data));
+}
+/**
+* Index a record into Vectorize.
+*/
+function vectorizeIndex(ai, vectorize, modelApiKey, recordId, title, body) {
+	const text = [title, body].filter(Boolean).join(" — ");
+	if (!text) return Effect.void;
+	return Effect.gen(function* () {
+		const embeddings = yield* embedTexts(ai, [text]);
+		yield* Effect.tryPromise({
+			try: () => vectorize.upsert([{
+				id: `${modelApiKey}:${recordId}`,
+				values: embeddings[0],
+				metadata: {
+					recordId,
+					modelApiKey
+				}
+			}]),
+			catch: (error) => new VectorizeError({ message: `Upsert failed: ${describeUnknown(error)}` })
+		});
+	});
+}
+/**
+* Remove a record from Vectorize.
+*/
+function vectorizeDeindex(vectorize, modelApiKey, recordId) {
+	return Effect.tryPromise({
+		try: () => vectorize.deleteByIds([`${modelApiKey}:${recordId}`]),
+		catch: (error) => new VectorizeError({ message: `Deindex failed: ${describeUnknown(error)}` })
+	});
+}
+/**
+* Semantic search via Vectorize.
+*/
+function vectorizeSearch(ai, vectorize, query, topK = 20) {
+	return Effect.gen(function* () {
+		const embeddings = yield* embedTexts(ai, [query]);
+		return (yield* Effect.tryPromise({
+			try: () => vectorize.query(embeddings[0], {
+				topK,
+				returnMetadata: "all"
+			}),
+			catch: (error) => new VectorizeError({ message: `Search failed: ${describeUnknown(error)}` })
+		})).matches.map((m) => ({
+			recordId: m.metadata?.recordId ?? m.id.split(":")[1],
+			modelApiKey: m.metadata?.modelApiKey ?? m.id.split(":")[0],
+			score: m.score
+		}));
+	});
+}
+/**
+* Reciprocal Rank Fusion — merge FTS5 and Vectorize results.
+* Records appearing in both result sets get boosted.
+*/
+function reciprocalRankFusion(ftsResults, vectorResults, k = 60) {
+	const scores = /* @__PURE__ */ new Map();
+	for (let i = 0; i < ftsResults.length; i++) {
+		const r = ftsResults[i];
+		const key = `${r.modelApiKey}:${r.recordId}`;
+		const rrf = 1 / (k + i + 1);
+		const existing = scores.get(key);
+		if (existing) existing.score += rrf;
+		else scores.set(key, {
+			recordId: r.recordId,
+			modelApiKey: r.modelApiKey,
+			score: rrf
+		});
+	}
+	for (let i = 0; i < vectorResults.length; i++) {
+		const r = vectorResults[i];
+		const key = `${r.modelApiKey}:${r.recordId}`;
+		const rrf = 1 / (k + i + 1);
+		const existing = scores.get(key);
+		if (existing) existing.score += rrf;
+		else scores.set(key, {
+			recordId: r.recordId,
+			modelApiKey: r.modelApiKey,
+			score: rrf
+		});
+	}
+	return [...scores.values()].sort((a, b) => b.score - a.score);
+}
+//#endregion
+//#region src/search/vectorize-context.ts
+var VectorizeContext = class extends Context.Tag("VectorizeContext")() {};
+//#endregion
+//#region src/search/search-service.ts
+/**
+* Index a record after creation.
+*/
+function indexRecord(modelApiKey, recordId, data, fields) {
+	return Effect.gen(function* () {
+		const { title, body } = extractRecordText(yield* materializeRecordStructuredTextFields({
+			modelApiKey,
+			record: data,
+			fields
+		}), fields);
+		if (!title && !body) return;
+		yield* ftsIndex(modelApiKey, recordId, title, body);
+		const bindings = yield* VectorizeContext;
+		if (Option.isSome(bindings)) yield* vectorizeIndex(bindings.value.ai, bindings.value.vectorize, modelApiKey, recordId, title, body).pipe(Effect.ignore);
+	});
+}
+/**
+* Reindex a record after update: deindex old, then fetch fresh data and index.
+*/
+function reindexRecord(modelApiKey, recordId, fields) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		yield* ftsDeindex(modelApiKey, recordId);
+		const rows = yield* sql.unsafe(`SELECT * FROM "content_${modelApiKey}" WHERE id = ?`, [recordId]);
+		if (rows.length === 0) return;
+		const { title, body } = extractRecordText(yield* materializeRecordStructuredTextFields({
+			modelApiKey,
+			record: rows[0],
+			fields
+		}), fields);
+		if (!title && !body) return;
+		yield* ftsIndex(modelApiKey, recordId, title, body);
+		const bindings = yield* VectorizeContext;
+		if (Option.isSome(bindings)) yield* vectorizeIndex(bindings.value.ai, bindings.value.vectorize, modelApiKey, recordId, title, body).pipe(Effect.ignore);
+	});
+}
+/**
+* Remove a record from the index.
+*/
+function deindexRecord(modelApiKey, recordId) {
+	return Effect.gen(function* () {
+		yield* ftsDeindex(modelApiKey, recordId);
+		const bindings = yield* VectorizeContext;
+		if (Option.isSome(bindings)) yield* vectorizeDeindex(bindings.value.vectorize, modelApiKey, recordId).pipe(Effect.ignore);
+	});
+}
+/**
+* Rebuild the entire FTS5 index for a model.
+*/
+function rebuildIndex(modelApiKey) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		yield* dropFtsTable(modelApiKey);
+		yield* createFtsTable$1(modelApiKey);
+		const models = yield* sql.unsafe("SELECT id FROM models WHERE api_key = ?", [modelApiKey]);
+		if (models.length === 0) return;
+		const fields = (yield* sql.unsafe("SELECT * FROM fields WHERE model_id = ? ORDER BY position", [models[0].id])).map(parseFieldValidators);
+		const records = yield* sql.unsafe(`SELECT * FROM "content_${modelApiKey}"`);
+		const bindings = yield* VectorizeContext;
+		for (const record of records) {
+			const { title, body } = extractRecordText(yield* materializeRecordStructuredTextFields({
+				modelApiKey,
+				record,
+				fields
+			}), fields);
+			if (title || body) {
+				yield* ftsIndex(modelApiKey, String(record.id), title, body);
+				if (Option.isSome(bindings)) yield* vectorizeIndex(bindings.value.ai, bindings.value.vectorize, modelApiKey, String(record.id), title, body).pipe(Effect.ignore);
+			}
+		}
+	});
+}
+/**
+* Create the FTS5 table for a model.
+*/
+function createFtsTable(modelApiKey) {
+	return createFtsTable$1(modelApiKey);
+}
+/**
+* Drop the FTS5 index for a model.
+*/
+function dropIndex(modelApiKey) {
+	return dropFtsTable(modelApiKey);
+}
+/**
+* Rebuild search indexes for all content models (or a specific one).
+*/
+function reindexAll(modelApiKey) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		let modelRows;
+		if (modelApiKey) {
+			modelRows = yield* sql.unsafe("SELECT id, api_key FROM models WHERE api_key = ? AND is_block = 0", [modelApiKey]);
+			if (modelRows.length === 0) return yield* new ValidationError({ message: `Model '${modelApiKey}' not found or is a block type` });
+		} else modelRows = yield* sql.unsafe("SELECT id, api_key FROM models WHERE is_block = 0");
+		const bindings = yield* VectorizeContext;
+		let totalRecords = 0;
+		let totalIndexed = 0;
+		for (const model of modelRows) {
+			yield* dropFtsTable(model.api_key);
+			yield* createFtsTable$1(model.api_key);
+			const fields = (yield* sql.unsafe("SELECT * FROM fields WHERE model_id = ? ORDER BY position", [model.id])).map(parseFieldValidators);
+			const records = yield* sql.unsafe(`SELECT * FROM "content_${model.api_key}"`);
+			totalRecords += records.length;
+			for (const record of records) {
+				const { title, body } = extractRecordText(yield* materializeRecordStructuredTextFields({
+					modelApiKey: model.api_key,
+					record,
+					fields
+				}), fields);
+				if (title || body) {
+					yield* ftsIndex(model.api_key, String(record.id), title, body);
+					if (Option.isSome(bindings)) yield* vectorizeIndex(bindings.value.ai, bindings.value.vectorize, model.api_key, String(record.id), title, body).pipe(Effect.ignore);
+					totalIndexed++;
+				}
+			}
+		}
+		return {
+			models: modelRows.length,
+			records: totalRecords,
+			indexed: totalIndexed,
+			vectorize: Option.isSome(bindings)
+		};
+	});
+}
+function lookupIndexedTitle(modelApiKey, recordId) {
+	return Effect.gen(function* () {
+		return (yield* (yield* SqlClient.SqlClient).unsafe(`SELECT title FROM "fts_${modelApiKey}" WHERE record_id = ? LIMIT 1`, [recordId]).pipe(Effect.catchAll(() => Effect.succeed([]))))[0]?.title ?? null;
+	});
+}
+/**
+* Search content records.
+*/
+function search(params) {
+	return Effect.gen(function* () {
+		if (!params.query || params.query.trim().length === 0) return yield* new ValidationError({ message: "Search query is required" });
+		const bindings = yield* VectorizeContext;
+		const hasVector = Option.isSome(bindings);
+		const limit = Math.min(params.first ?? 10, 100);
+		const mode = params.mode ?? (hasVector ? "hybrid" : "keyword");
+		const useVector = (mode === "semantic" || mode === "hybrid") && hasVector;
+		let ftsResults = [];
+		if (mode !== "semantic") ftsResults = yield* ftsSearch(params.query, {
+			modelApiKey: params.modelApiKey,
+			first: limit,
+			skip: params.skip
+		}).pipe(Effect.catchAll(() => Effect.succeed([])));
+		let vectorResults = [];
+		if (useVector && Option.isSome(bindings)) {
+			vectorResults = yield* vectorizeSearch(bindings.value.ai, bindings.value.vectorize, params.query, limit * 2).pipe(Effect.catchAll(() => Effect.succeed([])));
+			if (params.modelApiKey) vectorResults = vectorResults.filter((r) => r.modelApiKey === params.modelApiKey);
+		}
+		if (mode === "hybrid" && ftsResults.length > 0 && vectorResults.length > 0) {
+			const paged = reciprocalRankFusion(ftsResults, vectorResults).slice(params.skip ?? 0, (params.skip ?? 0) + limit);
+			const ftsMetaMap = new Map(ftsResults.map((r) => [`${r.modelApiKey}:${r.recordId}`, {
+				title: r.title,
+				snippet: r.snippet
+			}]));
+			const results = paged.map((r) => ({
+				recordId: r.recordId,
+				modelApiKey: r.modelApiKey,
+				rank: r.score,
+				title: ftsMetaMap.get(`${r.modelApiKey}:${r.recordId}`)?.title ?? null,
+				snippet: ftsMetaMap.get(`${r.modelApiKey}:${r.recordId}`)?.snippet ?? ""
+			}));
+			return {
+				results,
+				meta: {
+					count: results.length,
+					mode: "hybrid"
+				}
+			};
+		}
+		if (mode === "semantic" && vectorResults.length > 0) {
+			const paged = vectorResults.slice(params.skip ?? 0, (params.skip ?? 0) + limit);
+			const results = yield* Effect.forEach(paged, (r) => Effect.gen(function* () {
+				const title = yield* lookupIndexedTitle(r.modelApiKey, r.recordId);
+				return {
+					recordId: r.recordId,
+					modelApiKey: r.modelApiKey,
+					rank: r.score,
+					title,
+					snippet: ""
+				};
+			}));
+			return {
+				results,
+				meta: {
+					count: results.length,
+					mode: "semantic"
+				}
+			};
+		}
+		return {
+			results: ftsResults,
+			meta: {
+				count: ftsResults.length,
+				mode: hasVector ? mode : "keyword"
+			}
+		};
+	});
+}
+//#endregion
+//#region src/services/model-service.ts
+function listModels() {
+	return Effect.gen(function* () {
+		return yield* (yield* SqlClient.SqlClient).unsafe("SELECT * FROM models ORDER BY created_at");
+	});
+}
+function getModel(id) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const models = yield* sql.unsafe("SELECT * FROM models WHERE id = ?", [id]);
+		if (models.length === 0) return yield* new NotFoundError({
+			entity: "Model",
+			id
+		});
+		const fields = yield* sql.unsafe("SELECT * FROM fields WHERE model_id = ? ORDER BY position", [id]);
+		return {
+			...models[0],
+			fields: fields.map(parseFieldValidators)
+		};
+	});
+}
+function createModel(body) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		if (!/^[a-z][a-z0-9_]*$/.test(body.apiKey)) return yield* new ValidationError({ message: "apiKey must start with a lowercase letter and contain only lowercase letters, numbers, and underscores" });
+		if ((yield* sql.unsafe("SELECT id FROM models WHERE api_key = ?", [body.apiKey])).length > 0) return yield* new DuplicateError({ message: `Model with apiKey '${body.apiKey}' already exists` });
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		const id = generateId();
+		yield* sql.unsafe(`INSERT INTO models (id, name, api_key, is_block, singleton, sortable, tree, has_draft, all_locales_required, ordering, created_at, updated_at)
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`, [
+			id,
+			body.name,
+			body.apiKey,
+			body.isBlock ? 1 : 0,
+			body.singleton ? 1 : 0,
+			body.sortable ? 1 : 0,
+			body.tree ? 1 : 0,
+			body.hasDraft ? 1 : 0,
+			body.allLocalesRequired ? 1 : 0,
+			body.ordering ?? null,
+			now,
+			now
+		]);
+		yield* migrateContentTable(body.apiKey, body.isBlock, [], {
+			sortable: body.sortable,
+			tree: body.tree
+		});
+		if (!body.isBlock) yield* createFtsTable(body.apiKey).pipe(Effect.ignore);
+		return {
+			id,
+			name: body.name,
+			apiKey: body.apiKey,
+			isBlock: body.isBlock,
+			singleton: body.singleton,
+			sortable: body.sortable,
+			tree: body.tree,
+			hasDraft: body.hasDraft,
+			allLocalesRequired: body.allLocalesRequired,
+			ordering: body.ordering ?? null,
+			createdAt: now,
+			updatedAt: now
+		};
+	});
+}
+function updateModel(id, body) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const existing = yield* sql.unsafe("SELECT * FROM models WHERE id = ?", [id]);
+		if (existing.length === 0) return yield* new NotFoundError({
+			entity: "Model",
+			id
+		});
+		const model = existing[0];
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		const sets = ["updated_at = ?"];
+		const values = [now];
+		if (body.name !== void 0) {
+			sets.push("name = ?");
+			values.push(body.name);
+		}
+		if (body.singleton !== void 0) {
+			sets.push("singleton = ?");
+			values.push(body.singleton ? 1 : 0);
+		}
+		if (body.sortable !== void 0) {
+			sets.push("sortable = ?");
+			values.push(body.sortable ? 1 : 0);
+		}
+		if (body.hasDraft !== void 0) {
+			sets.push("has_draft = ?");
+			values.push(body.hasDraft ? 1 : 0);
+		}
+		if (body.allLocalesRequired !== void 0) {
+			sets.push("all_locales_required = ?");
+			values.push(body.allLocalesRequired ? 1 : 0);
+		}
+		if (body.ordering !== void 0) {
+			sets.push("ordering = ?");
+			values.push(body.ordering);
+		}
+		if (body.apiKey !== void 0 && body.apiKey !== model.api_key) {
+			const newApiKey = body.apiKey;
+			if (!/^[a-z][a-z0-9_]*$/.test(newApiKey)) return yield* new ValidationError({ message: "apiKey must start with a lowercase letter and contain only lowercase letters, numbers, and underscores" });
+			if ((yield* sql.unsafe("SELECT id FROM models WHERE api_key = ? AND id != ?", [newApiKey, id])).length > 0) return yield* new DuplicateError({ message: `Model with apiKey '${newApiKey}' already exists` });
+			const oldPrefix = model.is_block ? "block_" : "content_";
+			const oldTableName = `${oldPrefix}${model.api_key}`;
+			const newTableName = `${oldPrefix}${newApiKey}`;
+			yield* sql.unsafe(`ALTER TABLE "${oldTableName}" RENAME TO "${newTableName}"`);
+			if (!model.is_block) {
+				yield* dropIndex(model.api_key).pipe(Effect.ignore);
+				yield* createFtsTable(newApiKey).pipe(Effect.ignore);
+			}
+			const allFields = yield* sql.unsafe("SELECT * FROM fields WHERE field_type IN ('link', 'links', 'structured_text')");
+			for (const f of allFields) {
+				const validators = decodeJsonRecordStringOr(f.validators || "{}", {});
+				let changed = false;
+				for (const key of ["item_item_type", "items_item_type"]) if (Array.isArray(validators[key])) {
+					const idx = validators[key].indexOf(model.api_key);
+					if (idx !== -1) {
+						validators[key][idx] = newApiKey;
+						changed = true;
+					}
+				}
+				if (Array.isArray(validators.structured_text_blocks)) {
+					const idx = validators.structured_text_blocks.indexOf(model.api_key);
+					if (idx !== -1) {
+						validators.structured_text_blocks[idx] = newApiKey;
+						changed = true;
+					}
+				}
+				if (changed) yield* sql.unsafe("UPDATE fields SET validators = ? WHERE id = ?", [encodeJson(validators), f.id]);
+			}
+			sets.push("api_key = ?");
+			values.push(newApiKey);
+		}
+		yield* sql.unsafe(`UPDATE models SET ${sets.join(", ")} WHERE id = ?`, [...values, id]);
+		if (typeof body.apiKey === "string" && body.apiKey !== model.api_key && !model.is_block) yield* rebuildIndex(body.apiKey).pipe(Effect.ignore);
+		return (yield* sql.unsafe("SELECT * FROM models WHERE id = ?", [id]))[0];
+	});
+}
+function deleteModel(id) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const models = yield* sql.unsafe("SELECT * FROM models WHERE id = ?", [id]);
+		if (models.length === 0) return yield* new NotFoundError({
+			entity: "Model",
+			id
+		});
+		const model = models[0];
+		const allFields = yield* sql.unsafe("SELECT * FROM fields");
+		if (!model.is_block) {
+			const referencingFields = allFields.filter((f) => {
+				if (f.field_type !== "link" && f.field_type !== "links") return false;
+				if (f.model_id === id) return false;
+				const validators = decodeJsonRecordStringOr(f.validators || "{}", {});
+				const allowedTypes = validators.items_item_type ?? validators.item_item_type;
+				return Array.isArray(allowedTypes) && allowedTypes.includes(model.api_key);
+			});
+			if (referencingFields.length > 0) {
+				const refs = [];
+				for (const f of referencingFields) {
+					const refModels = yield* sql.unsafe("SELECT api_key FROM models WHERE id = ?", [f.model_id]);
+					refs.push(`${refModels[0]?.api_key ?? "unknown"}.${f.api_key}`);
+				}
+				return yield* new ReferenceConflictError({
+					message: `Cannot delete model '${model.api_key}': referenced by fields: ${refs.join(", ")}`,
+					references: refs
+				});
+			}
+		} else {
+			const referencingFields = allFields.filter((f) => {
+				if (f.field_type !== "structured_text") return false;
+				const whitelist = decodeJsonRecordStringOr(f.validators || "{}", {}).block_whitelist;
+				return Array.isArray(whitelist) && whitelist.includes(model.api_key);
+			});
