npm - emdash - Versions diffs - 0.8.0 → 0.9.0 - Mend

emdash 0.8.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (286) hide show

package/dist/{adapters-BKSf3T9R.d.mts → adapters-DoNJiveC.d.mts} +1 -1
package/dist/{adapters-BKSf3T9R.d.mts.map → adapters-DoNJiveC.d.mts.map} +1 -1
package/dist/{apply-x0eMK1lX.mjs → apply-BzltprvY.mjs} +85 -135
package/dist/apply-BzltprvY.mjs.map +1 -0
package/dist/astro/index.d.mts +6 -6
package/dist/astro/index.d.mts.map +1 -1
package/dist/astro/index.mjs +110 -4
package/dist/astro/index.mjs.map +1 -1
package/dist/astro/middleware/auth.d.mts +6 -7
package/dist/astro/middleware/auth.d.mts.map +1 -1
package/dist/astro/middleware/auth.mjs +16 -59
package/dist/astro/middleware/auth.mjs.map +1 -1
package/dist/astro/middleware/redirect.d.mts.map +1 -1
package/dist/astro/middleware/redirect.mjs +17 -12
package/dist/astro/middleware/redirect.mjs.map +1 -1
package/dist/astro/middleware/request-context.d.mts.map +1 -1
package/dist/astro/middleware/request-context.mjs +9 -6
package/dist/astro/middleware/request-context.mjs.map +1 -1
package/dist/astro/middleware/setup.mjs +1 -1
package/dist/astro/middleware.d.mts.map +1 -1
package/dist/astro/middleware.mjs +72 -124
package/dist/astro/middleware.mjs.map +1 -1
package/dist/astro/types.d.mts +26 -10
package/dist/astro/types.d.mts.map +1 -1
package/dist/{base64-MBPo9ozB.mjs → base64-BRICGH2l.mjs} +1 -1
package/dist/{base64-MBPo9ozB.mjs.map → base64-BRICGH2l.mjs.map} +1 -1
package/dist/{byline-Chbr2GoP.mjs → byline-BSaNL1w7.mjs} +4 -4
package/dist/{byline-Chbr2GoP.mjs.map → byline-BSaNL1w7.mjs.map} +1 -1
package/dist/bylines-CvJ3PYz2.mjs +113 -0
package/dist/bylines-CvJ3PYz2.mjs.map +1 -0
package/dist/cache-C6N_hhN7.mjs +65 -0
package/dist/cache-C6N_hhN7.mjs.map +1 -0
package/dist/{chunks-HGz06Soa.mjs → chunks-NBQVDOci.mjs} +8 -2
package/dist/{chunks-HGz06Soa.mjs.map → chunks-NBQVDOci.mjs.map} +1 -1
package/dist/cli/index.mjs +224 -30
package/dist/cli/index.mjs.map +1 -1
package/dist/client/cf-access.d.mts +1 -1
package/dist/client/index.d.mts +1 -1
package/dist/client/index.mjs +3 -3
package/dist/client/index.mjs.map +1 -1
package/dist/{config-BXwuX8Bx.mjs → config-BI0V3ICQ.mjs} +1 -1
package/dist/{config-BXwuX8Bx.mjs.map → config-BI0V3ICQ.mjs.map} +1 -1
package/dist/{content-BcQPYxdV.mjs → content-8lOYF0pr.mjs} +32 -15
package/dist/{content-BcQPYxdV.mjs.map → content-8lOYF0pr.mjs.map} +1 -1
package/dist/db/index.d.mts +3 -3
package/dist/db/index.mjs +2 -2
package/dist/db/libsql.d.mts +1 -1
package/dist/db/libsql.d.mts.map +1 -1
package/dist/db/libsql.mjs +7 -2
package/dist/db/libsql.mjs.map +1 -1
package/dist/db/postgres.d.mts +1 -1
package/dist/db/sqlite.d.mts +1 -1
package/dist/db/sqlite.d.mts.map +1 -1
package/dist/db/sqlite.mjs +8 -3
package/dist/db/sqlite.mjs.map +1 -1
package/dist/{db-errors-l1Qh2RPR.mjs → db-errors-WRezodiz.mjs} +1 -1
package/dist/{db-errors-l1Qh2RPR.mjs.map → db-errors-WRezodiz.mjs.map} +1 -1
package/dist/{default-DCVqE5ib.mjs → default-D8ksjWhO.mjs} +1 -1
package/dist/{default-DCVqE5ib.mjs.map → default-D8ksjWhO.mjs.map} +1 -1
package/dist/{dialect-helpers-DhTzaUxP.mjs → dialect-helpers-BKCvISIQ.mjs} +19 -2
package/dist/dialect-helpers-BKCvISIQ.mjs.map +1 -0
package/dist/{error-zG5T1UGA.mjs → error-D_-tqP-I.mjs} +1 -1
package/dist/{error-zG5T1UGA.mjs.map → error-D_-tqP-I.mjs.map} +1 -1
package/dist/{index-DIb-CzNx.d.mts → index-BFRaVcD6.d.mts} +94 -34
package/dist/index-BFRaVcD6.d.mts.map +1 -0
package/dist/index.d.mts +11 -11
package/dist/index.mjs +29 -27
package/dist/{load-CyEoextb.mjs → load-DDqMMvZL.mjs} +2 -2
package/dist/{load-CyEoextb.mjs.map → load-DDqMMvZL.mjs.map} +1 -1
package/dist/{loader-CndGj8kM.mjs → loader-CKLbBnhK.mjs} +27 -7
package/dist/loader-CKLbBnhK.mjs.map +1 -0
package/dist/{manifest-schema-DH9xhc6t.mjs → manifest-schema-DqWNC3lM.mjs} +33 -3
package/dist/manifest-schema-DqWNC3lM.mjs.map +1 -0
package/dist/media/index.d.mts +1 -1
package/dist/media/index.mjs +1 -1
package/dist/media/local-runtime.d.mts +7 -7
package/dist/media/local-runtime.mjs +3 -3
package/dist/{media-D8FbNsl0.mjs → media-BW32b4gi.mjs} +2 -2
package/dist/{media-D8FbNsl0.mjs.map → media-BW32b4gi.mjs.map} +1 -1
package/dist/{mode-BnAOqItE.mjs → mode-ier8jbBk.mjs} +1 -1
package/dist/{mode-BnAOqItE.mjs.map → mode-ier8jbBk.mjs.map} +1 -1
package/dist/options-BVp3UsTS.mjs +117 -0
package/dist/options-BVp3UsTS.mjs.map +1 -0
package/dist/page/index.d.mts +2 -2
package/dist/{placeholder-D29tWZ7o.d.mts → placeholder-BE4o_2dc.d.mts} +1 -1
package/dist/{placeholder-D29tWZ7o.d.mts.map → placeholder-BE4o_2dc.d.mts.map} +1 -1
package/dist/{placeholder-C-fk5hYI.mjs → placeholder-CIJejMlK.mjs} +1 -1
package/dist/{placeholder-C-fk5hYI.mjs.map → placeholder-CIJejMlK.mjs.map} +1 -1
package/dist/plugins/adapt-sandbox-entry.d.mts +5 -5
package/dist/plugins/adapt-sandbox-entry.d.mts.map +1 -1
package/dist/plugins/adapt-sandbox-entry.mjs +6 -5
package/dist/plugins/adapt-sandbox-entry.mjs.map +1 -1
package/dist/public-url-DByxYjUw.mjs +51 -0
