npm - gazetta - Versions diffs - 0.7.0 → 0.8.0 - Mend

gazetta 0.7.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (738) hide show

package/admin-dist/assets/index-CBeq0rRb.js +693 -0
package/admin-dist/assets/index-Dtg1dTZQ.css +1 -0
package/admin-dist/assets/rolldown-runtime-BYbx6iT9.js +1 -0
package/admin-dist/assets/{vendor-primevue-C0Q_YTCb.js → vendor-primevue-CBGHkaXv.js} +183 -39
package/admin-dist/assets/{vendor-react-BipDVGow.js → vendor-react-BdW_kNCG.js} +2 -2
package/admin-dist/assets/vendor-rjsf-lN2SztQt.js +33 -0
package/admin-dist/assets/vendor-tiptap-C36yDquB.js +141 -0
package/admin-dist/assets/vendor-vue-Bt5uR1VW.js +1 -0
package/admin-dist/assets/workbox-window.prod.es5-DGMtIXHc.js +2 -0
package/admin-dist/index.html +8 -8
package/admin-dist/sw.js +1 -0
package/dist/admin-api/archived-name-conflict.d.ts +31 -0
package/dist/admin-api/archived-name-conflict.d.ts.map +1 -0
package/dist/admin-api/archived-name-conflict.js +226 -0
package/dist/admin-api/archived-name-conflict.js.map +1 -0
package/dist/admin-api/cache-stats-logger.d.ts +83 -0
package/dist/admin-api/cache-stats-logger.d.ts.map +1 -0
package/dist/admin-api/cache-stats-logger.js +59 -0
package/dist/admin-api/cache-stats-logger.js.map +1 -0
package/dist/admin-api/hook-audit-emitter.d.ts +38 -0
package/dist/admin-api/hook-audit-emitter.d.ts.map +1 -0
package/dist/admin-api/hook-audit-emitter.js +21 -0
package/dist/admin-api/hook-audit-emitter.js.map +1 -0
package/dist/admin-api/index.d.ts +84 -0
package/dist/admin-api/index.d.ts.map +1 -1
package/dist/admin-api/index.js +254 -9
package/dist/admin-api/index.js.map +1 -1
package/dist/admin-api/middleware/audit.d.ts +25 -0
package/dist/admin-api/middleware/audit.d.ts.map +1 -0
package/dist/admin-api/middleware/audit.js +65 -0
package/dist/admin-api/middleware/audit.js.map +1 -0
package/dist/admin-api/middleware/capability.d.ts +8 -0
package/dist/admin-api/middleware/capability.d.ts.map +1 -0
package/dist/admin-api/middleware/capability.js +65 -0
package/dist/admin-api/middleware/capability.js.map +1 -0
package/dist/admin-api/middleware/principal.d.ts +18 -0
package/dist/admin-api/middleware/principal.d.ts.map +1 -0
package/dist/admin-api/middleware/principal.js +128 -0
package/dist/admin-api/middleware/principal.js.map +1 -0
package/dist/admin-api/routes/archive-review.d.ts +80 -0
package/dist/admin-api/routes/archive-review.d.ts.map +1 -0
package/dist/admin-api/routes/archive-review.js +70 -0
package/dist/admin-api/routes/archive-review.js.map +1 -0
package/dist/admin-api/routes/archive.d.ts +145 -0
package/dist/admin-api/routes/archive.d.ts.map +1 -0
package/dist/admin-api/routes/archive.js +540 -0
package/dist/admin-api/routes/archive.js.map +1 -0
package/dist/admin-api/routes/assets.d.ts +6 -1
package/dist/admin-api/routes/assets.d.ts.map +1 -1
package/dist/admin-api/routes/assets.js +167 -14
package/dist/admin-api/routes/assets.js.map +1 -1
package/dist/admin-api/routes/audit.d.ts +71 -0
package/dist/admin-api/routes/audit.d.ts.map +1 -0
package/dist/admin-api/routes/audit.js +178 -0
package/dist/admin-api/routes/audit.js.map +1 -0
package/dist/admin-api/routes/compare.d.ts.map +1 -1
package/dist/admin-api/routes/compare.js +3 -2
package/dist/admin-api/routes/compare.js.map +1 -1
package/dist/admin-api/routes/fields.d.ts.map +1 -1
package/dist/admin-api/routes/fields.js +2 -1
package/dist/admin-api/routes/fields.js.map +1 -1
package/dist/admin-api/routes/fragments.d.ts +13 -1
package/dist/admin-api/routes/fragments.d.ts.map +1 -1
package/dist/admin-api/routes/fragments.js +127 -92
package/dist/admin-api/routes/fragments.js.map +1 -1
package/dist/admin-api/routes/health.d.ts +60 -0
package/dist/admin-api/routes/health.d.ts.map +1 -0
package/dist/admin-api/routes/health.js +65 -0
package/dist/admin-api/routes/health.js.map +1 -0
package/dist/admin-api/routes/history.d.ts +2 -1
package/dist/admin-api/routes/history.d.ts.map +1 -1
package/dist/admin-api/routes/history.js +26 -4
package/dist/admin-api/routes/history.js.map +1 -1
package/dist/admin-api/routes/pages.d.ts +20 -1
package/dist/admin-api/routes/pages.d.ts.map +1 -1
package/dist/admin-api/routes/pages.js +157 -117
package/dist/admin-api/routes/pages.js.map +1 -1
package/dist/admin-api/routes/preview.d.ts.map +1 -1
package/dist/admin-api/routes/preview.js +56 -17
package/dist/admin-api/routes/preview.js.map +1 -1
package/dist/admin-api/routes/publish.d.ts +19 -1
package/dist/admin-api/routes/publish.d.ts.map +1 -1
package/dist/admin-api/routes/publish.js +508 -92
package/dist/admin-api/routes/publish.js.map +1 -1
package/dist/admin-api/routes/rename.d.ts +62 -0
package/dist/admin-api/routes/rename.d.ts.map +1 -0
package/dist/admin-api/routes/rename.js +366 -0
package/dist/admin-api/routes/rename.js.map +1 -0
package/dist/admin-api/routes/site.d.ts.map +1 -1
package/dist/admin-api/routes/site.js +6 -18
package/dist/admin-api/routes/site.js.map +1 -1
package/dist/admin-api/routes/system.d.ts +23 -0
package/dist/admin-api/routes/system.d.ts.map +1 -0
package/dist/admin-api/routes/system.js +115 -0
package/dist/admin-api/routes/system.js.map +1 -0
package/dist/admin-api/routes/templates.d.ts +11 -1
package/dist/admin-api/routes/templates.d.ts.map +1 -1
package/dist/admin-api/routes/templates.js +36 -3
package/dist/admin-api/routes/templates.js.map +1 -1
package/dist/admin-api/routes/validation.d.ts +47 -0
package/dist/admin-api/routes/validation.d.ts.map +1 -0
package/dist/admin-api/routes/validation.js +120 -0
package/dist/admin-api/routes/validation.js.map +1 -0
package/dist/admin-api/schemas/archive.d.ts +124 -0
package/dist/admin-api/schemas/archive.d.ts.map +1 -0
package/dist/admin-api/schemas/archive.js +93 -0
package/dist/admin-api/schemas/archive.js.map +1 -0
package/dist/admin-api/schemas/assets.d.ts +16 -0
package/dist/admin-api/schemas/assets.d.ts.map +1 -1
package/dist/admin-api/schemas/assets.js +15 -0
package/dist/admin-api/schemas/assets.js.map +1 -1
package/dist/admin-api/schemas/audit.d.ts +175 -0
package/dist/admin-api/schemas/audit.d.ts.map +1 -0
package/dist/admin-api/schemas/audit.js +91 -0
package/dist/admin-api/schemas/audit.js.map +1 -0
package/dist/admin-api/schemas/error.d.ts +94 -0
package/dist/admin-api/schemas/error.d.ts.map +1 -0
package/dist/admin-api/schemas/error.js +79 -0
package/dist/admin-api/schemas/error.js.map +1 -0
package/dist/admin-api/schemas/fragments.d.ts +2 -0
package/dist/admin-api/schemas/fragments.d.ts.map +1 -1
package/dist/admin-api/schemas/fragments.js +4 -0
package/dist/admin-api/schemas/fragments.js.map +1 -1
package/dist/admin-api/schemas/index.d.ts +8 -0
package/dist/admin-api/schemas/index.d.ts.map +1 -1
package/dist/admin-api/schemas/index.js +8 -0
package/dist/admin-api/schemas/index.js.map +1 -1
package/dist/admin-api/schemas/pages.d.ts +2 -0
package/dist/admin-api/schemas/pages.d.ts.map +1 -1
package/dist/admin-api/schemas/pages.js +11 -0
package/dist/admin-api/schemas/pages.js.map +1 -1
package/dist/admin-api/schemas/rename.d.ts +77 -0
package/dist/admin-api/schemas/rename.d.ts.map +1 -0
package/dist/admin-api/schemas/rename.js +75 -0
package/dist/admin-api/schemas/rename.js.map +1 -0
package/dist/admin-api/schemas/site.d.ts +3 -2
package/dist/admin-api/schemas/site.d.ts.map +1 -1
package/dist/admin-api/schemas/site.js +3 -2
package/dist/admin-api/schemas/site.js.map +1 -1
package/dist/admin-api/schemas/system.d.ts +28 -0
package/dist/admin-api/schemas/system.d.ts.map +1 -0
package/dist/admin-api/schemas/system.js +35 -0
package/dist/admin-api/schemas/system.js.map +1 -0
package/dist/admin-api/schemas/targets.d.ts +55 -0
package/dist/admin-api/schemas/targets.d.ts.map +1 -1
package/dist/admin-api/schemas/targets.js +46 -0
package/dist/admin-api/schemas/targets.js.map +1 -1
package/dist/admin-api/schemas/templates.d.ts +54 -0
package/dist/admin-api/schemas/templates.d.ts.map +1 -1
package/dist/admin-api/schemas/templates.js +21 -0
package/dist/admin-api/schemas/templates.js.map +1 -1
package/dist/admin-api/schemas/validation.d.ts +101 -0
package/dist/admin-api/schemas/validation.d.ts.map +1 -0
package/dist/admin-api/schemas/validation.js +57 -0
package/dist/admin-api/schemas/validation.js.map +1 -0
package/dist/admin-api/source-context.d.ts +66 -10
package/dist/admin-api/source-context.d.ts.map +1 -1
package/dist/admin-api/source-context.js +43 -5
package/dist/admin-api/source-context.js.map +1 -1
package/dist/ai/adapter-scaffold.d.ts +63 -0
package/dist/ai/adapter-scaffold.d.ts.map +1 -0
package/dist/ai/adapter-scaffold.js +89 -0
package/dist/ai/adapter-scaffold.js.map +1 -0
package/dist/ai/compose-prompt.d.ts +50 -0
