cms-renderer 0.0.0 → 0.1.1

package/dist/lib/markdown-utils.js

@@ -0,0 +1,137 @@
+import {
+  err,
+  ok
+} from "../chunk-HVKFEZBT.js";
+
+// lib/markdown-utils.ts
+import { mdToJSON } from "md4w";
+var ParseErrorCode = {
+  INVALID_INPUT: "INVALID_INPUT",
+  EMPTY_CONTENT: "EMPTY_CONTENT",
+  PARSE_FAILED: "PARSE_FAILED",
+  CONTENT_TOO_LONG: "CONTENT_TOO_LONG",
+  NESTED_TOO_DEEP: "NESTED_TOO_DEEP"
+};
+var DEFAULT_MAX_LENGTH = 5e5;
+var XSS_PATTERNS = [
+  /<script\b/i,
+  /javascript:/i,
+  /on\w+\s*=/i,
+  // onclick=, onerror=, etc.
+  /data:/i,
+  // data: URIs can be dangerous
+  /vbscript:/i
+];
+function parseMarkdownV1(content) {
+  return mdToJSON(content);
+}
+function parseMarkdownV2(content) {
+  try {
+    if (content == null) {
+      return null;
+    }
+    return mdToJSON(content);
+  } catch {
+    return null;
+  }
+}
+function createParseError(code, message, cause) {
+  return { code, message, cause };
+}
+function detectXssPattern(content) {
+  for (const pattern of XSS_PATTERNS) {
+    if (pattern.test(content)) {
+      return pattern;
+    }
+  }
+  return null;
+}
+function sanitizeContent(content) {
+  let sanitized = content;
+  sanitized = sanitized.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, "");
+  sanitized = sanitized.replace(/javascript:/gi, "removed:");
+  sanitized = sanitized.replace(/vbscript:/gi, "removed:");
+  sanitized = sanitized.replace(/\bon\w+\s*=\s*["'][^"']*["']/gi, "");
+  sanitized = sanitized.replace(/\bon\w+\s*=\s*\S+/gi, "");
+  return sanitized;
+}
+function parseMarkdownV3(content, options = {}) {
+  const { maxLength = DEFAULT_MAX_LENGTH, sanitize = true, allowEmpty = false } = options;
+  if (content === null || content === void 0) {
+    return err(
+      createParseError(
+        ParseErrorCode.INVALID_INPUT,
+        `Content must be a string, received ${content === null ? "null" : "undefined"}`
+      )
+    );
+  }
+  if (typeof content !== "string") {
+    return err(
+      createParseError(
+        ParseErrorCode.INVALID_INPUT,
+        `Content must be a string, received ${typeof content}`
+      )
+    );
+  }
+  const trimmed = content.trim();
+  if (trimmed.length === 0 && !allowEmpty) {
+    return err(
+      createParseError(ParseErrorCode.EMPTY_CONTENT, "Content is empty or contains only whitespace")
+    );
+  }
+  if (content.length > maxLength) {
+    return err(
+      createParseError(
+        ParseErrorCode.CONTENT_TOO_LONG,
+        `Content exceeds maximum length of ${maxLength.toLocaleString()} characters (received ${content.length.toLocaleString()})`
+      )
+    );
+  }
+  const xssPattern = detectXssPattern(content);
+  if (xssPattern) {
+    if (process.env.NODE_ENV === "development") {
+      console.warn(
+        `[parseMarkdownV3] XSS pattern detected: ${xssPattern.toString()}`,
+        sanitize ? "Content will be sanitized." : "Sanitization is disabled!"
