emdash 0.7.0 → 0.9.0

package/dist/{search-B0effn3j.mjs → search-dOGEccMa.mjs}

@@ -1,21 +1,25 @@
 import { n as validateJsonFieldName, r as validatePluginIdentifier, t as validateIdentifier } from "./validate-VPnKoIzW.mjs";
-import { o as jsonExtractExpr } from "./dialect-helpers-DhTzaUxP.mjs";
-import { a as slugify, r as RevisionRepository, t as ContentRepository } from "./content-D7J5y73J.mjs";
-import { r as encodeBase64, t as decodeBase64 } from "./base64-MBPo9ozB.mjs";
-import { n as decodeCursor, r as encodeCursor, t as EmDashValidationError } from "./types-CMMN0pNg.mjs";
-import { t as MediaRepository } from "./media-DqHVh136.mjs";
-import { a as ssrfSafeFetch, i as resolveAndValidateExternalUrl, o as stripCredentialHeaders, p as OptionsRepository, r as SsrfError, s as validateExternalUrl } from "./apply-5uslYdUu.mjs";
+import { s as jsonExtractExpr } from "./dialect-helpers-BKCvISIQ.mjs";
+import { a as slugify, r as RevisionRepository, t as ContentRepository } from "./content-8lOYF0pr.mjs";
+import { r as encodeBase64, t as decodeBase64 } from "./base64-BRICGH2l.mjs";
+import { i as encodeCursor, n as InvalidCursorError, r as decodeCursor, t as EmDashValidationError } from "./types-CRxNbK-Z.mjs";
+import { t as MediaRepository } from "./media-BW32b4gi.mjs";
+import { a as ssrfSafeFetch, i as resolveAndValidateExternalUrl, o as stripCredentialHeaders, r as SsrfError, s as validateExternalUrl } from "./apply-BzltprvY.mjs";
+import { t as OptionsRepository } from "./options-BVp3UsTS.mjs";
 import { t as withTransaction } from "./transaction-Cn2rjY78.mjs";
-import { t as RedirectRepository } from "./redirect-CN0Rt9Ob.mjs";
-import { n as chunks, t as SQL_BATCH_SIZE } from "./chunks-HGz06Soa.mjs";
-import { t as BylineRepository } from "./byline-C4OVd8b3.mjs";
-import { r as isI18nEnabled } from "./config-BXwuX8Bx.mjs";
-import { r as invalidateRedirectCache } from "./cache-BkKBuIvS.mjs";
-import { i as FTSManager, n as SchemaRegistry } from "./registry-Ci3WxVAr.mjs";
-import { n as getDb } from "./loader-DeiBJEMe.mjs";
-import { n as requestCached } from "./request-cache-DiR961CV.mjs";
-import { i as pluginManifestSchema } from "./manifest-schema-V30qsMft.mjs";
-import { t as generatePreviewToken } from "./tokens-BFPFx3CA.mjs";
+import { t as RedirectRepository } from "./redirect-BhUBKRc1.mjs";
+import { n as chunks, t as SQL_BATCH_SIZE } from "./chunks-NBQVDOci.mjs";
+import { t as BylineRepository } from "./byline-BSaNL1w7.mjs";
+import { r as isI18nEnabled } from "./config-BI0V3ICQ.mjs";
+import { r as invalidateRedirectCache } from "./cache-C6N_hhN7.mjs";
+import { t as isMissingTableError } from "./db-errors-WRezodiz.mjs";
+import { r as hashString } from "./zod-generator-CC0xNe_K.mjs";
+import { i as FTSManager, n as SchemaRegistry } from "./registry-Dw70ChxB.mjs";
+import { r as getDb } from "./loader-CKLbBnhK.mjs";
+import { n as requestCached } from "./request-cache-B-bmkipQ.mjs";
+import { i as pluginManifestSchema } from "./manifest-schema-DqWNC3lM.mjs";
+import { i as normalizeCapabilities } from "./types-4fVtCIm0.mjs";
+import { t as generatePreviewToken } from "./tokens-D7zMmWi2.mjs";
 import { sql } from "kysely";
 import { AsyncLocalStorage } from "node:async_hooks";
 import { ulid } from "ulidx";
@@ -78,7 +82,7 @@ var UserRepository = class UserRepository {
 		if (options.role !== void 0) query = query.where("role", "=", UserRepository.resolveRole(options.role));
 		if (options.cursor) {
 			const decoded = decodeCursor(options.cursor);
-			if (decoded) query = query.where((eb) => eb.or([eb("created_at", "<", decoded.orderValue), eb.and([eb("created_at", "=", decoded.orderValue), eb("id", "<", decoded.id)])]));
+			query = query.where((eb) => eb.or([eb("created_at", "<", decoded.orderValue), eb.and([eb("created_at", "=", decoded.orderValue), eb("id", "<", decoded.id)])]));
 		}
 		const rows = await query.execute();
 		const items = rows.slice(0, limit).map((row) => this.rowToUser(row));
@@ -228,7 +232,7 @@ var CommentRepository = class CommentRepository {
 		if (options.status) query = query.where("status", "=", options.status);
 		if (options.cursor) {
 			const decoded = decodeCursor(options.cursor);
-			if (decoded) query = query.where((eb) => eb.or([eb("created_at", ">", decoded.orderValue), eb.and([eb("created_at", "=", decoded.orderValue), eb("id", ">", decoded.id)])]));
+			query = query.where((eb) => eb.or([eb("created_at", ">", decoded.orderValue), eb.and([eb("created_at", "=", decoded.orderValue), eb("id", ">", decoded.id)])]));
 		}
 		query = query.orderBy("created_at", "asc").orderBy("id", "asc").limit(limit + 1);
 		const rows = await query.execute();
@@ -259,7 +263,7 @@ var CommentRepository = class CommentRepository {
 		}
 		if (options.cursor) {
 			const decoded = decodeCursor(options.cursor);
-			if (decoded) query = query.where((eb) => eb.or([eb("created_at", "<", decoded.orderValue), eb.and([eb("created_at", "=", decoded.orderValue), eb("id", "<", decoded.id)])]));
+			query = query.where((eb) => eb.or([eb("created_at", "<", decoded.orderValue), eb.and([eb("created_at", "=", decoded.orderValue), eb("id", "<", decoded.id)])]));
 		}
 		query = query.orderBy("created_at", "desc").orderBy("id", "desc").limit(limit + 1);
