dineway 0.1.8 → 0.1.11

package/src/astro/routes/api/admin/comments/[id]/status.ts

@@ -1,120 +0,0 @@
-/**
- * Comment status change
- *
- * PUT /_dineway/api/admin/comments/:id/status - Change comment status
- */
-
-import type { APIRoute } from "astro";
-
-import { requirePerm } from "#api/authorize.js";
-import { apiError, apiSuccess, handleError, requireDb, unwrapResult } from "#api/error.js";
-import { handleCommentGet } from "#api/handlers/comments.js";
-import { isParseError, parseBody } from "#api/parse.js";
-import { commentStatusBody } from "#api/schemas.js";
-import { getSiteBaseUrl } from "#api/site-url.js";
-import { lookupContentAuthor, sendCommentNotification } from "#comments/notifications.js";
-import { moderateComment, type CommentHookRunner } from "#comments/service.js";
-import type { CommentStatus } from "#db/repositories/comment.js";
-import type { ModerationDecision } from "#plugins/types.js";
-
-export const prerender = false;
-
-export const PUT: APIRoute = async ({ params, request, locals }) => {
-	const { dineway, user } = locals;
-	const { id } = params;
-
-	if (!id) {
-		return apiError("VALIDATION_ERROR", "Comment ID required", 400);
-	}
-
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-
-	const denied = requirePerm(user, "comments:moderate");
-	if (denied) return denied;
-
-	try {
-		const body = await parseBody(request, commentStatusBody);
-		if (isParseError(body)) return body;
-
-		const newStatus = body.status as CommentStatus;
-
-		// Build hook runner for the service
-		const hookRunner: CommentHookRunner = {
-			async runBeforeCreate(event) {
-				return dineway.hooks.runCommentBeforeCreate(event);
-			},
-			async runModerate(event) {
-				const result = await dineway.hooks.invokeExclusiveHook("comment:moderate", event);
-				if (!result) return { status: "pending" as const, reason: "No moderator configured" };
-				if (result.error) return { status: "pending" as const, reason: "Moderation error" };
-				return result.result as ModerationDecision;
-			},
-			fireAfterCreate(event) {
-				dineway.hooks
-					.runCommentAfterCreate(event)
-					.catch((err) =>
-						console.error(
-							"[comments] afterCreate error:",
-							err instanceof Error ? err.message : err,
-						),
-					);
-			},
-			fireAfterModerate(event) {
-				dineway.hooks
-					.runCommentAfterModerate(event)
-					.catch((err) =>
-						console.error(
-							"[comments] afterModerate error:",
-							err instanceof Error ? err.message : err,
-						),
-					);
-			},
-		};
-
-		// Read the comment before updating so we know the previous status
-		const existing = await handleCommentGet(dineway.db, id);
-		if (!existing.success) {
-			return unwrapResult(existing);
-		}
-		const previousStatus = existing.data.status;
-
-		const updated = await moderateComment(
-			dineway.db,
-			id,
-			newStatus,
-			{ id: user!.id, name: user!.name ?? null },
-			hookRunner,
-		);
-
-		if (!updated) {
-			return apiError("NOT_FOUND", "Comment not found", 404);
-		}
-
-		// Send notification when a comment is newly approved
-		if (newStatus === "approved" && previousStatus !== "approved" && dineway.email) {
-			try {
-				const adminBaseUrl = await getSiteBaseUrl(dineway.db, request);
-				const content = await lookupContentAuthor(
-					dineway.db,
-					updated.collection,
-					updated.contentId,
-				);
-				if (content?.author) {
-					await sendCommentNotification({
-						email: dineway.email,
-						comment: updated,
-						contentAuthor: content.author,
-						adminBaseUrl,
-					});
-				}
-			} catch (err) {
-				console.error("[comments] notification error:", err instanceof Error ? err.message : err);
-			}
-		}
-
-		return apiSuccess(updated);
-	} catch (error) {
-		return handleError(error, "Failed to update comment status", "COMMENT_STATUS_ERROR");
-	}
-};

