emdash 0.0.0-a → 0.0.1

package/dist/tokens-DpgrkrXK.mjs

@@ -0,0 +1,171 @@
+import { i as encodeBase64url, n as decodeBase64url } from "./base64-MBPo9ozB.mjs";
+
+//#region src/preview/tokens.ts
+/**
+* Preview token generation and verification
+*
+* Tokens are compact, URL-safe, and HMAC-signed.
+* Format: base64url(JSON payload).base64url(HMAC signature)
+*
+* Payload: { cid: contentId, exp: expiryTimestamp, iat: issuedAt }
+*/
+const DURATION_PATTERN = /^(\d+)([smhdw])$/;
+/**
+* Parse duration string to seconds
+* Supports: "1h", "30m", "1d", "2w", or raw seconds
+*/
+function parseDuration(duration) {
+	if (typeof duration === "number") return duration;
+	const match = duration.match(DURATION_PATTERN);
+	if (!match) throw new Error(`Invalid duration format: "${duration}". Use "1h", "30m", "1d", "2w", or seconds.`);
+	const value = parseInt(match[1], 10);
+	const unit = match[2];
+	switch (unit) {
+		case "s": return value;
+		case "m": return value * 60;
+		case "h": return value * 60 * 60;
+		case "d": return value * 60 * 60 * 24;
+		case "w": return value * 60 * 60 * 24 * 7;
+		default: throw new Error(`Unknown duration unit: ${unit}`);
+	}
+}
+/**
+* Create HMAC-SHA256 signature using Web Crypto API
+*/
+async function createSignature(data, secret) {
+	const encoder = new TextEncoder();
+	const key = await crypto.subtle.importKey("raw", encoder.encode(secret), {
+		name: "HMAC",
+		hash: "SHA-256"
+	}, false, ["sign"]);
+	const signature = await crypto.subtle.sign("HMAC", key, encoder.encode(data));
+	return new Uint8Array(signature);
+}
+/**
+* Verify HMAC-SHA256 signature
+*/
+async function verifySignature(data, signature, secret) {
+	const encoder = new TextEncoder();
+	const key = await crypto.subtle.importKey("raw", encoder.encode(secret), {
+		name: "HMAC",
+		hash: "SHA-256"
+	}, false, ["verify"]);
+	const sigBuffer = new ArrayBuffer(signature.byteLength);
+	new Uint8Array(sigBuffer).set(signature);
+	return crypto.subtle.verify("HMAC", key, sigBuffer, encoder.encode(data));
+}
+/**
+* Generate a preview token for content
+*
+* @example
+* ```ts
+* const token = await generatePreviewToken({
+*   contentId: "posts:abc123",
+*   expiresIn: "1h",
+*   secret: process.env.PREVIEW_SECRET!,
+* });
+* ```
+*/
+async function generatePreviewToken(options) {
+	const { contentId, expiresIn = "1h", secret } = options;
+	if (!secret) throw new Error("Preview secret is required");
+	if (!contentId || !contentId.includes(":")) throw new Error("Content ID must be in format \"collection:id\"");
+	const now = Math.floor(Date.now() / 1e3);
+	const payload = {
+		cid: contentId,
+		exp: now + parseDuration(expiresIn),
+		iat: now
+	};
+	const payloadJson = JSON.stringify(payload);
+	const encodedPayload = encodeBase64url(new TextEncoder().encode(payloadJson));
+	return `${encodedPayload}.${encodeBase64url(await createSignature(encodedPayload, secret))}`;
+}
+/**
+* Verify a preview token and return the payload
+*
+* @example
+* ```ts
+* // With URL (extracts _preview query param)
+* const result = await verifyPreviewToken({
+*   url: Astro.url,
+*   secret: import.meta.env.PREVIEW_SECRET,
+* });
+*
+* // With token directly
+* const result = await verifyPreviewToken({
+*   token: someToken,
+*   secret: import.meta.env.PREVIEW_SECRET,
+* });
+*
+* if (result.valid) {
+*   console.log(result.payload.cid); // "posts:abc123"
+* }
+* ```
+*/
+async function verifyPreviewToken(options) {
+	const { secret } = options;
+	if (!secret) throw new Error("Preview secret is required");
+	const token = "url" in options ? options.url.searchParams.get("_preview") : options.token;