package/dist/public-url-DByxYjUw.mjs.map +1 -0
package/dist/{query-fqEdLFms.mjs → query-Cg9ZKRQ0.mjs} +114 -16
package/dist/query-Cg9ZKRQ0.mjs.map +1 -0
package/dist/{redirect-D_pshWdf.mjs → redirect-BhUBKRc1.mjs} +11 -6
package/dist/redirect-BhUBKRc1.mjs.map +1 -0
package/dist/{registry-C3Mr0ODu.mjs → registry-Dw70ChxB.mjs} +38 -4
package/dist/registry-Dw70ChxB.mjs.map +1 -0
package/dist/{request-cache-Ci7f5pBb.mjs → request-cache-B-bmkipQ.mjs} +1 -1
package/dist/{request-cache-Ci7f5pBb.mjs.map → request-cache-B-bmkipQ.mjs.map} +1 -1
package/dist/runner-Bnoj7vjK.d.mts +44 -0
package/dist/runner-Bnoj7vjK.d.mts.map +1 -0
package/dist/{runner-tQ7BJ4T7.mjs → runner-C7ADox5q.mjs} +185 -55
package/dist/{runner-tQ7BJ4T7.mjs.map → runner-C7ADox5q.mjs.map} +1 -1
package/dist/runtime.d.mts +6 -6
package/dist/runtime.mjs +4 -4
package/dist/{search-BoZYFuUk.mjs → search-dOGEccMa.mjs} +129 -83
package/dist/search-dOGEccMa.mjs.map +1 -0
package/dist/secrets-CW3reAnU.mjs +314 -0
package/dist/secrets-CW3reAnU.mjs.map +1 -0
package/dist/seed/index.d.mts +2 -2
package/dist/seed/index.mjs +15 -14
package/dist/seo/index.d.mts +1 -1
package/dist/storage/local.d.mts +1 -1
package/dist/storage/local.mjs +1 -1
package/dist/storage/s3.d.mts +1 -1
package/dist/storage/s3.mjs +1 -1
package/dist/{taxonomies-B4IAshV8.mjs → taxonomies-ZlRtD6AG.mjs} +14 -7
package/dist/taxonomies-ZlRtD6AG.mjs.map +1 -0
package/dist/{tokens-D9vnZqYS.mjs → tokens-D7zMmWi2.mjs} +2 -2
package/dist/{tokens-D9vnZqYS.mjs.map → tokens-D7zMmWi2.mjs.map} +1 -1
package/dist/{transport-C9ugt2Nr.mjs → transport-BeMCmin1.mjs} +6 -5
package/dist/{transport-C9ugt2Nr.mjs.map → transport-BeMCmin1.mjs.map} +1 -1
package/dist/{transport-CUnEL3Vs.d.mts → transport-DNEfeMaU.d.mts} +1 -1
package/dist/{transport-CUnEL3Vs.d.mts.map → transport-DNEfeMaU.d.mts.map} +1 -1
package/dist/types-4fVtCIm0.mjs +68 -0
package/dist/types-4fVtCIm0.mjs.map +1 -0
package/dist/{types-BmPPSUEx.d.mts → types-BSyXeCFW.d.mts} +24 -2
package/dist/{types-BmPPSUEx.d.mts.map → types-BSyXeCFW.d.mts.map} +1 -1
package/dist/{types-i36XcA_X.d.mts → types-BuBIptGk.d.mts} +65 -134
package/dist/types-BuBIptGk.d.mts.map +1 -0
package/dist/{types-CgqmmMJB.mjs → types-CDbKp7ND.mjs} +1 -1
package/dist/{types-CgqmmMJB.mjs.map → types-CDbKp7ND.mjs.map} +1 -1
package/dist/{types-Bm1dn-q3.mjs → types-CIOg5AR8.mjs} +1 -1
package/dist/{types-Bm1dn-q3.mjs.map → types-CIOg5AR8.mjs.map} +1 -1
package/dist/{types-BrA0xf5I.d.mts → types-CJsYGpco.d.mts} +1 -1
package/dist/{types-BrA0xf5I.d.mts.map → types-CJsYGpco.d.mts.map} +1 -1
package/dist/{types-BIgulNsW.mjs → types-CRxNbK-Z.mjs} +2 -2
package/dist/{types-BIgulNsW.mjs.map → types-CRxNbK-Z.mjs.map} +1 -1
package/dist/{types-CS8FIX7L.d.mts → types-CrtWgIvl.d.mts} +1 -1
package/dist/{types-CS8FIX7L.d.mts.map → types-CrtWgIvl.d.mts.map} +1 -1
package/dist/{types-DIMwPFub.d.mts → types-M78DQ1lx.d.mts} +1 -1
package/dist/{types-DIMwPFub.d.mts.map → types-M78DQ1lx.d.mts.map} +1 -1
package/dist/{validate-CxVsLehf.mjs → validate-Baqf0slj.mjs} +3 -3
package/dist/{validate-CxVsLehf.mjs.map → validate-Baqf0slj.mjs.map} +1 -1
package/dist/{validate-DHxmpFJt.d.mts → validate-BfQh_C_y.d.mts} +4 -4
package/dist/{validate-DHxmpFJt.d.mts.map → validate-BfQh_C_y.d.mts.map} +1 -1
package/dist/{validation-C-ZpN2GI.mjs → validation-BfEI7tNe.mjs} +6 -6
package/dist/{validation-C-ZpN2GI.mjs.map → validation-BfEI7tNe.mjs.map} +1 -1
package/dist/version-DoxrVdYf.mjs +7 -0
package/dist/{version-Bbq8TCrz.mjs.map → version-DoxrVdYf.mjs.map} +1 -1
package/dist/{zod-generator-CpwccCIv.mjs → zod-generator-CC0xNe_K.mjs} +4 -4
package/dist/zod-generator-CC0xNe_K.mjs.map +1 -0
package/locals.d.ts +1 -6
package/package.json +9 -8
package/src/api/handlers/comments.ts +6 -4
package/src/api/handlers/content.ts +29 -1
package/src/api/handlers/device-flow.ts +5 -0
package/src/api/handlers/marketplace.ts +11 -4
package/src/api/handlers/oauth-authorization.ts +72 -33
package/src/api/handlers/revision.ts +23 -14
package/src/api/handlers/taxonomies.ts +3 -6
package/src/api/public-url.ts +48 -2
package/src/api/schemas/comments.ts +2 -2
package/src/api/schemas/content.ts +17 -0
package/src/api/schemas/sections.ts +3 -3
package/src/api/schemas/users.ts +1 -1
package/src/api/types.ts +5 -1
package/src/astro/integration/index.ts +17 -0
package/src/astro/integration/runtime.ts +30 -0
package/src/astro/integration/virtual-modules.ts +32 -2
package/src/astro/integration/vite-config.ts +6 -1
package/src/astro/middleware/auth.ts +13 -6
package/src/astro/middleware/redirect.ts +29 -16
package/src/astro/middleware/request-context.ts +15 -5
package/src/astro/middleware.ts +23 -9
package/src/astro/routes/api/auth/invite/complete.ts +6 -1
package/src/astro/routes/api/auth/passkey/register/verify.ts +6 -1
package/src/astro/routes/api/auth/passkey/verify.ts +6 -1
package/src/astro/routes/api/auth/signup/complete.ts +6 -1
package/src/astro/routes/api/comments/[collection]/[contentId]/index.ts +2 -2