package/src/astro/routes/api/admin/comments/[id].ts

@@ -1,64 +0,0 @@
-/**
- * Single comment admin endpoints
- *
- * GET    /_dineway/api/admin/comments/:id - Get comment detail
- * DELETE /_dineway/api/admin/comments/:id - Hard delete (ADMIN only)
- */
-
-import type { APIRoute } from "astro";
-
-import { requirePerm } from "#api/authorize.js";
-import { apiError, handleError, requireDb, unwrapResult } from "#api/error.js";
-import { handleCommentGet, handleCommentDelete } from "#api/handlers/comments.js";
-
-export const prerender = false;
-
-/**
- * Get single comment detail (includes moderation_metadata)
- */
-export const GET: APIRoute = async ({ params, locals }) => {
-	const { dineway, user } = locals;
-	const { id } = params;
-
-	if (!id) {
-		return apiError("VALIDATION_ERROR", "Comment ID required", 400);
-	}
-
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-
-	const denied = requirePerm(user, "comments:moderate");
-	if (denied) return denied;
-
-	try {
-		const result = await handleCommentGet(dineway.db, id);
-		return unwrapResult(result);
-	} catch (error) {
-		return handleError(error, "Failed to get comment", "COMMENT_GET_ERROR");
-	}
-};
-
-/**
- * Hard delete a comment (ADMIN only)
- */
-export const DELETE: APIRoute = async ({ params, locals }) => {
-	const { dineway, user } = locals;
-	const { id } = params;
-
-	if (!id) {
-		return apiError("VALIDATION_ERROR", "Comment ID required", 400);
-	}
-
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-
-	const denied = requirePerm(user, "comments:delete");
-	if (denied) return denied;
-
-	try {
-		const result = await handleCommentDelete(dineway.db, id);
-		return unwrapResult(result);
-	} catch (error) {
-		return handleError(error, "Failed to delete comment", "COMMENT_DELETE_ERROR");
-	}
-};

package/src/astro/routes/api/admin/comments/bulk.ts

@@ -1,42 +0,0 @@
-/**
- * Bulk comment operations
- *
- * POST /_dineway/api/admin/comments/bulk - Bulk status change or delete
- */
-
-import type { APIRoute } from "astro";
-
-import { requirePerm } from "#api/authorize.js";
-import { handleError, requireDb, unwrapResult } from "#api/error.js";
-import { handleCommentBulk } from "#api/handlers/comments.js";
-import { isParseError, parseBody } from "#api/parse.js";
-import { commentBulkBody } from "#api/schemas.js";
-
-export const prerender = false;
-
-export const POST: APIRoute = async ({ request, locals }) => {
-	const { dineway, user } = locals;
-
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-
-	try {
-		const body = await parseBody(request, commentBulkBody);
-		if (isParseError(body)) return body;
-
-		// Bulk delete requires ADMIN, bulk status change requires EDITOR
-		if (body.action === "delete") {
-			const denied = requirePerm(user, "comments:delete");
-			if (denied) return denied;
-		} else {
-			const denied = requirePerm(user, "comments:moderate");
-			if (denied) return denied;
-		}
-
-		const result = await handleCommentBulk(dineway.db, body.ids, body.action);
-
-		return unwrapResult(result);
-	} catch (error) {
-		return handleError(error, "Failed to perform bulk operation", "COMMENT_BULK_ERROR");
-	}
-};

package/src/astro/routes/api/admin/comments/counts.ts

@@ -1,30 +0,0 @@
-/**
- * Comment status counts for inbox badges
- *
- * GET /_dineway/api/admin/comments/counts
- */
-
-import type { APIRoute } from "astro";
-
-import { requirePerm } from "#api/authorize.js";
-import { handleError, requireDb, unwrapResult } from "#api/error.js";
-import { handleCommentCounts } from "#api/handlers/comments.js";
-
-export const prerender = false;
-
-export const GET: APIRoute = async ({ locals }) => {
-	const { dineway, user } = locals;
-
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-
-	const denied = requirePerm(user, "comments:moderate");
-	if (denied) return denied;
-
-	try {
-		const result = await handleCommentCounts(dineway.db);
-		return unwrapResult(result);
-	} catch (error) {
-		return handleError(error, "Failed to get comment counts", "COMMENT_COUNTS_ERROR");
-	}
-};

