npm - includio-cms - Versions diffs - 0.5.2 → 0.5.5 - Mend

includio-cms 0.5.2 → 0.5.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (132) hide show

package/CHANGELOG.md +60 -0
package/ROADMAP.md +29 -0
package/dist/admin/api/rest/handler.d.ts +7 -0
package/dist/admin/api/rest/handler.js +116 -0
package/dist/admin/api/rest/middleware/apiKey.d.ts +6 -0
package/dist/admin/api/rest/middleware/apiKey.js +45 -0
package/dist/admin/api/rest/routes/collections.d.ts +5 -0
package/dist/admin/api/rest/routes/collections.js +104 -0
package/dist/admin/api/rest/routes/entries.d.ts +2 -0
package/dist/admin/api/rest/routes/entries.js +37 -0
package/dist/admin/api/rest/routes/languages.d.ts +1 -0
package/dist/admin/api/rest/routes/languages.js +5 -0
package/dist/admin/api/rest/routes/schema.d.ts +2 -0
package/dist/admin/api/rest/routes/schema.js +78 -0
package/dist/admin/api/rest/routes/singletons.d.ts +3 -0
package/dist/admin/api/rest/routes/singletons.js +60 -0
package/dist/admin/auth-client.d.ts +7 -7
package/dist/admin/client/collection/collection-entries.svelte +56 -5
package/dist/admin/client/collection/data-table.svelte +127 -18
package/dist/admin/client/collection/data-table.svelte.d.ts +2 -0
package/dist/admin/client/entry/entry-form.svelte +1 -0
package/dist/admin/client/entry/entry.svelte +130 -123
package/dist/admin/client/entry/hybrid/hybrid-preview.svelte +92 -9
package/dist/admin/components/fields/blocks-field.svelte +142 -112
package/dist/admin/components/fields/blocks-field.svelte.d.ts +10 -30
package/dist/admin/components/fields/boolean-field.svelte +28 -38
package/dist/admin/components/fields/boolean-field.svelte.d.ts +5 -27
package/dist/admin/components/fields/checkboxes-field.svelte +12 -24
package/dist/admin/components/fields/checkboxes-field.svelte.d.ts +5 -27
package/dist/admin/components/fields/content-field.svelte +4 -17
package/dist/admin/components/fields/content-field.svelte.d.ts +5 -27
package/dist/admin/components/fields/date-field.svelte +8 -21
package/dist/admin/components/fields/date-field.svelte.d.ts +5 -27
package/dist/admin/components/fields/datetime-field.svelte +8 -21
package/dist/admin/components/fields/datetime-field.svelte.d.ts +5 -27
package/dist/admin/components/fields/field-renderer.svelte +32 -19
package/dist/admin/components/fields/field-renderer.svelte.d.ts +1 -1
package/dist/admin/components/fields/field-value-bridge.svelte +21 -0
package/dist/admin/components/fields/field-value-bridge.svelte.d.ts +31 -0
package/dist/admin/components/fields/fields-form.svelte +13 -10
package/dist/admin/components/fields/file-field.svelte +12 -27
package/dist/admin/components/fields/file-field.svelte.d.ts +5 -27
package/dist/admin/components/fields/image-field.svelte +13 -28
package/dist/admin/components/fields/image-field.svelte.d.ts +5 -27
package/dist/admin/components/fields/media-field.svelte +15 -30
package/dist/admin/components/fields/media-field.svelte.d.ts +5 -27
package/dist/admin/components/fields/number-field.svelte +6 -20
package/dist/admin/components/fields/number-field.svelte.d.ts +5 -27
package/dist/admin/components/fields/object-field.svelte +26 -29
package/dist/admin/components/fields/object-field.svelte.d.ts +11 -31
package/dist/admin/components/fields/radio-field.svelte +8 -20
package/dist/admin/components/fields/radio-field.svelte.d.ts +5 -27
package/dist/admin/components/fields/relation-field.svelte +28 -40
package/dist/admin/components/fields/relation-field.svelte.d.ts +5 -27
package/dist/admin/components/fields/richtext-field.svelte +4 -17
package/dist/admin/components/fields/richtext-field.svelte.d.ts +5 -27
package/dist/admin/components/fields/select-field.svelte +14 -28
package/dist/admin/components/fields/select-field.svelte.d.ts +5 -27
package/dist/admin/components/fields/seo-field.svelte +5 -12
package/dist/admin/components/fields/seo-field.svelte.d.ts +8 -28