 		const rows = await query.execute();
@@ -683,7 +687,7 @@ var PluginStorageRepository = class {
 		}
 		if (cursor) {
 			const decoded = decodeCursor(cursor);
-			if (decoded) query = query.where(({ eb }) => eb(sql`(created_at, id)`, ">", sql`(${decoded.orderValue}, ${decoded.id})`));
+			query = query.where(({ eb }) => eb(sql`(created_at, id)`, ">", sql`(${decoded.orderValue}, ${decoded.id})`));
 		}
 		if (Object.keys(orderBy).length > 0) for (const [field, direction] of Object.entries(orderBy)) {
 			const extract = jsonExtract(this.db, field);
@@ -976,6 +980,16 @@ function validateRev(rev, item) {
 //#endregion
 //#region src/api/handlers/content.ts
 /**
+* Narrow a caught error to one carrying a structured `apiError` discriminant.
+* Used by transaction callbacks that want to surface a specific error code
+* through the standard Error throwing path.
+*/
+function hasApiError(error) {
+	if (!(error instanceof Error) || !("apiError" in error)) return false;
+	const { apiError } = error;
+	return typeof apiError === "object" && apiError !== null && "code" in apiError && typeof apiError.code === "string";
+}
+/**
 * Extract a slug source (title or name) from content data.
 * Returns null if no suitable string field is found.
 */
@@ -1125,6 +1139,27 @@ async function handleContentList(db, collection, params) {
 			}
 		};
 	} catch (error) {
+		if (error instanceof InvalidCursorError) return {
+			success: false,
+			error: {
+				code: "INVALID_CURSOR",
+				message: error.message
+			}
+		};
+		if (isMissingTableError(error)) return {
+			success: false,
+			error: {
+				code: "COLLECTION_NOT_FOUND",
+				message: `Collection '${collection}' not found`
+			}
+		};
+		if (error instanceof EmDashValidationError) return {
+			success: false,
+			error: {
+				code: "VALIDATION_ERROR",
+				message: error.message
+			}
+		};
 		console.error("Content list error:", error);
 		return {
 			success: false,
@@ -1255,6 +1290,37 @@ async function handleContentCreate(db, collection, body) {
 			}
 		};
 	} catch (error) {
+		if (isMissingTableError(error)) return {
+			success: false,
+			error: {
+				code: "COLLECTION_NOT_FOUND",
+				message: `Collection '${collection}' not found`
+			}
+		};
+		if (error instanceof EmDashValidationError) return {
+			success: false,
+			error: {
+				code: "VALIDATION_ERROR",
+				message: error.message
+			}
+		};
+		const message = error instanceof Error ? error.message.toLowerCase() : "";
+		if (message.includes("unique constraint failed") || message.includes("duplicate key")) {
+			if (message.includes("slug")) return {
+				success: false,
+				error: {
+					code: "SLUG_CONFLICT",
+					message: `Slug '${body.slug ?? "(auto-generated)"}' already exists in collection '${collection}'`
+				}
+			};
+			return {
+				success: false,
+				error: {
+					code: "CONFLICT",
+					message: "Unique constraint violation"
+				}
+			};
+		}
 		console.error("Content create error:", error);
 		return {
 			success: false,
@@ -1324,13 +1390,41 @@ async function handleContentUpdate(db, collection, id, body) {
 			}
 		};
 	} catch (error) {
-		if (error instanceof Error && "apiError" in error) {
-			const { code } = error.apiError;
+		if (hasApiError(error)) return {
+			success: false,
+			error: {
+				code: error.apiError.code,
+				message: error.message
+			}
+		};
+		if (isMissingTableError(error)) return {
+			success: false,
+			error: {
+				code: "COLLECTION_NOT_FOUND",
+				message: `Collection '${collection}' not found`
+			}
+		};
+		if (error instanceof EmDashValidationError) return {
+			success: false,
+			error: {
+				code: "VALIDATION_ERROR",
+				message: error.message
+			}
+		};
+		const message = error instanceof Error ? error.message.toLowerCase() : "";
+		if (message.includes("unique constraint failed") || message.includes("duplicate key")) {
+			if (message.includes("slug")) return {
+				success: false,
+				error: {
+					code: "SLUG_CONFLICT",
+					message: `Slug '${body.slug ?? id}' already exists in collection '${collection}'`
+				}
+			};
 			return {
 				success: false,
 				error: {
-					code,
-					message: error.message
+					code: "CONFLICT",
+					message: "Unique constraint violation"
 				}
 			};
 		}
@@ -1519,6 +1613,13 @@ async function handleContentListTrashed(db, collection, options = {}) {
 			}
 		};
 	} catch (error) {
+		if (error instanceof InvalidCursorError) return {
+			success: false,
+			error: {
+				code: "INVALID_CURSOR",
+				message: error.message
+			}
+		};
 		console.error("Content list trashed error:", error);
 		return {
 			success: false,
@@ -1598,6 +1699,13 @@ async function handleContentUnschedule(db, collection, id) {
 			data: { item }
 		};
 	} catch (error) {
+		if (error instanceof EmDashValidationError) return {
+			success: false,
+			error: {
+				code: "VALIDATION_ERROR",
+				message: error.message
+			}
+		};
 		console.error("Content unschedule error:", error);
 		return {
 			success: false,
@@ -1615,12 +1723,12 @@ async function handleContentUnschedule(db, collection, id) {
 * (syncDataColumns, slug sync, status/revision update) that must
 * be atomic to prevent FTS shadow table corruption on crash.
