emdash 0.0.1 → 0.0.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "emdash",
-  "version": "0.0.1",
+  "version": "0.0.3",
   "description": "Astro-native CMS with WordPress migration support",
   "type": "module",
   "main": "dist/index.mjs",
@@ -179,8 +179,8 @@
     "upng-js": "^2.1.0",
     "zod": "^4.3.5",
     "@emdash-cms/gutenberg-to-portable-text": "0.0.1",
-    "@emdash-cms/auth": "0.0.1",
-    "@emdash-cms/admin": "0.0.1"
+    "@emdash-cms/admin": "0.0.2",
+    "@emdash-cms/auth": "0.0.1"
   },
   "optionalDependencies": {
     "@libsql/kysely-libsql": "^0.4.0",
@@ -212,10 +212,10 @@
   },
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/cloudflare/emdash.git",
+    "url": "git+https://github.com/emdash-cms/emdash.git",
     "directory": "packages/core"
   },
-  "homepage": "https://github.com/cloudflare/emdash",
+  "homepage": "https://github.com/emdash-cms/emdash",
   "keywords": [
     "astro",
     "cms",

package/src/api/handlers/device-flow.ts

@@ -664,10 +664,7 @@ export async function handleTokenRevoke(
 
 		if (row.token_type === "refresh") {
 			// Revoke refresh token and all its access tokens
-			await db
-				.deleteFrom("_emdash_oauth_tokens")
-				.where("refresh_token_hash", "=", hash)
-				.execute();
+			await db.deleteFrom("_emdash_oauth_tokens").where("refresh_token_hash", "=", hash).execute();
 			await db.deleteFrom("_emdash_oauth_tokens").where("token_hash", "=", hash).execute();
 		} else {
 			// Revoke just the access token

package/src/api/handlers/oauth-clients.ts

@@ -236,11 +236,7 @@ export async function handleOAuthClientUpdate(
 			updates.scopes = input.scopes ? JSON.stringify(input.scopes) : "";
 		}
 
-		await db
-			.updateTable("_emdash_oauth_clients")
-			.set(updates)
-			.where("id", "=", clientId)
-			.execute();
+		await db.updateTable("_emdash_oauth_clients").set(updates).where("id", "=", clientId).execute();
 
 		// Fetch the updated row
 		const updated = await db

package/src/astro/integration/index.ts

@@ -42,7 +42,7 @@ const cyan = (s: string) => `\x1b[36m${s}\x1b[39m`;
 function printBanner(_logger: AstroIntegrationLogger): void {
 	const banner = `
 
-  ${bold(cyan("E C L I P T I C"))}
+  ${bold(cyan("— E M D A S H —"))}
    `;
 	console.log(banner);
 }

package/src/astro/integration/vite-config.ts

@@ -269,6 +269,13 @@ export function createViteConfig(
 					// Vite discovers them one-by-one on first request, causing workerd
 					// to enter "worker cancelled" state on cold cache.
 					optimizeDeps: {
+						// Exclude EmDash virtual modules from esbuild's dependency
+						// scan. These are resolved by the Vite plugin at transform time,
+						// but esbuild encounters them when crawling emdash's dist files
+						// during pre-bundling and can't resolve them. Vite's exclude
+						// uses prefix matching (id.startsWith(m + "/")), so
+						// "virtual:emdash" matches all "virtual:emdash/*" imports.
+						exclude: ["virtual:emdash"],
 						include: [
 							// EmDash direct deps
 							"emdash > @portabletext/toolkit",
@@ -322,7 +329,7 @@ export function createViteConfig(
 			include: useSource
 				? ["@astrojs/react/client.js"]
 				: ["@emdash-cms/admin", "@astrojs/react/client.js"],
-			exclude: cloudflare ? [] : NODE_NATIVE_EXTERNALS,
+			exclude: cloudflare ? ["virtual:emdash"] : [...NODE_NATIVE_EXTERNALS, "virtual:emdash"],
 		},
 	};
 }

package/src/astro/middleware.ts

@@ -54,6 +54,16 @@ let runtimeInitializing = false;
 /** Whether i18n config has been initialized from the virtual module */
 let i18nInitialized = false;
 
