npm - dineway - Versions diffs - 0.1.4 → 0.1.6 - Mend

dineway 0.1.4 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (193) hide show

package/README.md +6 -3
package/dist/{apply-CAPvMfoU.mjs → apply-iVSqz2qs.mjs} +132 -39
package/dist/astro/index.d.mts +18 -9
package/dist/astro/index.mjs +238 -16
package/dist/astro/middleware/auth.d.mts +16 -5
package/dist/astro/middleware/auth.mjs +74 -37
package/dist/astro/middleware/redirect.mjs +24 -8
package/dist/astro/middleware/request-context.mjs +18 -5
package/dist/astro/middleware/setup.mjs +1 -1
package/dist/astro/middleware.mjs +411 -169
package/dist/astro/types.d.mts +25 -8
package/dist/{byline-DeWCMU_i.mjs → byline-OhH2dlRu.mjs} +6 -21
package/dist/{bylines-DyqBV9EQ.mjs → bylines-BGpD9_hy.mjs} +16 -6
package/dist/cache-BdSY-gQN.mjs +42 -0
package/dist/chunks--4F8ddV4.mjs +18 -0
package/dist/cli/index.mjs +935 -15
package/dist/client/external-auth-headers.d.mts +1 -1
package/dist/client/index.d.mts +11 -3
package/dist/client/index.mjs +4 -3
package/dist/{connection-C9pxzuag.mjs → connection-BCNICDWN.mjs} +22 -5
package/dist/{content-zSgdNmnt.mjs → content-DWi4d0rT.mjs} +41 -2
package/dist/database/instrumentation.d.mts +34 -0
package/dist/database/instrumentation.mjs +53 -0
package/dist/db/index.d.mts +3 -3
package/dist/db/index.mjs +2 -2
package/dist/db/libsql.d.mts +1 -1
package/dist/db/libsql.mjs +11 -5
package/dist/db/postgres.d.mts +1 -1
package/dist/db/sqlite.d.mts +1 -1
package/dist/db/sqlite.mjs +7 -1
package/dist/db-errors-CEqD7qH9.mjs +23 -0
package/dist/{default-WYlzADZL.mjs → default-VjJyuuG9.mjs} +2 -0
package/dist/{dialect-helpers-B9uSp2GJ.mjs → dialect-helpers-DhTzaUxP.mjs} +3 -0
package/dist/{error-DrxtnGPg.mjs → error-BmL6QipT.mjs} +7 -3
package/dist/{index-C-jx21qs.d.mts → index-yvc6E_17.d.mts} +157 -30
package/dist/index.d.mts +11 -11
package/dist/index.mjs +24 -22
package/dist/{loader-qKmo0wAY.mjs → loader-sMG4TZ-u.mjs} +9 -3
package/dist/media/index.d.mts +1 -1
package/dist/media/index.mjs +1 -1
package/dist/media/local-runtime.d.mts +7 -7
package/dist/page/index.d.mts +10 -2
package/dist/page/index.mjs +22 -1
package/dist/patterns-CrCYkMBb.mjs +92 -0
package/dist/{placeholder-bOx1xCTY.d.mts → placeholder--wOi4TbO.d.mts} +1 -1
package/dist/{placeholder-B3knXwNc.mjs → placeholder-Cp8g5Emj.mjs} +1 -1
package/dist/plugins/adapt-sandbox-entry.d.mts +5 -5
package/dist/plugins/adapt-sandbox-entry.mjs +1 -1
package/dist/{query-BiaPl_g2.mjs → query-kDmwCsHh.mjs} +118 -50
package/dist/{redirect-JPqLAbxa.mjs → redirect-DnEWAkVg.mjs} +43 -99
package/dist/{registry-DSd1GWB8.mjs → registry-C0zjeB9P.mjs} +191 -123
package/dist/request-cache-Dk5qPSOx.mjs +66 -0
package/dist/request-context.d.mts +4 -16
package/dist/{runner-B5l1JfOj.d.mts → runner-CFI6B6J2.d.mts} +1 -1
package/dist/{runner-BGUGywgG.mjs → runner-DWZm2KQm.mjs} +589 -137
package/dist/runtime.d.mts +6 -6
package/dist/runtime.mjs +2 -2
package/dist/{search-BNruJHDL.mjs → search-BApX1xhM.mjs} +570 -424
package/dist/seed/index.d.mts +2 -2
package/dist/seed/index.mjs +11 -10
package/dist/seo/index.d.mts +1 -1
package/dist/storage/local.d.mts +1 -1
package/dist/storage/local.mjs +1 -1
package/dist/storage/s3.d.mts +11 -3
package/dist/storage/s3.mjs +78 -15
package/dist/taxonomies-1s5PaS_8.mjs +266 -0
package/dist/transaction-Cn2rjY78.mjs +27 -0
package/dist/{types-BgQeVaPj.d.mts → types-BuMDPy5C.d.mts} +52 -3
package/dist/{types-DuNbGKjF.mjs → types-COeOq9nK.mjs} +6 -1
package/dist/{types-ju-_ORz7.d.mts → types-CWbdtiux.d.mts} +13 -5
package/dist/{types-D38djUXv.d.mts → types-Cj0KMIZV.d.mts} +16 -3
package/dist/{types-DkvMXalq.d.mts → types-DOrVigru.d.mts} +159 -0
package/dist/{validate-CXnRKfJK.mjs → validate-BZ5wnLLp.mjs} +2 -1