+      );
+    }
+  }
+  const processedContent = sanitize ? sanitizeContent(content) : content;
+  try {
+    const ast = mdToJSON(processedContent);
+    return ok(ast);
+  } catch (error) {
+    const cause = error instanceof Error ? error : new Error(String(error));
+    return err(
+      createParseError(
+        ParseErrorCode.PARSE_FAILED,
+        `Failed to parse markdown: ${cause.message}`,
+        cause
+      )
+    );
+  }
+}
+var parseMarkdown = parseMarkdownV3;
+function isSafeMarkdown(content) {
+  return detectXssPattern(content) === null;
+}
+function estimateWordCount(content) {
+  const plainText = content.replace(/#+\s/g, "").replace(/\*\*|__|~~|`/g, "").replace(/\[([^\]]+)\]\([^)]+\)/g, "$1").replace(/!\[([^\]]*)\]\([^)]+\)/g, "").replace(/```[\s\S]*?```/g, "").replace(/`[^`]+`/g, "");
+  const words = plainText.trim().split(/\s+/).filter(Boolean);
+  return words.length;
+}
+function estimateReadingTime(content, wordsPerMinute = 200) {
+  const wordCount = estimateWordCount(content);
+  return Math.ceil(wordCount / wordsPerMinute);
+}
+export {
+  ParseErrorCode,
+  estimateReadingTime,
+  estimateWordCount,
+  isSafeMarkdown,
+  parseMarkdown,
+  parseMarkdownV1,
+  parseMarkdownV2,
+  parseMarkdownV3
+};
+//# sourceMappingURL=markdown-utils.js.map

package/dist/lib/markdown-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../lib/markdown-utils.ts"],"sourcesContent":["/**\n * Markdown Parsing Utilities\n *\n * Three implementations showing the progression from naive to production-ready:\n * - v1 (Naive): Direct call, crashes on bad input\n * - v2 (Defensive): Try-catch with null fallback\n * - v3 (Robust): Result type, validation, sanitization\n *\n * The robust version (v3) is exported as the default `parseMarkdown`.\n */\n\nimport type { MDTree } from 'md4w';\nimport { mdToJSON } from 'md4w';\n\nimport { err, ok, type Result } from './result';\n\n// -----------------------------------------------------------------------------\n// Types\n// -----------------------------------------------------------------------------\n\n/**\n * Error codes for markdown parsing failures.\n */\nexport const ParseErrorCode = {\n  INVALID_INPUT: 'INVALID_INPUT',\n  EMPTY_CONTENT: 'EMPTY_CONTENT',\n  PARSE_FAILED: 'PARSE_FAILED',\n  CONTENT_TOO_LONG: 'CONTENT_TOO_LONG',\n  NESTED_TOO_DEEP: 'NESTED_TOO_DEEP',\n} as const;\n\nexport type ParseErrorCode = (typeof ParseErrorCode)[keyof typeof ParseErrorCode];\n\n/**\n * Structured error for markdown parsing failures.\n */\nexport interface ParseError {\n  code: ParseErrorCode;\n  message: string;\n  cause?: Error;\n}\n\n/**\n * Options for robust markdown parsing.\n */\nexport interface ParseOptions {\n  /**\n   * Maximum content length in characters.\n   * @default 500000 (500KB of text, ~100K words)\n   */\n  maxLength?: number;\n\n  /**\n   * Whether to sanitize XSS attempts in the output.\n   * @default true\n   */\n  sanitize?: boolean;\n\n  /**\n   * Whether to allow empty content.\n   * @default false\n   */\n  allowEmpty?: boolean;\n}\n\n// -----------------------------------------------------------------------------\n// Constants\n// -----------------------------------------------------------------------------\n\nconst DEFAULT_MAX_LENGTH = 500_000; // 500KB of text\n\n/**\n * Patterns that indicate potential XSS attempts in markdown.\n * These are checked in raw content before parsing.\n */\nconst XSS_PATTERNS = [\n  /<script\\b/i,\n  /javascript:/i,\n  /on\\w+\\s*=/i, // onclick=, onerror=, etc.\n  /data:/i, // data: URIs can be dangerous\n  /vbscript:/i,\n] as const;\n\n// -----------------------------------------------------------------------------\n// V1: Naive Implementation\n// -----------------------------------------------------------------------------\n\n/**\n * Naive markdown parser - crashes on bad input.\n *\n * DO NOT USE IN PRODUCTION. This is for demonstration only.