includio-cms 0.27.0 → 0.33.0

package/API.md

@@ -1,8 +1,8 @@
-# includio-cms — Public API v0.27.0
+# includio-cms — Public API v0.33.0
 
 > Auto-generated by `scripts/generate-api-md.ts`. Do not edit by hand.
 
-Entry points: **18** · Stable: **448** · Experimental: **4**
+Entry points: **19** · Stable: **489** · Experimental: **4**
 
 Tags:
 - `@public` — frozen for v1.0; semver-protected.
@@ -13,23 +13,29 @@ Tags:
 
 ### `includio-cms`
 
-- `createEntityAPI(cms: CMS, opts?: EntityAPIOptions): <inferred>` — Creates a high-level Entity API (CRUD + publish/archive) bound to a CMS
-- `getAuth(): <inferred>` — Returns the underlying `better-auth` instance from the initialized CMS.
-- `getCMS(): CMS` — Returns the singleton CMS instance. Must be called after `includioCMS()`
-- `interface ResolvedMedia` — Resolved media file plus its image styles + blur placeholder. Returned by
+- `interface EmailAdapter` — Contract for email adapters. Used by `better-auth` reset-password flow and form submission
+- `getMailer(): EmailAdapter | null` — Returns the configured email adapter from the active CMS singleton, or
 - `type ResolvedSeo = { [K in keyof SeoFieldData]: K extends 'ogImage' ? string | MediaFile | undefined : string | unde...` — Normalized SEO data — localized values flattened by `language`. A stable
-- `resolveMediaWithStyles(mediaIds: string[], styles?: ImageFieldStyle[]): Promise<Record<string, ResolvedMedia>>` — Resolve media files by IDs and generate image styles. Useful for plugins or
 - `resolveSeo(entry: { seo?: Record<string, unknown> } | Record<string,..., language?: string): ResolvedSeo` — Resolve `entry.seo` into flat fields, flattening localized objects by
+- `sendMail(options: SendMailOptions): Promise<void>` — Send an email through the configured CMS email adapter. Thin convenience
+- `interface SendMailOptions`
 
 ### `includio-cms/core`
 
+- `interface EmailAdapter` — Contract for email adapters. Used by `better-auth` reset-password flow and form submission
+- `getMailer(): EmailAdapter | null` — Returns the configured email adapter from the active CMS singleton, or
+- `type ResolvedSeo = { [K in keyof SeoFieldData]: K extends 'ogImage' ? string | MediaFile | undefined : string | unde...` — Normalized SEO data — localized values flattened by `language`. A stable
+- `resolveSeo(entry: { seo?: Record<string, unknown> } | Record<string,..., language?: string): ResolvedSeo` — Resolve `entry.seo` into flat fields, flattening localized objects by
+- `sendMail(options: SendMailOptions): Promise<void>` — Send an email through the configured CMS email adapter. Thin convenience
+- `interface SendMailOptions`
+
+### `includio-cms/core/server`
+
 - `createEntityAPI(cms: CMS, opts?: EntityAPIOptions): <inferred>` — Creates a high-level Entity API (CRUD + publish/archive) bound to a CMS
 - `getAuth(): <inferred>` — Returns the underlying `better-auth` instance from the initialized CMS.
 - `getCMS(): CMS` — Returns the singleton CMS instance. Must be called after `includioCMS()`
 - `interface ResolvedMedia` — Resolved media file plus its image styles + blur placeholder. Returned by
-- `type ResolvedSeo = { [K in keyof SeoFieldData]: K extends 'ogImage' ? string | MediaFile | undefined : string | unde...` — Normalized SEO data — localized values flattened by `language`. A stable
 - `resolveMediaWithStyles(mediaIds: string[], styles?: ImageFieldStyle[]): Promise<Record<string, ResolvedMedia>>` — Resolve media files by IDs and generate image styles. Useful for plugins or
-- `resolveSeo(entry: { seo?: Record<string, unknown> } | Record<string,..., language?: string): ResolvedSeo` — Resolve `entry.seo` into flat fields, flattening localized objects by
 
 ### `includio-cms/types`
 
@@ -37,6 +43,8 @@ Tags:
 - `interface ApiKeyConfig`
 - `interface ArrayField`
 - `interface AuthConfig`
+- `interface AuthRateLimitConfig`
+- `interface AuthRateLimitRule`
 - `interface BaseField`
 - `interface BlocksField`
 - `interface BooleanField`
@@ -134,19 +142,28 @@ Tags:
 
