emdash 0.7.0 → 0.9.0

package/src/api/handlers/taxonomies.ts

@@ -122,16 +122,27 @@ export async function handleTaxonomyList(
 	db: Kysely<Database>,
 ): Promise<ApiResult<TaxonomyListResponse>> {
 	try {
-		const rows = await db.selectFrom("_emdash_taxonomy_defs").selectAll().execute();
-
-		const taxonomies: TaxonomyDef[] = rows.map((row) => ({
-			id: row.id,
-			name: row.name,
-			label: row.label,
-			labelSingular: row.label_singular ?? undefined,
-			hierarchical: row.hierarchical === 1,
-			collections: row.collections ? JSON.parse(row.collections) : [],
-		}));
+		const [rows, collectionRows] = await Promise.all([
+			db.selectFrom("_emdash_taxonomy_defs").selectAll().execute(),
+			db.selectFrom("_emdash_collections").select("slug").execute(),
+		]);
+
+		// Filter orphan collection references on read so the response stays
+		// consistent with `schema_list_collections`. Storage is untouched —
+		// re-creating the collection re-links automatically.
+		const realCollections = new Set(collectionRows.map((r) => r.slug));
+
+		const taxonomies: TaxonomyDef[] = rows.map((row) => {
+			const stored: string[] = row.collections ? JSON.parse(row.collections) : [];
+			return {
+				id: row.id,
+				name: row.name,
+				label: row.label,
+				labelSingular: row.label_singular ?? undefined,
+				hierarchical: row.hierarchical === 1,
+				collections: stored.filter((slug) => realCollections.has(slug)),
+			};
+		});
 
 		return { success: true, data: { taxonomies } };
 	} catch {
@@ -260,12 +271,9 @@ export async function handleTermList(
 		const repo = new TaxonomyRepository(db);
 		const terms = await repo.findByName(taxonomyName);
 
-		// Get counts for each term
-		const counts = new Map<string, number>();
-		for (const term of terms) {
-			const count = await repo.countEntriesWithTerm(term.id);
-			counts.set(term.id, count);
-		}
+		// Batch count entries per term in a single query (replaces N+1 pattern)
+		const termIds = terms.map((t) => t.id);
+		const counts = await repo.countEntriesForTerms(termIds);
 
 		const termData: TermWithCount[] = terms.map((term) => ({
 			id: term.id,
@@ -290,6 +298,84 @@ export async function handleTermList(
 	}
 }
 