package/src/astro/routes/api/content/[collection]/[id]/discard-draft.ts +4 -2
package/src/astro/routes/api/content/[collection]/[id]/preview-url.ts +34 -12
package/src/astro/routes/api/content/[collection]/[id]/publish.ts +32 -2
package/src/astro/routes/api/content/[collection]/[id]/restore.ts +4 -2
package/src/astro/routes/api/content/[collection]/[id]/revisions.ts +3 -2
package/src/astro/routes/api/content/[collection]/[id]/terms/[taxonomy].ts +8 -4
package/src/astro/routes/api/content/[collection]/[id].ts +12 -0
package/src/astro/routes/api/import/wordpress/execute.ts +3 -1
package/src/astro/routes/api/import/wordpress/prepare.ts +7 -8
package/src/astro/routes/api/import/wordpress-plugin/execute.ts +3 -1
package/src/astro/routes/api/manifest.ts +62 -45
package/src/astro/routes/api/media/[id]/confirm.ts +10 -1
package/src/astro/routes/api/media/providers/[providerId]/index.ts +12 -3
package/src/astro/routes/api/openapi.json.ts +27 -10
package/src/astro/routes/api/redirects/404s/index.ts +10 -4
package/src/astro/routes/api/redirects/404s/summary.ts +4 -2
package/src/astro/routes/api/redirects/[id].ts +10 -4
package/src/astro/routes/api/redirects/index.ts +7 -3
package/src/astro/routes/api/revisions/[revisionId]/index.ts +1 -1
package/src/astro/routes/api/schema/collections/[slug]/fields/[fieldSlug].ts +0 -2
package/src/astro/routes/api/schema/collections/[slug]/fields/index.ts +0 -1
package/src/astro/routes/api/schema/collections/[slug]/fields/reorder.ts +0 -1
package/src/astro/routes/api/schema/collections/[slug]/index.ts +2 -2
package/src/astro/routes/api/schema/collections/index.ts +1 -1
package/src/astro/routes/api/search/index.ts +10 -2
package/src/astro/routes/api/sections/[slug].ts +10 -4
package/src/astro/routes/api/sections/index.ts +7 -3
package/src/astro/routes/api/setup/admin-verify.ts +6 -1
package/src/astro/routes/api/snapshot.ts +44 -18
package/src/astro/routes/api/taxonomies/index.ts +0 -1
package/src/astro/routes/api/themes/preview.ts +11 -5
package/src/astro/types.ts +23 -3
package/src/auth/allowed-origins.ts +168 -0
package/src/auth/passkey-config.ts +35 -13
package/src/bylines/index.ts +37 -88
package/src/cli/commands/auth.ts +28 -6
package/src/cli/commands/bundle-utils.ts +11 -2
package/src/cli/commands/bundle.ts +28 -8
package/src/cli/commands/content.ts +13 -0
package/src/cli/commands/login.ts +8 -1
package/src/cli/commands/publish.ts +24 -0
package/src/cli/commands/secrets.ts +183 -0
package/src/cli/credentials.ts +1 -1
package/src/cli/index.ts +5 -1
package/src/client/index.ts +4 -4
package/src/client/transport.ts +17 -7
package/src/components/Break.astro +2 -2
package/src/components/EmDashHead.astro +18 -13
package/src/components/Embed.astro +1 -1
package/src/components/Gallery.astro +1 -1
package/src/components/Image.astro +1 -1
package/src/components/InlinePortableTextEditor.tsx +104 -18
package/src/config/secrets.ts +528 -0
package/src/database/dialect-helpers.ts +50 -0
package/src/database/migrations/034_published_at_index.ts +1 -1
package/src/database/migrations/035_bounded_404_log.ts +56 -39
package/src/database/migrations/runner.ts +156 -23
package/src/database/repositories/content.ts +36 -12
package/src/database/repositories/redirect.ts +14 -3
package/src/database/repositories/taxonomy.ts +26 -0
package/src/db/libsql.ts +1 -3
package/src/db/sqlite.ts +2 -5
package/src/emdash-runtime.ts +84 -159
package/src/index.ts +9 -0
package/src/loader.ts +24 -1
package/src/mcp/server.ts +103 -36
package/src/page/site-identity.ts +58 -0
package/src/plugins/adapt-sandbox-entry.ts +22 -10
package/src/plugins/context.ts +13 -10
package/src/plugins/define-plugin.ts +40 -12
package/src/plugins/hooks.ts +23 -19
package/src/plugins/index.ts +9 -0
package/src/plugins/manifest-schema.ts +37 -2
package/src/plugins/types.ts +151 -11
package/src/preview/urls.ts +23 -3
package/src/query.ts +148 -5
package/src/redirects/cache.ts +38 -18
package/src/schema/registry.ts +56 -0
package/src/schema/zod-generator.ts +27 -5
package/src/seed/apply.ts +2 -0
package/src/settings/index.ts +80 -6
package/src/settings/types.ts +23 -1
package/src/taxonomies/index.ts +11 -1
package/dist/apply-x0eMK1lX.mjs.map +0 -1
package/dist/bylines-CRNsVG88.mjs +0 -157
package/dist/bylines-CRNsVG88.mjs.map +0 -1
package/dist/cache-BkKBuIvS.mjs +0 -56
package/dist/cache-BkKBuIvS.mjs.map +0 -1
package/dist/chunk-ClPoSABd.mjs +0 -21
package/dist/dialect-helpers-DhTzaUxP.mjs.map +0 -1
package/dist/index-DIb-CzNx.d.mts.map +0 -1
package/dist/loader-CndGj8kM.mjs.map +0 -1
package/dist/manifest-schema-DH9xhc6t.mjs.map +0 -1
package/dist/query-fqEdLFms.mjs.map +0 -1
package/dist/redirect-D_pshWdf.mjs.map +0 -1
package/dist/registry-C3Mr0ODu.mjs.map +0 -1
package/dist/runner-OURCaApa.d.mts +0 -34
package/dist/runner-OURCaApa.d.mts.map +0 -1
package/dist/search-BoZYFuUk.mjs.map +0 -1
package/dist/taxonomies-B4IAshV8.mjs.map +0 -1
package/dist/types-i36XcA_X.d.mts.map +0 -1
package/dist/version-Bbq8TCrz.mjs +0 -7
package/dist/zod-generator-CpwccCIv.mjs.map +0 -1