package/dist/admin/components/fields/simple-array-field.svelte +29 -42
package/dist/admin/components/fields/simple-array-field.svelte.d.ts +5 -27
package/dist/admin/components/fields/slug-field.svelte +6 -11
package/dist/admin/components/fields/slug-field.svelte.d.ts +6 -26
package/dist/admin/components/fields/text-field-wrapper.svelte +22 -40
package/dist/admin/components/fields/text-field.svelte +7 -19
package/dist/admin/components/fields/text-field.svelte.d.ts +5 -27
package/dist/admin/components/fields/url-field-wrapper.svelte +8 -3
package/dist/admin/components/fields/url-field.svelte +294 -128
package/dist/admin/components/fields/url-field.svelte.d.ts +5 -27
package/dist/admin/components/layout/layout-renderer.svelte +8 -6
package/dist/admin/components/layout/nav-collections.svelte +2 -1
package/dist/admin/components/layout/nav-forms.svelte +2 -1
package/dist/admin/components/layout/nav-singletons.svelte +2 -1
package/dist/admin/components/tiptap/InlineBlockNodeView.svelte +221 -31
package/dist/admin/components/tiptap/content-editor.svelte +13 -2
package/dist/admin/components/tiptap/inline-block-node.d.ts +1 -0
package/dist/admin/components/tiptap/inline-block-node.js +18 -1
package/dist/admin/components/tiptap/slash-command.js +2 -3
package/dist/admin/components/tiptap/standalone-form.d.ts +7 -0
package/dist/admin/components/tiptap/standalone-form.js +31 -0
package/dist/admin/components/tiptap/tiptap-editor.svelte +7 -0
package/dist/admin/remote/entry.remote.d.ts +9 -1
package/dist/admin/remote/entry.remote.js +30 -2
package/dist/admin/styles/admin.css +10 -0
package/dist/admin/utils/fieldCondition.d.ts +6 -0
package/dist/admin/utils/fieldCondition.js +20 -0
package/dist/cli/scaffold/admin.js +8 -0
package/dist/components/ui/switch/index.d.ts +2 -0
package/dist/components/ui/switch/index.js +4 -0
package/dist/components/ui/switch/switch.svelte +26 -0
package/dist/components/ui/switch/switch.svelte.d.ts +4 -0
package/dist/core/cms.d.ts +2 -1
package/dist/core/cms.js +2 -0
package/dist/core/fields/fieldSchemaToTs.js +15 -3
package/dist/core/fields/formFieldSchemaToTs.js +22 -6
package/dist/core/fields/urlUtils.d.ts +14 -0
package/dist/core/fields/urlUtils.js +21 -0
package/dist/core/server/entries/operations/get.js +2 -1
package/dist/core/server/entries/operations/update.d.ts +1 -0
package/dist/core/server/entries/operations/update.js +5 -1
package/dist/core/server/fields/populateEntry.js +43 -0
package/dist/core/server/fields/resolveImageFields.js +33 -1
package/dist/core/server/fields/resolveRelationFields.js +46 -0
package/dist/core/server/fields/resolveRichtextLinks.js +15 -1
package/dist/core/server/fields/resolveUrlFields.js +65 -0
package/dist/core/server/generator/formFieldSchemaToString.js +40 -9
package/dist/core/server/generator/formFields.js +2 -0
package/dist/core/server/generator/generator.js +25 -1
package/dist/db-postgres/schema/entry.d.ts +17 -0
package/dist/db-postgres/schema/entry.js +4 -2
package/dist/schemas/field/url.d.ts +2 -0
package/dist/schemas/field/url.js +4 -2
package/dist/server/auth.d.ts +6 -6
package/dist/sveltekit/server/handle.js +1 -0
package/dist/types/cms.d.ts +7 -0
package/dist/types/collections.d.ts +2 -0
package/dist/types/entries.d.ts +7 -1
package/dist/types/fields.d.ts +9 -0
package/dist/types/formFields.d.ts +15 -2
package/dist/types/index.d.ts +2 -1
package/dist/types/index.js +1 -0
package/dist/updates/0.5.3/index.d.ts +2 -0
package/dist/updates/0.5.3/index.js +19 -0
package/dist/updates/0.5.4/index.d.ts +2 -0
package/dist/updates/0.5.4/index.js +15 -0
package/dist/updates/0.5.5/index.d.ts +2 -0
package/dist/updates/0.5.5/index.js +20 -0
package/dist/updates/index.js +4 -1
package/package.json +7 -1
package/dist/admin/components/fields/standalone-field-renderer.svelte +0 -148
package/dist/admin/components/fields/standalone-field-renderer.svelte.d.ts +0 -9