 */
-async function handleContentPublish(db, collection, id) {
+async function handleContentPublish(db, collection, id, options = {}) {
 	try {
 		const item = await withTransaction(db, async (trx) => {
 			const repo = new ContentRepository(trx);
 			const resolvedId = await resolveId(repo, collection, id) ?? id;
-			return repo.publish(collection, resolvedId);
+			return repo.publish(collection, resolvedId, options.publishedAt);
 		});
 		await hydrateSeo(db, collection, item, await collectionHasSeo(db, collection));
 		return {
@@ -1628,6 +1736,13 @@ async function handleContentPublish(db, collection, id) {
 			data: { item }
 		};
 	} catch (error) {
+		if (error instanceof EmDashValidationError) return {
+			success: false,
+			error: {
+				code: "VALIDATION_ERROR",
+				message: error.message
+			}
+		};
 		console.error("Content publish error:", error);
 		return {
 			success: false,
@@ -1657,6 +1772,13 @@ async function handleContentUnpublish(db, collection, id) {
 			data: { item }
 		};
 	} catch (error) {
+		if (error instanceof EmDashValidationError) return {
+			success: false,
+			error: {
+				code: "VALIDATION_ERROR",
+				message: error.message
+			}
+		};
 		console.error("Content unpublish error:", error);
 		return {
 			success: false,
@@ -1841,37 +1963,6 @@ async function syncNonTranslatableFields(trx, collectionSlug, updatedItemId, tra
 	`.execute(trx);
 }
 
-//#endregion
-//#region src/utils/hash.ts
-/**
-* SHA-256 hash of a string, truncated to 16 hex chars (64 bits).
-* For cache invalidation / ETags — not for security.
-*/
-async function hashString(content) {
-	const buf = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(content));
-	return Array.from(new Uint8Array(buf).slice(0, 8), (b) => b.toString(16).padStart(2, "0")).join("");
-}
-/**
-* Compute content hash using Web Crypto API
-*
-* Uses SHA-1 which is the fastest option in SubtleCrypto.
-* SHA-1 is cryptographically weak but fine for content deduplication
-* where we only need to detect identical files, not resist attacks.
-*
-* Returns hex string prefixed with "sha1:" for future-proofing
-*/
-async function computeContentHash(content) {
-	let buf;
-	if (content instanceof ArrayBuffer) buf = content;
-	else {
-		buf = new ArrayBuffer(content.byteLength);
-		new Uint8Array(buf).set(content);
-	}
-	const hashBuffer = await crypto.subtle.digest("SHA-1", buf);
-	const hashArray = new Uint8Array(hashBuffer);
-	return `sha1:${Array.from(hashArray, (b) => b.toString(16).padStart(2, "0")).join("")}`;
-}
-
 //#endregion
 //#region src/api/handlers/manifest.ts
 /**
@@ -2050,9 +2141,7 @@ async function handleRevisionGet(db, revisionId) {
 */
 async function handleRevisionRestore(db, revisionId, callerUserId) {
 	try {
-		const revisionRepo = new RevisionRepository(db);
-		const contentRepo = new ContentRepository(db);
-		const revision = await revisionRepo.findById(revisionId);
+		const revision = await new RevisionRepository(db).findById(revisionId);
 		if (!revision) return {
 			success: false,
 			error: {
@@ -2061,17 +2150,22 @@ async function handleRevisionRestore(db, revisionId, callerUserId) {
 			}
 		};
 		const { _slug, ...fieldData } = revision.data;
-		const item = await contentRepo.update(revision.collection, revision.entryId, {
-			data: fieldData,
-			slug: typeof _slug === "string" ? _slug : void 0
-		});
-		await revisionRepo.create({
-			collection: revision.collection,
-			entryId: revision.entryId,
-			data: revision.data,
-			authorId: callerUserId
+		const item = await withTransaction(db, async (trx) => {
+			const trxContentRepo = new ContentRepository(trx);
+			const trxRevisionRepo = new RevisionRepository(trx);
+			const updated = await trxContentRepo.update(revision.collection, revision.entryId, {
+				data: fieldData,
+				slug: typeof _slug === "string" ? _slug : void 0
+			});
+			await trxRevisionRepo.create({
+				collection: revision.collection,
+				entryId: revision.entryId,
+				data: revision.data,
+				authorId: callerUserId
+			});
+			return updated;
 		});
-		revisionRepo.pruneOldRevisions(revision.collection, revision.entryId, 50).catch(() => {});
+		new RevisionRepository(db).pruneOldRevisions(revision.collection, revision.entryId, 50).catch(() => {});
 		return {
 			success: true,
 			data: { item }
@@ -2106,7 +2200,14 @@ async function handleMediaList(db, params) {
 				nextCursor: result.nextCursor
 			}
 		};
-	} catch {
+	} catch (error) {
+		if (error instanceof InvalidCursorError) return {
+			success: false,
+			error: {
+				code: "INVALID_CURSOR",
+				message: error.message
+			}
+		};
 		return {
 			success: false,
 			error: {
@@ -2436,7 +2537,7 @@ async function getSectionsWithDb(db, options = {}) {
 	query = query.orderBy("title", "asc").orderBy("id", "asc");
 	if (options.cursor) {
 		const decoded = decodeCursor(options.cursor);
-		if (decoded) query = query.where((eb) => eb.or([eb("title", ">", decoded.orderValue), eb.and([eb("title", "=", decoded.orderValue), eb("id", ">", decoded.id)])]));
+		query = query.where((eb) => eb.or([eb("title", ">", decoded.orderValue), eb.and([eb("title", "=", decoded.orderValue), eb("id", ">", decoded.id)])]));