+	if (!token) return {
+		valid: false,
+		error: "none"
+	};
+	const parts = token.split(".");
+	if (parts.length !== 2) return {
+		valid: false,
+		error: "malformed"
+	};
+	const [encodedPayload, encodedSignature] = parts;
+	let signature;
+	try {
+		signature = decodeBase64url(encodedSignature);
+	} catch {
+		return {
+			valid: false,
+			error: "malformed"
+		};
+	}
+	if (!await verifySignature(encodedPayload, signature, secret)) return {
+		valid: false,
+		error: "invalid"
+	};
+	let payload;
+	try {
+		const payloadBytes = decodeBase64url(encodedPayload);
+		const payloadJson = new TextDecoder().decode(payloadBytes);
+		payload = JSON.parse(payloadJson);
+	} catch {
+		return {
+			valid: false,
+			error: "malformed"
+		};
+	}
+	if (typeof payload.cid !== "string" || typeof payload.exp !== "number" || typeof payload.iat !== "number") return {
+		valid: false,
+		error: "malformed"
+	};
+	const now = Math.floor(Date.now() / 1e3);
+	if (payload.exp < now) return {
+		valid: false,
+		error: "expired"
+	};
+	return {
+		valid: true,
+		payload
+	};
+}
+/**
+* Parse a content ID into collection and id
+*/
+function parseContentId(contentId) {
+	const colonIndex = contentId.indexOf(":");
+	if (colonIndex === -1) throw new Error("Content ID must be in format \"collection:id\"");
+	return {
+		collection: contentId.slice(0, colonIndex),
+		id: contentId.slice(colonIndex + 1)
+	};
+}
+
+//#endregion
+export { parseContentId as n, verifyPreviewToken as r, generatePreviewToken as t };
+//# sourceMappingURL=tokens-DpgrkrXK.mjs.map

package/dist/tokens-DpgrkrXK.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokens-DpgrkrXK.mjs","names":[],"sources":["../src/preview/tokens.ts"],"sourcesContent":["/**\n * Preview token generation and verification\n *\n * Tokens are compact, URL-safe, and HMAC-signed.\n * Format: base64url(JSON payload).base64url(HMAC signature)\n *\n * Payload: { cid: contentId, exp: expiryTimestamp, iat: issuedAt }\n */\n\nimport { encodeBase64url, decodeBase64url } from \"../utils/base64.js\";\n\n// Regex pattern for duration parsing\nconst DURATION_PATTERN = /^(\\d+)([smhdw])$/;\n\n/**\n * Preview token payload\n */\nexport interface PreviewTokenPayload {\n\t/** Content ID in format \"collection:id\" (e.g., \"posts:abc123\") */\n\tcid: string;\n\t/** Expiry timestamp (seconds since epoch) */\n\texp: number;\n\t/** Issued at timestamp (seconds since epoch) */\n\tiat: number;\n}\n\n/**\n * Options for generating a preview token\n */\nexport interface GeneratePreviewTokenOptions {\n\t/** Content ID in format \"collection:id\" */\n\tcontentId: string;\n\t/** How long the token is valid. Accepts \"1h\", \"30m\", \"1d\", or seconds as number. Default: \"1h\" */\n\texpiresIn?: string | number;\n\t/** Secret key for signing. Should be from environment variable. */\n\tsecret: string;\n}\n\n/**\n * Parse duration string to seconds\n * Supports: \"1h\", \"30m\", \"1d\", \"2w\", or raw seconds\n */\nfunction parseDuration(duration: string | number): number {\n\tif (typeof duration === \"number\") {\n\t\treturn duration;\n\t}\n\n\tconst match = duration.match(DURATION_PATTERN);\n\tif (!match) {\n\t\tthrow new Error(\n\t\t\t`Invalid duration format: \"${duration}\". Use \"1h\", \"30m\", \"1d\", \"2w\", or seconds.