\n *\n * Problems:\n * - No input validation\n * - No error handling\n * - Will crash the entire app on malformed input\n * - No protection against XSS\n * - No content limits\n *\n * @example\n * ```ts\n * // This crashes if content is null, undefined, or malformed\n * const ast = parseMarkdownV1(userInput);\n * ```\n */\nexport function parseMarkdownV1(content: string): MDTree {\n  return mdToJSON(content);\n}\n\n// -----------------------------------------------------------------------------\n// V2: Defensive Implementation\n// -----------------------------------------------------------------------------\n\n/**\n * Defensive markdown parser - catches errors but loses context.\n *\n * Better than v1 but still problematic:\n * - Returns null on any error (loses error details)\n * - Caller can't distinguish between empty content and parse failure\n * - Still no XSS protection\n * - Still no content limits\n *\n * @example\n * ```ts\n * const ast = parseMarkdownV2(userInput);\n * if (!ast) {\n *   // What went wrong? We don't know.\n *   return <ErrorFallback />;\n * }\n * ```\n */\nexport function parseMarkdownV2(content: string): MDTree | null {\n  try {\n    // Basic null check\n    if (content == null) {\n      return null;\n    }\n    return mdToJSON(content);\n  } catch {\n    return null;\n  }\n}\n\n// -----------------------------------------------------------------------------\n// V3: Robust Implementation\n// -----------------------------------------------------------------------------\n\n/**\n * Creates a ParseError with the given code and message.\n */\nfunction createParseError(code: ParseErrorCode, message: string, cause?: Error): ParseError {\n  return { code, message, cause };\n}\n\n/**\n * Checks content for potential XSS patterns.\n * Returns the first matched pattern or null if clean.\n */\nfunction detectXssPattern(content: string): RegExp | null {\n  for (const pattern of XSS_PATTERNS) {\n    if (pattern.test(content)) {\n      return pattern;\n    }\n  }\n  return null;\n}\n\n/**\n * Sanitizes content by removing dangerous patterns.\n * This is a basic sanitizer; production should use DOMPurify.\n */\nfunction sanitizeContent(content: string): string {\n  let sanitized = content;\n\n  // Remove script tags\n  sanitized = sanitized.replace(/<script\\b[^<]*(?:(?!<\\/script>)<[^<]*)*<\\/script>/gi, '');\n\n  // Remove javascript: and vbscript: URLs\n  sanitized = sanitized.replace(/javascript:/gi, 'removed:');\n  sanitized = sanitized.replace(/vbscript:/gi, 'removed:');\n\n  // Remove event handlers (onclick, onerror, etc.)\n  sanitized = sanitized.replace(/\\bon\\w+\\s*=\\s*[\"'][^\"']*[\"']/gi, '');\n  sanitized = sanitized.replace(/\\bon\\w+\\s*=\\s*\\S+/gi, '');\n\n  return sanitized;\n}\n\n/**\n * Robust markdown parser - production-ready with full error context.\n *\n * Features:\n * - Input validation with specific error codes\n * - Result type for explicit error handling\n * - XSS pattern detection and optional sanitization\n * - Content length limits\n * - Preserves error context for debugging\n *\n * @param content - Markdown string to parse\n * @param options - Parsing options\n * @returns Result containing the AST or a structured error\n *\n * @example\n * ```ts\n * const result = parseMarkdownV3(userInput);\n *\n * if (!result.ok) {\n *   switch (result.error.code) {\n *     case 'INVALID_INPUT':\n *       return <InvalidInputError message={result.error.message} />;\n *     case 'CONTENT_TOO_LONG':\n *       return <ContentTooLongError />;\n *     case 'PARSE_FAILED':\n *       console.error('Parse error:', result.error.cause);\n *       return <ParseError />;\n *     default:\n *       return <GenericError />;\n *   }\n * }\n *\n * return <MarkdownRenderer ast={result.value} />;\n * ```\n */\nexport function parseMarkdownV3(\n  content: string,\n  options: ParseOptions = {}\n): Result<MDTree, ParseError> {\n  const { maxLength = DEFAULT_MAX_LENGTH, sanitize = true, allowEmpty = false } = options;\n\n  // 1. Validate input type\n  if (content === null || content === undefined) {\n    return err(\n      createParseError(\n        ParseErrorCode.INVALID_INPUT,\n        `Content must be a string, received ${content === null ? 