includio-cms 0.19.0 → 0.21.0

package/dist/admin/client/users/delete-user-dialog.svelte

@@ -82,7 +82,7 @@
 							{lang.deleteWarningTitle}
 						</p>
 						<p class="mt-1 text-sm" style="color: var(--muted-foreground);">
-							{@html lang.deleteWarningDesc(user.name)}
+							{lang.deleteWarningDesc.before}<strong>{user.name}</strong>{lang.deleteWarningDesc.after}
 						</p>
 					</div>
 				</div>
@@ -90,7 +90,7 @@
 				<!-- Confirm input -->
 				<div class="space-y-2">
 					<Label for="delete-confirm">
-						{@html lang.deleteConfirmType}
+						{lang.deleteConfirmType.before}<strong>{lang.deleteConfirmWord}</strong>{lang.deleteConfirmType.after}
 					</Label>
 					<Input
 						id="delete-confirm"

package/dist/admin/client/users/lang.d.ts

@@ -24,8 +24,16 @@ export declare const usersLang: Record<InterfaceLanguage, {
     deleteConfirmTitle: string;
     deleteConfirmDescription: string;
     deleteWarningTitle: string;
-    deleteWarningDesc: (name: string) => string;
-    deleteConfirmType: string;
+    /** Split into `before` / `after`; the user name is rendered between them in template (avoids `{@html}`). */
+    deleteWarningDesc: {
+        before: string;
+        after: string;
+    };
+    /** Split into `before` / `after`; `deleteConfirmWord` is rendered between them. */
+    deleteConfirmType: {
+        before: string;
+        after: string;
+    };
     deleteConfirmWord: string;
     userCreated: string;
     userUpdated: string;

package/dist/admin/client/users/lang.js

@@ -24,8 +24,11 @@ export const usersLang = {
         deleteConfirmTitle: 'Delete user?',
         deleteConfirmDescription: 'This action cannot be undone. The user will be permanently deleted.',
         deleteWarningTitle: 'This action cannot be undone',
-        deleteWarningDesc: (name) => `User <strong>${name}</strong> will be permanently deleted along with all their data.`,
-        deleteConfirmType: 'Type <strong>DELETE</strong> to confirm',
+        deleteWarningDesc: {
+            before: 'User ',
+            after: ' will be permanently deleted along with all their data.'
+        },
+        deleteConfirmType: { before: 'Type ', after: ' to confirm' },
         deleteConfirmWord: 'DELETE',
         userCreated: 'User created',
         userUpdated: 'User updated',
@@ -107,8 +110,11 @@ export const usersLang = {
         deleteConfirmTitle: 'Usunąć użytkownika?',
         deleteConfirmDescription: 'Ta akcja jest nieodwracalna. Użytkownik zostanie trwale usunięty.',
         deleteWarningTitle: 'Tej operacji nie można cofnąć',
-        deleteWarningDesc: (name) => `Użytkownik <strong>${name}</strong> zostanie trwale usunięty wraz ze wszystkimi danymi.`,
-        deleteConfirmType: 'Wpisz <strong>USUŃ</strong>, żeby potwierdzić',
+        deleteWarningDesc: {
+            before: 'Użytkownik ',
+            after: ' zostanie trwale usunięty wraz ze wszystkimi danymi.'
+        },
+        deleteConfirmType: { before: 'Wpisz ', after: ', żeby potwierdzić' },
         deleteConfirmWord: 'USUŃ',
         userCreated: 'Użytkownik utworzony',
         userUpdated: 'Użytkownik zaktualizowany',

package/dist/components/ui/input-group/input-group-input.svelte.d.ts

@@ -2,7 +2,7 @@ declare const InputGroupInput: import("svelte").Component<(Omit<import("svelte/e
     type: "file";
     files?: FileList;
 } | {
-    type?: "number" | "image" | "url" | "text" | "date" | "radio" | "color" | "button" | "checkbox" | "search" | (string & {}) | "email" | "time" | "password" | "hidden" | "reset" | "submit" | "tel" | "datetime-local" | "month" | "range" | "week";
+    type?: "number" | "image" | "url" | "text" | "date" | "radio" | "color" | "button" | "checkbox" | "search" | (string & {}) | "email" | "password" | "time" | "hidden" | "reset" | "submit" | "tel" | "datetime-local" | "month" | "range" | "week";
     files?: undefined;
 })) & {
     ref?: HTMLElement | null | undefined;