package/dist/{validate-DVKJJ-M_.d.mts → validate-IPf8n4Fj.d.mts} +4 -51
package/dist/{validate-CqRJb_xU.mjs → validate-VPnKoIzW.mjs} +10 -10
package/dist/version-hmtC3Cmv.mjs +6 -0
package/package.json +49 -38
package/src/astro/routes/admin.astro +25 -9
package/src/astro/routes/api/admin/api-tokens/[id].ts +4 -0
package/src/astro/routes/api/admin/api-tokens/index.ts +24 -2
package/src/astro/routes/api/admin/briefing.ts +76 -0
package/src/astro/routes/api/admin/bylines/[id]/index.ts +3 -0
package/src/astro/routes/api/admin/bylines/index.ts +2 -0
package/src/astro/routes/api/admin/context/[id]/history.ts +35 -0
package/src/astro/routes/api/admin/context/[id]/index.ts +35 -0
package/src/astro/routes/api/admin/context/[id]/review.ts +57 -0
package/src/astro/routes/api/admin/context/[id]/supersede.ts +58 -0
package/src/astro/routes/api/admin/context/diff.ts +35 -0
package/src/astro/routes/api/admin/context/index.ts +69 -0
package/src/astro/routes/api/admin/context/stale.ts +35 -0
package/src/astro/routes/api/admin/hitl-requests/[id]/index.ts +38 -0
package/src/astro/routes/api/admin/hitl-requests/[id]/resolve.ts +54 -0
package/src/astro/routes/api/admin/hitl-requests/index.ts +38 -0
package/src/astro/routes/api/admin/hooks/exclusive/[hookName].ts +58 -17
package/src/astro/routes/api/admin/oauth-clients/[id].ts +28 -1
package/src/astro/routes/api/admin/oauth-clients/index.ts +25 -1
package/src/astro/routes/api/admin/plugins/[id]/disable.ts +54 -2
package/src/astro/routes/api/admin/plugins/[id]/enable.ts +54 -2
package/src/astro/routes/api/admin/plugins/[id]/uninstall.ts +51 -1
package/src/astro/routes/api/admin/plugins/[id]/update.ts +98 -3
package/src/astro/routes/api/admin/plugins/marketplace/[id]/install.ts +72 -1
package/src/astro/routes/api/admin/review-requests/[id]/index.ts +35 -0
package/src/astro/routes/api/admin/review-requests/[id]/resolve.ts +52 -0
package/src/astro/routes/api/admin/review-requests/index.ts +35 -0
package/src/astro/routes/api/admin/users/[id]/disable.ts +26 -23
package/src/astro/routes/api/admin/users/[id]/index.ts +41 -21
package/src/astro/routes/api/auth/invite/register-options.ts +73 -0
package/src/astro/routes/api/auth/magic-link/send.ts +2 -1
package/src/astro/routes/api/auth/passkey/options.ts +2 -1
package/src/astro/routes/api/auth/passkey/verify.ts +5 -1
package/src/astro/routes/api/auth/signup/request.ts +20 -8
package/src/astro/routes/api/comments/[collection]/[contentId]/index.ts +3 -4
package/src/astro/routes/api/content/[collection]/[id]/compare.ts +1 -1
package/src/astro/routes/api/content/[collection]/[id]/discard-draft.ts +16 -2
package/src/astro/routes/api/content/[collection]/[id]/duplicate.ts +16 -0
package/src/astro/routes/api/content/[collection]/[id]/permanent.ts +9 -0
package/src/astro/routes/api/content/[collection]/[id]/preview-url.ts +1 -1
package/src/astro/routes/api/content/[collection]/[id]/publish.ts +45 -1
package/src/astro/routes/api/content/[collection]/[id]/restore.ts +12 -2
package/src/astro/routes/api/content/[collection]/[id]/revisions.ts +1 -1
package/src/astro/routes/api/content/[collection]/[id]/schedule.ts +24 -0
package/src/astro/routes/api/content/[collection]/[id]/terms/[taxonomy].ts +3 -0
package/src/astro/routes/api/content/[collection]/[id]/translations.ts +20 -0
package/src/astro/routes/api/content/[collection]/[id]/unpublish.ts +13 -0
package/src/astro/routes/api/content/[collection]/[id].ts +36 -0
package/src/astro/routes/api/content/[collection]/index.ts +48 -4
package/src/astro/routes/api/content/[collection]/trash.ts +1 -1
package/src/astro/routes/api/health.ts +54 -0
package/src/astro/routes/api/import/wordpress/analyze.ts +2 -10
package/src/astro/routes/api/import/wordpress/execute.ts +40 -6
