canopycms 0.0.16 → 0.0.18

package/dist/api/groups.js

@@ -1,8 +1,8 @@
 import { z } from 'zod';
-import { loadInternalGroups, saveInternalGroups, loadGroupsFile, RESERVED_GROUPS, isReservedGroup, } from '../authorization';
-import { defineEndpoint } from './route-builder';
-import { getSettingsBranchContext, commitSettings } from './settings-helpers';
-import { generateId } from '../id';
+import { loadInternalGroups, saveInternalGroups, loadGroupsFile, RESERVED_GROUPS, isReservedGroup, } from '../authorization/index.js';
+import { defineEndpoint } from './route-builder.js';
+import { getSettingsBranchContext, commitSettings } from './settings-helpers.js';
+import { generateId } from '../id.js';
 // ============================================================================
 // Zod Schemas for Validation
 // ============================================================================

package/dist/api/guards.js

@@ -15,7 +15,7 @@
  * })
  * ```
  */
-import { isAdmin, isReviewer, isPrivileged } from '../authorization/helpers';
+import { isAdmin, isReviewer, isPrivileged } from '../authorization/helpers.js';
 // ============================================================================
 // Guard runner implementations
 // ============================================================================

package/dist/api/index.js

@@ -1,8 +1,8 @@
 // Content API uses path-based routing now - no separate params/body types exported
 // Export route definitions
-export { USER_ROUTES } from './user';
+export { USER_ROUTES } from './user.js';
 // Note: SCHEMA_ROUTES is not exported here because it imports server-only code (fs module).
-// Import it directly from './schema' in server-side code when needed.
+// Import it directly from './schema.js' in server-side code when needed.
 // Export client
-export { CanopyApiClient, createApiClient } from './client';
+export { CanopyApiClient, createApiClient } from './client.js';
 //# sourceMappingURL=index.js.map

package/dist/api/permissions.js

@@ -1,8 +1,8 @@
 import { z } from 'zod';
-import { loadPathPermissions, savePathPermissions, loadPermissionsFile } from '../authorization';
-import { permissionPathSchema } from './validators';
-import { defineEndpoint } from './route-builder';
-import { getSettingsBranchContext, commitSettings } from './settings-helpers';
+import { loadPathPermissions, savePathPermissions, loadPermissionsFile } from '../authorization/index.js';
+import { permissionPathSchema } from './validators.js';
+import { defineEndpoint } from './route-builder.js';
+import { getSettingsBranchContext, commitSettings } from './settings-helpers.js';
 // ============================================================================
 // Zod Schemas for Validation
 // ============================================================================

package/dist/api/reference-options.js

@@ -1,9 +1,9 @@
 import { z } from 'zod';
-import { ContentStore } from '../content-store';
-import { defineEndpoint } from './route-builder';
-import { ReferenceResolver } from '../reference-resolver';
-import { parseLogicalPath } from '../paths';
-import { branchNameSchema } from './validators';
+import { ContentStore } from '../content-store.js';
+import { defineEndpoint } from './route-builder.js';
+import { ReferenceResolver } from '../reference-resolver.js';
+import { parseLogicalPath } from '../paths/index.js';
+import { branchNameSchema } from './validators.js';
 // ============================================================================
 // Zod Schemas for Validation
 // ============================================================================

package/dist/api/resolve-references.js

@@ -1,8 +1,8 @@
 import { z } from 'zod';
-import { ContentStore } from '../content-store';
-import { defineEndpoint } from './route-builder';
-import { ReferenceResolver } from '../reference-resolver';
-import { branchNameSchema, contentIdSchema } from './validators';
+import { ContentStore } from '../content-store.js';
+import { defineEndpoint } from './route-builder.js';
+import { ReferenceResolver } from '../reference-resolver.js';
+import { branchNameSchema, contentIdSchema } from './validators.js';
 // ============================================================================
 // Zod Schemas for Validation
 // ============================================================================

package/dist/api/route-builder.js

