dineway 0.1.4 → 0.1.5

package/src/astro/routes/api/widget-areas/[name]/widgets/[id].ts

@@ -6,14 +6,35 @@
  */
 
 import type { APIRoute } from "astro";
+import { z } from "zod";
 
 import { requirePerm } from "#api/authorize.js";
 import { apiError, apiSuccess, handleError } from "#api/error.js";
-import { isParseError, parseBody } from "#api/parse.js";
+import {
+	ensureWorkflowHitlRouteRequest,
+	hitlRequiredRouteError,
+	resolveHitlRouteActor,
+} from "#api/hitl-route-helpers.js";
+import { isParseError, parseBody, parseQuery } from "#api/parse.js";
 import { updateWidgetBody } from "#api/schemas.js";
+import {
+	activityChangedKeys,
+	logWidgetActivity,
+	RiskPolicyEvaluator,
+	widgetApiRouteSource,
+	WidgetHitlPayloadBuilder,
+} from "#site-context/index.js";
 
 export const prerender = false;
 
+const updateWidgetHitlBody = updateWidgetBody.extend({
+	hitlRequestId: z.string().min(1).optional(),
+});
+
+const deleteWidgetQuery = z.object({
+	hitlRequestId: z.string().min(1).optional(),
+});
+
 export const PUT: APIRoute = async ({ params, request, locals }) => {
 	const { dineway, user } = locals;
 	const db = dineway.db;
@@ -27,42 +48,50 @@ export const PUT: APIRoute = async ({ params, request, locals }) => {
 	}
 
 	try {
-		// Get the area
-		const area = await db
-			.selectFrom("_dineway_widget_areas")
-			.select("id")
-			.where("name", "=", name)
-			.executeTakeFirst();
+		const payloadBuilder = new WidgetHitlPayloadBuilder(db);
+		const area = await payloadBuilder.loadWidgetAreaSnapshot(name);
 
 		if (!area) {
 			return apiError("NOT_FOUND", `Widget area "${name}" not found`, 404);
 		}
 
-		// Check widget exists and belongs to this area
-		const existingWidget = await db
-			.selectFrom("_dineway_widgets")
-			.select("id")
-			.where("id", "=", id)
-			.where("area_id", "=", area.id)
-			.executeTakeFirst();
+		const existingWidget = area.widgets.find((widget) => widget.id === id);
 
 		if (!existingWidget) {
 			return apiError("NOT_FOUND", `Widget "${id}" not found in area "${name}"`, 404);
 		}
 
-		const body = await parseBody(request, updateWidgetBody);
+		const body = await parseBody(request, updateWidgetHitlBody);
 		if (isParseError(body)) return body;
+		const { hitlRequestId, ...widgetInput } = body;
+
+		const actor = resolveHitlRouteActor(locals);
+		const evaluator = new RiskPolicyEvaluator({
+			db,
+			handlers: dineway,
+		});
+		let approvedHitlRequestId: string | null = null;
+
+		if (evaluator.requiresWorkflowHitl(actor.identity)) {
+			const action = await payloadBuilder.buildUpdateWidgetRequest({
+				area,
+				currentWidget: existingWidget,
+				...widgetInput,
+			});
+			const decision = await evaluator.evaluateWorkflowHitl({
+				actor: actor.identity,
+				hitlRequestId,
+				action,
+			});
+			if (!decision.allowed) {
+				const ensured = await ensureWorkflowHitlRouteRequest(db, locals, decision.action);
+				return hitlRequiredRouteError(decision, ensured);
+			}
+			approvedHitlRequestId = decision.hitlRequest.id;
+		}
 