 - `const AcceptInvitePage: LegacyComponentType`
 - `const AdminAfterLoginLayout: LegacyComponentType`
+- `interface AdminConfig` — Optional admin UI configuration — extension points for the panel sidebar
 - `const AdminLayout: LegacyComponentType`
+- `interface AdminNavItem` — One additional sidebar entry rendered below built-in nav sections
 - `const Badge: LegacyComponentType`
+- `interface Breadcrumb`
+- `class Breadcrumbs`
+- `buildCsv(opts: { headers: string[]; rows: (string | number | null ...): string` — Build a CSV string from `headers` and `rows`. Values are escaped per
 - `buildCustomFieldsMap(...plugins: PluginConfig[]): Map<string, CustomFieldDefinition>` — Build a Map<fieldType, CustomFieldDefinition> from plugin configs.
 - `buildIconSetMap(...plugins: IconSetPlugin[]): Map<string, IconSetPlugin>` — Build a Map<slug, IconSetPlugin> from icon-set plugin instances.
 - `const Button: LegacyComponentType`
 - `Card`
 - `const CollectionPage: LegacyComponentType`
+- `type ColumnDef = DisplayColumnDef<TData, TValue> | GroupColumnDef<TData, TValue> | AccessorColumnDef<TData, TValue>`
 - `const DashboardPage: LegacyComponentType`
+- `const DataTable: LegacyComponentType`
 - `Dialog`
+- `downloadCsv(opts: { filename: string; csv: string }): void` — Trigger a client-side CSV download. Wraps the given `csv` string in a
 - `const EntryPage: LegacyComponentType`
 - `const FileMiniature: LegacyComponentType`
 - `const FormPage: LegacyComponentType`
 - `const FormSubmissionPage: LegacyComponentType`
+- `getBreadcrumbs`
 - `getContentLanguage`
 - `getCustomFields(): Map<string, CustomFieldDefinition>`
 - `getIconSets(): Map<string, IconSetPlugin>`
@@ -158,9 +175,12 @@ Tags:
 - `const MaintenancePage: LegacyComponentType`
 - `const MediaPage: LegacyComponentType`
 - `const MediaSelector: LegacyComponentType`
+- `const PageHeader: LegacyComponentType`
+- `interface PaginationState`
 - `const ResetPasswordPage: LegacyComponentType`
 - `resolveIconSet(slug?: string): IconSetPlugin | null` — Resolve a single icon set: explicit `slug` (from {@link IconField.set}) takes
 - `const Separator: LegacyComponentType`
+- `setBreadcrumbs`
 - `const ShippingMethodEditPage: LegacyComponentType`
 - `const ShippingMethodNewPage: LegacyComponentType`
 - `const ShippingMethodsListPage: LegacyComponentType`
@@ -171,6 +191,10 @@ Tags:
 - `const ShopOrdersListPage: LegacyComponentType`
 - `const ShopProductsListPage: LegacyComponentType`
 - `const Skeleton: LegacyComponentType`
+- `type SortingState = ColumnSort[]`
+- `const StateDisplay: LegacyComponentType`
+- `const TablePagination: LegacyComponentType`
+- `const TableToolbar: LegacyComponentType`
 - `Tabs`
 - `Tooltip`
 - `useField(form: SuperForm<Record<string, unknown>>, path: FormPathLeaves<Record<string, unknown>>): <inferred>` — Simplified wrapper around sveltekit-superforms' formFieldProxy.
@@ -195,6 +219,7 @@ Tags:
 - `const deleteFormSubmissions: <inferred>`
 - `const deleteMediaFile: <inferred>`
 - `const deleteMediaTag: <inferred>`
+- `const deleteOrderCmd: <inferred>`
 - `const deleteShippingMethodCmd: <inferred>`
 - `const deleteShopDataForEntry: <inferred>`
 - `const exportFormSubmissions: <inferred>`
@@ -202,6 +227,7 @@ Tags:
 - `const findMediaReferences: <inferred>`
 - `const generateAltText: <inferred>`
 - `const generateBalanceLinkForOrder: <inferred>`
+- `const getAdminExtraNavItems: <inferred>`
 - `const getAltOverview: <inferred>`
 - `const getCollection: <inferred>`
 - `const getCollections: <inferred>`
@@ -223,6 +249,7 @@ Tags:
 - `const getMediaTags: <inferred>`
 - `const getMediaTagsWithCounts: <inferred>`
 - `const getOrderForAdmin: <inferred>`
+- `const getOrderInvoiceAdmin: <inferred>`
 - `const getOrderRefundsAdmin: <inferred>`
 - `const getRawEntries: <inferred>`
 - `const getRawEntry: <inferred>`
@@ -236,6 +263,7 @@ Tags:
 - `const getSingles: <inferred>`
 - `const getSubmissionsOverview: <inferred>`
 - `const isAIAvailable: <inferred>`
+- `const issueInvoiceCmd: <inferred>`
 - `const listCouponsAdmin: <inferred>`
 - `const listOrdersAdmin: <inferred>`
 - `const listShippingMethodsAdmin: <inferred>`
@@ -248,6 +276,7 @@ Tags:
 - `const reorderEntriesCommand: <inferred>`
 - `const reorderShippingMethodsCmd: <inferred>`
 - `const resendOrderEmailCmd: <inferred>`
+- `const restoreOrderCmd: <inferred>`
 - `const searchEntries: <inferred>`
 - `const searchLinkableEntries: <inferred>`
 - `const setFocalPoint: <inferred>`
@@ -273,10 +302,6 @@ Tags:
 - `defineObject(config: Omit<ObjectField, 'type'>): ObjectField` — Defines a reusable object field (nested record). Use inline inside `fields[]`
 - `defineSingle(config: SingleInput): SingleConfig` — Defines a singleton (single-entry content type, e.g. site settings, homepage).
 - `enableHybridEditing(): <inferred>` — Call in a layout/component script to enable data-hybrid-path rendering for all descendant HybridTarget/Image/Video.
-- `extractBlocks(doc: StructuredContentDoc, type?: string): SCNode[]` — Extract block-level nodes, optionally filtered by type.