@@ -8,7 +8,7 @@
  * - Makes code generation trivial (no regex parsing needed)
  * - Self-documents the API surface
  */
-import { executeGuards } from './guards';
+import { executeGuards } from './guards.js';
 /**
  * Global registry - generator reads this
  */

package/dist/api/schema.js

@@ -11,11 +11,11 @@
  */
 import { z } from 'zod';
 import path from 'node:path';
-import { defineEndpoint } from './route-builder';
-import { getErrorMessage } from '../utils/error';
-import { branchNameSchema, logicalPathSchema } from './validators';
-import { SchemaOps, createCollectionInputSchema, updateCollectionInputSchema, entryTypeInputSchema, updateEntryTypeInputSchema, } from '../schema/schema-store';
-import { parseLogicalPath } from '../paths';
+import { defineEndpoint } from './route-builder.js';
+import { getErrorMessage } from '../utils/error.js';
+import { branchNameSchema, logicalPathSchema } from './validators.js';
+import { SchemaOps, createCollectionInputSchema, updateCollectionInputSchema, entryTypeInputSchema, updateEntryTypeInputSchema, } from '../schema/schema-store.js';
+import { parseLogicalPath } from '../paths/index.js';
 /**
  * Resolve the schemaRef for an entry type. Uses the explicit schemaRef if set,
  * otherwise does a reverse lookup in the registry by matching the schema array.

package/dist/api/settings-helpers.js

@@ -1,4 +1,4 @@
-import { operatingStrategy } from '../operating-mode';
+import { operatingStrategy } from '../operating-mode/index.js';
 /**
  * Get the appropriate root path for settings (permissions/groups).
  * Returns the settings root managed by the settings workspace.

package/dist/api/user.js

@@ -1,4 +1,4 @@
-import { defineEndpoint } from './route-builder';
+import { defineEndpoint } from './route-builder.js';
 /**
  * Get current user info
  * This is a PUBLIC endpoint - no special permissions required

package/dist/api/validators.js

@@ -6,7 +6,7 @@
  *
  * Usage:
  * ```ts
- * import { branchNameSchema, logicalPathSchema } from './validators'
+ * import { branchNameSchema, logicalPathSchema } from './validators.js'
  *
  * const paramsSchema = z.object({
  *   branch: branchNameSchema,
@@ -20,8 +20,8 @@
  * ```
  */
 import { z } from 'zod';
-import { parseBranchName, parseLogicalPath, parseContentId, parseSlug, } from '../paths';
-import { parsePermissionPath } from '../authorization';
+import { parseBranchName, parseLogicalPath, parseContentId, parseSlug, } from '../paths/index.js';
+import { parsePermissionPath } from '../authorization/index.js';
 /**
  * Zod schema for BranchName - validates git branch naming rules and brands.
  *

package/dist/asset-store.js

@@ -1,6 +1,6 @@
 import fs from 'node:fs/promises';
 import path from 'node:path';
-import { isNotFoundError } from './utils/error';
+import { isNotFoundError } from './utils/error.js';
 const normalizeKey = (key) => key.replace(/^\/+/, '');
 /**
  * Local filesystem asset store for dev and tests. In production, swap with S3 adapter.

package/dist/auth/cache.js

@@ -3,6 +3,6 @@
  * These use node:fs/promises and must NOT be imported in client bundles.
  * Use 'canopycms/auth/cache' as the import path.
  */
-export { FileBasedAuthCache, writeAuthCacheSnapshot } from './file-based-auth-cache';
-export { CachingAuthPlugin } from './caching-auth-plugin';
+export { FileBasedAuthCache, writeAuthCacheSnapshot } from './file-based-auth-cache.js';
+export { CachingAuthPlugin } from './caching-auth-plugin.js';
 //# sourceMappingURL=cache.js.map

package/dist/auth/caching-auth-plugin.js

@@ -1,4 +1,4 @@
-import { createDebugLogger } from '../utils/debug';
+import { createDebugLogger } from '../utils/debug.js';
 const log = createDebugLogger({ prefix: 'CachingAuthPlugin' });
 /**
  * Auth plugin that wraps a token verifier with cached metadata lookups.

package/dist/auth/file-based-auth-cache.js

@@ -1,6 +1,6 @@
 import fs from 'node:fs/promises';
 import path from 'node:path';
-import { createDebugLogger } from '../utils/debug';
+import { createDebugLogger } from '../utils/debug.js';
 const log = createDebugLogger({ prefix: 'FileBasedAuthCache' });
 /**
  * Resolve the active cache directory.

package/dist/auth/index.js

@@ -1,2 +1,2 @@
-export { isCanopyRequest, isHeadersLike, extractHeaders, validateAuthContext, } from './context-helpers';
+export { isCanopyRequest, isHeadersLike, extractHeaders, validateAuthContext, } from './context-helpers.js';