package/src/astro/routes/api/admin/comments/index.ts

@@ -1,46 +0,0 @@
-/**
- * Admin comment inbox
- *
- * GET /_dineway/api/admin/comments - List comments (filterable by status, collection, search)
- */
-
-import type { APIRoute } from "astro";
-
-import { requirePerm } from "#api/authorize.js";
-import { handleError, requireDb, unwrapResult } from "#api/error.js";
-import { handleCommentInbox } from "#api/handlers/comments.js";
-import { isParseError, parseQuery } from "#api/parse.js";
-import { commentListQuery } from "#api/schemas.js";
-import type { CommentStatus } from "#db/repositories/comment.js";
-
-export const prerender = false;
-
-/**
- * List comments for moderation inbox
- */
-export const GET: APIRoute = async ({ url, locals }) => {
-	const { dineway, user } = locals;
-
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-
-	const denied = requirePerm(user, "comments:moderate");
-	if (denied) return denied;
-
-	try {
-		const query = parseQuery(url, commentListQuery);
-		if (isParseError(query)) return query;
-
-		const result = await handleCommentInbox(dineway.db, {
-			status: query.status as CommentStatus | undefined,
-			collection: query.collection,
-			search: query.search,
-			limit: query.limit,
-			cursor: query.cursor,
-		});
-
-		return unwrapResult(result);
-	} catch (error) {
-		return handleError(error, "Failed to list comments", "COMMENT_INBOX_ERROR");
-	}
-};

package/src/astro/routes/api/admin/context/[id]/history.ts

@@ -1,35 +0,0 @@
-/**
- * Admin context supersede history
- *
- * GET /_dineway/api/admin/context/:id/history - Get a context entry supersede chain
- */
-
-import type { APIRoute } from "astro";
-
-import { requirePerm } from "#api/authorize.js";
-import { apiError, handleError, requireDb, unwrapResult } from "#api/error.js";
-import { handleContextEntryHistory } from "#api/handlers/context.js";
-
-export const prerender = false;
-
-export const GET: APIRoute = async ({ params, locals }) => {
-	const { dineway, user } = locals;
-	const { id } = params;
-
-	if (!id) {
-		return apiError("VALIDATION_ERROR", "Context entry ID required", 400);
-	}
-
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-
-	const denied = requirePerm(user, "settings:read");
-	if (denied) return denied;
-
-	try {
-		const result = await handleContextEntryHistory(dineway.db, id);
-		return unwrapResult(result);
-	} catch (error) {
-		return handleError(error, "Failed to load context history", "CONTEXT_HISTORY_ERROR");
-	}
-};

package/src/astro/routes/api/admin/context/[id]/index.ts

@@ -1,35 +0,0 @@
-/**
- * Admin context entry detail
- *
- * GET /_dineway/api/admin/context/:id - Get a context entry
- */
-
-import type { APIRoute } from "astro";
-
-import { requirePerm } from "#api/authorize.js";
-import { apiError, handleError, requireDb, unwrapResult } from "#api/error.js";
-import { handleContextEntryGet } from "#api/handlers/context.js";
-
-export const prerender = false;
-
-export const GET: APIRoute = async ({ params, locals }) => {
-	const { dineway, user } = locals;
-	const { id } = params;
-
-	if (!id) {
-		return apiError("VALIDATION_ERROR", "Context entry ID required", 400);
-	}
-
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-
-	const denied = requirePerm(user, "settings:read");
-	if (denied) return denied;
-
-	try {
-		const result = await handleContextEntryGet(dineway.db, id);
-		return unwrapResult(result);
-	} catch (error) {
-		return handleError(error, "Failed to get context entry", "CONTEXT_GET_ERROR");
-	}
-};

package/src/astro/routes/api/admin/context/[id]/review.ts

@@ -1,57 +0,0 @@
-/**
- * Admin context review
- *
- * POST /_dineway/api/admin/context/:id/review - Mark a context entry reviewed
- */
-
-import type { APIRoute } from "astro";
-
-import { requirePerm } from "#api/authorize.js";
-import { logContextRouteActivity, resolveContextRouteActor } from "#api/context-route-helpers.js";
-import { apiError, handleError, requireDb, unwrapResult } from "#api/error.js";
-import { handleContextEntryReview } from "#api/handlers/context.js";
-import { isParseError, parseBody } from "#api/parse.js";
-import { contextEntryReviewBody } from "#api/schemas.js";
-
-export const prerender = false;
-
-export const POST: APIRoute = async ({ params, request, locals }) => {
-	const { dineway, user } = locals;
-	const { id } = params;
-
-	if (!id) {
-		return apiError("VALIDATION_ERROR", "Context entry ID required", 400);
-	}
-
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-
-	const denied = requirePerm(user, "content:edit_any");
-	if (denied) return denied;
-
-	try {
-		const body = await parseBody(request, contextEntryReviewBody);
-		if (isParseError(body)) return body;
-
-		const result = await handleContextEntryReview(
-			dineway.db,
-			id,
-			body,
-			resolveContextRouteActor(locals),
-		);
-		if (!result.success) return unwrapResult(result);
-
-		await logContextRouteActivity(dineway.db, locals, {
-			actionType: "context.reviewed",
-			entry: result.data.item,
-			summary: `Reviewed context entry ${result.data.item.title}`,
-			detail: {
-				validUntil: result.data.item.validUntil,
-			},
-		});
-
-		return unwrapResult(result);
-	} catch (error) {
-		return handleError(error, "Failed to review context entry", "CONTEXT_REVIEW_ERROR");
-	}
-};