`,\n\t\t);\n\t}\n\n\tconst value = parseInt(match[1], 10);\n\tconst unit = match[2];\n\n\tswitch (unit) {\n\t\tcase \"s\":\n\t\t\treturn value;\n\t\tcase \"m\":\n\t\t\treturn value * 60;\n\t\tcase \"h\":\n\t\t\treturn value * 60 * 60;\n\t\tcase \"d\":\n\t\t\treturn value * 60 * 60 * 24;\n\t\tcase \"w\":\n\t\t\treturn value * 60 * 60 * 24 * 7;\n\t\tdefault:\n\t\t\tthrow new Error(`Unknown duration unit: ${unit}`);\n\t}\n}\n\n/**\n * Create HMAC-SHA256 signature using Web Crypto API\n */\nasync function createSignature(data: string, secret: string): Promise<Uint8Array> {\n\tconst encoder = new TextEncoder();\n\tconst key = await crypto.subtle.importKey(\n\t\t\"raw\",\n\t\tencoder.encode(secret),\n\t\t{ name: \"HMAC\", hash: \"SHA-256\" },\n\t\tfalse,\n\t\t[\"sign\"],\n\t);\n\tconst signature = await crypto.subtle.sign(\"HMAC\", key, encoder.encode(data));\n\treturn new Uint8Array(signature);\n}\n\n/**\n * Verify HMAC-SHA256 signature\n */\nasync function verifySignature(\n\tdata: string,\n\tsignature: Uint8Array,\n\tsecret: string,\n): Promise<boolean> {\n\tconst encoder = new TextEncoder();\n\tconst key = await crypto.subtle.importKey(\n\t\t\"raw\",\n\t\tencoder.encode(secret),\n\t\t{ name: \"HMAC\", hash: \"SHA-256\" },\n\t\tfalse,\n\t\t[\"verify\"],\n\t);\n\t// Create a new ArrayBuffer from the signature to satisfy BufferSource typing\n\t// (Uint8Array.buffer is ArrayBufferLike which includes SharedArrayBuffer)\n\tconst sigBuffer: ArrayBuffer = new ArrayBuffer(signature.byteLength);\n\tnew Uint8Array(sigBuffer).set(signature);\n\treturn crypto.subtle.verify(\"HMAC\", key, sigBuffer, encoder.encode(data));\n}\n\n/**\n * Generate a preview token for content\n *\n * @example\n * ```ts\n * const token = await generatePreviewToken({\n *   contentId: \"posts:abc123\",\n *   expiresIn: \"1h\",\n *   secret: process.env.PREVIEW_SECRET!,\n * });\n * ```\n */\nexport async function generatePreviewToken(options: GeneratePreviewTokenOptions): Promise<string> {\n\tconst { contentId, expiresIn = \"1h\", secret } = options;\n\n\tif (!secret) {\n\t\tthrow new Error(\"Preview secret is required\");\n\t}\n\n\tif (!contentId || !contentId.includes(\":\")) {\n\t\tthrow new Error('Content ID must be in format \"collection:id\"');\n\t}\n\n\tconst now = Math.floor(Date.now() / 1000);\n\tconst duration = parseDuration(expiresIn);\n\n\tconst payload: PreviewTokenPayload = {\n\t\tcid: contentId,\n\t\texp: now + duration,\n\t\tiat: now,\n\t};\n\n\t// Encode payload\n\tconst payloadJson = JSON.stringify(payload);\n\tconst encodedPayload = encodeBase64url(new TextEncoder().encode(payloadJson));\n\n\t// Sign it\n\tconst signature = await createSignature(encodedPayload, secret);\n\tconst encodedSignature = encodeBase64url(signature);\n\n\treturn `${encodedPayload}.${encodedSignature}`;\n}\n\n/**\n * Result of verifying a preview token\n */\nexport type VerifyPreviewTokenResult =\n\t| { valid: true; payload: PreviewTokenPayload }\n\t| { valid: false; error: \"invalid\" | \"expired\" | \"malformed\" | \"none\" };\n\n/**\n * Options for verifyPreviewToken\n */\nexport type VerifyPreviewTokenOptions = {\n\t/** Secret key for verifying tokens */\n\tsecret: string;\n} & (\n\t| { /** URL to extract _preview token from */ url: URL }\n\t| {\n\t\t\t/** Preview token string (can be null) */ token: string | null | undefined;\n\t  }\n);\n\n/**\n * Verify a preview token and return the payload\n *\n * @example\n * ```ts\n * // With URL (extracts _preview query param)\n * const result = await verifyPreviewToken({\n *   url: Astro.url,\n *   secret: import.meta.env.PREVIEW_SECRET,\n * });\n *\n * // With token directly\n * const result = await verifyPreviewToken({\n *   token: someToken,\n *   secret: import.meta.env.PREVIEW_SECRET,\n * });\n *\n * if (result.valid) {\n *   console.log(result.payload.cid); // \"posts:abc123\"\n * }\n * ```\n */\nexport async function verifyPreviewToken(\n\toptions: VerifyPreviewTokenOptions,\n): Promise<VerifyPreviewTokenResult> {\n\tconst { secret } = options;\n\n\tif (!secret) {\n\t\tthrow new Error(\"Preview secret is required\");\n\t}\n\n\t// Extract token from URL or use provided token\n\tconst token = \"url\" in options ? options.url.searchParams.get(\"_preview\") : options.token;\n\n\t// Handle null/undefined token\n\tif (!token) {\n\t\treturn { valid: false, error: \"none\" };\n\t}\n\n\t// Split token into payload and signature\n\tconst parts = token.split(\".