+/**
+ * Validate a parent term reference for create/update.
+ *
+ * Returns `null` on success or a structured error message that callers
+ * wrap in their own ApiResult.
+ *
+ *   - `parentId === undefined` -> no-op (no parent change requested).
+ *   - `parentId === null` -> caller intends to detach; no-op here.
+ *   - parent must exist (FK exists -> term row not soft-deleted).
+ *   - parent must live in the same taxonomy.
+ *   - if `termId` is provided (update path), reject `parentId === termId`
+ *     (self-parent) and walk up the parent chain to detect cycles.
+ */
+async function validateParentTerm(
+	repo: TaxonomyRepository,
+	taxonomyName: string,
+	termId: string | undefined,
+	parentId: string | null | undefined,
+): Promise<{ code: "VALIDATION_ERROR"; message: string } | null> {
+	if (parentId === undefined || parentId === null) return null;
+
+	if (termId !== undefined && parentId === termId) {
+		return {
+			code: "VALIDATION_ERROR",
+			message: "A term cannot be its own parent",
+		};
+	}
+
+	const parent = await repo.findById(parentId);
+	if (!parent) {
+		return {
+			code: "VALIDATION_ERROR",
+			message: `Parent term '${parentId}' not found`,
+		};
+	}
+	if (parent.name !== taxonomyName) {
+		return {
+			code: "VALIDATION_ERROR",
+			message: `Parent term '${parentId}' belongs to taxonomy '${parent.name}', not '${taxonomyName}'`,
+		};
+	}
+
+	// Walk up the parent chain. Two checks fold into one walk:
+	//   - Cycle detection (only on update — a non-existent term-being-
+	//     created can't be its own ancestor): if the walk revisits termId
+	//     the proposed parent makes the term a descendant of itself.
+	//   - Depth bound: refuse to extend a chain past MAX_DEPTH ancestors.
+	//     Runs on both create and update so a malicious or buggy caller
+	//     can't grow the tree without limit.
+	//
+	// The depth-exceeded error fires only when we hit the limit AND there
+	// was still chain to walk — a legitimate chain of exactly MAX_DEPTH
+	// ancestors exits with `cursor === null` and is accepted.
+	const MAX_DEPTH = 100;
+	let cursor: string | null = parent.parentId;
+	let steps = 0;
+	while (cursor !== null && steps < MAX_DEPTH) {
+		if (termId !== undefined && cursor === termId) {
+			return {
+				code: "VALIDATION_ERROR",
+				message: "Cycle detected: cannot make a descendant the parent",
+			};
+		}
+		const next = await repo.findById(cursor);
+		if (!next) break;
+		cursor = next.parentId;
+		steps++;
+	}
+	if (cursor !== null && steps >= MAX_DEPTH) {
+		return {
+			code: "VALIDATION_ERROR",
+			message: "Parent chain exceeds maximum depth",
+		};
+	}
+
+	return null;
+}
+
 /**
  * Create a new term in a taxonomy
  */
@@ -304,6 +390,10 @@ export async function handleTermCreate(
 
 		const repo = new TaxonomyRepository(db);
 
+		// Coerce empty-string parentId to undefined (treat as "no parent").
+		const parentId =
+			input.parentId === "" || input.parentId === undefined ? undefined : input.parentId;
+
 		// Check for slug conflict
 		const existing = await repo.findBySlug(taxonomyName, input.slug);
 		if (existing) {
@@ -316,11 +406,18 @@ export async function handleTermCreate(
 			};
 		}
 
+		// Validate parentId: must exist AND belong to the same taxonomy.
+		// (Cycle check is N/A on create — the term doesn't exist yet.)
+		const parentError = await validateParentTerm(repo, taxonomyName, undefined, parentId);
+		if (parentError) {
+			return { success: false, error: parentError };
+		}
+
 		const term = await repo.create({
 			name: taxonomyName,
 			slug: input.slug,
 			label: input.label,
-			parentId: input.parentId ?? undefined,
+			parentId: parentId ?? undefined,
 			data: input.description ? { description: input.description } : undefined,
 		});
 
@@ -426,24 +523,36 @@ export async function handleTermUpdate(
 			};
 		}
 
+		// Coerce empty-string slug/parentId to undefined (treat as "no change").
+		// `null` parentId is a valid request meaning "detach from parent".
+		const newSlug = input.slug === "" || input.slug === undefined ? undefined : input.slug;
+		const newParentId =
+			input.parentId === "" || input.parentId === undefined ? undefined : input.parentId;
+
 		// Check if new slug conflicts
-		if (input.slug && input.slug !== termSlug) {
-			const existing = await repo.findBySlug(taxonomyName, input.slug);
+		if (newSlug !== undefined && newSlug !== termSlug) {
+			const existing = await repo.findBySlug(taxonomyName, newSlug);
 			if (existing && existing.id !== term.id) {
 				return {
 					success: false,
 					error: {
 						code: "CONFLICT",
-						message: `Term with slug '${input.slug}' already exists in taxonomy '${taxonomyName}'`,
+						message: `Term with slug '${newSlug}' already exists in taxonomy '${taxonomyName}'`,
 					},
 				};
 			}
 		}
 