 	}
 	query = query.limit(limit + 1);
 	const rows = await query.$castTo().execute();
@@ -2542,7 +2643,7 @@ const VALID_ROLE_LEVELS = new Set([
 const roleLevel = z$1.coerce.number().int().refine((n) => VALID_ROLE_LEVELS.has(n), { message: "Invalid role level. Must be 10, 20, 30, 40, or 50" });
 /** Pagination query params — cursor-based */
 const cursorPaginationQuery = z$1.object({
-	cursor: z$1.string().optional().meta({ description: "Opaque cursor for pagination" }),
+	cursor: z$1.string().max(2048).optional().meta({ description: "Opaque cursor for pagination" }),
 	limit: z$1.coerce.number().int().min(1).max(100).optional().default(50).meta({ description: "Maximum number of items to return (1-100, default 50)" })
 }).meta({ id: "CursorPaginationQuery" });
 /** Pagination query params — offset-based */
@@ -2672,6 +2773,10 @@ const contentScheduleBody = z$1.object({ scheduledAt: z$1.string().min(1, "sched
 	description: "ISO 8601 datetime for scheduled publishing",
 	example: "2025-06-15T09:00:00Z"
 }) }).meta({ id: "ContentScheduleBody" });
+const contentPublishBody = z$1.object({ publishedAt: z$1.iso.datetime({
+	offset: true,
+	message: "must be an ISO 8601 datetime"
+}).optional().meta({ description: "Optional ISO 8601 datetime to backdate the publish (e.g. when migrating content). Requires content:publish_any permission. Without this, existing published_at is preserved on re-publish." }) }).meta({ id: "ContentPublishBody" });
 const contentPreviewUrlBody = z$1.object({
 	expiresIn: z$1.union([z$1.string(), z$1.number()]).optional(),
 	pathPattern: z$1.string().optional()
@@ -3013,8 +3118,8 @@ const commentListQuery = z$1.object({
 	]).optional(),
 	collection: z$1.string().optional(),
 	search: z$1.string().optional(),
-	limit: z$1.coerce.number().int().min(1).max(100).optional(),
-	cursor: z$1.string().optional()
+	limit: z$1.coerce.number().int().min(1).max(100).optional().default(50),
+	cursor: z$1.string().max(2048).optional()
 }).meta({ id: "CommentListQuery" });
 const commentStatusValues = z$1.enum([
 	"pending",
@@ -3313,8 +3418,8 @@ const sectionSource = z$1.enum([
 const sectionsListQuery = z$1.object({
 	source: sectionSource.optional(),
 	search: z$1.string().optional(),
-	limit: z$1.coerce.number().int().min(1).max(100).optional(),
-	cursor: z$1.string().optional()
+	limit: z$1.coerce.number().int().min(1).max(100).optional().default(50),
+	cursor: z$1.string().max(2048).optional()
 }).meta({ id: "SectionsListQuery" });
 const createSectionBody = z$1.object({
 	slug: z$1.string().min(1),
@@ -3323,7 +3428,7 @@ const createSectionBody = z$1.object({
 	keywords: z$1.array(z$1.string()).optional(),
 	content: z$1.array(z$1.record(z$1.string(), z$1.unknown())),
 	previewMediaId: z$1.string().optional(),
-	source: sectionSource.optional(),
+	source: z$1.enum(["user", "import"]).optional(),
 	themeId: z$1.string().optional()
 }).meta({ id: "CreateSectionBody" });
 const updateSectionBody = z$1.object({
@@ -3498,13 +3603,15 @@ const setupAdminBody = z$1.object({
 	name: z$1.string().optional()
 });
 const setupAdminVerifyBody = z$1.object({ credential: registrationCredential });
+const atprotoLoginBody = z$1.object({ handle: z$1.string().trim().min(1) });
+const setupAtprotoAdminBody = z$1.object({ handle: z$1.string().trim().min(1) });
 
 //#endregion
 //#region src/api/schemas/users.ts
 const usersListQuery = z$1.object({
 	search: z$1.string().optional(),
 	role: z$1.string().optional(),
-	cursor: z$1.string().optional(),
+	cursor: z$1.string().max(2048).optional(),
 	limit: z$1.coerce.number().int().min(1).max(100).optional().default(50)
 }).meta({ id: "UsersListQuery" });
 const userUpdateBody = z$1.object({
@@ -3601,18 +3708,15 @@ const widgetAreaSchema = z$1.object({
 }).meta({ id: "WidgetArea" });
 const widgetSchema = z$1.object({
 	id: z$1.string(),
-	area_id: z$1.string(),
-	type: z$1.string(),
-	title: z$1.string().nullable(),
-	content: z$1.string().nullable(),
-	menu_name: z$1.string().nullable(),
-	component_id: z$1.string().nullable(),
-	component_props: z$1.string().nullable(),
-	sort_order: z$1.number().int(),
-	created_at: z$1.string(),
-	updated_at: z$1.string()
+	type: widgetType,
+	title: z$1.string().optional(),
+	content: z$1.array(z$1.record(z$1.string(), z$1.unknown())).optional(),
+	menuName: z$1.string().optional(),
+	componentId: z$1.string().optional(),
+	componentProps: z$1.record(z$1.string(), z$1.unknown()).optional()
 }).meta({ id: "Widget" });
 const widgetAreaWithWidgetsSchema = widgetAreaSchema.extend({ widgets: z$1.array(widgetSchema) }).meta({ id: "WidgetAreaWithWidgets" });
+const widgetAreaWithWidgetsAndCountSchema = widgetAreaWithWidgetsSchema.extend({ widgetCount: z$1.number().int() }).meta({ id: "WidgetAreaWithWidgetsAndCount" });
 
 //#endregion
 //#region src/api/schemas/redirects.ts
@@ -4897,6 +5001,20 @@ function buildNavMenus(navMenuItemPosts, menuTermsBySlug) {
 
 //#endregion
 //#region src/plugins/define-plugin.ts
+/**
+* definePlugin() Helper
+*
+* Creates a properly typed and normalized plugin definition.