\");\n\tif (parts.length !== 2) {\n\t\treturn { valid: false, error: \"malformed\" };\n\t}\n\n\tconst [encodedPayload, encodedSignature] = parts;\n\n\t// Verify signature\n\tlet signature: Uint8Array;\n\ttry {\n\t\tsignature = decodeBase64url(encodedSignature);\n\t} catch {\n\t\treturn { valid: false, error: \"malformed\" };\n\t}\n\n\tconst isValid = await verifySignature(encodedPayload, signature, secret);\n\tif (!isValid) {\n\t\treturn { valid: false, error: \"invalid\" };\n\t}\n\n\t// Decode and parse payload\n\tlet payload: PreviewTokenPayload;\n\ttry {\n\t\tconst payloadBytes = decodeBase64url(encodedPayload);\n\t\tconst payloadJson = new TextDecoder().decode(payloadBytes);\n\t\tpayload = JSON.parse(payloadJson);\n\t} catch {\n\t\treturn { valid: false, error: \"malformed\" };\n\t}\n\n\t// Check required fields\n\tif (\n\t\ttypeof payload.cid !== \"string\" ||\n\t\ttypeof payload.exp !== \"number\" ||\n\t\ttypeof payload.iat !== \"number\"\n\t) {\n\t\treturn { valid: false, error: \"malformed\" };\n\t}\n\n\t// Check expiry\n\tconst now = Math.floor(Date.now() / 1000);\n\tif (payload.exp < now) {\n\t\treturn { valid: false, error: \"expired\" };\n\t}\n\n\treturn { valid: true, payload };\n}\n\n/**\n * Parse a content ID into collection and id\n */\nexport function parseContentId(contentId: string): {\n\tcollection: string;\n\tid: string;\n} {\n\tconst colonIndex = contentId.indexOf(\":\");\n\tif (colonIndex === -1) {\n\t\tthrow new Error('Content ID must be in format \"collection:id\"');\n\t}\n\treturn {\n\t\tcollection: contentId.slice(0, colonIndex),\n\t\tid: contentId.slice(colonIndex + 1),\n\t};\n}\n"],"mappings":";;;;;;;;;;;AAYA,MAAM,mBAAmB;;;;;AA8BzB,SAAS,cAAc,UAAmC;AACzD,KAAI,OAAO,aAAa,SACvB,QAAO;CAGR,MAAM,QAAQ,SAAS,MAAM,iBAAiB;AAC9C,KAAI,CAAC,MACJ,OAAM,IAAI,MACT,6BAA6B,SAAS,6CACtC;CAGF,MAAM,QAAQ,SAAS,MAAM,IAAI,GAAG;CACpC,MAAM,OAAO,MAAM;AAEnB,SAAQ,MAAR;EACC,KAAK,IACJ,QAAO;EACR,KAAK,IACJ,QAAO,QAAQ;EAChB,KAAK,IACJ,QAAO,QAAQ,KAAK;EACrB,KAAK,IACJ,QAAO,QAAQ,KAAK,KAAK;EAC1B,KAAK,IACJ,QAAO,QAAQ,KAAK,KAAK,KAAK;EAC/B,QACC,OAAM,IAAI,MAAM,0BAA0B,OAAO;;;;;;AAOpD,eAAe,gBAAgB,MAAc,QAAqC;CACjF,MAAM,UAAU,IAAI,aAAa;CACjC,MAAM,MAAM,MAAM,OAAO,OAAO,UAC/B,OACA,QAAQ,OAAO,OAAO,EACtB;EAAE,MAAM;EAAQ,MAAM;EAAW,EACjC,OACA,CAAC,OAAO,CACR;CACD,MAAM,YAAY,MAAM,OAAO,OAAO,KAAK,QAAQ,KAAK,QAAQ,OAAO,KAAK,CAAC;AAC7E,QAAO,IAAI,WAAW,UAAU;;;;;AAMjC,eAAe,gBACd,MACA,WACA,QACmB;CACnB,MAAM,UAAU,IAAI,aAAa;CACjC,MAAM,MAAM,MAAM,OAAO,OAAO,UAC/B,OACA,QAAQ,OAAO,OAAO,EACtB;EAAE,MAAM;EAAQ,MAAM;EAAW,EACjC,OACA,CAAC,SAAS,CACV;CAGD,MAAM,YAAyB,IAAI,YAAY,UAAU,WAAW;AACpE,KAAI,WAAW,UAAU,CAAC,IAAI,UAAU;AACxC,QAAO,OAAO,OAAO,OAAO,QAAQ,KAAK,WAAW,QAAQ,OAAO,KAAK,CAAC;;;;;;;;;;;;;;AAe1E,eAAsB,qBAAqB,SAAuD;CACjG,MAAM,EAAE,WAAW,YAAY,MAAM,WAAW;AAEhD,KAAI,CAAC,OACJ,OAAM,IAAI,MAAM,6BAA6B;AAG9C,KAAI,CAAC,aAAa,CAAC,UAAU,SAAS,IAAI,CACzC,OAAM,IAAI,MAAM,iDAA+C;CAGhE,MAAM,MAAM,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK;CAGzC,MAAM,UAA+B;EACpC,KAAK;EACL,KAAK,MAJW,cAAc,UAAU;EAKxC,KAAK;EACL;CAGD,MAAM,cAAc,KAAK,UAAU,QAAQ;CAC3C,MAAM,iBAAiB,gBAAgB,IAAI,aAAa,CAAC,OAAO,YAAY,CAAC;AAM7E,QAAO,GAAG,eAAe,GAFA,gBADP