 		// Build update object (only update provided fields)
-		const updates: Record<string, unknown> = {};
-		if (body.title !== undefined) updates.title = body.title || null;
-		if (body.type !== undefined) updates.type = body.type;
-		if (body.content !== undefined)
-			updates.content = body.content ? JSON.stringify(body.content) : null;
-		if (body.menuName !== undefined) updates.menu_name = body.menuName || null;
-		if (body.componentId !== undefined) updates.component_id = body.componentId || null;
-		if (body.componentProps !== undefined)
-			updates.component_props = body.componentProps ? JSON.stringify(body.componentProps) : null;
+		const updates = buildWidgetUpdates(widgetInput);
 
 		if (Object.keys(updates).length === 0) {
 			return apiError("VALIDATION_ERROR", "No fields to update", 400);
@@ -76,13 +105,26 @@ export const PUT: APIRoute = async ({ params, request, locals }) => {
 			.where("id", "=", id)
 			.executeTakeFirstOrThrow();
 
+		await logWidgetActivity(db, locals, {
+			action: "updated",
+			areaId: area.id,
+			areaName: area.name,
+			widgetId: widget.id,
+			...widgetApiRouteSource("updated"),
+			detail: {
+				changedKeys: activityChangedKeys(widgetInput as Record<string, unknown>),
+				type: widget.type,
+				hitlRequestId: approvedHitlRequestId,
+			},
+		});
+
 		return apiSuccess(widget);
 	} catch (error) {
 		return handleError(error, "Failed to update widget", "WIDGET_UPDATE_ERROR");
 	}
 };
 
-export const DELETE: APIRoute = async ({ params, locals }) => {
+export const DELETE: APIRoute = async ({ params, request, locals }) => {
 	const { dineway, user } = locals;
 	const db = dineway.db;
 	const { name, id } = params;
@@ -94,34 +136,78 @@ export const DELETE: APIRoute = async ({ params, locals }) => {
 		return apiError("VALIDATION_ERROR", "name and id are required", 400);
 	}
 
+	const query = parseQuery(new URL(request.url), deleteWidgetQuery);
+	if (isParseError(query)) return query;
+
 	try {
-		// Get the area
-		const area = await db
-			.selectFrom("_dineway_widget_areas")
-			.select("id")
-			.where("name", "=", name)
-			.executeTakeFirst();
+		const payloadBuilder = new WidgetHitlPayloadBuilder(db);
+		const area = await payloadBuilder.loadWidgetAreaSnapshot(name);
 
 		if (!area) {
 			return apiError("NOT_FOUND", `Widget area "${name}" not found`, 404);
 		}
 
-		// Check widget exists and belongs to this area
-		const existingWidget = await db
-			.selectFrom("_dineway_widgets")
-			.select("id")
-			.where("id", "=", id)
-			.where("area_id", "=", area.id)
-			.executeTakeFirst();
+		const existingWidget = area.widgets.find((widget) => widget.id === id);
 
 		if (!existingWidget) {
 			return apiError("NOT_FOUND", `Widget "${id}" not found in area "${name}"`, 404);
 		}
 
+		const actor = resolveHitlRouteActor(locals);
+		const evaluator = new RiskPolicyEvaluator({
+			db,
+			handlers: dineway,
+		});
+		let approvedHitlRequestId: string | null = null;
+
+		if (evaluator.requiresWorkflowHitl(actor.identity)) {
+			const action = await payloadBuilder.buildDeleteWidgetRequest({
+				area,
+				currentWidget: existingWidget,
+			});
+			const decision = await evaluator.evaluateWorkflowHitl({
+				actor: actor.identity,
+				hitlRequestId: query.hitlRequestId,
+				action,
+			});
+			if (!decision.allowed) {
+				const ensured = await ensureWorkflowHitlRouteRequest(db, locals, decision.action);
+				return hitlRequiredRouteError(decision, ensured);
+			}
+			approvedHitlRequestId = decision.hitlRequest.id;
+		}
+
 		await db.deleteFrom("_dineway_widgets").where("id", "=", id).execute();
 