package/dist/ai/compose-prompt.d.ts.map +1 -0
package/dist/ai/compose-prompt.js +49 -0
package/dist/ai/compose-prompt.js.map +1 -0
package/dist/ai/errors.d.ts +65 -0
package/dist/ai/errors.d.ts.map +1 -0
package/dist/ai/errors.js +59 -0
package/dist/ai/errors.js.map +1 -0
package/dist/ai/index.d.ts +17 -0
package/dist/ai/index.d.ts.map +1 -0
package/dist/ai/index.js +16 -0
package/dist/ai/index.js.map +1 -0
package/dist/ai/provider.d.ts +76 -0
package/dist/ai/provider.d.ts.map +1 -0
package/dist/ai/provider.js +13 -0
package/dist/ai/provider.js.map +1 -0
package/dist/ai/refusal.d.ts +50 -0
package/dist/ai/refusal.d.ts.map +1 -0
package/dist/ai/refusal.js +100 -0
package/dist/ai/refusal.js.map +1 -0
package/dist/ai/vision-prep.d.ts +32 -0
package/dist/ai/vision-prep.d.ts.map +1 -0
package/dist/ai/vision-prep.js +113 -0
package/dist/ai/vision-prep.js.map +1 -0
package/dist/alt/adapter.d.ts +140 -0
package/dist/alt/adapter.d.ts.map +1 -0
package/dist/alt/adapter.js +7 -0
package/dist/alt/adapter.js.map +1 -0
package/dist/alt/anthropic.d.ts +63 -0
package/dist/alt/anthropic.d.ts.map +1 -0
package/dist/alt/anthropic.js +147 -0
package/dist/alt/anthropic.js.map +1 -0
package/dist/alt/config.d.ts +67 -0
package/dist/alt/config.d.ts.map +1 -0
package/dist/alt/config.js +41 -0
package/dist/alt/config.js.map +1 -0
package/dist/alt/factory.d.ts +19 -0
package/dist/alt/factory.d.ts.map +1 -0
package/dist/alt/factory.js +69 -0
package/dist/alt/factory.js.map +1 -0
package/dist/alt/null-adapter.d.ts +3 -0
package/dist/alt/null-adapter.d.ts.map +1 -0
package/dist/alt/null-adapter.js +43 -0
package/dist/alt/null-adapter.js.map +1 -0
package/dist/alt/ollama.d.ts +40 -0
package/dist/alt/ollama.d.ts.map +1 -0
package/dist/alt/ollama.js +139 -0
package/dist/alt/ollama.js.map +1 -0
package/dist/alt/openai.d.ts +46 -0
package/dist/alt/openai.d.ts.map +1 -0
package/dist/alt/openai.js +118 -0
package/dist/alt/openai.js.map +1 -0
package/dist/alt/prompt-policies.d.ts +79 -0
package/dist/alt/prompt-policies.d.ts.map +1 -0
package/dist/alt/prompt-policies.js +67 -0
package/dist/alt/prompt-policies.js.map +1 -0
package/dist/alt/route-handler.d.ts +56 -0
package/dist/alt/route-handler.d.ts.map +1 -0
package/dist/alt/route-handler.js +122 -0
package/dist/alt/route-handler.js.map +1 -0
package/dist/alt/suggester.d.ts +57 -0
package/dist/alt/suggester.d.ts.map +1 -0
package/dist/alt/suggester.js +133 -0
package/dist/alt/suggester.js.map +1 -0
package/dist/app.js +1 -1
package/dist/app.js.map +1 -1
package/dist/archive-aliases.d.ts +79 -0
package/dist/archive-aliases.d.ts.map +1 -0
package/dist/archive-aliases.js +60 -0
package/dist/archive-aliases.js.map +1 -0
package/dist/archive-helpers.d.ts +73 -0
package/dist/archive-helpers.d.ts.map +1 -0
package/dist/archive-helpers.js +94 -0
package/dist/archive-helpers.js.map +1 -0
package/dist/assets/find-refs.d.ts +1 -1
package/dist/assets/find-refs.js +1 -1
package/dist/assets/find-refs.js.map +1 -1
package/dist/assets/rename.js +1 -1
package/dist/assets/rename.js.map +1 -1
package/dist/assets/replace.js +1 -1
package/dist/assets/replace.js.map +1 -1
package/dist/assets/resolve.js +4 -4
package/dist/assets/resolve.js.map +1 -1
package/dist/assets/serve-route.js +2 -2
package/dist/assets/serve-route.js.map +1 -1
package/dist/assets/validate.d.ts +1 -1
package/dist/assets/validate.js +1 -1
package/dist/audit/config.d.ts +75 -0
package/dist/audit/config.d.ts.map +1 -0
package/dist/audit/config.js +91 -0
package/dist/audit/config.js.map +1 -0
package/dist/audit/context.d.ts +98 -0
package/dist/audit/context.d.ts.map +1 -0
package/dist/audit/context.js +51 -0
package/dist/audit/context.js.map +1 -0
package/dist/audit/errors.d.ts +73 -0
package/dist/audit/errors.d.ts.map +1 -0
package/dist/audit/errors.js +78 -0
package/dist/audit/errors.js.map +1 -0
package/dist/audit/index.d.ts +16 -0
package/dist/audit/index.d.ts.map +1 -0
package/dist/audit/index.js +10 -0
package/dist/audit/index.js.map +1 -0
package/dist/audit/provider.d.ts +73 -0
package/dist/audit/provider.d.ts.map +1 -0
package/dist/audit/provider.js +2 -0
package/dist/audit/provider.js.map +1 -0
package/dist/audit/providers/history.d.ts +66 -0
package/dist/audit/providers/history.d.ts.map +1 -0
package/dist/audit/providers/history.js +102 -0
package/dist/audit/providers/history.js.map +1 -0
package/dist/audit/pseudonymize.d.ts +26 -0
package/dist/audit/pseudonymize.d.ts.map +1 -0
package/dist/audit/pseudonymize.js +86 -0
package/dist/audit/pseudonymize.js.map +1 -0
package/dist/audit/recorder.d.ts +102 -0
package/dist/audit/recorder.d.ts.map +1 -0
package/dist/audit/recorder.js +55 -0
package/dist/audit/recorder.js.map +1 -0
package/dist/audit/retention.d.ts +83 -0
package/dist/audit/retention.d.ts.map +1 -0
package/dist/audit/retention.js +142 -0
package/dist/audit/retention.js.map +1 -0
package/dist/audit/source-ip.d.ts +32 -0
package/dist/audit/source-ip.d.ts.map +1 -0
package/dist/audit/source-ip.js +164 -0
package/dist/audit/source-ip.js.map +1 -0
package/dist/audit/types.d.ts +143 -0
package/dist/audit/types.d.ts.map +1 -0
package/dist/audit/types.js +33 -0
package/dist/audit/types.js.map +1 -0
package/dist/audit/user-agent.d.ts +28 -0
package/dist/audit/user-agent.d.ts.map +1 -0
package/dist/audit/user-agent.js +63 -0
package/dist/audit/user-agent.js.map +1 -0
package/dist/auth/capabilities.d.ts +28 -0
package/dist/auth/capabilities.d.ts.map +1 -0
package/dist/auth/capabilities.js +101 -0
package/dist/auth/capabilities.js.map +1 -0
package/dist/auth/config.d.ts +109 -0
package/dist/auth/config.d.ts.map +1 -0
package/dist/auth/config.js +221 -0
package/dist/auth/config.js.map +1 -0
package/dist/auth/errors.d.ts +72 -0
package/dist/auth/errors.d.ts.map +1 -0
package/dist/auth/errors.js +78 -0
package/dist/auth/errors.js.map +1 -0
package/dist/auth/factory.d.ts +43 -0
package/dist/auth/factory.d.ts.map +1 -0
package/dist/auth/factory.js +48 -0
package/dist/auth/factory.js.map +1 -0
package/dist/auth/index.d.ts +21 -0
package/dist/auth/index.d.ts.map +1 -0
package/dist/auth/index.js +14 -0
package/dist/auth/index.js.map +1 -0
package/dist/auth/ip-match.d.ts +29 -0
package/dist/auth/ip-match.d.ts.map +1 -0
package/dist/auth/ip-match.js +162 -0
package/dist/auth/ip-match.js.map +1 -0
package/dist/auth/provider.d.ts +76 -0
package/dist/auth/provider.d.ts.map +1 -0
package/dist/auth/provider.js +2 -0
package/dist/auth/provider.js.map +1 -0
package/dist/auth/providers/aws-cognito.d.ts +55 -0
package/dist/auth/providers/aws-cognito.d.ts.map +1 -0
package/dist/auth/providers/aws-cognito.js +114 -0
package/dist/auth/providers/aws-cognito.js.map +1 -0
package/dist/auth/providers/azure-easy-auth.d.ts +7 -0
package/dist/auth/providers/azure-easy-auth.d.ts.map +1 -0
package/dist/auth/providers/azure-easy-auth.js +48 -0
package/dist/auth/providers/azure-easy-auth.js.map +1 -0
package/dist/auth/providers/cloudflare-access.d.ts +71 -0
package/dist/auth/providers/cloudflare-access.d.ts.map +1 -0
package/dist/auth/providers/cloudflare-access.js +120 -0
package/dist/auth/providers/cloudflare-access.js.map +1 -0
package/dist/auth/providers/forwarded-user.d.ts +31 -0
package/dist/auth/providers/forwarded-user.d.ts.map +1 -0
package/dist/auth/providers/forwarded-user.js +72 -0
package/dist/auth/providers/forwarded-user.js.map +1 -0
package/dist/auth/providers/none.d.ts +6 -0
package/dist/auth/providers/none.d.ts.map +1 -0
package/dist/auth/providers/none.js +19 -0
package/dist/auth/providers/none.js.map +1 -0
package/dist/auth/providers/tailscale.d.ts +7 -0
package/dist/auth/providers/tailscale.d.ts.map +1 -0
package/dist/auth/providers/tailscale.js +30 -0
package/dist/auth/providers/tailscale.js.map +1 -0
package/dist/auth/role-resolver.d.ts +38 -0
package/dist/auth/role-resolver.d.ts.map +1 -0
package/dist/auth/role-resolver.js +92 -0
package/dist/auth/role-resolver.js.map +1 -0
package/dist/auth/types.d.ts +150 -0
package/dist/auth/types.d.ts.map +1 -0
package/dist/auth/types.js +60 -0
package/dist/auth/types.js.map +1 -0
package/dist/cache/errors.d.ts +41 -0
package/dist/cache/errors.d.ts.map +1 -0
package/dist/cache/errors.js +44 -0
package/dist/cache/errors.js.map +1 -0
package/dist/cache/factories.d.ts +17 -0
package/dist/cache/factories.d.ts.map +1 -0
package/dist/cache/factories.js +17 -0
package/dist/cache/factories.js.map +1 -0
package/dist/cache/keys.d.ts +63 -0
package/dist/cache/keys.d.ts.map +1 -0
package/dist/cache/keys.js +145 -0
package/dist/cache/keys.js.map +1 -0
package/dist/cache/memory.d.ts +51 -0
package/dist/cache/memory.d.ts.map +1 -0
package/dist/cache/memory.js +204 -0
package/dist/cache/memory.js.map +1 -0