+			if (referencingFields.length > 0) {
+				const refs = [];
+				for (const f of referencingFields) {
+					const refModels = yield* sql.unsafe("SELECT api_key FROM models WHERE id = ?", [f.model_id]);
+					refs.push(`${refModels[0]?.api_key ?? "unknown"}.${f.api_key}`);
+				}
+				return yield* new ReferenceConflictError({
+					message: `Cannot delete block type '${model.api_key}': referenced by structured_text fields: ${refs.join(", ")}. Use remove_block to clean up DAST references first.`,
+					references: refs
+				});
+			}
+		}
+		const tableName = model.is_block ? `block_${model.api_key}` : `content_${model.api_key}`;
+		const recordsDestroyed = (yield* sql.unsafe(`SELECT COUNT(*) as c FROM "${tableName}"`))[0]?.c ?? 0;
+		yield* sql.unsafe("DELETE FROM fields WHERE model_id = ?", [id]);
+		yield* dropTableSql(tableName);
+		yield* dropIndex(model.api_key).pipe(Effect.ignore);
+		yield* sql.unsafe("DELETE FROM models WHERE id = ?", [id]);
+		return {
+			deleted: true,
+			recordsDestroyed
+		};
+	});
+}
+//#endregion
+//#region src/services/field-service.ts
+const ALLOWED_FIELD_VALIDATOR_KEYS = new Set([
+	"required",
+	"unique",
+	"enum",
+	"length",
+	"number_range",
+	"format",
+	"date_range",
+	"slug_source",
+	"item_item_type",
+	"items_item_type",
+	"structured_text_blocks",
+	"blocks_only",
+	"searchable"
+]);
+function validateFieldValidators(fieldType, apiKey, validators) {
+	return Effect.gen(function* () {
+		const unknownKeys = Object.keys(validators).filter((key) => !ALLOWED_FIELD_VALIDATOR_KEYS.has(key));
+		if (unknownKeys.length > 0) return yield* new ValidationError({
+			message: `Unknown validator key(s): ${unknownKeys.join(", ")}`,
+			field: apiKey
+		});
+		if (validators.required !== void 0 && typeof validators.required !== "boolean") return yield* new ValidationError({
+			message: `required validator must be a boolean`,
+			field: apiKey
+		});
+		if (isUnique(validators) && !supportsUniqueValidation(fieldType)) return yield* new ValidationError({
+			message: `unique validator is not supported for field type '${fieldType}'`,
+			field: apiKey
+		});
+		if (validators.unique !== void 0 && typeof validators.unique !== "boolean") return yield* new ValidationError({
+			message: `unique validator must be a boolean`,
+			field: apiKey
+		});
+		if (validators.searchable !== void 0 && typeof validators.searchable !== "boolean") return yield* new ValidationError({
+			message: `searchable validator must be a boolean`,
+			field: apiKey
+		});
+		const enumValues = validators.enum;
+		if (enumValues !== void 0) {
+			if (![
+				"string",
+				"text",
+				"slug"
+			].includes(fieldType)) return yield* new ValidationError({
+				message: `enum validator is only supported for string, text, and slug fields`,
+				field: apiKey
+			});
+			if (!Array.isArray(enumValues) || !enumValues.every((value) => typeof value === "string")) return yield* new ValidationError({
+				message: `enum validator must be an array of strings`,
+				field: apiKey
+			});
+		}
+		const length = validators.length;
+		if (length !== void 0) {
+			if (![
+				"string",
+				"text",
+				"slug"
+			].includes(fieldType)) return yield* new ValidationError({
+				message: `length validator is only supported for string, text, and slug fields`,
+				field: apiKey
+			});
+			if (typeof length !== "object" || length === null || Array.isArray(length)) return yield* new ValidationError({
+				message: `length validator must be an object`,
+				field: apiKey
+			});
+			const lengthConfig = length;
+			if (lengthConfig.min !== void 0 && (typeof lengthConfig.min !== "number" || lengthConfig.min < 0)) return yield* new ValidationError({
+				message: `length.min must be a non-negative number`,
+				field: apiKey
+			});
+			if (lengthConfig.max !== void 0 && (typeof lengthConfig.max !== "number" || lengthConfig.max < 0)) return yield* new ValidationError({
+				message: `length.max must be a non-negative number`,
+				field: apiKey
+			});
+		}
+		const slugSource = validators.slug_source;
+		if (slugSource !== void 0) {
+			if (fieldType !== "slug") return yield* new ValidationError({
+				message: `slug_source validator is only supported for slug fields`,
+				field: apiKey
+			});
+			if (typeof slugSource !== "string" || slugSource.length === 0) return yield* new ValidationError({
+				message: `slug_source validator must be a non-empty string`,
+				field: apiKey
+			});
+		}
+		const itemItemType = validators.item_item_type;
+		if (itemItemType !== void 0) {
+			if (fieldType !== "link") return yield* new ValidationError({
+				message: `item_item_type validator is only supported for link fields`,
+				field: apiKey
+			});
+			if (!Array.isArray(itemItemType) || !itemItemType.every((value) => typeof value === "string")) return yield* new ValidationError({
+				message: `item_item_type validator must be an array of strings`,
+				field: apiKey
+			});
+		}
+		const itemsItemType = validators.items_item_type;
+		if (itemsItemType !== void 0) {
+			if (fieldType !== "links") return yield* new ValidationError({
+				message: `items_item_type validator is only supported for links fields`,
+				field: apiKey
+			});
+			if (!Array.isArray(itemsItemType) || !itemsItemType.every((value) => typeof value === "string")) return yield* new ValidationError({
+				message: `items_item_type validator must be an array of strings`,
+				field: apiKey
+			});
+		}
+		const blocksOnly = validators.blocks_only;
+		if (blocksOnly !== void 0) {
+			if (fieldType !== "structured_text") return yield* new ValidationError({
+				message: `blocks_only validator is only supported for structured_text fields`,
+				field: apiKey
+			});
+			if (typeof blocksOnly !== "boolean") return yield* new ValidationError({
+				message: `blocks_only validator must be a boolean`,
+				field: apiKey
+			});
+		}
+		const structuredTextBlocks = validators.structured_text_blocks;
+		if (structuredTextBlocks !== void 0) {
+			if (fieldType !== "structured_text") return yield* new ValidationError({
+				message: `structured_text_blocks validator is only supported for structured_text fields`,
+				field: apiKey
+			});
+			if (!Array.isArray(structuredTextBlocks) || !structuredTextBlocks.every((value) => typeof value === "string")) return yield* new ValidationError({
+				message: `structured_text_blocks validator must be an array of strings`,
+				field: apiKey
+			});
+		}
+		const numberRange = validators.number_range;
+		if (numberRange !== void 0) {
+			if (!["integer", "float"].includes(fieldType)) return yield* new ValidationError({
+				message: `number_range validator is only supported for integer and float fields`,
+				field: apiKey
+			});
+			if (typeof numberRange !== "object" || numberRange === null || Array.isArray(numberRange)) return yield* new ValidationError({
+				message: `number_range validator must be an object`,
+				field: apiKey
+			});
+			const rangeConfig = numberRange;
+			if (rangeConfig.min !== void 0 && typeof rangeConfig.min !== "number") return yield* new ValidationError({
+				message: `number_range.min must be a number`,
+				field: apiKey
+			});
+			if (rangeConfig.max !== void 0 && typeof rangeConfig.max !== "number") return yield* new ValidationError({
+				message: `number_range.max must be a number`,
+				field: apiKey
+			});
+		}
+		const format = validators.format;
+		if (format !== void 0) {
+			if (![
+				"string",
+				"text",
+				"slug"
+			].includes(fieldType)) return yield* new ValidationError({
+				message: `format validator is only supported for string, text, and slug fields`,
+				field: apiKey
+			});
+			const isPreset = format === "email" || format === "url";
+			const isCustom = typeof format === "object" && format !== null && !Array.isArray(format) && typeof format.custom_pattern === "string";
+			if (!isPreset && !isCustom) return yield* new ValidationError({
+				message: `format validator must be 'email', 'url', or { custom_pattern: string }`,
+				field: apiKey
+			});
+		}
+		const dateRange = validators.date_range;
+		if (dateRange !== void 0) {
+			if (!["date", "date_time"].includes(fieldType)) return yield* new ValidationError({
+				message: `date_range validator is only supported for date and date_time fields`,
+				field: apiKey
+			});
+			if (typeof dateRange !== "object" || dateRange === null || Array.isArray(dateRange)) return yield* new ValidationError({
+				message: `date_range validator must be an object`,
+				field: apiKey
+			});
+			const dateRangeConfig = dateRange;
+			for (const key of ["min", "max"]) {
+				const boundary = dateRangeConfig[key];
+				if (boundary !== void 0 && boundary !== "now" && typeof boundary !== "string") return yield* new ValidationError({
+					message: `date_range.${key} must be an ISO datetime string or 'now'`,
+					field: apiKey
+				});
+			}
+		}
+	});
+}
+function serializeDefaultValueForFieldMetadata(value) {
+	if (value === void 0) return null;
+	if (typeof value === "string") return value;
+	return encodeJson(value);
+}
+function serializeDefaultValueForRecordColumn(value) {
+	if (value === void 0) return null;
+	if (typeof value === "object" && value !== null) return encodeJson(value);
+	if (typeof value === "boolean") return value ? 1 : 0;
+	return value;
+}
+function syncTable(modelId) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const models = yield* sql.unsafe("SELECT api_key, is_block FROM models WHERE id = ?", [modelId]);
+		if (models.length === 0) return;
+		const model = models[0];
+		const fields = yield* sql.unsafe("SELECT api_key, field_type FROM fields WHERE model_id = ? ORDER BY position", [modelId]);
+		yield* migrateContentTable(model.api_key, !!model.is_block, fields.map((f) => ({
+			apiKey: f.api_key,
+			fieldType: isFieldType(f.field_type) ? f.field_type : "string"
+		})));
+	});
+}
+function listFields(modelId) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		if ((yield* sql.unsafe("SELECT id FROM models WHERE id = ?", [modelId])).length === 0) return yield* new NotFoundError({
+			entity: "Model",
+			id: modelId
+		});
+		return (yield* sql.unsafe("SELECT * FROM fields WHERE model_id = ? ORDER BY position", [modelId])).map(parseFieldValidators);
+	});
+}
+function createField(modelId, body) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		if ((yield* sql.unsafe("SELECT id FROM models WHERE id = ?", [modelId])).length === 0) return yield* new NotFoundError({
+			entity: "Model",
+			id: modelId
+		});
+		if (!/^[a-z][a-z0-9_]*$/.test(body.apiKey)) return yield* new ValidationError({ message: "apiKey must start with a lowercase letter and contain only lowercase letters, numbers, and underscores" });
+		if (!isFieldType(body.fieldType)) return yield* new ValidationError({ message: `fieldType must be one of: ${FIELD_TYPES.join(", ")}` });
+		if ((yield* sql.unsafe("SELECT id FROM fields WHERE model_id = ? AND api_key = ?", [modelId, body.apiKey])).length > 0) return yield* new DuplicateError({ message: `Field with apiKey '${body.apiKey}' already exists on this model` });
+		const allFields = yield* sql.unsafe("SELECT id FROM fields WHERE model_id = ?", [modelId]);
+		const position = body.position ?? allFields.length;
+		const parsedValidators = body.validators;
+		yield* validateFieldValidators(body.fieldType, body.apiKey, parsedValidators);
+		if (parsedValidators.required) {
+			const modelInfo = yield* sql.unsafe("SELECT api_key, is_block FROM models WHERE id = ?", [modelId]);
+			if (modelInfo.length > 0) {
+				const tableName = modelInfo[0].is_block ? `block_${modelInfo[0].api_key}` : `content_${modelInfo[0].api_key}`;
+				const recordCount = yield* sql.unsafe(`SELECT COUNT(*) as c FROM "${tableName}"`);
+				if (recordCount[0]?.c > 0 && body.defaultValue === void 0) return yield* new ValidationError({
+					message: `Cannot add required field '${body.apiKey}' to model with ${recordCount[0].c} existing record(s) without a default_value. Provide a default_value.`,
+					field: body.apiKey
+				});
+			}
+		}
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		const id = generateId();
+		const validators = encodeJson(body.validators);
+		yield* sql.unsafe(`INSERT INTO fields (id, model_id, label, api_key, field_type, position, localized, validators, default_value, appearance, hint, fieldset_id, created_at, updated_at)
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`, [
+			id,
+			modelId,
+			body.label,
+			body.apiKey,
+			body.fieldType,
+			position,
+			body.localized ? 1 : 0,
+			validators,
+			serializeDefaultValueForFieldMetadata(body.defaultValue),
+			body.appearance ? encodeJson(body.appearance) : null,
+			body.hint ?? null,
+			body.fieldsetId ?? null,
+			now,
+			now
+		]);
+		yield* syncTable(modelId);
+		if (parsedValidators.required && body.defaultValue !== void 0) {
+			const modelInfo = yield* sql.unsafe("SELECT api_key, is_block FROM models WHERE id = ?", [modelId]);
+			if (modelInfo.length > 0) {
+				const tableName = modelInfo[0].is_block ? `block_${modelInfo[0].api_key}` : `content_${modelInfo[0].api_key}`;
+				const serialized = serializeDefaultValueForRecordColumn(body.defaultValue);
+				yield* sql.unsafe(`UPDATE "${tableName}" SET "${body.apiKey}" = ? WHERE "${body.apiKey}" IS NULL`, [serialized]);
+			}
+		}
+		return {
+			id,
+			modelId,
+			label: body.label,
+			apiKey: body.apiKey,
+			fieldType: body.fieldType,
+			position,
+			localized: body.localized,
+			validators: body.validators,
+			defaultValue: body.defaultValue ?? null,
+			appearance: body.appearance ?? null,
+			hint: body.hint ?? null,
+			fieldsetId: body.fieldsetId ?? null,
+			createdAt: now,
+			updatedAt: now
+		};
+	});
+}
+function updateField(fieldId, body) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const fields = yield* sql.unsafe("SELECT * FROM fields WHERE id = ?", [fieldId]);
+		if (fields.length === 0) return yield* new NotFoundError({
+			entity: "Field",
+			id: fieldId
+		});
+		const field = fields[0];
+		const nextFieldType = body.fieldType ?? field.field_type;
+		const nextValidators = body.validators ?? parseFieldValidators(field).validators;
+		yield* validateFieldValidators(nextFieldType, field.api_key, nextValidators);
+		if (body.fieldType !== void 0 && body.fieldType !== field.field_type) {
+			const model = yield* sql.unsafe("SELECT api_key, is_block FROM models WHERE id = ?", [field.model_id]);
+			if (model.length > 0) {
+				const tableName = model[0].is_block ? `block_${model[0].api_key}` : `content_${model[0].api_key}`;
+				const rows = yield* sql.unsafe(`SELECT COUNT(*) as c FROM "${tableName}" WHERE "${field.api_key}" IS NOT NULL`);
+				if (rows[0]?.c > 0) return yield* new ValidationError({
+					message: `Cannot change field type of '${field.api_key}' from '${field.field_type}' to '${body.fieldType}': field has data in ${rows[0].c} record(s). Clear the field data first.`,
+					field: field.api_key
+				});
+			}
+		}
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		const sets = ["updated_at = ?"];
+		const values = [now];
+		if (body.label !== void 0) {
+			sets.push("label = ?");
+			values.push(body.label);
+		}
+		if (body.position !== void 0) {
+			sets.push("position = ?");
+			values.push(body.position);
+		}
+		if (body.localized !== void 0) {
+			sets.push("localized = ?");
+			values.push(body.localized ? 1 : 0);
+		}
+		if (body.validators !== void 0) {
+			sets.push("validators = ?");
+			values.push(encodeJson(body.validators));
+		}
+		if (body.hint !== void 0) {
+			sets.push("hint = ?");
+			values.push(body.hint);
+		}
+		if (body.appearance !== void 0) {
+			sets.push("appearance = ?");
+			values.push(encodeJson(body.appearance));
+		}
+		if (body.apiKey !== void 0 && body.apiKey !== field.api_key) {
+			const newApiKey = body.apiKey;
+			if (!/^[a-z][a-z0-9_]*$/.test(newApiKey)) return yield* new ValidationError({ message: "apiKey must start with a lowercase letter and contain only lowercase letters, numbers, and underscores" });
+			if ((yield* sql.unsafe("SELECT id FROM fields WHERE model_id = ? AND api_key = ? AND id != ?", [
+				field.model_id,
+				newApiKey,
+				fieldId
+			])).length > 0) return yield* new DuplicateError({ message: `Field with apiKey '${newApiKey}' already exists on this model` });
+			const modelInfo = yield* sql.unsafe("SELECT api_key, is_block FROM models WHERE id = ?", [field.model_id]);
+			if (modelInfo.length > 0) {
+				const tableName = modelInfo[0].is_block ? `block_${modelInfo[0].api_key}` : `content_${modelInfo[0].api_key}`;
+				yield* sql.unsafe(`ALTER TABLE "${tableName}" RENAME COLUMN "${field.api_key}" TO "${newApiKey}"`);
+			}
+			if (field.field_type === "structured_text") {
+				const blockModels = yield* sql.unsafe("SELECT api_key FROM models WHERE is_block = 1");
+				for (const bm of blockModels) if (modelInfo[0].is_block) yield* sql.unsafe(`UPDATE "block_${bm.api_key}"
+               SET _parent_field_api_key = ?
+               WHERE _parent_container_model_api_key = ? AND _parent_field_api_key = ?`, [
+					newApiKey,
+					modelInfo[0].api_key,
+					field.api_key
+				]);
+				else {
+					yield* sql.unsafe(`UPDATE "block_${bm.api_key}"
+               SET _root_field_api_key = ?
+               WHERE _root_field_api_key = ?`, [newApiKey, field.api_key]);
+					yield* sql.unsafe(`UPDATE "block_${bm.api_key}"
+               SET _parent_field_api_key = ?