package/dist/components/ui/sidebar/sidebar-input.svelte.d.ts

@@ -2,7 +2,7 @@ declare const SidebarInput: import("svelte").Component<(Omit<import("svelte/elem
     type: "file";
     files?: FileList;
 } | {
-    type?: "number" | "image" | "url" | "text" | "date" | "radio" | "color" | "button" | "checkbox" | "search" | (string & {}) | "email" | "time" | "password" | "hidden" | "reset" | "submit" | "tel" | "datetime-local" | "month" | "range" | "week";
+    type?: "number" | "image" | "url" | "text" | "date" | "radio" | "color" | "button" | "checkbox" | "search" | (string & {}) | "email" | "password" | "time" | "hidden" | "reset" | "submit" | "tel" | "datetime-local" | "month" | "range" | "week";
     files?: undefined;
 })) & {
     ref?: HTMLElement | null | undefined;

package/dist/core/cms.d.ts

@@ -38,4 +38,8 @@ export declare class CMS implements ICMS {
     getFormBySlug(slug: string): FormConfig;
 }
 export declare function initCMS(config: CMSConfig): CMS;
+/**
+ * Returns the singleton CMS instance. Must be called after `includioCMS()` initializes the CMS in `hooks.server.ts`.
+ * @public
+ */
 export declare function getCMS(): CMS;

package/dist/core/cms.js

@@ -159,6 +159,10 @@ export function initCMS(config) {
         .catch((e) => console.warn('[cms] Failed to start background maintenance:', e));
     return cms;
 }
+/**
+ * Returns the singleton CMS instance. Must be called after `includioCMS()` initializes the CMS in `hooks.server.ts`.
+ * @public
+ */
 export function getCMS() {
     if (!cms) {
         throw new Error('CMS not initialized. Call initCMS() first with your CMS config.');

package/dist/core/index.d.ts

@@ -1,2 +1,4 @@
 export { getCMS } from './cms.js';
 export { resolveMediaWithStyles, type ResolvedMedia } from './server/fields/utils/resolveMedia.js';
+export { createEntityAPI } from '../entity/index.js';
+export { getAuth } from '../server/auth.js';

package/dist/core/index.js

@@ -1,2 +1,4 @@
 export { getCMS } from './cms.js';
 export { resolveMediaWithStyles } from './server/fields/utils/resolveMedia.js';
+export { createEntityAPI } from '../entity/index.js';
+export { getAuth } from '../server/auth.js';

package/dist/core/server/consentLogs/operations/create.d.ts

@@ -1,2 +1,6 @@
 import type { ConsentLogData } from '../../../../types/consent.js';
+/**
+ * Persists a CMP consent log entry via the database adapter.
+ * @public
+ */
 export declare const createConsentLog: (data: ConsentLogData) => Promise<void>;

package/dist/core/server/consentLogs/operations/create.js

@@ -1,4 +1,8 @@
 import { getCMS } from '../../../cms.js';
+/**
+ * Persists a CMP consent log entry via the database adapter.
+ * @public
+ */
 export const createConsentLog = async (data) => {
     await getCMS().databaseAdapter.createConsentLog(data);
 };

package/dist/core/server/fields/utils/resolveMedia.d.ts

@@ -1,12 +1,15 @@
 import type { ImageFieldStyle } from '../../../../types/fields.js';
 import type { ImageStyle, MediaFile } from '../../../../types/media.js';
+/**
+ * @public
+ */
 export interface ResolvedMedia {
     data: MediaFile;
     styles: Record<string, ImageStyle>;
     blurDataUrl: string | null;
 }
 /**
- * Resolve media files by IDs and generate image styles.
- * Useful for plugins that need to resolve media references (e.g. photo-grid).
+ * Resolve media files by IDs and generate image styles. Useful for plugins resolving media references (e.g. photo-grid).
+ * @public
  */
 export declare function resolveMediaWithStyles(mediaIds: string[], styles?: ImageFieldStyle[]): Promise<Record<string, ResolvedMedia>>;

package/dist/core/server/fields/utils/resolveMedia.js

@@ -1,8 +1,8 @@
 import { getCMS } from '../../../cms.js';
 import { getImageStyles } from './imageStyles.js';
 /**
- * Resolve media files by IDs and generate image styles.
- * Useful for plugins that need to resolve media references (e.g. photo-grid).
+ * Resolve media files by IDs and generate image styles. Useful for plugins resolving media references (e.g. photo-grid).
+ * @public
  */
 export async function resolveMediaWithStyles(mediaIds, styles) {
     if (!mediaIds.length)