package/dist/cache/per-site.d.ts +22 -0
package/dist/cache/per-site.d.ts.map +1 -0
package/dist/cache/per-site.js +114 -0
package/dist/cache/per-site.js.map +1 -0
package/dist/cache/types.d.ts +142 -0
package/dist/cache/types.d.ts.map +1 -0
package/dist/cache/types.js +33 -0
package/dist/cache/types.js.map +1 -0
package/dist/cli/archive.d.ts +44 -0
package/dist/cli/archive.d.ts.map +1 -0
package/dist/cli/archive.js +310 -0
package/dist/cli/archive.js.map +1 -0
package/dist/cli/bootstrap.d.ts +15 -8
package/dist/cli/bootstrap.d.ts.map +1 -1
package/dist/cli/bootstrap.js +59 -23
package/dist/cli/bootstrap.js.map +1 -1
package/dist/cli/dev-template-watcher.d.ts +29 -0
package/dist/cli/dev-template-watcher.d.ts.map +1 -0
package/dist/cli/dev-template-watcher.js +38 -0
package/dist/cli/dev-template-watcher.js.map +1 -0
package/dist/cli/history.d.ts.map +1 -1
package/dist/cli/history.js +5 -3
package/dist/cli/history.js.map +1 -1
package/dist/cli/index.js +712 -395
package/dist/cli/index.js.map +1 -1
package/dist/cli/validate-flags.d.ts +29 -0
package/dist/cli/validate-flags.d.ts.map +1 -0
package/dist/cli/validate-flags.js +49 -0
package/dist/cli/validate-flags.js.map +1 -0
package/dist/compare.d.ts +1 -1
package/dist/compare.d.ts.map +1 -1
package/dist/compare.js +25 -23
package/dist/compare.js.map +1 -1
package/dist/component-ids.d.ts +25 -0
package/dist/component-ids.d.ts.map +1 -0
package/dist/component-ids.js +83 -0
package/dist/component-ids.js.map +1 -0
package/dist/config/define.d.ts +61 -0
package/dist/config/define.d.ts.map +1 -0
package/dist/config/define.js +64 -0
package/dist/config/define.js.map +1 -0
package/dist/config/errors.d.ts +32 -0
package/dist/config/errors.d.ts.map +1 -0
package/dist/config/errors.js +40 -0
package/dist/config/errors.js.map +1 -0
package/dist/config/index.d.ts +13 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/config/index.js +20 -0
package/dist/config/index.js.map +1 -0
package/dist/config/loader.d.ts +105 -0
package/dist/config/loader.d.ts.map +1 -0
package/dist/config/loader.js +265 -0
package/dist/config/loader.js.map +1 -0
package/dist/config/schemas.d.ts +89 -0
package/dist/config/schemas.d.ts.map +1 -0
package/dist/config/schemas.js +172 -0
package/dist/config/schemas.js.map +1 -0
package/dist/config/types.d.ts +32 -0
package/dist/config/types.d.ts.map +1 -0
package/dist/config/types.js +15 -0
package/dist/config/types.js.map +1 -0
package/dist/deploy/cloudflare-workers.d.ts +46 -0
package/dist/deploy/cloudflare-workers.d.ts.map +1 -0
package/dist/deploy/cloudflare-workers.js +213 -0
package/dist/deploy/cloudflare-workers.js.map +1 -0
package/dist/deploy/errors.d.ts +66 -0
package/dist/deploy/errors.d.ts.map +1 -0
package/dist/deploy/errors.js +82 -0
package/dist/deploy/errors.js.map +1 -0
package/dist/deploy/index.d.ts +9 -0
package/dist/deploy/index.d.ts.map +1 -0
package/dist/deploy/index.js +3 -0
package/dist/deploy/index.js.map +1 -0
package/dist/deploy/types.d.ts +162 -0
package/dist/deploy/types.d.ts.map +1 -0
package/dist/deploy/types.js +2 -0
package/dist/deploy/types.js.map +1 -0
package/dist/fragments/create.d.ts +70 -0
package/dist/fragments/create.d.ts.map +1 -0
package/dist/fragments/create.js +93 -0
package/dist/fragments/create.js.map +1 -0
package/dist/fragments/publish.d.ts +37 -0
package/dist/fragments/publish.d.ts.map +1 -0
package/dist/fragments/publish.js +52 -0
package/dist/fragments/publish.js.map +1 -0
package/dist/fragments/save.d.ts +81 -0
package/dist/fragments/save.d.ts.map +1 -0
package/dist/fragments/save.js +105 -0
package/dist/fragments/save.js.map +1 -0
package/dist/history-recorder.d.ts +5 -5
package/dist/history-recorder.d.ts.map +1 -1
package/dist/history-recorder.js +4 -4
package/dist/history-recorder.js.map +1 -1
package/dist/history-restorer.js +2 -2
package/dist/history-restorer.js.map +1 -1
package/dist/history.d.ts +1 -1
package/dist/hooks/audit-emitter.d.ts +73 -0
package/dist/hooks/audit-emitter.d.ts.map +1 -0
package/dist/hooks/audit-emitter.js +13 -0
package/dist/hooks/audit-emitter.js.map +1 -0
package/dist/hooks/context.d.ts +78 -0
package/dist/hooks/context.d.ts.map +1 -0
package/dist/hooks/context.js +56 -0
package/dist/hooks/context.js.map +1 -0
package/dist/hooks/contribution.d.ts +90 -0
package/dist/hooks/contribution.d.ts.map +1 -0
package/dist/hooks/contribution.js +2 -0
package/dist/hooks/contribution.js.map +1 -0
package/dist/hooks/dispatch.d.ts +30 -0
package/dist/hooks/dispatch.d.ts.map +1 -0
package/dist/hooks/dispatch.js +252 -0
package/dist/hooks/dispatch.js.map +1 -0
package/dist/hooks/errors.d.ts +100 -0
package/dist/hooks/errors.d.ts.map +1 -0
package/dist/hooks/errors.js +103 -0
package/dist/hooks/errors.js.map +1 -0
package/dist/hooks/index.d.ts +15 -0
package/dist/hooks/index.d.ts.map +1 -0
package/dist/hooks/index.js +6 -0
package/dist/hooks/index.js.map +1 -0
package/dist/hooks/registry.d.ts +53 -0
package/dist/hooks/registry.d.ts.map +1 -0
package/dist/hooks/registry.js +139 -0
package/dist/hooks/registry.js.map +1 -0
package/dist/hooks/storage.d.ts +43 -0
package/dist/hooks/storage.d.ts.map +1 -0
package/dist/hooks/storage.js +2 -0
package/dist/hooks/storage.js.map +1 -0
package/dist/hooks/types.d.ts +324 -0
package/dist/hooks/types.d.ts.map +1 -0
package/dist/hooks/types.js +2 -0
package/dist/hooks/types.js.map +1 -0
package/dist/index.d.ts +26 -6
package/dist/index.d.ts.map +1 -1
package/dist/index.js +49 -5
package/dist/index.js.map +1 -1
package/dist/locale.d.ts +5 -1
package/dist/locale.d.ts.map +1 -1
package/dist/locale.js +6 -2
package/dist/locale.js.map +1 -1
package/dist/manifest-save.d.ts +255 -0
package/dist/manifest-save.d.ts.map +1 -0
package/dist/manifest-save.js +260 -0
package/dist/manifest-save.js.map +1 -0
package/dist/manifest.d.ts +1 -2
package/dist/manifest.d.ts.map +1 -1
package/dist/manifest.js +43 -44
package/dist/manifest.js.map +1 -1
package/dist/node-floor.d.ts +3 -0
package/dist/node-floor.d.ts.map +1 -0
package/dist/node-floor.js +3 -0
package/dist/node-floor.js.map +1 -0
package/dist/pages/create.d.ts +103 -0
package/dist/pages/create.d.ts.map +1 -0
package/dist/pages/create.js +117 -0
package/dist/pages/create.js.map +1 -0
package/dist/pages/publish.d.ts +59 -0
package/dist/pages/publish.d.ts.map +1 -0
package/dist/pages/publish.js +78 -0
package/dist/pages/publish.js.map +1 -0
package/dist/pages/save.d.ts +97 -0
package/dist/pages/save.d.ts.map +1 -0
package/dist/pages/save.js +138 -0
package/dist/pages/save.js.map +1 -0
package/dist/providers/factories.d.ts +65 -0
package/dist/providers/factories.d.ts.map +1 -0
package/dist/providers/factories.js +189 -0
package/dist/providers/factories.js.map +1 -0
package/dist/publish-item.d.ts +225 -0
package/dist/publish-item.d.ts.map +1 -0
package/dist/publish-item.js +210 -0
package/dist/publish-item.js.map +1 -0
package/dist/publish-rendered.d.ts.map +1 -1
package/dist/publish-rendered.js +75 -6
package/dist/publish-rendered.js.map +1 -1
package/dist/publish-renderers.d.ts +132 -0
package/dist/publish-renderers.d.ts.map +1 -0
package/dist/publish-renderers.js +240 -0
package/dist/publish-renderers.js.map +1 -0
package/dist/publish-run.d.ts +223 -0
package/dist/publish-run.d.ts.map +1 -0
package/dist/publish-run.js +307 -0
package/dist/publish-run.js.map +1 -0
package/dist/publish.d.ts.map +1 -1
package/dist/publish.js +1 -10
package/dist/publish.js.map +1 -1
package/dist/render-for-analysis.d.ts +24 -0
package/dist/render-for-analysis.d.ts.map +1 -0
package/dist/render-for-analysis.js +146 -0
package/dist/render-for-analysis.js.map +1 -0
package/dist/resolver.d.ts.map +1 -1
package/dist/resolver.js +47 -23
package/dist/resolver.js.map +1 -1
package/dist/runtime/archive-marker.d.ts +62 -0
package/dist/runtime/archive-marker.d.ts.map +1 -0
package/dist/runtime/archive-marker.js +88 -0
package/dist/runtime/archive-marker.js.map +1 -0
package/dist/runtime/capability-gap-warnings.d.ts +42 -0
package/dist/runtime/capability-gap-warnings.d.ts.map +1 -0
package/dist/runtime/capability-gap-warnings.js +28 -0
package/dist/runtime/capability-gap-warnings.js.map +1 -0
package/dist/runtime/redirects-emit.d.ts +93 -0
package/dist/runtime/redirects-emit.d.ts.map +1 -0
package/dist/runtime/redirects-emit.js +89 -0
package/dist/runtime/redirects-emit.js.map +1 -0
package/dist/runtime/runtime-capabilities.d.ts +79 -0
package/dist/runtime/runtime-capabilities.d.ts.map +1 -0
package/dist/runtime/runtime-capabilities.js +60 -0
package/dist/runtime/runtime-capabilities.js.map +1 -0
package/dist/save-etag.d.ts +69 -0
package/dist/save-etag.d.ts.map +1 -0
package/dist/save-etag.js +118 -0
package/dist/save-etag.js.map +1 -0