+               WHERE _parent_container_model_api_key = ? AND _parent_block_id IS NULL AND _parent_field_api_key = ?`, [
+						newApiKey,
+						modelInfo[0].api_key,
+						field.api_key
+					]);
+				}
+			}
+			sets.push("api_key = ?");
+			values.push(newApiKey);
+		}
+		yield* sql.unsafe(`UPDATE fields SET ${sets.join(", ")} WHERE id = ?`, [...values, fieldId]);
+		return parseFieldValidators((yield* sql.unsafe("SELECT * FROM fields WHERE id = ?", [fieldId]))[0]);
+	});
+}
+function deleteField(fieldId) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const fields = yield* sql.unsafe("SELECT * FROM fields WHERE id = ?", [fieldId]);
+		if (fields.length === 0) return yield* new NotFoundError({
+			entity: "Field",
+			id: fieldId
+		});
+		const field = fields[0];
+		const modelId = field.model_id;
+		const siblingFields = yield* sql.unsafe("SELECT * FROM fields WHERE model_id = ? AND field_type = 'slug' AND id != ?", [modelId, fieldId]);
+		for (const slugField of siblingFields) if (decodeJsonRecordStringOr(slugField.validators || "{}", {}).slug_source === field.api_key) return yield* new ReferenceConflictError({
+			message: `Cannot delete field '${field.api_key}': slug field '${slugField.api_key}' depends on it via slug_source`,
+			references: [`${slugField.api_key}.slug_source`]
+		});
+		const modelInfo = yield* sql.unsafe("SELECT * FROM models WHERE id = ?", [modelId]);
+		if (modelInfo.length > 0) {
+			const tableName = modelInfo[0].is_block ? `block_${modelInfo[0].api_key}` : `content_${modelInfo[0].api_key}`;
+			const publishedRecords = yield* sql.unsafe(`SELECT id, _published_snapshot FROM "${tableName}" WHERE _published_snapshot IS NOT NULL`);
+			for (const record of publishedRecords) {
+				let snapshot;
+				snapshot = decodeJsonRecordStringOr(record._published_snapshot, {});
+				if (Object.keys(snapshot).length === 0) continue;
+				if (field.api_key in snapshot) {
+					delete snapshot[field.api_key];
+					yield* sql.unsafe(`UPDATE "${tableName}" SET _published_snapshot = ? WHERE id = ?`, [encodeJson(snapshot), record.id]);
+				}
+			}
+			if (field.field_type === "structured_text") {
+				const blockModels = yield* sql.unsafe("SELECT api_key FROM models WHERE is_block = 1");
+				if (modelInfo[0].is_block) {
+					const directChildIds = [];
+					for (const bm of blockModels) {
+						const rows = yield* sql.unsafe(`SELECT id FROM "block_${bm.api_key}"
+               WHERE _parent_container_model_api_key = ?
+                 AND _parent_field_api_key = ?
+                 AND _parent_block_id IN (SELECT id FROM "${tableName}")`, [modelInfo[0].api_key, field.api_key]);
+						directChildIds.push(...rows.map((r) => r.id));
+					}
+					yield* deleteBlockSubtrees({ blockIds: directChildIds });
+				} else for (const bm of blockModels) yield* sql.unsafe(`DELETE FROM "block_${bm.api_key}" WHERE _root_field_api_key = ? AND _root_record_id IN (SELECT id FROM "${tableName}")`, [field.api_key]);
+			}
+		}
+		yield* sql.unsafe("DELETE FROM fields WHERE id = ?", [fieldId]);
+		yield* syncTable(modelId);
+		return { deleted: true };
+	});
+}
+//#endregion
+//#region src/slug.ts
+/**
+* Generate a URL-safe slug from a string.
+* Django-parity: NFKD decomposition + charmap for non-decomposable chars.
+*/
+function generateSlug(input) {
+	return slugify(input, {
+		lower: true,
+		strict: true,
+		locale: "en"
+	});
+}
+//#endregion
+//#region src/schema-engine/sql-records.ts
+/**
+* Insert a record into a dynamic content table.
+*/
+function insertRecord(tableName, record) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const columns = Object.keys(record);
+		const colList = columns.map((c) => `"${c}"`).join(", ");
+		const placeholders = columns.map(() => "?").join(", ");
+		const values = columns.map((c) => record[c]);
+		yield* sql.unsafe(`INSERT INTO "${tableName}" (${colList}) VALUES (${placeholders})`, values.map(serializeValue));
+	});
+}
+/**
+* Select all records from a dynamic table.
+*/
+function selectAll(tableName) {
+	return Effect.gen(function* () {
+		return (yield* (yield* SqlClient.SqlClient).unsafe(`SELECT * FROM "${tableName}"`)).map(deserializeRow);
+	});
+}
+/**
+* Select a single record by ID.
+*/
+function selectById(tableName, id) {
+	return Effect.gen(function* () {
+		const rows = yield* (yield* SqlClient.SqlClient).unsafe(`SELECT * FROM "${tableName}" WHERE "id" = ?`, [id]);
+		return rows.length > 0 ? deserializeRow(rows[0]) : null;
+	});
+}
+/**
+* Update a record by ID.
+*/
+function updateRecord(tableName, id, updates) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const columns = Object.keys(updates);
+		if (columns.length === 0) return;
+		const setClauses = columns.map((c) => `"${c}" = ?`).join(", ");
+		const values = [...columns.map((c) => serializeValue(updates[c])), id];
+		yield* sql.unsafe(`UPDATE "${tableName}" SET ${setClauses} WHERE "id" = ?`, values);
+	});
+}
+/**
+* Delete a record by ID.
+*/
+function deleteRecord(tableName, id) {
+	return Effect.gen(function* () {
+		yield* (yield* SqlClient.SqlClient).unsafe(`DELETE FROM "${tableName}" WHERE "id" = ?`, [id]);
+	});
+}
+/** Serialize a JS value for SQLite storage */
+function serializeValue(value) {
+	if (value === void 0 || value === null) return null;
+	if (typeof value === "boolean") return value ? 1 : 0;
+	if (typeof value === "object") return JSON.stringify(value);
+	return value;
+}
+/** Deserialize a row from SQLite — parse JSON columns */
+function deserializeRow(row) {
+	const result = {};
+	for (const [key, value] of Object.entries(row)) if (typeof value === "string" && (value.startsWith("{") || value.startsWith("["))) try {
+		result[key] = JSON.parse(value);
+	} catch {
+		result[key] = value;
+	}
+	else result[key] = value;
+	return result;
+}
+//#endregion
+//#region src/hooks.ts
+/**
+* Lifecycle hooks for content events.
+* Passed to createCMSHandler, fired in the service layer.
+*/
+var HooksContext = class extends Context.Tag("HooksContext")() {};
+var HookExecutionError = class extends Data.TaggedError("HookExecutionError") {};
+/**
+* Fire a lifecycle hook if configured. Non-blocking — errors are logged, not propagated.
+*/
+function fireHook(hookName, event) {
+	return Effect.gen(function* () {
+		const hooks = yield* HooksContext;
+		if (Option.isNone(hooks)) return;
+		const fn = hooks.value[hookName];
+		if (!fn) return;
+		yield* Effect.tryPromise({
+			try: () => Promise.resolve(fn(event)),
+			catch: (cause) => new HookExecutionError({ cause })
+		}).pipe(Effect.ignore);
+	});
+}
+//#endregion
+//#region src/services/version-service.ts
+/**
+* Create a version snapshot for a record.
+* Called internally by publish and auto-republish flows.
+*/
+function createVersion(modelApiKey, recordId, snapshot, attribution) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const nextVersion = ((yield* sql.unsafe(`SELECT MAX(version_number) as max_v FROM record_versions WHERE model_api_key = ? AND record_id = ?`, [modelApiKey, recordId]))[0]?.max_v ?? 0) + 1;
+		const id = generateId();
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		const actor = attribution?.actor;
+		yield* sql.unsafe(`INSERT INTO record_versions (id, model_api_key, record_id, version_number, snapshot, action, actor_type, actor_label, actor_token_id, created_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`, [
+			id,
+			modelApiKey,
+			recordId,
+			nextVersion,
+			snapshot,
+			attribution?.action ?? "publish",
+			actor?.type ?? null,
+			actor?.label ?? null,
+			actor?.tokenId ?? null,
+			now
+		]);
+		return {
+			id,
+			model_api_key: modelApiKey,
+			record_id: recordId,
+			version_number: nextVersion,
+			action: attribution?.action ?? "publish",
+			actor_type: actor?.type ?? null,
+			actor_label: actor?.label ?? null,
+			actor_token_id: actor?.tokenId ?? null,
+			created_at: now
+		};
+	});
+}
+/**
+* List all versions for a record, newest first.
+*/
+function listVersions(modelApiKey, recordId) {
+	return Effect.gen(function* () {
+		return (yield* (yield* SqlClient.SqlClient).unsafe(`SELECT * FROM record_versions WHERE model_api_key = ? AND record_id = ? ORDER BY version_number DESC`, [modelApiKey, recordId])).map((r) => ({
+			...r,
+			snapshot: decodeJsonString(r.snapshot)
+		}));
+	});
+}
+/**
+* Get a single version by ID.
+*/
+function getVersion(versionId) {
+	return Effect.gen(function* () {
+		const rows = yield* (yield* SqlClient.SqlClient).unsafe(`SELECT * FROM record_versions WHERE id = ?`, [versionId]);
+		if (rows.length === 0) return yield* new NotFoundError({
+			entity: "Version",
+			id: versionId
+		});
+		const row = rows[0];
+		return {
+			...row,
+			snapshot: decodeJsonString(row.snapshot)
+		};
+	});
+}
+/**
+* Restore a record to a previous version.
+* Versions the current state first (so restore is reversible), then writes
+* the version's field values back to the content table.
+*/
+function restoreVersion(modelApiKey, recordId, versionId, actor) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const versionRows = yield* sql.unsafe(`SELECT * FROM record_versions WHERE id = ?`, [versionId]);
+		if (versionRows.length === 0) return yield* new NotFoundError({
+			entity: "Version",
+			id: versionId
+		});
+		const version = versionRows[0];
+		const models = yield* sql.unsafe(`SELECT * FROM models WHERE api_key = ?`, [modelApiKey]);
+		if (models.length === 0) return yield* new NotFoundError({
+			entity: "Model",
+			id: modelApiKey
+		});
+		const model = models[0];
+		const tableName = `content_${model.api_key}`;
+		const current = yield* selectById(tableName, recordId);
+		if (!current) return yield* new NotFoundError({
+			entity: "Record",
+			id: recordId
+		});
+		const currentSnap = {};
+		for (const [key, value] of Object.entries(current)) if (!key.startsWith("_") && key !== "id") currentSnap[key] = value;
+		yield* createVersion(modelApiKey, recordId, encodeJson(currentSnap), {
+			action: "restore",
+			actor
+		});
+		const fieldRows = yield* sql.unsafe(`SELECT * FROM fields WHERE model_id = ? ORDER BY position`, [model.id]);
+		const existingFieldKeys = new Set(fieldRows.map((f) => f.api_key));
+		const versionSnapshot = decodeJsonString(version.snapshot);
+		const updates = {};
+		for (const [key, value] of Object.entries(versionSnapshot)) if (existingFieldKeys.has(key)) updates[key] = value;
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		updates._updated_at = now;
+		updates._updated_by = actor?.label ?? null;
+		if (model.has_draft) updates._status = "draft";
+		else {
+			const parsedFields = fieldRows.map(parseFieldValidators);
+			const tempRecord = { ...current };
+			for (const [key, value] of Object.entries(updates)) tempRecord[key] = value;
+			const materialized = yield* materializeRecordStructuredTextFields({
+				modelApiKey,
+				record: tempRecord,
+				fields: parsedFields
+			});
+			const snap = {};
+			for (const [key, value] of Object.entries(materialized)) if (!key.startsWith("_") && key !== "id") snap[key] = value;
+			updates._published_snapshot = encodeJson(snap);
+			updates._published_at = now;
+			updates._published_by = actor?.label ?? null;
+			updates._status = "published";
+		}
+		const setCols = Object.keys(updates);
+		const setClauses = setCols.map((c) => `"${c}" = ?`).join(", ");
+		const values = setCols.map((c) => {
+			const v = updates[c];
+			if (v === void 0 || v === null) return null;
+			if (typeof v === "object") return encodeJson(v);
+			return v;
+		});
+		values.push(recordId);
+		yield* sql.unsafe(`UPDATE "${tableName}" SET ${setClauses} WHERE id = ?`, values);
+		yield* fireHook("onRecordUpdate", {
+			modelApiKey,
+			recordId
+		});
+		return yield* selectById(tableName, recordId);
+	});
+}
+function deleteVersionsForRecord(modelApiKey, recordId) {
+	return Effect.gen(function* () {
+		yield* (yield* SqlClient.SqlClient).unsafe(`DELETE FROM record_versions WHERE model_api_key = ? AND record_id = ?`, [modelApiKey, recordId]);
+	});
+}
+//#endregion
+//#region src/services/record-service.ts
+function validateRequestedId(id) {
+	if (id === void 0) return null;
+	return id.trim().length > 0 ? id : null;
+}
+function applyRecordOverrides(target, overrides) {
+	if (!overrides) return;
+	if (overrides.createdAt !== void 0) target._created_at = overrides.createdAt;
+	if (overrides.updatedAt !== void 0) target._updated_at = overrides.updatedAt;
+	if (overrides.publishedAt !== void 0) target._published_at = overrides.publishedAt;
+	if (overrides.firstPublishedAt !== void 0) target._first_published_at = overrides.firstPublishedAt;
+}
+function applyActorColumns(target, actor, options) {
+	if (!actor) return;
+	if (options?.created) target._created_by = actor.label;
+	if (options?.updated) target._updated_by = actor.label;
+	if (options?.published) target._published_by = actor.label;
+}
+function getModelByApiKey(apiKey) {
+	return Effect.gen(function* () {
+		const models = yield* (yield* SqlClient.SqlClient).unsafe("SELECT * FROM models WHERE api_key = ?", [apiKey]);
+		return models.length > 0 ? models[0] : null;
+	});
+}
+function getModelFields(modelId) {
+	return Effect.gen(function* () {
+		return (yield* (yield* SqlClient.SqlClient).unsafe("SELECT * FROM fields WHERE model_id = ? ORDER BY position", [modelId])).map(parseFieldValidators);
+	});
+}
+function decodeLocalizedStructuredTextMap(field, rawValue) {
+	return Schema.decodeUnknown(Schema.Record({
+		key: Schema.String,
+		value: Schema.NullOr(Schema.Unknown)
+	}))(rawValue).pipe(Effect.mapError((e) => new ValidationError({
+		message: `Invalid localized StructuredText for field '${field.api_key}': ${e.message}`,
+		field: field.api_key
+	})));
+}
+function decodeLocalizedFieldMap(field, rawValue) {
+	return Schema.decodeUnknown(Schema.Record({
+		key: Schema.String,
+		value: Schema.Unknown
+	}))(rawValue).pipe(Effect.map((localeMap) => sanitizeLocaleMap(localeMap)), Effect.mapError((e) => new ValidationError({
+		message: `Invalid localized value for field '${field.api_key}': ${e.message}`,
+		field: field.api_key
+	})));
+}
+function parseExistingLocaleMap(rawValue) {
+	if (rawValue === null || rawValue === void 0) return {};
+	const parsed = decodeJsonIfString(rawValue);
+	if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) return {};
+	return sanitizeLocaleMap(parsed);
+}
+function sanitizeLocaleMap(localeMap) {
+	return Object.fromEntries(Object.entries(localeMap).filter(([key]) => isLocaleKey(key)));
+}
+function isLocaleKey(key) {
+	return /^[a-z]{2,3}(?:[_-][A-Za-z0-9]{2,8})*$/.test(key);
+}
+function isLocalizedValueMap(value) {
+	return isJsonRecord(value) && Object.keys(value).length > 0 && Object.keys(value).every(isLocaleKey);
+}
+function isJsonRecord(value) {
+	return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function isMistakenMediaObject(value) {
+	return isJsonRecord(value) && typeof value.id === "string" && value.id.length > 0 && value.upload_id === void 0;
+}
+function isMistakenLinkObject(value) {
+	return isJsonRecord(value) && typeof value.id === "string" && value.id.length > 0;
+}
+function hasMistakenLinkObject(value) {
+	return Array.isArray(value) && value.some((entry) => isMistakenLinkObject(entry));
+}
+function toSlugSourceString(value) {
+	if (typeof value === "string") return value;
+	if (typeof value === "number" || typeof value === "boolean") return String(value);
+	return null;
+}
+function normalizeBooleanValue(field, value) {
+	if (field.field_type !== "boolean") return value;
+	if (value === 1) return true;
+	if (value === 0) return false;
+	if (field.localized && isJsonRecord(value)) return Object.fromEntries(Object.entries(value).map(([locale, localeValue]) => [locale, localeValue === 1 ? true : localeValue === 0 ? false : localeValue]));
+	return value;
+}
+function normalizeBooleanFields(record, fields) {
+	const normalized = { ...record };
+	for (const field of fields) if (field.api_key in normalized) normalized[field.api_key] = normalizeBooleanValue(field, normalized[field.api_key]);
+	return normalized;
+}
+function scopeStructuredTextIds(value, scope) {
+	if (!value || typeof value !== "object") return value;
+	const clone = structuredClone(value);
+	if (!isJsonRecord(clone)) return clone;
+	const mutableClone = clone;
+	const blocks = isJsonRecord(mutableClone.blocks) ? mutableClone.blocks : void 0;
+	const originalIds = Object.keys(blocks ?? {});
+	if (originalIds.length === 0) return clone;
+	const idMap = new Map(originalIds.map((id) => [id, `${scope}:${id}`]));
+	const rewriteNode = (node) => {
+		if (!node || typeof node !== "object") return node;
+		if (Array.isArray(node)) return node.map(rewriteNode);
+		const next = {};
+		for (const [key, child] of Object.entries(node)) next[key] = rewriteNode(child);
+		if ((next.type === "block" || next.type === "inlineBlock") && typeof next.item === "string") next.item = idMap.get(next.item) ?? next.item;
+		return next;
+	};
+	if ("value" in mutableClone) mutableClone.value = rewriteNode(mutableClone.value);
+	mutableClone.blocks = Object.fromEntries(Object.entries(blocks ?? {}).map(([blockId, blockValue]) => [idMap.get(blockId) ?? blockId, blockValue]));
+	return clone;
+}
+function createFieldErrorMessage(prefix, message) {
+	return prefix ? `${prefix}: ${message}` : message;
+}
+function getReferenceIds(fieldType, value) {
+	if (fieldType === "link") return typeof value === "string" && value.length > 0 ? [value] : [];
+	if (fieldType === "links") return Array.isArray(value) ? value.filter((entry) => typeof entry === "string" && entry.length > 0) : [];
+	return [];
+}
+function getAssetIds(fieldType, value) {
+	if (fieldType === "media") {
+		const ref = parseMediaFieldReference(value);
+		return ref ? [ref.uploadId] : [];
+	}
+	if (fieldType === "media_gallery") return parseMediaGalleryReferences(value).map((ref) => ref.uploadId);
+	if (fieldType === "seo" && isJsonRecord(value) && typeof value.image === "string" && value.image.length > 0) return [value.image];
+	return [];
+}
+function validateAssetFieldValue(sql, field, value, errorPrefix) {
+	return Effect.gen(function* () {
+		const assetIds = getAssetIds(field.field_type, value);
+		if (assetIds.length === 0) return;
+		const placeholders = assetIds.map(() => "?").join(", ");
+		const found = yield* sql.unsafe(`SELECT id FROM assets WHERE id IN (${placeholders})`, assetIds);
+		const foundIds = new Set(found.map((row) => row.id));
+		const missing = assetIds.filter((id) => !foundIds.has(id));
+		if (missing.length > 0) return yield* new ValidationError({
+			message: createFieldErrorMessage(errorPrefix, `Asset(s) not found for field '${field.api_key}': ${missing.join(", ")}`),
+			field: field.api_key
+		});
+	});
+}
+function validateReferenceFieldValue(sql, field, value, errorPrefix) {
+	return Effect.gen(function* () {