+		// Validate parentId: existence, same-taxonomy, no self-parent, no cycle.
+		const parentError = await validateParentTerm(repo, taxonomyName, term.id, newParentId);
+		if (parentError) {
+			return { success: false, error: parentError };
+		}
+
 		const updated = await repo.update(term.id, {
-			slug: input.slug,
+			slug: newSlug,
 			label: input.label,
-			parentId: input.parentId,
+			parentId: newParentId,
 			data: input.description !== undefined ? { description: input.description } : undefined,
 		});
 

package/src/api/handlers/validation.ts

@@ -0,0 +1,212 @@
+/**
+ * Field-level validation for content create / update.
+ *
+ * Wires the existing `generateZodSchema()` pipeline (`schema/zod-generator.ts`)
+ * into the handler boundary so REST and MCP both get the same enforcement:
+ *
+ *  - required fields must be present and non-empty
+ *  - select / multiSelect values must match the configured options
+ *  - reference fields must resolve to a real, non-trashed target
+ *
+ * Errors surface as `{ code: "VALIDATION_ERROR", message }` with all
+ * offending fields listed in one message so callers can fix everything in
+ * a single round trip.
+ */
+
+import { sql, type Kysely } from "kysely";
+
+import type { Database } from "../../database/types.js";
+import { validateIdentifier } from "../../database/validate.js";
+import { SchemaRegistry } from "../../schema/registry.js";
+import type { Field } from "../../schema/types.js";
+import { generateZodSchema } from "../../schema/zod-generator.js";
+import { chunks, SQL_BATCH_SIZE } from "../../utils/chunks.js";
+import { isMissingTableError } from "../../utils/db-errors.js";
+
+type ValidationResult =
+	| { ok: true }
+	| { ok: false; error: { code: "VALIDATION_ERROR" | "COLLECTION_NOT_FOUND"; message: string } };
+
+/** Treat `undefined`, `null`, and `""` as "not set". */
+function isMissing(value: unknown): boolean {
+	return value === undefined || value === null || value === "";
+}
+
+/**
+ * Resolve the target collection slug for a reference field.
+ *
+ * Schema-defined reference fields (the static `reference()` factory in
+ * `fields/reference.ts`) put the target in `options.collection`. The MCP
+ * `schema_create_field` tool also puts it there. Tests and some admin paths
+ * stash it inside `validation.collection` directly; we accept both.
+ */
+function getReferenceTargetCollection(field: Field): string | undefined {
+	const fromOptions = field.options?.collection;
+	if (typeof fromOptions === "string" && fromOptions.length > 0) return fromOptions;
+	const validation = field.validation;
+	if (validation && "collection" in validation) {
+		const fromValidation: unknown = (validation as { collection?: unknown }).collection;
+		if (typeof fromValidation === "string" && fromValidation.length > 0) return fromValidation;
+	}
+	return undefined;
+}
+
+/**
+ * Format a Zod issue path into a human-readable field reference, e.g.
+ * `tags`, `tags.1`, `image.alt`.
+ */
+function formatIssuePath(path: ReadonlyArray<PropertyKey>): string {
+	if (path.length === 0) return "(root)";
+	return path.map((seg) => String(seg)).join(".");
+}
+
+/**
+ * Validate `data` against the collection's field definitions.
+ *
+ * `partial: true` switches Zod into partial mode so updates can include
+ * only the fields being changed without tripping required-field errors on
+ * fields the caller didn't touch. Required fields that ARE present in
+ * partial-mode data still get the empty-string check below.
+ */
+export async function validateContentData(
+	db: Kysely<Database>,
+	collection: string,
+	data: Record<string, unknown>,
+	options: { partial?: boolean } = {},
+): Promise<ValidationResult> {
+	const registry = new SchemaRegistry(db);
+	const collectionWithFields = await registry.getCollectionWithFields(collection);
+	if (!collectionWithFields) {
+		return {
+			ok: false,
+			error: {
+				code: "COLLECTION_NOT_FOUND",
+				message: `Collection '${collection}' not found`,
+			},
+		};
+	}
+
+	const issues: string[] = [];
+
+	// Detect unknown keys explicitly so callers get a useful error rather
+	// than silently dropped data. Leading-underscore keys (e.g. `_slug`,
+	// `_rev`) are reserved for internal handler/runtime use and aren't real
+	// fields; skip them.