-- `extractInlineBlocks(doc: StructuredContentDoc, blockType?: string): SCInlineBlockAttrs[]` — Extract inline block nodes, optionally filtered by blockType.
-- `extractMediaRefs(doc: StructuredContentDoc): MediaRef[]` — Extract media references from figure/video/image nodes.
-- `extractText(doc: StructuredContentDoc): string` — Extract all plain text from doc (useful for excerpts, search indexing).
 - `getCustomFields(): Map<string, CustomFieldDefinition>`
 - `getLink(link: string | { url: string | Record<string, string> } |..., language?: string): string` — Resolves a link value to a URL string.
 - `getRemotes(): typeof remotes`
@@ -302,6 +327,10 @@ Tags:
 - `const createConsentLog: <inferred>`
 - `const createFormSubmission: <inferred>`
 - `createRestApiHandler(): <inferred>` — REST API handler factory. Returns `{ GET, POST, PUT, DELETE }`
+- `extractBlocks(doc: StructuredContentDoc, type?: string): SCNode[]` — Extract block-level nodes, optionally filtered by type.
+- `extractInlineBlocks(doc: StructuredContentDoc, blockType?: string): SCInlineBlockAttrs[]` — Extract inline block nodes, optionally filtered by blockType.
+- `extractMediaRefs(doc: StructuredContentDoc): MediaRef[]` — Extract media references from figure/video/image nodes.
+- `extractText(doc: StructuredContentDoc): string` — Extract all plain text from doc (useful for excerpts, search indexing).
 - `generateApiKey(): string` — Generate a cryptographically random API key (32 bytes, base64url-encoded).
 - `getPreviewEntry(event: RequestEvent, options: { language: string }): Promise<Entry | null>` — Resolves the preview entry from a `?preview=<versionId>` query param.
 - `includioCMS(cmsConfig: CMSConfig): Handle[]` — SvelteKit `Handle[]` array that initializes the CMS, generates runtime
@@ -337,6 +366,8 @@ Tags:
 - `const shopCouponRedemptionsTable: <inferred>`
 - `const shopCouponsTable: <inferred>`
 - `type ShopCouponType = 'percent' | 'fixed'`
+- `const shopInvoicesTable: <inferred>`
+- `type ShopInvoiceStatus = 'pending' | 'issued' | 'sent' | 'failed'`
 - `const shopOrderItemsTable: <inferred>`
 - `const shopOrdersTable: <inferred>`
 - `const shopOrderStatusHistoryTable: <inferred>`
@@ -377,6 +408,8 @@ Tags:
 - `const shopCouponRedemptionsTable: <inferred>`
 - `const shopCouponsTable: <inferred>`
 - `type ShopCouponType = 'percent' | 'fixed'`
+- `const shopInvoicesTable: <inferred>`
+- `type ShopInvoiceStatus = 'pending' | 'issued' | 'sent' | 'failed'`
 - `const shopOrderItemsTable: <inferred>`
 - `const shopOrdersTable: <inferred>`
 - `const shopOrderStatusHistoryTable: <inferred>`
@@ -411,7 +444,9 @@ Tags:
 - `interface CouponRef`
 - `type Currency = 'PLN'`
 - `defineShop(config: ShopConfig): ResolvedShopConfig`
-- `type DepositAmount = | { type: 'percent'; value: number } | { type: 'amount'; value: number }` — Deposit amount specifier. `percent` charges `floor(base * value / 100)` of
+- `type DepositAmount = { type: 'percent'; value: number } | { type: 'amount'; value: number }` — Deposit amount specifier. `percent` charges `floor(base * value / 100)` of
+- `fakturowniaAdapter(opts: FakturowniaAdapterOptions): InvoicingAdapter` — Invoicing adapter backed by Fakturownia (fakturownia.pl). Issues a paid VAT
+- `interface FakturowniaAdapterOptions`
 - `filterUpcoming(variants: T[], config: VariantExpiryConfig | null, now?: Date): T[]` — Return the subset of `variants` that have not yet expired. Order is
 - `type GeowidgetConfigPreset = 'parcelcollect' | 'parcelsend' | 'parcelcollect247' | string`
 - `type I18nText = { [lang: string]: string; }`
@@ -421,8 +456,17 @@ Tags:
 - `interface InpostSenderAddress`
 - `interpolateTemplate(template: string, vars: Record<string, unknown>, locale: string): string` — String interpolation engine used by `defineShop({ variantLabel.template })`
 - `class InvalidVariantAttributesError`
+- `interface InvoiceBuyer`
+- `interface InvoiceContext`
+- `interface InvoiceCreateResult`
+- `type InvoiceIssuePolicy = 'b2bAndOnRequest' | 'always'` — When an invoice should be issued automatically after an order is fully paid.
+- `interface InvoiceLineItem`
+- `interface InvoicePayload`
+- `interface InvoicingAdapter` — Adapter that issues invoices with an external provider (e.g. Fakturownia).
+- `isValidNip(nip: string): boolean` — Validate a Polish NIP (tax id) — 10 digits with a weighted checksum.
 - `isVariantExpired(variant: VariantLike, config: VariantExpiryConfig | null, now: Date = new Date(Date.now())): boolean` — Check whether a variant has expired under the given config. Fail-open by
 - `manualAdapter(opts: ManualPaymentAdapterOptions = {}): PaymentAdapter` — Manual payment adapter — order goes to awaitingPayment, admin marks as paid later
+- `type Order = typeof shopOrdersTable.$inferSelect` — Public row type for a single shop order — mirrors the Drizzle `shop_orders`
 - `interface OrderRef`
 - `type OrderStatus = | 'new' | 'awaitingPayment' | 'paid' | 'preparing' | 'sent' | 'done' | 'cancelled' | 'paymentReje...`
 - `interface PartialPayment` — Persisted partial-payment summary on `order.partialPayment` when the order

