emdash 0.4.0 → 0.6.0

package/src/api/schemas/media.ts

@@ -21,21 +21,32 @@ export const mediaUpdateBody = z
 	})
 	.meta({ id: "MediaUpdateBody" });
 
-/** Maximum allowed file upload size (50 MB). */
-const MAX_UPLOAD_SIZE = 50 * 1024 * 1024;
-
-export const mediaUploadUrlBody = z
-	.object({
-		filename: z.string().min(1, "filename is required"),
-		contentType: z.string().min(1, "contentType is required"),
-		size: z
-			.number()
-			.int()
-			.positive()
-			.max(MAX_UPLOAD_SIZE, `File size must not exceed ${MAX_UPLOAD_SIZE / 1024 / 1024}MB`),
-		contentHash: z.string().optional(),
-	})
-	.meta({ id: "MediaUploadUrlBody" });
+/** Default maximum allowed file upload size (50 MB). */
+export const DEFAULT_MAX_UPLOAD_SIZE = 50 * 1024 * 1024;
+
+export function formatFileSize(bytes: number): string {
+	if (bytes < 1024) return `${bytes}B`;
+	if (bytes < 1024 * 1024) return `${Math.floor(bytes / 1024)}KB`;
+	return `${Math.floor(bytes / 1024 / 1024)}MB`;
+}
+
+export function mediaUploadUrlBody(maxSize: number) {
+	if (!Number.isFinite(maxSize) || maxSize <= 0) {
+		throw new Error(`EmDash: maxUploadSize must be a positive finite number, got ${maxSize}`);
+	}
+	return z
+		.object({
+			filename: z.string().min(1, "filename is required"),
+			contentType: z.string().min(1, "contentType is required"),
+			size: z
+				.number()
+				.int()
+				.positive()
+				.max(maxSize, `File size must not exceed ${formatFileSize(maxSize)}`),
+			contentHash: z.string().optional(),
+		})
+		.meta({ id: "MediaUploadUrlBody" });
+}
 
 export const mediaConfirmBody = z
 	.object({

package/src/api/schemas/schema.ts

@@ -13,6 +13,7 @@ const collectionSourcePattern = /^(template:.+|import:.+|manual|discovered|seed)
 const fieldTypeValues = z.enum([
 	"string",
 	"text",
+	"url",
 	"number",
 	"integer",
 	"boolean",