+	const knownFields = new Set(collectionWithFields.fields.map((f) => f.slug));
+	for (const key of Object.keys(data)) {
+		if (key.startsWith("_")) continue;
+		if (!knownFields.has(key)) {
+			issues.push(`${key}: unknown field on collection '${collection}'`);
+		}
+	}
+
+	// Zod handles type, enum, length and missing-required (in non-partial
+	// mode) checks. Empty-string handling for required string fields is
+	// done as a separate pass below since Zod's `z.string()` accepts "".
+	const baseSchema = generateZodSchema(collectionWithFields);
+	const schema = options.partial ? baseSchema.partial() : baseSchema;
+	const parsed = schema.safeParse(data);
+	if (!parsed.success) {
+		for (const issue of parsed.error.issues) {
+			issues.push(`${formatIssuePath(issue.path)}: ${issue.message}`);
+		}
+	}
+
+	// Empty-string-on-required check. In create mode (partial=false) Zod
+	// already catches missing/null for required fields, but `z.string()`
+	// happily accepts "". In update mode (partial=true) the field is only
+	// checked if it's present in `data`.
+	for (const field of collectionWithFields.fields) {
+		if (!field.required) continue;
+		const present = Object.hasOwn(data, field.slug);
+		if (options.partial && !present) continue;
+		if (data[field.slug] === "") {
+			issues.push(`${field.slug}: required (empty value not allowed)`);
+		}
+	}
+
+	// Reference target existence. Only check fields that:
+	//   - have a value (non-missing) in `data`
+	//   - have a resolvable target collection
+	//   - in partial mode: are present in `data`
+	// Batch one IN-query per target collection to keep round-trips low.
+	const refsByTarget = new Map<string, { field: string; id: string }[]>();
+	for (const field of collectionWithFields.fields) {
+		if (field.type !== "reference") continue;
+		if (options.partial && !Object.hasOwn(data, field.slug)) continue;
+		const value = data[field.slug];
+		if (isMissing(value)) continue;
+		if (typeof value !== "string") continue; // Zod will have flagged this already
+		const target = getReferenceTargetCollection(field);
+		if (!target) continue;
+		const list = refsByTarget.get(target) ?? [];
+		list.push({ field: field.slug, id: value });
+		refsByTarget.set(target, list);
+	}
+
+	for (const [target, refs] of refsByTarget) {
+		// Validate the target collection slug before interpolating into raw
+		// SQL — defense-in-depth even though slugs are already validated at
+		// schema-create time.
+		try {
+			validateIdentifier(target, "reference target collection");
+		} catch {
+			for (const ref of refs) {
+				issues.push(`${ref.field}: invalid reference target collection '${target}'`);
+			}
+			continue;
+		}
+
+		const ids = [...new Set(refs.map((r) => r.id))];
+		const tableName = `ec_${target}`;
+
+		// Chunk the IN clause to stay below D1's bind-parameter limit. One
+		// reference per request is the common case today; chunking makes the
+		// helper safe if a future multiSelect-of-references is added.
+		const found = new Set<string>();
+		let targetTableMissing = false;
+		for (const idChunk of chunks(ids, SQL_BATCH_SIZE)) {
+			try {
+				const rows = await sql<{ id: string }>`
+					SELECT id FROM ${sql.ref(tableName)}
+					WHERE id IN (${sql.join(idChunk)})
+					AND deleted_at IS NULL
+				`.execute(db);
+				for (const row of rows.rows) {
+					found.add(row.id);
+				}
+			} catch (error) {
+				// Missing table = the target collection table doesn't exist
+				// (orphan reference). Treat all those references as missing.
+				// Any other DB error (permissions, connection, syntax) must
+				// propagate — silently dropping data integrity errors as
+				// "not found" is exactly the bug F5 fixes.
+				if (isMissingTableError(error)) {
+					targetTableMissing = true;
+					break;
+				}
+				throw error;
+			}
+		}
+		if (targetTableMissing) {
+			for (const ref of refs) {
+				issues.push(`${ref.field}: target '${ref.id}' not found in collection '${target}'`);
+			}
+			continue;
+		}
+		for (const ref of refs) {
+			if (!found.has(ref.id)) {
+				issues.push(`${ref.field}: target '${ref.id}' not found in collection '${target}'`);
+			}
+		}
+	}
+
+	if (issues.length === 0) return { ok: true };
+	return {
+		ok: false,
+		error: {
+			code: "VALIDATION_ERROR",
+			message: issues.join("; "),
+		},
+	};
+}