package/src/astro/routes/api/media/[id]/confirm.ts CHANGED Viewed

@@ -10,7 +10,7 @@
 import type { APIRoute } from "astro";
 import { MediaRepository } from "emdash";
-import { requirePerm } from "#api/authorize.js";
+import { requireOwnerPerm, requirePerm } from "#api/authorize.js";
 import { apiError, apiSuccess, handleError } from "#api/error.js";
 import { isParseError, parseOptionalBody } from "#api/parse.js";
 import { mediaConfirmBody } from "#api/schemas.js";
@@ -62,6 +62,15 @@ export const POST: APIRoute = async ({ params, request, locals }) => {
 			return apiError("INVALID_STATE", `Media item is not pending: ${existing.status}`, 400);
 		}
+		// Only the uploader or a user with media:edit_any can confirm/fail a pending upload
+		const ownerDenied = requireOwnerPerm(
+			user,
+			existing.authorId ?? "",
+			"media:edit_own",
+			"media:edit_any",
+		);
+		if (ownerDenied) return ownerDenied;
 		// Optionally verify the file exists in storage
 		if (emdash.storage) {
 			const exists = await emdash.storage.exists(existing.storageKey);

package/src/astro/routes/api/media/providers/[providerId]/index.ts CHANGED Viewed

@@ -37,9 +37,8 @@ export const GET: APIRoute = async ({ params, request, locals }) => {
 	const url = new URL(request.url);
 	const cursor = url.searchParams.get("cursor") || undefined;
-	const limit = url.searchParams.get("limit")
-		? parseInt(url.searchParams.get("limit")!, 10)
-		: undefined;
+	const rawLimit = url.searchParams.get("limit");
+	const limit = rawLimit ? Math.max(1, Math.min(parseInt(rawLimit, 10) || 50, 100)) : undefined;
 	const query = url.searchParams.get("query") || undefined;
 	const mimeType = url.searchParams.get("mimeType") || undefined;
@@ -98,6 +97,16 @@ export const POST: APIRoute = async ({ params, request, locals }) => {
 			return apiError("NO_FILE", "No file provided", 400);
 		}
+		// Basic size validation (default 50MB, configurable via maxUploadSize)
+		const maxSize = emdash.config?.maxUploadSize ?? 50 * 1024 * 1024;
+		if (file.size > maxSize) {
+			return apiError(
+				"FILE_TOO_LARGE",
+				`File exceeds maximum size of ${Math.round(maxSize / 1024 / 1024)}MB`,
+				413,
+			);
+		}
 		const item = await provider.upload({
 			file,
 			filename: file.name,