package/src/astro/integration/font-provider.ts

@@ -0,0 +1,176 @@
+/**
+ * EmDash Noto Sans font provider
+ *
+ * A custom Astro font provider that wraps Google Fonts to resolve
+ * multiple Noto Sans families (Latin, Arabic, JP, etc.) under a
+ * single logical font entry. This lets all @font-face blocks share
+ * the same font-family name, so the browser picks the right file
+ * per character via unicode-range.
+ *
+ * Without this, registering "Noto Sans" and "Noto Sans Arabic" as
+ * separate font entries on the same cssVariable triggers an Astro
+ * warning and the last entry overwrites the first.
+ */
+
+import { fontProviders } from "astro/config";
+
+/**
+ * All subset names used by Google Fonts CSS responses.
+ * Passed when resolving extra script families so the unifont
+ * provider doesn't filter out any faces.
+ */
+const ALL_GOOGLE_SUBSETS = [
+	"arabic",
+	"armenian",
+	"bengali",
+	"chinese-simplified",
+	"chinese-traditional",
+	"chinese-hongkong",
+	"cyrillic",
+	"cyrillic-ext",
+	"devanagari",
+	"ethiopic",
+	"georgian",
+	"greek",
+	"greek-ext",
+	"gujarati",
+	"gurmukhi",
+	"hebrew",
+	"japanese",
+	"kannada",
+	"khmer",
+	"korean",
+	"lao",
+	"latin",
+	"latin-ext",
+	"malayalam",
+	"math",
+	"myanmar",
+	"oriya",
+	"sinhala",
+	"symbols",
+	"tamil",
+	"telugu",
+	"thai",
+	"tibetan",
+	"vietnamese",
+];
+
+/**
+ * Known Noto Sans script families on Google Fonts.
+ * Maps user-friendly script names to Google Fonts family names.
+ */
+const NOTO_SCRIPT_FAMILIES: Record<string, string> = {
+	arabic: "Noto Sans Arabic",
+	armenian: "Noto Sans Armenian",
+	bengali: "Noto Sans Bengali",
+	"chinese-simplified": "Noto Sans SC",
+	"chinese-traditional": "Noto Sans TC",
+	"chinese-hongkong": "Noto Sans HK",
+	devanagari: "Noto Sans Devanagari",
+	ethiopic: "Noto Sans Ethiopic",
+	georgian: "Noto Sans Georgian",
+	gujarati: "Noto Sans Gujarati",
+	gurmukhi: "Noto Sans Gurmukhi",
+	hebrew: "Noto Sans Hebrew",
+	japanese: "Noto Sans JP",
+	kannada: "Noto Sans Kannada",
+	khmer: "Noto Sans Khmer",
+	korean: "Noto Sans KR",
+	lao: "Noto Sans Lao",
+	malayalam: "Noto Sans Malayalam",
+	myanmar: "Noto Sans Myanmar",
+	oriya: "Noto Sans Oriya",
+	sinhala: "Noto Sans Sinhala",
+	tamil: "Noto Sans Tamil",
+	telugu: "Noto Sans Telugu",
+	thai: "Noto Sans Thai",
+	tibetan: "Noto Sans Tibetan",
+};
+
+export interface NotoSansProviderOptions {
+	/**
+	 * Additional Noto Sans script families to include.
+	 * Use script names like "arabic", "japanese", "chinese-simplified".
+	 *
+	 * @see {@link NOTO_SCRIPT_FAMILIES} for the full list of supported scripts.
+	 */
+	scripts?: string[];
+}
+
+// Use ReturnType to get the provider type without importing it directly.
+// The Astro FontProvider type is not part of the public API surface.
+type GoogleProvider = ReturnType<typeof fontProviders.google>;
+
+/**
+ * Create a font provider that resolves Noto Sans plus additional
+ * script-specific Noto families from Google Fonts, all under one
+ * font-family name.
+ */
+export function notoSans(options?: NotoSansProviderOptions): GoogleProvider {
+	// Create a single Google provider instance to share initialization
+	const googleProvider = fontProviders.google();
+
+	return {
+		name: "emdash-noto",
+		async init(context) {
+			await googleProvider.init?.(context);
+		},
+		async resolveFont(resolveFontOptions) {
+			// Resolve the base Noto Sans (Latin, Cyrillic, Greek, etc.)
+			const base = await googleProvider.resolveFont(resolveFontOptions);
+			const baseFonts = base?.fonts ?? [];
+
+			if (!options?.scripts?.length) {
+				return base;
+			}
+
+			// Collect subset names already covered by the base font so we
+			// can filter out duplicate faces from extra script families.
+			// e.g. Noto Sans Arabic includes latin/latin-ext faces that
+			// would otherwise override the base Noto Sans latin faces.
+			const baseSubsets = new Set(baseFonts.map((f) => f.meta?.subset).filter(Boolean));
+
+			// Resolve additional script families
+			const extraFonts = await Promise.all(
+				options.scripts.map(async (script) => {
+					const family = NOTO_SCRIPT_FAMILIES[script];
+					if (!family) {
+						// Silently skip subset names that are already covered
+						// by the base Noto Sans font (latin, cyrillic, etc.)
+						if (ALL_GOOGLE_SUBSETS.includes(script)) {
+							return undefined;
+						}
+						console.warn(
+							`[emdash] Unknown Noto Sans script "${script}". ` +
+								`Available: ${Object.keys(NOTO_SCRIPT_FAMILIES).join(", ")}`,
+						);
+						return undefined;
+					}
+					return googleProvider.resolveFont({
+						...resolveFontOptions,
+						familyName: family,
+						// Pass all known subset names so the unifont provider
+						// doesn't filter out any faces. Each script family
+						// only returns faces for its own subsets anyway.
+						subsets: ALL_GOOGLE_SUBSETS,
+					});
+				}),
+			);
+
+			// Merge, dropping faces from extra fonts that duplicate base subsets
+			const extraFaces = extraFonts.flatMap((r) =>
+				(r?.fonts ?? []).filter((f) => !f.meta?.subset || !baseSubsets.has(f.meta.subset)),
+			);
+
+			return {
+				fonts: [...baseFonts, ...extraFaces],
+			};
+		},
+	};
+}
+
+/** Get the list of available Noto Sans script names */
+export function getAvailableNotoScripts(): string[] {
+	return Object.keys(NOTO_SCRIPT_FAMILIES);
+}