+* Supports two formats:
+*
+* 1. **Native format** -- full PluginDefinition with id, version, capabilities, etc.
+*    Returns a ResolvedPlugin.
+*
+* 2. **Standard format** -- just { hooks, routes }. No id/version/capabilities.
+*    Returns the same object (identity function for type inference).
+*    Metadata comes from the descriptor at config time.
+*
+*/
 const SIMPLE_ID = /^[a-z0-9-]+$/;
 const SCOPED_ID = /^@[a-z0-9-]+\/[a-z0-9-]+$/;
 const SEMVER_PATTERN = /^\d+\.\d+\.\d+/;
@@ -4916,6 +5034,17 @@ function defineNativePlugin(definition) {
 	if (!SIMPLE_ID.test(id) && !SCOPED_ID.test(id)) throw new Error(`Invalid plugin id "${id}". Must be lowercase alphanumeric with dashes (e.g., "my-plugin" or "@scope/my-plugin").`);
 	if (!SEMVER_PATTERN.test(version)) throw new Error(`Invalid plugin version "${version}". Must be semver format (e.g., "1.0.0").`);
 	const validCapabilities = new Set([
+		"network:request",
+		"network:request:unrestricted",
+		"content:read",
+		"content:write",
+		"media:read",
+		"media:write",
+		"users:read",
+		"email:send",
+		"hooks.email-transport:register",
+		"hooks.email-events:register",
+		"hooks.page-fragments:register",
 		"network:fetch",
 		"network:fetch:any",
 		"read:content",
@@ -4923,16 +5052,16 @@ function defineNativePlugin(definition) {
 		"read:media",
 		"write:media",
 		"read:users",
-		"email:send",
 		"email:provide",
 		"email:intercept",
 		"page:inject"
 	]);
 	for (const cap of capabilities) if (!validCapabilities.has(cap)) throw new Error(`Invalid capability "${cap}" in plugin "${id}".`);
-	const normalizedCapabilities = [...capabilities];
-	if (capabilities.includes("write:content") && !capabilities.includes("read:content")) normalizedCapabilities.push("read:content");
-	if (capabilities.includes("write:media") && !capabilities.includes("read:media")) normalizedCapabilities.push("read:media");
-	if (capabilities.includes("network:fetch:any") && !capabilities.includes("network:fetch")) normalizedCapabilities.push("network:fetch");
+	const canonical = normalizeCapabilities(capabilities);
+	const normalizedCapabilities = [...canonical];
+	if (canonical.includes("content:write") && !canonical.includes("content:read")) normalizedCapabilities.push("content:read");
+	if (canonical.includes("media:write") && !canonical.includes("media:read")) normalizedCapabilities.push("media:read");
+	if (canonical.includes("network:request:unrestricted") && !canonical.includes("network:request")) normalizedCapabilities.push("network:request");
 	return {
 		id,
 		version,
@@ -5943,16 +6072,16 @@ var PluginContextFactory = class {
 		const log = createLogAccess(plugin.id);
 		const storage = createStorageAccess(this.db, plugin.id, plugin.storage);
 		let content;
-		if (capabilities.has("write:content")) content = createContentAccessWithWrite(this.db);
-		else if (capabilities.has("read:content")) content = createContentAccess(this.db);
+		if (capabilities.has("content:write")) content = createContentAccessWithWrite(this.db);
+		else if (capabilities.has("content:read")) content = createContentAccess(this.db);
 		let media;
-		if (capabilities.has("write:media") && this.getUploadUrl) media = createMediaAccessWithWrite(this.db, this.getUploadUrl, this.storage);
-		else if (capabilities.has("read:media")) media = createMediaAccess(this.db);
+		if (capabilities.has("media:write") && this.getUploadUrl) media = createMediaAccessWithWrite(this.db, this.getUploadUrl, this.storage);
+		else if (capabilities.has("media:read")) media = createMediaAccess(this.db);
 		let http;
-		if (capabilities.has("network:fetch:any")) http = createUnrestrictedHttpAccess(plugin.id);
-		else if (capabilities.has("network:fetch")) http = createHttpAccess(plugin.id, plugin.allowedHosts);
+		if (capabilities.has("network:request:unrestricted")) http = createUnrestrictedHttpAccess(plugin.id);
+		else if (capabilities.has("network:request")) http = createHttpAccess(plugin.id, plugin.allowedHosts);
 		let users;
-		if (capabilities.has("read:users")) users = createUserAccess(this.db);
+		if (capabilities.has("users:read")) users = createUserAccess(this.db);
 		let cron;
 		if (this.cronReschedule) cron = new CronAccessImpl(this.db, plugin.id, this.cronReschedule);
 		let email;
@@ -6098,22 +6227,22 @@ var HookPipeline = class HookPipeline {
 	* capability will have that hook silently skipped at registration time.