,MAAM,gBAAgB,gBAAgB,OAAO,CACZ;;;;;;;;;;;;;;;;;;;;;;;;AA+CpD,eAAsB,mBACrB,SACoC;CACpC,MAAM,EAAE,WAAW;AAEnB,KAAI,CAAC,OACJ,OAAM,IAAI,MAAM,6BAA6B;CAI9C,MAAM,QAAQ,SAAS,UAAU,QAAQ,IAAI,aAAa,IAAI,WAAW,GAAG,QAAQ;AAGpF,KAAI,CAAC,MACJ,QAAO;EAAE,OAAO;EAAO,OAAO;EAAQ;CAIvC,MAAM,QAAQ,MAAM,MAAM,IAAI;AAC9B,KAAI,MAAM,WAAW,EACpB,QAAO;EAAE,OAAO;EAAO,OAAO;EAAa;CAG5C,MAAM,CAAC,gBAAgB,oBAAoB;CAG3C,IAAI;AACJ,KAAI;AACH,cAAY,gBAAgB,iBAAiB;SACtC;AACP,SAAO;GAAE,OAAO;GAAO,OAAO;GAAa;;AAI5C,KAAI,CADY,MAAM,gBAAgB,gBAAgB,WAAW,OAAO,CAEvE,QAAO;EAAE,OAAO;EAAO,OAAO;EAAW;CAI1C,IAAI;AACJ,KAAI;EACH,MAAM,eAAe,gBAAgB,eAAe;EACpD,MAAM,cAAc,IAAI,aAAa,CAAC,OAAO,aAAa;AAC1D,YAAU,KAAK,MAAM,YAAY;SAC1B;AACP,SAAO;GAAE,OAAO;GAAO,OAAO;GAAa;;AAI5C,KACC,OAAO,QAAQ,QAAQ,YACvB,OAAO,QAAQ,QAAQ,YACvB,OAAO,QAAQ,QAAQ,SAEvB,QAAO;EAAE,OAAO;EAAO,OAAO;EAAa;CAI5C,MAAM,MAAM,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK;AACzC,KAAI,QAAQ,MAAM,IACjB,QAAO;EAAE,OAAO;EAAO,OAAO;EAAW;AAG1C,QAAO;EAAE,OAAO;EAAM;EAAS;;;;;AAMhC,SAAgB,eAAe,WAG7B;CACD,MAAM,aAAa,UAAU,QAAQ,IAAI;AACzC,KAAI,eAAe,GAClB,OAAM,IAAI,MAAM,iDAA+C;AAEhE,QAAO;EACN,YAAY,UAAU,MAAM,GAAG,WAAW;EAC1C,IAAI,UAAU,MAAM,aAAa,EAAE;EACnC"}

package/dist/transport-BFGblqwG.d.mts

@@ -0,0 +1,42 @@
+//#region src/client/transport.d.ts
+/**
+ * Transport layer for the EmDash client.
+ *
+ * Implements a composable interceptor pipeline that modifies requests
+ * and responses. The client calls `transport.fetch(request)` — everything
+ * else (auth, CSRF, retry) is handled by interceptors.
+ */
+/**
+ * An interceptor can modify the request, call next(), inspect
+ * the response, and optionally retry.
+ */
+type Interceptor = (request: Request, next: (request: Request) => Promise<Response>) => Promise<Response>;
+interface TransportOptions {
+  interceptors?: Interceptor[];
+}
+/**
+ * Creates a fetch function that runs requests through an interceptor pipeline.
+ */
+declare function createTransport(options?: TransportOptions): {
+  fetch: (request: Request) => Promise<Response>;
+};
+/**
+ * Adds X-EmDash-Request: 1 and Origin headers to mutation requests
+ * (POST, PUT, DELETE). The custom header satisfies EmDash's CSRF check;
+ * the Origin header satisfies Astro's built-in origin verification which
+ * rejects server-side POST requests that lack a matching Origin.
+ */
+declare function csrfInterceptor(): Interceptor;
+/**
+ * Adds Authorization: Bearer header from a static token.
+ */
+declare function tokenInterceptor(token: string): Interceptor;
+/**
+ * Dev bypass interceptor. Calls the dev-bypass endpoint on first request
+ * to establish a session, then forwards the session cookie on subsequent
+ * requests.
+ */
+declare function devBypassInterceptor(baseUrl: string): Interceptor;
+//#endregion
+export { tokenInterceptor as a, devBypassInterceptor as i, createTransport as n, csrfInterceptor as r, Interceptor as t };
+//# sourceMappingURL=transport-BFGblqwG.d.mts.map

package/dist/transport-BFGblqwG.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"transport-BFGblqwG.d.mts","names":[],"sources":["../src/client/transport.ts"],"mappings":";;AAeA;;;;;;;;;;KAAY,WAAA,IACX,OAAA,EAAS,OAAA,EACT,IAAA,GAAO,OAAA,EAAS,OAAA,KAAY,OAAA,CAAQ,QAAA,MAChC,OAAA,CAAQ,QAAA;AAAA,UAEI,gBAAA;EAChB,YAAA,GAAe,WAAA;AAAA;;;;iBAUA,eAAA,CAAgB,OAAA,GAAS,gBAAA;EACxC,KAAA,GAAQ,OAAA,EAAS,OAAA,KAAY,OAAA,CAAQ,QAAA;AAAA;;;AAZtC;;;;iBAqCgB,eAAA,CAAA,GAAmB,WAAA;AA1BnC;;;AAAA,iBA8CgB,gBAAA,CAAiB,KAAA,WAAgB,WAAA;;;;;;iBAajC,oBAAA,CAAqB,OAAA,WAAkB,WAAA"}

package/dist/transport-yxiQsi8I.mjs

@@ -0,0 +1,418 @@
+//#region src/client/portable-text.ts
+/**
+* Convert Portable Text blocks to Markdown.