package/src/astro/routes/api/import/wordpress/prepare.ts +36 -5
package/src/astro/routes/api/import/wordpress/rewrite-urls.ts +33 -1
package/src/astro/routes/api/import/wordpress-plugin/analyze.ts +3 -3
package/src/astro/routes/api/import/wordpress-plugin/execute.ts +57 -15
package/src/astro/routes/api/manifest.ts +13 -1
package/src/astro/routes/api/mcp.ts +1 -0
package/src/astro/routes/api/media/providers/[providerId]/[itemId].ts +7 -2
package/src/astro/routes/api/media/upload-url.ts +11 -2
package/src/astro/routes/api/media.ts +9 -7
package/src/astro/routes/api/menus/[name]/items.ts +124 -5
package/src/astro/routes/api/menus/[name]/reorder.ts +47 -1
package/src/astro/routes/api/menus/[name].ts +84 -4
package/src/astro/routes/api/menus/index.ts +46 -2
package/src/astro/routes/api/oauth/authorize.ts +21 -8
package/src/astro/routes/api/oauth/device/code.ts +2 -1
package/src/astro/routes/api/oauth/device/token.ts +2 -1
package/src/astro/routes/api/oauth/register.ts +182 -0
package/src/astro/routes/api/oauth/token.ts +18 -7
package/src/astro/routes/api/openapi.json.ts +3 -2
package/src/astro/routes/api/plugins/[pluginId]/[...path].ts +21 -4
package/src/astro/routes/api/redirects/[id].ts +103 -4
package/src/astro/routes/api/redirects/index.ts +50 -2
package/src/astro/routes/api/schema/collections/[slug]/fields/[fieldSlug].ts +28 -0
package/src/astro/routes/api/schema/collections/[slug]/fields/index.ts +15 -0
package/src/astro/routes/api/schema/collections/[slug]/fields/reorder.ts +13 -0
package/src/astro/routes/api/schema/collections/[slug]/index.ts +27 -0
package/src/astro/routes/api/schema/collections/index.ts +14 -0
package/src/astro/routes/api/search/index.ts +1 -0
package/src/astro/routes/api/search/suggest.ts +1 -0
package/src/astro/routes/api/sections/[slug].ts +123 -4
package/src/astro/routes/api/sections/index.ts +57 -2
package/src/astro/routes/api/settings.ts +51 -2
package/src/astro/routes/api/setup/admin-verify.ts +25 -5
package/src/astro/routes/api/setup/admin.ts +16 -8
package/src/astro/routes/api/setup/index.ts +3 -2
package/src/astro/routes/api/taxonomies/[name]/terms/[slug].ts +141 -4
package/src/astro/routes/api/taxonomies/[name]/terms/index.ts +64 -2
package/src/astro/routes/api/taxonomies/index.ts +57 -2
package/src/astro/routes/api/well-known/auth.ts +3 -1
package/src/astro/routes/api/well-known/oauth-authorization-server.ts +8 -5
package/src/astro/routes/api/well-known/oauth-protected-resource.ts +3 -2
package/src/astro/routes/api/widget-areas/[name]/reorder.ts +58 -16
package/src/astro/routes/api/widget-areas/[name]/widgets/[id].ts +124 -38
package/src/astro/routes/api/widget-areas/[name]/widgets.ts +66 -20
package/src/astro/routes/api/widget-areas/[name].ts +55 -7
package/src/astro/routes/api/widget-areas/index.ts +56 -6
package/src/components/DinewayHead.astro +15 -7
package/src/components/DinewayMedia.astro +1 -1
package/src/components/InlinePortableTextEditor.tsx +1 -1
package/src/components/Table.astro +68 -41
package/src/components/index.ts +2 -12
package/src/components/marks.ts +19 -0
package/LICENSE +0 -9
/package/dist/{adapters-BlzWJG82.d.mts → adapters-C2ypTrZZ.d.mts} +0 -0
/package/dist/{config-Cq8H0SfX.mjs → config-BXwuX8Bx.mjs} +0 -0
/package/dist/{load-C6FCD1FU.mjs → load-Coc9HpHH.mjs} +0 -0
/package/dist/{manifest-schema-CTSEyIJ3.mjs → manifest-schema-D1MSVnoI.mjs} +0 -0
/package/dist/{mode-BlyYtIFO.mjs → mode-47goXBBK.mjs} +0 -0
/package/dist/{tokens-4vgYuXsZ.mjs → tokens-CJz9ubV6.mjs} +0 -0
/package/dist/{transport-C5FYnid7.mjs → transport-DB5eDN4x.mjs} +0 -0
/package/dist/{transport-gIL-e43D.d.mts → transport-Wge_IzKl.d.mts} +0 -0
/package/dist/{types-CLLdsG3g.d.mts → types-BzcUjoqg.d.mts} +0 -0
/package/dist/{types-DShnjzb6.mjs → types-griIBQOQ.mjs} +0 -0