package/src/api/openapi/document.ts

@@ -122,6 +122,7 @@ import {
 	reorderWidgetsBody,
 	updateWidgetBody,
 	widgetAreaSchema,
+	widgetAreaWithWidgetsAndCountSchema,
 	widgetAreaWithWidgetsSchema,
 	widgetSchema,
 } from "../schemas/widgets.js";
@@ -1581,7 +1582,9 @@ const widgetPaths = {
 					description: "Widget area list",
 					content: {
 						[JSON_CONTENT]: {
-							schema: successEnvelope(z.object({ items: z.array(widgetAreaSchema) })),
+							schema: successEnvelope(
+								z.object({ items: z.array(widgetAreaWithWidgetsAndCountSchema) }),
+							),
 						},
 					},
 				},

package/src/api/public-url.ts

@@ -9,7 +9,10 @@
  * Workers-safe: no Node.js imports.
  */
 
-import type { EmDashConfig } from "../astro/integration/runtime.js";
+/** Minimal config shape — avoids importing the full EmDashConfig type tree. */
+interface SiteUrlConfig {
+	siteUrl?: string;
+}
 
 /**
  * Resolve siteUrl from runtime environment variables.
@@ -26,9 +29,10 @@ import type { EmDashConfig } from "../astro/integration/runtime.js";
  */
 let _envSiteUrl: string | undefined | null = null;
 
-/** @internal Reset cached env value — test-only. */
-export function _resetEnvSiteUrlCache(): void {
+/** @internal Reset cached env values — test-only. */
+export function _resetEnvCache(): void {
 	_envSiteUrl = null;
+	_envAllowedOrigins = null;
 }
 
 function getEnvSiteUrl(): string | undefined {
@@ -67,10 +71,55 @@ function getEnvSiteUrl(): string | undefined {
  * @param config  The EmDash config (from `locals.emdash?.config`)
  * @returns Origin string, e.g. `"https://mysite.example.com"`
  */
-export function getPublicOrigin(url: URL, config?: EmDashConfig): string {
+export function getPublicOrigin(url: URL, config?: SiteUrlConfig): string {
 	return config?.siteUrl || getEnvSiteUrl() || url.origin;
 }
 
