includio-cms 0.28.0 → 0.34.0

package/dist/types/adapters/email.d.ts

@@ -14,5 +14,18 @@ export interface SendMailOptions {
     to: string | string[];
     subject: string;
     html: string;
+    /**
+     * Plain-text fallback served alongside HTML for clients that prefer text
+     * (better deliverability + accessibility). Optional — omitted = HTML-only.
+     * @public
+     */
+    text?: string;
+    /**
+     * Override the Reply-To header. Useful for admin notifications where the
+     * default sender is a no-reply address but replies should land in a real
+     * inbox. Omitted = adapter default (typically no Reply-To header).
+     * @public
+     */
+    replyTo?: string;
 }
 export type SendMail = (options: SendMailOptions) => Promise<void>;

package/dist/types/cms.d.ts

@@ -52,9 +52,21 @@ export interface AuthAdapter {
         } | null>;
     };
 }
+export interface AuthRateLimitRule {
+    window: number;
+    max: number;
+}
+export interface AuthRateLimitConfig {
+    enabled?: boolean;
+    window?: number;
+    max?: number;
+    customRules?: Record<string, AuthRateLimitRule>;
+    storage?: 'memory' | 'secondary-storage' | 'database';
+}
 export interface AuthConfig {
     secret: string;
     baseURL?: string;
+    rateLimit?: AuthRateLimitConfig;
 }
 export interface ApiKeyConfig {
     key: string;
@@ -68,6 +80,22 @@ export interface ApiKeyConfig {
 export interface TypographyConfig {
     fixOrphans?: boolean;
 }
+/**
+ * Optional admin UI configuration — extension points for the panel sidebar
+ * and other admin surfaces. Set on `defineConfig({ admin: ... })`.
+ *
+ * @public
+ */
+export interface AdminConfig {
+    /**
+     * Additional sidebar nav items rendered below the built-in sections
+     * (Dashboard, Collections, Singles, Forms, Shop). Useful for custom
+     * admin pages added by the consumer project (e.g. `/admin/newsletter`).
+     * Items are read once per session via a remote query and rendered with
+     * the same styling as built-in sections.
+     */
+    extraNavItems?: import('../admin/types.js').AdminNavItem[];
+}
 export interface CMSConfig {
     languages: Language[];
     collections?: CollectionConfig[];
@@ -85,6 +113,7 @@ export interface CMSConfig {
     sidebarHelp?: boolean;
     shop?: ResolvedShopConfig;
     cmp?: ResolvedCmpConfig;
+    admin?: AdminConfig;
 }
 export interface ICMS {
     collections: Record<string, CollectionConfigWithType>;
@@ -104,4 +133,5 @@ export interface ICMS {
     typographyConfig: TypographyConfig;
     shopConfig: ResolvedShopConfig | null;
     cmpConfig: ResolvedCmpConfig | null;
+    adminConfig: AdminConfig | null;
 }

package/dist/types/index.d.ts

@@ -9,7 +9,7 @@ export { type CollectionConfig } from './collections.js';
 export { type SingleConfig } from './singles.js';
 export { type FormConfig, type FormSubmission } from './forms.js';
 export { type FormField, type FormFieldType, type FormBaseField, type FormTextField, type FormEmailField, type FormTextareaField, type FormCheckboxField, type FormSelectField } from './formFields.js';
-export { type CMSConfig, type ApiKeyConfig, type AuthConfig, type TypographyConfig } from './cms.js';
+export { type CMSConfig, type ApiKeyConfig, type AuthConfig, type AuthRateLimitConfig, type AuthRateLimitRule, type TypographyConfig } from './cms.js';
 export { type PluginConfig, type CustomFieldDefinition, type IconSetPlugin, type IconDefinition, type Plugin, isIconSetPlugin } from './plugins.js';
 export { type Language, type Localized } from './languages.js';
 export { type Layout, type LayoutNode, type LayoutPreset, type LayoutNodeType, type ColumnRatio, type SectionNode, type ColumnsNode, type CardNode, type AccordionNode, type StackNode, type TabsNode, type TabNode } from './layout.js';

package/dist/updates/0.34.0/index.d.ts

@@ -0,0 +1,2 @@
+import type { CmsUpdate } from '../index.js';
+export declare const update: CmsUpdate;