package/src/astro/routes/api/admin/oauth-clients/[id].ts CHANGED Viewed

@@ -10,6 +10,7 @@ import { Role } from "@dineway-ai/auth";
 import type { APIRoute } from "astro";
 import { z } from "zod";
+import { rejectApiTokenAuthControlWrite } from "#api/auth-control-guard.js";
 import { apiError, handleError, unwrapResult } from "#api/error.js";
 import {
 	handleOAuthClientDelete,
@@ -17,6 +18,11 @@ import {
 	handleOAuthClientUpdate,
 } from "#api/handlers/oauth-clients.js";
 import { isParseError, parseBody } from "#api/parse.js";
+import { ALL_VALID_SCOPES } from "#auth/api-tokens.js";
+import {
+	disabledExperimentalSiteContextWorkflowScopes,
+	getExperimentalSiteContextWorkflowScopesDisabledMessage,
+} from "#site-context/experimental-workflows.js";
 export const prerender = false;
@@ -26,7 +32,7 @@ const updateClientSchema = z.object({
 		.array(z.string().url("Each redirect URI must be a valid URL"))
 		.min(1, "At least one redirect URI is required")
 		.optional(),
-	scopes: z.array(z.string()).nullable().optional(),
+	scopes: z.array(z.enum(ALL_VALID_SCOPES)).nullable().optional(),
 });
 /**
@@ -43,6 +49,9 @@ export const GET: APIRoute = async ({ params, locals }) => {
 		return apiError("FORBIDDEN", "Admin privileges required", 403);
 	}
+	const credentialGuard = rejectApiTokenAuthControlWrite(locals, "oauth_clients");
+	if (credentialGuard) return credentialGuard;
 	const clientId = params.id;
 	if (!clientId) {
 		return apiError("VALIDATION_ERROR", "Client ID is required", 400);
@@ -66,6 +75,9 @@ export const PUT: APIRoute = async ({ params, request, locals }) => {
 		return apiError("FORBIDDEN", "Admin privileges required", 403);
 	}
+	const credentialGuard = rejectApiTokenAuthControlWrite(locals, "oauth_clients");
+	if (credentialGuard) return credentialGuard;
 	const clientId = params.id;
 	if (!clientId) {
 		return apiError("VALIDATION_ERROR", "Client ID is required", 400);
@@ -74,6 +86,21 @@ export const PUT: APIRoute = async ({ params, request, locals }) => {
 	try {
 		const body = await parseBody(request, updateClientSchema);
 		if (isParseError(body)) return body;
+		const requestedWorkflowScopes = disabledExperimentalSiteContextWorkflowScopes(
+			body.scopes ?? [],
+		);
+		if (requestedWorkflowScopes.length > 0) {
+			return apiError(
+				"NOT_IMPLEMENTED",
+				getExperimentalSiteContextWorkflowScopesDisabledMessage(),
+				501,
+				{
+					status: "workflow_oauth_client_scopes_disabled",
+					reason: "workflow_oauth_client_scopes_disabled",
+					scopes: requestedWorkflowScopes,
+				},
+			);
+		}
 		const result = await handleOAuthClientUpdate(dineway.db, clientId, body);
 		return unwrapResult(result);

package/src/astro/routes/api/admin/oauth-clients/index.ts CHANGED Viewed

@@ -9,9 +9,15 @@ import { Role } from "@dineway-ai/auth";
 import type { APIRoute } from "astro";
 import { z } from "zod";
+import { rejectApiTokenAuthControlWrite } from "#api/auth-control-guard.js";
 import { apiError, handleError, unwrapResult } from "#api/error.js";
 import { handleOAuthClientCreate, handleOAuthClientList } from "#api/handlers/oauth-clients.js";
 import { isParseError, parseBody } from "#api/parse.js";
+import { ALL_VALID_SCOPES } from "#auth/api-tokens.js";
+import {
+	disabledExperimentalSiteContextWorkflowScopes,
+	getExperimentalSiteContextWorkflowScopesDisabledMessage,
+} from "#site-context/experimental-workflows.js";
 export const prerender = false;
@@ -24,7 +30,7 @@ const createClientSchema = z.object({
 	redirectUris: z
 		.array(z.string().url("Each redirect URI must be a valid URL"))
 		.min(1, "At least one redirect URI is required"),
-	scopes: z.array(z.string()).optional(),
+	scopes: z.array(z.enum(ALL_VALID_SCOPES)).optional(),
 });
 /**
@@ -59,9 +65,27 @@ export const POST: APIRoute = async ({ request, locals }) => {
 		return apiError("FORBIDDEN", "Admin privileges required", 403);
 	}
+	const credentialGuard = rejectApiTokenAuthControlWrite(locals, "oauth_clients");
+	if (credentialGuard) return credentialGuard;
 	try {
 		const body = await parseBody(request, createClientSchema);
 		if (isParseError(body)) return body;
+		const requestedWorkflowScopes = disabledExperimentalSiteContextWorkflowScopes(
+			body.scopes ?? [],
+		);
+		if (requestedWorkflowScopes.length > 0) {
+			return apiError(
+				"NOT_IMPLEMENTED",
+				getExperimentalSiteContextWorkflowScopesDisabledMessage(),
+				501,
+				{
+					status: "workflow_oauth_client_scopes_disabled",
+					reason: "workflow_oauth_client_scopes_disabled",
+					scopes: requestedWorkflowScopes,
+				},
+			);
+		}
 		const result = await handleOAuthClientCreate(dineway.db, body);
 		return unwrapResult(result, 201);