'null' : 'undefined'}`\n      )\n    );\n  }\n\n  if (typeof content !== 'string') {\n    return err(\n      createParseError(\n        ParseErrorCode.INVALID_INPUT,\n        `Content must be a string, received ${typeof content}`\n      )\n    );\n  }\n\n  // 2. Handle empty content\n  const trimmed = content.trim();\n  if (trimmed.length === 0 && !allowEmpty) {\n    return err(\n      createParseError(ParseErrorCode.EMPTY_CONTENT, 'Content is empty or contains only whitespace')\n    );\n  }\n\n  // 3. Check content length\n  if (content.length > maxLength) {\n    return err(\n      createParseError(\n        ParseErrorCode.CONTENT_TOO_LONG,\n        `Content exceeds maximum length of ${maxLength.toLocaleString()} characters ` +\n          `(received ${content.length.toLocaleString()})`\n      )\n    );\n  }\n\n  // 4. Check for XSS patterns\n  const xssPattern = detectXssPattern(content);\n  if (xssPattern) {\n    if (process.env.NODE_ENV === 'development') {\n      console.warn(\n        `[parseMarkdownV3] XSS pattern detected: ${xssPattern.toString()}`,\n        sanitize ? 'Content will be sanitized.' : 'Sanitization is disabled!'\n      );\n    }\n  }\n\n  // 5. Optionally sanitize content\n  const processedContent = sanitize ? sanitizeContent(content) : content;\n\n  // 6. Parse markdown with error handling\n  try {\n    const ast = mdToJSON(processedContent);\n    return ok(ast);\n  } catch (error) {\n    const cause = error instanceof Error ? error : new Error(String(error));\n    return err(\n      createParseError(\n        ParseErrorCode.PARSE_FAILED,\n        `Failed to parse markdown: ${cause.message}`,\n        cause\n      )\n    );\n  }\n}\n\n// -----------------------------------------------------------------------------\n// Default Export\n// -----------------------------------------------------------------------------\n\n/**\n * Production-ready markdown parser.\n *\n * This is an alias for `parseMarkdownV3` - the robust implementation\n * with validation, sanitization, and Result-based error handling.\n *\n * @example\n * ```ts\n * import { parseMarkdown } from '@/lib/markdown-utils';\n *\n * const result = parseMarkdown(content);\n * if (!result.ok) {\n *   // Handle error with full context\n *   console.error(`[${result.error.code}] ${result.error.message}`);\n *   return null;\n * }\n * return result.value;\n * ```\n */\nexport const parseMarkdown = parseMarkdownV3;\n\n// -----------------------------------------------------------------------------\n// Utility Functions\n// -----------------------------------------------------------------------------\n\n/**\n * Checks if content is safe markdown (no XSS patterns detected).\n *\n * @param content - Markdown string to check\n * @returns true if no XSS patterns detected\n */\nexport function isSafeMarkdown(content: string): boolean {\n  return detectXssPattern(content) === null;\n}\n\n/**\n * Estimates the word count of markdown content.\n * Useful for content length limits and reading time estimates.\n *\n * @param content - Markdown string to count\n * @returns Estimated word count\n */\nexport function estimateWordCount(content: string): number {\n  // Remove markdown syntax for more accurate count\n  const plainText = content\n    .replace(/#+\\s/g, '') // Remove headings\n    .replace(/\\*\\*|__|~~|`/g, '') // Remove formatting\n    .replace(/\\[([^\\]]+)\\]\\([^)]+\\)/g, '$1') // Convert links to text\n    .replace(/!\\[([^\\]]*)\\]\\([^)]+\\)/g, '') // Remove images\n    .replace(/```[\\s\\S]*?```/g, '') // Remove code blocks\n    .replace(/`[^`]+`/g, ''); // Remove inline code\n\n  const words = plainText.trim().split(/\\s+/).filter(Boolean);\n  return words.length;\n}\n\n/**\n * Estimates reading time for markdown content.