+		const targetModelApiKeys = field.field_type === "link" ? getLinkTargets(field.validators) : field.field_type === "links" ? getLinksTargets(field.validators) : void 0;
+		const referenceIds = getReferenceIds(field.field_type, value);
+		if (!targetModelApiKeys || referenceIds.length === 0) return;
+		const placeholders = targetModelApiKeys.map(() => "?").join(", ");
+		const targetModels = yield* sql.unsafe(`SELECT * FROM models WHERE api_key IN (${placeholders})`, targetModelApiKeys);
+		const foundIds = /* @__PURE__ */ new Set();
+		for (const model of targetModels) {
+			const idPlaceholders = referenceIds.map(() => "?").join(", ");
+			const rows = yield* sql.unsafe(`SELECT id FROM "content_${model.api_key}" WHERE id IN (${idPlaceholders})`, referenceIds);
+			for (const row of rows) foundIds.add(row.id);
+		}
+		const missingIds = referenceIds.filter((id) => !foundIds.has(id));
+		if (missingIds.length > 0) return yield* new ValidationError({
+			message: createFieldErrorMessage(errorPrefix, `Linked record(s) not found for field '${field.api_key}': ${missingIds.join(", ")}`),
+			field: field.api_key
+		});
+	});
+}
+function processCreateLikeRecordFields({ modelApiKey, tableName, recordId, data, record, modelFields, errorPrefix }) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		for (const field of modelFields) {
+			if (field.field_type === "structured_text" && data[field.api_key] !== void 0 && data[field.api_key] !== null) {
+				if (field.localized) {
+					const localeMap = yield* decodeLocalizedStructuredTextMap(field, data[field.api_key]).pipe(Effect.mapError((error) => new ValidationError({
+						message: createFieldErrorMessage(errorPrefix, error.message),
+						field: error.field
+					})));
+					const localizedDast = {};
+					for (const [localeCode, localeValue] of Object.entries(localeMap)) {
+						if (localeValue === null) {
+							localizedDast[localeCode] = null;
+							continue;
+						}
+						const stInput = yield* Schema.decodeUnknown(StructuredTextWriteInput)(scopeStructuredTextIds(localeValue, `${field.api_key}:${localeCode}`)).pipe(Effect.mapError((e) => new ValidationError({
+							message: createFieldErrorMessage(errorPrefix, `Invalid StructuredText for field '${field.api_key}' locale '${localeCode}': ${e.message}`),
+							field: field.api_key
+						})));
+						const allowedBlockTypes = getBlockWhitelist(field.validators);
+						const blocksOnly = getBlocksOnly(field.validators);
+						localizedDast[localeCode] = yield* writeStructuredText({
+							rootModelApiKey: modelApiKey,
+							fieldApiKey: field.api_key,
+							rootFieldStorageKey: getStructuredTextStorageKey(field.api_key, localeCode),
+							rootRecordId: recordId,
+							value: stInput.value,
+							blocks: stInput.blocks,
+							allowedBlockTypes: allowedBlockTypes ?? [],
+							blocksOnly
+						});
+					}
+					data[field.api_key] = localizedDast;
+					record[field.api_key] = localizedDast;
+					continue;
+				}
+				const stInput = yield* Schema.decodeUnknown(StructuredTextWriteInput)(data[field.api_key]).pipe(Effect.mapError((e) => new ValidationError({
+					message: createFieldErrorMessage(errorPrefix, `Invalid StructuredText for field '${field.api_key}': ${e.message}`),
+					field: field.api_key
+				})));
+				const allowedBlockTypes = getBlockWhitelist(field.validators);
+				const blocksOnly = getBlocksOnly(field.validators);
+				const dast = yield* writeStructuredText({
+					rootModelApiKey: modelApiKey,
+					fieldApiKey: field.api_key,
+					rootRecordId: recordId,
+					value: stInput.value,
+					blocks: stInput.blocks,
+					allowedBlockTypes: allowedBlockTypes ?? [],
+					blocksOnly
+				});
+				data[field.api_key] = dast;
+			}
+			if (field.field_type === "slug") {
+				const sourceFieldKey = getSlugSource(field.validators);
+				const sourceValue = sourceFieldKey ? toSlugSourceString(data[sourceFieldKey]) : null;
+				const currentValue = toSlugSourceString(data[field.api_key]);
+				if (!data[field.api_key] && sourceValue) data[field.api_key] = generateSlug(sourceValue);
+				else if (currentValue) data[field.api_key] = generateSlug(currentValue);
+				if (data[field.api_key]) {
+					let slug = String(data[field.api_key]);
+					const baseSlug = slug;
+					let suffix = 1;
+					for (;;) {
+						if ((yield* sql.unsafe(`SELECT id FROM "${tableName}" WHERE "${field.api_key}" = ?`, [slug])).length === 0) break;
+						suffix++;
+						slug = `${baseSlug}-${suffix}`;
+					}
+					data[field.api_key] = slug;
+				}
+			}
+			if (isFieldType(field.field_type) && data[field.api_key] !== void 0 && data[field.api_key] !== null) {
+				const fieldDef = getFieldTypeDef(field.field_type);
+				if (field.field_type === "media" && isMistakenMediaObject(data[field.api_key])) return yield* new ValidationError({
+					message: createFieldErrorMessage(errorPrefix, `Invalid media for field '${field.api_key}': use an asset ID string or {"upload_id":"<asset_id>"}, not {"id":"..."}`),
+					field: field.api_key
+				});
+				if (field.field_type === "link" && isMistakenLinkObject(data[field.api_key])) return yield* new ValidationError({
+					message: createFieldErrorMessage(errorPrefix, `Invalid link for field '${field.api_key}': use a record ID string, not {"id":"..."}`),
+					field: field.api_key
+				});
+				if (field.field_type === "links" && hasMistakenLinkObject(data[field.api_key])) return yield* new ValidationError({
+					message: createFieldErrorMessage(errorPrefix, `Invalid links for field '${field.api_key}': use an array of record ID strings, not objects like {"id":"..."}`),
+					field: field.api_key
+				});
+				if (!field.localized && isLocalizedValueMap(data[field.api_key])) return yield* new ValidationError({
+					message: createFieldErrorMessage(errorPrefix, `Field '${field.api_key}' is not localized and cannot accept locale-keyed values`),
+					field: field.api_key
+				});
+				if (fieldDef.inputSchema) if (field.localized) {
+					const localeMap = yield* decodeLocalizedFieldMap(field, data[field.api_key]).pipe(Effect.mapError((error) => new ValidationError({
+						message: createFieldErrorMessage(errorPrefix, error.message),
+						field: error.field
+					})));
+					for (const [localeCode, localeValue] of Object.entries(localeMap)) {
+						if (localeValue === null) continue;
+						yield* Schema.decodeUnknown(fieldDef.inputSchema)(localeValue).pipe(Effect.mapError((e) => new ValidationError({
+							message: createFieldErrorMessage(errorPrefix, `Invalid ${field.field_type} for field '${field.api_key}' locale '${localeCode}': ${e.message}`),
+							field: field.api_key
+						})));
+					}
+				} else yield* Schema.decodeUnknown(fieldDef.inputSchema)(data[field.api_key]).pipe(Effect.mapError((e) => new ValidationError({
+					message: createFieldErrorMessage(errorPrefix, `Invalid ${field.field_type} for field '${field.api_key}': ${e.message}`),
+					field: field.api_key
+				})));
+			}
+			if ((field.field_type === "link" || field.field_type === "links") && data[field.api_key] !== void 0 && data[field.api_key] !== null) if (field.localized) {
+				const localeMap = yield* decodeLocalizedFieldMap(field, data[field.api_key]).pipe(Effect.mapError((error) => new ValidationError({
+					message: createFieldErrorMessage(errorPrefix, error.message),
+					field: error.field
+				})));
+				for (const localeValue of Object.values(localeMap)) {
+					if (localeValue === null) continue;
+					yield* validateReferenceFieldValue(sql, field, localeValue, errorPrefix);
+				}
+			} else yield* validateReferenceFieldValue(sql, field, data[field.api_key], errorPrefix);
+			if ((field.field_type === "media" || field.field_type === "media_gallery" || field.field_type === "seo") && data[field.api_key] !== void 0 && data[field.api_key] !== null) if (field.localized) {
+				const localeMap = yield* decodeLocalizedFieldMap(field, data[field.api_key]).pipe(Effect.mapError((error) => new ValidationError({
+					message: createFieldErrorMessage(errorPrefix, error.message),
+					field: error.field
+				})));
+				for (const localeValue of Object.values(localeMap)) {
+					if (localeValue === null) continue;
+					yield* validateAssetFieldValue(sql, field, localeValue, errorPrefix);
+				}
+			} else yield* validateAssetFieldValue(sql, field, data[field.api_key], errorPrefix);
+			if (data[field.api_key] !== void 0) record[field.api_key] = data[field.api_key];
+		}
+	});
+}
+function createRecord(body, actor) {
+	return Effect.gen(function* () {
+		const model = yield* getModelByApiKey(body.modelApiKey);
+		if (!model) return yield* new NotFoundError({
+			entity: "Model",
+			id: body.modelApiKey
+		});
+		if (model.is_block) return yield* new ValidationError({ message: "Cannot create records for block types directly" });
+		const tableName = `content_${model.api_key}`;
+		if (model.singleton) {
+			if ((yield* selectAll(tableName)).length > 0) return yield* new DuplicateError({ message: `Model '${model.api_key}' is a singleton and already has a record` });
+		}
+		const modelFields = yield* getModelFields(model.id);
+		const data = { ...body.data };
+		if (!model.has_draft) {
+			for (const field of modelFields) if (isRequired(field.validators) && (data[field.api_key] === void 0 || data[field.api_key] === null || data[field.api_key] === "")) return yield* new ValidationError({
+				message: `Field '${field.api_key}' is required`,
+				field: field.api_key
+			});
+		}
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		const id = validateRequestedId(body.id) ?? generateId();
+		const sql = yield* SqlClient.SqlClient;
+		if ((yield* sql.unsafe(`SELECT id FROM "${tableName}" WHERE id = ?`, [id])).length > 0) return yield* new DuplicateError({ message: `Record with id '${id}' already exists on model '${body.modelApiKey}'` });
+		const record = {
+			id,
+			_status: model.has_draft ? "draft" : "published",
+			_created_at: now,
+			_updated_at: now,
+			...!model.has_draft ? {
+				_published_at: now,
+				_first_published_at: now
+			} : {}
+		};
+		applyActorColumns(record, actor, {
+			created: true,
+			updated: true,
+			published: !model.has_draft
+		});
+		applyRecordOverrides(record, body.overrides);
+		if (model.sortable || model.tree) record._position = ((yield* sql.unsafe(`SELECT MAX("_position") as max_pos FROM "${tableName}"`))[0]?.max_pos ?? -1) + 1;
+		if (model.tree && data._parent_id !== void 0) {
+			record._parent_id = data._parent_id;
+			delete data._parent_id;
+		}
+		yield* processCreateLikeRecordFields({
+			modelApiKey: model.api_key,
+			tableName,
+			recordId: id,
+			data,
+			record,
+			modelFields
+		});
+		const createUniqueViolations = yield* findUniqueConstraintViolations({
+			tableName,
+			record,
+			fields: modelFields,
+			onlyFieldApiKeys: new Set(modelFields.filter((field) => isUnique(field.validators) && data[field.api_key] !== void 0).map((field) => field.api_key))
+		});
+		if (createUniqueViolations.length > 0) return yield* new ValidationError({
+			message: `Unique constraint violation for field(s): ${createUniqueViolations.join(", ")}`,
+			field: createUniqueViolations[0]
+		});
+		yield* insertRecord(tableName, record);
+		if (!model.has_draft) {
+			const snap = {};
+			for (const [key, value] of Object.entries(record)) if (!key.startsWith("_") && key !== "id") snap[key] = value;
+			yield* sql.unsafe(`UPDATE "${tableName}" SET _published_snapshot = ? WHERE id = ?`, [encodeJson(snap), id]);
+		}
+		yield* indexRecord(body.modelApiKey, id, record, modelFields).pipe(Effect.ignore);
+		yield* fireHook("onRecordCreate", {
+			modelApiKey: body.modelApiKey,
+			recordId: id
+		});
+		return normalizeBooleanFields({
+			id,
+			...record
+		}, modelFields);
+	}).pipe(Effect.withSpan("record.create"), Effect.annotateSpans({
+		modelApiKey: body.modelApiKey,
+		actorType: actor?.type ?? "anonymous"
+	}));
+}
+function listRecords(modelApiKey) {
+	return Effect.gen(function* () {
+		if (!modelApiKey) return yield* new ValidationError({ message: "modelApiKey query parameter is required" });
+		const model = yield* getModelByApiKey(modelApiKey);
+		if (!model) return yield* new NotFoundError({
+			entity: "Model",
+			id: modelApiKey
+		});
+		const records = yield* selectAll(`content_${model.api_key}`);
+		const fields = yield* getModelFields(model.id);
+		return yield* Effect.all(records.map((record) => materializeRecordStructuredTextFields({
+			modelApiKey: model.api_key,
+			record: normalizeBooleanFields(record, fields),
+			fields
+		})), { concurrency: "unbounded" });
+	});
+}
+function getRecord(modelApiKey, id) {
+	return Effect.gen(function* () {
+		if (!modelApiKey) return yield* new ValidationError({ message: "modelApiKey query parameter is required" });
+		const model = yield* getModelByApiKey(modelApiKey);
+		if (!model) return yield* new NotFoundError({
+			entity: "Model",
+			id: modelApiKey
+		});
+		const record = yield* selectById(`content_${model.api_key}`, id);
+		if (!record) return yield* new NotFoundError({
+			entity: "Record",
+			id
+		});
+		return normalizeBooleanFields(record, yield* getModelFields(model.id));
+	});
+}
+function updateSingletonRecord(modelApiKey, data, actor) {
+	return Effect.gen(function* () {
+		const model = yield* getModelByApiKey(modelApiKey);
+		if (!model) return yield* new NotFoundError({
+			entity: "Model",
+			id: modelApiKey
+		});
+		if (!model.singleton) return yield* new ValidationError({ message: `Model '${modelApiKey}' is not a singleton` });
+		const records = yield* selectAll(`content_${model.api_key}`);
+		if (records.length === 0) return yield* new NotFoundError({
+			entity: "Record",
+			id: `${modelApiKey} singleton`
+		});
+		const record = records[0];
+		if (!isContentRow(record)) return yield* new ValidationError({ message: `Singleton record for model '${modelApiKey}' is invalid` });
+		return yield* patchRecord(record.id, {
+			modelApiKey,
+			data
+		}, actor);
+	}).pipe(Effect.withSpan("record.update_singleton"), Effect.annotateSpans({
+		modelApiKey,
+		actorType: actor?.type ?? "anonymous"
+	}));
+}
+function patchRecord(id, body, actor) {
+	return Effect.gen(function* () {
+		const model = yield* getModelByApiKey(body.modelApiKey);
+		if (!model) return yield* new NotFoundError({
+			entity: "Model",
+			id: body.modelApiKey
+		});
+		const tableName = `content_${model.api_key}`;
+		const existing = yield* selectById(tableName, id);
+		if (!existing) return yield* new NotFoundError({
+			entity: "Record",
+			id
+		});
+		const modelFields = yield* getModelFields(model.id);
+		const data = { ...body.data };
+		const updates = { _updated_at: (/* @__PURE__ */ new Date()).toISOString() };
+		applyActorColumns(updates, actor, { updated: true });
+		const hasExplicitDataUpdates = Object.keys(data).length > 0;
+		if (hasExplicitDataUpdates && isContentRow(existing) && existing._status === "published") {
+			if (model.has_draft) updates._status = "updated";
+			else if (existing._published_snapshot) {
+				const prevSnapshot = typeof existing._published_snapshot === "string" ? existing._published_snapshot : encodeJson(existing._published_snapshot);
+				yield* createVersion(body.modelApiKey, id, prevSnapshot, {
+					action: "auto_republish",
+					actor
+				});
+			}
+		}
+		applyRecordOverrides(updates, body.overrides);
+		if (model.tree && data._parent_id !== void 0) {
+			updates._parent_id = data._parent_id;
+			delete data._parent_id;
+		}
+		if ((model.sortable || model.tree) && data._position !== void 0) {
+			updates._position = data._position;
+			delete data._position;
+		}
+		const sql = yield* SqlClient.SqlClient;
+		for (const field of modelFields) {
+			if (field.field_type === "structured_text" && data[field.api_key] !== void 0) if (data[field.api_key] === null) yield* deleteBlocksForField({
+				rootRecordId: id,
+				fieldApiKey: field.api_key,
+				includeLocalizedVariants: field.localized === 1
+			});
+			else {
+				if (field.localized) {
+					const localeMap = yield* decodeLocalizedStructuredTextMap(field, data[field.api_key]);
+					const nextLocaleMap = { ...parseExistingLocaleMap(existing[field.api_key]) };
+					for (const [localeCode, localeValue] of Object.entries(localeMap)) {
+						yield* deleteBlocksForField({
+							rootRecordId: id,
+							fieldApiKey: getStructuredTextStorageKey(field.api_key, localeCode)
+						});
+						if (localeValue === null) {
+							nextLocaleMap[localeCode] = null;
+							continue;
+						}
+						const stInput = yield* Schema.decodeUnknown(StructuredTextWriteInput)(scopeStructuredTextIds(localeValue, `${field.api_key}:${localeCode}`)).pipe(Effect.mapError((e) => new ValidationError({
+							message: `Invalid StructuredText for field '${field.api_key}' locale '${localeCode}': ${e.message}`,
+							field: field.api_key
+						})));
+						const allowedBlockTypes = getBlockWhitelist(field.validators);
+						const blocksOnly = getBlocksOnly(field.validators);
+						nextLocaleMap[localeCode] = yield* writeStructuredText({
+							rootModelApiKey: model.api_key,
+							fieldApiKey: field.api_key,
+							rootFieldStorageKey: getStructuredTextStorageKey(field.api_key, localeCode),
+							rootRecordId: id,
+							value: stInput.value,
+							blocks: stInput.blocks,
+							allowedBlockTypes: allowedBlockTypes ?? [],
+							blocksOnly
+						});
+					}
+					data[field.api_key] = nextLocaleMap;
+					updates[field.api_key] = nextLocaleMap;
+					continue;
+				}
+				const stInput = yield* Schema.decodeUnknown(StructuredTextWriteInput)(data[field.api_key]).pipe(Effect.mapError((e) => new ValidationError({
+					message: `Invalid StructuredText for field '${field.api_key}': ${e.message}`,
+					field: field.api_key
+				})));
+				yield* deleteBlocksForField({
+					rootRecordId: id,
+					fieldApiKey: field.api_key
+				});
+				const allowedBlockTypes = getBlockWhitelist(field.validators);
+				const blocksOnly = getBlocksOnly(field.validators);
+				const dast = yield* writeStructuredText({
+					rootModelApiKey: model.api_key,
+					fieldApiKey: field.api_key,
+					rootRecordId: id,
+					value: stInput.value,
+					blocks: stInput.blocks,
+					allowedBlockTypes: allowedBlockTypes ?? [],
+					blocksOnly
+				});
+				data[field.api_key] = dast;
+			}
+			if (field.field_type === "slug" && data[field.api_key] !== void 0 && data[field.api_key] !== null) {
+				const sourceFieldKey = getSlugSource(field.validators);
+				const sourceValue = sourceFieldKey ? toSlugSourceString(data[sourceFieldKey]) : null;
+				const currentValue = toSlugSourceString(data[field.api_key]);
+				if (sourceValue && !currentValue) data[field.api_key] = generateSlug(sourceValue);
+				else if (currentValue) data[field.api_key] = generateSlug(currentValue);
+				let slug = String(data[field.api_key]);
+				const baseSlug = slug;
+				let suffix = 1;
+				for (;;) {