 	*/
 	static HOOK_REQUIRED_CAPABILITY = new Map([
-		["email:beforeSend", "email:intercept"],
-		["email:afterSend", "email:intercept"],
-		["email:deliver", "email:provide"],
-		["content:beforeSave", "write:content"],
-		["content:afterSave", "read:content"],
-		["content:beforeDelete", "read:content"],
-		["content:afterDelete", "read:content"],
-		["content:afterPublish", "read:content"],
-		["content:afterUnpublish", "read:content"],
-		["media:beforeUpload", "write:media"],
-		["media:afterUpload", "read:media"],
-		["comment:beforeCreate", "read:users"],
-		["comment:moderate", "read:users"],
-		["comment:afterCreate", "read:users"],
-		["comment:afterModerate", "read:users"],
-		["page:fragments", "page:inject"]
+		["email:beforeSend", "hooks.email-events:register"],
+		["email:afterSend", "hooks.email-events:register"],
+		["email:deliver", "hooks.email-transport:register"],
+		["content:beforeSave", "content:write"],
+		["content:afterSave", "content:read"],
+		["content:beforeDelete", "content:read"],
+		["content:afterDelete", "content:read"],
+		["content:afterPublish", "content:read"],
+		["content:afterUnpublish", "content:read"],
+		["media:beforeUpload", "media:write"],
+		["media:afterUpload", "media:read"],
+		["comment:beforeCreate", "users:read"],
+		["comment:moderate", "users:read"],
+		["comment:afterCreate", "users:read"],
+		["comment:afterModerate", "users:read"],
+		["page:fragments", "hooks.page-fragments:register"]
 	]);
 	/**
 	* Register a single plugin's hook by name
@@ -6815,6 +6944,15 @@ var HookPipeline = class HookPipeline {
 		return (this.hooks.get(hookName) ?? []).filter((h) => h.exclusive).map((h) => ({ pluginId: h.pluginId }));
 	}
 	/**
+	* Get all plugins that registered a non-exclusive handler for a given
+	* hook (e.g. `email:beforeSend`, `email:afterSend`), preserving priority
+	* order. Partitions with `getExclusiveHookProviders()`, which returns
+	* plugins whose registration is marked `exclusive: true`.
+	*/
+	getHookProviders(hookName) {
+		return (this.hooks.get(hookName) ?? []).filter((h) => !h.exclusive).map((h) => ({ pluginId: h.pluginId }));
+	}
+	/**
 	* Invoke an exclusive hook — dispatch only to the selected provider.
 	* Returns null if no provider is selected or if the selected hook
 	* is not found in the pipeline.
@@ -7058,8 +7196,15 @@ const MAX_STORED_EMAILS = 100;
 * instances (the runtime and the route handler may load separate copies
 * of this module, but globalThis is always the same object).
 */
-const GLOBAL_KEY = "__emdash_dev_emails__";
-const storedEmails = globalThis[GLOBAL_KEY] ??= [];
+const GLOBAL_KEY = Symbol.for("emdash:dev-emails");
+const g = globalThis;
+const storedEmails = (() => {
+	const existing = g[GLOBAL_KEY];
+	if (existing) return existing;
+	const fresh = [];
+	g[GLOBAL_KEY] = fresh;
+	return fresh;
+})();
 /**
 * The email:deliver handler for the dev console provider.
 * Logs to console and stores in memory.
@@ -7696,18 +7841,6 @@ function createNoopSandboxRunner(_options) {
 	return new NoopSandboxRunner();
 }
 
-//#endregion
-//#region src/plugins/types.ts
-/**
-* Check if a value is a StandardPluginDefinition (has hooks/routes but no id/version).
-*/
-function isStandardPluginDefinition(value) {
-	if (typeof value !== "object" || value === null) return false;
-	const hasPluginShape = "hooks" in value || "routes" in value;
-	const hasNativeShape = "id" in value && "version" in value;
-	return hasPluginShape && !hasNativeShape;
-}
-
 //#endregion
 //#region src/import/sections.ts
 /**
@@ -8631,6 +8764,7 @@ registerSource(wxrSource);
 *
 * Creates preview URLs that include a signed token for accessing draft content.