package/src/astro/routes/api/admin/context/[id]/supersede.ts

@@ -1,58 +0,0 @@
-/**
- * Admin context supersede
- *
- * POST /_dineway/api/admin/context/:id/supersede - Replace a context entry
- */
-
-import type { APIRoute } from "astro";
-
-import { requirePerm } from "#api/authorize.js";
-import { logContextRouteActivity, resolveContextRouteActor } from "#api/context-route-helpers.js";
-import { apiError, handleError, requireDb, unwrapResult } from "#api/error.js";
-import { handleContextEntrySupersede } from "#api/handlers/context.js";
-import { isParseError, parseBody } from "#api/parse.js";
-import { contextEntrySupersedeBody } from "#api/schemas.js";
-
-export const prerender = false;
-
-export const POST: APIRoute = async ({ params, request, locals }) => {
-	const { dineway, user } = locals;
-	const { id } = params;
-
-	if (!id) {
-		return apiError("VALIDATION_ERROR", "Context entry ID required", 400);
-	}
-
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-
-	const denied = requirePerm(user, "content:edit_any");
-	if (denied) return denied;
-
-	try {
-		const body = await parseBody(request, contextEntrySupersedeBody);
-		if (isParseError(body)) return body;
-
-		const result = await handleContextEntrySupersede(
-			dineway.db,
-			id,
-			body,
-			resolveContextRouteActor(locals),
-		);
-		if (!result.success) return unwrapResult(result);
-
-		await logContextRouteActivity(dineway.db, locals, {
-			actionType: "context.superseded",
-			entry: result.data.item,
-			summary: `Superseded context entry ${id}`,
-			detail: {
-				supersedesId: id,
-				replacementId: result.data.item.id,
-			},
-		});
-
-		return unwrapResult(result);
-	} catch (error) {
-		return handleError(error, "Failed to supersede context entry", "CONTEXT_SUPERSEDE_ERROR");
-	}
-};

package/src/astro/routes/api/admin/context/diff.ts

@@ -1,35 +0,0 @@
-/**
- * Admin context diff
- *
- * GET /_dineway/api/admin/context/diff - Diff context entries since a timestamp
- */
-
-import type { APIRoute } from "astro";
-
-import { requirePerm } from "#api/authorize.js";
-import { handleError, requireDb, unwrapResult } from "#api/error.js";
-import { handleContextEntryDiff } from "#api/handlers/context.js";
-import { isParseError, parseQuery } from "#api/parse.js";
-import { contextEntryDiffQuery } from "#api/schemas.js";
-
-export const prerender = false;
-
-export const GET: APIRoute = async ({ url, locals }) => {
-	const { dineway, user } = locals;
-
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-
-	const denied = requirePerm(user, "settings:read");
-	if (denied) return denied;
-
-	try {
-		const query = parseQuery(url, contextEntryDiffQuery);
-		if (isParseError(query)) return query;
-
-		const result = await handleContextEntryDiff(dineway.db, query);
-		return unwrapResult(result);
-	} catch (error) {
-		return handleError(error, "Failed to diff context entries", "CONTEXT_DIFF_ERROR");
-	}
-};