package/CHANGELOG.md CHANGED Viewed

@@ -3,6 +3,66 @@
 All notable changes to includio-cms are documented here.
 Generated from `src/lib/updates/` — do not edit manually.
+## 0.5.5 — 2026-03-04
+REST API with API key auth, orderable collection fixes
+### Added
+- REST API with API key authentication — CRUD for collections, singletons, entries, schema introspection, language listing
+- API key configuration in CMS config (`apiKeys` array)
+- getEntries supports `orderBy` parameter (column + direction)
+- Admin scaffold generates REST API catch-all route
+### Fixed
+- Orderable collections: DnD rows use proper `<tr>` element instead of `<div>` wrapper
+- Reorder buttons always visible (not sr-only) for better discoverability
+- Selection enabled for orderable collections
+- Relation field respects orderable collection sort order
+- Nav active state: exact match prevents false highlights on similarly-named routes
+### Notes
+Add `apiKeys: [{ key: "your-secret", name: "My App" }]` to CMS config. REST API available at `/admin/api/rest/`.
+## 0.5.4 — 2026-03-04
+Collection ordering (DnD), custom list columns
+### Added
+- Orderable collections: DnD reordering of entries in admin list with keyboard alternative (WCAG 2.1)
+- Custom list columns: display arbitrary entry fields as columns in collection list
+- sortOrder column on entries table for persistent manual ordering
+- reorderEntriesCommand remote for bulk sort order updates
+### Migration
+```sql
+ALTER TABLE entry ADD COLUMN sort_order INTEGER;
+```
+### Notes
+Add `orderable: true` to collections that need manual ordering. Add `listColumns: ["fieldSlug"]` to show fields in the entry list.
+## 0.5.3 — 2026-03-04
+Form fields, inline blocks, hybrid preview, field components refactor
+### Added
+- Form fields: select type, minLength/maxLength, errorMessage, remote commands
+- Conditional field visibility (showWhen)
+- Hybrid preview: device frames, container queries
+- TipTap placeholder extension + Notion-style styles
+- Server-side field resolution for inline blocks
+- Inline blocks: standalone form, full field rendering, collapse UI
+- URL field: rel attribute, external auto-detect, UI redesign
+- Switch UI component (bits-ui)
+- Boolean field: Switch toggle zamiast checkbox
+- Storybook stories for all field types
+### Fixed
+- Hybrid preview layout fix
 ## 0.5.2 — 2026-02-25
 Update system: split migration into sql + notes