\n *\n * @param content - Markdown string\n * @param wordsPerMinute - Reading speed (default 200 WPM)\n * @returns Reading time in minutes\n */\nexport function estimateReadingTime(content: string, wordsPerMinute = 200): number {\n  const wordCount = estimateWordCount(content);\n  return Math.ceil(wordCount / wordsPerMinute);\n}\n"],"mappings":";;;;;;AAYA,SAAS,gBAAgB;AAWlB,IAAM,iBAAiB;AAAA,EAC5B,eAAe;AAAA,EACf,eAAe;AAAA,EACf,cAAc;AAAA,EACd,kBAAkB;AAAA,EAClB,iBAAiB;AACnB;AAwCA,IAAM,qBAAqB;AAM3B,IAAM,eAAe;AAAA,EACnB;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AACF;AAwBO,SAAS,gBAAgB,SAAyB;AACvD,SAAO,SAAS,OAAO;AACzB;AAwBO,SAAS,gBAAgB,SAAgC;AAC9D,MAAI;AAEF,QAAI,WAAW,MAAM;AACnB,aAAO;AAAA,IACT;AACA,WAAO,SAAS,OAAO;AAAA,EACzB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AASA,SAAS,iBAAiB,MAAsB,SAAiB,OAA2B;AAC1F,SAAO,EAAE,MAAM,SAAS,MAAM;AAChC;AAMA,SAAS,iBAAiB,SAAgC;AACxD,aAAW,WAAW,cAAc;AAClC,QAAI,QAAQ,KAAK,OAAO,GAAG;AACzB,aAAO;AAAA,IACT;AAAA,EACF;AACA,SAAO;AACT;AAMA,SAAS,gBAAgB,SAAyB;AAChD,MAAI,YAAY;AAGhB,cAAY,UAAU,QAAQ,uDAAuD,EAAE;AAGvF,cAAY,UAAU,QAAQ,iBAAiB,UAAU;AACzD,cAAY,UAAU,QAAQ,eAAe,UAAU;AAGvD,cAAY,UAAU,QAAQ,kCAAkC,EAAE;AAClE,cAAY,UAAU,QAAQ,uBAAuB,EAAE;AAEvD,SAAO;AACT;AAqCO,SAAS,gBACd,SACA,UAAwB,CAAC,GACG;AAC5B,QAAM,EAAE,YAAY,oBAAoB,WAAW,MAAM,aAAa,MAAM,IAAI;AAGhF,MAAI,YAAY,QAAQ,YAAY,QAAW;AAC7C,WAAO;AAAA,MACL;AAAA,QACE,eAAe;AAAA,QACf,sCAAsC,YAAY,OAAO,SAAS,WAAW;AAAA,MAC/E;AAAA,IACF;AAAA,EACF;AAEA,MAAI,OAAO,YAAY,UAAU;AAC/B,WAAO;AAAA,MACL;AAAA,QACE,eAAe;AAAA,QACf,sCAAsC,OAAO,OAAO;AAAA,MACtD;AAAA,IACF;AAAA,EACF;AAGA,QAAM,UAAU,QAAQ,KAAK;AAC7B,MAAI,QAAQ,WAAW,KAAK,CAAC,YAAY;AACvC,WAAO;AAAA,MACL,iBAAiB,eAAe,eAAe,8CAA8C;AAAA,IAC/F;AAAA,EACF;AAGA,MAAI,QAAQ,SAAS,WAAW;AAC9B,WAAO;AAAA,MACL;AAAA,QACE,eAAe;AAAA,QACf,qCAAqC,UAAU,eAAe,CAAC,yBAChD,QAAQ,OAAO,eAAe,CAAC;AAAA,MAChD;AAAA,IACF;AAAA,EACF;AAGA,QAAM,aAAa,iBAAiB,OAAO;AAC3C,MAAI,YAAY;AACd,QAAI,QAAQ,IAAI,aAAa,eAAe;AAC1C,cAAQ;AAAA,QACN,2CAA2C,WAAW,SAAS,CAAC;AAAA,QAChE,WAAW,+BAA+B;AAAA,MAC5C;AAAA,IACF;AAAA,EACF;AAGA,QAAM,mBAAmB,WAAW,gBAAgB,OAAO,IAAI;AAG/D,MAAI;AACF,UAAM,MAAM,SAAS,gBAAgB;AACrC,WAAO,GAAG,GAAG;AAAA,EACf,SAAS,OAAO;AACd,UAAM,QAAQ,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,OAAO,KAAK,CAAC;AACtE,WAAO;AAAA,MACL;AAAA,QACE,eAAe;AAAA,QACf,6BAA6B,MAAM,OAAO;AAAA,QAC1C;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAyBO,IAAM,gBAAgB;AAYtB,SAAS,eAAe,SAA0B;AACvD,SAAO,iBAAiB,OAAO,MAAM;AACvC;AASO,SAAS,kBAAkB,SAAyB;AAEzD,QAAM,YAAY,QACf,QAAQ,SAAS,EAAE,EACnB,QAAQ,iBAAiB,EAAE,EAC3B,QAAQ,0BAA0B,IAAI,EACtC,QAAQ,2BAA2B,EAAE,EACrC,QAAQ,mBAAmB,EAAE,EAC7B,QAAQ,YAAY,EAAE;AAEzB,QAAM,QAAQ,UAAU,KAAK,EAAE,MAAM,KAAK,EAAE,OAAO,OAAO;AAC1D,SAAO,MAAM;AACf;AASO,SAAS,oBAAoB,SAAiB,iBAAiB,KAAa;AACjF,QAAM,YAAY,kBAAkB,OAAO;AAC3C,SAAO,KAAK,KAAK,YAAY,cAAc;AAC7C;","names":[]}

package/dist/lib/renderer.d.ts

@@ -0,0 +1,40 @@
+import * as react from 'react';
+import { Metadata } from 'next';
+import { BlockComponentRegistry } from './types.js';
+import '@repo/cms-schema/blocks';
+
+type PageProps = {
+    params: Promise<{
+        slug: string[];
+    }>;
+    /** CMS API base URL (e.g., 'http://localhost:3000') */
+    cmsUrl: string;
+    registry?: Partial<BlockComponentRegistry>;
+    /** API key for CMS API authentication */
+    apiKey?: string;
+    /** Website ID (required if not using env variables) */
+    websiteId?: string;
+};
+/**
+ * Force dynamic rendering to ensure routes are always fresh.
+ * This prevents Next.js from caching pages when routes are published.
+ */
+declare const dynamic = "force-dynamic";
+/**
+ * Catch-all route handler for parametric routes.
+ *
+ * Handles paths like:
+ * - /us/en/products -> slug = ['us', 'en', 'products']
+ * - /about -> slug = ['about']
+ *
+ * Reconstructs the full path and fetches route via tRPC.
+ */
+declare function ParametricRoutePage({ params, registry, apiKey, cmsUrl, websiteId: providedWebsiteId, }: PageProps): Promise<react.JSX.Element>;
+/**
+ * Generate metadata for the page.
+ * Uses Next.js 15+ async params pattern.