+		await logWidgetActivity(db, locals, {
+			action: "deleted",
+			areaId: area.id,
+			areaName: area.name,
+			widgetId: existingWidget.id,
+			...widgetApiRouteSource("deleted"),
+			detail: {
+				type: existingWidget.type,
+				sortOrder: existingWidget.sortOrder,
+				hitlRequestId: approvedHitlRequestId,
+			},
+		});
+
 		return apiSuccess({ deleted: true });
 	} catch (error) {
 		return handleError(error, "Failed to delete widget", "WIDGET_DELETE_ERROR");
 	}
 };
+
+function buildWidgetUpdates(body: z.infer<typeof updateWidgetBody>): Record<string, unknown> {
+	const updates: Record<string, unknown> = {};
+	if (body.title !== undefined) updates.title = body.title || null;
+	if (body.type !== undefined) updates.type = body.type;
+	if (body.content !== undefined)
+		updates.content = body.content ? JSON.stringify(body.content) : null;
+	if (body.menuName !== undefined) updates.menu_name = body.menuName || null;
+	if (body.componentId !== undefined) updates.component_id = body.componentId || null;
+	if (body.componentProps !== undefined) {
+		updates.component_props = body.componentProps ? JSON.stringify(body.componentProps) : null;
+	}
+	return updates;
+}

package/src/astro/routes/api/widget-areas/[name]/widgets.ts

@@ -6,14 +6,30 @@
 
 import type { APIRoute } from "astro";
 import { ulid } from "ulidx";
+import { z } from "zod";
 
 import { requirePerm } from "#api/authorize.js";
 import { apiError, apiSuccess, handleError } from "#api/error.js";
+import {
+	ensureWorkflowHitlRouteRequest,
+	hitlRequiredRouteError,
+	resolveHitlRouteActor,
+} from "#api/hitl-route-helpers.js";
 import { isParseError, parseBody } from "#api/parse.js";
 import { createWidgetBody } from "#api/schemas.js";
+import {
+	logWidgetActivity,
+	RiskPolicyEvaluator,
+	widgetApiRouteSource,
+	WidgetHitlPayloadBuilder,
+} from "#site-context/index.js";
 
 export const prerender = false;
 
+const createWidgetHitlBody = createWidgetBody.extend({
+	hitlRequestId: z.string().min(1).optional(),
+});
+
 export const POST: APIRoute = async ({ params, request, locals }) => {
 	const { dineway, user } = locals;
 	const db = dineway.db;
@@ -27,28 +43,42 @@ export const POST: APIRoute = async ({ params, request, locals }) => {
 	}
 
 	try {
-		// Get the area
-		const area = await db
-			.selectFrom("_dineway_widget_areas")
-			.select("id")
-			.where("name", "=", name)
-			.executeTakeFirst();
+		const payloadBuilder = new WidgetHitlPayloadBuilder(db);
+		const area = await payloadBuilder.loadWidgetAreaSnapshot(name);
 
 		if (!area) {
 			return apiError("NOT_FOUND", `Widget area "${name}" not found`, 404);
 		}
 
-		const body = await parseBody(request, createWidgetBody);
+		const body = await parseBody(request, createWidgetHitlBody);
 		if (isParseError(body)) return body;
+		const { hitlRequestId, ...widgetInput } = body;
 
-		// Get max sort_order
-		const maxOrder = await db
-			.selectFrom("_dineway_widgets")
-			.select(({ fn }) => fn.max("sort_order").as("maxOrder"))
-			.where("area_id", "=", area.id)
-			.executeTakeFirst();
+		const actor = resolveHitlRouteActor(locals);
+		const evaluator = new RiskPolicyEvaluator({
+			db,
+			handlers: dineway,
+		});
+		let approvedHitlRequestId: string | null = null;
 
-		const sortOrder = (maxOrder?.maxOrder ?? -1) + 1;
+		if (evaluator.requiresWorkflowHitl(actor.identity)) {
+			const action = await payloadBuilder.buildCreateWidgetRequest({
+				area,
+				...widgetInput,
+			});
+			const decision = await evaluator.evaluateWorkflowHitl({
+				actor: actor.identity,
+				hitlRequestId,
+				action,
+			});
+			if (!decision.allowed) {
+				const ensured = await ensureWorkflowHitlRouteRequest(db, locals, decision.action);
+				return hitlRequiredRouteError(decision, ensured);
+			}
+			approvedHitlRequestId = decision.hitlRequest.id;
+		}
+
+		const sortOrder = (area.widgets.at(-1)?.sortOrder ?? -1) + 1;
 