package/CHANGELOG.md

@@ -3,6 +3,65 @@
 All notable changes to includio-cms are documented here.
 Generated from `src/lib/updates/` — do not edit manually.
 
+## 0.34.0 — 2026-06-03
+
+Soft-delete zamówień (admin-only) — administrator może ukryć zamówienie z listy bez utraty danych. Odwracalne (kosz + przywracanie), bezpieczne księgowo: nie kasuje wiersza, faktur ani historii. Dozwolone tylko dla „bezpiecznych" statusów bez płatności (`new`, `awaitingPayment`, `cancelled`, `paymentRejected`) i zablokowane dla zamówień z wystawioną fakturą. Cała funkcja widoczna wyłącznie dla roli `admin`. Additive only — bez breaking changes.
+
+### Added
+- `shop_orders` dostaje kolumny `deleted_at` (timestamptz, NULL = widoczne) i `deleted_by` (text). Lista zamówień domyślnie ukrywa miękko usunięte; `listOrders`/`countOrders` (`$lib/shop/server/orders.ts`) przyjmują `deleted: "exclude" | "only" | "include"` (domyślnie `exclude`).
+- `softDeleteOrder(orderId, deletedBy)` / `restoreOrder(orderId)` (`$lib/shop/server/orders.ts`, `@public`) — miękkie usuwanie/przywracanie (idempotentne). Soft-delete zwalnia natychmiast aktywną rezerwację stocku (nie czeka na TTL). Guard: `decideOrderDeletion(status, invoice)` + `DELETABLE_ORDER_STATUSES` / `isOrderDeletable(status)` (czyste, testowalne) — rzuca `OrderNotDeletableError` dla niedozwolonego statusu lub faktury `issued`/`sent`.
+- Auto-restore: zmiana statusu miękko usuniętego zamówienia na nieusuwalny (np. spóźniony webhook płatności na ukrytym `awaitingPayment` → `paid`) automatycznie zdejmuje je z kosza — opłacone zamówienia nigdy nie zostają ukryte.
+- Customer-facing `getOrderByNumber` nie zwraca miękko usuniętego zamówienia (nie resolvuje się na storefroncie); admin `getOrderById` celowo ignoruje `deletedAt` (podgląd/przywracanie z kosza).
+- `deleteOrderCmd` / `restoreOrderCmd` (commands) + `listOrdersAdmin({ deleted })` (`includio-cms/admin/remote`) — chronione `requireRole("admin")` (kosz i usuwanie tylko dla admina; normalna lista nadal `requireAuth`).
+- Admin UI: `shop-order-detail-page` zyskuje sekcję „Usuń zamówienie" (tylko admin + status usuwalny) z dialogiem potwierdzenia; `shop-orders-list-page` — przełącznik „Kosz" (tylko admin) z akcją „Przywróć" w wierszu.
+
+### Migration
+
+```sql
+ALTER TABLE shop_orders ADD COLUMN IF NOT EXISTS deleted_at timestamptz;
+ALTER TABLE shop_orders ADD COLUMN IF NOT EXISTS deleted_by text;
+```
+
+## 0.28.0 — 2026-06-01
+
+Fakturowanie — integracja sklepu z Fakturownią: automatyczne wystawianie i wysyłka faktury po opłaceniu zamówienia. Nowy generyczny `InvoicingAdapter` (spójny z payment/carrier) + `fakturowniaAdapter()` jako pierwsza implementacja. Faktura wystawiana fire-and-forget gdy zamówienie jest w pełni opłacone (`!balanceOwed` — zaliczki czekają na dopłatę balansu), wysyłana przez Fakturownię (`send_by_email`). Trigger konfigurowalny per-adapter (`issueWhen`: `b2bAndOnRequest` domyślnie / `always`). Checkout zbiera dane B2B (NIP z twardą walidacją sumy kontrolnej, nazwa firmy, adres do faktury, opt-in „chcę fakturę"). Idempotencja przez `shop_invoices` (unikat per zamówienie); ręczny retry w adminie. Additive only — żadnych breaking zmian.
+
+### Added
+- `defineShop({ invoicing })` (`includio-cms/shop`) — nowy opcjonalny slot adaptera fakturowania, analogiczny do `payment` / `carriers`. `InvoicingAdapter { id, issueWhen?, createInvoice(payload, ctx), send?(externalId, ctx) }` + typy payloadu (`InvoicePayload`, `InvoiceBuyer`, `InvoiceLineItem`, `InvoiceCreateResult`, `InvoiceContext`, `InvoiceIssuePolicy`) wyeksportowane jako `@public` z `includio-cms/shop`.