package/dist/core/server/forms/submissions/operations/create.d.ts

@@ -1,7 +1,14 @@
+/**
+ * @public
+ */
 export interface CreateFormSubmissionOptions {
     slug: string;
     data: Record<string, unknown>;
     ip?: string;
     userAgent?: string;
 }
+/**
+ * Persists a form submission and triggers best-effort notification email. Returns `true` if the row was written (email failures are logged, do not affect return).
+ * @public
+ */
 export declare const createFormSubmission: (options: CreateFormSubmissionOptions) => Promise<boolean>;

package/dist/core/server/forms/submissions/operations/create.js

@@ -1,6 +1,10 @@
 import { getLocalizedLabel } from '../../../../../admin/utils/collectionLabel.js';
 import { getCMS } from '../../../../cms.js';
 import { generateZodSchemaFromFormFields } from '../../../../fields/formFieldSchemaToTs.js';
+/**
+ * Persists a form submission and triggers best-effort notification email. Returns `true` if the row was written (email failures are logged, do not affect return).
+ * @public
+ */
 export const createFormSubmission = async (options) => {
     const { slug, data, ip, userAgent } = options;
     const config = getCMS().getFormBySlug(slug);

package/dist/core/server/forms/submissions/utils/parseMultipart.d.ts

@@ -1,2 +1,6 @@
 import type { FormField } from '../../../../../types/formFields.js';
+/**
+ * Parses multipart `FormData` into a typed record of field values, handling file uploads via the configured files adapter.
+ * @public
+ */
 export declare function parseFormDataForSubmission(formData: FormData, fields: FormField[]): Promise<Record<string, unknown>>;

package/dist/core/server/forms/submissions/utils/parseMultipart.js

@@ -25,6 +25,10 @@ function validateMagicBytes(buffer, declaredMime) {
     }
     return false;
 }
+/**
+ * Parses multipart `FormData` into a typed record of field values, handling file uploads via the configured files adapter.
+ * @public
+ */
 export async function parseFormDataForSubmission(formData, fields) {
     const result = {};
     const fileFields = new Map(fields.filter((f) => f.type === 'file').map((f) => [f.slug, f]));

package/dist/core/server/media/operations/uploadFile.js

@@ -4,6 +4,7 @@ import { generateAdminThumbnail } from '../utils/generateAdminThumbnail.js';
 import { generateDefaultStylesInBackground } from '../styles/operations/generateDefaultStyles.js';
 import { generateDefaultVideoStylesInBackground } from '../styles/operations/generateDefaultVideoStyles.js';
 import sharp from 'sharp';
+import { withTimeout, sharpTimeoutMs } from '../../../../server/utils/withTimeout.js';
 async function maybeDownscale(file) {
     const cms = getCMS();
     const { maxOriginalWidth, maxOriginalHeight } = cms.mediaConfig;
@@ -14,19 +15,19 @@ async function maybeDownscale(file) {
         return file;
     try {
         const buffer = Buffer.from(await file.arrayBuffer());
-        const metadata = await sharp(buffer).metadata();
+        const metadata = await withTimeout(sharp(buffer).metadata(), sharpTimeoutMs(), 'sharp.metadata');
         const w = metadata.width || 0;
         const h = metadata.height || 0;
         const exceedsWidth = maxOriginalWidth && w > maxOriginalWidth;
         const exceedsHeight = maxOriginalHeight && h > maxOriginalHeight;
         if (!exceedsWidth && !exceedsHeight)
             return file;
-        const resized = await sharp(buffer)
+        const resized = await withTimeout(sharp(buffer)
             .resize(maxOriginalWidth, maxOriginalHeight, {
             fit: 'inside',
             withoutEnlargement: true
         })
-            .toBuffer();
+            .toBuffer(), sharpTimeoutMs(), 'sharp.resize');
         return new File([new Uint8Array(resized)], file.name, { type: file.type });
     }
     catch (e) {