+/**
+ * Resolve additional accepted passkey origins from runtime environment.
+ *
+ * Reads `EMDASH_ALLOWED_ORIGINS` (comma-separated list of origins) for
+ * multi-origin deployments where the same RP is reachable under several
+ * hostnames sharing the registrable parent domain (e.g. apex + preview).
+ *
+ * Each entry is parsed via `new URL()` and reduced to its `origin`. Unlike
+ * `getEnvSiteUrl` (which silently falls back to `url.origin` on bad input),
+ * this throws on any unparseable or non-http(s) entry — `EMDASH_ALLOWED_ORIGINS`
+ * is an allowlist for passkey verification, so silently dropping a typo would
+ * surface as "I can't authenticate on this origin" with no diagnostic. Fail
+ * loud at first read.
+ *
+ * Uses `process.env` (Vite leaves it untouched at runtime). Result is cached
+ * on success.
+ */
+let _envAllowedOrigins: string[] | null = null;
+
+export function getEnvAllowedOrigins(): string[] {
+	if (_envAllowedOrigins !== null) return _envAllowedOrigins;
+	const raw = typeof process !== "undefined" ? process.env?.EMDASH_ALLOWED_ORIGINS || "" : "";
+	const parsed: string[] = [];
+	for (const entry of raw.split(",")) {
+		const trimmed = entry.trim();
+		if (!trimmed) continue;
+		let u: URL;
+		try {
+			u = new URL(trimmed);
+		} catch (e) {
+			throw new Error(`EmDash config error in EMDASH_ALLOWED_ORIGINS: invalid URL: "${trimmed}"`, {
+				cause: e,
+			});
+		}
+		if (u.protocol !== "http:" && u.protocol !== "https:") {
+			throw new Error(
+				`EmDash config error in EMDASH_ALLOWED_ORIGINS: origin must be http or https: "${trimmed}" (got ${u.protocol})`,
+			);
+		}
+		parsed.push(u.origin);
+	}
+	_envAllowedOrigins = parsed;
+	return parsed;
+}
+
 /**
  * Build a full public URL by appending a path to the public origin.
  *
@@ -79,6 +128,6 @@ export function getPublicOrigin(url: URL, config?: EmDashConfig): string {
  * @param path  Path to append (must start with `/`)
  * @returns Full URL string, e.g. `"https://mysite.example.com/_emdash/admin/login"`
  */
-export function getPublicUrl(url: URL, config: EmDashConfig | undefined, path: string): string {
+export function getPublicUrl(url: URL, config: SiteUrlConfig | undefined, path: string): string {
 	return `${getPublicOrigin(url, config)}${path}`;
 }

package/src/api/route-utils.ts

@@ -0,0 +1,14 @@
+/**
+ * Public API route utilities for auth provider routes.
+ *
+ * This module re-exports the utilities that auth provider route handlers
+ * need from core. Auth providers (plugins) import these via `emdash/api/route-utils`.
+ */
+
+export { apiError, apiSuccess, handleError } from "./error.js";
+export { parseBody, parseQuery, isParseError } from "./parse.js";
+export type { ParseResult } from "./parse.js";
+export { finalizeSetup } from "./setup-complete.js";
+export { OptionsRepository } from "../database/repositories/options.js";
+export { getAuthProviderStorage } from "./auth-storage.js";
+export { getPublicOrigin } from "./public-url.js";

package/src/api/schemas/comments.ts

@@ -33,8 +33,8 @@ export const commentListQuery = z
 		status: z.enum(["pending", "approved", "spam", "trash"]).optional(),
 		collection: z.string().optional(),
 		search: z.string().optional(),
-		limit: z.coerce.number().int().min(1).max(100).optional(),
-		cursor: z.string().optional(),
+		limit: z.coerce.number().int().min(1).max(100).optional().default(50),
+		cursor: z.string().max(2048).optional(),
 	})
 	.meta({ id: "CommentListQuery" });
 

package/src/api/schemas/common.ts

@@ -22,7 +22,7 @@ export const roleLevel = z.coerce
 /** Pagination query params — cursor-based */
 export const cursorPaginationQuery = z
 	.object({
-		cursor: z.string().optional().meta({ description: "Opaque cursor for pagination" }),
+		cursor: z.string().max(2048).optional().meta({ description: "Opaque cursor for pagination" }),
 		limit: z.coerce.number().int().min(1).max(100).optional().default(50).meta({
 			description: "Maximum number of items to return (1-100, default 50)",
 		}),

package/src/api/schemas/content.ts

@@ -72,6 +72,23 @@ export const contentScheduleBody = z
 	})
 	.meta({ id: "ContentScheduleBody" });
 