+/**
+ * Whether we've verified the database has been set up.
+ * On a fresh deployment the first request may hit a public page, bypassing
+ * runtime init. Without this check, template helpers like getSiteSettings()
+ * would query an empty database and crash. Once verified (or once the runtime
+ * has initialized via an admin/API request), this stays true for the worker's
+ * lifetime.
+ */
+let setupVerified = false;
+
 /**
  * Get EmDash configuration from virtual module
  */
@@ -190,6 +200,28 @@ export const onRequest = defineMiddleware(async (context, next) => {
 	if (!isEmDashRoute && !isPublicRuntimeRoute && !hasEditCookie && !hasPreviewToken) {
 		const sessionUser = await context.session?.get("user");
 		if (!sessionUser && !playgroundDb) {
+			// On a fresh deployment the database may be completely empty.
+			// Public pages call getSiteSettings() / getMenu() via getDb(), which
+			// bypasses runtime init and would crash with "no such table: options".
+			// Do a one-time lightweight probe using the same getDb() instance the
+			// page will use: if the migrations table doesn't exist, no migrations
+			// have ever run -- redirect to the setup wizard.
+			if (!setupVerified) {
+				try {
+					const { getDb } = await import("../loader.js");
+					const db = await getDb();
+					await db
+						.selectFrom("_emdash_migrations" as keyof Database)
+						.selectAll()
+						.limit(1)
+						.execute();
+					setupVerified = true;
+				} catch {
+					// Table doesn't exist -> fresh database, redirect to setup
+					return context.redirect("/_emdash/admin/setup");
+				}
+			}
+
 			const response = await next();
 			setBaselineSecurityHeaders(response);
 			return response;
@@ -210,6 +242,9 @@ export const onRequest = defineMiddleware(async (context, next) => {
 			// Get or create runtime
 			const runtime = await getRuntime(config);
 
+			// Runtime init runs migrations, so the DB is guaranteed set up
+			setupVerified = true;
+
 			// Get manifest (cached after first call)
 			const manifest = await runtime.getManifest();
 

package/src/astro/routes/api/admin/comments/[id]/status.ts

@@ -95,11 +95,7 @@ export const PUT: APIRoute = async ({ params, request, locals }) => {
 		if (newStatus === "approved" && previousStatus !== "approved" && emdash.email) {
 			try {
 				const adminBaseUrl = await getSiteBaseUrl(emdash.db, request);
-				const content = await lookupContentAuthor(
-					emdash.db,
-					updated.collection,
-					updated.contentId,
-				);
+				const content = await lookupContentAuthor(emdash.db, updated.collection, updated.contentId);
 				if (content?.author) {
 					await sendCommentNotification({
 						email: emdash.email,

package/src/astro/routes/api/auth/passkey/register/verify.ts

@@ -71,9 +71,7 @@ export const POST: APIRoute = async ({ request, locals }) => {
 		// Get passkey name - prefer body.name, then check stored pending name
 		let passKeyName: string | undefined = body.name ?? undefined;
 		if (!passKeyName) {
-			const pending = await optionsRepo.get<{ name?: string }>(
-				`emdash:passkey_pending:${user.id}`,
-			);
+			const pending = await optionsRepo.get<{ name?: string }>(`emdash:passkey_pending:${user.id}`);
 			if (pending?.name) {
 				passKeyName = pending.name;
 			}

package/src/astro/routes/api/content/[collection]/[id]/schedule.ts

@@ -59,11 +59,7 @@ export const POST: APIRoute = async ({ params, request, locals, cache }) => {
 	const denied = requireOwnerPerm(user, authorId, "content:publish_own", "content:publish_any");
 	if (denied) return denied;
 
-	const result = await emdash.handleContentSchedule(
-		collection,
-		resolvedId ?? id,
-		body.scheduledAt,
-	);
+	const result = await emdash.handleContentSchedule(collection, resolvedId ?? id, body.scheduledAt);
 
 	if (!result.success) return unwrapResult(result);
 

package/src/astro/routes/api/import/wordpress/analyze.ts

@@ -8,8 +8,8 @@
  */
 
 import type { APIRoute } from "astro";
-import mime from "mime/lite";
 import { parseWxrString, SchemaRegistry, type WxrData } from "emdash";
+import mime from "mime/lite";
 
 import { requirePerm } from "#api/authorize.js";
 import { apiError, apiSuccess, handleError } from "#api/error.js";

package/src/astro/routes/api/import/wordpress/media.ts

@@ -11,8 +11,8 @@
 import * as path from "node:path";
 
 import type { APIRoute } from "astro";
-import mime from "mime/lite";
 import { MediaRepository, computeContentHash } from "emdash";
+import mime from "mime/lite";
 import { ulid } from "ulidx";
 
 import { requirePerm } from "#api/authorize.js";

package/src/astro/routes/api/revisions/[revisionId]/restore.ts

@@ -15,11 +15,7 @@ export const POST: APIRoute = async ({ params, locals }) => {
 	const { emdash, user } = locals;
 	const revisionId = params.revisionId!;
 