package/dist/core/server/media/styles/sharp/generateImageStyle.js

@@ -1,6 +1,7 @@
 import { getCMS } from '../../../../cms.js';
 import sharp from 'sharp';
 import { calculateFocalCropRegion } from '../../utils/calculateFocalCropRegion.js';
+import { withTimeout, sharpTimeoutMs } from '../../../../../server/utils/withTimeout.js';
 export async function generateImageStyle(mediaFileId, style) {
     const mediaFile = await getCMS().databaseAdapter.getMediaFile({
         data: {
@@ -19,7 +20,7 @@ export async function generateImageStyle(mediaFileId, style) {
 }
 export async function generateImageStyleFromBuffer(buf, mediaFile, style) {
     // Read EXIF orientation before processing
-    const metadata = await sharp(buf).metadata();
+    const metadata = await withTimeout(sharp(buf).metadata(), sharpTimeoutMs(), 'sharp.metadata');
     // .rotate() applies EXIF orientation to pixels AND strips the tag from output.
     // Prevents double-rotation in WebP/JPEG where EXIF orientation tag may persist.
     let sharpInstance = sharp(buf).rotate();
@@ -79,7 +80,7 @@ export async function generateImageStyleFromBuffer(buf, mediaFile, style) {
     const originalExt = mediaFile.mimeType?.split('/').pop() ?? mediaFile.url.split('.').pop();
     const format = style.format ?? originalExt ?? 'jpeg';
     sharpInstance = sharpInstance.toFormat(format, style.quality != null ? { quality: Math.max(1, Math.min(100, style.quality)) } : undefined);
-    const outputBuffer = await sharpInstance.toBuffer();
+    const outputBuffer = await withTimeout(sharpInstance.toBuffer(), sharpTimeoutMs(), 'sharp.toBuffer');
     return getCMS().filesAdapter.uploadFile(new File([new Uint8Array(outputBuffer)], `${mediaFile.id}_${style.name}_${Date.now().toString(36)}.${format}`, {
         type: `image/${format}`
     }));

package/dist/core/server/media/utils/generateAdminThumbnail.js

@@ -1,14 +1,15 @@
 import { getCMS } from '../../../cms.js';
 import { isProcessableImage } from '../../fields/utils/imageStyles.js';
 import sharp from 'sharp';
+import { withTimeout, sharpTimeoutMs } from '../../../../server/utils/withTimeout.js';
 const THUMB_WIDTH = 400;
 const THUMB_QUALITY = 70;
 export async function generateAdminThumbnail(buffer, mediaFile) {
-    const output = await sharp(buffer)
+    const output = await withTimeout(sharp(buffer)
         .rotate()
         .resize(THUMB_WIDTH, undefined, { withoutEnlargement: true })
         .toFormat('webp', { quality: THUMB_QUALITY })
-        .toBuffer();
+        .toBuffer(), sharpTimeoutMs(), 'sharp.adminThumbnail');
     const filename = `${mediaFile.id}_admin_thumb_${Date.now().toString(36)}.webp`;
     const uploaded = await getCMS().filesAdapter.uploadFile(new File([new Uint8Array(output)], filename, { type: 'image/webp' }));
     return uploaded.url;

package/dist/core/server/media/utils/generateBlurDataUrl.js

@@ -1,5 +1,6 @@
 import sharp from 'sharp';
+import { withTimeout, sharpTimeoutMs } from '../../../../server/utils/withTimeout.js';
 export async function generateBlurDataUrl(buffer) {
-    const blurBuffer = await sharp(buffer).resize(20).blur(10).toFormat('webp').toBuffer();
+    const blurBuffer = await withTimeout(sharp(buffer).resize(20).blur(10).toFormat('webp').toBuffer(), sharpTimeoutMs(), 'sharp.blurDataUrl');
     return `data:image/webp;base64,${blurBuffer.toString('base64')}`;
 }

package/dist/db-postgres/index.d.ts

@@ -2,6 +2,8 @@ import { drizzle } from 'drizzle-orm/postgres-js';
 import type { Config } from './types.js';
 import * as schema from './schema/index.js';
 import type { DatabaseAdapter } from '../types/adapters/db.js';
+export * from './schema/index.js';
+export * from '../server/db/schema/auth-schema.js';
 export type DatabaseAdapterWithDrizzle = DatabaseAdapter & {
     _drizzle: ReturnType<typeof drizzle<typeof schema>>;
 };

package/dist/db-postgres/index.js

@@ -262,6 +262,9 @@ function buildMediaFileConditions(db, options) {
     }
     return conditions;
 }
+// Schema re-exports (folded from `./db-postgres/schema-core`, `./db-postgres/schema-shop`, `./auth-schema` in 0.20.0)
+export * from './schema/index.js';
+export * from '../server/db/schema/auth-schema.js';
 /**
  * Postgres database adapter (drizzle + `postgres`).
  * @public