package/src/astro/routes/api/openapi.json.ts CHANGED Viewed

@@ -9,33 +9,50 @@
 import type { APIRoute } from "astro";
+import { handleError } from "../../../api/error.js";
 import { generateOpenApiDocument } from "../../../api/openapi/index.js";
 export const prerender = false;
-let cachedSpec: string | null = null;
+// Use globalThis with Symbol.for to survive Vite's SSR module duplication
+const OPENAPI_CACHE_KEY = Symbol.for("emdash.openapi.cachedSpec");
+function getCachedSpec(): string | null {
+	const val = (globalThis as Record<symbol, unknown>)[OPENAPI_CACHE_KEY];
+	return typeof val === "string" ? val : null;
+}
+function setCachedSpec(spec: string): void {
+	(globalThis as Record<symbol, unknown>)[OPENAPI_CACHE_KEY] = spec;
+}
 export const GET: APIRoute = async ({ locals }) => {
 	const { emdash } = locals;
-	if (!cachedSpec && emdash) {
+	let spec = getCachedSpec();
+	if (!spec && emdash) {
 		try {
 			const doc = generateOpenApiDocument({ maxUploadSize: emdash.config.maxUploadSize });
-			cachedSpec = JSON.stringify(doc);
-		} catch {
-			return new Response(
-				JSON.stringify({ error: "Failed to generate OpenAPI document: invalid configuration" }),
-				{ status: 500, headers: { "Content-Type": "application/json" } },
-			);
+			spec = JSON.stringify(doc);
+			setCachedSpec(spec);
+		} catch (error) {
+			return handleError(error, "Failed to generate OpenAPI document", "OPENAPI_ERROR");
 		}
 	}
-	const spec = cachedSpec ?? JSON.stringify(generateOpenApiDocument());
+	if (!spec) {
+		try {
+			spec = JSON.stringify(generateOpenApiDocument());
+		} catch (error) {
+			return handleError(error, "Failed to generate OpenAPI document", "OPENAPI_ERROR");
+		}
+	}
 	return new Response(spec, {
 		status: 200,
 		headers: {
 			"Content-Type": "application/json",
-			"Cache-Control": "public, max-age=3600",
+			"Cache-Control": "private, no-store",
 			"Access-Control-Allow-Origin": "*",
 		},
 	});

package/src/astro/routes/api/redirects/404s/index.ts CHANGED Viewed

@@ -9,7 +9,7 @@
 import type { APIRoute } from "astro";
 import { requirePerm } from "#api/authorize.js";
-import { handleError, unwrapResult } from "#api/error.js";
+import { handleError, requireDb, unwrapResult } from "#api/error.js";
 import {
 	handleNotFoundClear,
 	handleNotFoundList,
@@ -22,7 +22,9 @@ export const prerender = false;
 export const GET: APIRoute = async ({ url, locals }) => {
 	const { emdash, user } = locals;
-	const db = emdash.db;
+	const dbErr = requireDb(emdash?.db);
+	if (dbErr) return dbErr;
+	const db = emdash!.db;
 	const denied = requirePerm(user, "redirects:read");
 	if (denied) return denied;
@@ -40,7 +42,9 @@ export const GET: APIRoute = async ({ url, locals }) => {
 export const DELETE: APIRoute = async ({ locals }) => {
 	const { emdash, user } = locals;
-	const db = emdash.db;
+	const dbErr = requireDb(emdash?.db);
+	if (dbErr) return dbErr;
+	const db = emdash!.db;
 	const denied = requirePerm(user, "redirects:manage");
 	if (denied) return denied;
@@ -55,7 +59,9 @@ export const DELETE: APIRoute = async ({ locals }) => {
 export const POST: APIRoute = async ({ request, locals }) => {
 	const { emdash, user } = locals;
-	const db = emdash.db;
+	const dbErr = requireDb(emdash?.db);
+	if (dbErr) return dbErr;
+	const db = emdash!.db;
 	const denied = requirePerm(user, "redirects:manage");
 	if (denied) return denied;

package/src/astro/routes/api/redirects/404s/summary.ts CHANGED Viewed

@@ -7,7 +7,7 @@
 import type { APIRoute } from "astro";
 import { requirePerm } from "#api/authorize.js";
-import { handleError, unwrapResult } from "#api/error.js";
+import { handleError, requireDb, unwrapResult } from "#api/error.js";
 import { handleNotFoundSummary } from "#api/handlers/redirects.js";
 import { isParseError, parseQuery } from "#api/parse.js";
 import { notFoundSummaryQuery } from "#api/schemas.js";
@@ -16,7 +16,9 @@ export const prerender = false;
 export const GET: APIRoute = async ({ url, locals }) => {
 	const { emdash, user } = locals;
-	const db = emdash.db;
+	const dbErr = requireDb(emdash?.db);
+	if (dbErr) return dbErr;
+	const db = emdash!.db;
 	const denied = requirePerm(user, "redirects:read");
 	if (denied) return denied;

package/src/astro/routes/api/redirects/[id].ts CHANGED Viewed

@@ -9,7 +9,7 @@
 import type { APIRoute } from "astro";
 import { requirePerm } from "#api/authorize.js";
-import { apiError, handleError, unwrapResult } from "#api/error.js";
+import { apiError, handleError, requireDb, unwrapResult } from "#api/error.js";
 import {
 	handleRedirectDelete,
 	handleRedirectGet,
@@ -23,7 +23,9 @@ export const prerender = false;
 export const GET: APIRoute = async ({ params, locals }) => {
 	const { emdash, user } = locals;
-	const db = emdash.db;
+	const dbErr = requireDb(emdash?.db);
+	if (dbErr) return dbErr;
+	const db = emdash!.db;
 	const { id } = params;
 	const denied = requirePerm(user, "redirects:read");
@@ -43,7 +45,9 @@ export const GET: APIRoute = async ({ params, locals }) => {
 export const PUT: APIRoute = async ({ params, request, locals }) => {
 	const { emdash, user } = locals;
-	const db = emdash.db;
+	const dbErr = requireDb(emdash?.db);
+	if (dbErr) return dbErr;
+	const db = emdash!.db;
 	const { id } = params;
 	const denied = requirePerm(user, "redirects:manage");
@@ -67,7 +71,9 @@ export const PUT: APIRoute = async ({ params, request, locals }) => {
 export const DELETE: APIRoute = async ({ params, locals }) => {
 	const { emdash, user } = locals;
-	const db = emdash.db;
+	const dbErr = requireDb(emdash?.db);
+	if (dbErr) return dbErr;
+	const db = emdash!.db;
 	const { id } = params;
 	const denied = requirePerm(user, "redirects:manage");