package/dist/site-loader.d.ts +42 -4
package/dist/site-loader.d.ts.map +1 -1
package/dist/site-loader.js +27 -8
package/dist/site-loader.js.map +1 -1
package/dist/targets.d.ts +21 -12
package/dist/targets.d.ts.map +1 -1
package/dist/targets.js +27 -95
package/dist/targets.js.map +1 -1
package/dist/testing/admin-cache-contract.d.ts +52 -0
package/dist/testing/admin-cache-contract.d.ts.map +1 -0
package/dist/testing/admin-cache-contract.js +203 -0
package/dist/testing/admin-cache-contract.js.map +1 -0
package/dist/testing/index.d.ts +11 -0
package/dist/testing/index.d.ts.map +1 -0
package/dist/testing/index.js +11 -0
package/dist/testing/index.js.map +1 -0
package/dist/transforms/factories.d.ts +16 -0
package/dist/transforms/factories.d.ts.map +1 -0
package/dist/transforms/factories.js +18 -0
package/dist/transforms/factories.js.map +1 -0
package/dist/transforms/index.d.ts +10 -17
package/dist/transforms/index.d.ts.map +1 -1
package/dist/transforms/index.js +4 -28
package/dist/transforms/index.js.map +1 -1
package/dist/transforms/sharp.d.ts +15 -1
package/dist/transforms/sharp.d.ts.map +1 -1
package/dist/transforms/sharp.js +34 -20
package/dist/transforms/sharp.js.map +1 -1
package/dist/types.d.ts +379 -52
package/dist/types.d.ts.map +1 -1
package/dist/types.js +20 -1
package/dist/types.js.map +1 -1
package/dist/validation/alt-required-walker.d.ts +27 -0
package/dist/validation/alt-required-walker.d.ts.map +1 -0
package/dist/validation/alt-required-walker.js +108 -0
package/dist/validation/alt-required-walker.js.map +1 -0
package/dist/validation/default-registry.d.ts +12 -0
package/dist/validation/default-registry.d.ts.map +1 -0
package/dist/validation/default-registry.js +55 -0
package/dist/validation/default-registry.js.map +1 -0
package/dist/validation/publish-audit.d.ts +44 -0
package/dist/validation/publish-audit.d.ts.map +1 -0
package/dist/validation/publish-audit.js +64 -0
package/dist/validation/publish-audit.js.map +1 -0
package/dist/validation/registry.d.ts +23 -0
package/dist/validation/registry.d.ts.map +1 -0
package/dist/validation/registry.js +15 -0
package/dist/validation/registry.js.map +1 -0
package/dist/validation/save-delta.d.ts +46 -0
package/dist/validation/save-delta.d.ts.map +1 -0
package/dist/validation/save-delta.js +57 -0
package/dist/validation/save-delta.js.map +1 -0
package/dist/validation/scanner.d.ts +91 -0
package/dist/validation/scanner.d.ts.map +1 -0
package/dist/validation/scanner.js +327 -0
package/dist/validation/scanner.js.map +1 -0
package/dist/validation/template-impact.d.ts +52 -0
package/dist/validation/template-impact.d.ts.map +1 -0
package/dist/validation/template-impact.js +53 -0
package/dist/validation/template-impact.js.map +1 -0
package/dist/validation/types.d.ts +123 -0
package/dist/validation/types.d.ts.map +1 -0
package/dist/validation/types.js +7 -0
package/dist/validation/types.js.map +1 -0
package/dist/validation/validators/accessibility.d.ts +3 -0
package/dist/validation/validators/accessibility.d.ts.map +1 -0
package/dist/validation/validators/accessibility.js +106 -0
package/dist/validation/validators/accessibility.js.map +1 -0
package/dist/validation/validators/aliasof-points-to-archived.d.ts +40 -0
package/dist/validation/validators/aliasof-points-to-archived.d.ts.map +1 -0
package/dist/validation/validators/aliasof-points-to-archived.js +34 -0
package/dist/validation/validators/aliasof-points-to-archived.js.map +1 -0
package/dist/validation/validators/alt-required.d.ts +3 -0
package/dist/validation/validators/alt-required.d.ts.map +1 -0
package/dist/validation/validators/alt-required.js +118 -0
package/dist/validation/validators/alt-required.js.map +1 -0
package/dist/validation/validators/archive-not-supported-on-target.d.ts +3 -0
package/dist/validation/validators/archive-not-supported-on-target.d.ts.map +1 -0
package/dist/validation/validators/archive-not-supported-on-target.js +38 -0
package/dist/validation/validators/archive-not-supported-on-target.js.map +1 -0
package/dist/validation/validators/broken-links.d.ts +3 -0
package/dist/validation/validators/broken-links.d.ts.map +1 -0
package/dist/validation/validators/broken-links.js +190 -0
package/dist/validation/validators/broken-links.js.map +1 -0
package/dist/validation/validators/circular-alias.d.ts +36 -0
package/dist/validation/validators/circular-alias.d.ts.map +1 -0
package/dist/validation/validators/circular-alias.js +63 -0
package/dist/validation/validators/circular-alias.js.map +1 -0
package/dist/validation/validators/circular-fragment.d.ts +15 -0
package/dist/validation/validators/circular-fragment.d.ts.map +1 -0
package/dist/validation/validators/circular-fragment.js +97 -0
package/dist/validation/validators/circular-fragment.js.map +1 -0
package/dist/validation/validators/dangling-alias.d.ts +38 -0
package/dist/validation/validators/dangling-alias.d.ts.map +1 -0
package/dist/validation/validators/dangling-alias.js +31 -0
package/dist/validation/validators/dangling-alias.js.map +1 -0
package/dist/validation/validators/deploy-target-type-supported.d.ts +3 -0
package/dist/validation/validators/deploy-target-type-supported.d.ts.map +1 -0
package/dist/validation/validators/deploy-target-type-supported.js +32 -0
package/dist/validation/validators/deploy-target-type-supported.js.map +1 -0
package/dist/validation/validators/dynamic-route-conflict.d.ts +18 -0
package/dist/validation/validators/dynamic-route-conflict.d.ts.map +1 -0
package/dist/validation/validators/dynamic-route-conflict.js +80 -0
package/dist/validation/validators/dynamic-route-conflict.js.map +1 -0
package/dist/validation/validators/html-validity.d.ts +3 -0
package/dist/validation/validators/html-validity.d.ts.map +1 -0
package/dist/validation/validators/html-validity.js +89 -0
package/dist/validation/validators/html-validity.js.map +1 -0
package/dist/validation/validators/orphaned-locale-file.d.ts +21 -0
package/dist/validation/validators/orphaned-locale-file.d.ts.map +1 -0
package/dist/validation/validators/orphaned-locale-file.js +84 -0
package/dist/validation/validators/orphaned-locale-file.js.map +1 -0
package/dist/validation/validators/referenced-archived-without-alias.d.ts +3 -0
package/dist/validation/validators/referenced-archived-without-alias.d.ts.map +1 -0
package/dist/validation/validators/referenced-archived-without-alias.js +65 -0
package/dist/validation/validators/referenced-archived-without-alias.js.map +1 -0
package/dist/validation/validators/referenced-asset-exists.d.ts +13 -0
package/dist/validation/validators/referenced-asset-exists.d.ts.map +1 -0
package/dist/validation/validators/referenced-asset-exists.js +80 -0
package/dist/validation/validators/referenced-asset-exists.js.map +1 -0
package/dist/validation/validators/referenced-fragment-exists.d.ts +9 -0
package/dist/validation/validators/referenced-fragment-exists.d.ts.map +1 -0
package/dist/validation/validators/referenced-fragment-exists.js +52 -0
package/dist/validation/validators/referenced-fragment-exists.js.map +1 -0
package/dist/validation/validators/referenced-template-exists.d.ts +10 -0
package/dist/validation/validators/referenced-template-exists.d.ts.map +1 -0
package/dist/validation/validators/referenced-template-exists.js +74 -0
package/dist/validation/validators/referenced-template-exists.js.map +1 -0
package/dist/validation/validators/schema-conformance.d.ts +17 -0
package/dist/validation/validators/schema-conformance.d.ts.map +1 -0
package/dist/validation/validators/schema-conformance.js +94 -0
package/dist/validation/validators/schema-conformance.js.map +1 -0
package/dist/validation/validators/target-deploy-coverage.d.ts +3 -0
package/dist/validation/validators/target-deploy-coverage.d.ts.map +1 -0
package/dist/validation/validators/target-deploy-coverage.js +37 -0
package/dist/validation/validators/target-deploy-coverage.js.map +1 -0
package/dist/validation/validators/unused-fragment.d.ts +16 -0
package/dist/validation/validators/unused-fragment.d.ts.map +1 -0
package/dist/validation/validators/unused-fragment.js +86 -0
package/dist/validation/validators/unused-fragment.js.map +1 -0
package/package.json +54 -31
package/admin-dist/assets/index-BO9-CXmW.css +0 -1
package/admin-dist/assets/index-Ufu8zZH_.js +0 -668
package/admin-dist/assets/rolldown-runtime-COnpUsM8.js +0 -1
package/admin-dist/assets/vendor-rjsf-HKBAjOmQ.js +0 -32
package/admin-dist/assets/vendor-tiptap-IyO99U4R.js +0 -142
package/admin-dist/assets/vendor-vue-D3wBSmDf.js +0 -1
package/dist/publish-locale.d.ts +0 -44
package/dist/publish-locale.d.ts.map +0 -1
package/dist/publish-locale.js +0 -103
package/dist/publish-locale.js.map +0 -1