package/src/astro/integration/index.ts

@@ -14,6 +14,7 @@ import type { AstroIntegration, AstroIntegrationLogger } from "astro";
 
 import type { ResolvedPlugin } from "../../plugins/types.js";
 import { local } from "../storage/adapters.js";
+import { notoSans } from "./font-provider.js";
 import { injectCoreRoutes, injectBuiltinAuthRoutes, injectMcpRoute } from "./routes.js";
 import type { EmDashConfig, PluginDescriptor } from "./runtime.js";
 import { createViteConfig } from "./vite-config.js";
@@ -158,6 +159,7 @@ export function emdash(config: EmDashConfig = {}): AstroIntegration {
 		auth: resolvedConfig.auth,
 		marketplace: resolvedConfig.marketplace,
 		siteUrl: resolvedConfig.siteUrl,
+		maxUploadSize: resolvedConfig.maxUploadSize,
 	};
 
 	// Determine auth mode for route injection
@@ -207,8 +209,48 @@ export function emdash(config: EmDashConfig = {}): AstroIntegration {
 						? { allowedDomains: [{ hostname: new URL(resolvedConfig.siteUrl).hostname }] }
 						: {}),
 				};
+
+				// Inject default Noto Sans font for the admin UI.
+				// Uses the Astro Font API so fonts are downloaded at build time
+				// and self-hosted (no runtime CDN requests).
+				//
+				// The admin CSS references var(--font-emdash) with a system font
+				// fallback. Users can add extra script coverage (Arabic, CJK, etc.)
+				// by passing fonts.scripts in the emdash() config. The custom
+				// notoSans provider resolves all script families from Google Fonts
+				// under a single font-family name, so they stack via unicode-range.
+				const fontsConfig = resolvedConfig.fonts;
+				const emdashFonts =
+					fontsConfig === false
+						? []
+						: [
+								{
+									provider: notoSans({
+										scripts: fontsConfig?.scripts,
+									}),
+									name: "Noto Sans",
+									cssVariable: "--font-emdash",
+									weights: ["100 900" as const],
+									styles: ["normal" as const, "italic" as const],
+									subsets: [
+										"latin" as const,
+										"latin-ext" as const,
+										"cyrillic" as const,
+										"cyrillic-ext" as const,
+										"devanagari" as const,
+										"greek" as const,
+										"greek-ext" as const,
+										"vietnamese" as const,
+									],
+									fallbacks: ["ui-sans-serif", "system-ui", "sans-serif"],
+								},
+							];
+
 				updateConfig({
 					security: securityConfig,
+					// fonts is a valid AstroConfig key but may not be in the
+					// type definition for the minimum supported Astro version
+					...({ fonts: emdashFonts } as Record<string, unknown>),
 					vite: createViteConfig(
 						{
 							serializableConfig,

package/src/astro/integration/routes.ts

@@ -511,10 +511,16 @@ export function injectCoreRoutes(injectRoute: InjectRoute): void {
 	});
 
 	injectRoute({
-		pattern: "/_emdash/.well-known/oauth-authorization-server",
+		pattern: "/.well-known/oauth-authorization-server/_emdash",
 		entrypoint: resolveRoute("api/well-known/oauth-authorization-server.ts"),
 	});
 
+	// RFC 7591 Dynamic Client Registration
+	injectRoute({
+		pattern: "/_emdash/api/oauth/register",
+		entrypoint: resolveRoute("api/oauth/register.ts"),
+	});
+
 	// Plugin-defined API routes
 	// All plugin routes are handled by a single catch-all handler
 	injectRoute({
@@ -712,6 +718,11 @@ export function injectCoreRoutes(injectRoute: InjectRoute): void {
 		entrypoint: resolveRoute("api/setup/dev-reset.ts"),
 	});
 