package/src/astro/routes/api/redirects/index.ts CHANGED Viewed

@@ -8,7 +8,7 @@
 import type { APIRoute } from "astro";
 import { requirePerm } from "#api/authorize.js";
-import { handleError, unwrapResult } from "#api/error.js";
+import { handleError, requireDb, unwrapResult } from "#api/error.js";
 import { handleRedirectCreate, handleRedirectList } from "#api/handlers/redirects.js";
 import { isParseError, parseBody, parseQuery } from "#api/parse.js";
 import { createRedirectBody, redirectsListQuery } from "#api/schemas.js";
@@ -18,7 +18,9 @@ export const prerender = false;
 export const GET: APIRoute = async ({ url, locals }) => {
 	const { emdash, user } = locals;
-	const db = emdash.db;
+	const dbErr = requireDb(emdash?.db);
+	if (dbErr) return dbErr;
+	const db = emdash!.db;
 	const denied = requirePerm(user, "redirects:read");
 	if (denied) return denied;
@@ -36,7 +38,9 @@ export const GET: APIRoute = async ({ url, locals }) => {
 export const POST: APIRoute = async ({ request, locals }) => {
 	const { emdash, user } = locals;
-	const db = emdash.db;
+	const dbErr = requireDb(emdash?.db);
+	if (dbErr) return dbErr;
+	const db = emdash!.db;
 	const denied = requirePerm(user, "redirects:manage");
 	if (denied) return denied;

package/src/astro/routes/api/revisions/[revisionId]/index.ts CHANGED Viewed

@@ -16,7 +16,7 @@ export const GET: APIRoute = async ({ params, locals }) => {
 	const { emdash, user } = locals;
 	const revisionId = params.revisionId!;
-	const denied = requirePerm(user, "content:read");
+	const denied = requirePerm(user, "content:read_drafts");
 	if (denied) return denied;
 	if (!emdash?.handleRevisionGet) {

package/src/astro/routes/api/schema/collections/[slug]/fields/[fieldSlug].ts CHANGED Viewed

@@ -57,7 +57,6 @@ export const PUT: APIRoute = async ({ params, request, locals }) => {
 		fieldSlug,
 		body as UpdateFieldInput,
 	);
-	if (result.success) emdash!.invalidateManifest();
 	return unwrapResult(result);
 };
@@ -73,6 +72,5 @@ export const DELETE: APIRoute = async ({ params, locals }) => {
 	if (denied) return denied;
 	const result = await handleSchemaFieldDelete(emdash!.db, collectionSlug, fieldSlug);
-	if (result.success) emdash!.invalidateManifest();
 	return unwrapResult(result);
 };

package/src/astro/routes/api/schema/collections/[slug]/fields/index.ts CHANGED Viewed

@@ -48,6 +48,5 @@ export const POST: APIRoute = async ({ params, request, locals }) => {
 		collectionSlug,
 		body as CreateFieldInput,
 	);
-	if (result.success) emdash!.invalidateManifest();
 	return unwrapResult(result, 201);
 };

package/src/astro/routes/api/schema/collections/[slug]/fields/reorder.ts CHANGED Viewed

@@ -28,6 +28,5 @@ export const POST: APIRoute = async ({ params, request, locals }) => {
 	if (isParseError(body)) return body;
 	const result = await handleSchemaFieldReorder(emdash!.db, collectionSlug, body.fieldSlugs);
-	if (result.success) emdash!.invalidateManifest();
 	return unwrapResult(result);
 };

package/src/astro/routes/api/schema/collections/[slug]/index.ts CHANGED Viewed

@@ -59,7 +59,7 @@ export const PUT: APIRoute = async ({ params, request, locals }) => {
 		// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- parseBody validates via Zod
 		body as UpdateCollectionInput,
 	);
-	emdash!.invalidateManifest();
+	emdash!.invalidateUrlPatternCache();
 	return unwrapResult(result);
 };
@@ -77,6 +77,6 @@ export const DELETE: APIRoute = async ({ params, url, locals }) => {
 	const result = await handleSchemaCollectionDelete(emdash!.db, slug, {
 		force,
 	});
-	emdash!.invalidateManifest();
+	emdash!.invalidateUrlPatternCache();
 	return unwrapResult(result);
 };

package/src/astro/routes/api/schema/collections/index.ts CHANGED Viewed

@@ -43,6 +43,6 @@ export const POST: APIRoute = async ({ request, locals }) => {
 	// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- Zod schema output narrowed to CreateCollectionInput
 	const result = await handleSchemaCollectionCreate(emdash!.db, body as CreateCollectionInput);
-	emdash!.invalidateManifest();
+	emdash!.invalidateUrlPatternCache();
 	return unwrapResult(result, 201);
 };

package/src/astro/routes/api/search/index.ts CHANGED Viewed

@@ -4,6 +4,7 @@
  * GET /_emdash/api/search?q=query&collections=posts,pages&limit=20
  */
+import { hasPermission } from "@emdash-cms/auth";
 import type { APIRoute } from "astro";
 import { apiError, apiSuccess, handleError } from "#api/error.js";
@@ -23,7 +24,7 @@ export const prerender = false;
  * - limit: Maximum results (optional, defaults to 20)
  */
 export const GET: APIRoute = async ({ url, locals }) => {
-	const { emdash } = locals;
+	const { emdash, user } = locals;
 	if (!emdash?.db) {
 		return apiError("NOT_CONFIGURED", "EmDash not configured", 500);
@@ -36,6 +37,13 @@ export const GET: APIRoute = async ({ url, locals }) => {
 		? query.collections.split(",").map((c: string) => c.trim())
 		: undefined;
+	// Only users with content:read_drafts may search non-published statuses.
+	// Anonymous and subscriber requests are forced to "published".
+	const status =
+		query.status && query.status !== "published" && hasPermission(user, "content:read_drafts")
+			? query.status
+			: "published";
 	try {
 		// Verify FTS indexes are healthy on first use. At most once per worker
 		// lifetime; no-op after that. Moved off the cold-start hot path to
@@ -44,7 +52,7 @@ export const GET: APIRoute = async ({ url, locals }) => {
 		const result = await searchWithDb(emdash.db, query.q, {
 			collections,
-			status: query.status,
+			status,
 			locale: query.locale,
 			limit: query.limit,
 		});