package/dist/admin-api/middleware/capability.js ADDED Viewed

@@ -0,0 +1,65 @@
+/**
+ * Capability-check middleware — gates a route on the principal's
+ * having a specific capability.
+ *
+ * # Per-route opt-in
+ *
+ * Routes call `requireCapability('read:pages')` to attach a check
+ * to a specific endpoint. The check runs after `principalMiddleware`
+ * (so `c.var.principal` is populated). Anonymous principals (id
+ * `'unknown'`) fail capability checks because their capability set
+ * is empty — translates to 401 (not 403; per design-auth-rbac.md
+ * the principal isn't authenticated yet).
+ *
+ * # Failure modes
+ *
+ *   - Principal is anonymous (no upstream auth) → 401 with
+ *     WWW-Authenticate (matches the principal middleware's 401)
+ *   - Principal is authenticated but lacks the capability → 403
+ *     with structured body listing the missing capability and the
+ *     principal's role
+ *
+ * # Composition
+ *
+ * Routes can wire multiple capability checks (e.g., a route that
+ * needs both `read:pages` and `edit:pages` in different code paths
+ * — the broader read check at the route level, narrower edit check
+ * gating a specific operation). v1 ships single-capability gates;
+ * multi-capability composition is left to the consumer.
+ *
+ * # SOLID lenses
+ *
+ *   - SRP: authorization gate only. Doesn't extract identity (Cut
+ *     7's principalMiddleware does that), doesn't audit (Cut 5 of
+ *     audit foundation does).
+ *   - DIP: depends on `capabilityGrants` pure function, not on
+ *     the principal middleware's internals.
+ */
+import { createMiddleware } from 'hono/factory';
+import { capabilityGrants, UNKNOWN_ACTOR_ID } from '../../auth/index.js';
+/**
+ * Build a middleware that requires the specified capability.
+ * Returns 401 for anonymous requests, 403 for authenticated
+ * requests lacking the capability.
+ */
+export function requireCapability(capability) {
+    return createMiddleware(async (c, next) => {
+        const principal = c.get('principal');
+        // Anonymous principal — no upstream identity. Translate to
+        // 401 (not 403); the request hasn't authenticated yet.
+        if (principal.id === UNKNOWN_ACTOR_ID && principal.role === 'unknown') {
+            return c.json({ code: 'UNAUTHENTICATED', error: `This endpoint requires capability "${capability}"` }, 401, { 'WWW-Authenticate': 'Bearer realm="gazetta-admin"' });
+        }
+        // Authenticated principal — capability check.
+        if (!capabilityGrants(principal.capabilities, capability)) {
+            return c.json({
+                code: 'FORBIDDEN',
+                missing: [capability],
+                role: principal.role,
+                error: `Role "${principal.role}" does not have capability "${capability}"`,
+            }, 403);
+        }
+        await next();
+    });
+}
+//# sourceMappingURL=capability.js.map

package/dist/admin-api/middleware/capability.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"capability.js","sourceRoot":"","sources":["../../../src/admin-api/middleware/capability.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAA;AAC/C,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AAGxE;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAAkB;IAClD,OAAO,gBAAgB,CAAe,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACtD,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAA;QACpC,2DAA2D;QAC3D,uDAAuD;QACvD,IAAI,SAAS,CAAC,EAAE,KAAK,gBAAgB,IAAI,SAAS,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACtE,OAAO,CAAC,CAAC,IAAI,CACX,EAAE,IAAI,EAAE,iBAA0B,EAAE,KAAK,EAAE,sCAAsC,UAAU,GAAG,EAAE,EAChG,GAAG,EACH,EAAE,kBAAkB,EAAE,8BAA8B,EAAE,CACvD,CAAA;QACH,CAAC;QACD,8CAA8C;QAC9C,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,YAAY,EAAE,UAAU,CAAC,EAAE,CAAC;YAC1D,OAAO,CAAC,CAAC,IAAI,CACX;gBACE,IAAI,EAAE,WAAoB;gBAC1B,OAAO,EAAE,CAAC,UAAU,CAAC;gBACrB,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,KAAK,EAAE,SAAS,SAAS,CAAC,IAAI,+BAA+B,UAAU,GAAG;aAC3E,EACD,GAAG,CACJ,CAAA;QACH,CAAC;QACD,MAAM,IAAI,EAAE,CAAA;IACd,CAAC,CAAC,CAAA;AACJ,CAAC"}