+* Unknown block types are serialized as opaque fences.
+*/
+function portableTextToMarkdown(blocks) {
+	const lines = [];
+	let prevWasList = false;
+	for (let i = 0; i < blocks.length; i++) {
+		const block = blocks[i];
+		if (block._type === "block") {
+			const isList = !!block.listItem;
+			if (i > 0 && (!isList || !prevWasList)) lines.push("");
+			lines.push(renderStandardBlock(block));
+			prevWasList = isList;
+		} else if (block._type === "code") {
+			if (i > 0) lines.push("");
+			const lang = block.language || "";
+			const code = block.code || "";
+			lines.push("```" + lang);
+			lines.push(code);
+			lines.push("```");
+			prevWasList = false;
+		} else if (block._type === "image") {
+			if (i > 0) lines.push("");
+			const alt = block.alt || "";
+			const url = block.asset?.url || "";
+			lines.push(`![${alt}](${url})`);
+			prevWasList = false;
+		} else {
+			if (i > 0) lines.push("");
+			lines.push(`<!--ec:block ${JSON.stringify(block)} -->`);
+			prevWasList = false;
+		}
+	}
+	return lines.join("\n") + "\n";
+}
+function renderStandardBlock(block) {
+	const text = renderSpans(block.children ?? [], block.markDefs ?? []);
+	if (block.listItem) return `${"  ".repeat(Math.max(0, (block.level ?? 1) - 1))}${block.listItem === "number" ? "1." : "-"} ${text}`;
+	if (block.style && block.style.startsWith("h")) {
+		const level = parseInt(block.style.substring(1), 10);
+		if (level >= 1 && level <= 6) return `${"#".repeat(level)} ${text}`;
+	}
+	if (block.style === "blockquote") return `> ${text}`;
+	return text;
+}
+function renderSpans(spans, markDefs) {
+	let result = "";
+	for (const span of spans) {
+		if (span._type !== "span") continue;
+		let text = span.text ?? "";
+		const marks = span.marks ?? [];
+		for (const mark of marks) {
+			const def = markDefs.find((d) => d._key === mark);
+			if (def) {
+				if (def._type === "link") text = `[${text}](${def.href ?? ""})`;
+			} else switch (mark) {
+				case "strong":
+					text = `**${text}**`;
+					break;
+				case "em":
+					text = `_${text}_`;
+					break;
+				case "code":
+					text = `\`${text}\``;
+					break;
+				case "strike-through":
+				case "strikethrough":
+					text = `~~${text}~~`;
+					break;
+			}
+		}
+		result += text;
+	}
+	return result;
+}
+const OPAQUE_FENCE_PATTERN = /^<!--ec:block (.+) -->$/;
+const HEADING_PATTERN = /^(#{1,6})\s+(.+)$/;
+const UNORDERED_LIST_PATTERN = /^(\s*)[-*+]\s+(.+)$/;
+const ORDERED_LIST_PATTERN = /^(\s*)\d+\.\s+(.+)$/;
+const IMAGE_PATTERN = /^!\[([^\]]*)\]\(([^)]+)\)$/;
+const INLINE_MARKDOWN_PATTERN = /(\*\*(.+?)\*\*)|(_(.+?)_)|(`(.+?)`)|(\[(.+?)\]\((.+?)\))|(~~(.+?)~~)/g;
+/**
+* Convert Markdown to Portable Text blocks.
+* Opaque fences (<!--ec:block ... -->) are deserialized and spliced back in.