+					if ((yield* sql.unsafe(`SELECT id FROM "${tableName}" WHERE "${field.api_key}" = ? AND id != ?`, [slug, id])).length === 0) break;
+					suffix++;
+					slug = `${baseSlug}-${suffix}`;
+				}
+				data[field.api_key] = slug;
+			}
+			if (isFieldType(field.field_type) && data[field.api_key] !== void 0 && data[field.api_key] !== null) {
+				const fieldDef = getFieldTypeDef(field.field_type);
+				if (field.field_type === "media" && isMistakenMediaObject(data[field.api_key])) return yield* new ValidationError({
+					message: `Invalid media for field '${field.api_key}': use an asset ID string or {"upload_id":"<asset_id>"}, not {"id":"..."}`,
+					field: field.api_key
+				});
+				if (field.field_type === "link" && isMistakenLinkObject(data[field.api_key])) return yield* new ValidationError({
+					message: `Invalid link for field '${field.api_key}': use a record ID string, not {"id":"..."}`,
+					field: field.api_key
+				});
+				if (field.field_type === "links" && hasMistakenLinkObject(data[field.api_key])) return yield* new ValidationError({
+					message: `Invalid links for field '${field.api_key}': use an array of record ID strings, not objects like {"id":"..."}`,
+					field: field.api_key
+				});
+				if (!field.localized && isLocalizedValueMap(data[field.api_key])) return yield* new ValidationError({
+					message: `Field '${field.api_key}' is not localized and cannot accept locale-keyed values`,
+					field: field.api_key
+				});
+				if (fieldDef.inputSchema) if (field.localized) {
+					const localeMap = yield* decodeLocalizedFieldMap(field, data[field.api_key]);
+					const nextLocaleMap = {
+						...parseExistingLocaleMap(existing[field.api_key]),
+						...localeMap
+					};
+					for (const [localeCode, localeValue] of Object.entries(localeMap)) {
+						if (localeValue === null) continue;
+						yield* Schema.decodeUnknown(fieldDef.inputSchema)(localeValue).pipe(Effect.mapError((e) => new ValidationError({
+							message: `Invalid ${field.field_type} for field '${field.api_key}' locale '${localeCode}': ${e.message}`,
+							field: field.api_key
+						})));
+					}
+					data[field.api_key] = nextLocaleMap;
+				} else yield* Schema.decodeUnknown(fieldDef.inputSchema)(data[field.api_key]).pipe(Effect.mapError((e) => new ValidationError({
+					message: `Invalid ${field.field_type} for field '${field.api_key}': ${e.message}`,
+					field: field.api_key
+				})));
+			}
+			if ((field.field_type === "media" || field.field_type === "media_gallery" || field.field_type === "seo") && data[field.api_key] !== void 0 && data[field.api_key] !== null) if (field.localized) {
+				const localeMap = yield* decodeLocalizedFieldMap(field, data[field.api_key]);
+				for (const localeValue of Object.values(localeMap)) {
+					if (localeValue === null) continue;
+					yield* validateAssetFieldValue(sql, field, localeValue);
+				}
+			} else yield* validateAssetFieldValue(sql, field, data[field.api_key]);
+			if (field.localized && field.field_type !== "structured_text" && data[field.api_key] !== void 0) {
+				const localeMap = yield* decodeLocalizedFieldMap(field, data[field.api_key]);
+				const existingLocaleMap = parseExistingLocaleMap(existing[field.api_key]);
+				data[field.api_key] = {
+					...existingLocaleMap,
+					...localeMap
+				};
+			}
+			if (data[field.api_key] !== void 0) updates[field.api_key] = data[field.api_key];
+		}
+		const uniqueFieldsTouched = new Set(modelFields.filter((field) => isUnique(field.validators) && data[field.api_key] !== void 0).map((field) => field.api_key));
+		if (uniqueFieldsTouched.size > 0) {
+			const patchUniqueViolations = yield* findUniqueConstraintViolations({
+				tableName,
+				record: {
+					...existing,
+					...updates
+				},
+				fields: modelFields,
+				excludeId: id,
+				onlyFieldApiKeys: uniqueFieldsTouched
+			});
+			if (patchUniqueViolations.length > 0) return yield* new ValidationError({
+				message: `Unique constraint violation for field(s): ${patchUniqueViolations.join(", ")}`,
+				field: patchUniqueViolations[0]
+			});
+		}
+		yield* updateRecord(tableName, id, updates);
+		if (!model.has_draft && hasExplicitDataUpdates) {
+			const updated = yield* selectById(tableName, id);
+			if (updated) {
+				const snap = {};
+				for (const [key, value] of Object.entries(updated)) if (!key.startsWith("_") && key !== "id") snap[key] = value;
+				yield* sql.unsafe(`UPDATE "${tableName}" SET _published_snapshot = ?, _published_at = ?, _published_by = ?, _status = 'published' WHERE id = ?`, [
+					encodeJson(snap),
+					(/* @__PURE__ */ new Date()).toISOString(),
+					actor?.label ?? null,
+					id
+				]);
+			}
+		}
+		yield* reindexRecord(body.modelApiKey, id, modelFields).pipe(Effect.ignore);
+		yield* fireHook("onRecordUpdate", {
+			modelApiKey: body.modelApiKey,
+			recordId: id
+		});
+		const updated = yield* selectById(tableName, id);
+		return updated ? normalizeBooleanFields(updated, modelFields) : null;
+	}).pipe(Effect.withSpan("record.patch"), Effect.annotateSpans({
+		modelApiKey: body.modelApiKey,
+		recordId: id,
+		actorType: actor?.type ?? "anonymous"
+	}));
+}
+function removeRecord(modelApiKey, id) {
+	return Effect.gen(function* () {
+		if (!modelApiKey) return yield* new ValidationError({ message: "modelApiKey query parameter is required" });
+		const model = yield* getModelByApiKey(modelApiKey);
+		if (!model) return yield* new NotFoundError({
+			entity: "Model",
+			id: modelApiKey
+		});
+		const tableName = `content_${model.api_key}`;
+		if (!(yield* selectById(tableName, id))) return yield* new NotFoundError({
+			entity: "Record",
+			id
+		});
+		const sql = yield* SqlClient.SqlClient;
+		const blockModels = yield* sql.unsafe("SELECT api_key FROM models WHERE is_block = 1");
+		for (const bm of blockModels) yield* sql.unsafe(`DELETE FROM "block_${bm.api_key}" WHERE _root_record_id = ?`, [id]);
+		yield* deleteRecord(tableName, id);
+		yield* deleteVersionsForRecord(modelApiKey, id).pipe(Effect.ignore);
+		yield* deindexRecord(modelApiKey, id).pipe(Effect.ignore);
+		yield* fireHook("onRecordDelete", {
+			modelApiKey,
+			recordId: id
+		});
+		return { deleted: true };
+	});
+}
+/**
+* Bulk create records in a single operation.
+* All records must belong to the same model. Runs in a logical batch
+* (individual inserts, but avoids per-record overhead of schema lookups).
+*/
+function bulkCreateRecords({ modelApiKey, records }, actor) {
+	return Effect.gen(function* () {
+		if (records.length === 0) return yield* new ValidationError({ message: "records must be a non-empty array" });
+		if (records.length > 1e3) return yield* new ValidationError({ message: "Maximum 1000 records per bulk operation" });
+		const model = yield* getModelByApiKey(modelApiKey);
+		if (!model) return yield* new NotFoundError({
+			entity: "Model",
+			id: modelApiKey
+		});
+		if (model.is_block) return yield* new ValidationError({ message: "Cannot create records for block types directly" });
+		if (model.singleton) return yield* new ValidationError({ message: "Cannot bulk create on singleton models" });
+		const tableName = `content_${model.api_key}`;
+		const modelFields = yield* getModelFields(model.id);
+		const sql = yield* SqlClient.SqlClient;
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		const initialStatus = model.has_draft ? "draft" : "published";
+		const created = [];
+		let nextPosition = 0;
+		if (model.sortable || model.tree) nextPosition = ((yield* sql.unsafe(`SELECT MAX("_position") as max_pos FROM "${tableName}"`))[0]?.max_pos ?? -1) + 1;
+		for (let idx = 0; idx < records.length; idx++) {
+			const data = { ...records[idx] };
+			if (!model.has_draft) {
+				for (const field of modelFields) if (isRequired(field.validators) && (data[field.api_key] === void 0 || data[field.api_key] === null || data[field.api_key] === "")) return yield* new ValidationError({
+					message: `Record ${idx}: field '${field.api_key}' is required`,
+					field: field.api_key
+				});
+			}
+			const requestedId = typeof data.id === "string" && data.id.trim().length > 0 ? data.id : void 0;
+			if (requestedId) delete data.id;
+			const id = requestedId ?? generateId();
+			if ((yield* sql.unsafe(`SELECT id FROM "${tableName}" WHERE id = ?`, [id])).length > 0) return yield* new DuplicateError({ message: `Record ${idx}: id '${id}' already exists on model '${modelApiKey}'` });
+			const record = {
+				id,
+				_status: initialStatus,
+				_created_at: now,
+				_updated_at: now,
+				...!model.has_draft ? {
+					_published_at: now,
+					_first_published_at: now
+				} : {}
+			};
+			applyActorColumns(record, actor, {
+				created: true,
+				updated: true,
+				published: !model.has_draft
+			});
+			applyRecordOverrides(record, void 0);
+			if (model.sortable || model.tree) record._position = nextPosition++;
+			yield* processCreateLikeRecordFields({
+				modelApiKey: model.api_key,
+				tableName,
+				recordId: id,
+				data,
+				record,
+				modelFields,
+				errorPrefix: `Record ${idx}`
+			});
+			yield* insertRecord(tableName, record);
+			yield* indexRecord(modelApiKey, id, record, modelFields).pipe(Effect.ignore);
+			yield* fireHook("onRecordCreate", {
+				modelApiKey,
+				recordId: id
+			});
+			created.push({ id });
+		}
+		return {
+			created: created.length,
+			records: created
+		};
+	});
+}
+function isStructuredTextEnvelopeLike(value) {
+	return isJsonRecord(value) && "value" in value && isJsonRecord(value.blocks);
+}
+function getPrunableDast(value) {
+	if (!isJsonRecord(value)) return null;
+	if (typeof value.schema !== "string") return null;
+	if (!isJsonRecord(value.document)) return null;
+	if (typeof value.document.type !== "string") return null;
+	if (!Array.isArray(value.document.children)) return null;
+	return {
+		schema: value.schema,
+		document: {
+			type: value.document.type,
+			children: value.document.children
+		}
+	};
+}
+function applyPatchToNestedStructuredText(target, blockId, patchValue) {
+	let matches = 0;
+	const visitObject = (value) => {
+		for (const nestedValue of Object.values(value)) {
+			if (isStructuredTextEnvelopeLike(nestedValue)) {
+				const blocks = nestedValue.blocks;
+				if (Object.hasOwn(blocks, blockId)) {
+					matches++;
+					if (patchValue === null) {
+						delete blocks[blockId];
+						const dast = getPrunableDast(nestedValue.value);
+						if (dast) nestedValue.value = pruneBlockNodes(dast, new Set([blockId]));
+					} else if (typeof patchValue === "string") {} else if (isJsonRecord(patchValue)) {
+						const existingBlock = blocks[blockId];
+						if (isJsonRecord(existingBlock)) blocks[blockId] = {
+							...existingBlock,
+							...patchValue
+						};
+					}
+				}
+				for (const childBlock of Object.values(blocks)) if (isJsonRecord(childBlock)) visitObject(childBlock);
+				continue;
+			}
+			if (isJsonRecord(nestedValue)) visitObject(nestedValue);
+		}
+	};
+	visitObject(target);
+	return {
+		applied: matches > 0,
+		ambiguous: matches > 1
+	};
+}
+/**
+* Partial block update for a structured text field.
+*
+* Patch map semantics:
+* - Key with string value (equal to the block ID) → keep block unchanged
+* - Key with object value → partial merge into existing block (only specified fields updated)
+* - Key with null → delete block and prune from DAST
+* - Key absent from patch → keep block unchanged
+*
+* Optionally accepts a new DAST `value`. If omitted, keeps existing DAST
+* (with deleted blocks auto-pruned).
+*/
+function patchBlocksForField(body, actor) {
+	return Effect.gen(function* () {
+		const model = yield* getModelByApiKey(body.modelApiKey);
+		if (!model) return yield* new NotFoundError({
+			entity: "Model",
+			id: body.modelApiKey
+		});
+		const tableName = `content_${model.api_key}`;
+		const existing = yield* selectById(tableName, body.recordId);
+		if (!existing) return yield* new NotFoundError({
+			entity: "Record",
+			id: body.recordId
+		});
+		const modelFields = yield* getModelFields(model.id);
+		const field = modelFields.find((f) => f.api_key === body.fieldApiKey);
+		if (!field) return yield* new NotFoundError({
+			entity: "Field",
+			id: body.fieldApiKey
+		});
+		if (field.field_type !== "structured_text") return yield* new ValidationError({
+			message: `Field '${body.fieldApiKey}' is not a structured_text field`,
+			field: body.fieldApiKey
+		});
+		const existingEnvelope = yield* materializeStructuredTextValue({
+			allowedBlockApiKeys: getBlockWhitelist(field.validators) ?? [],
+			parentContainerModelApiKey: model.api_key,
+			parentBlockId: null,
+			parentFieldApiKey: field.api_key,
+			rootRecordId: body.recordId,
+			rootFieldApiKey: field.api_key,
+			rawValue: existing[field.api_key]
+		});
+		if (!existingEnvelope) return yield* new ValidationError({
+			message: `Field '${body.fieldApiKey}' has no structured text content to patch`,
+			field: body.fieldApiKey
+		});
+		const existingBlocks = existingEnvelope.blocks;
+		const blockIdsToDelete = /* @__PURE__ */ new Set();
+		const mergedBlocks = {};
+		for (const [blockId, blockData] of Object.entries(existingBlocks)) mergedBlocks[blockId] = blockData;
+		for (const [blockId, patchValue] of Object.entries(body.blocks)) if (patchValue === null) {
+			if (Object.hasOwn(existingBlocks, blockId)) {
+				blockIdsToDelete.add(blockId);
+				delete mergedBlocks[blockId];
+				continue;
+			}
+			let nestedMatched = false;
+			for (const topLevelBlock of Object.values(mergedBlocks)) {
+				const result = applyPatchToNestedStructuredText(topLevelBlock, blockId, patchValue);
+				if (result.ambiguous) return yield* new ValidationError({
+					message: `Block '${blockId}' matched multiple nested structured_text locations in field '${body.fieldApiKey}'. Patch the parent block explicitly instead.`,
+					field: body.fieldApiKey
+				});
+				nestedMatched = nestedMatched || result.applied;
+			}
+			if (!nestedMatched) return yield* new ValidationError({
+				message: `Block '${blockId}' does not exist in field '${body.fieldApiKey}'.`,
+				field: body.fieldApiKey
+			});
+		} else if (typeof patchValue === "string") {
+			if (!Object.hasOwn(existingBlocks, blockId)) {
+				let nestedMatched = false;
+				for (const topLevelBlock of Object.values(mergedBlocks)) {
+					const result = applyPatchToNestedStructuredText(topLevelBlock, blockId, patchValue);
+					if (result.ambiguous) return yield* new ValidationError({
+						message: `Block '${blockId}' matched multiple nested structured_text locations in field '${body.fieldApiKey}'. Patch the parent block explicitly instead.`,
+						field: body.fieldApiKey
+					});
+					nestedMatched = nestedMatched || result.applied;
+				}
+				if (!nestedMatched) return yield* new ValidationError({
+					message: `Block '${blockId}' does not exist in field '${body.fieldApiKey}'.`,
+					field: body.fieldApiKey
+				});
+			}
+		} else if (typeof patchValue === "object" && !Array.isArray(patchValue)) {
+			if (!Object.hasOwn(existingBlocks, blockId)) {
+				let nestedMatched = false;
+				for (const topLevelBlock of Object.values(mergedBlocks)) {
+					const result = applyPatchToNestedStructuredText(topLevelBlock, blockId, patchValue);
+					if (result.ambiguous) return yield* new ValidationError({
+						message: `Block '${blockId}' matched multiple nested structured_text locations in field '${body.fieldApiKey}'. Patch the parent block explicitly instead.`,
+						field: body.fieldApiKey
+					});
+					nestedMatched = nestedMatched || result.applied;
+				}
+				if (!nestedMatched) return yield* new ValidationError({
+					message: `Block '${blockId}' does not exist in field '${body.fieldApiKey}'.`,
+					field: body.fieldApiKey
+				});
+				continue;
+			}
+			const existingBlock = existingBlocks[blockId];
+			if (!isJsonRecord(existingBlock)) return yield* new ValidationError({
+				message: `Block '${blockId}' has invalid stored data and cannot be patched.`,
+				field: body.fieldApiKey
+			});
+			mergedBlocks[blockId] = {
+				...existingBlock,
+				...patchValue
+			};
+		} else return yield* new ValidationError({
+			message: `Invalid patch value for block '${blockId}': expected string, object, or null`,
+			field: body.fieldApiKey
+		});
+		let finalDastValue;
+		if (body.value !== void 0) finalDastValue = body.value;
+		else if (blockIdsToDelete.size > 0) {
+			const existingDast = existingEnvelope.value;
+			finalDastValue = pruneBlockNodes(existingDast, blockIdsToDelete);
+		} else finalDastValue = existingEnvelope.value;
+		yield* deleteBlocksForField({
+			rootRecordId: body.recordId,
+			fieldApiKey: field.api_key
+		});
+		const allowedBlockTypes = getBlockWhitelist(field.validators);
+		const blocksOnly = getBlocksOnly(field.validators);
+		const dast = yield* writeStructuredText({
+			rootModelApiKey: model.api_key,
+			fieldApiKey: field.api_key,
+			rootRecordId: body.recordId,
+			value: finalDastValue,
+			blocks: mergedBlocks,
+			allowedBlockTypes: allowedBlockTypes ?? [],
+			blocksOnly
+		});
+		const sql = yield* SqlClient.SqlClient;
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		yield* sql.unsafe(`UPDATE "${tableName}" SET "${field.api_key}" = ?, _updated_at = ?, _updated_by = ? WHERE id = ?`, [
+			encodeJson(dast),
+			now,
+			actor?.label ?? null,
+			body.recordId
+		]);
+		if (isContentRow(existing) && existing._status === "published" && model.has_draft) yield* sql.unsafe(`UPDATE "${tableName}" SET _status = 'updated' WHERE id = ?`, [body.recordId]);
+		if (!model.has_draft) {
+			if (existing._published_snapshot) {
+				const prevSnapshot = typeof existing._published_snapshot === "string" ? existing._published_snapshot : encodeJson(existing._published_snapshot);
+				yield* createVersion(body.modelApiKey, body.recordId, prevSnapshot, {
+					action: "auto_republish",
+					actor
+				});
+			}
+			const updated = yield* selectById(tableName, body.recordId);
+			if (updated) {
+				const snap = {};
+				for (const [key, value] of Object.entries(updated)) if (!key.startsWith("_") && key !== "id") snap[key] = value;
+				yield* sql.unsafe(`UPDATE "${tableName}" SET _published_snapshot = ?, _published_at = ?, _published_by = ?, _status = 'published' WHERE id = ?`, [
+					encodeJson(snap),
+					now,
+					actor?.label ?? null,
+					body.recordId
+				]);
+			}
+		}
+		yield* reindexRecord(body.modelApiKey, body.recordId, modelFields).pipe(Effect.ignore);
+		yield* fireHook("onRecordUpdate", {
+			modelApiKey: body.modelApiKey,
+			recordId: body.recordId
+		});
+		const updatedRecord = yield* selectById(tableName, body.recordId);
+		if (!updatedRecord) return null;
+		return yield* materializeRecordStructuredTextFields({
+			modelApiKey: model.api_key,
+			record: normalizeBooleanFields(updatedRecord, modelFields),
+			fields: modelFields
+		});
+	});
+}
+/**
+* Reorder records for a sortable/tree model.