package/dist/entity/index.d.ts

@@ -7,6 +7,10 @@ interface CreateOptions {
     skipValidation?: boolean;
     sortOrder?: number;
 }
+/**
+ * Creates a high-level Entity API (CRUD + publish/archive) bound to a CMS instance and a user.
+ * @public
+ */
 export declare function createEntityAPI(cms: CMS, opts?: EntityAPIOptions): {
     create(slug: string, data?: EntryData, options?: CreateOptions & {
         lang?: string;

package/dist/entity/index.js

@@ -1,6 +1,10 @@
 import { generateZodSchemaFromFields } from '../core/fields/fieldSchemaToTs.js';
 import { getFieldsFromConfig } from '../core/fields/layoutUtils.js';
 import { _getRawEntries as getRawEntries } from '../core/server/entries/operations/get.js';
+/**
+ * Creates a high-level Entity API (CRUD + publish/archive) bound to a CMS instance and a user.
+ * @public
+ */
 export function createEntityAPI(cms, opts) {
     const db = cms.databaseAdapter;
     const userId = opts?.userId ?? 'system';

package/dist/files-local/index.d.ts

@@ -1,4 +1,5 @@
 import type { FilesAdapter } from '../types/adapters/files.js';
+/** @internal */
 export declare const fullDir: string;
 export interface LocalFilesConfig {
     ffmpegPath?: string;

package/dist/files-local/index.js

@@ -9,6 +9,7 @@ import { processVideo, setFfmpegPaths } from './video.js';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
 global.__dirname = __dirname ?? '';
+/** @internal */
 export const fullDir = process.env.NODE_ENV === 'production' ? `/data/uploads` : `./static/uploads`;
 const privateDir = process.env.NODE_ENV === 'production' ? `/data/private-uploads` : `./data/private-uploads`;
 async function ensureDir(dir) {

package/dist/index.d.ts

@@ -1,4 +1,2 @@
-export * from './admin/index.js';
-export type * from './admin/index.js';
 export * from './core/index.js';
 export type * from './core/index.js';

package/dist/index.js

@@ -1,2 +1 @@
-export * from './admin/index.js';
 export * from './core/index.js';

package/dist/paraglide/messages/_index.d.ts

@@ -1,3 +1,36 @@
-export * from "./hello_world.js";
-export * from "./login_hello.js";
-export * from "./login_please_login.js";
+export function hello_world(inputs: {
+    name: NonNullable<unknown>;
+}, options?: {
+    locale?: "en" | "pl";
+}): string;
+/**
+* This function has been compiled by [Paraglide JS](https://inlang.com/m/gerre34r).
+*
+* - Changing this function will be over-written by the next build.
+*
+* - If you want to change the translations, you can either edit the source files e.g. `en.json`, or
+* use another inlang app like [Fink](https://inlang.com/m/tdozzpar) or the [VSCode extension Sherlock](https://inlang.com/m/r7kp499g).
+*
+* @param {{}} inputs
+* @param {{ locale?: "en" | "pl" }} options
+* @returns {string}
+*/
+declare function login_hello(inputs?: {}, options?: {
+    locale?: "en" | "pl";
+}): string;
+/**
+* This function has been compiled by [Paraglide JS](https://inlang.com/m/gerre34r).
+*
+* - Changing this function will be over-written by the next build.
+*
+* - If you want to change the translations, you can either edit the source files e.g. `en.json`, or
+* use another inlang app like [Fink](https://inlang.com/m/tdozzpar) or the [VSCode extension Sherlock](https://inlang.com/m/r7kp499g).
+*
+* @param {{}} inputs
+* @param {{ locale?: "en" | "pl" }} options
+* @returns {string}
+*/
+declare function login_please_login(inputs?: {}, options?: {
+    locale?: "en" | "pl";
+}): string;
+export { login_hello as login.hello, login_please_login as login.please_login };