package/dist/updates/0.34.0/index.js

@@ -0,0 +1,17 @@
+export const update = {
+    version: '0.34.0',
+    date: '2026-06-03',
+    description: 'Soft-delete zamówień (admin-only) — administrator może ukryć zamówienie z listy bez utraty danych. Odwracalne (kosz + przywracanie), bezpieczne księgowo: nie kasuje wiersza, faktur ani historii. Dozwolone tylko dla „bezpiecznych" statusów bez płatności (`new`, `awaitingPayment`, `cancelled`, `paymentRejected`) i zablokowane dla zamówień z wystawioną fakturą. Cała funkcja widoczna wyłącznie dla roli `admin`. Additive only — bez breaking changes.',
+    features: [
+        '`shop_orders` dostaje kolumny `deleted_at` (timestamptz, NULL = widoczne) i `deleted_by` (text). Lista zamówień domyślnie ukrywa miękko usunięte; `listOrders`/`countOrders` (`$lib/shop/server/orders.ts`) przyjmują `deleted: "exclude" | "only" | "include"` (domyślnie `exclude`).',
+        '`softDeleteOrder(orderId, deletedBy)` / `restoreOrder(orderId)` (`$lib/shop/server/orders.ts`, `@public`) — miękkie usuwanie/przywracanie (idempotentne). Soft-delete zwalnia natychmiast aktywną rezerwację stocku (nie czeka na TTL). Guard: `decideOrderDeletion(status, invoice)` + `DELETABLE_ORDER_STATUSES` / `isOrderDeletable(status)` (czyste, testowalne) — rzuca `OrderNotDeletableError` dla niedozwolonego statusu lub faktury `issued`/`sent`.',
+        'Auto-restore: zmiana statusu miękko usuniętego zamówienia na nieusuwalny (np. spóźniony webhook płatności na ukrytym `awaitingPayment` → `paid`) automatycznie zdejmuje je z kosza — opłacone zamówienia nigdy nie zostają ukryte.',
+        'Customer-facing `getOrderByNumber` nie zwraca miękko usuniętego zamówienia (nie resolvuje się na storefroncie); admin `getOrderById` celowo ignoruje `deletedAt` (podgląd/przywracanie z kosza).',
+        '`deleteOrderCmd` / `restoreOrderCmd` (commands) + `listOrdersAdmin({ deleted })` (`includio-cms/admin/remote`) — chronione `requireRole("admin")` (kosz i usuwanie tylko dla admina; normalna lista nadal `requireAuth`).',
+        'Admin UI: `shop-order-detail-page` zyskuje sekcję „Usuń zamówienie" (tylko admin + status usuwalny) z dialogiem potwierdzenia; `shop-orders-list-page` — przełącznik „Kosz" (tylko admin) z akcją „Przywróć" w wierszu.'
+    ],
+    fixes: [],
+    breakingChanges: [],
+    sql: `ALTER TABLE shop_orders ADD COLUMN IF NOT EXISTS deleted_at timestamptz;
+ALTER TABLE shop_orders ADD COLUMN IF NOT EXISTS deleted_by text;`
+};

package/dist/updates/index.js

@@ -63,6 +63,7 @@ import { update as update0260 } from './0.26.0/index.js';
 import { update as update0261 } from './0.26.1/index.js';
 import { update as update0270 } from './0.27.0/index.js';
 import { update as update0280 } from './0.28.0/index.js';
+import { update as update0340 } from './0.34.0/index.js';
 export const updates = [
     update0065,
     update0066,
@@ -128,7 +129,8 @@ export const updates = [
     update0260,
     update0261,
     update0270,
-    update0280
+    update0280,
+    update0340
 ];
 export const getUpdatesFrom = (fromVersion) => {
     const fromParts = fromVersion.split('.').map(Number);

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "includio-cms",
-	"version": "0.28.0",
+	"version": "0.34.0",
 	"scripts": {
 		"dev": "vite dev",
 		"build": "vite build && npm run prepack",
@@ -43,7 +43,7 @@
 		"prepublishOnly": "tsx scripts/generate-changelog.ts && tsx scripts/compile-docs.ts && tsx scripts/generate-api-md.ts && git add CHANGELOG.md DOCS.md API.md && (git diff --cached --quiet || git commit -m \"Prepublish v${npm_package_version} (CHANGELOG.md, DOCS.md and API.md updated)\")"
 	},
 	"bin": {
-		"includio": "./dist/cli/index.js"
+		"aria": "./dist/cli/index.js"
 	},
 	"files": [
 		"dist",
@@ -72,6 +72,10 @@
 			"svelte": "./dist/core/index.js",
 			"node": "./dist/core/index.js"
 		},
+		"./core/server": {
+			"types": "./dist/core/server/index.d.ts",
+			"node": "./dist/core/server/index.js"
+		},
 		"./types": {
 			"types": "./dist/types/index.d.ts",
 			"svelte": "./dist/types/index.js",
@@ -302,6 +306,7 @@
 		"dotenv": "^16.5.0",
 		"fast-glob": "^3.3.3",
 		"fluent-ffmpeg": "^2.1.3",
+		"handlebars": "^4.7.9",
 		"isomorphic-dompurify": "3.0.0-rc.2",
 		"lowlight": "^3.3.0",
 		"mrmime": "^2.0.1",

package/dist/paraglide/messages/en.d.ts

@@ -1,5 +0,0 @@
-export const hello_world: (inputs: {
-    name: NonNullable<unknown>;
-}) => string;
-export const login_hello: (inputs: {}) => string;
-export const login_please_login: (inputs: {}) => string;

package/dist/paraglide/messages/en.js

@@ -1,14 +0,0 @@
-/* eslint-disable */
-
-
-export const hello_world = /** @type {(inputs: { name: NonNullable<unknown> }) => string} */ (i) => {
-	return `Hello, ${i.name} from en!`
-};
-
-export const login_hello = /** @type {(inputs: {}) => string} */ () => {
-	return `Welcome back`
-};
-
-export const login_please_login = /** @type {(inputs: {}) => string} */ () => {
-	return `Login to your account`
-};

package/dist/paraglide/messages/pl.d.ts

@@ -1,5 +0,0 @@
-export const hello_world: (inputs: {
-    name: NonNullable<unknown>;
-}) => string;
-export const login_hello: (inputs: {}) => string;
-export const login_please_login: (inputs: {}) => string;

package/dist/paraglide/messages/pl.js

@@ -1,14 +0,0 @@
-/* eslint-disable */
-
-
-export const hello_world = /** @type {(inputs: { name: NonNullable<unknown> }) => string} */ (i) => {
-	return `Hello, ${i.name} from pl!`
-};
-
-export const login_hello = /** @type {(inputs: {}) => string} */ () => {
-	return `Witaj ponownie`
-};
-
-export const login_please_login = /** @type {(inputs: {}) => string} */ () => {
-	return `Zaloguj się na swoje konto`
-};