 		// Prepare values
 		const id = ulid();
@@ -58,12 +88,14 @@ export const POST: APIRoute = async ({ params, request, locals }) => {
 				id,
 				area_id: area.id,
 				sort_order: sortOrder,
-				type: body.type,
-				title: body.title ?? null,
-				content: body.content ? JSON.stringify(body.content) : null,
-				menu_name: body.menuName ?? null,
-				component_id: body.componentId ?? null,
-				component_props: body.componentProps ? JSON.stringify(body.componentProps) : null,
+				type: widgetInput.type,
+				title: widgetInput.title ?? null,
+				content: widgetInput.content ? JSON.stringify(widgetInput.content) : null,
+				menu_name: widgetInput.menuName ?? null,
+				component_id: widgetInput.componentId ?? null,
+				component_props: widgetInput.componentProps
+					? JSON.stringify(widgetInput.componentProps)
+					: null,
 			})
 			.execute();
 
@@ -73,6 +105,20 @@ export const POST: APIRoute = async ({ params, request, locals }) => {
 			.where("id", "=", id)
 			.executeTakeFirstOrThrow();
 
+		await logWidgetActivity(db, locals, {
+			action: "created",
+			areaId: area.id,
+			areaName: area.name,
+			widgetId: widget.id,
+			...widgetApiRouteSource("created"),
+			detail: {
+				type: widget.type,
+				sortOrder: widget.sort_order,
+				title: widget.title,
+				hitlRequestId: approvedHitlRequestId,
+			},
+		});
+
 		return apiSuccess(widget, 201);
 	} catch (error) {
 		return handleError(error, "Failed to create widget", "WIDGET_CREATE_ERROR");

package/src/astro/routes/api/widget-areas/[name].ts

@@ -6,12 +6,29 @@
  */
 
 import type { APIRoute } from "astro";
+import { z } from "zod";
 
 import { requirePerm } from "#api/authorize.js";
 import { apiError, apiSuccess, handleError } from "#api/error.js";
+import {
+	ensureWorkflowHitlRouteRequest,
+	hitlRequiredRouteError,
+	resolveHitlRouteActor,
+} from "#api/hitl-route-helpers.js";
+import { isParseError, parseQuery } from "#api/parse.js";
+import {
+	logWidgetActivity,
+	RiskPolicyEvaluator,
+	widgetApiRouteSource,
+	WidgetHitlPayloadBuilder,
+} from "#site-context/index.js";
 
 export const prerender = false;
 
+const deleteWidgetAreaQuery = z.object({
+	hitlRequestId: z.string().min(1).optional(),
+});
+
 export const GET: APIRoute = async ({ params, locals }) => {
 	const { dineway, user } = locals;
 	const db = dineway.db;
@@ -53,7 +70,7 @@ export const GET: APIRoute = async ({ params, locals }) => {
 	}
 };
 
-export const DELETE: APIRoute = async ({ params, locals }) => {
+export const DELETE: APIRoute = async ({ params, request, locals }) => {
 	const { dineway, user } = locals;
 	const db = dineway.db;
 	const { name } = params;
@@ -65,21 +82,52 @@ export const DELETE: APIRoute = async ({ params, locals }) => {
 		return apiError("VALIDATION_ERROR", "name is required", 400);
 	}
 
+	const query = parseQuery(new URL(request.url), deleteWidgetAreaQuery);
+	if (isParseError(query)) return query;
+
 	try {
-		// Check if area exists
-		const area = await db
-			.selectFrom("_dineway_widget_areas")
-			.select("id")
-			.where("name", "=", name)
-			.executeTakeFirst();
+		const payloadBuilder = new WidgetHitlPayloadBuilder(db);
+		const area = await payloadBuilder.loadWidgetAreaSnapshot(name);
 
 		if (!area) {
 			return apiError("NOT_FOUND", `Widget area "${name}" not found`, 404);
 		}
 