 //# sourceMappingURL=index.js.map

package/dist/authorization/branch.js

@@ -3,7 +3,7 @@
  *
  * Handles checking if a user can access a branch based on ACLs.
  */
-import { isAdmin, isReviewer } from './helpers';
+import { isAdmin, isReviewer } from './helpers.js';
 /**
  * Check if user has access to a branch with explicit default behavior.
  */

package/dist/authorization/content.js

@@ -6,7 +6,7 @@
  *
  * Usage:
  * ```ts
- * import { checkContentAccess } from './authorization'
+ * import { checkContentAccess } from './authorization.js'
  *
  * const result = await checkContentAccess(deps, context, branchRoot, 'content/posts/my-post.mdx', user, 'edit')
  * if (result.allowed) {
@@ -14,8 +14,8 @@
  * }
  * ```
  */
-import { operatingStrategy } from '../operating-mode';
-import { createCheckPathAccess } from './path';
+import { operatingStrategy } from '../operating-mode/index.js';
+import { createCheckPathAccess } from './path.js';
 /**
  * Check content access by evaluating both branch and path permissions.
  * Path permissions are loaded dynamically from the branch root.

package/dist/authorization/groups/index.js

@@ -1,6 +1,6 @@
 /**
  * Groups module exports
  */
-export { GroupsFileSchema, createDefaultGroupsFile, } from './schema';
-export { loadGroupsFile, loadInternalGroups, saveInternalGroups } from './loader';
+export { GroupsFileSchema, createDefaultGroupsFile, } from './schema.js';
+export { loadGroupsFile, loadInternalGroups, saveInternalGroups } from './loader.js';
 //# sourceMappingURL=index.js.map

package/dist/authorization/groups/loader.js

@@ -4,10 +4,10 @@
  * Handles loading and saving internal groups from the filesystem.
  */
 import { promises as fs } from 'node:fs';
-import { GroupsFileSchema } from './schema';
-import { operatingStrategy } from '../../operating-mode';
-import { RESERVED_GROUPS } from '../helpers';
-import { atomicWriteFile } from '../../utils/atomic-write';
+import { GroupsFileSchema } from './schema.js';
+import { operatingStrategy } from '../../operating-mode/index.js';
+import { RESERVED_GROUPS } from '../helpers.js';
+import { atomicWriteFile } from '../../utils/atomic-write.js';
 /**
  * Get the appropriate groups file path based on mode
  */

package/dist/authorization/index.js

@@ -8,7 +8,7 @@
  * For most use cases, use `checkContentAccess` which handles both branch and path permissions:
  *
  * ```ts
- * import { checkContentAccess } from './authorization'
+ * import { checkContentAccess } from './authorization.js'
  *
  * const result = await checkContentAccess(deps, context, branchRoot, 'content/posts/post.mdx', user, 'edit')
  * if (result.allowed) {
@@ -26,17 +26,17 @@
  * - `groups/` - Groups file schema and loader
  */
 // Validation
-export { parsePermissionPath } from './validation';
+export { parsePermissionPath } from './validation.js';
 // Main content access (recommended for most cases)
-export { checkContentAccess, createCheckContentAccess } from './content';
+export { checkContentAccess, createCheckContentAccess } from './content.js';
 // Branch-level access
-export { checkBranchAccessWithDefault, createCheckBranchAccess, canPerformWorkflowAction, } from './branch';
+export { checkBranchAccessWithDefault, createCheckBranchAccess, canPerformWorkflowAction, } from './branch.js';
 // Path-level access
-export { checkPathAccess, createCheckPathAccess } from './path';
+export { checkPathAccess, createCheckPathAccess } from './path.js';
 // Helper functions
-export { RESERVED_GROUPS, isReservedGroup, isAdmin, isReviewer, isPrivileged, } from './helpers';
+export { RESERVED_GROUPS, isReservedGroup, isAdmin, isReviewer, isPrivileged, } from './helpers.js';
 // Permissions file handling
-export { PermissionsFileSchema, createDefaultPermissionsFile, loadPermissionsFile, loadPathPermissions, savePathPermissions, ensurePermissionsFile, } from './permissions';
+export { PermissionsFileSchema, createDefaultPermissionsFile, loadPermissionsFile, loadPathPermissions, savePathPermissions, ensurePermissionsFile, } from './permissions/index.js';
 // Groups file handling
-export { GroupsFileSchema, createDefaultGroupsFile, loadGroupsFile, loadInternalGroups, saveInternalGroups, } from './groups';
+export { GroupsFileSchema, createDefaultGroupsFile, loadGroupsFile, loadInternalGroups, saveInternalGroups, } from './groups/index.js';
 //# sourceMappingURL=index.js.map