package/dist/paraglide/messages/_index.js

@@ -1,4 +1,72 @@
 /* eslint-disable */
-export * from './hello_world.js'
-export * from './login_hello.js'
-export * from './login_please_login.js'
+import { getLocale, trackMessageCall, experimentalMiddlewareLocaleSplitting, isServer } from "../runtime.js"
+import * as en from "./en.js"
+import * as pl from "./pl.js"
+/**
+* This function has been compiled by [Paraglide JS](https://inlang.com/m/gerre34r).
+*
+* - Changing this function will be over-written by the next build.
+*
+* - If you want to change the translations, you can either edit the source files e.g. `en.json`, or
+* use another inlang app like [Fink](https://inlang.com/m/tdozzpar) or the [VSCode extension Sherlock](https://inlang.com/m/r7kp499g).
+* 
+* @param {{ name: NonNullable<unknown> }} inputs
+* @param {{ locale?: "en" | "pl" }} options
+* @returns {string}
+*/
+/* @__NO_SIDE_EFFECTS__ */
+export const hello_world = (inputs, options = {}) => {
+	if (experimentalMiddlewareLocaleSplitting && isServer === false) {
+		return /** @type {any} */ (globalThis).__paraglide_ssr.hello_world(inputs) 
+	}
+	const locale = options.locale ?? getLocale()
+	trackMessageCall("hello_world", locale)
+	if (locale === "en") return en.hello_world(inputs)
+	return pl.hello_world(inputs)
+};
+/**
+* This function has been compiled by [Paraglide JS](https://inlang.com/m/gerre34r).
+*
+* - Changing this function will be over-written by the next build.
+*
+* - If you want to change the translations, you can either edit the source files e.g. `en.json`, or
+* use another inlang app like [Fink](https://inlang.com/m/tdozzpar) or the [VSCode extension Sherlock](https://inlang.com/m/r7kp499g).
+* 
+* @param {{}} inputs
+* @param {{ locale?: "en" | "pl" }} options
+* @returns {string}
+*/
+/* @__NO_SIDE_EFFECTS__ */
+const login_hello = (inputs = {}, options = {}) => {
+	if (experimentalMiddlewareLocaleSplitting && isServer === false) {
+		return /** @type {any} */ (globalThis).__paraglide_ssr.login_hello(inputs) 
+	}
+	const locale = options.locale ?? getLocale()
+	trackMessageCall("login_hello", locale)
+	if (locale === "en") return en.login_hello(inputs)
+	return pl.login_hello(inputs)
+};
+export { login_hello as "login.hello" }
+/**
+* This function has been compiled by [Paraglide JS](https://inlang.com/m/gerre34r).
+*
+* - Changing this function will be over-written by the next build.
+*
+* - If you want to change the translations, you can either edit the source files e.g. `en.json`, or
+* use another inlang app like [Fink](https://inlang.com/m/tdozzpar) or the [VSCode extension Sherlock](https://inlang.com/m/r7kp499g).
+* 
+* @param {{}} inputs
+* @param {{ locale?: "en" | "pl" }} options
+* @returns {string}
+*/
+/* @__NO_SIDE_EFFECTS__ */
+const login_please_login = (inputs = {}, options = {}) => {
+	if (experimentalMiddlewareLocaleSplitting && isServer === false) {
+		return /** @type {any} */ (globalThis).__paraglide_ssr.login_please_login(inputs) 
+	}
+	const locale = options.locale ?? getLocale()
+	trackMessageCall("login_please_login", locale)
+	if (locale === "en") return en.login_please_login(inputs)
+	return pl.login_please_login(inputs)
+};
+export { login_please_login as "login.please_login" }

package/dist/paraglide/messages/en.d.ts

@@ -0,0 +1,5 @@
+export const hello_world: (inputs: {
+    name: NonNullable<unknown>;
+}) => string;
+export const login_hello: (inputs: {}) => string;
+export const login_please_login: (inputs: {}) => string;

package/dist/paraglide/messages/en.js

@@ -0,0 +1,14 @@
+/* eslint-disable */
+
+
+export const hello_world = /** @type {(inputs: { name: NonNullable<unknown> }) => string} */ (i) => {
+	return `Hello, ${i.name} from en!`
+};
+
+export const login_hello = /** @type {(inputs: {}) => string} */ () => {
+	return `Welcome back`
+};
+
+export const login_please_login = /** @type {(inputs: {}) => string} */ () => {
+	return `Login to your account`
+};

package/dist/paraglide/messages/pl.d.ts

@@ -0,0 +1,5 @@
+export const hello_world: (inputs: {
+    name: NonNullable<unknown>;
+}) => string;
+export const login_hello: (inputs: {}) => string;
+export const login_please_login: (inputs: {}) => string;