+	injectRoute({
+		pattern: "/_emdash/api/dev/emails",
+		entrypoint: resolveRoute("api/dev/emails.ts"),
+	});
+
 	// Current user endpoint (always available)
 	injectRoute({
 		pattern: "/_emdash/api/auth/me",
@@ -794,6 +805,11 @@ export function injectBuiltinAuthRoutes(injectRoute: InjectRoute): void {
 		entrypoint: resolveRoute("api/auth/invite/complete.ts"),
 	});
 
+	injectRoute({
+		pattern: "/_emdash/api/auth/invite/register-options",
+		entrypoint: resolveRoute("api/auth/invite/register-options.ts"),
+	});
+
 	// Magic link routes
 	injectRoute({
 		pattern: "/_emdash/api/auth/magic-link/send",

package/src/astro/integration/runtime.ts

@@ -256,6 +256,19 @@ export interface EmDashConfig {
 	 */
 	marketplace?: string;
 
+	/**
+	 * Maximum allowed media file upload size in bytes.
+	 *
+	 * Applies to both direct multipart uploads and signed-URL uploads.
+	 * When unset, defaults to 52_428_800 (50 MB).
+	 *
+	 * @example
+	 * ```ts
+	 * emdash({ maxUploadSize: 100 * 1024 * 1024 }) // 100 MB
+	 * ```
+	 */
+	maxUploadSize?: number;
+
 	/**
 	 * Public browser-facing origin for the site.
 	 *
@@ -322,6 +335,56 @@ export interface EmDashConfig {
 	 * ```
 	 */
 	mediaProviders?: MediaProviderDescriptor[];
+
+	/**
+	 * Admin UI font configuration.
+	 *
+	 * By default, EmDash loads Noto Sans via the Astro Font API, covering
+	 * Latin, Latin Extended, Cyrillic, Cyrillic Extended, Greek, Greek
+	 * Extended, Devanagari, and Vietnamese. Fonts are downloaded from
+	 * Google at build time and self-hosted, so there are no runtime CDN
+	 * requests.
+	 *
+	 * To add support for additional writing systems (Arabic, CJK, etc.),
+	 * pass script names. EmDash resolves the matching Noto Sans variant
+	 * from Google Fonts and merges all script faces under a single
+	 * font-family, so the browser downloads only the glyphs it needs
+	 * via unicode-range.
+	 *
+	 * Set to `false` to disable font injection entirely and use system fonts.
+	 *
+	 * @example
+	 * ```ts
+	 * // Add Arabic and Japanese support
+	 * emdash({
+	 *   fonts: {
+	 *     scripts: ["arabic", "japanese"],
+	 *   },
+	 * })
+	 * ```
+	 *
+	 * @example
+	 * ```ts
+	 * // Disable web fonts entirely (use system fonts)
+	 * emdash({
+	 *   fonts: false,
+	 * })
+	 * ```
+	 */
+	fonts?:
+		| false
+		| {
+				/**
+				 * Additional Noto Sans script families to include.
+				 *
+				 * Available scripts: arabic, armenian, bengali, chinese-simplified,
+				 * chinese-traditional, chinese-hongkong, devanagari, ethiopic,
+				 * georgian, gujarati, gurmukhi, hebrew, japanese, kannada, khmer,
+				 * korean, lao, malayalam, myanmar, oriya, sinhala, tamil, telugu,
+				 * thai, tibetan.
+				 */
+				scripts?: string[];
+		  };
 }
 
 /**

package/src/astro/integration/virtual-modules.ts

@@ -56,6 +56,9 @@ export const RESOLVED_VIRTUAL_BLOCK_COMPONENTS_ID = "\0" + VIRTUAL_BLOCK_COMPONE
 export const VIRTUAL_SEED_ID = "virtual:emdash/seed";
 export const RESOLVED_VIRTUAL_SEED_ID = "\0" + VIRTUAL_SEED_ID;
 
+export const VIRTUAL_WAIT_UNTIL_ID = "virtual:emdash/wait-until";
+export const RESOLVED_VIRTUAL_WAIT_UNTIL_ID = "\0" + VIRTUAL_WAIT_UNTIL_ID;
+
 /**
  * Generates the config virtual module.
  */
@@ -65,62 +68,42 @@ export function generateConfigModule(serializableConfig: Record<string, unknown>
 
 /**
  * Generates the dialect virtual module.