package/src/astro/routes/api/sections/[slug].ts CHANGED Viewed

@@ -9,7 +9,7 @@
 import type { APIRoute } from "astro";
 import { requirePerm } from "#api/authorize.js";
-import { apiError, handleError, unwrapResult } from "#api/error.js";
+import { apiError, handleError, requireDb, unwrapResult } from "#api/error.js";
 import {
 	handleSectionDelete,
 	handleSectionGet,
@@ -22,7 +22,9 @@ export const prerender = false;
 export const GET: APIRoute = async ({ params, locals }) => {
 	const { emdash, user } = locals;
-	const db = emdash.db;
+	const dbErr = requireDb(emdash?.db);
+	if (dbErr) return dbErr;
+	const db = emdash!.db;
 	const { slug } = params;
 	const denied = requirePerm(user, "sections:read");
@@ -42,7 +44,9 @@ export const GET: APIRoute = async ({ params, locals }) => {
 export const PUT: APIRoute = async ({ params, request, locals }) => {
 	const { emdash, user } = locals;
-	const db = emdash.db;
+	const dbErr = requireDb(emdash?.db);
+	if (dbErr) return dbErr;
+	const db = emdash!.db;
 	const { slug } = params;
 	const denied = requirePerm(user, "sections:manage");
@@ -65,7 +69,9 @@ export const PUT: APIRoute = async ({ params, request, locals }) => {
 export const DELETE: APIRoute = async ({ params, locals }) => {
 	const { emdash, user } = locals;
-	const db = emdash.db;
+	const dbErr = requireDb(emdash?.db);
+	if (dbErr) return dbErr;
+	const db = emdash!.db;
 	const { slug } = params;
 	const denied = requirePerm(user, "sections:manage");

package/src/astro/routes/api/sections/index.ts CHANGED Viewed

@@ -8,7 +8,7 @@
 import type { APIRoute } from "astro";
 import { requirePerm } from "#api/authorize.js";
-import { handleError, unwrapResult } from "#api/error.js";
+import { handleError, requireDb, unwrapResult } from "#api/error.js";
 import { handleSectionCreate, handleSectionList } from "#api/handlers/sections.js";
 import { isParseError, parseBody, parseQuery } from "#api/parse.js";
 import { createSectionBody, sectionsListQuery } from "#api/schemas.js";
@@ -17,7 +17,9 @@ export const prerender = false;
 export const GET: APIRoute = async ({ url, locals }) => {
 	const { emdash, user } = locals;
-	const db = emdash.db;
+	const dbErr = requireDb(emdash?.db);
+	if (dbErr) return dbErr;
+	const db = emdash!.db;
 	const denied = requirePerm(user, "sections:read");
 	if (denied) return denied;
@@ -35,7 +37,9 @@ export const GET: APIRoute = async ({ url, locals }) => {
 export const POST: APIRoute = async ({ request, locals }) => {
 	const { emdash, user } = locals;
-	const db = emdash.db;
+	const dbErr = requireDb(emdash?.db);
+	if (dbErr) return dbErr;
+	const db = emdash!.db;
 	const denied = requirePerm(user, "sections:manage");
 	if (denied) return denied;

package/src/astro/routes/api/setup/admin-verify.ts CHANGED Viewed

@@ -16,6 +16,7 @@ import { apiError, apiSuccess, handleError } from "#api/error.js";
 import { isParseError, parseBody } from "#api/parse.js";
 import { getPublicOrigin } from "#api/public-url.js";
 import { setupAdminVerifyBody } from "#api/schemas.js";
+import { getConfiguredAllowedOrigins, validateAllowedOrigins } from "#auth/allowed-origins.js";
 import { createChallengeStore } from "#auth/challenge-store.js";
 import { getPasskeyConfig } from "#auth/passkey-config.js";
 import { SETUP_NONCE_COOKIE } from "#auth/setup-nonce.js";
@@ -83,7 +84,11 @@ export const POST: APIRoute = async ({ cookies, request, locals }) => {
 		const url = new URL(request.url);
 		const siteName = (await options.get<string>("emdash:site_title")) ?? undefined;
 		const siteUrl = getPublicOrigin(url, emdash?.config);
-		const passkeyConfig = getPasskeyConfig(url, siteName, siteUrl);
+		const allowedOrigins = validateAllowedOrigins(
+			siteUrl,
+			getConfiguredAllowedOrigins(emdash?.config),
+		);
+		const passkeyConfig = getPasskeyConfig(url, siteName, siteUrl, allowedOrigins);
 		// Verify the registration response
 		const challengeStore = createChallengeStore(emdash.db);