package/dist/admin-api/middleware/principal.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { type AuthIdentityProvider, type Principal } from '../../auth/index.js';
+/**
+ * Hono context augmentation — readers see `c.var.principal` typed
+ * as `Principal` (always populated; never undefined after this
+ * middleware runs).
+ */
+export type PrincipalEnv = {
+    Variables: {
+        principal: Principal;
+    };
+};
+/**
+ * Build the principal middleware. Pass the configured provider OR
+ * omit to fall back to `none` mode. Production wiring resolves the
+ * provider from `site.config.ts admin.auth` at boot.
+ */
+export declare function principalMiddleware(provider?: AuthIdentityProvider): import("hono").MiddlewareHandler<PrincipalEnv, string, {}, Response>;
+//# sourceMappingURL=principal.d.ts.map

package/dist/admin-api/middleware/principal.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"principal.d.ts","sourceRoot":"","sources":["../../../src/admin-api/middleware/principal.ts"],"names":[],"mappings":"AAiDA,OAAO,EAEL,KAAK,oBAAoB,EAEzB,KAAK,SAAS,EAGf,MAAM,qBAAqB,CAAA;AAE5B;;;;GAIG;AACH,MAAM,MAAM,YAAY,GAAG;IACzB,SAAS,EAAE;QACT,SAAS,EAAE,SAAS,CAAA;KACrB,CAAA;CACF,CAAA;AAkDD;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,GAAE,oBAAuC,wEA0BpF"}

package/dist/admin-api/middleware/principal.js ADDED Viewed

@@ -0,0 +1,128 @@
+/**
+ * Principal middleware — wires the auth/RBAC layer (`packages/gazetta/src/auth/`)
+ * into the Hono request context.
+ *
+ * # What this middleware does
+ *
+ * 1. On boot, constructs the configured `AuthIdentityProvider` from
+ *    `admin.auth` in the loaded SiteManifest. Falls back to the
+ *    `none`-mode provider when `admin.auth` is absent.
+ * 2. On every request, calls `provider.extractPrincipal(req)` and
+ *    attaches the result to `c.var.principal`.
+ * 3. Anonymous requests (provider returns `null`) get a synthesized
+ *    Principal with `id: 'unknown'` + `role: 'unknown'` + empty
+ *    capabilities. The capability-check middleware (Cut 8) decides
+ *    whether to allow these (none-mode or public routes) or 401.
+ * 4. Provider throws (`AuthenticationError`) → 401 with the error
+ *    message; doesn't leak details about the underlying failure.
+ *
+ * # Capability population
+ *
+ * For `forwarded-user` and `cloudflare-access` providers (which can
+ * surface upstream group claims), this middleware would call
+ * `resolveRole({ groups, mapping, customRoles })` to expand the
+ * principal's capabilities. v1 wires the role-resolver in a
+ * follow-up cut once one of the providers actually exposes group
+ * claims through the AuthRequest shape — for now the providers
+ * return `capabilities: []` and the operator's role mapping config
+ * doesn't reach the resolver yet.
+ *
+ * # Why this is its own middleware (not folded into the existing one)
+ *
+ * The existing `authMiddleware` is a simple bearer-token guard for
+ * `GAZETTA_TOKEN` — orthogonal to upstream-identity extraction.
+ * They compose: bearer-token gates "is this request allowed to
+ * reach the admin API at all"; principal middleware identifies
+ * "who is the user behind this request." Most deployments use
+ * one or the other (bearer-token for solo / dev; principal for
+ * team CMS); some compose both (CI pipeline auth-token + upstream
+ * Cloudflare Access for human users).
+ *
+ * # SOLID lenses
+ *
+ *   - SRP: extracts identity + attaches to context. Authorization
+ *     (capability checks) is Cut 8's middleware.
+ *   - DIP: depends on `AuthIdentityProvider` interface, not on
+ *     specific provider classes.
+ */
+import { createMiddleware } from 'hono/factory';
+import { AuthenticationError, noneAuthProvider, UNKNOWN_ACTOR_ID, } from '../../auth/index.js';
+/**
+ * The synthetic anonymous principal returned when no upstream
+ * identity is present. Surfaced as `id: 'unknown'`, `role:
+ * 'unknown'`, no capabilities — Cut 8's capability-check middleware
+ * 401s on any required capability.
+ */
+const ANONYMOUS_PRINCIPAL = {
+    id: UNKNOWN_ACTOR_ID,
+    role: 'unknown',
+    trustMode: 'none',
+    capabilities: [],
+};
+/**
+ * Adapt a Hono request into the `AuthRequest` shape the auth/
+ * providers expect. Headers come from Hono's case-insensitive
+ * lookup; we normalize to lowercase keys for provider consistency.
+ */
+function toAuthRequest(c) {
+    const headers = new Map();
+    // Hono exposes headers via c.req.header() (single value). The
+    // raw request headers are accessible via c.req.raw.headers
+    // which is a fetch-style Headers object.
+    const raw = c.req.raw.headers;
+    raw.forEach((value, key) => {
+        headers.set(key.toLowerCase(), value);
+    });
+    // Source IP — Hono doesn't expose this directly; honest extraction
+    // is per-platform (per design-audit.md's trust-mode-driven IP
+    // section). v1 reads from a CF-Connecting-IP / X-Forwarded-For
+    // best-effort; provider-specific extraction lands when the audit
+    // foundation's source-IP recording (Cut 4 of audit) ships.
+    const sourceIp = raw.get('cf-connecting-ip') ?? raw.get('x-real-ip') ?? extractFirstXffEntry(raw.get('x-forwarded-for'));
+    return {
+        headers,
+        sourceIp: sourceIp ?? undefined,
+        method: c.req.method,
+        url: c.req.url,
+    };
+}
+function extractFirstXffEntry(xff) {
+    if (!xff)
+        return null;
+    const first = xff.split(',')[0]?.trim();
+    return first || null;
+}
+/**
+ * Build the principal middleware. Pass the configured provider OR
+ * omit to fall back to `none` mode. Production wiring resolves the
+ * provider from `site.config.ts admin.auth` at boot.
+ */
+export function principalMiddleware(provider = noneAuthProvider) {
+    return createMiddleware(async (c, next) => {
+        let principal;
+        try {
+            principal = await provider.extractPrincipal(toAuthRequest(c));
+        }
+        catch (err) {
+            if (err instanceof AuthenticationError) {
+                // Surface as 401 with the error message. The provider's
+                // message is operator-facing diagnostic detail (e.g.,
+                // "JWT verification failed: signature invalid"); we surface
+                // it in a structured body. For external-facing 401s the
+                // middleware could mask the message, but this is admin-API
+                // only — operators benefit from the diagnostic context.
+                return c.json({ code: 'UNAUTHENTICATED', error: err.message }, 401, {
+                    'WWW-Authenticate': 'Bearer realm="gazetta-admin"',
+                });
+            }
+            // Unexpected (non-AuthenticationError) — let Hono's default
+            // error handler take over so the operator sees the stack.
+            throw err;
+        }
+        // Anonymous request — synthesize the unknown principal so
+        // downstream middleware always has a Principal to read.
+        c.set('principal', principal ?? ANONYMOUS_PRINCIPAL);
+        await next();
+    });
+}
+//# sourceMappingURL=principal.js.map

package/dist/admin-api/middleware/principal.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"principal.js","sourceRoot":"","sources":["../../../src/admin-api/middleware/principal.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8CG;AACH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAA;AAE/C,OAAO,EACL,mBAAmB,EAInB,gBAAgB,EAChB,gBAAgB,GACjB,MAAM,qBAAqB,CAAA;AAa5B;;;;;GAKG;AACH,MAAM,mBAAmB,GAAc;IACrC,EAAE,EAAE,gBAAgB;IACpB,IAAI,EAAE,SAAS;IACf,SAAS,EAAE,MAAM;IACjB,YAAY,EAAE,EAAE;CACjB,CAAA;AAED;;;;GAIG;AACH,SAAS,aAAa,CAAC,CAAU;IAC/B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAA;IACzC,8DAA8D;IAC9D,2DAA2D;IAC3D,yCAAyC;IACzC,MAAM,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAA;IAC7B,GAAG,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QACzB,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,EAAE,KAAK,CAAC,CAAA;IACvC,CAAC,CAAC,CAAA;IACF,mEAAmE;IACnE,8DAA8D;IAC9D,+DAA+D;IAC/D,iEAAiE;IACjE,2DAA2D;IAC3D,MAAM,QAAQ,GACZ,GAAG,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAA;IACzG,OAAO;QACL,OAAO;QACP,QAAQ,EAAE,QAAQ,IAAI,SAAS;QAC/B,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM;QACpB,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG;KACf,CAAA;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,GAAkB;IAC9C,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAA;IACrB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAA;IACvC,OAAO,KAAK,IAAI,IAAI,CAAA;AACtB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,WAAiC,gBAAgB;IACnF,OAAO,gBAAgB,CAAe,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACtD,IAAI,SAA2B,CAAA;QAC/B,IAAI,CAAC;YACH,SAAS,GAAG,MAAM,QAAQ,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAA;QAC/D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,mBAAmB,EAAE,CAAC;gBACvC,wDAAwD;gBACxD,sDAAsD;gBACtD,4DAA4D;gBAC5D,wDAAwD;gBACxD,2DAA2D;gBAC3D,wDAAwD;gBACxD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,iBAA0B,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,GAAG,EAAE;oBAC3E,kBAAkB,EAAE,8BAA8B;iBACnD,CAAC,CAAA;YACJ,CAAC;YACD,4DAA4D;YAC5D,0DAA0D;YAC1D,MAAM,GAAG,CAAA;QACX,CAAC;QACD,0DAA0D;QAC1D,wDAAwD;QACxD,CAAC,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,IAAI,mBAAmB,CAAC,CAAA;QACpD,MAAM,IAAI,EAAE,CAAA;IACd,CAAC,CAAC,CAAA;AACJ,CAAC"}