+* Accepts an ordered array of record IDs — sets _position = index.
+*/
+function reorderRecords(modelApiKey, recordIds, actor) {
+	return Effect.gen(function* () {
+		const model = yield* getModelByApiKey(modelApiKey);
+		if (!model) return yield* new NotFoundError({
+			entity: "Model",
+			id: modelApiKey
+		});
+		if (!model.sortable && !model.tree) return yield* new ValidationError({ message: `Model '${modelApiKey}' is not sortable` });
+		const sql = yield* SqlClient.SqlClient;
+		const tableName = `content_${model.api_key}`;
+		for (let i = 0; i < recordIds.length; i++) yield* sql.unsafe(`UPDATE "${tableName}" SET "_position" = ?, "_updated_at" = ?, "_updated_by" = ? WHERE id = ?`, [
+			i,
+			(/* @__PURE__ */ new Date()).toISOString(),
+			actor?.label ?? null,
+			recordIds[i]
+		]);
+		return { reordered: recordIds.length };
+	});
+}
+//#endregion
+//#region src/services/publish-service.ts
+function publishRecord(modelApiKey, recordId, actor) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const models = yield* sql.unsafe("SELECT * FROM models WHERE api_key = ? AND is_block = 0", [modelApiKey]);
+		if (models.length === 0) return yield* new NotFoundError({
+			entity: "Model",
+			id: modelApiKey
+		});
+		const model = models[0];
+		const tableName = `content_${model.api_key}`;
+		const record = yield* selectById(tableName, recordId);
+		if (!record) return yield* new NotFoundError({
+			entity: "Record",
+			id: recordId
+		});
+		const parsedFields = (yield* sql.unsafe("SELECT * FROM fields WHERE model_id = ? ORDER BY position", [model.id])).map(parseFieldValidators);
+		const localeRows = yield* sql.unsafe("SELECT code FROM locales ORDER BY position", []);
+		const { valid, missingFields } = computeIsValid(record, parsedFields, localeRows.length > 0 ? localeRows[0].code : null, model.all_locales_required && localeRows.length > 0 ? localeRows.map((l) => l.code) : void 0);
+		const uniqueViolations = yield* findUniqueConstraintViolations({
+			tableName,
+			record,
+			fields: parsedFields,
+			excludeId: recordId
+		});
+		if (!valid || uniqueViolations.length > 0) return yield* new ValidationError({ message: `Cannot publish: invalid fields: ${[...missingFields.map((field) => `${field} (required)`), ...uniqueViolations.map((field) => `${field} (unique)`)].join(", ")}` });
+		const materialized = yield* materializeRecordStructuredTextFields({
+			modelApiKey,
+			record,
+			fields: parsedFields
+		});
+		if (record._published_snapshot) yield* createVersion(modelApiKey, recordId, typeof record._published_snapshot === "string" ? record._published_snapshot : encodeJson(record._published_snapshot), {
+			action: "publish",
+			actor
+		});
+		const snapshot = {};
+		for (const [key, value] of Object.entries(materialized)) if (!key.startsWith("_") && key !== "id") snapshot[key] = value;
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		yield* sql.unsafe(`UPDATE "${tableName}" SET _status = 'published', _published_at = ?, _first_published_at = COALESCE(_first_published_at, ?), _published_snapshot = ?, _updated_at = ?, _updated_by = ?, _published_by = ?, _scheduled_publish_at = NULL WHERE id = ?`, [
+			now,
+			now,
+			encodeJson(snapshot),
+			now,
+			actor?.label ?? null,
+			actor?.label ?? null,
+			recordId
+		]);
+		yield* fireHook("onPublish", {
+			modelApiKey,
+			recordId
+		});
+		return yield* getRecord(modelApiKey, recordId);
+	}).pipe(Effect.withSpan("record.publish"), Effect.annotateSpans({
+		modelApiKey,
+		recordId,
+		actorType: actor?.type ?? "anonymous"
+	}));
+}
+function bulkPublishRecords(modelApiKey, recordIds, actor) {
+	return Effect.all(recordIds.map((recordId) => publishRecord(modelApiKey, recordId, actor)), { concurrency: "unbounded" }).pipe(Effect.withSpan("record.bulk_publish"), Effect.annotateSpans({
+		modelApiKey,
+		recordCount: String(recordIds.length),
+		actorType: actor?.type ?? "anonymous"
+	}));
+}
+function bulkUnpublishRecords(modelApiKey, recordIds, actor) {
+	return Effect.all(recordIds.map((recordId) => unpublishRecord(modelApiKey, recordId, actor)), { concurrency: "unbounded" }).pipe(Effect.withSpan("record.bulk_unpublish"), Effect.annotateSpans({
+		modelApiKey,
+		recordCount: String(recordIds.length),
+		actorType: actor?.type ?? "anonymous"
+	}));
+}
+function unpublishRecord(modelApiKey, recordId, actor) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const models = yield* sql.unsafe("SELECT * FROM models WHERE api_key = ? AND is_block = 0", [modelApiKey]);
+		if (models.length === 0) return yield* new NotFoundError({
+			entity: "Model",
+			id: modelApiKey
+		});
+		const tableName = `content_${models[0].api_key}`;
+		if (!(yield* selectById(tableName, recordId))) return yield* new NotFoundError({
+			entity: "Record",
+			id: recordId
+		});
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		yield* sql.unsafe(`UPDATE "${tableName}" SET _status = 'draft', _published_snapshot = NULL, _updated_at = ?, _updated_by = ?, _scheduled_unpublish_at = NULL WHERE id = ?`, [
+			now,
+			actor?.label ?? null,
+			recordId
+		]);
+		yield* fireHook("onUnpublish", {
+			modelApiKey,
+			recordId
+		});
+		return yield* getRecord(modelApiKey, recordId);
+	}).pipe(Effect.withSpan("record.unpublish"), Effect.annotateSpans({
+		modelApiKey,
+		recordId,
+		actorType: actor?.type ?? "anonymous"
+	}));
+}
+//#endregion
+//#region src/services/asset-service.ts
+var AssetImportContext = class extends Context.Tag("AssetImportContext")() {};
+const MAX_REMOTE_ASSET_BYTES = 25 * 1024 * 1024;
+const MAX_REMOTE_ASSET_REDIRECTS = 5;
+function getAssetBasename(filename) {
+	const lastDot = filename.lastIndexOf(".");
+	return lastDot > 0 ? filename.slice(0, lastDot) : filename;
+}
+function getAssetFormat(filename, mimeType) {
+	const lastDot = filename.lastIndexOf(".");
+	if (lastDot > 0 && lastDot < filename.length - 1) return filename.slice(lastDot + 1).toLowerCase();
+	return mimeType.split("/")[1]?.toLowerCase() ?? "bin";
+}
+function normalizeHostname(hostname) {
+	return hostname.replace(/^\[|\]$/g, "").toLowerCase();
+}
+function isPrivateIpv4(hostname) {
+	if (!/^\d{1,3}(?:\.\d{1,3}){3}$/.test(hostname)) return false;
+	const octets = hostname.split(".").map(Number);
+	if (octets.some((octet) => Number.isNaN(octet) || octet < 0 || octet > 255)) return false;
+	return octets[0] === 10 || octets[0] === 127 || octets[0] === 169 && octets[1] === 254 || octets[0] === 172 && octets[1] >= 16 && octets[1] <= 31 || octets[0] === 192 && octets[1] === 168;
+}
+function isPrivateIpv6(hostname) {
+	const normalized = normalizeHostname(hostname);
+	return normalized === "::1" || normalized.startsWith("fc") || normalized.startsWith("fd") || normalized.startsWith("fe80:");
+}
+function isBlockedHostname(hostname) {
+	const normalized = normalizeHostname(hostname);
+	return normalized === "localhost" || normalized.endsWith(".localhost") || normalized.endsWith(".local") || normalized.endsWith(".internal") || isPrivateIpv4(normalized) || isPrivateIpv6(normalized);
+}
+function validateRemoteAssetUrl(input) {
+	return Effect.try({
+		try: () => new URL(input),
+		catch: () => new ValidationError({ message: "Asset URL must be a valid http:// or https:// URL" })
+	}).pipe(Effect.flatMap((url) => {
+		if (url.protocol !== "http:" && url.protocol !== "https:") return new ValidationError({ message: "Asset URL must use http:// or https://" });
+		if (!url.hostname || isBlockedHostname(url.hostname)) return new ValidationError({ message: `Asset URL host is not allowed: ${url.hostname || "<empty>"}` });
+		if (url.username || url.password) return new ValidationError({ message: "Asset URL must not contain embedded credentials" });
+		return Effect.succeed(url);
+	}));
+}
+function parseContentLength(header) {
+	if (!header) return null;
+	const parsed = Number(header);
+	return Number.isFinite(parsed) && parsed >= 0 ? parsed : null;
+}
+function isRedirectStatus(status) {
+	return status === 301 || status === 302 || status === 303 || status === 307 || status === 308;
+}
+function fetchRemoteAsset(url, fetchFn) {
+	return Effect.gen(function* () {
+		let currentUrl = url;
+		for (let redirectCount = 0; redirectCount <= MAX_REMOTE_ASSET_REDIRECTS; redirectCount += 1) {
+			const response = yield* Effect.tryPromise({
+				try: () => fetchFn(currentUrl, { redirect: "manual" }),
+				catch: () => new ValidationError({ message: `Failed to fetch asset URL: ${currentUrl}` })
+			});
+			if (!isRedirectStatus(response.status)) return {
+				response,
+				resolvedUrl: currentUrl
+			};
+			const location = response.headers.get("location");
+			if (!location) return yield* new ValidationError({ message: `Asset URL redirect is missing a Location header: ${currentUrl}` });
+			if (redirectCount === MAX_REMOTE_ASSET_REDIRECTS) return yield* new ValidationError({ message: `Asset URL redirected too many times (>${MAX_REMOTE_ASSET_REDIRECTS}): ${url}` });
+			currentUrl = yield* validateRemoteAssetUrl(new URL(location, currentUrl).toString());
+		}
+		return yield* new ValidationError({ message: `Failed to resolve asset URL: ${url}` });
+	});
+}
+function readResponseBytes(response, url) {
+	return Effect.gen(function* () {
+		const contentLength = parseContentLength(response.headers.get("content-length"));
+		if (contentLength !== null && contentLength > MAX_REMOTE_ASSET_BYTES) return yield* new ValidationError({ message: `Asset URL is too large to import (${contentLength} bytes > ${MAX_REMOTE_ASSET_BYTES} byte limit)` });
+		if (!response.body) return new Uint8Array();
+		const reader = response.body.getReader();
+		const chunks = [];
+		let total = 0;
+		let done = false;
+		while (!done) {
+			const chunk = yield* Effect.tryPromise({
+				try: () => reader.read(),
+				catch: () => new ValidationError({ message: `Failed to read asset bytes from: ${url}` })
+			});
+			if (chunk.done) {
+				done = true;
+				continue;
+			}
+			const value = chunk.value;
+			total += value.byteLength;
+			if (total > MAX_REMOTE_ASSET_BYTES) return yield* new ValidationError({ message: `Asset URL is too large to import (${total} bytes > ${MAX_REMOTE_ASSET_BYTES} byte limit)` });
+			chunks.push(value);
+		}
+		const bytes = new Uint8Array(total);
+		let offset = 0;
+		for (const chunk of chunks) {
+			bytes.set(chunk, offset);
+			offset += chunk.byteLength;
+		}
+		return bytes;
+	});
+}
+function inferFilename(input) {
+	if (input.filename && input.filename.length > 0) return input.filename;
+	const candidate = new URL(input.url).pathname.split("/").filter(Boolean).at(-1);
+	if (candidate && candidate.length > 0) return decodeURIComponent(candidate);
+	return input.mimeType?.startsWith("image/") ? `asset.${input.mimeType.slice(6)}` : "asset.bin";
+}
+function createAsset(body, actor) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		const id = body.id ?? generateId();
+		if ((yield* sql.unsafe("SELECT id FROM assets WHERE id = ?", [id])).length > 0) return yield* new ValidationError({ message: `Asset with id '${id}' already exists` });
+		yield* sql.unsafe(`INSERT INTO assets (id, filename, basename, format, mime_type, size, width, height, alt, title, r2_key, blurhash, colors, focal_point, tags, created_at, updated_at, created_by, updated_by)
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`, [
+			id,
+			body.filename,
+			getAssetBasename(body.filename),
+			getAssetFormat(body.filename, body.mimeType),
+			body.mimeType,
+			body.size,
+			body.width ?? null,
+			body.height ?? null,
+			body.alt ?? null,
+			body.title ?? null,
+			body.r2Key ?? `uploads/${id}/${body.filename}`,
+			body.blurhash ?? null,
+			body.colors ? encodeJson(body.colors) : null,
+			body.focalPoint ? encodeJson(body.focalPoint) : null,
+			encodeJson(body.tags),
+			now,
+			now,
+			actor?.label ?? null,
+			actor?.label ?? null
+		]);
+		return {
+			id,
+			filename: body.filename,
+			mimeType: body.mimeType,
+			size: body.size,
+			width: body.width,
+			height: body.height,
+			alt: body.alt,
+			title: body.title,
+			r2Key: body.r2Key ?? `uploads/${id}/${body.filename}`,
+			createdAt: now,
+			updatedAt: now,
+			createdBy: actor?.label ?? null,
+			updatedBy: actor?.label ?? null
+		};
+	}).pipe(Effect.withSpan("asset.create"), Effect.annotateSpans({
+		assetId: body.id ?? "",
+		filename: body.filename,
+		actorType: actor?.type ?? "anonymous"
+	}));
+}
+function listAssets() {
+	return Effect.gen(function* () {
+		return yield* (yield* SqlClient.SqlClient).unsafe("SELECT * FROM assets ORDER BY created_at DESC");
+	});
+}
+function getAsset(id) {
+	return Effect.gen(function* () {
+		const rows = yield* (yield* SqlClient.SqlClient).unsafe("SELECT * FROM assets WHERE id = ?", [id]);
+		if (rows.length === 0) return yield* new NotFoundError({
+			entity: "Asset",
+			id
+		});
+		return rows[0];
+	});
+}
+/**
+* Replace an asset's file while keeping the same ID and URL.
+* Updates metadata (filename, mimeType, size, dimensions, r2Key) but the asset ID
+* and all content references remain stable. DatoCMS can't do this (imgix regenerates URLs).
+*/
+function replaceAsset(id, body, actor) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const rows = yield* sql.unsafe("SELECT * FROM assets WHERE id = ?", [id]);
+		if (rows.length === 0) return yield* new NotFoundError({
+			entity: "Asset",
+			id
+		});
+		const r2Key = body.r2Key ?? `uploads/${id}/${body.filename}`;
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		yield* sql.unsafe(`UPDATE assets SET filename = ?, basename = ?, format = ?, mime_type = ?, size = ?, width = ?, height = ?,
+       alt = ?, title = ?, r2_key = ?, blurhash = ?, colors = ?, focal_point = ?, tags = ?, updated_at = ?, updated_by = ?
+       WHERE id = ?`, [
+			body.filename,
+			getAssetBasename(body.filename),
+			getAssetFormat(body.filename, body.mimeType),
+			body.mimeType,
+			body.size,
+			body.width ?? null,
+			body.height ?? null,
+			body.alt ?? rows[0].alt,
+			body.title ?? rows[0].title,
+			r2Key,
+			body.blurhash ?? null,
+			body.colors ? encodeJson(body.colors) : null,
+			body.focalPoint ? encodeJson(body.focalPoint) : null,
+			encodeJson(body.tags),
+			now,
+			actor?.label ?? null,
+			id
+		]);
+		return {
+			id,
+			filename: body.filename,
+			mimeType: body.mimeType,
+			size: body.size,
+			width: body.width,
+			height: body.height,
+			alt: body.alt ?? rows[0].alt,
+			title: body.title ?? rows[0].title,
+			r2Key,
+			replaced: true,
+			updatedAt: now,
+			updatedBy: actor?.label ?? null
+		};
+	});
+}
+function searchAssets(opts) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const { query, limit, offset } = opts;
+		if (query) {
+			const pattern = `%${query}%`;
+			const assets = yield* sql.unsafe(`SELECT * FROM assets WHERE filename LIKE ? OR alt LIKE ? OR title LIKE ?
+         ORDER BY created_at DESC LIMIT ? OFFSET ?`, [
+				pattern,
+				pattern,
+				pattern,
+				limit,
+				offset
+			]);
+			const countRows = yield* sql.unsafe(`SELECT COUNT(*) as total FROM assets WHERE filename LIKE ? OR alt LIKE ? OR title LIKE ?`, [
+				pattern,
+				pattern,
+				pattern
+			]);
+			return {
+				assets: Array.from(assets),
+				total: countRows[0]?.total ?? 0
+			};
+		}
+		const assets = yield* sql.unsafe("SELECT * FROM assets ORDER BY created_at DESC LIMIT ? OFFSET ?", [limit, offset]);
+		const countRows = yield* sql.unsafe("SELECT COUNT(*) as total FROM assets");
+		return {
+			assets: Array.from(assets),
+			total: countRows[0]?.total ?? 0
+		};
+	});
+}
+function updateAssetMetadata(id, body, actor) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const rows = yield* sql.unsafe("SELECT * FROM assets WHERE id = ?", [id]);
+		if (rows.length === 0) return yield* new NotFoundError({
+			entity: "Asset",
+			id
+		});
+		const alt = body.alt !== void 0 ? body.alt : rows[0].alt;
+		const title = body.title !== void 0 ? body.title : rows[0].title;
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		yield* sql.unsafe("UPDATE assets SET alt = ?, title = ?, updated_at = ?, updated_by = ? WHERE id = ?", [
+			alt,
+			title,
+			now,
+			actor?.label ?? null,
+			id
+		]);
+		return {
+			id,
+			alt,
+			title,
+			updatedAt: now,
+			updatedBy: actor?.label ?? null
+		};
+	});
+}
+function deleteAsset(id) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		if ((yield* sql.unsafe("SELECT id FROM assets WHERE id = ?", [id])).length === 0) return yield* new NotFoundError({
+			entity: "Asset",
+			id
+		});
+		yield* sql.unsafe("DELETE FROM assets WHERE id = ?", [id]);
+		return { deleted: true };
+	});
+}
+function importAssetFromUrl(input, actor) {
+	return Effect.gen(function* () {
+		const { r2Bucket, fetch } = yield* AssetImportContext;
+		if (!r2Bucket) return yield* new ValidationError({ message: "Asset import requires an R2 bucket binding" });
+		const { response, resolvedUrl } = yield* fetchRemoteAsset(yield* validateRemoteAssetUrl(input.url), fetch);
+		const filename = inferFilename({
+			...input,
+			url: resolvedUrl.toString()
+		});
+		const id = generateId();
+		if (!response.ok) return yield* new ValidationError({ message: `Failed to fetch asset URL: ${resolvedUrl} (${response.status})` });
+		const mimeType = input.mimeType ?? response.headers.get("content-type")?.split(";")[0] ?? "application/octet-stream";
+		const bytes = yield* readResponseBytes(response, resolvedUrl.toString());
+		const r2Key = `uploads/${id}/${filename}`;
+		yield* Effect.tryPromise({
+			try: () => r2Bucket.put(r2Key, bytes, { httpMetadata: { contentType: mimeType } }),
+			catch: () => new ValidationError({ message: `Failed to store asset in R2: ${filename}` })
+		});
+		return yield* createAsset({
+			id,
+			filename,
+			mimeType,
+			size: bytes.byteLength,
+			alt: input.alt,
+			title: input.title,
+			tags: input.tags,
+			r2Key
+		}, actor);
+	}).pipe(Effect.withSpan("asset.import_from_url"), Effect.annotateSpans({
+		url: input.url,
+		actorType: actor?.type ?? "anonymous"
+	}));
+}
+//#endregion
+//#region src/services/schema-lifecycle.ts
+/**
+* Schema lifecycle operations for complex cascading changes.