package/dist/paraglide/messages/pl.js

@@ -0,0 +1,14 @@
+/* eslint-disable */
+
+
+export const hello_world = /** @type {(inputs: { name: NonNullable<unknown> }) => string} */ (i) => {
+	return `Hello, ${i.name} from pl!`
+};
+
+export const login_hello = /** @type {(inputs: {}) => string} */ () => {
+	return `Witaj ponownie`
+};
+
+export const login_please_login = /** @type {(inputs: {}) => string} */ () => {
+	return `Zaloguj się na swoje konto`
+};

package/dist/server/auth.d.ts

@@ -1 +1,5 @@
+/**
+ * Returns the underlying `better-auth` instance from the initialized CMS.
+ * @public
+ */
 export declare function getAuth(): import("better-auth", { with: { "resolution-mode": "require" } }).Auth<import("better-auth", { with: { "resolution-mode": "require" } }).BetterAuthOptions>;

package/dist/server/auth.js

@@ -1,4 +1,8 @@
 import { getCMS } from '../core/cms.js';
+/**
+ * Returns the underlying `better-auth` instance from the initialized CMS.
+ * @public
+ */
 export function getAuth() {
     return getCMS().auth;
 }

package/dist/server/security/csp.d.ts

@@ -0,0 +1,16 @@
+export interface CspOptions {
+    scriptSrc?: string[];
+    styleSrc?: string[];
+    imgSrc?: string[];
+    mediaSrc?: string[];
+    fontSrc?: string[];
+    connectSrc?: string[];
+    frameAncestors?: string[];
+}
+/**
+ * Build a Content-Security-Policy header value with v1.0 defaults.
+ * `'unsafe-inline'` is allowed on `script-src`/`style-src` because TipTap and
+ * paraglide emit inline code; documented in `KNOWN-RISKS.md`.
+ * @internal
+ */
+export declare function buildCspHeader(opts?: CspOptions): string;

package/dist/server/security/csp.js

@@ -0,0 +1,33 @@
+const DEFAULTS = {
+    scriptSrc: ["'self'", "'unsafe-inline'"],
+    styleSrc: ["'self'", "'unsafe-inline'"],
+    imgSrc: ["'self'", 'data:', 'blob:'],
+    mediaSrc: ["'self'", 'blob:'],
+    fontSrc: ["'self'", 'data:'],
+    connectSrc: ["'self'"],
+    frameAncestors: ["'self'"]
+};
+/**
+ * Build a Content-Security-Policy header value with v1.0 defaults.
+ * `'unsafe-inline'` is allowed on `script-src`/`style-src` because TipTap and
+ * paraglide emit inline code; documented in `KNOWN-RISKS.md`.
+ * @internal
+ */
+export function buildCspHeader(opts = {}) {
+    const merge = (key, extra) => {
+        const base = DEFAULTS[key];
+        return extra && extra.length ? Array.from(new Set([...base, ...extra])) : [...base];
+    };
+    return [
+        `default-src 'self'`,
+        `script-src ${merge('scriptSrc', opts.scriptSrc).join(' ')}`,
+        `style-src ${merge('styleSrc', opts.styleSrc).join(' ')}`,
+        `img-src ${merge('imgSrc', opts.imgSrc).join(' ')}`,
+        `media-src ${merge('mediaSrc', opts.mediaSrc).join(' ')}`,
+        `font-src ${merge('fontSrc', opts.fontSrc).join(' ')}`,
+        `connect-src ${merge('connectSrc', opts.connectSrc).join(' ')}`,
+        `object-src 'none'`,
+        `base-uri 'self'`,
+        `frame-ancestors ${merge('frameAncestors', opts.frameAncestors).join(' ')}`
+    ].join('; ');
+}

package/dist/server/security/csrf.d.ts

@@ -0,0 +1,13 @@
+import type { Handle, RequestEvent } from '@sveltejs/kit';
+/**
+ * Returns true when a request is CSRF-safe: a non-mutating method, or a mutating
+ * method whose Origin/Referer matches the request URL origin (or the env allowlist).
+ * @internal
+ */
+export declare function isCsrfSafe(event: RequestEvent): boolean;
+/**
+ * SvelteKit handle that rejects mutating requests under `/admin/api/*` lacking a
+ * matching Origin/Referer header. Other paths and safe methods pass through.
+ * @internal
+ */
+export declare const csrfGuard: Handle;