+ */
+declare function generateMetadata({ params, apiKey, cmsUrl, websiteId: providedWebsiteId, }: PageProps): Promise<Metadata>;
+declare function normalizePath(path: string): string;
+
+export { ParametricRoutePage as default, dynamic, generateMetadata, normalizePath };

package/dist/lib/renderer.js

@@ -0,0 +1,371 @@
+import {
+  BlockRenderer
+} from "../chunk-RPM73PQZ.js";
+import {
+  getCmsClient
+} from "../chunk-JHKDRASN.js";
+
+// ../../packages/cms-schema/src/blocks/article.ts
+function normalizeArticleContent(payload) {
+  if (!payload || typeof payload !== "object") {
+    return null;
+  }
+  const record = payload;
+  const headline = typeof record.headline === "string" ? record.headline : null;
+  const body = typeof record.body === "string" ? record.body : null;
+  if (!headline || !body) {
+    return null;
+  }
+  const author = typeof record.author === "string" ? record.author : void 0;
+  const publishedAt = typeof record.publishedAt === "string" ? record.publishedAt : void 0;
+  const tags = Array.isArray(record.tags) ? record.tags.map((tag) => String(tag)) : void 0;
+  const statusRaw = typeof record.status === "string" ? record.status.trim() : void 0;
+  return {
+    headline,
+    body,
+    author,
+    publishedAt,
+    tags,
+    status: statusRaw || void 0
+  };
+}
+function isArticlePublished(article) {
+  const now = /* @__PURE__ */ new Date();
+  const publishedAt = article.publishedAt ? new Date(article.publishedAt) : null;
+  return article.status === "published" && publishedAt !== null && !Number.isNaN(publishedAt.getTime()) && publishedAt <= now;
+}
+
+// ../../packages/cms-schema/src/validation/image.ts
+import { z } from "zod";
+var ALLOWED_MIME_TYPES = ["image/jpeg", "image/png", "image/webp"];
+var MAX_FILE_SIZE = 10 * 1024 * 1024;
+var MIN_FILE_SIZE = 1024;
+var MAX_DIMENSION = 8192;
+var MIN_DIMENSION = 10;
+var MimeTypeSchema = z.enum(ALLOWED_MIME_TYPES);
+var FileSizeSchema = z.number().int().min(MIN_FILE_SIZE, `File too small. Minimum: ${MIN_FILE_SIZE} bytes`).max(MAX_FILE_SIZE, `File too large. Maximum: ${MAX_FILE_SIZE / 1024 / 1024}MB`);
+var DimensionSchema = z.number().int().min(MIN_DIMENSION, `Dimension too small. Minimum: ${MIN_DIMENSION}px`).max(MAX_DIMENSION, `Dimension too large. Maximum: ${MAX_DIMENSION}px`);
+var UploadRequestSchema = z.object({
+  filename: z.string().min(1, "Filename is required").max(255, "Filename too long").regex(/^[^<>:"/\\|?*]+$/, "Filename contains invalid characters"),
+  mimeType: MimeTypeSchema,
+  fileSize: FileSizeSchema
+});
+var ConfirmUploadSchema = z.object({
+  assetId: z.uuid().optional(),
+  width: DimensionSchema,
+  height: DimensionSchema
+});
+
+// ../../packages/cms-schema/src/blocks/schemas/article-block.ts
+import { z as z2 } from "zod";
+var ArticleBlockContentSchema = z2.object({
+  headline: z2.string().min(1, "Article headline is required").max(300, "Headline too long").trim(),
+  author: z2.string().max(100, "Article author too long").trim().optional(),
+  publishedAt: z2.iso.datetime({ message: "Article publishedAt must be a valid ISO 8601 datetime string." }).optional(),
+  body: z2.string().min(1, "Article body content is required"),
+  tags: z2.array(z2.string()).optional(),
+  status: z2.enum(["draft", "review", "published"])
+});
+var ARTICLE_BLOCK_SCHEMA_NAME = "article";
+
+// ../../packages/cms-schema/src/blocks/schemas/cta-block.ts
+import { z as z3 } from "zod";
+var CTAButtonSchema = z3.object({
+  text: z3.string().min(1, "Button text is required").max(50, "Button text too long"),
+  url: z3.string().refine(
+    (val) => {
+      if (val.startsWith("http://") || val.startsWith("https://")) {
+        try {
+          new URL(val);
+          return true;
+        } catch {
+          return false;
+        }
+      }
+      if (val.startsWith("/")) {
+        return true;
+      }
+      if (val.startsWith("#")) {
+        return true;
+      }
+      return false;
+    },
+    {
+      message: "URL must be a valid full URL (http://... or https://...), relative path (/path), or anchor (#anchor)"
+    }
+  )
+});
+var CTABlockContentSchema = z3.object({
+  headline: z3.string().min(1, "Headline is required").max(100, "Headline too long"),
+  description: z3.string().max(500, "Description too long").optional(),
+  primaryButton: CTAButtonSchema,
+  secondaryButton: CTAButtonSchema.optional()
+});
+var CTA_BLOCK_SCHEMA_NAME = "cta-block";
+
+// ../../packages/cms-schema/src/blocks/schemas/features-block.ts
+import { z as z4 } from "zod";
+var FeaturesLayout = ["grid", "list", "carousel"];
+var FeatureItemSchema = z4.object({
+  icon: z4.string().max(50, "Icon name too long").optional(),
+  title: z4.string().min(1, "Title is required").max(100, "Title too long"),
+  description: z4.string().max(500, "Description too long").optional()
+});
+var FeaturesBlockContentSchema = z4.object({
+  title: z4.string().min(1, "Section title is required").max(100, "Title too long"),
+  subtitle: z4.string().max(200, "Subtitle too long").optional(),