package/src/astro/routes/api/admin/plugins/[id]/disable.ts CHANGED Viewed

@@ -5,15 +5,32 @@
  */
 import type { APIRoute } from "astro";
+import { z } from "zod";
 import { requirePerm } from "#api/authorize.js";
 import { apiError, unwrapResult } from "#api/error.js";
-import { handlePluginDisable } from "#api/index.js";
+import {
+	ensureWorkflowHitlRouteRequest,
+	hitlRequiredRouteError,
+	resolveHitlRouteActor,
+} from "#api/hitl-route-helpers.js";
+import { handlePluginDisable, handlePluginGet } from "#api/index.js";
+import { isParseError, parseOptionalBody } from "#api/parse.js";
 import { setCronTasksEnabled } from "#plugins/cron.js";
+import {
+	logPluginActivity,
+	pluginApiRouteSource,
+	PluginHitlPayloadBuilder,
+	RiskPolicyEvaluator,
+} from "#site-context/index.js";
 export const prerender = false;
-export const POST: APIRoute = async ({ params, locals }) => {
+const hitlBodySchema = z.object({
+	hitlRequestId: z.string().min(1).optional(),
+});
+export const POST: APIRoute = async ({ params, request, locals }) => {
 	const { dineway, user } = locals;
 	const { id } = params;
@@ -28,12 +45,47 @@ export const POST: APIRoute = async ({ params, locals }) => {
 		return apiError("INVALID_REQUEST", "Plugin ID required", 400);
 	}
+	const body = await parseOptionalBody(request, hitlBodySchema, {});
+	if (isParseError(body)) return body;
+	const current = await handlePluginGet(
+		dineway.db,
+		dineway.configuredPlugins,
+		id,
+		dineway.config.marketplace,
+	);
+	if (!current.success) return unwrapResult(current);
+	const actor = resolveHitlRouteActor(locals);
+	const action = await new PluginHitlPayloadBuilder().buildDisableRequest(current.data.item);
+	const decision = await new RiskPolicyEvaluator({
+		db: dineway.db,
+		handlers: dineway,
+	}).evaluateWorkflowHitl({
+		actor: actor.identity,
+		hitlRequestId: body.hitlRequestId,
+		action,
+	});
+	if (!decision.allowed) {
+		const ensured = await ensureWorkflowHitlRouteRequest(dineway.db, locals, decision.action);
+		return hitlRequiredRouteError(decision, ensured);
+	}
 	const result = await handlePluginDisable(dineway.db, dineway.configuredPlugins, id);
 	if (!result.success) return unwrapResult(result);
 	await dineway.setPluginStatus(id, "inactive");
 	await setCronTasksEnabled(dineway.db, id, false);
+	await logPluginActivity(dineway.db, locals, {
+		action: "disabled",
+		pluginId: id,
+		...pluginApiRouteSource("disabled"),
+		summary: `Disabled plugin ${id}`,
+		detail: {
+			hitlRequestId: decision.required ? decision.hitlRequest.id : null,
+		},
+	});
 	return unwrapResult(result);
 };

package/src/astro/routes/api/admin/plugins/[id]/enable.ts CHANGED Viewed

@@ -5,15 +5,32 @@
  */
 import type { APIRoute } from "astro";
+import { z } from "zod";
 import { requirePerm } from "#api/authorize.js";
 import { apiError, unwrapResult } from "#api/error.js";
-import { handlePluginEnable } from "#api/index.js";
+import {
+	ensureWorkflowHitlRouteRequest,
+	hitlRequiredRouteError,
+	resolveHitlRouteActor,
+} from "#api/hitl-route-helpers.js";
+import { handlePluginEnable, handlePluginGet } from "#api/index.js";
+import { isParseError, parseOptionalBody } from "#api/parse.js";
 import { setCronTasksEnabled } from "#plugins/cron.js";
+import {
+	logPluginActivity,
+	pluginApiRouteSource,
+	PluginHitlPayloadBuilder,
+	RiskPolicyEvaluator,
+} from "#site-context/index.js";
 export const prerender = false;
-export const POST: APIRoute = async ({ params, locals }) => {
+const hitlBodySchema = z.object({
+	hitlRequestId: z.string().min(1).optional(),
+});
+export const POST: APIRoute = async ({ params, request, locals }) => {
 	const { dineway, user } = locals;
 	const { id } = params;
@@ -28,12 +45,47 @@ export const POST: APIRoute = async ({ params, locals }) => {
 		return apiError("INVALID_REQUEST", "Plugin ID required", 400);
 	}
+	const body = await parseOptionalBody(request, hitlBodySchema, {});
+	if (isParseError(body)) return body;
+	const current = await handlePluginGet(
+		dineway.db,
+		dineway.configuredPlugins,
+		id,
+		dineway.config.marketplace,
+	);
+	if (!current.success) return unwrapResult(current);
+	const actor = resolveHitlRouteActor(locals);
+	const action = await new PluginHitlPayloadBuilder().buildEnableRequest(current.data.item);
+	const decision = await new RiskPolicyEvaluator({
+		db: dineway.db,
+		handlers: dineway,
+	}).evaluateWorkflowHitl({
+		actor: actor.identity,
+		hitlRequestId: body.hitlRequestId,
+		action,
+	});
+	if (!decision.allowed) {
+		const ensured = await ensureWorkflowHitlRouteRequest(dineway.db, locals, decision.action);
+		return hitlRequiredRouteError(decision, ensured);
+	}
 	const result = await handlePluginEnable(dineway.db, dineway.configuredPlugins, id);
 	if (!result.success) return unwrapResult(result);
 	await dineway.setPluginStatus(id, "active");
 	await setCronTasksEnabled(dineway.db, id, true);
+	await logPluginActivity(dineway.db, locals, {
+		action: "enabled",
+		pluginId: id,
+		...pluginApiRouteSource("enabled"),
+		summary: `Enabled plugin ${id}`,
+		detail: {
+			hitlRequestId: decision.required ? decision.hitlRequest.id : null,
+		},
+	});
 	return unwrapResult(result);
 };