package/src/astro/routes/api/snapshot.ts CHANGED Viewed

@@ -7,6 +7,7 @@
  * - Excludes auth/user/session/token tables
  */
+import type { User } from "@emdash-cms/auth";
 import type { APIRoute } from "astro";
 import { requirePerm } from "#api/authorize.js";
@@ -17,11 +18,31 @@ import {
 	verifyPreviewSignature,
 } from "#api/handlers/snapshot.js";
 import { getPublicOrigin } from "#api/public-url.js";
+import { resolveSecretsCached } from "#config/secrets.js";
 export const prerender = false;
-export const GET: APIRoute = async ({ request, locals, url }) => {
-	const { emdash, user } = locals;
+export const GET: APIRoute = async ({ request, locals, url, session }) => {
+	const { emdash } = locals;
+	// This route is in PUBLIC_API_EXACT (for preview-signature callers with no session),
+	// so auth middleware skips user resolution. Manually resolve the session user here
+	// to support session-authenticated admin users alongside preview-signature auth.
+	let user: User | undefined = (locals as { user?: User }).user;
+	if (!user && session && emdash?.db) {
+		try {
+			const { createKyselyAdapter } = await import("@emdash-cms/auth/adapters/kysely");
+			const sessionUser = await session.get("user");
+			if (sessionUser?.id) {
+				const adapter = createKyselyAdapter(emdash.db);
+				const resolved = await adapter.getUserById(sessionUser.id);
+				if (resolved && !resolved.disabled) {
+					user = resolved;
+				}
+			}
+		} catch {
+			// Session resolution failed, continue to preview-signature check
+		}
+	}
 	if (!emdash?.db) {
 		return apiError("NOT_CONFIGURED", "EmDash is not initialized", 500);
@@ -32,24 +53,29 @@ export const GET: APIRoute = async ({ request, locals, url }) => {
 	let authorized = false;
 	if (previewSig) {
-		const secret = import.meta.env.EMDASH_PREVIEW_SECRET || import.meta.env.PREVIEW_SECRET || "";
-		if (!secret) {
-			console.warn(
-				"[snapshot] X-Preview-Signature header present but no PREVIEW_SECRET configured",
-			);
+		// Resolves env override or DB-stored value. Always non-empty after
+		// resolution, so the signature path is never silently disabled.
+		// Note: a signing process without access to this database (e.g. a
+		// remote preview Worker) must set the same `EMDASH_PREVIEW_SECRET`
+		// env var on both sides.
+		const { previewSecret: secret, previewSecretSource } = await resolveSecretsCached(emdash.db);
+		const parsed = parsePreviewSignatureHeader(previewSig);
+		if (!parsed) {
+			console.warn("[snapshot] Failed to parse X-Preview-Signature header");
 		} else {
-			const parsed = parsePreviewSignatureHeader(previewSig);
-			if (!parsed) {
-				console.warn("[snapshot] Failed to parse X-Preview-Signature header");
-			} else {
-				authorized = await verifyPreviewSignature(parsed.source, parsed.exp, parsed.sig, secret);
-				if (!authorized) {
-					console.warn("[snapshot] Preview signature verification failed", {
-						source: parsed.source,
-						exp: parsed.exp,
-						expired: parsed.exp < Date.now() / 1000,
-					});
+			authorized = await verifyPreviewSignature(parsed.source, parsed.exp, parsed.sig, secret);
+			if (!authorized) {
+				const fields: Record<string, unknown> = {
+					source: parsed.source,
+					exp: parsed.exp,
+					expired: parsed.exp < Date.now() / 1000,
+					secretSource: previewSecretSource,
+				};
+				if (previewSecretSource === "db") {
+					fields.hint =
+						"Set EMDASH_PREVIEW_SECRET in both this process and the signing process to share secrets across deployments";
 				}
+				console.warn("[snapshot] Preview signature verification failed", fields);
 			}
 		}
 	}

package/src/astro/routes/api/taxonomies/index.ts CHANGED Viewed

@@ -52,7 +52,6 @@ export const POST: APIRoute = async ({ request, locals }) => {
 		if (isParseError(body)) return body;
 		const result = await handleTaxonomyCreate(emdash.db, body);
-		if (result.success) emdash.invalidateManifest();
 		return unwrapResult(result, 201);
 	} catch (error) {
 		return handleError(error, "Failed to create taxonomy", "TAXONOMY_CREATE_ERROR");

package/src/astro/routes/api/themes/preview.ts CHANGED Viewed

@@ -4,7 +4,13 @@
  * POST /_emdash/api/themes/preview
  *
  * Generates a signed preview URL for the "Try with my data" feature.
- * The PREVIEW_SECRET must be set in the environment (shared with preview Workers).
+ *
+ * Uses the resolved preview secret: env override (`EMDASH_PREVIEW_SECRET`)
+ * wins, otherwise an auto-generated stable per-site value persisted in the
+ * options table is used. Processes that share the same database converge on
+ * the same auto-generated value; only set `EMDASH_PREVIEW_SECRET` in both
+ * processes when the verifying side runs without access to the EmDash DB
+ * (e.g. a remote preview Worker).
  */
 import type { APIRoute } from "astro";
@@ -12,6 +18,7 @@ import type { APIRoute } from "astro";
 import { requirePerm } from "#api/authorize.js";
 import { apiError, apiSuccess } from "#api/error.js";
 import { getPublicOrigin } from "#api/public-url.js";
+import { resolveSecretsCached } from "#config/secrets.js";
 export const prerender = false;
@@ -25,10 +32,9 @@ export const POST: APIRoute = async ({ request, url, locals }) => {
 	const denied = requirePerm(user, "plugins:read");
 	if (denied) return denied;
-	const secret = import.meta.env.EMDASH_PREVIEW_SECRET || import.meta.env.PREVIEW_SECRET || "";
-	if (!secret) {
-		return apiError("NOT_CONFIGURED", "PREVIEW_SECRET is not configured", 500);
-	}
+	// Always non-empty after resolution; env override wins, otherwise a
+	// stable DB-stored value is used.
+	const { previewSecret: secret } = await resolveSecretsCached(emdash.db);
 	let body: { previewUrl: string };
 	try {

package/src/astro/types.ts CHANGED Viewed

@@ -228,6 +228,15 @@ export interface EmDashHandlers {
 			slug?: string;
 			status?: string;
 			authorId?: string | null;
+			bylines?: Array<{ bylineId: string; roleLabel?: string | null }>;
+			seo?: {
+				title?: string | null;
+				description?: string | null;
+				image?: string | null;
+				canonical?: string | null;
+				noIndex?: boolean;
+			};
+			publishedAt?: string | null;
 			_rev?: string;
 		},
 	) => Promise<HandlerResponse>;
@@ -255,7 +264,11 @@ export interface EmDashHandlers {
 	) => Promise<HandlerResponse>;
 	// Publishing & Scheduling handlers
-	handleContentPublish: (collection: string, id: string) => Promise<HandlerResponse>;
+	handleContentPublish: (
+		collection: string,
+		id: string,
+		options?: { publishedAt?: string },
+	) => Promise<HandlerResponse>;
 	handleContentUnpublish: (collection: string, id: string) => Promise<HandlerResponse>;
@@ -362,8 +375,15 @@ export interface EmDashHandlers {
 	// Configuration (for checking database type, auth mode, etc.)
 	config: import("./integration/runtime.js").EmDashConfig;
-	// Manifest invalidation (call after schema changes)
-	invalidateManifest: () => void;
+	// Build the admin manifest from the live database. Only used by admin
+	// routes; logged-out requests don't need it. Per-request, deduplicated
+	// by `requestCached`.
+	getManifest: () => Promise<EmDashManifest>;
+	// Clear the cached URL patterns used by `resolveEmDashPath`. Call after
+	// any schema mutation that creates/updates/deletes a collection's
+	// `urlPattern` so public routing picks up the change immediately.
+	invalidateUrlPatternCache: () => void;
 	// Sandbox runner (for marketplace plugin install/update)
 	getSandboxRunner: () => import("../plugins/sandbox/types.js").SandboxRunner | null;