+		const actor = resolveHitlRouteActor(locals);
+		const evaluator = new RiskPolicyEvaluator({
+			db,
+			handlers: dineway,
+		});
+		let approvedHitlRequestId: string | null = null;
+
+		if (evaluator.requiresWorkflowHitl(actor.identity)) {
+			const action = await payloadBuilder.buildDeleteWidgetAreaRequest({ area });
+			const decision = await evaluator.evaluateWorkflowHitl({
+				actor: actor.identity,
+				hitlRequestId: query.hitlRequestId,
+				action,
+			});
+			if (!decision.allowed) {
+				const ensured = await ensureWorkflowHitlRouteRequest(db, locals, decision.action);
+				return hitlRequiredRouteError(decision, ensured);
+			}
+			approvedHitlRequestId = decision.hitlRequest.id;
+		}
+
 		// Delete area (widgets cascade)
 		await db.deleteFrom("_dineway_widget_areas").where("id", "=", area.id).execute();
 
+		await logWidgetActivity(db, locals, {
+			action: "area_deleted",
+			areaId: area.id,
+			areaName: area.name,
+			...widgetApiRouteSource("area_deleted"),
+			detail: {
+				widgetCount: area.widgets.length,
+				hitlRequestId: approvedHitlRequestId,
+			},
+		});
+
 		return apiSuccess({ deleted: true });
 	} catch (error) {
 		return handleError(error, "Failed to delete widget area", "WIDGET_AREA_DELETE_ERROR");

package/src/astro/routes/api/widget-areas/index.ts

@@ -7,14 +7,30 @@
 
 import type { APIRoute } from "astro";
 import { ulid } from "ulidx";
+import { z } from "zod";
 
 import { requirePerm } from "#api/authorize.js";
 import { apiError, apiSuccess, handleError } from "#api/error.js";
+import {
+	ensureWorkflowHitlRouteRequest,
+	hitlRequiredRouteError,
+	resolveHitlRouteActor,
+} from "#api/hitl-route-helpers.js";
 import { isParseError, parseBody } from "#api/parse.js";
 import { createWidgetAreaBody } from "#api/schemas.js";
+import {
+	logWidgetActivity,
+	RiskPolicyEvaluator,
+	widgetApiRouteSource,
+	WidgetHitlPayloadBuilder,
+} from "#site-context/index.js";
 
 export const prerender = false;
 
+const createWidgetAreaHitlBody = createWidgetAreaBody.extend({
+	hitlRequestId: z.string().min(1).optional(),
+});
+
 export const GET: APIRoute = async ({ locals }) => {
 	const { dineway, user } = locals;
 	const db = dineway.db;
@@ -61,18 +77,40 @@ export const POST: APIRoute = async ({ request, locals }) => {
 	if (denied) return denied;
 
 	try {
-		const body = await parseBody(request, createWidgetAreaBody);
+		const body = await parseBody(request, createWidgetAreaHitlBody);
 		if (isParseError(body)) return body;
+		const { hitlRequestId, ...areaInput } = body;
 
 		// Check if area name already exists
 		const existing = await db
 			.selectFrom("_dineway_widget_areas")
 			.select("id")
-			.where("name", "=", body.name)
+			.where("name", "=", areaInput.name)
 			.executeTakeFirst();
 
 		if (existing) {
-			return apiError("CONFLICT", `Widget area with name "${body.name}" already exists`, 409);
+			return apiError("CONFLICT", `Widget area with name "${areaInput.name}" already exists`, 409);
+		}
+
+		const actor = resolveHitlRouteActor(locals);
+		const evaluator = new RiskPolicyEvaluator({
+			db,
+			handlers: dineway,
+		});
+		let approvedHitlRequestId: string | null = null;
+
+		if (evaluator.requiresWorkflowHitl(actor.identity)) {
+			const action = await new WidgetHitlPayloadBuilder(db).buildCreateWidgetAreaRequest(areaInput);
+			const decision = await evaluator.evaluateWorkflowHitl({
+				actor: actor.identity,
+				hitlRequestId,
+				action,
+			});
+			if (!decision.allowed) {
+				const ensured = await ensureWorkflowHitlRouteRequest(db, locals, decision.action);
+				return hitlRequiredRouteError(decision, ensured);
+			}
+			approvedHitlRequestId = decision.hitlRequest.id;
 		}
 