- * Statically imports the configured database dialect and exports the dialect type.
- *
- * For D1 adapters, also re-exports session helpers (isSessionEnabled, getD1Binding,
- * getDefaultConstraint, getBookmarkCookieName, createSessionDialect) used by
- * middleware for per-request read replica sessions.
  *
- * For non-D1 adapters, session exports are no-ops.
+ * Adapters that set `supportsRequestScope: true` on their descriptor are
+ * expected to export `createRequestScopedDb` from their runtime entrypoint;
+ * the generator re-exports it so middleware can ask for a per-request Kysely
+ * (used for D1 Sessions API, bookmark cookies, read-replica routing). Other
+ * adapters get a stub that returns null.
  */
-export function generateDialectModule(
-	dbEntrypoint?: string,
-	dbType?: string,
-	dbConfig?: unknown,
-): string {
-	if (!dbEntrypoint) {
+export function generateDialectModule(opts: {
+	entrypoint?: string;
+	type?: string;
+	supportsRequestScope: boolean;
+}): string {
+	const { entrypoint, supportsRequestScope } = opts;
+	if (!entrypoint) {
 		return [
 			`export const createDialect = undefined;`,
 			`export const dialectType = "sqlite";`,
-			`export const isSessionEnabled = () => false;`,
-			`export const getD1Binding = () => null;`,
-			`export const getDefaultConstraint = () => "first-unconstrained";`,
-			`export const getBookmarkCookieName = () => "";`,
-			`export const createSessionDialect = undefined;`,
+			`export const createRequestScopedDb = (_opts) => null;`,
 		].join("\n");
 	}
-	const type = dbType ?? "sqlite";
+	const type = opts.type ?? "sqlite";
 
-	// Check if the adapter is D1 (has session helpers)
-	const isD1 = dbEntrypoint.includes("cloudflare") && dbEntrypoint.includes("d1");
-
-	// Check if sessions are enabled in the config
-	const sessionMode =
-		isD1 && dbConfig && typeof dbConfig === "object" && "session" in dbConfig
-			? // eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- runtime-checked above
-				(dbConfig as { session?: string }).session
-			: undefined;
-	const sessionEnabled = !!sessionMode && sessionMode !== "disabled";
-
-	if (isD1 && sessionEnabled) {
+	if (supportsRequestScope) {
 		return `
-import { createDialect as _createDialect } from "${dbEntrypoint}";
-export { isSessionEnabled, getD1Binding, getDefaultConstraint, getBookmarkCookieName, createSessionDialect } from "${dbEntrypoint}";
+import { createDialect as _createDialect } from "${entrypoint}";
+export { createRequestScopedDb } from "${entrypoint}";
 export const createDialect = _createDialect;
 export const dialectType = ${JSON.stringify(type)};
 `;
 	}
 
-	// Non-D1 or sessions disabled: export no-ops
 	return `
-import { createDialect as _createDialect } from "${dbEntrypoint}";
+import { createDialect as _createDialect } from "${entrypoint}";
 export const createDialect = _createDialect;
 export const dialectType = ${JSON.stringify(type)};
-export const isSessionEnabled = () => false;
-export const getD1Binding = () => null;
-export const getDefaultConstraint = () => "first-unconstrained";
-export const getBookmarkCookieName = () => "";
-export const createSessionDialect = undefined;
+export const createRequestScopedDb = (_opts) => null;
 `;
 }
 
@@ -353,6 +336,25 @@ export function generateBlockComponentsModule(descriptors: PluginDescriptor[]):