+- `fakturowniaAdapter({ domain, apiToken, kind?, issueWhen?, sendEmail? })` (`includio-cms/shop`, `@public`) — adapter dla Fakturowni (fakturownia.pl). `createInvoice` mapuje zamówienie na fakturę VAT oznaczoną jako opłacona (`paid_date` = data potwierdzenia płatności), `send` woła `send_by_email` (domyślnie włączone). Numeracja i dane sprzedawcy zarządzane po stronie konta Fakturowni. Sekret `apiToken` przekazywany przez konsumenta z `$env/dynamic/private` (jak `STRIPE_SECRET_KEY`).
+- Auto-faktura po opłaceniu — `maybeIssueInvoiceForOrder(orderId)` (`$lib/shop/server/invoices.ts`) wołane fire-and-forget z `updateOrderStatus` (przy `paid`) oraz z `markBalancePaid` (po dopłacie balansu). Fail-open: błąd providera nie blokuje webhooka płatności. Guard wystawia fakturę tylko gdy zamówienie w pełni opłacone (`status ∈ {paid, preparing, sent, done}` && `!balanceOwed`) — deposit czeka na dopłatę.
+- Konfigurowalny trigger `issueWhen`: `b2bAndOnRequest` (domyślny — faktura gdy podano NIP lub zaznaczono „chcę fakturę") albo `always` (każde opłacone zamówienie, np. dla klienta wymagającego faktur również dla osób fizycznych).
+- `shop_invoices` (nowa tabela) — jedna faktura per zamówienie (`order_id` UNIQUE → idempotencja). Pola `status` (`pending`/`issued`/`sent`/`failed`), `external_id`, `number`, `pdf_url`, `attempts`, `next_retry_at`, `last_error`, `raw`. Kolumny `attempts`/`next_retry_at` zarezerwowane pod przyszły automatyczny retry (obecnie tylko ręczny).
+- Checkout B2B — `shop_orders` dostaje kolumny `customer_nip`, `customer_company_name`, `billing_address` (jsonb), `invoice_requested` (boolean). `createOrderFromCart` / `checkout-handler` przyjmują i zapisują te pola; `CheckoutInput` (`includio-cms/shop/client`) rozszerzony. Storefront form (pola NIP/firma/checkbox/adres) = warstwa konsumenta.
+- `isValidNip(nip)` (`includio-cms/shop`, `@public`) — twarda walidacja polskiego NIP (10 cyfr + suma kontrolna, wagi `[6,5,7,2,3,4,5,6,7]`). Checkout odrzuca nieprawidłowy NIP (400) zanim trafi do bazy — Fakturownia odrzuciłaby błędny NIP, a faktura idzie dalej do KSeF, więc walidujemy u źródła.
+- `getOrderInvoiceAdmin` (query) + `issueInvoiceCmd` (command) — admin remote functions (`includio-cms/admin/remote`). `shop-order-detail-page.svelte` zyskuje sekcję „Faktura": numer, link do PDF, status, przycisk „Wystaw fakturę" / „Wystaw ponownie" (ręczny retry, `force`). Auth-protected (`requireAuth`).
+
+### Migration
+
+```sql
+CREATE TABLE IF NOT EXISTS shop_invoices (
+  id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+  order_id uuid NOT NULL UNIQUE REFERENCES shop_orders(id) ON DELETE CASCADE,
+  provider text NOT NULL,
+  external_id text,
+  number text,
+  pdf_url text,
+  kind text NOT NULL DEFAULT 'vat',
+  status text NOT NULL DEFAULT 'pending',
+  attempts integer NOT NULL DEFAULT 0,
+  next_retry_at timestamptz,
+  last_error text,
+  raw jsonb,
+  created_at timestamptz NOT NULL DEFAULT now(),
+  updated_at timestamptz NOT NULL DEFAULT now()
+);
+
+ALTER TABLE shop_orders ADD COLUMN IF NOT EXISTS customer_nip text;
+ALTER TABLE shop_orders ADD COLUMN IF NOT EXISTS customer_company_name text;
+ALTER TABLE shop_orders ADD COLUMN IF NOT EXISTS billing_address jsonb;
+ALTER TABLE shop_orders ADD COLUMN IF NOT EXISTS invoice_requested boolean NOT NULL DEFAULT false;
+```
+
 ## 0.27.0 — 2026-05-29
 