+  features: z4.array(FeatureItemSchema).min(1, "At least one feature is required").max(6, "Maximum 6 features allowed"),
+  layout: z4.enum(FeaturesLayout).default("grid")
+});
+var FEATURES_BLOCK_SCHEMA_NAME = "features-block";
+
+// ../../packages/cms-schema/src/blocks/schemas/hero-block.ts
+import { z as z6 } from "zod";
+
+// ../../packages/cms-schema/src/fields/complex/media.ts
+import { z as z5 } from "zod";
+var ImageAssetSchema = z5.object({
+  /** UUID primary key */
+  id: z5.uuid(),
+  /** R2/S3 storage URL for the original file */
+  url: z5.url(),
+  /** Image width in pixels */
+  width: DimensionSchema,
+  /** Image height in pixels */
+  height: DimensionSchema,
+  /** Original filename from upload */
+  originalFilename: z5.string().min(1).max(255),
+  /** MIME type (only web-safe formats allowed) */
+  mimeType: MimeTypeSchema,
+  /** File size in bytes */
+  fileSize: FileSizeSchema,
+  /** Base64-encoded tiny preview for blur-up loading */
+  lqip: z5.string().optional()
+});
+var HotspotSchema = z5.object({
+  x: z5.number().min(0).max(1),
+  y: z5.number().min(0).max(1)
+});
+var CropSchema = z5.object({
+  /** X coordinate of top-left corner in pixels */
+  x: z5.number().int().nonnegative(),
+  /** Y coordinate of top-left corner in pixels */
+  y: z5.number().int().nonnegative(),
+  /** Width of crop region in pixels (must be > 0) */
+  width: z5.number().int().positive(),
+  /** Height of crop region in pixels (must be > 0) */
+  height: z5.number().int().positive()
+});
+var ImageReferenceSchema = z5.object({
+  // Alt text is REQUIRED for accessibility
+  alt: z5.string().min(1, "Alt text is required for accessibility"),
+  // Optional metadata
+  caption: z5.string().max(500).optional(),
+  attribution: z5.string().max(255).optional(),
+  // Reference to the ImageAsset with stored transformation
+  _asset: z5.object({
+    id: z5.uuid(),
+    transformation: z5.string().nullable().optional()
+  })
+});
+var fileSchema = z5.object({
+  url: z5.url(),
+  name: z5.string(),
+  size: z5.number().int().positive(),
+  type: z5.string()
+});
+
+// ../../packages/cms-schema/src/blocks/schemas/hero-block.ts
+var HeroAlignment = ["left", "center", "right"];
+var HeroBlockContentSchema = z6.object({
+  headline: z6.string().min(1, "Headline is required").max(100, "Headline too long"),
+  subheadline: z6.string().max(200, "Subheadline too long").optional(),
+  ctaText: z6.string().max(50, "CTA text too long").optional(),
+  ctaUrl: z6.string().refine(
+    (val) => {
+      if (val === "") return true;
+      if (val.startsWith("http://") || val.startsWith("https://")) {
+        try {
+          new URL(val);
+          return true;
+        } catch {
+          return false;
+        }
+      }
+      if (val.startsWith("/")) {
+        return true;
+      }
+      if (val.startsWith("#")) {
+        return true;
+      }
+      return false;
+    },
+    {
+      message: "URL must be a valid full URL (http://... or https://...), relative path (/path), anchor (#anchor), or empty string"
+    }
+  ).optional().or(z6.literal("")),
+  backgroundImage: ImageReferenceSchema.nullable().optional(),
+  alignment: z6.enum(HeroAlignment).default("center")
+});
+var HERO_BLOCK_SCHEMA_NAME = "hero-block";
+
+// ../../packages/cms-schema/src/blocks/schemas/logo-trust-block.ts
+import { z as z7 } from "zod";
+var LogoItemSchema = z7.object({
+  /** Unique ID for this logo item */
+  id: z7.uuid(),
+  /** Image reference (alt + _asset with transformation) */
+  image: ImageReferenceSchema,
+  /** Optional company/brand name to display */
+  name: z7.string().max(100, "Name too long").optional()
+});
+var LegacyLogoItemSchema = z7.object({
+  /** Direct URL to the logo image */
+  url: z7.string(),
+  /** Alt text for the image */
+  alt: z7.string(),
+  /** Optional company/brand name */
+  name: z7.string().optional()
+});
+var LogoTrustBlockContentSchema = z7.object({
+  title: z7.string().max(100, "Title too long").optional(),
+  logos: z7.array(LogoItemSchema).max(20, "Maximum 20 logos allowed")
+});
+var LOGO_TRUST_BLOCK_SCHEMA_NAME = "logo-trust-block";
+
+// ../../packages/cms-schema/src/blocks/registry.ts
+var BLOCK_SCHEMA_NAMES = [
+  ARTICLE_BLOCK_SCHEMA_NAME,
+  HERO_BLOCK_SCHEMA_NAME,
+  FEATURES_BLOCK_SCHEMA_NAME,
+  CTA_BLOCK_SCHEMA_NAME,
+  LOGO_TRUST_BLOCK_SCHEMA_NAME
+];
+function isValidBlockSchemaName(name) {
+  return BLOCK_SCHEMA_NAMES.includes(name);
+}
+
+// lib/renderer.tsx
+import { unstable_noStore } from "next/cache";
+import { notFound } from "next/navigation";
+import { jsx } from "react/jsx-runtime";
+function getWebsiteId(providedWebsiteId) {
+  const websiteId = providedWebsiteId ?? process.env.NEXT_PUBLIC_WEBSITE_ID ?? process.env.WEBSITE_ID ?? process.env.CMS_WEBSITE_ID;
+  if (!websiteId) {
+    throw new Error(
+      "Missing websiteId for website renderer. Either pass websiteId prop or set NEXT_PUBLIC_WEBSITE_ID (or WEBSITE_ID/CMS_WEBSITE_ID) to a valid UUID."