package/src/astro/routes/api/admin/plugins/[id]/uninstall.ts CHANGED Viewed

@@ -9,13 +9,25 @@ import { z } from "zod";
 import { requirePerm } from "#api/authorize.js";
 import { apiError, unwrapResult } from "#api/error.js";
-import { handleMarketplaceUninstall } from "#api/index.js";
+import {
+	ensureWorkflowHitlRouteRequest,
+	hitlRequiredRouteError,
+	resolveHitlRouteActor,
+} from "#api/hitl-route-helpers.js";
+import { handleMarketplaceUninstall, handlePluginList } from "#api/index.js";
 import { isParseError, parseOptionalBody } from "#api/parse.js";
+import {
+	logPluginActivity,
+	pluginApiRouteSource,
+	PluginHitlPayloadBuilder,
+	RiskPolicyEvaluator,
+} from "#site-context/index.js";
 export const prerender = false;
 const uninstallBodySchema = z.object({
 	deleteData: z.boolean().optional(),
+	hitlRequestId: z.string().min(1).optional(),
 });
 export const POST: APIRoute = async ({ params, request, locals }) => {
@@ -36,6 +48,34 @@ export const POST: APIRoute = async ({ params, request, locals }) => {
 	const body = await parseOptionalBody(request, uninstallBodySchema, {});
 	if (isParseError(body)) return body;
+	const actor = resolveHitlRouteActor(locals);
+	let approvedHitlRequestId: string | null = null;
+	const current = await handlePluginList(
+		dineway.db,
+		dineway.configuredPlugins,
+		dineway.config.marketplace,
+	);
+	if (!current.success) return unwrapResult(current);
+	const plugin = current.data.items.find((item) => item.id === id && item.source === "marketplace");
+	if (plugin) {
+		const action = await new PluginHitlPayloadBuilder().buildUninstallRequest(plugin, {
+			deleteData: body.deleteData ?? false,
+		});
+		const decision = await new RiskPolicyEvaluator({
+			db: dineway.db,
+			handlers: dineway,
+		}).evaluateWorkflowHitl({
+			actor: actor.identity,
+			hitlRequestId: body.hitlRequestId,
+			action,
+		});
+		if (!decision.allowed) {
+			const ensured = await ensureWorkflowHitlRouteRequest(dineway.db, locals, decision.action);
+			return hitlRequiredRouteError(decision, ensured);
+		}
+		approvedHitlRequestId = decision.required ? decision.hitlRequest.id : null;
+	}
 	const result = await handleMarketplaceUninstall(dineway.db, dineway.storage, id, {
 		deleteData: body.deleteData ?? false,
 	});
@@ -43,6 +83,16 @@ export const POST: APIRoute = async ({ params, request, locals }) => {
 	if (!result.success) return unwrapResult(result);
 	await dineway.syncMarketplacePlugins();
+	await logPluginActivity(dineway.db, locals, {
+		action: "uninstalled",
+		pluginId: id,
+		...pluginApiRouteSource("uninstalled"),
+		summary: `Uninstalled plugin ${id}`,
+		detail: {
+			deleteData: body.deleteData ?? false,
+			hitlRequestId: approvedHitlRequestId,
+		},
+	});
 	return unwrapResult(result);
 };