package/src/astro/routes/api/admin/context/index.ts

@@ -1,69 +0,0 @@
-/**
- * Admin context entry browser
- *
- * GET /_dineway/api/admin/context - List/search context entries
- * POST /_dineway/api/admin/context - Add a context entry
- */
-
-import type { APIRoute } from "astro";
-
-import { requirePerm } from "#api/authorize.js";
-import { logContextRouteActivity, resolveContextRouteActor } from "#api/context-route-helpers.js";
-import { handleError, requireDb, unwrapResult } from "#api/error.js";
-import { handleContextEntryCreate, handleContextEntryList } from "#api/handlers/context.js";
-import { isParseError, parseBody, parseQuery } from "#api/parse.js";
-import { contextEntryCreateBody, contextEntryListQuery } from "#api/schemas.js";
-
-export const prerender = false;
-
-export const GET: APIRoute = async ({ url, locals }) => {
-	const { dineway, user } = locals;
-
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-
-	const denied = requirePerm(user, "settings:read");
-	if (denied) return denied;
-
-	try {
-		const query = parseQuery(url, contextEntryListQuery);
-		if (isParseError(query)) return query;
-
-		const result = await handleContextEntryList(dineway.db, query);
-		return unwrapResult(result);
-	} catch (error) {
-		return handleError(error, "Failed to list context entries", "CONTEXT_LIST_ERROR");
-	}
-};
-
-export const POST: APIRoute = async ({ request, locals }) => {
-	const { dineway, user } = locals;
-
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-
-	const denied = requirePerm(user, "content:edit_any");
-	if (denied) return denied;
-
-	try {
-		const body = await parseBody(request, contextEntryCreateBody);
-		if (isParseError(body)) return body;
-
-		const result = await handleContextEntryCreate(
-			dineway.db,
-			body,
-			resolveContextRouteActor(locals),
-		);
-		if (!result.success) return unwrapResult(result);
-
-		await logContextRouteActivity(dineway.db, locals, {
-			actionType: "context.added",
-			entry: result.data.item,
-			summary: `Added ${result.data.item.contextType} context: ${result.data.item.title}`,
-		});
-
-		return unwrapResult(result, 201);
-	} catch (error) {
-		return handleError(error, "Failed to create context entry", "CONTEXT_CREATE_ERROR");
-	}
-};

package/src/astro/routes/api/admin/context/stale.ts

@@ -1,35 +0,0 @@
-/**
- * Admin stale context entries
- *
- * GET /_dineway/api/admin/context/stale - List current entries past valid_until
- */
-
-import type { APIRoute } from "astro";
-
-import { requirePerm } from "#api/authorize.js";
-import { handleError, requireDb, unwrapResult } from "#api/error.js";
-import { handleContextEntryStale } from "#api/handlers/context.js";
-import { isParseError, parseQuery } from "#api/parse.js";
-import { contextEntryStaleQuery } from "#api/schemas.js";
-
-export const prerender = false;
-
-export const GET: APIRoute = async ({ url, locals }) => {
-	const { dineway, user } = locals;
-
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-
-	const denied = requirePerm(user, "settings:read");
-	if (denied) return denied;
-
-	try {
-		const query = parseQuery(url, contextEntryStaleQuery);
-		if (isParseError(query)) return query;
-
-		const result = await handleContextEntryStale(dineway.db, query);
-		return unwrapResult(result);
-	} catch (error) {
-		return handleError(error, "Failed to list stale context entries", "CONTEXT_STALE_ERROR");
-	}
-};

package/src/astro/routes/api/admin/hitl-requests/[id]/index.ts

@@ -1,38 +0,0 @@
-/**
- * Admin HITL request detail
- *
- * GET /_dineway/api/admin/hitl-requests/:id - Get a generic HITL request
- */
-
-import { Role } from "@dineway-ai/auth";
-import type { APIRoute } from "astro";
-
-import { apiError, handleError, requireDb, unwrapResult } from "#api/error.js";
-import { handleHitlRequestGet } from "#api/handlers/hitl-requests.js";
-import { resolveHitlRouteActor } from "#api/hitl-route-helpers.js";
-
-export const prerender = false;
-
-export const GET: APIRoute = async ({ params, locals }) => {
-	const { dineway, user } = locals;
-	const { id } = params;
-
-	if (!id) {
-		return apiError("VALIDATION_ERROR", "HITL request ID required", 400);
-	}
-
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-
-	if (!user || user.role < Role.ADMIN) {
-		return apiError("FORBIDDEN", "Admin privileges required", 403);
-	}
-
-	try {
-		const actor = resolveHitlRouteActor(locals);
-		const result = await handleHitlRequestGet(dineway.db, id, actor.access);
-		return unwrapResult(result);
-	} catch (error) {
-		return handleError(error, "Failed to fetch HITL request", "WORKFLOW_HITL_GET_ERROR");
-	}
-};