 Shop platformowy — Fazy 1 + 2 + 3 + 4 + 5: schema-driven `variantAttributes` (typed `defineShop` schema, Zod walidacja, GIN index helper, ts-gen typed `variant.attributes`) + admin renderer per attribute type + `variantLabel.template` interpolacja z admin auto-prefill nazwy wariantu + `variantExpiry` opt-in (storefront filter, cart/checkout guard, admin "Zakończony" badge) + `paymentPolicy` A-lite (deposit + balance + signed token + refund per kind + admin balance link + per-kind refund dialog). Faza 6 envet pilot (consumer-side end-to-end QA: szkolenia variants + deposit flow + balance link — nie wymaga zmian w core). Post-Faza-5 hot-fixy uwzględnione w tym wydaniu (single release, nie patch): datetime walidator z offsetem, auto-detect deposit kind przy admin manual mark-paid, admin paymentPolicy UI + preserve-on-undefined w upsert. Additive only — żadnych breaking zmian. Plan: `/Users/patryk/.claude/plans/implementacja-ariacms-0-27-partitioned-kahn.md`.

package/DOCS.md

@@ -1,4 +1,4 @@
-# Includio CMS Documentation (v0.27.0)
+# Includio CMS Documentation (v0.33.0)
 
 > This file is auto-generated from the docs site. For the latest version, update the package.
 