+*/
+function markdownToPortableText(markdown) {
+	const blocks = [];
+	const lines = markdown.split("\n");
+	let i = 0;
+	while (i < lines.length) {
+		const line = lines[i];
+		const opaqueMatch = line.match(OPAQUE_FENCE_PATTERN);
+		if (opaqueMatch) {
+			try {
+				blocks.push(JSON.parse(opaqueMatch[1]));
+			} catch {
+				blocks.push(makeBlock(line));
+			}
+			i++;
+			continue;
+		}
+		if (line.startsWith("```")) {
+			const lang = line.slice(3).trim();
+			const codeLines = [];
+			i++;
+			while (i < lines.length && !lines[i].startsWith("```")) {
+				codeLines.push(lines[i]);
+				i++;
+			}
+			blocks.push({
+				_type: "code",
+				_key: generateKey(),
+				language: lang || void 0,
+				code: codeLines.join("\n")
+			});
+			i++;
+			continue;
+		}
+		if (line.trim() === "") {
+			i++;
+			continue;
+		}
+		const headingMatch = line.match(HEADING_PATTERN);
+		if (headingMatch) {
+			blocks.push(makeBlock(headingMatch[2], `h${headingMatch[1].length}`));
+			i++;
+			continue;
+		}
+		if (line.startsWith("> ")) {
+			blocks.push(makeBlock(line.slice(2), "blockquote"));
+			i++;
+			continue;
+		}
+		const ulMatch = line.match(UNORDERED_LIST_PATTERN);
+		if (ulMatch) {
+			const level = Math.floor(ulMatch[1].length / 2) + 1;
+			blocks.push(makeListBlock(ulMatch[2], "bullet", level));
+			i++;
+			continue;
+		}
+		const olMatch = line.match(ORDERED_LIST_PATTERN);
+		if (olMatch) {
+			const level = Math.floor(olMatch[1].length / 2) + 1;
+			blocks.push(makeListBlock(olMatch[2], "number", level));
+			i++;
+			continue;
+		}
+		const imgMatch = line.match(IMAGE_PATTERN);
+		if (imgMatch) {
+			blocks.push({
+				_type: "image",
+				_key: generateKey(),
+				alt: imgMatch[1],
+				asset: { url: imgMatch[2] }
+			});
+			i++;
+			continue;
+		}
+		blocks.push(makeBlock(line));
+		i++;
+	}
+	return blocks;
+}
+function makeBlock(text, style = "normal") {
+	const { spans, markDefs } = parseInline(text);
+	return {
+		_type: "block",
+		_key: generateKey(),
+		style,
+		markDefs,
+		children: spans
+	};
+}
+function makeListBlock(text, listItem, level) {
+	const { spans, markDefs } = parseInline(text);
+	return {
+		_type: "block",
+		_key: generateKey(),
+		style: "normal",
+		listItem,
+		level,
+		markDefs,
+		children: spans
+	};
+}
+/**
+* Parse inline markdown (bold, italic, code, links, strikethrough) into PT spans + markDefs.
+*/
+function parseInline(text) {
+	const spans = [];
+	const markDefs = [];
+	const regex = INLINE_MARKDOWN_PATTERN;
+	let lastIndex = 0;
+	let match;
+	while ((match = regex.exec(text)) !== null) {
+		if (match.index > lastIndex) spans.push({
+			_type: "span",
+			_key: generateKey(),
+			text: text.slice(lastIndex, match.index),
+			marks: []
+		});
+		if (match[2] != null) spans.push({
+			_type: "span",
+			_key: generateKey(),
+			text: match[2],
+			marks: ["strong"]
+		});
+		else if (match[4] != null) spans.push({
+			_type: "span",
+			_key: generateKey(),
+			text: match[4],
+			marks: ["em"]
+		});
+		else if (match[6] != null) spans.push({
+			_type: "span",
+			_key: generateKey(),
+			text: match[6],
+			marks: ["code"]
+		});
+		else if (match[8] != null && match[9] != null) {
+			const key = generateKey();
+			markDefs.push({
+				_key: key,
+				_type: "link",
+				href: match[9]
+			});
+			spans.push({
+				_type: "span",
+				_key: generateKey(),
+				text: match[8],
+				marks: [key]
+			});
+		} else if (match[11] != null) spans.push({
+			_type: "span",
+			_key: generateKey(),
+			text: match[11],
+			marks: ["strike-through"]
+		});
+		lastIndex = match.index + match[0].length;
+	}
+	if (lastIndex < text.length) spans.push({
+		_type: "span",
+		_key: generateKey(),
+		text: text.slice(lastIndex),
+		marks: []
+	});
+	if (spans.length === 0) spans.push({
+		_type: "span",
+		_key: generateKey(),
+		text,
+		marks: []
+	});
+	return {
+		spans,
+		markDefs
+	};
+}
+let keyCounter = 0;
+function generateKey() {
+	return `k${(keyCounter++).toString(36)}`;
+}
+/**
+* Convert content data for reading: PT fields -> markdown strings.
+* Only converts fields with type "portableText" that contain arrays.
+*/
+function convertDataForRead(data, fields, raw = false) {
+	if (raw) return data;
+	const result = { ...data };
+	for (const field of fields) if (field.type === "portableText" && Array.isArray(result[field.slug])) result[field.slug] = portableTextToMarkdown(result[field.slug]);
+	return result;
+}
+/**
+* Convert content data for writing: markdown strings -> PT arrays.
+* Only converts fields with type "portableText" that contain strings.
+*/
+function convertDataForWrite(data, fields) {
+	const result = { ...data };
+	for (const field of fields) if (field.type === "portableText" && typeof result[field.slug] === "string") result[field.slug] = markdownToPortableText(result[field.slug]);
+	return result;
+}
+
+//#endregion
+//#region src/client/transport.ts
+/**
+* Transport layer for the EmDash client.