 */
+const REPEATED_SLASHES = /\/{2,}/g;
 /**
 * Generate a preview URL for content
 *
@@ -8665,13 +8799,15 @@ registerSource(wxrSource);
 * ```
 */
 async function getPreviewUrl(options) {
-	const { collection, id, secret, expiresIn = "1h", baseUrl, pathPattern = "/{collection}/{id}" } = options;
+	const { collection, id, secret, expiresIn = "1h", baseUrl, pathPattern = "/{collection}/{id}", locale = "" } = options;
 	const token = await generatePreviewToken({
 		contentId: `${collection}:${id}`,
 		expiresIn,
 		secret
 	});
-	const path = pathPattern.replace("{collection}", collection).replace("{id}", id);
+	let path = pathPattern.replace("{collection}", collection).replace("{id}", id).replace("{locale}", locale);
+	path = path.replace(REPEATED_SLASHES, "/");
+	if (path.length > 1 && path.endsWith("/")) path = path.slice(0, -1);
 	const url = new URL(path, baseUrl || "http://placeholder");
 	url.searchParams.set("_preview", token);
 	if (!baseUrl) return `${url.pathname}${url.search}`;
@@ -9186,6 +9322,22 @@ const WHITESPACE_SPLIT_PATTERN = /\s+/;
 const FTS_OPERATORS_PATTERN = /\b(AND|OR|NOT|NEAR)\b/i;
 const DOUBLE_QUOTE_PATTERN = /"/g;
 /**
+* Detect FTS5 query syntax errors. Match specifically on the SQLite FTS5
+* error fingerprints rather than a broad "fts5" / "syntax error" filter
+* (which would also swallow internal table-corruption errors). The two
+* fingerprints we care about are:
+*
+*  - "fts5: syntax error near …" — unbalanced quotes, stray operators,
+*    other malformed user input
+*  - "unknown special query: …" — bare special tokens like `^*` that
+*    parse but don't resolve to a real FTS5 directive
+*/
+function isFts5SyntaxError(error) {
+	if (!(error instanceof Error)) return false;
+	const message = error.message.toLowerCase();
+	return message.includes("fts5: syntax error") || message.includes("unknown special query");
+}
+/**
 * Search across multiple collections
 *
 * Public API that auto-injects the database.
@@ -9282,7 +9434,9 @@ async function searchSingleCollection(db, collection, query, options, weights) {
 		bm25Args = weightValues.join(", ");
 	}
 	const bm25Expr = bm25Args ? `bm25("${ftsTable}", ${bm25Args})` : `bm25("${ftsTable}")`;
-	return (await sql`
+	let results;
+	try {
+		results = await sql`
 		SELECT 
 			c.id,
 			c.slug,
@@ -9298,16 +9452,45 @@ async function searchSingleCollection(db, collection, query, options, weights) {
 		${locale ? sql`AND c.locale = ${locale}` : sql``}
 		ORDER BY score
 		LIMIT ${limit}
-	`.execute(db)).rows.map((row) => ({
+	`.execute(db);
+	} catch (error) {
+		if (isFts5SyntaxError(error)) return [];
+		throw error;
+	}
+	return results.rows.map((row) => ({
 		collection,
 		id: row.id,
 		slug: row.slug,
 		locale: row.locale,
 		title: row.title ?? void 0,
-		snippet: row.snippet,
+		snippet: row.snippet === null ? void 0 : sanitizeSnippet(row.snippet),
 		score: Math.abs(row.score)
 	}));
 }
+const SNIPPET_AMP_RE = /&/g;
+const SNIPPET_LT_RE = /</g;
+const SNIPPET_GT_RE = />/g;
+const SNIPPET_QUOT_RE = /"/g;
+const SNIPPET_APOS_RE = /'/g;
+/**
+* Make an FTS5 snippet safe to render with `set:html` / `innerHTML`.
+*
+* SQLite's `snippet()` function splices literal `<mark>` and `</mark>`
+* markers around matched terms but does not escape the surrounding
+* source text. Posts that legitimately contain `<`, `>`, `&`, `"` or
+* `'` would render as broken markup, and a `<script>` literal in a
+* title (or any other indexed field) would execute when displayed.
+*
+* The fix: HTML-escape the whole string, which turns the markers into
+* `&lt;mark&gt;` / `&lt;/mark&gt;`. Then restore those two patterns to
+* their original tag form. The result is "the indexed text with all
+* HTML metacharacters escaped, plus a small set of literal `<mark>`
+* highlight tags around matched terms" — which matches the API's
+* documented contract.
+*/
+function sanitizeSnippet(snippet) {
+	return snippet.replace(SNIPPET_AMP_RE, "&amp;").replace(SNIPPET_LT_RE, "&lt;").replace(SNIPPET_GT_RE, "&gt;").replace(SNIPPET_QUOT_RE, "&quot;").replace(SNIPPET_APOS_RE, "&#39;").replaceAll("&lt;mark&gt;", "<mark>").replaceAll("&lt;/mark&gt;", "</mark>");
+}
 /**
 * Get search suggestions for autocomplete
 *
@@ -9331,20 +9514,26 @@ async function getSuggestions(db, query, options = {}) {
 		const contentTable = ftsManager.getContentTableName(collection);
 		const prefixQuery = escapeQuery(query);
 		if (!prefixQuery) continue;
-		const results = await sql`
-			SELECT 
-				c.id,
-				c.title
-			FROM "${sql.raw(ftsTable)}" f
-			JOIN "${sql.raw(contentTable)}" c ON f.id = c.id
-			WHERE "${sql.raw(ftsTable)}" MATCH ${prefixQuery}
-			AND c.status = 'published'
-			AND c.deleted_at IS NULL
-			AND c.title IS NOT NULL
-			${locale ? sql`AND c.locale = ${locale}` : sql``}
-			ORDER BY bm25("${sql.raw(ftsTable)}")
-			LIMIT ${limit}
-		`.execute(db);
+		let results;
+		try {
+			results = await sql`
+				SELECT 
+					c.id,
+					c.title
+				FROM "${sql.raw(ftsTable)}" f
+				JOIN "${sql.raw(contentTable)}" c ON f.id = c.id
+				WHERE "${sql.raw(ftsTable)}" MATCH ${prefixQuery}