+* These go beyond simple CRUD and handle content-level cascades.
+*/
+/**
+* P4.4: Remove a block type — scans all StructuredText fields,
+* cleans DAST trees, deletes block rows, drops the block table.
+*/
+function removeBlockType(blockApiKey) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const blockModels = yield* sql.unsafe("SELECT * FROM models WHERE api_key = ? AND is_block = 1", [blockApiKey]);
+		if (blockModels.length === 0) return yield* new NotFoundError({
+			entity: "Block type",
+			id: blockApiKey
+		});
+		const blockModel = blockModels[0];
+		const affectedFields = (yield* sql.unsafe("SELECT * FROM fields WHERE field_type = 'structured_text'")).filter((f) => {
+			const allowedBlocks = decodeJsonRecordStringOr(f.validators || "{}", {}).structured_text_blocks;
+			return Array.isArray(allowedBlocks) && allowedBlocks.includes(blockApiKey);
+		});
+		for (const field of affectedFields) {
+			const model = yield* sql.unsafe("SELECT * FROM models WHERE id = ?", [field.model_id]);
+			if (model.length === 0) continue;
+			const tableName = model[0].is_block ? `block_${model[0].api_key}` : `content_${model[0].api_key}`;
+			const records = yield* sql.unsafe(`SELECT id, "${field.api_key}", _published_snapshot FROM "${tableName}" WHERE "${field.api_key}" IS NOT NULL OR _published_snapshot IS NOT NULL`);
+			for (const record of records) {
+				const blockIds = yield* sql.unsafe(`SELECT id FROM "block_${blockApiKey}" WHERE _root_record_id = ? AND _root_field_api_key = ?`, [record.id, field.api_key]);
+				const blockIdSet = new Set(blockIds.map((b) => b.id));
+				if (blockIdSet.size > 0) {
+					const dast = decodeJsonIfString(record[field.api_key]);
+					if (dast?.document?.children) {
+						const cleaned = removeBlockNodesFromDast(dast, blockIdSet);
+						yield* sql.unsafe(`UPDATE "${tableName}" SET "${field.api_key}" = ? WHERE id = ?`, [encodeJson(cleaned), record.id]);
+					}
+					yield* cleanPublishedSnapshot(sql, tableName, String(record.id), field.api_key, blockIdSet);
+				}
+			}
+			const validators = decodeJsonRecordStringOr(field.validators || "{}", {});
+			validators.structured_text_blocks = (Array.isArray(validators.structured_text_blocks) ? validators.structured_text_blocks.filter((b) => typeof b === "string") : []).filter((b) => b !== blockApiKey);
+			yield* sql.unsafe("UPDATE fields SET validators = ? WHERE id = ?", [encodeJson(validators), field.id]);
+		}
+		yield* sql.unsafe(`DELETE FROM "block_${blockApiKey}"`);
+		yield* dropTableSql(`block_${blockApiKey}`);
+		yield* sql.unsafe("DELETE FROM fields WHERE model_id = ?", [blockModel.id]);
+		yield* sql.unsafe("DELETE FROM models WHERE id = ?", [blockModel.id]);
+		return {
+			deleted: true,
+			affectedFields: affectedFields.length
+		};
+	});
+}
+/**
+* P4.5: Remove a block type from a field's whitelist (without deleting the type).
+* Cleans affected DAST trees by removing block nodes of that type.
+*/
+function removeBlockFromWhitelist(params) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const { fieldId, blockApiKey } = params;
+		const fields = yield* sql.unsafe("SELECT * FROM fields WHERE id = ?", [fieldId]);
+		if (fields.length === 0) return yield* new NotFoundError({
+			entity: "Field",
+			id: fieldId
+		});
+		const field = fields[0];
+		if (field.field_type !== "structured_text") return yield* new ValidationError({ message: "Field is not a structured_text field" });
+		const validators = decodeJsonRecordStringOr(field.validators || "{}", {});
+		const whitelist = Array.isArray(validators.structured_text_blocks) ? validators.structured_text_blocks.filter((b) => typeof b === "string") : [];
+		if (!whitelist.includes(blockApiKey)) return yield* new ValidationError({ message: `Block type '${blockApiKey}' is not in this field's whitelist` });
+		const model = yield* sql.unsafe("SELECT * FROM models WHERE id = ?", [field.model_id]);
+		if (model.length === 0) return yield* new NotFoundError({
+			entity: "Model",
+			id: field.model_id
+		});
+		const tableName = model[0].is_block ? `block_${model[0].api_key}` : `content_${model[0].api_key}`;
+		const blockIds = yield* sql.unsafe(`SELECT id FROM "block_${blockApiKey}" WHERE _root_field_api_key = ? AND _root_record_id IN (SELECT id FROM "${tableName}")`, [field.api_key]);
+		const blockIdSet = new Set(blockIds.map((b) => b.id));
+		let cleanedRecords = 0;
+		if (blockIdSet.size > 0) {
+			const records = yield* sql.unsafe(`SELECT id, "${field.api_key}", _published_snapshot FROM "${tableName}" WHERE "${field.api_key}" IS NOT NULL OR _published_snapshot IS NOT NULL`);
+			for (const record of records) {
+				const dast = decodeJsonIfString(record[field.api_key]);
+				if (dast?.document?.children) {
+					const cleaned = removeBlockNodesFromDast(dast, blockIdSet);
+					yield* sql.unsafe(`UPDATE "${tableName}" SET "${field.api_key}" = ? WHERE id = ?`, [encodeJson(cleaned), record.id]);
+					cleanedRecords++;
+				}
+				yield* cleanPublishedSnapshot(sql, tableName, String(record.id), field.api_key, blockIdSet);
+			}
+			yield* sql.unsafe(`DELETE FROM "block_${blockApiKey}" WHERE _root_field_api_key = ? AND _root_record_id IN (SELECT id FROM "${tableName}")`, [field.api_key]);
+		}
+		validators.structured_text_blocks = whitelist.filter((b) => b !== blockApiKey);
+		yield* sql.unsafe("UPDATE fields SET validators = ? WHERE id = ?", [encodeJson(validators), fieldId]);
+		return {
+			removed: blockApiKey,
+			cleanedRecords,
+			blocksDeleted: blockIdSet.size
+		};
+	});
+}
+/**
+* P4.6: Remove a locale — strips the locale key from all localized field
+* values across all models.
+*/
+function removeLocale(localeId) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const locales = yield* sql.unsafe("SELECT id, code FROM locales WHERE id = ?", [localeId]);
+		if (locales.length === 0) return yield* new NotFoundError({
+			entity: "Locale",
+			id: localeId
+		});
+		const localeCode = locales[0].code;
+		const localizedFields = yield* sql.unsafe("SELECT * FROM fields WHERE localized = 1");
+		let updatedRecords = 0;
+		for (const field of localizedFields) {
+			const model = yield* sql.unsafe("SELECT * FROM models WHERE id = ?", [field.model_id]);
+			if (model.length === 0) continue;
+			const tableName = model[0].is_block ? `block_${model[0].api_key}` : `content_${model[0].api_key}`;
+			const records = yield* sql.unsafe(`SELECT id, "${field.api_key}" FROM "${tableName}" WHERE "${field.api_key}" IS NOT NULL`);
+			for (const record of records) {
+				const parsed = decodeJsonIfString(record[field.api_key]);
+				if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) continue;
+				const localeMap = parsed;
+				if (localeCode in localeMap) {
+					delete localeMap[localeCode];
+					yield* sql.unsafe(`UPDATE "${tableName}" SET "${field.api_key}" = ? WHERE id = ?`, [encodeJson(localeMap), record.id]);
+					updatedRecords++;
+				}
+			}
+		}
+		yield* sql.unsafe("DELETE FROM locales WHERE id = ?", [localeId]);
+		return {
+			deleted: localeCode,
+			updatedRecords,
+			fieldsScanned: localizedFields.length
+		};
+	});
+}
+/** Clean DAST inside a record's _published_snapshot for a given field */
+function cleanPublishedSnapshot(sql, tableName, recordId, fieldApiKey, blockIds) {
+	return Effect.gen(function* () {
+		const rows = yield* sql.unsafe(`SELECT _published_snapshot FROM "${tableName}" WHERE id = ?`, [recordId]);
+		if (!rows[0]?._published_snapshot) return;
+		const snapshot = decodeJsonRecordStringOr(rows[0]._published_snapshot, {});
+		if (Object.keys(snapshot).length === 0) return;
+		snapshot[fieldApiKey] = removeBlockNodesFromStructuredTextValue(decodeJsonIfString(snapshot[fieldApiKey]), blockIds);
+		yield* sql.unsafe(`UPDATE "${tableName}" SET _published_snapshot = ? WHERE id = ?`, [encodeJson(snapshot), recordId]);
+	});
+}
+/** Remove block/inlineBlock nodes whose item IDs are in the given set */
+function removeBlockNodesFromDast(dast, blockIds) {
+	if (!dast.document?.children) return dast;
+	return {
+		...dast,
+		document: {
+			...dast.document,
+			children: filterNodes(dast.document.children, blockIds)
+		}
+	};
+}
+function removeBlockNodesFromStructuredTextValue(value, blockIds) {
+	if (!value || typeof value !== "object" || Array.isArray(value)) return value;
+	const obj = value;
+	if (obj.value && typeof obj.value === "object" && obj.blocks && typeof obj.blocks === "object") {
+		const cleanedBlocks = { ...obj.blocks };
+		for (const blockId of blockIds) delete cleanedBlocks[blockId];
+		return {
+			...obj,
+			value: removeBlockNodesFromDast(obj.value, blockIds),
+			blocks: cleanedBlocks
+		};
+	}
+	if (obj.document?.children) return removeBlockNodesFromDast(obj, blockIds);
+	return value;
+}
+function filterNodes(nodes, blockIds) {
+	return nodes.filter((node) => {
+		if ((node.type === "block" || node.type === "inlineBlock") && typeof node.item === "string" && blockIds.has(node.item)) return false;
+		return true;
+	}).map((node) => {
+		if (Array.isArray(node.children)) return {
+			...node,
+			children: filterNodes(node.children, blockIds)
+		};
+		return node;
+	});
+}
+//#endregion
+//#region src/services/locale-service.ts
+function listLocales() {
+	return Effect.gen(function* () {
+		return yield* (yield* SqlClient.SqlClient).unsafe("SELECT * FROM locales ORDER BY position");
+	});
+}
+function createLocale(body) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		if ((yield* sql.unsafe("SELECT id FROM locales WHERE code = ?", [body.code])).length > 0) return yield* new DuplicateError({ message: `Locale '${body.code}' already exists` });
+		const allLocales = yield* sql.unsafe("SELECT id FROM locales");
+		const id = generateId();
+		const position = body.position ?? allLocales.length;
+		yield* sql.unsafe("INSERT INTO locales (id, code, position, fallback_locale_id) VALUES (?, ?, ?, ?)", [
+			id,
+			body.code,
+			position,
+			body.fallbackLocaleId ?? null
+		]);
+		return {
+			id,
+			code: body.code,
+			position,
+			fallbackLocaleId: body.fallbackLocaleId ?? null
+		};
+	});
+}
+function deleteLocale(id) {
+	return removeLocale(id);
+}
+//#endregion
+//#region src/services/schedule-service.ts
+function getContentModel(modelApiKey) {
+	return Effect.gen(function* () {
+		const models = yield* (yield* SqlClient.SqlClient).unsafe("SELECT * FROM models WHERE api_key = ? AND is_block = 0", [modelApiKey]);
+		if (models.length === 0) return yield* new NotFoundError({
+			entity: "Model",
+			id: modelApiKey
+		});
+		return models[0];
+	});
+}
+function validateScheduleAt(at) {
+	return Effect.gen(function* () {
+		if (at === null) return null;
+		if (Number.isNaN(Date.parse(at))) return yield* new ValidationError({ message: "Schedule time must be a valid ISO datetime string" });
+		return at;
+	});
+}
+function schedulePublish(modelApiKey, recordId, at, actor) {
+	return Effect.gen(function* () {
+		const model = yield* getContentModel(modelApiKey);
+		const sql = yield* SqlClient.SqlClient;
+		const tableName = `content_${model.api_key}`;
+		const scheduleAt = yield* validateScheduleAt(at);
+		if ((yield* sql.unsafe(`SELECT id FROM "${tableName}" WHERE id = ?`, [recordId])).length === 0) return yield* new NotFoundError({
+			entity: "Record",
+			id: recordId
+		});
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		yield* sql.unsafe(`UPDATE "${tableName}" SET _scheduled_publish_at = ?, _updated_at = ?, _updated_by = ? WHERE id = ?`, [
+			scheduleAt,
+			now,
+			actor?.label ?? null,
+			recordId
+		]);
+		return yield* selectById(tableName, recordId);
+	});
+}
+function scheduleUnpublish(modelApiKey, recordId, at, actor) {
+	return Effect.gen(function* () {
+		const model = yield* getContentModel(modelApiKey);
+		const sql = yield* SqlClient.SqlClient;
+		const tableName = `content_${model.api_key}`;
+		const scheduleAt = yield* validateScheduleAt(at);
+		if ((yield* sql.unsafe(`SELECT id FROM "${tableName}" WHERE id = ?`, [recordId])).length === 0) return yield* new NotFoundError({
+			entity: "Record",
+			id: recordId
+		});
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		yield* sql.unsafe(`UPDATE "${tableName}" SET _scheduled_unpublish_at = ?, _updated_at = ?, _updated_by = ? WHERE id = ?`, [
+			scheduleAt,
+			now,
+			actor?.label ?? null,
+			recordId
+		]);
+		return yield* selectById(tableName, recordId);
+	});
+}
+function clearSchedule(modelApiKey, recordId, actor) {
+	return Effect.gen(function* () {
+		const model = yield* getContentModel(modelApiKey);
+		const sql = yield* SqlClient.SqlClient;
+		const tableName = `content_${model.api_key}`;
+		if ((yield* sql.unsafe(`SELECT id FROM "${tableName}" WHERE id = ?`, [recordId])).length === 0) return yield* new NotFoundError({
+			entity: "Record",
+			id: recordId
+		});
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		yield* sql.unsafe(`UPDATE "${tableName}" SET _scheduled_publish_at = NULL, _scheduled_unpublish_at = NULL, _updated_at = ?, _updated_by = ? WHERE id = ?`, [
+			now,
+			actor?.label ?? null,
+			recordId
+		]);
+		return yield* selectById(tableName, recordId);
+	});
+}
+function runScheduledTransitions(now = /* @__PURE__ */ new Date(), actor = {
+	type: "admin",
+	label: "scheduler"
+}) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const nowIso = now.toISOString();
+		const models = yield* sql.unsafe("SELECT api_key FROM models WHERE is_block = 0 ORDER BY created_at");
+		const published = [];
+		const unpublished = [];
+		for (const model of models) {
+			const tableName = `content_${model.api_key}`;
+			const duePublish = yield* sql.unsafe(`SELECT id FROM "${tableName}" WHERE _scheduled_publish_at IS NOT NULL AND _scheduled_publish_at <= ? ORDER BY _scheduled_publish_at ASC`, [nowIso]);
+			for (const row of duePublish) {
+				yield* publishRecord(model.api_key, row.id, actor);
+				published.push({
+					modelApiKey: model.api_key,
+					recordId: row.id
+				});
+			}
+		}
+		for (const model of models) {
+			const tableName = `content_${model.api_key}`;
+			const dueUnpublish = yield* sql.unsafe(`SELECT id FROM "${tableName}" WHERE _scheduled_unpublish_at IS NOT NULL AND _scheduled_unpublish_at <= ? AND _status IN ('published', 'updated') ORDER BY _scheduled_unpublish_at ASC`, [nowIso]);
+			for (const row of dueUnpublish) {
+				yield* unpublishRecord(model.api_key, row.id, actor);
+				unpublished.push({
+					modelApiKey: model.api_key,
+					recordId: row.id
+				});
+			}
+		}
+		return {
+			now: nowIso,
+			published,
+			unpublished
+		};
+	});
+}
+//#endregion
+//#region src/services/input-schemas.ts
+/**
+* Effect Schema definitions for REST API request body validation.
+* Replaces manual type guard functions with runtime-verified decoding.