-	if (
-		!emdash?.handleRevisionRestore ||
-		!emdash?.handleRevisionGet ||
-		!emdash?.handleContentGet
-	) {
+	if (!emdash?.handleRevisionRestore || !emdash?.handleRevisionGet || !emdash?.handleContentGet) {
 		return apiError("NOT_CONFIGURED", "EmDash not configured", 500);
 	}
 

package/src/astro/routes/api/widget-areas/[name]/reorder.ts

@@ -57,11 +57,7 @@ export const POST: APIRoute = async ({ params, request, locals }) => {
 		// Update sort_order for each widget
 		await Promise.all(
 			body.widgetIds.map((id, index) =>
-				db
-					.updateTable("_emdash_widgets")
-					.set({ sort_order: index })
-					.where("id", "=", id)
-					.execute(),
+				db.updateTable("_emdash_widgets").set({ sort_order: index }).where("id", "=", id).execute(),
 			),
 		);
 

package/src/cli/commands/publish.ts

@@ -418,9 +418,7 @@ export const publishCommand = defineCommand({
 					process.exit(1);
 				}
 			} catch {
-				consola.error(
-					"No dist/ directory found. Run `emdash plugin bundle` first or use --build.",
-				);
+				consola.error("No dist/ directory found. Run `emdash plugin bundle` first or use --build.");
 				process.exit(1);
 			}
 		}

package/src/cli/commands/seed.ts

@@ -135,9 +135,7 @@ export const seedCommand = defineCommand({
 		const seedPath = await resolveSeedPath(cwd, args.path);
 		if (!seedPath) {
 			consola.error("No seed file found");
-			consola.info(
-				"Provide a path, create .emdash/seed.json, or set emdash.seed in package.json",
-			);
+			consola.info("Provide a path, create .emdash/seed.json, or set emdash.seed in package.json");
 			process.exit(1);
 		}
 

package/src/database/migrations/001_initial.ts

@@ -14,6 +14,7 @@ export async function up(db: Kysely<unknown>): Promise<void> {
 	// References entries in ec_* tables by collection + entry_id
 	await db.schema
 		.createTable("revisions")
+		.ifNotExists()
 		.addColumn("id", "text", (col) => col.primaryKey())
 		.addColumn("collection", "text", (col) => col.notNull()) // e.g., 'posts'
 		.addColumn("entry_id", "text", (col) => col.notNull()) // ID in the ec_* table
@@ -24,6 +25,7 @@ export async function up(db: Kysely<unknown>): Promise<void> {
 
 	await db.schema
 		.createIndex("idx_revisions_entry")
+		.ifNotExists()
 		.on("revisions")
 		.columns(["collection", "entry_id"])
 		.execute();
@@ -31,6 +33,7 @@ export async function up(db: Kysely<unknown>): Promise<void> {
 	// Taxonomies
 	await db.schema
 		.createTable("taxonomies")
+		.ifNotExists()
 		.addColumn("id", "text", (col) => col.primaryKey())
 		.addColumn("name", "text", (col) => col.notNull())
 		.addColumn("slug", "text", (col) => col.notNull())
@@ -43,11 +46,17 @@ export async function up(db: Kysely<unknown>): Promise<void> {
 		)
 		.execute();
 
-	await db.schema.createIndex("idx_taxonomies_name").on("taxonomies").column("name").execute();
+	await db.schema
+		.createIndex("idx_taxonomies_name")
+		.ifNotExists()
+		.on("taxonomies")
+		.column("name")
+		.execute();
 
 	// Content-Taxonomy junction - references entries in ec_* tables
 	await db.schema
 		.createTable("content_taxonomies")
+		.ifNotExists()
 		.addColumn("collection", "text", (col) => col.notNull()) // e.g., 'posts'
 		.addColumn("entry_id", "text", (col) => col.notNull()) // ID in the ec_* table
 		.addColumn("taxonomy_id", "text", (col) => col.notNull())
@@ -64,6 +73,7 @@ export async function up(db: Kysely<unknown>): Promise<void> {
 	// Media
 	await db.schema
 		.createTable("media")
+		.ifNotExists()
 		.addColumn("id", "text", (col) => col.primaryKey())
 		.addColumn("filename", "text", (col) => col.notNull())
 		.addColumn("mime_type", "text", (col) => col.notNull())
@@ -80,6 +90,7 @@ export async function up(db: Kysely<unknown>): Promise<void> {
 
 	await db.schema
 		.createIndex("idx_media_content_hash")
+		.ifNotExists()
 		.on("media")
 		.column("content_hash")
 		.execute();
@@ -87,6 +98,7 @@ export async function up(db: Kysely<unknown>): Promise<void> {
 	// Users
 	await db.schema
 		.createTable("users")
+		.ifNotExists()
 		.addColumn("id", "text", (col) => col.primaryKey())
 		.addColumn("email", "text", (col) => col.notNull().unique())
 		.addColumn("password_hash", "text", (col) => col.notNull())
@@ -97,11 +109,17 @@ export async function up(db: Kysely<unknown>): Promise<void> {
 		.addColumn("created_at", "text", (col) => col.defaultTo(currentTimestamp(db)))
 		.execute();
 