+				AND c.status = 'published'
+				AND c.deleted_at IS NULL
+				AND c.title IS NOT NULL
+				${locale ? sql`AND c.locale = ${locale}` : sql``}
+				ORDER BY bm25("${sql.raw(ftsTable)}")
+				LIMIT ${limit}
+			`.execute(db);
+		} catch (error) {
+			if (isFts5SyntaxError(error)) continue;
+			throw error;
+		}
 		for (const row of results.rows) suggestions.push({
 			collection,
 			id: row.id,
@@ -9490,5 +9679,5 @@ function extractSearchableFields(entry, fields) {
 }
 
 //#endregion
-export { prosemirrorToPortableText as $, isStandardPluginDefinition as A, handleContentPublish as At, EmailPipeline as B, image as Bt, getAllSources as C, handleContentDiscardDraft as Ct, probeUrl as D, handleContentList as Dt, getUrlSources as E, handleContentGetIncludingTrashed as Et, createPluginManager as F, handleContentUnschedule as Ft, extractRequestMeta as G, createHookPipeline as H, PluginRouteError as I, handleContentUpdate as It, definePlugin as J, sanitizeHeadersForSandbox as K, PluginRouteRegistry as L, validateRev as Lt, SandboxNotAvailableError as M, handleContentSchedule as Mt, createNoopSandboxRunner as N, handleContentTranslations as Nt, registerSource as O, handleContentListTrashed as Ot, PluginManager as P, handleContentUnpublish as Pt, portableTextToProsemirror as Q, DEV_CONSOLE_EMAIL_PLUGIN_ID as R, portableText as Rt, clearSources as S, handleContentDelete as St, getSource as T, handleContentGet as Tt, resolveExclusiveHooks as U, HookPipeline as V, CronExecutor as W, parseWxrString as X, parseWxr as Y, after as Z, buildPreviewUrl as _, hashString as _t, search as a, PluginStateRepository as at, parseWxrDate as b, handleContentCountTrashed as bt, getWidgetArea as c, handleMediaDelete as ct, getMenu as d, handleMediaUpdate as dt, isSafeHref as et, getMenus as f, handleRevisionGet as ft, isPreviewRequest as g, computeContentHash as gt, getPreviewToken as h, generateManifest as ht, getSuggestions as i, getSections as it, NoopSandboxRunner as j, handleContentRestore as jt, importReusableBlocksAsSections as k, handleContentPermanentDelete as kt, getWidgetAreas as l, handleMediaGet as lt, getComments as m, handleRevisionRestore as mt, extractSearchableFields as n, loadBundleFromR2 as nt, searchCollection as o, getCollectionInfo as ot, getCommentCount as p, handleRevisionList as pt, getTrustedProxyHeaders as q, getSearchStats as r, getSection as rt, searchWithDb as s, handleMediaCreate as st, extractPlainText as t, sanitizeHref as tt, getWidgetComponents as u, handleMediaList as ut, getPreviewUrl as v, handleContentCompare as vt, getFileSources as w, handleContentDuplicate as wt, wxrSource as x, handleContentCreate as xt, wordpressRestSource as y, handleContentCountScheduled as yt, devConsoleEmailDeliver as z, reference as zt };
-//# sourceMappingURL=search-B0effn3j.mjs.map
+export { isSafeHref as $, NoopSandboxRunner as A, handleContentTranslations as At, HookPipeline as B, getAllSources as C, handleContentGetIncludingTrashed as Ct, probeUrl as D, handleContentPublish as Dt, getUrlSources as E, handleContentPermanentDelete as Et, PluginRouteError as F, portableText as Ft, sanitizeHeadersForSandbox as G, resolveExclusiveHooks as H, PluginRouteRegistry as I, reference as It, parseWxr as J, getTrustedProxyHeaders as K, DEV_CONSOLE_EMAIL_PLUGIN_ID as L, image as Lt, createNoopSandboxRunner as M, handleContentUnschedule as Mt, PluginManager as N, handleContentUpdate as Nt, registerSource as O, handleContentRestore as Ot, createPluginManager as P, validateRev as Pt, prosemirrorToPortableText as Q, devConsoleEmailDeliver as R, clearSources as S, handleContentGet as St, getSource as T, handleContentListTrashed as Tt, CronExecutor as U, createHookPipeline as V, extractRequestMeta as W, after as X, parseWxrString as Y, portableTextToProsemirror as Z, buildPreviewUrl as _, handleContentCountTrashed as _t, search as a, getCollectionInfo as at, parseWxrDate as b, handleContentDiscardDraft as bt, getWidgetArea as c, handleMediaGet as ct, getMenu as d, handleRevisionGet as dt, sanitizeHref as et, getMenus as f, handleRevisionList as ft, isPreviewRequest as g, handleContentCountScheduled as gt, getPreviewToken as h, handleContentCompare as ht, getSuggestions as i, PluginStateRepository as it, SandboxNotAvailableError as j, handleContentUnpublish as jt, importReusableBlocksAsSections as k, handleContentSchedule as kt, getWidgetAreas as l, handleMediaList as lt, getComments as m, generateManifest as mt, extractSearchableFields as n, getSection as nt, searchCollection as o, handleMediaCreate as ot, getCommentCount as p, handleRevisionRestore as pt, definePlugin as q, getSearchStats as r, getSections as rt, searchWithDb as s, handleMediaDelete as st, extractPlainText as t, loadBundleFromR2 as tt, getWidgetComponents as u, handleMediaUpdate as ut, getPreviewUrl as v, handleContentCreate as vt, getFileSources as w, handleContentList as wt, wxrSource as x, handleContentDuplicate as xt, wordpressRestSource as y, handleContentDelete as yt, EmailPipeline as z };
+//# sourceMappingURL=search-dOGEccMa.mjs.map