package/ROADMAP.md

@@ -30,6 +30,7 @@
   - [x] Faza 6 — envet integration (pilot consumer) — szkolenia variants + deposit flow + balance link end-to-end QA. <!-- files: envet repo src/lib/cms/cms.config.ts, src/routes/api/shop/, src/routes/(website)/{szkolenia,koszyk}/, src/lib/components/{CartIcon,AddToCartModal,CoursePage}.svelte, cli/seed.ts -->
   - [x] Faza 7 — Release artifacts (changelog, ROADMAP cleanup, API.md, build) — 3 post-Faza-5 hotfixy w 0.27.0 (single release). <!-- files: src/lib/updates/0.27.0/index.ts, ROADMAP.md, CHANGELOG.md, API.md, MIGRATION-... -->
 - [x] `[feature]` `[P1]` Slug first-class + SEO v1.0 freeze (0.26.0) — `resolveSeo` public (`includio-cms/core`), `seoFieldDescriptor` SSOT (Zod+TS drift-guard), admin URL un-hardcode (`slugPath.ts` pure resolver, no `seo`-field requirement), `SlugField`/`SeoField`/`SeoFieldData` `@public` v1.0-frozen <!-- files: src/lib/core/fields/slugPath.ts, src/lib/core/fields/seoFieldDescriptor.ts, src/lib/core/fields/resolveSeo.ts, src/lib/types/fields.ts, src/lib/admin/client/collection/collection-entries.svelte, src/lib/updates/0.26.0/ -->
+- [x] `[feature]` `[P2]` Soft-delete zamówień admin-only (0.34.0) — ukrycie zamówienia z listy bez utraty danych (`deleted_at`/`deleted_by`), kosz + przywracanie, guard `decideOrderDeletion` (safe-statuses + faktura), auto-restore przy płatności, zwolnienie rezerwacji stocku, `requireRole('admin')` <!-- files: src/lib/shop/server/orders.ts, src/lib/db-postgres/schema/shop/order.ts, src/lib/admin/remote/shop.remote.ts, src/lib/admin/client/shop/{shop-order-detail-page,shop-orders-list-page,restore-order-cell}.svelte, src/lib/updates/0.34.0/ -->
 
 ## v1.x — Post-v1.0 deferred
 

package/dist/admin/api/handler.js

@@ -11,6 +11,8 @@ import * as transcodeVideosHandlers from './transcode-videos.js';
 import * as uploadLimitHandlers from './upload-limit.js';
 import * as systemInfoHandlers from './system-info.js';
 import * as maintenanceStatusHandlers from './maintenance-status.js';
+import * as integrationsHandlers from './integrations.js';
+import * as testEmailHandlers from './test-email.js';
 import { requireAuth } from '../remote/middleware/auth.js';
 import { getCMS } from '../../core/cms.js';
 import { lookup } from 'mrmime';
@@ -28,6 +30,8 @@ export function createAdminApiHandler(options) {
         'upload-limit': uploadLimitHandlers,
         'system-info': systemInfoHandlers,
         'maintenance-status': maintenanceStatusHandlers,
+        integrations: integrationsHandlers,
+        'test-email': testEmailHandlers,
         ...options?.extraRoutes
     };
     const privateMediaGet = async (event) => {

package/dist/admin/api/integrations.d.ts

@@ -0,0 +1,13 @@
+import { type RequestHandler } from '@sveltejs/kit';
+/**
+ * Integration diagnostics for the admin maintenance panel.
+ *
+ * `GET`  — report which integrations are configured and whether each supports a
+ *          connectivity ping. Returns NO secrets (only ids, labels, booleans
+ *          and the admin notification e-mail used as a UI placeholder).
+ * `POST` — run a single adapter's non-invasive `healthCheck()` and return the
+ *          `{ ok, message }` result. Errors are mapped to `message` text — the
+ *          underlying secret/token is never serialised to the client.
+ */
+export declare const GET: RequestHandler;
+export declare const POST: RequestHandler;