+export const contentPublishBody = z
+	.object({
+		// .optional() rather than .nullish(): publishing has no semantic
+		// meaning for `null` (you can't "clear" a publish timestamp by
+		// publishing). Tightening the schema here means callers either
+		// pass a valid datetime or omit the field, and the route doesn't
+		// have to silently drop a null that snuck through.
+		publishedAt: z.iso
+			.datetime({ offset: true, message: "must be an ISO 8601 datetime" })
+			.optional()
+			.meta({
+				description:
+					"Optional ISO 8601 datetime to backdate the publish (e.g. when migrating content). Requires content:publish_any permission. Without this, existing published_at is preserved on re-publish.",
+			}),
+	})
+	.meta({ id: "ContentPublishBody" });
+
 export const contentPreviewUrlBody = z
 	.object({
 		expiresIn: z.union([z.string(), z.number()]).optional(),

package/src/api/schemas/sections.ts

@@ -10,8 +10,8 @@ export const sectionsListQuery = z
 	.object({
 		source: sectionSource.optional(),
 		search: z.string().optional(),
-		limit: z.coerce.number().int().min(1).max(100).optional(),
-		cursor: z.string().optional(),
+		limit: z.coerce.number().int().min(1).max(100).optional().default(50),
+		cursor: z.string().max(2048).optional(),
 	})
 	.meta({ id: "SectionsListQuery" });
 
@@ -23,7 +23,7 @@ export const createSectionBody = z
 		keywords: z.array(z.string()).optional(),
 		content: z.array(z.record(z.string(), z.unknown())),
 		previewMediaId: z.string().optional(),
-		source: sectionSource.optional(),
+		source: z.enum(["user", "import"]).optional(),
 		themeId: z.string().optional(),
 	})
 	.meta({ id: "CreateSectionBody" });

package/src/api/schemas/setup.ts

@@ -35,3 +35,11 @@ export const setupAdminBody = z.object({
 export const setupAdminVerifyBody = z.object({
 	credential: registrationCredential,
 });
+
+export const atprotoLoginBody = z.object({
+	handle: z.string().trim().min(1),
+});
+
+export const setupAtprotoAdminBody = z.object({
+	handle: z.string().trim().min(1),
+});

package/src/api/schemas/users.ts

@@ -10,7 +10,7 @@ export const usersListQuery = z
 	.object({
 		search: z.string().optional(),
 		role: z.string().optional(),
-		cursor: z.string().optional(),
+		cursor: z.string().max(2048).optional(),
 		limit: z.coerce.number().int().min(1).max(100).optional().default(50),
 	})
 	.meta({ id: "UsersListQuery" });

package/src/api/schemas/widgets.ts

@@ -60,16 +60,12 @@ export const widgetAreaSchema = z
 export const widgetSchema = z
 	.object({
 		id: z.string(),
-		area_id: z.string(),
-		type: z.string(),
-		title: z.string().nullable(),
-		content: z.string().nullable(),
-		menu_name: z.string().nullable(),
-		component_id: z.string().nullable(),
-		component_props: z.string().nullable(),
-		sort_order: z.number().int(),
-		created_at: z.string(),
-		updated_at: z.string(),
+		type: widgetType,
+		title: z.string().optional(),
+		content: z.array(z.record(z.string(), z.unknown())).optional(),
+		menuName: z.string().optional(),
+		componentId: z.string().optional(),
+		componentProps: z.record(z.string(), z.unknown()).optional(),
 	})
 	.meta({ id: "Widget" });
 
@@ -78,3 +74,9 @@ export const widgetAreaWithWidgetsSchema = widgetAreaSchema
 		widgets: z.array(widgetSchema),
 	})
 	.meta({ id: "WidgetAreaWithWidgets" });
+
+export const widgetAreaWithWidgetsAndCountSchema = widgetAreaWithWidgetsSchema
+	.extend({
+		widgetCount: z.number().int(),
+	})
+	.meta({ id: "WidgetAreaWithWidgetsAndCount" });