-	await db.schema.createIndex("idx_users_email").on("users").column("email").execute();
+	await db.schema
+		.createIndex("idx_users_email")
+		.ifNotExists()
+		.on("users")
+		.column("email")
+		.execute();
 
 	// Options (key-value store)
 	await db.schema
 		.createTable("options")
+		.ifNotExists()
 		.addColumn("name", "text", (col) => col.primaryKey())
 		.addColumn("value", "text", (col) => col.notNull())
 		.execute();
@@ -109,6 +127,7 @@ export async function up(db: Kysely<unknown>): Promise<void> {
 	// Audit logs (security events)
 	await db.schema
 		.createTable("audit_logs")
+		.ifNotExists()
 		.addColumn("id", "text", (col) => col.primaryKey())
 		.addColumn("timestamp", "text", (col) => col.defaultTo(currentTimestamp(db)))
 		.addColumn("actor_id", "text")
@@ -120,9 +139,24 @@ export async function up(db: Kysely<unknown>): Promise<void> {
 		.addColumn("status", "text")
 		.execute();
 
-	await db.schema.createIndex("idx_audit_actor").on("audit_logs").column("actor_id").execute();
-	await db.schema.createIndex("idx_audit_action").on("audit_logs").column("action").execute();
-	await db.schema.createIndex("idx_audit_timestamp").on("audit_logs").column("timestamp").execute();
+	await db.schema
+		.createIndex("idx_audit_actor")
+		.ifNotExists()
+		.on("audit_logs")
+		.column("actor_id")
+		.execute();
+	await db.schema
+		.createIndex("idx_audit_action")
+		.ifNotExists()
+		.on("audit_logs")
+		.column("action")
+		.execute();
+	await db.schema
+		.createIndex("idx_audit_timestamp")
+		.ifNotExists()
+		.on("audit_logs")
+		.column("timestamp")
+		.execute();
 }
 
 export async function down(db: Kysely<unknown>): Promise<void> {

package/src/database/migrations/032_rate_limits.ts

@@ -27,10 +27,7 @@ export async function up(db: Kysely<unknown>): Promise<void> {
 		.execute();
 
 	// ── Device code polling tracking ─────────────────────────────────
-	await db.schema
-		.alterTable("_emdash_device_codes")
-		.addColumn("last_polled_at", "text")
-		.execute();
+	await db.schema.alterTable("_emdash_device_codes").addColumn("last_polled_at", "text").execute();
 }
 
 export async function down(db: Kysely<unknown>): Promise<void> {

package/src/mcp/server.ts

@@ -9,10 +9,10 @@
  * The handlers instance is passed per-request via authInfo on the transport.
  */
 
-import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
 import type { Permission, RoleLevel } from "@emdash-cms/auth";
 import { canActOnOwn, Role } from "@emdash-cms/auth";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { McpError, ErrorCode } from "@modelcontextprotocol/sdk/types.js";
 import { z } from "zod";
 
 import type { EmDashHandlers } from "../astro/types.js";

package/src/storage/local.ts

@@ -103,11 +103,7 @@ export class LocalStorage implements Storage {
 				size: buffer.length,
 			};
 		} catch (error) {
-			throw new EmDashStorageError(
-				`Failed to upload file: ${options.key}`,
-				"UPLOAD_FAILED",
-				error,
-			);
+			throw new EmDashStorageError(`Failed to upload file: ${options.key}`, "UPLOAD_FAILED", error);
 		}
 	}
 

package/src/storage/s3.ts

@@ -97,11 +97,7 @@ export class S3Storage implements Storage {
 				size: body.length,
 			};
 		} catch (error) {
-			throw new EmDashStorageError(
-				`Failed to upload file: ${options.key}`,
-				"UPLOAD_FAILED",
-				error,
-			);
+			throw new EmDashStorageError(`Failed to upload file: ${options.key}`, "UPLOAD_FAILED", error);
 		}
 	}
 
@@ -166,11 +162,7 @@ export class S3Storage implements Storage {
 			if (hasErrorName(error) && error.name === "NotFound") {
 				return false;
 			}
-			throw new EmDashStorageError(
-				`Failed to check file existence: ${key}`,
-				"HEAD_FAILED",
-				error,
-			);
+			throw new EmDashStorageError(`Failed to check file existence: ${key}`, "HEAD_FAILED", error);
 		}
 	}