package/dist/authorization/path.js

@@ -5,7 +5,7 @@
  */
 import path from 'node:path';
 import { minimatch } from 'minimatch';
-import { isAdmin } from './helpers';
+import { isAdmin } from './helpers.js';
 /**
  * Normalize a path for consistent matching
  */

package/dist/authorization/permissions/index.js

@@ -1,6 +1,6 @@
 /**
  * Permissions module exports
  */
-export { PermissionsFileSchema, createDefaultPermissionsFile } from './schema';
-export { loadPermissionsFile, loadPathPermissions, savePathPermissions, ensurePermissionsFile, } from './loader';
+export { PermissionsFileSchema, createDefaultPermissionsFile } from './schema.js';
+export { loadPermissionsFile, loadPathPermissions, savePathPermissions, ensurePermissionsFile, } from './loader.js';
 //# sourceMappingURL=index.js.map

package/dist/authorization/permissions/loader.js

@@ -4,9 +4,9 @@
  * Handles loading and saving path permissions from the filesystem.
  */
 import fs from 'node:fs/promises';
-import { PermissionsFileSchema } from './schema';
-import { operatingStrategy } from '../../operating-mode';
-import { atomicWriteFile } from '../../utils/atomic-write';
+import { PermissionsFileSchema } from './schema.js';
+import { operatingStrategy } from '../../operating-mode/index.js';
+import { atomicWriteFile } from '../../utils/atomic-write.js';
 /**
  * Get the appropriate permissions file path based on mode
  */

package/dist/authorization/permissions/schema.js

@@ -2,7 +2,7 @@
  * Schema for permissions.json file
  */
 import { z } from 'zod';
-import { parsePermissionPath } from '../validation';
+import { parsePermissionPath } from '../validation.js';
 const permissionTargetSchema = z.object({
     allowedUsers: z.array(z.string()).optional(),
     allowedGroups: z.array(z.string()).optional(),

package/dist/authorization/test-utils.js

@@ -6,7 +6,7 @@
  *
  * @example
  * // In test files only:
- * import { unsafeAsPermissionPath } from '../authorization/test-utils'
+ * import { unsafeAsPermissionPath } from '../authorization/test-utils.js'
  */
 /** Test-only: cast a string to PermissionPath without validation. */
 export const unsafeAsPermissionPath = (path) => path;

package/dist/authorization/validation.js

@@ -4,7 +4,7 @@
  * SECURITY CRITICAL: These functions validate permission paths
  * to prevent path traversal attacks.
  */
-import { hasTraversalSequence } from '../paths/normalize';
+import { hasTraversalSequence } from '../paths/normalize.js';
 /**
  * Parse and validate a PermissionPath.
  *

package/dist/branch-metadata.js

@@ -1,9 +1,9 @@
 import { randomUUID } from 'node:crypto';
 import fs from 'node:fs/promises';
 import path from 'node:path';
-import { BranchRegistry } from './branch-registry';
-import { resolveBranchPath } from './paths';
-import { isFileExistsError, isNotFoundError } from './utils/error';
+import { BranchRegistry } from './branch-registry.js';
+import { resolveBranchPath } from './paths/index.js';
+import { isFileExistsError, isNotFoundError } from './utils/error.js';
 const BRANCH_META_DIR = '.canopy-meta';
 const BRANCH_META_FILE = 'branch.json';
 const CURRENT_SCHEMA_VERSION = 1;

package/dist/branch-registry.js

@@ -1,7 +1,7 @@
 import fs from 'node:fs/promises';
 import path from 'node:path';
-import { BranchMetadataFileManager } from './branch-metadata';
-import { isNotFoundError } from './utils/error';
+import { BranchMetadataFileManager } from './branch-metadata.js';
+import { isNotFoundError } from './utils/error.js';
 // Registry files are stored directly in the branches root (not in a subdirectory)
 const REGISTRY_FILE = 'branches.json';
 const REGISTRY_STALE_FILE = 'branches.stale.json';