 	return `${imports.join("\n")}\nexport const pluginBlockComponents = { ${spreads.join(", ")} };`;
 }
 
+/**
+ * Generates the wait-until virtual module.
+ *
+ * Under @astrojs/cloudflare, re-exports `waitUntil` from `cloudflare:workers`
+ * so `after(fn)` in core can extend the worker's lifetime past the response
+ * for deferred bookkeeping. For any other adapter, exports `undefined` —
+ * Node's long-lived event loop keeps deferred promises running without a
+ * lifetime extender.
+ *
+ * Keeping the adapter check here — rather than in core — means core itself
+ * has no Cloudflare-specific imports or code paths.
+ */
+export function generateWaitUntilModule(adapterName: string | undefined): string {
+	if (adapterName === "@astrojs/cloudflare") {
+		return `export { waitUntil } from "cloudflare:workers";`;
+	}
+	return `export const waitUntil = undefined;`;
+}
+
 /**
  * Generates the seed virtual module.
  * Reads the user's seed file at build time (in Node context) and embeds it,

package/src/astro/integration/vite-config.ts

@@ -38,7 +38,10 @@ import {
 	RESOLVED_VIRTUAL_BLOCK_COMPONENTS_ID,
 	VIRTUAL_SEED_ID,
 	RESOLVED_VIRTUAL_SEED_ID,
+	VIRTUAL_WAIT_UNTIL_ID,
+	RESOLVED_VIRTUAL_WAIT_UNTIL_ID,
 	generateSeedModule,
+	generateWaitUntilModule,
 	generateConfigModule,
 	generateDialectModule,
 	generateStorageModule,
@@ -176,6 +179,9 @@ export function createVirtualModulesPlugin(options: VitePluginOptions): Plugin {
 			if (id === VIRTUAL_SEED_ID) {
 				return RESOLVED_VIRTUAL_SEED_ID;
 			}
+			if (id === VIRTUAL_WAIT_UNTIL_ID) {
+				return RESOLVED_VIRTUAL_WAIT_UNTIL_ID;
+			}
 		},
 		load(id: string) {
 			if (id === RESOLVED_VIRTUAL_CONFIG_ID) {
@@ -184,11 +190,11 @@ export function createVirtualModulesPlugin(options: VitePluginOptions): Plugin {
 			// Generate a module that statically imports the configured dialect
 			// This allows Vite to properly resolve and bundle it
 			if (id === RESOLVED_VIRTUAL_DIALECT_ID) {
-				return generateDialectModule(
-					resolvedConfig.database?.entrypoint,
-					resolvedConfig.database?.type,
-					resolvedConfig.database?.config,
-				);
+				return generateDialectModule({
+					entrypoint: resolvedConfig.database?.entrypoint,
+					type: resolvedConfig.database?.type,
+					supportsRequestScope: resolvedConfig.database?.supportsRequestScope ?? false,
+				});
 			}
 			// Generate a module that statically imports the configured storage
 			if (id === RESOLVED_VIRTUAL_STORAGE_ID) {
@@ -235,6 +241,11 @@ export function createVirtualModulesPlugin(options: VitePluginOptions): Plugin {
 				const projectRoot = fileURLToPath(astroConfig.root);
 				return generateSeedModule(projectRoot);
 			}
+			// Generate wait-until module — re-exports cloudflare:workers'
+			// waitUntil under the Cloudflare adapter, undefined otherwise.
+			if (id === RESOLVED_VIRTUAL_WAIT_UNTIL_ID) {
+				return generateWaitUntilModule(astroConfig.adapter?.name);
+			}
 		},
 	};
 }

package/src/astro/middleware/auth.ts

@@ -97,12 +97,12 @@ const PUBLIC_API_PREFIXES = [
 	"/_emdash/api/auth/dev-bypass",
 	"/_emdash/api/auth/signup/",
 	"/_emdash/api/auth/magic-link/",
-	"/_emdash/api/auth/invite/accept",
-	"/_emdash/api/auth/invite/complete",
+	"/_emdash/api/auth/invite/",
 	"/_emdash/api/auth/oauth/",
 	"/_emdash/api/oauth/device/token",
 	"/_emdash/api/oauth/device/code",
 	"/_emdash/api/oauth/token",