+*
+* Implements a composable interceptor pipeline that modifies requests
+* and responses. The client calls `transport.fetch(request)` — everything
+* else (auth, CSRF, retry) is handled by interceptors.
+*/
+const COOKIE_NAME_VALUE_PATTERN = /^([^;]+)/;
+function baseFetch(request) {
+	return globalThis.fetch(request);
+}
+/**
+* Creates a fetch function that runs requests through an interceptor pipeline.
+*/
+function createTransport(options = {}) {
+	const interceptors = options.interceptors ?? [];
+	let chain = baseFetch;
+	for (let i = interceptors.length - 1; i >= 0; i--) {
+		const interceptor = interceptors[i];
+		const next = chain;
+		chain = (req) => interceptor(req, next);
+	}
+	return { fetch: chain };
+}
+/**
+* Adds X-EmDash-Request: 1 and Origin headers to mutation requests
+* (POST, PUT, DELETE). The custom header satisfies EmDash's CSRF check;
+* the Origin header satisfies Astro's built-in origin verification which
+* rejects server-side POST requests that lack a matching Origin.
+*/
+function csrfInterceptor() {
+	const MUTATION_METHODS = new Set([
+		"POST",
+		"PUT",
+		"DELETE",
+		"PATCH"
+	]);
+	return (request, next) => {
+		if (MUTATION_METHODS.has(request.method)) {
+			const headers = new Headers(request.headers);
+			headers.set("X-EmDash-Request", "1");
+			if (!headers.has("Origin")) {
+				const url = new URL(request.url);
+				headers.set("Origin", url.origin);
+			}
+			return next(new Request(request, { headers }));
+		}
+		return next(request);
+	};
+}
+/**
+* Adds Authorization: Bearer header from a static token.
+*/
+function tokenInterceptor(token) {
+	return (request, next) => {
+		const headers = new Headers(request.headers);
+		headers.set("Authorization", `Bearer ${token}`);
+		return next(new Request(request, { headers }));
+	};
+}
+/**
+* Dev bypass interceptor. Calls the dev-bypass endpoint on first request
+* to establish a session, then forwards the session cookie on subsequent
+* requests.
+*/
+function devBypassInterceptor(baseUrl) {
+	let sessionCookie = null;
+	let initializing = null;
+	async function init() {
+		const bypassUrl = new URL("/_emdash/api/auth/dev-bypass", baseUrl);
+		const res = await globalThis.fetch(bypassUrl, { redirect: "manual" });
+		const setCookie = res.headers.get("set-cookie");
+		if (setCookie) {
+			const match = setCookie.match(COOKIE_NAME_VALUE_PATTERN);
+			if (match) sessionCookie = match[1];
+		}
+		if (res.body) await res.text().catch(() => {});
+	}
+	return async (request, next) => {
+		if (!sessionCookie) {
+			if (!initializing) initializing = init();
+			await initializing;
+		}
+		if (sessionCookie) {
+			const headers = new Headers(request.headers);
+			const existing = headers.get("cookie");
+			headers.set("cookie", existing ? `${existing}; ${sessionCookie}` : sessionCookie);
+			return next(new Request(request, { headers }));
+		}
+		return next(request);
+	};
+}
+/**
+* Auto-refreshes expired OAuth tokens on 401 responses.
+* Requires a refresh token and the token endpoint URL.
+*/
+function refreshInterceptor(options) {
+	let refreshing = null;
+	async function refresh() {
+		const res = await globalThis.fetch(options.tokenEndpoint, {
+			method: "POST",
+			headers: { "Content-Type": "application/json" },
+			body: JSON.stringify({
+				grant_type: "refresh_token",
+				refresh_token: options.refreshToken
+			})
+		});
+		if (!res.ok) return null;
+		const data = await res.json();
+		const expiresAt = data.expires_in ? new Date(Date.now() + data.expires_in * 1e3).toISOString() : new Date(Date.now() + 36e5).toISOString();
+		if (options.onTokenRefreshed) options.onTokenRefreshed(data.access_token, data.refresh_token ?? options.refreshToken, expiresAt);
+		return data.access_token;
+	}
+	return async (request, next) => {
+		const response = await next(request);
+		if (response.status === 401) {
+			if (!refreshing) refreshing = refresh().finally(() => {
+				refreshing = null;
+			});
+			const newToken = await refreshing;
+			if (newToken) {
+				const headers = new Headers(request.headers);
+				headers.set("Authorization", `Bearer ${newToken}`);
+				return next(new Request(request, { headers }));
+			}
+		}
+		return response;
+	};
+}
+
+//#endregion
+export { tokenInterceptor as a, markdownToPortableText as c, refreshInterceptor as i, portableTextToMarkdown as l, csrfInterceptor as n, convertDataForRead as o, devBypassInterceptor as r, convertDataForWrite as s, createTransport as t };
+//# sourceMappingURL=transport-yxiQsi8I.mjs.map