package/src/astro/routes/api/admin/plugins/[id]/update.ts CHANGED Viewed

@@ -9,8 +9,19 @@ import { z } from "zod";
 import { requirePerm } from "#api/authorize.js";
 import { apiError, unwrapResult } from "#api/error.js";
-import { handleMarketplaceUpdate } from "#api/index.js";
+import {
+	ensureWorkflowHitlRouteRequest,
+	hitlRequiredRouteError,
+	resolveHitlRouteActor,
+} from "#api/hitl-route-helpers.js";
+import { handleMarketplaceUpdate, handleMarketplaceUpdatePreview } from "#api/index.js";
 import { isParseError, parseOptionalBody } from "#api/parse.js";
+import {
+	logPluginActivity,
+	pluginApiRouteSource,
+	PluginHitlPayloadBuilder,
+	RiskPolicyEvaluator,
+} from "#site-context/index.js";
 export const prerender = false;
@@ -18,6 +29,7 @@ const updateBodySchema = z.object({
 	version: z.string().min(1).optional(),
 	confirmCapabilityChanges: z.boolean().optional(),
 	confirmRouteVisibilityChanges: z.boolean().optional(),
+	hitlRequestId: z.string().min(1).optional(),
 });
 export const POST: APIRoute = async ({ params, request, locals }) => {
@@ -37,6 +49,68 @@ export const POST: APIRoute = async ({ params, request, locals }) => {
 	const body = await parseOptionalBody(request, updateBodySchema, {});
 	if (isParseError(body)) return body;
+	const actor = resolveHitlRouteActor(locals);
+	const evaluator = new RiskPolicyEvaluator({
+		db: dineway.db,
+		handlers: dineway,
+	});
+	let approvedHitlRequestId: string | null = null;
+	let previewDiffs: { hasCapabilityChanges: boolean; hasNewPublicRoutes: boolean } | null = null;
+	if (evaluator.requiresWorkflowHitl(actor.identity)) {
+		if (!body.version) {
+			return apiError(
+				"VALIDATION_ERROR",
+				"API-token marketplace updates require an explicit version so the reviewed target is immutable.",
+				400,
+			);
+		}
+		const preview = await handleMarketplaceUpdatePreview(
+			dineway.db,
+			dineway.storage,
+			dineway.config.marketplace,
+			id,
+			{ version: body.version },
+		);
+		if (!preview.success) return unwrapResult(preview);
+		const action = await new PluginHitlPayloadBuilder().buildMarketplaceUpdateRequest({
+			id: preview.data.pluginId,
+			name: preview.data.name,
+			description: preview.data.description,
+			authorName: preview.data.authorName,
+			version: preview.data.version,
+			minDinewayVersion: preview.data.minDinewayVersion,
+			bundleSize: preview.data.bundleSize,
+			checksum: preview.data.checksum,
+			changelog: preview.data.changelog,
+			capabilities: preview.data.capabilities,
+			status: preview.data.status,
+			auditVerdict: preview.data.auditVerdict,
+			imageAuditVerdict: preview.data.imageAuditVerdict,
+			publishedAt: preview.data.publishedAt,
+			oldVersion: preview.data.oldVersion,
+			capabilityChanges: preview.data.capabilityChanges,
+			routeVisibilityChanges: preview.data.routeVisibilityChanges,
+		});
+		const decision = await evaluator.evaluateWorkflowHitl({
+			actor: actor.identity,
+			hitlRequestId: body.hitlRequestId,
+			action,
+		});
+		if (!decision.allowed) {
+			const ensured = await ensureWorkflowHitlRouteRequest(dineway.db, locals, decision.action);
+			return hitlRequiredRouteError(decision, ensured);
+		}
+		approvedHitlRequestId = decision.hitlRequest.id;
+		previewDiffs = {
+			hasCapabilityChanges:
+				preview.data.capabilityChanges.added.length > 0 ||
+				preview.data.capabilityChanges.removed.length > 0,
+			hasNewPublicRoutes: preview.data.routeVisibilityChanges.newlyPublic.length > 0,
+		};
+	}
 	const result = await handleMarketplaceUpdate(
 		dineway.db,
@@ -46,14 +120,35 @@ export const POST: APIRoute = async ({ params, request, locals }) => {
 		id,
 		{
 			version: body.version,
-			confirmCapabilityChanges: body.confirmCapabilityChanges,
-			confirmRouteVisibilityChanges: body.confirmRouteVisibilityChanges,
+			confirmCapabilityChanges: previewDiffs
+				? previewDiffs.hasCapabilityChanges || body.confirmCapabilityChanges === true
+				: body.confirmCapabilityChanges,
+			confirmRouteVisibilityChanges: previewDiffs
+				? previewDiffs.hasNewPublicRoutes || body.confirmRouteVisibilityChanges === true
+				: body.confirmRouteVisibilityChanges,
 		},
 	);
 	if (!result.success) return unwrapResult(result);
 	await dineway.syncMarketplacePlugins();
+	await logPluginActivity(dineway.db, locals, {
+		action: "updated",
+		pluginId: id,
+		...pluginApiRouteSource("updated"),
+		summary: `Updated plugin ${id}`,
+		detail: {
+			version: result.data.newVersion,
+			oldVersion: result.data.oldVersion,
+			confirmedCapabilityChanges: previewDiffs
+				? previewDiffs.hasCapabilityChanges
+				: (body.confirmCapabilityChanges ?? false),
+			confirmedRouteVisibilityChanges: previewDiffs
+				? previewDiffs.hasNewPublicRoutes
+				: (body.confirmRouteVisibilityChanges ?? false),
+			hitlRequestId: approvedHitlRequestId,
+		},
+	});
 	return unwrapResult(result);
 };

package/src/astro/routes/api/admin/plugins/marketplace/[id]/install.ts CHANGED Viewed