package/dist/admin-api/routes/archive-review.d.ts ADDED Viewed

@@ -0,0 +1,80 @@
+/**
+ * Cut 14 — review-workflow integration for archive lifecycle.
+ *
+ * Per `design-soft-delete.md` Q9 (N-A.2 + N-B.1):
+ *   - Archive on `pending-review` → auto-withdraw fires first; then archive.
+ *     Two audit events emitted: `review-withdraw` with
+ *     `metadata.autoWithdrawn: true`, then `archive`.
+ *   - Archive on `approved` → approved state discarded; no synthetic
+ *     withdraw event (the prior state is recorded in archive metadata
+ *     as `priorReviewState: 'approved'`).
+ *   - Archive on `draft` → no review-related side effects.
+ *   - Restore (unarchive) → always to `draft`, regardless of prior state.
+ *     Author re-submits if review needed. Auto-restoring to `approved`
+ *     would let stale content ship without re-validation.
+ *
+ * # Forward-compat with review-workflow's Tier-3 timeline
+ *
+ * The review-workflow foundation hasn't shipped. Today's manifests
+ * never carry a `reviewState` field; this module's logic is therefore
+ * a no-op on every current production save. When review-workflow Cut 6
+ * lands and starts writing `reviewState` to manifests, this module
+ * activates without code changes.
+ *
+ * Gate is data-driven (`manifest.reviewState` presence), not config-
+ * driven (`reviewWorkflow.enabled` flag). The plan's wording around a
+ * config flag is one valid implementation; data-driven is honest:
+ * "if this item has review state, handle it; else no-op." When
+ * review-workflow ships its config field, no flag-check refactor is
+ * needed.
+ *
+ * # SOLID lenses
+ *
+ *   - SRP: this module owns the archive ↔ review-state interaction.
+ *     `archive.ts`'s `handleArchive` calls one function (`prepareForArchive`)
+ *     and consumes its returned audit events; doesn't replicate state-
+ *     machine knowledge.
+ *   - DIP: `handleArchive` depends on the helper's typed return shape,
+ *     not on review-state field names baked into the route handler.
+ *   - OCP: when review-workflow ships its full state machine
+ *     (additional states, transitions like `pending-publish`), this
+ *     helper extends with new branches; archive route untouched.
+ */
+import type { ComponentManifest } from '../../types.js';
+import type { RecordEventInput } from '../../audit/context.js';
+/**
+ * Build the synthetic `review-withdraw` audit event emitted when
+ * archive auto-withdraws a `pending-review` submission. Per
+ * `design-soft-delete.md` Q9 audit shape lock.
+ *
+ * Returns `null` when the prior state isn't `pending-review` —
+ * other states (draft, approved) don't emit a synthetic withdraw.
+ * Approved state discards as part of the archive event itself
+ * (recorded via `priorReviewState` metadata).
+ */
+export declare function buildAutoWithdrawEvent(manifest: ComponentManifest, scope: {
+    kind: 'page' | 'fragment';
+    name: string;
+}): RecordEventInput | null;
+/**
+ * Compute additional metadata for the `archive` audit event capturing
+ * the item's prior review state. Returns an empty object for items
+ * without review state (current production behavior).
+ *
+ * `priorReviewState` is a non-prescriptive forensic record: the
+ * restore-always-to-draft invariant (Q9 N-B.1) means this metadata
+ * is never auto-applied on unarchive. It exists so operators can
+ * reconstruct "what state did this item have before it was archived?"
+ * via audit-log query alone, without re-reading the historical manifest.
+ */
+export declare function archiveReviewMetadata(manifest: ComponentManifest): Record<string, unknown>;
+/**
+ * Strip `reviewState` from a restored (unarchived) manifest. Per
+ * `design-soft-delete.md` Q9 N-B.1: restore always to draft; the
+ * absence of `reviewState` IS the draft state in the
+ * review-workflow's data model. Author re-submits if review needed.
+ *
+ * Returns the manifest unchanged when no review state was set.
+ */
+export declare function stripReviewStateForRestore(manifest: ComponentManifest): ComponentManifest;
+//# sourceMappingURL=archive-review.d.ts.map

package/dist/admin-api/routes/archive-review.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"archive-review.d.ts","sourceRoot":"","sources":["../../../src/admin-api/routes/archive-review.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyCG;AACH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AACvD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAA;AAgB9D;;;;;;;;;GASG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,iBAAiB,EAC3B,KAAK,EAAE;IAAE,IAAI,EAAE,MAAM,GAAG,UAAU,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GACjD,gBAAgB,GAAG,IAAI,CAczB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,iBAAiB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAI1F;AAED;;;;;;;GAOG;AACH,wBAAgB,0BAA0B,CAAC,QAAQ,EAAE,iBAAiB,GAAG,iBAAiB,CAIzF"}

package/dist/admin-api/routes/archive-review.js ADDED Viewed

@@ -0,0 +1,70 @@
+/**
+ * Read `reviewState` from a manifest without committing the field
+ * to `ComponentManifest`'s public type. The review-workflow
+ * foundation will lock the field's shape when it ships; until then,
+ * callers narrow at the read site.
+ *
+ * Returns the string state when present; `undefined` for live
+ * manifests today (every current production manifest).
+ */
+function readReviewState(manifest) {
+    const m = manifest;
+    return typeof m.reviewState === 'string' ? m.reviewState : undefined;
+}
+/**
+ * Build the synthetic `review-withdraw` audit event emitted when
+ * archive auto-withdraws a `pending-review` submission. Per
+ * `design-soft-delete.md` Q9 audit shape lock.
+ *
+ * Returns `null` when the prior state isn't `pending-review` —
+ * other states (draft, approved) don't emit a synthetic withdraw.
+ * Approved state discards as part of the archive event itself
+ * (recorded via `priorReviewState` metadata).
+ */
+export function buildAutoWithdrawEvent(manifest, scope) {
+    const priorState = readReviewState(manifest);
+    if (priorState !== 'pending-review')
+        return null;
+    return {
+        action: 'review-withdraw',
+        outcome: 'success',
+        scope,
+        metadata: {
+            autoWithdrawn: true,
+            reason: 'archive',
+            priorState,
+        },
+    };
+}
+/**
+ * Compute additional metadata for the `archive` audit event capturing
+ * the item's prior review state. Returns an empty object for items
+ * without review state (current production behavior).
+ *
+ * `priorReviewState` is a non-prescriptive forensic record: the
+ * restore-always-to-draft invariant (Q9 N-B.1) means this metadata
+ * is never auto-applied on unarchive. It exists so operators can
+ * reconstruct "what state did this item have before it was archived?"
+ * via audit-log query alone, without re-reading the historical manifest.
+ */
+export function archiveReviewMetadata(manifest) {
+    const priorState = readReviewState(manifest);
+    if (!priorState)
+        return {};
+    return { priorReviewState: priorState };
+}
+/**
+ * Strip `reviewState` from a restored (unarchived) manifest. Per
+ * `design-soft-delete.md` Q9 N-B.1: restore always to draft; the
+ * absence of `reviewState` IS the draft state in the
+ * review-workflow's data model. Author re-submits if review needed.
+ *
+ * Returns the manifest unchanged when no review state was set.
+ */
+export function stripReviewStateForRestore(manifest) {
+    if (readReviewState(manifest) === undefined)
+        return manifest;
+    const { reviewState: _strip, ...rest } = manifest;
+    return rest;
+}
+//# sourceMappingURL=archive-review.js.map

package/dist/admin-api/routes/archive-review.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"archive-review.js","sourceRoot":"","sources":["../../../src/admin-api/routes/archive-review.ts"],"names":[],"mappings":"AA6CA;;;;;;;;GAQG;AACH,SAAS,eAAe,CAAC,QAA2B;IAClD,MAAM,CAAC,GAAG,QAAyD,CAAA;IACnE,OAAO,OAAO,CAAC,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAA;AACtE,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,sBAAsB,CACpC,QAA2B,EAC3B,KAAkD;IAElD,MAAM,UAAU,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAA;IAC5C,IAAI,UAAU,KAAK,gBAAgB;QAAE,OAAO,IAAI,CAAA;IAEhD,OAAO;QACL,MAAM,EAAE,iBAAiB;QACzB,OAAO,EAAE,SAAS;QAClB,KAAK;QACL,QAAQ,EAAE;YACR,aAAa,EAAE,IAAI;YACnB,MAAM,EAAE,SAAS;YACjB,UAAU;SACX;KACF,CAAA;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAA2B;IAC/D,MAAM,UAAU,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAA;IAC5C,IAAI,CAAC,UAAU;QAAE,OAAO,EAAE,CAAA;IAC1B,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,CAAA;AACzC,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,0BAA0B,CAAC,QAA2B;IACpE,IAAI,eAAe,CAAC,QAAQ,CAAC,KAAK,SAAS;QAAE,OAAO,QAAQ,CAAA;IAC5D,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,QAAyD,CAAA;IAClG,OAAO,IAAyB,CAAA;AAClC,CAAC"}