+*/
+const Int = Schema.Number.pipe(Schema.int());
+function finiteNumber(message) {
+	return Schema.Number.pipe(Schema.filter((value) => Number.isFinite(value), { message: () => message }));
+}
+function positiveInt(label) {
+	return Int.pipe(Schema.filter((value) => Number.isFinite(value) && value > 0, { message: () => `${label} must be a positive integer` }));
+}
+function nonNegativeFiniteNumber(label) {
+	return finiteNumber(`${label} must be a finite number`).pipe(Schema.filter((value) => value >= 0, { message: () => `${label} must be >= 0` }));
+}
+const UnitIntervalNumber = finiteNumber("Expected a finite number").pipe(Schema.filter((value) => value >= 0 && value <= 1, { message: () => "Expected a number between 0 and 1" }));
+const HttpUrlString = Schema.String.pipe(Schema.filter((value) => {
+	try {
+		const url = new URL(value);
+		return url.protocol === "http:" || url.protocol === "https:";
+	} catch {
+		return false;
+	}
+}, { message: () => "Expected a valid http:// or https:// URL" }));
+const CreateModelInput = Schema.Struct({
+	name: Schema.NonEmptyString,
+	apiKey: Schema.NonEmptyString,
+	isBlock: Schema.optionalWith(Schema.Boolean, { default: () => false }),
+	singleton: Schema.optionalWith(Schema.Boolean, { default: () => false }),
+	sortable: Schema.optionalWith(Schema.Boolean, { default: () => false }),
+	tree: Schema.optionalWith(Schema.Boolean, { default: () => false }),
+	hasDraft: Schema.optionalWith(Schema.Boolean, { default: () => true }),
+	allLocalesRequired: Schema.optionalWith(Schema.Boolean, { default: () => false }),
+	ordering: Schema.optional(Schema.String)
+});
+const CreateFieldInput = Schema.Struct({
+	label: Schema.NonEmptyString,
+	apiKey: Schema.NonEmptyString,
+	fieldType: Schema.NonEmptyString,
+	position: Schema.optional(Int.pipe(Schema.filter((value) => value >= 0, { message: () => "position must be >= 0" }))),
+	localized: Schema.optionalWith(Schema.Boolean, { default: () => false }),
+	validators: Schema.optionalWith(Schema.Record({
+		key: Schema.String,
+		value: Schema.Unknown
+	}), { default: () => ({}) }),
+	defaultValue: Schema.optional(Schema.Unknown),
+	appearance: Schema.optional(Schema.Unknown),
+	hint: Schema.optional(Schema.String),
+	fieldsetId: Schema.optional(Schema.String)
+});
+const CreateRecordInput = Schema.Struct({
+	id: Schema.optional(Schema.String),
+	modelApiKey: Schema.NonEmptyString,
+	data: Schema.optionalWith(Schema.Record({
+		key: Schema.String,
+		value: Schema.Unknown
+	}), { default: () => ({}) }),
+	overrides: Schema.optional(Schema.Struct({
+		createdAt: Schema.optional(Schema.String),
+		updatedAt: Schema.optional(Schema.String),
+		publishedAt: Schema.optional(Schema.String),
+		firstPublishedAt: Schema.optional(Schema.String)
+	}))
+});
+const PatchRecordInput = Schema.Struct({
+	modelApiKey: Schema.NonEmptyString,
+	data: Schema.optionalWith(Schema.Record({
+		key: Schema.String,
+		value: Schema.Unknown
+	}), { default: () => ({}) }),
+	overrides: Schema.optional(Schema.Struct({
+		createdAt: Schema.optional(Schema.String),
+		updatedAt: Schema.optional(Schema.String),
+		publishedAt: Schema.optional(Schema.String),
+		firstPublishedAt: Schema.optional(Schema.String)
+	}))
+});
+const CreateAssetInput = Schema.Struct({
+	id: Schema.optional(Schema.String),
+	filename: Schema.NonEmptyString,
+	mimeType: Schema.NonEmptyString,
+	size: Schema.optionalWith(nonNegativeFiniteNumber("size"), { default: () => 0 }),
+	width: Schema.optional(nonNegativeFiniteNumber("width")),
+	height: Schema.optional(nonNegativeFiniteNumber("height")),
+	alt: Schema.optional(Schema.String),
+	title: Schema.optional(Schema.String),
+	r2Key: Schema.optional(Schema.String),
+	blurhash: Schema.optional(Schema.String),
+	colors: Schema.optional(Schema.Array(Schema.String).pipe(Schema.filter((value) => value.length <= 16, { message: () => "colors must contain at most 16 entries" }))),
+	focalPoint: Schema.optional(Schema.Struct({
+		x: UnitIntervalNumber,
+		y: UnitIntervalNumber
+	})),
+	tags: Schema.optionalWith(Schema.Array(Schema.String).pipe(Schema.filter((value) => value.length <= 50, { message: () => "tags must contain at most 50 entries" })), { default: () => [] })
+});
+const ImportAssetFromUrlInput = Schema.Struct({
+	url: HttpUrlString,
+	filename: Schema.optional(Schema.String),
+	mimeType: Schema.optional(Schema.String),
+	alt: Schema.optional(Schema.String),
+	title: Schema.optional(Schema.String),
+	tags: Schema.optionalWith(Schema.Array(Schema.String), { default: () => [] })
+});
+const SearchAssetsInput = Schema.Struct({
+	query: Schema.optional(Schema.String),
+	limit: Schema.optionalWith(positiveInt("limit"), { default: () => 24 }),
+	offset: Schema.optionalWith(Int.pipe(Schema.filter((value) => value >= 0, { message: () => "offset must be >= 0" })), { default: () => 0 })
+});
+const UpdateAssetMetadataInput = Schema.Struct({
+	alt: Schema.optional(Schema.String),
+	title: Schema.optional(Schema.String)
+});
+const ReorderInput = Schema.Struct({
+	modelApiKey: Schema.NonEmptyString,
+	recordIds: Schema.Array(Schema.String).pipe(Schema.filter((value) => value.length <= 1e3, { message: () => "recordIds must contain at most 1000 entries" }))
+});
+Schema.Struct({
+	modelApiKey: Schema.NonEmptyString,
+	recordIds: Schema.Array(Schema.String).pipe(Schema.filter((value) => value.length >= 1, { message: () => "recordIds must contain at least 1 entry" }), Schema.filter((value) => value.length <= 1e3, { message: () => "recordIds must contain at most 1000 entries" }))
+});
+const ScheduleRecordInput = Schema.Struct({
+	modelApiKey: Schema.NonEmptyString,
+	at: Schema.NullOr(Schema.String.pipe(Schema.filter((value) => !Number.isNaN(Date.parse(value)), { message: () => "at must be a valid ISO datetime string or null" })))
+});
+const SearchInput = Schema.Struct({
+	query: Schema.String,
+	modelApiKey: Schema.optional(Schema.String),
+	first: Schema.optional(positiveInt("first")),
+	skip: Schema.optional(Int.pipe(Schema.filter((value) => value >= 0, { message: () => "skip must be >= 0" }))),
+	mode: Schema.optional(Schema.Literal("keyword", "semantic", "hybrid"))
+});
+const ReindexSearchInput = Schema.Struct({ modelApiKey: Schema.optional(Schema.String) });
+const CreateLocaleInput = Schema.Struct({
+	code: Schema.NonEmptyString,
+	position: Schema.optional(Int.pipe(Schema.filter((value) => value >= 0, { message: () => "position must be >= 0" }))),
+	fallbackLocaleId: Schema.optional(Schema.String)
+});
+const UpdateModelInput = Schema.Struct({
+	name: Schema.optional(Schema.NonEmptyString),
+	apiKey: Schema.optional(Schema.NonEmptyString),
+	singleton: Schema.optional(Schema.Boolean),
+	sortable: Schema.optional(Schema.Boolean),
+	hasDraft: Schema.optional(Schema.Boolean),
+	allLocalesRequired: Schema.optional(Schema.Boolean),
+	ordering: Schema.optional(Schema.NullOr(Schema.String))
+});
+const UpdateFieldInput = Schema.Struct({
+	label: Schema.optional(Schema.NonEmptyString),
+	apiKey: Schema.optional(Schema.NonEmptyString),
+	fieldType: Schema.optional(Schema.NonEmptyString),
+	position: Schema.optional(Int.pipe(Schema.filter((value) => value >= 0, { message: () => "position must be >= 0" }))),
+	localized: Schema.optional(Schema.Boolean),
+	validators: Schema.optional(Schema.Record({
+		key: Schema.String,
+		value: Schema.Unknown
+	})),
+	hint: Schema.optional(Schema.String),
+	appearance: Schema.optional(Schema.Unknown)
+});
+const BulkCreateRecordsInput = Schema.Struct({
+	modelApiKey: Schema.NonEmptyString,
+	records: Schema.Array(Schema.Record({
+		key: Schema.String,
+		value: Schema.Unknown
+	}))
+});
+const SchemaExportFieldSchema = Schema.Struct({
+	label: Schema.String,
+	apiKey: Schema.String,
+	fieldType: Schema.String,
+	position: Schema.Number,
+	localized: Schema.Boolean,
+	validators: Schema.Record({
+		key: Schema.String,
+		value: Schema.Unknown
+	}),
+	hint: Schema.NullOr(Schema.String)
+});
+const SchemaExportModelSchema = Schema.Struct({
+	name: Schema.String,
+	apiKey: Schema.String,
+	isBlock: Schema.Boolean,
+	singleton: Schema.Boolean,
+	sortable: Schema.Boolean,
+	tree: Schema.Boolean,
+	hasDraft: Schema.Boolean,
+	ordering: Schema.optionalWith(Schema.NullOr(Schema.String), { default: () => null }),
+	fields: Schema.Array(SchemaExportFieldSchema)
+});
+const SchemaExportLocaleSchema = Schema.Struct({
+	code: Schema.String,
+	position: Schema.Number,
+	fallbackLocale: Schema.NullOr(Schema.String)
+});
+const PatchBlocksInput = Schema.Struct({
+	recordId: Schema.NonEmptyString,
+	modelApiKey: Schema.NonEmptyString,
+	fieldApiKey: Schema.NonEmptyString,
+	value: Schema.optional(Schema.Unknown),
+	blocks: Schema.Record({
+		key: Schema.String,
+		value: Schema.NullOr(Schema.Unknown)
+	})
+});
+const ImportSchemaInput = Schema.Struct({
+	version: Schema.Literal(1),
+	locales: Schema.optionalWith(Schema.Array(SchemaExportLocaleSchema), { default: () => [] }),
+	models: Schema.Array(SchemaExportModelSchema)
+});
+const CreateUploadUrlInput = Schema.Struct({
+	filename: Schema.NonEmptyString,
+	mimeType: Schema.NonEmptyString
+});
+const CreateEditorTokenInput = Schema.Struct({
+	name: Schema.NonEmptyString,
+	expiresIn: Schema.optional(Int.pipe(Schema.positive(), Schema.filter((value) => value <= 3600 * 24 * 365, { message: () => "expiresIn must be <= 31536000 seconds" })))
+});
+//#endregion
+//#region src/services/schema-io.ts
+/**
+* Schema import/export — portable JSON format for CMS schemas.
+*
+* Export produces a self-contained JSON with no IDs (references by api_key).
+* Import creates all locales, models, and fields in dependency order.
+*/
+function exportSchema() {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const localeRows = yield* sql.unsafe("SELECT * FROM locales ORDER BY position");
+		const modelRows = yield* sql.unsafe("SELECT * FROM models ORDER BY is_block, created_at");
+		const fieldRows = yield* sql.unsafe("SELECT * FROM fields ORDER BY model_id, position");
+		const localeIdToCode = /* @__PURE__ */ new Map();
+		for (const l of localeRows) localeIdToCode.set(l.id, l.code);
+		const locales = localeRows.map((l) => ({
+			code: l.code,
+			position: l.position,
+			fallbackLocale: l.fallback_locale_id ? localeIdToCode.get(l.fallback_locale_id) ?? null : null
+		}));
+		const fieldsByModelId = /* @__PURE__ */ new Map();
+		for (const f of fieldRows) {
+			const list = fieldsByModelId.get(f.model_id) ?? [];
+			list.push(f);
+			fieldsByModelId.set(f.model_id, list);
+		}
+		return {
+			version: 1,
+			locales,
+			models: modelRows.map((m) => ({
+				name: m.name,
+				apiKey: m.api_key,
+				isBlock: !!m.is_block,
+				singleton: !!m.singleton,
+				sortable: !!m.sortable,
+				tree: !!m.tree,
+				hasDraft: !!m.has_draft,
+				ordering: m.ordering,
+				fields: (fieldsByModelId.get(m.id) ?? []).map((f) => ({
+					label: f.label,
+					apiKey: f.api_key,
+					fieldType: f.field_type,
+					position: f.position,
+					localized: !!f.localized,
+					validators: decodeJsonRecordStringOr(f.validators || "{}", {}),
+					hint: f.hint
+				}))
+			}))
+		};
+	});
+}
+function importSchema(s) {
+	return Effect.gen(function* () {
+		const stats = {
+			locales: 0,
+			models: 0,
+			fields: 0
+		};
+		const localeCodeToId = /* @__PURE__ */ new Map();
+		if (s.locales.length > 0) {
+			const sortedLocales = [...s.locales].sort((a, b) => a.position - b.position);
+			for (const locale of sortedLocales) {
+				const result = yield* createLocale({
+					code: locale.code,
+					position: locale.position
+				});
+				localeCodeToId.set(locale.code, result.id);
+				stats.locales++;
+			}
+			const sql = yield* SqlClient.SqlClient;
+			for (const locale of sortedLocales) if (locale.fallbackLocale) {
+				const fallbackId = localeCodeToId.get(locale.fallbackLocale);
+				if (fallbackId) {
+					const localeId = localeCodeToId.get(locale.code);
+					yield* sql.unsafe("UPDATE locales SET fallback_locale_id = ? WHERE id = ?", [fallbackId, localeId]);
+				}
+			}
+		}
+		const modelApiKeyToId = /* @__PURE__ */ new Map();
+		for (const model of s.models) {
+			const result = yield* createModel({
+				name: model.name,
+				apiKey: model.apiKey,
+				isBlock: model.isBlock,
+				singleton: model.singleton,
+				sortable: model.sortable,
+				tree: model.tree,
+				hasDraft: model.hasDraft,
+				allLocalesRequired: false,
+				ordering: model.ordering ?? void 0
+			});
+			modelApiKeyToId.set(model.apiKey, result.id);
+			stats.models++;
+		}
+		for (const model of s.models) {
+			const modelId = modelApiKeyToId.get(model.apiKey);
+			if (modelId === void 0) return yield* new ValidationError({ message: `Model "${model.apiKey}" was not created — cannot attach fields` });
+			for (const field of model.fields) {
+				yield* createField(modelId, {
+					label: field.label,
+					apiKey: field.apiKey,
+					fieldType: field.fieldType,
+					position: field.position,
+					localized: field.localized,
+					validators: field.validators,
+					hint: field.hint ?? void 0
+				});
+				stats.fields++;
+			}
+		}
+		return stats;
+	});
+}
+//#endregion
+//#region src/services/token-service.ts
+function generateToken() {
+	const bytes = new Uint8Array(24);
+	crypto.getRandomValues(bytes);
+	return `etk_${Array.from(bytes, (b) => b.toString(36).padStart(2, "0")).join("")}`;
+}
+function generateTokenId() {
+	return `etid_${crypto.randomUUID()}`;
+}
+function getTokenPrefix(token) {
+	return token.slice(0, 12);
+}
+function isLegacyStoredToken(row) {
+	return row.secret_hash === null;
+}
+function hashToken(token) {
+	return Effect.tryPromise({
+		try: async () => {
+			const digest = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(token));
+			return Array.from(new Uint8Array(digest), (byte) => byte.toString(16).padStart(2, "0")).join("");
+		},
+		catch: (cause) => new ValidationError({ message: `Failed to hash editor token: ${cause instanceof Error ? cause.message : String(cause)}` })
+	});
+}
+function createEditorToken(input) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const token = generateToken();
+		const id = generateTokenId();
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		const expiresIn = input.expiresIn;
+		if (expiresIn !== void 0 && expiresIn <= 0) return yield* new ValidationError({ message: "expiresIn must be a positive integer" });
+		const expiresAt = expiresIn !== void 0 ? new Date(Date.now() + expiresIn * 1e3).toISOString() : null;
+		const tokenPrefix = getTokenPrefix(token);
+		const secretHash = yield* hashToken(token);
+		yield* sql.unsafe(`INSERT INTO editor_tokens (id, name, token_prefix, secret_hash, created_at, expires_at) VALUES (?, ?, ?, ?, ?, ?)`, [
+			id,
+			input.name,
+			tokenPrefix,
+			secretHash,
+			now,
+			expiresAt
+		]);
+		return {
+			id,
+			token,
+			tokenPrefix,
+			name: input.name,
+			createdAt: now,
+			expiresAt
+		};
+	});
+}
+function listEditorTokens() {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		return yield* sql.unsafe(`SELECT id, name, token_prefix, created_at, last_used_at, expires_at
+       FROM editor_tokens
+       WHERE expires_at IS NULL OR expires_at > ?
+       ORDER BY created_at DESC`, [now]);
+	});
+}
+function revokeEditorToken(id) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		if ((yield* sql.unsafe("SELECT id FROM editor_tokens WHERE id = ?", [id])).length === 0) return yield* new NotFoundError({
+			entity: "EditorToken",
+			id
+		});
+		yield* sql.unsafe("DELETE FROM editor_tokens WHERE id = ?", [id]);
+		return { ok: true };
+	});
+}
+function validateEditorToken(token) {
+	return Effect.gen(function* () {
+		const sql = yield* SqlClient.SqlClient;
+		const secretHash = yield* hashToken(token);
+		const hashedRows = yield* sql.unsafe("SELECT * FROM editor_tokens WHERE secret_hash = ?", [secretHash]);
+		const legacyRows = hashedRows.length === 0 ? yield* sql.unsafe("SELECT * FROM editor_tokens WHERE id = ?", [token]) : [];
+		if (hashedRows.length === 0 && legacyRows.length === 0) return yield* new UnauthorizedError({ message: "Invalid editor token" });
+		const row = hashedRows[0] ?? legacyRows[0];
+		if (row.expires_at && new Date(row.expires_at) < /* @__PURE__ */ new Date()) return yield* new UnauthorizedError({ message: "Editor token has expired" });
+		const now = (/* @__PURE__ */ new Date()).toISOString();
+		yield* sql.unsafe("UPDATE editor_tokens SET last_used_at = ? WHERE id = ?", [now, row.id]);
+		if (isLegacyStoredToken(row)) return {
+			id: row.id,
+			name: row.name,
+			token_prefix: getTokenPrefix(token),
+			created_at: row.created_at,
+			last_used_at: now,
+			expires_at: row.expires_at
+		};
+		return row;
+	});
+}
+//#endregion
+export { listRecords as $, scheduleUnpublish as A, getAsset as B, SearchInput as C, clearSchedule as D, UpdateModelInput as E, removeBlockType as F, updateAssetMetadata as G, listAssets as H, removeLocale as I, publishRecord as J, bulkPublishRecords as K, AssetImportContext as L, deleteLocale as M, listLocales as N, runScheduledTransitions as O, removeBlockFromWhitelist as P, getRecord as Q, createAsset as R, SearchAssetsInput as S, UpdateFieldInput as T, replaceAsset as U, importAssetFromUrl as V, searchAssets as W, bulkCreateRecords as X, unpublishRecord as Y, createRecord as Z, PatchBlocksInput as _, updateModel as _t, exportSchema as a, getVersion as at, ReorderInput as b, VectorizeContext as bt, CreateAssetInput as c, HooksContext as ct, CreateLocaleInput as d, listFields as dt, patchBlocksForField as et, CreateModelInput as f, updateField as ft, ImportSchemaInput as g, listModels as gt, ImportAssetFromUrlInput as h, getModel as ht, validateEditorToken as i, updateSingletonRecord as it, createLocale as j, schedulePublish as k, CreateEditorTokenInput as l, createField as lt, CreateUploadUrlInput as m, deleteModel as mt, listEditorTokens as n, removeRecord as nt, importSchema as o, listVersions as ot, CreateRecordInput as p, createModel as pt, bulkUnpublishRecords as q, revokeEditorToken as r, reorderRecords as rt, BulkCreateRecordsInput as s, restoreVersion as st, createEditorToken as t, patchRecord as tt, CreateFieldInput as u, deleteField as ut, PatchRecordInput as v, reindexAll as vt, UpdateAssetMetadataInput as w, ScheduleRecordInput as x, ReindexSearchInput as y, search as yt, deleteAsset as z };
+
+//# sourceMappingURL=token-service-BDjccMmz.mjs.map