package/dist/admin/api/integrations.js

@@ -0,0 +1,61 @@
+import { json } from '@sveltejs/kit';
+import { requireRole } from '../remote/middleware/auth.js';
+import { getCMS } from '../../core/cms.js';
+/**
+ * Integration diagnostics for the admin maintenance panel.
+ *
+ * `GET`  — report which integrations are configured and whether each supports a
+ *          connectivity ping. Returns NO secrets (only ids, labels, booleans
+ *          and the admin notification e-mail used as a UI placeholder).
+ * `POST` — run a single adapter's non-invasive `healthCheck()` and return the
+ *          `{ ok, message }` result. Errors are mapped to `message` text — the
+ *          underlying secret/token is never serialised to the client.
+ */
+export const GET = async () => {
+    requireRole('admin');
+    const cms = getCMS();
+    const shop = cms.shopConfig;
+    return json({
+        email: {
+            configured: !!cms.emailAdapter,
+            adminEmail: shop?.adminEmail ?? null
+        },
+        payment: (shop?.payment ?? []).map((p) => ({
+            id: p.id,
+            label: p.label,
+            canPing: typeof p.healthCheck === 'function'
+        })),
+        invoicing: shop?.invoicing
+            ? {
+                id: shop.invoicing.id,
+                canPing: typeof shop.invoicing.healthCheck === 'function'
+            }
+            : null
+    });
+};
+export const POST = async ({ request }) => {
+    requireRole('admin');
+    const body = (await request.json().catch(() => null));
+    if (!body || (body.kind !== 'payment' && body.kind !== 'invoicing')) {
+        return json({ error: 'Invalid body: expected { kind: "payment" | "invoicing", id? }' }, {
+            status: 400
+        });
+    }
+    const shop = getCMS().shopConfig;
+    const adapter = body.kind === 'payment'
+        ? (shop?.payment ?? []).find((p) => p.id === body.id) ?? shop?.payment?.[0]
+        : shop?.invoicing ?? null;
+    if (!adapter) {
+        return json({ error: 'Integration not configured' }, { status: 404 });
+    }
+    if (typeof adapter.healthCheck !== 'function') {
+        return json({ ok: false, message: 'Health-check not supported by this adapter' });
+    }
+    try {
+        const result = await adapter.healthCheck();
+        return json(result);
+    }
+    catch (e) {
+        return json({ ok: false, message: e instanceof Error ? e.message : String(e) });
+    }
+};

package/dist/admin/api/test-email.d.ts

@@ -0,0 +1,9 @@
+import { type RequestHandler } from '@sveltejs/kit';
+/**
+ * Send a real test e-mail through the configured email adapter, to verify
+ * end-to-end SMTP delivery from the admin maintenance panel.
+ *
+ * Body: `{ to?: string }`. When `to` is empty, falls back to the shop's
+ * `adminEmail`. Returns `{ ok }` or `{ ok: false, message }`.
+ */
+export declare const POST: RequestHandler;

package/dist/admin/api/test-email.js

@@ -0,0 +1,39 @@
+import { json } from '@sveltejs/kit';
+import { requireRole } from '../remote/middleware/auth.js';
+import { getCMS } from '../../core/cms.js';
+const EMAIL_RE = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+/**
+ * Send a real test e-mail through the configured email adapter, to verify
+ * end-to-end SMTP delivery from the admin maintenance panel.
+ *
+ * Body: `{ to?: string }`. When `to` is empty, falls back to the shop's
+ * `adminEmail`. Returns `{ ok }` or `{ ok: false, message }`.
+ */
+export const POST = async ({ request }) => {
+    requireRole('admin');
+    const cms = getCMS();
+    const mailer = cms.emailAdapter;
+    if (!mailer) {
+        return json({ ok: false, message: 'Brak skonfigurowanego adaptera e-mail' }, { status: 400 });
+    }
+    const body = (await request.json().catch(() => null));
+    const to = (body?.to?.trim() || cms.shopConfig?.adminEmail || '').trim();
+    if (!to) {
+        return json({ ok: false, message: 'Brak odbiorcy — podaj adres lub ustaw ADMIN_EMAIL' }, { status: 400 });
+    }
+    if (!EMAIL_RE.test(to)) {
+        return json({ ok: false, message: `Nieprawidłowy adres e-mail: ${to}` }, { status: 400 });
+    }
+    try {
+        await mailer.sendMail({
+            to,
+            subject: 'AriaCMS — test połączenia e-mail',
+            html: '<p>To jest testowa wiadomość wysłana z panelu Konserwacja. Jeśli ją widzisz, integracja e-mail działa poprawnie.</p>',
+            text: 'To jest testowa wiadomość wysłana z panelu Konserwacja. Jeśli ją widzisz, integracja e-mail działa poprawnie.'
+        });
+        return json({ ok: true });
+    }
+    catch (e) {
+        return json({ ok: false, message: e instanceof Error ? e.message : String(e) });
+    }
+};