+    );
+  }
+  const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+  if (!uuidRegex.test(websiteId)) {
+    throw new Error(
+      `Invalid websiteId "${websiteId}". Provide a valid UUID via prop or set NEXT_PUBLIC_WEBSITE_ID (or WEBSITE_ID/CMS_WEBSITE_ID).`
+    );
+  }
+  return websiteId;
+}
+var dynamic = "force-dynamic";
+async function ParametricRoutePage({
+  params,
+  registry,
+  apiKey,
+  cmsUrl,
+  websiteId: providedWebsiteId
+}) {
+  unstable_noStore();
+  const websiteId = getWebsiteId(providedWebsiteId);
+  const { slug } = await params;
+  const rawPath = `/${slug.join("/")}`;
+  const path = normalizePath(rawPath);
+  const client = getCmsClient({ apiKey, cmsUrl });
+  try {
+    const { route } = await client.route.getByPath.query({ websiteId, path });
+    if (route.state !== "Live") {
+      console.error(`Route found but not Live. Path: ${path}, State: ${route.state}`);
+      notFound();
+    }
+    const blockPromises = route.block_ids.map(async (blockId) => {
+      try {
+        const result = await client.block.getById.query({ websiteId, id: blockId });
+        return result.block;
+      } catch (error) {
+        console.error(`Failed to fetch block ${blockId}:`, error);
+        return null;
+      }
+    });
+    const blockResults = await Promise.all(blockPromises);
+    const blocks = [];
+    for (const block of blockResults) {
+      if (!block || block.published_content === null) continue;
+      const content = block.published_content;
+      if (!content) continue;
+      if (block.schema_name === "article") {
+        const article = normalizeArticleContent(content);
+        const isPublished = article ? isArticlePublished(article) : null;
+        if (article && isPublished) {
+          blocks.push({ id: block.id, type: "article", content: article });
+        }
+        continue;
+      }
+      if (!isValidBlockSchemaName(block.schema_name)) {
+        continue;
+      }
+      blocks.push({
+        id: block.id,
+        type: block.schema_name,
+        content
+      });
+    }
+    return /* @__PURE__ */ jsx("main", { children: blocks.map((block) => /* @__PURE__ */ jsx(BlockRenderer, { registry: registry ?? {}, block }, block.id)) });
+  } catch (error) {
+    console.error(`Route fetch error for path: ${path}`, error);
+    const errorCode = error instanceof Error && "data" in error ? error.data?.code : error instanceof Error && "code" in error ? error.code : void 0;
+    if (errorCode === "NOT_FOUND" || errorCode === "P0002") {
+      notFound();
+    }
+    throw error;
+  }
+}
+async function generateMetadata({
+  params,
+  apiKey,
+  cmsUrl,
+  websiteId: providedWebsiteId
+}) {
+  const websiteId = getWebsiteId(providedWebsiteId);
+  const { slug } = await params;
+  const rawPath = `/${slug.join("/")}`;
+  const path = normalizePath(rawPath);
+  const client = getCmsClient({ apiKey, cmsUrl });
+  try {
+    const { route } = await client.route.getByPath.query({ websiteId, path });
+    return {
+      title: `${route.path} | Website`,
+      description: `Content page: ${route.path}`
+    };
+  } catch {
+    return {
+      title: "Page Not Found | Website",
+      description: "The requested page could not be found."
+    };
+  }
+}
+function normalizePath(path) {
+  if (!path || path === "/") {
+    return "/";
+  }
+  let normalized = path.trim();
+  normalized = normalized.replace(/\/+$/, "");
+  if (!normalized.startsWith("/")) {
+    normalized = `/${normalized}`;
+  }
+  normalized = normalized.replace(/\/+/g, "/");
+  return normalized;
+}
+export {
+  ParametricRoutePage as default,
+  dynamic,
+  generateMetadata,
+  normalizePath
+};
+//# sourceMappingURL=renderer.js.map