+	"/_emdash/api/oauth/register",
 	"/_emdash/api/comments/",
 	"/_emdash/api/media/file/",
 	"/_emdash/.well-known/",
@@ -119,6 +119,30 @@ const PUBLIC_API_EXACT = new Set([
 	"/_emdash/api/search",
 ]);
 
+/**
+ * OAuth protocol endpoints that are CSRF-exempt by design.
+ *
+ * These are RFC-defined endpoints (RFC 6749 §3.2, RFC 7591 §3, RFC 8628 §3.1/§3.4)
+ * specified to be called cross-origin by external clients (MCP clients, CLIs,
+ * native apps). They authenticate each request on its own merits:
+ *
+ * - /oauth/token: requires PKCE code_verifier, device_code, or refresh_token
+ * - /oauth/register: RFC 7591 dynamic client registration — anonymous by design
+ * - /oauth/device/code: RFC 8628 device flow initiation — anonymous by design
+ * - /oauth/device/token: requires device_code the client already holds
+ *
+ * None of these rely on ambient cookie credentials, so browser-based CSRF
+ * attacks have nothing to exploit. The endpoints themselves advertise
+ * `Access-Control-Allow-Origin: *`. Note: /oauth/device/authorize (the user
+ * consent step) is NOT in this list — it is session-authenticated.
+ */
+const CSRF_EXEMPT_PUBLIC_ROUTES = new Set([
+	"/_emdash/api/oauth/token",
+	"/_emdash/api/oauth/register",
+	"/_emdash/api/oauth/device/code",
+	"/_emdash/api/oauth/device/token",
+]);
+
 function isPublicEmDashRoute(pathname: string): boolean {
 	if (PUBLIC_API_EXACT.has(pathname)) return true;
 	if (PUBLIC_API_PREFIXES.some((p) => pathname.startsWith(p))) return true;
@@ -126,6 +150,10 @@ function isPublicEmDashRoute(pathname: string): boolean {
 	return false;
 }
 
+function isCsrfExemptPublicRoute(pathname: string): boolean {
+	return CSRF_EXEMPT_PUBLIC_ROUTES.has(pathname);
+}
+
 export const onRequest = defineMiddleware(async (context, next) => {
 	const { url } = context;
 
@@ -142,7 +170,10 @@ export const onRequest = defineMiddleware(async (context, next) => {
 	// This prevents cross-origin form submissions and fetch requests from malicious sites.
 	if (isPublicApiRoute) {
 		const method = context.request.method.toUpperCase();
-		if (method !== "GET" && method !== "HEAD" && method !== "OPTIONS") {
+		if (
+			isUnsafeMethod(method) &&
+			!isCsrfExemptPublicRoute(url.pathname) // OAuth protocol endpoints — cross-origin by design
+		) {
 			const publicOrigin = getPublicOrigin(url, context.locals.emdash?.config);
 			const csrfError = checkPublicCsrf(context.request, url, publicOrigin);
 			if (csrfError) return csrfError;
@@ -277,7 +308,9 @@ async function handleEmDashAuth(
 	const { url, locals } = context;
 	const { emdash } = locals;
 
-	const isLoginRoute = url.pathname.startsWith("/_emdash/admin/login");
+	const isPublicAdminRoute =
+		url.pathname.startsWith("/_emdash/admin/login") ||
+		url.pathname.startsWith("/_emdash/admin/invite/accept");
 	const isApiRoute = url.pathname.startsWith("/_emdash/api");
 
 	if (!emdash?.db) {
@@ -291,7 +324,7 @@ async function handleEmDashAuth(
 	if (authMode.type === "external") {
 		// In dev mode, fall back to passkey auth since external JWT won't be present
 		if (import.meta.env.DEV) {
-			if (isLoginRoute) {
+			if (isPublicAdminRoute) {
 				return next();
 			}
 
@@ -303,7 +336,7 @@ async function handleEmDashAuth(
 	}
 
 	// Passkey authentication (default)
-	if (isLoginRoute) {
+	if (isPublicAdminRoute) {
 		return next();
 	}