package/dist/branch-schema-cache.js

@@ -1,7 +1,7 @@
 import fs from 'node:fs/promises';
 import path from 'node:path';
-import { resolveSchema, isValidSchema } from './schema/resolver';
-import { flattenSchema } from './config/flatten';
+import { resolveSchema, isValidSchema } from './schema/resolver.js';
+import { flattenSchema } from './config/flatten.js';
 /** Bump when BranchSchemaCacheEntry shape changes to auto-invalidate stale caches */
 const SCHEMA_CACHE_VERSION = 2;
 /** Minimum interval between mtime staleness checks (ms) */

package/dist/branch-workspace.js

@@ -1,8 +1,8 @@
-import { ensureBranchRoot } from './paths';
-import { getBranchMetadataFileManager, loadBranchContext } from './branch-metadata';
-import { isDeployedStatic } from './build-mode';
-import { GitManager } from './git-manager';
-import { createDebugLogger } from './utils/debug';
+import { ensureBranchRoot } from './paths/index.js';
+import { getBranchMetadataFileManager, loadBranchContext } from './branch-metadata.js';
+import { isDeployedStatic } from './build-mode.js';
+import { GitManager } from './git-manager.js';
+import { createDebugLogger } from './utils/debug.js';
 const log = createDebugLogger({ prefix: 'BranchWorkspace' });
 // In-memory lock to prevent concurrent workspace initialization
 const workspaceInitLocks = new Map();
@@ -84,7 +84,7 @@ export class BranchWorkspaceManager {
         };
     }
 }
-export { loadBranchContext } from './branch-metadata';
+export { loadBranchContext } from './branch-metadata.js';
 /**
  * Load an existing branch context, or create the workspace if it doesn't exist yet.
  *

package/dist/build/generate-ai-content.js

@@ -6,10 +6,10 @@
  */
 import fs from 'node:fs/promises';
 import path from 'node:path';
-import { ContentStore } from '../content-store';
-import { BranchSchemaCache } from '../branch-schema-cache';
-import { generateAIContent } from '../ai/generate';
-import { resolveBranchRoot } from '../ai/resolve-branch';
+import { ContentStore } from '../content-store.js';
+import { BranchSchemaCache } from '../branch-schema-cache.js';
+import { generateAIContent } from '../ai/generate.js';
+import { resolveBranchRoot } from '../ai/resolve-branch.js';
 /**
  * Generate AI content files and write them to disk.
  *

package/dist/build/index.js

@@ -3,5 +3,5 @@
  *
  * Provides static build utilities for pre-generating content.
  */
-export { generateAIContentFiles } from './generate-ai-content';
+export { generateAIContentFiles } from './generate-ai-content.js';
 //# sourceMappingURL=index.js.map

package/dist/cli/cli.js

@@ -33,7 +33,7 @@ export function resolveSyncDirection(push, pull, abort) {
 async function main() {
     const { argv, flags, command } = parseArgs(process.argv.slice(2));
     if (command === 'init') {
-        const { init } = await import('./init');
+        const { init } = await import('./init.js');
         const nonInteractive = flags['non-interactive'] === true;
         const force = flags['force'] === true;
         const mode = 'dev';
@@ -84,7 +84,7 @@ async function main() {
         });
     }
     else if (command === 'init-deploy') {
-        const { initDeployAws } = await import('./init');
+        const { initDeployAws } = await import('./init.js');
         const cloud = argv._[1];
         if (cloud !== 'aws') {
             console.error('Usage: canopycms init-deploy aws');
@@ -99,7 +99,7 @@ async function main() {
         });
     }
     else if (command === 'worker') {
-        const { workerRunOnce } = await import('./init');
+        const { workerRunOnce } = await import('./init.js');
         const subcommand = argv._[1];
         if (subcommand !== 'run-once') {
             console.error('Usage: canopycms worker run-once');
@@ -127,7 +127,7 @@ async function main() {
         await workerRunOnce({ projectDir: process.cwd(), authPlugin });
     }
     else if (command === 'generate-ai-content') {
-        const { generateAIContentCLI } = await import('./generate-ai-content');
+        const { generateAIContentCLI } = await import('./generate-ai-content.js');
         await generateAIContentCLI({
             projectDir: process.cwd(),
             outputDir: typeof flags['output'] === 'string' ? flags['output'] : undefined,
@@ -136,7 +136,7 @@ async function main() {
         });
     }
     else if (command === 'sync') {
-        const { sync } = await import('./sync');
+        const { sync } = await import('./sync.js');
         const direction = resolveSyncDirection(flags['push'] === true, flags['pull'] === true, flags['abort'] === true);
         await sync({
             projectDir: process.cwd(),