package/dist/admin-api/routes/archive.d.ts ADDED Viewed

@@ -0,0 +1,145 @@
+/**
+ * Archive / unarchive / purge routes for pages + fragments.
+ *
+ * Per `design-soft-delete.md`'s Cut 5 lock and the implementation
+ * grilling Q1 (one `archive.ts` module mounting both kinds): the
+ * lifecycle is the same shape for pages and fragments; the only
+ * axis that differs is the manifest filename + ItemRef source.
+ * Co-locating keeps "what does the archive lifecycle do?" answerable
+ * by reading one file.
+ *
+ * # The six routes
+ *
+ *   POST   /api/pages/:name/archive       (capability: delete:pages)
+ *   POST   /api/pages/:name/unarchive     (capability: edit:pages)
+ *   DELETE /api/pages/:name/purge         (capability: delete:pages)
+ *   POST   /api/fragments/:name/archive   (capability: delete:fragments)
+ *   POST   /api/fragments/:name/unarchive (capability: edit:fragments)
+ *   DELETE /api/fragments/:name/purge     (capability: delete:fragments)
+ *
+ * Capability assignment per implementation Q6 (locked F1): archive +
+ * purge are delete-class; unarchive is edit-class. Symmetric authority
+ * (delete-class to remove from production; edit-class to bring back).
+ *
+ * # Direct write, own pipeline (Q2 lock B1)
+ *
+ * Archive is a lifecycle event, not a content edit. Don't reuse the
+ * PUT pipeline — it would fire `beforeSave` / `afterSave` hooks built
+ * for content saves and run save-delta validation against the full
+ * schema. Archive flips a manifest field; the audit `action` is
+ * `archive` / `unarchive` / `purge`, NOT `save`.
+ *
+ * # Existing dep-sidecars untouched on archive (Q3 lock C1)
+ *
+ * Archived items keep their `asset-refs` and `fragment-deps` sidecars.
+ * An archive still references its assets / fragments — that's why an
+ * asset-purge attempt finds it. Tearing down on archive (and rebuilding
+ * on unarchive) would silently break refs whenever an asset got purged
+ * during the archive window. Tear-down happens on PURGE only.
+ *
+ * # `archive-aliases` reverse index (Cut 5a)
+ *
+ * Cut 5a shipped `archive-aliases.ts` — a per-edge sidecar at
+ * `.gazetta/alias-targets/{aliasTarget}/{encoded-source-item}`. The
+ * archive route writes it on archive-with-aliasOf; the purge route
+ * reads it (via `readArchivesAliasing`) for the alias-pointers part of
+ * the purge-blocked check. Per `team-preferences.md` rule 24: at the
+ * 5K-page envelope, walking every manifest to find aliases is ~30s on
+ * cloud; the sidecar is ~5ms `readDir`. Same pattern as `asset-refs`.
+ *
+ * # Purge-blocked: one 409 with both arrays (Q4 lock D1)
+ *
+ *   { code: 'DELETE_BLOCKED', aliases: [...], liveRefs: [...] }
+ *
+ * One 409, both arrays present. Surfaces every blocker in one
+ * round-trip; lets the author resolve in any order. UI gets one panel
+ * to render. Empty array when that class isn't blocking.
+ *
+ * # `?force=true` bypass (Q5 lock E1)
+ *
+ * Bypasses BOTH alias-pointers AND live-refs. One mental model — "I am
+ * an operator overriding the safety check." Audit records what was
+ * bypassed (`metadata.bypassedAliases` + `metadata.bypassedRefs`) so
+ * forensics finds what broke. Validators surface dangling aliases on
+ * the next save (P3); render emits 404 / errors on broken refs.
+ *
+ * # SOLID lenses
+ *
+ *   - SRP: this module owns the archive lifecycle. Doesn't touch the
+ *     PUT pipeline (Q2 B1); doesn't touch dep-sidecars on archive
+ *     (Q3 C1). Each function answers one question.
+ *   - DIP: routes consume `SourceContextResolver` like every other
+ *     route module; archive primitives consume the typed `ItemKind`
+ *     parameter rather than branching on URL shape inside helpers.
+ */
+import { Hono } from 'hono';
+import type { Context } from 'hono';
+import type { SourceContextResolver } from '../source-context.js';
+import type { AuditEnv } from '../middleware/audit.js';
+import type { ItemRef } from '../../dep-sidecars.js';
+type ItemKind = 'page' | 'fragment';
+export interface ItemHandle {
+    /** ItemRef source axis (`page` | `fragment`); used for sidecar lookup. */
+    refSource: ItemRef['source'];
+    /** The audit + scope kind. Same value as `refSource`; named for clarity. */
+    scopeKind: ItemKind;
+    /** Manifest filename (`page.json` or `fragment.json`). */
+    filename: string;
+    /** Verbose name used in error messages. */
+    label: string;
+}
+export declare const PAGE_HANDLE: ItemHandle;
+export declare const FRAGMENT_HANDLE: ItemHandle;
+/**
+ * Background-scanner notification options for the archive lifecycle.
+ *
+ * Every archive transition (archive / unarchive / purge / setAlias)
+ * is a manifest write — it must notify the validation scanner so
+ * background-stage validators (P1: `referenced-archived-without-alias`,
+ * P2: `dangling-alias`, P5: `aliasof-points-to-archived`) re-run on
+ * the affected item and clear stale cache entries.
+ *
+ * Same shape as `manifest-save.ts`'s `scanner.rescan(cause)` call;
+ * fire-and-forget — the route response doesn't block on scanner work.
+ * Cross-foundation gap #6 from `testing-plan.md` punch list.
+ */
+export interface ArchiveRoutesOptions {
+    scanner?: import('../../validation/scanner.js').ValidationScanner | null;
+}
+export declare function archiveRoutes(resolve: SourceContextResolver, opts?: ArchiveRoutesOptions): Hono<AuditEnv, import("hono/types").BlankSchema, "/">;
+export declare function handleArchive(c: Context<AuditEnv>, resolve: SourceContextResolver, handle: ItemHandle, scanner?: import('../../validation/scanner.js').ValidationScanner | null): Promise<(Response & import("hono").TypedResponse<{
+    error: string;
+}, 400, "json">) | (Response & import("hono").TypedResponse<{
+    error: string;
+}, 404, "json">) | (Response & import("hono").TypedResponse<{
+    code: "ARCHIVE_HAS_LIVE_REFS";
+    liveRefs: {
+        kind: "page" | "fragment";
+        name: string;
+    }[];
+}, 409, "json">) | (Response & import("hono").TypedResponse<{
+    ok: true;
+    name: string;
+    archivedAt: string;
+    aliasOf?: string | undefined;
+}, import("hono/utils/http-status").ContentfulStatusCode, "json">)>;
+export declare function handlePurge(c: Context<AuditEnv>, resolve: SourceContextResolver, handle: ItemHandle, scanner?: import('../../validation/scanner.js').ValidationScanner | null): Promise<(Response & import("hono").TypedResponse<{
+    error: string;
+}, 400, "json">) | (Response & import("hono").TypedResponse<{
+    error: string;
+}, 404, "json">) | (Response & import("hono").TypedResponse<{
+    code: "DELETE_BLOCKED";
+    aliases: {
+        kind: "page" | "fragment";
+        name: string;
+    }[];
+    liveRefs: {
+        kind: "page" | "fragment";
+        name: string;
+    }[];
+}, 409, "json">) | (Response & import("hono").TypedResponse<{
+    ok: true;
+    name: string;
+}, import("hono/utils/http-status").ContentfulStatusCode, "json">)>;
+export {};
+//# sourceMappingURL=archive.d.ts.map

package/dist/admin-api/routes/archive.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"archive.d.ts","sourceRoot":"","sources":["../../../src/admin-api/routes/archive.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyEG;AACH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAC3B,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AAEnC,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAA;AAIjE,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAA;AACtD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAA;AAmBpD,KAAK,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAA;AAEnC,MAAM,WAAW,UAAU;IACzB,0EAA0E;IAC1E,SAAS,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAA;IAC5B,4EAA4E;IAC5E,SAAS,EAAE,QAAQ,CAAA;IACnB,0DAA0D;IAC1D,QAAQ,EAAE,MAAM,CAAA;IAChB,2CAA2C;IAC3C,KAAK,EAAE,MAAM,CAAA;CACd;AAED,eAAO,MAAM,WAAW,EAAE,UAKzB,CAAA;AAED,eAAO,MAAM,eAAe,EAAE,UAK7B,CAAA;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,oBAAoB;IACnC,OAAO,CAAC,EAAE,OAAO,6BAA6B,EAAE,iBAAiB,GAAG,IAAI,CAAA;CACzE;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,qBAAqB,EAAE,IAAI,GAAE,oBAAyB,yDAoC5F;AAuBD,wBAAsB,aAAa,CACjC,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAC,EACpB,OAAO,EAAE,qBAAqB,EAC9B,MAAM,EAAE,UAAU,EAClB,OAAO,GAAE,OAAO,6BAA6B,EAAE,iBAAiB,GAAG,IAAW;;;;;;;;;;;;;;;oEA+H/E;AAmJD,wBAAsB,WAAW,CAC/B,CAAC,EAAE,OAAO,CAAC,QAAQ,CAAC,EACpB,OAAO,EAAE,qBAAqB,EAC9B,MAAM,EAAE,UAAU,EAClB,OAAO,GAAE,OAAO,6BAA6B,EAAE,iBAAiB,GAAG,IAAW;;;;;;;;;;;;;;;;;oEA0F/E"}