 		const id = ulid();
@@ -80,9 +118,9 @@ export const POST: APIRoute = async ({ request, locals }) => {
 			.insertInto("_dineway_widget_areas")
 			.values({
 				id,
-				name: body.name,
-				label: body.label,
-				description: body.description ?? null,
+				name: areaInput.name,
+				label: areaInput.label,
+				description: areaInput.description ?? null,
 			})
 			.execute();
 
@@ -92,6 +130,18 @@ export const POST: APIRoute = async ({ request, locals }) => {
 			.where("id", "=", id)
 			.executeTakeFirstOrThrow();
 
+		await logWidgetActivity(db, locals, {
+			action: "area_created",
+			areaId: area.id,
+			areaName: area.name,
+			...widgetApiRouteSource("area_created"),
+			detail: {
+				label: area.label,
+				description: area.description,
+				hitlRequestId: approvedHitlRequestId,
+			},
+		});
+
 		return apiSuccess(area, 201);
 	} catch (error) {
 		return handleError(error, "Failed to create widget area", "WIDGET_AREA_CREATE_ERROR");

package/src/components/DinewayHead.astro

@@ -16,8 +16,12 @@
 import type { PublicPageContext, PageMetadataContribution } from "../plugins/types.js";
 import { resolvePageMetadata, renderPageMetadata } from "../page/metadata.js";
 import { renderFragments } from "../page/fragments.js";
-import { generateBaseSeoContributions } from "../page/seo-contributions.js";
+import {
+	generateBaseSeoContributions,
+	generateSiteSeoContributions,
+} from "../page/seo-contributions.js";
 import { getPageRuntime } from "../page/index.js";
+import { getSiteSetting } from "../settings/index.js";
 
 interface Props {
 	page: PublicPageContext;
@@ -33,14 +37,18 @@ let metadataHtml = "";
 let fragmentsHtml = "";
 
 if (runtime) {
-	// Plugin contributions come BEFORE base, so resolvePageMetadata's
-	// first-wins dedup lets plugins override base SEO defaults
-	const pluginContributions = await runtime.collectPageMetadata(page);
-	const allContributions = [...pluginContributions, ...baseContributions];
+	// Plugin contributions come BEFORE site/base, so resolvePageMetadata's
+	// first-wins dedup lets plugins override defaults.
+	const [seoSettings, pluginContributions, fragments] = await Promise.all([
+		getSiteSetting("seo"),
+		runtime.collectPageMetadata(page),
+		runtime.collectPageFragments(page),
+	]);
+
+	const siteContributions = generateSiteSeoContributions(seoSettings);
+	const allContributions = [...pluginContributions, ...siteContributions, ...baseContributions];
 	const resolved = resolvePageMetadata(allContributions);
 	metadataHtml = renderPageMetadata(resolved);
-
-	const fragments = await runtime.collectPageFragments(page);
 	fragmentsHtml = renderFragments(fragments, "head");
 } else {
 	// No runtime (Dineway not initialized) — still render base SEO

package/src/components/DinewayMedia.astro

@@ -2,7 +2,7 @@
 /**
  * Dineway Media component
  *
- * Unified component for rendering media from any provider (local, Cloudflare Images, etc.)
+ * Unified component for rendering media from any provider (local, remote image services, etc.)
  * Calls the provider's getEmbed() method at render time for proper URL generation.
  *
  * Usage:

package/src/components/InlinePortableTextEditor.tsx

@@ -1117,7 +1117,7 @@ function InlineMediaPicker({
 		setUploading(true);
 		try {
 			// Detect dimensions and generate a thumbnail for large images to
-			// avoid OOM in server-side blurhash generation on Workers.
+			// avoid OOM in server-side blurhash generation on constrained runtimes.
 			const dims = await new Promise<{
 				width?: number;
 				height?: number;