@@ -9,13 +9,25 @@ import { z } from "zod";
 import { requirePerm } from "#api/authorize.js";
 import { apiError, handleError, unwrapResult } from "#api/error.js";
-import { handleMarketplaceInstall } from "#api/index.js";
+import {
+	ensureWorkflowHitlRouteRequest,
+	hitlRequiredRouteError,
+	resolveHitlRouteActor,
+} from "#api/hitl-route-helpers.js";
+import { handleMarketplaceInstall, handleMarketplaceInstallPreview } from "#api/index.js";
 import { isParseError, parseOptionalBody } from "#api/parse.js";
+import {
+	logPluginActivity,
+	pluginApiRouteSource,
+	PluginHitlPayloadBuilder,
+	RiskPolicyEvaluator,
+} from "#site-context/index.js";
 export const prerender = false;
 const installBodySchema = z.object({
 	version: z.string().min(1).optional(),
+	hitlRequestId: z.string().min(1).optional(),
 });
 export const POST: APIRoute = async ({ params, request, locals }) => {
@@ -36,6 +48,55 @@ export const POST: APIRoute = async ({ params, request, locals }) => {
 		const body = await parseOptionalBody(request, installBodySchema, {});
 		if (isParseError(body)) return body;
+		const actor = resolveHitlRouteActor(locals);
+		const evaluator = new RiskPolicyEvaluator({
+			db: dineway.db,
+			handlers: dineway,
+		});
+		let approvedHitlRequestId: string | null = null;
+		if (evaluator.requiresWorkflowHitl(actor.identity)) {
+			if (!body.version) {
+				return apiError(
+					"VALIDATION_ERROR",
+					"API-token marketplace installs require an explicit version so the reviewed target is immutable.",
+					400,
+				);
+			}
+			const preview = await handleMarketplaceInstallPreview(dineway.config.marketplace, id, {
+				version: body.version,
+				siteOrigin: new URL(request.url).origin,
+			});
+			if (!preview.success) return unwrapResult(preview);
+			const action = await new PluginHitlPayloadBuilder().buildInstallRequest({
+				id: preview.data.pluginId,
+				name: preview.data.name,
+				description: preview.data.description,
+				authorName: preview.data.authorName,
+				version: preview.data.version,
+				minDinewayVersion: preview.data.minDinewayVersion,
+				bundleSize: preview.data.bundleSize,
+				checksum: preview.data.checksum,
+				changelog: preview.data.changelog,
+				capabilities: preview.data.capabilities,
+				status: preview.data.status,
+				auditVerdict: preview.data.auditVerdict,
+				imageAuditVerdict: preview.data.imageAuditVerdict,
+				publishedAt: preview.data.publishedAt,
+			});
+			const decision = await evaluator.evaluateWorkflowHitl({
+				actor: actor.identity,
+				hitlRequestId: body.hitlRequestId,
+				action,
+			});
+			if (!decision.allowed) {
+				const ensured = await ensureWorkflowHitlRouteRequest(dineway.db, locals, decision.action);
+				return hitlRequiredRouteError(decision, ensured);
+			}
+			approvedHitlRequestId = decision.hitlRequest.id;
+		}
 		const configuredPluginIds = new Set<string>(
 			dineway.configuredPlugins.map((p: { id: string }) => p.id),
@@ -55,6 +116,16 @@ export const POST: APIRoute = async ({ params, request, locals }) => {
 		if (!result.success) return unwrapResult(result);
 		await dineway.syncMarketplacePlugins();
+		await logPluginActivity(dineway.db, locals, {
+			action: "installed",
+			pluginId: id,
+			...pluginApiRouteSource("installed"),
+			summary: `Installed plugin ${id}`,
+			detail: {
+				version: result.data.version,
+				hitlRequestId: approvedHitlRequestId,
+			},
+		});
 		return unwrapResult(result, 201);
 	} catch (error) {

package/src/astro/routes/api/admin/review-requests/[id]/index.ts ADDED Viewed

@@ -0,0 +1,35 @@
+/**
+ * Admin review request detail
+ *
+ * GET /_dineway/api/admin/review-requests/:id - Get a review request
+ */
+import type { APIRoute } from "astro";
+import { requirePerm } from "#api/authorize.js";
+import { apiError, handleError, requireDb, unwrapResult } from "#api/error.js";
+import { handleReviewRequestGet } from "#api/handlers/review-requests.js";
+export const prerender = false;
+export const GET: APIRoute = async ({ params, locals }) => {
+	const { dineway, user } = locals;
+	const { id } = params;
+	if (!id) {
+		return apiError("VALIDATION_ERROR", "Review request ID required", 400);
+	}
+	const dbErr = requireDb(dineway?.db);
+	if (dbErr) return dbErr;
+	const denied = requirePerm(user, "content:edit_any");
+	if (denied) return denied;
+	try {
+		const result = await handleReviewRequestGet(dineway.db, id);
+		return unwrapResult(result);
+	} catch (error) {
+		return handleError(error, "Failed to fetch review request", "REVIEW_REQUEST_GET_ERROR");
+	}
+};

package/src/astro/routes/api/admin/review-requests/[id]/resolve.ts ADDED Viewed

@@ -0,0 +1,52 @@
+/**
+ * Admin review request resolution
+ *
+ * POST /_dineway/api/admin/review-requests/:id/resolve - Approve or reject a review request
+ */
+import type { APIRoute } from "astro";
+import { requirePerm } from "#api/authorize.js";
+import { apiError, handleError, requireDb, unwrapResult } from "#api/error.js";
+import { handleReviewRequestResolve } from "#api/handlers/review-requests.js";
+import { isParseError, parseBody } from "#api/parse.js";
+import { logReviewRouteActivity, resolveReviewRouteActor } from "#api/review-route-helpers.js";
+import { reviewRequestResolveBody } from "#api/schemas.js";
+export const prerender = false;
+export const POST: APIRoute = async ({ params, request, locals }) => {
+	const { dineway, user } = locals;
+	const { id } = params;
+	if (!id) {
+		return apiError("VALIDATION_ERROR", "Review request ID required", 400);
+	}
+	const dbErr = requireDb(dineway?.db);
+	if (dbErr) return dbErr;
+	const denied = requirePerm(user, "content:edit_any");
+	if (denied) return denied;
+	try {
+		const body = await parseBody(request, reviewRequestResolveBody);
+		if (isParseError(body)) return body;
+		const result = await handleReviewRequestResolve(dineway.db, id, {
+			decision: body.decision,
+			reviewNote: body.reviewNote,
+			actor: resolveReviewRouteActor(locals),
+		});
+		if (!result.success) return unwrapResult(result);
+		await logReviewRouteActivity(dineway.db, locals, {
+			actionType: body.decision === "approved" ? "review.approved" : "review.rejected",
+			item: result.data.item,
+		});
+		return unwrapResult(result);
+	} catch (error) {
+		return handleError(error, "Failed to resolve review request", "REVIEW_REQUEST_RESOLVE_ERROR");
+	}
+};