package/ROADMAP.md CHANGED Viewed

@@ -76,6 +76,35 @@
 - [x] `[fix]` `[P1]` Split `migration` field into `sql` + `notes` — fixes CLI crash on text descriptions
+## 0.5.3 — Form fields, inline blocks, hybrid preview
+- [x] `[feature]` `[P1]` Form fields: select type, minLength/maxLength, errorMessage, remote commands
+- [x] `[feature]` `[P1]` Conditional field visibility (showWhen)
+- [x] `[feature]` `[P1]` Hybrid preview: device frames, container queries
+- [x] `[feature]` `[P2]` TipTap placeholder extension + Notion-style styles
+- [x] `[feature]` `[P1]` Server-side field resolution for inline blocks
+- [x] `[feature]` `[P1]` Inline blocks: standalone form, field rendering, collapse UI
+- [x] `[feature]` `[P2]` URL field: rel attribute, external auto-detect, UI redesign
+- [x] `[feature]` `[P2]` Switch UI component + boolean field toggle
+- [x] `[chore]` `[P2]` Storybook stories for all field types
+- [x] `[chore]` `[P1]` Field components refactor: bindable value props
+## 0.5.4 — Collection ordering & list columns
+- [x] `[feature]` `[P1]` Orderable collections: DnD reordering with keyboard alternative (WCAG 2.1) <!-- files: src/lib/admin/client/collection/data-table.svelte, src/lib/admin/client/collection/collection-entries.svelte -->
+- [x] `[feature]` `[P1]` Custom list columns: display entry fields as columns in collection list <!-- files: src/lib/admin/client/collection/collection-entries.svelte -->
+- [x] `[feature]` `[P1]` `sortOrder` column + `reorderEntriesCommand` remote <!-- files: src/lib/db-postgres/schema/entry.ts, src/lib/admin/remote/entry.remote.ts -->
+## 0.5.5 — REST API & orderable fixes
+- [x] `[feature]` `[P1]` REST API with API key authentication — CRUD for collections, singletons, entries, schema, languages <!-- files: src/lib/admin/api/rest/ -->
+- [x] `[feature]` `[P1]` API key configuration in CMS config (`apiKeys`) <!-- files: src/lib/types/cms.ts, src/lib/core/cms.ts -->
+- [x] `[feature]` `[P2]` getEntries `orderBy` parameter support <!-- files: src/lib/types/entries.ts, src/lib/core/server/entries/operations/get.ts -->
+- [x] `[fix]` `[P1]` Orderable collections: proper `<tr>` markup, visible reorder buttons, selection enabled <!-- files: src/lib/admin/client/collection/data-table.svelte -->
+- [x] `[fix]` `[P1]` Relation field respects orderable collection sort order <!-- files: src/lib/admin/components/fields/relation-field.svelte -->
+- [x] `[fix]` `[P1]` Nav active state exact match — prevents false highlights <!-- files: src/lib/admin/components/layout/nav-*.svelte -->
+- [x] `[chore]` `[P2]` Admin scaffold generates REST API route <!-- files: src/lib/cli/scaffold/admin.ts -->
 ## 0.6.0 — Plugin system _(deferred from 0.2.0)_
 - [ ] `[feature]` `[P0]` Wire plugin hooks into CRUD operations (before/afterCreate, Update, Delete) <!-- files: src/lib/types/plugins.ts, src/lib/core/server/entries/operations/ -->

package/dist/admin/api/rest/handler.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import { type RequestHandler } from '@sveltejs/kit';
+export declare function createRestApiHandler(): {
+    GET: RequestHandler;
+    POST: RequestHandler;
+    PUT: RequestHandler;
+    DELETE: RequestHandler;
+};

package/dist/admin/api/rest/handler.js ADDED Viewed

@@ -0,0 +1,116 @@
+import { json } from '@sveltejs/kit';
+import { authenticateApiKey } from './middleware/apiKey.js';
+import * as schemaRoutes from './routes/schema.js';
+import * as languagesRoutes from './routes/languages.js';
+import * as collectionsRoutes from './routes/collections.js';
+import * as singletonsRoutes from './routes/singletons.js';
+import * as entriesRoutes from './routes/entries.js';
+function matchRoute(method, path) {
+    // Schema routes
+    if (method === 'GET' && path === 'schema') {
+        return { handler: 'schema', params: [] };
+    }
+    if (method === 'GET' && path.startsWith('schema/')) {
+        return { handler: 'schema', params: [] };
+    }
+    // Languages
+    if (method === 'GET' && path === 'languages') {
+        return { handler: 'languages', params: [] };
+    }
+    // Entries lifecycle: POST /entries/:id/:action
+    const entriesMatch = path.match(/^entries\/([^/]+)\/(publish|unpublish|archive|unarchive)$/);
+    if (method === 'POST' && entriesMatch) {
+        return { handler: 'entries', params: [entriesMatch[1], entriesMatch[2]] };
+    }
+    // Collections: /collections/:slug/:id?
+    const collectionWithId = path.match(/^collections\/([^/]+)\/([^/]+)$/);
+    if (collectionWithId) {
+        return { handler: 'collections', params: [collectionWithId[1], collectionWithId[2]] };
+    }
+    const collectionOnly = path.match(/^collections\/([^/]+)$/);
+    if (collectionOnly) {
+        return { handler: 'collections', params: [collectionOnly[1]] };
+    }
+    // Singletons: /singletons/:slug
+    const singletonMatch = path.match(/^singletons\/([^/]+)$/);
+    if (singletonMatch) {
+        return { handler: 'singletons', params: [singletonMatch[1]] };
+    }
+    return null;
+}
+export function createRestApiHandler() {
+    function handle(method) {
+        return async (event) => {
+            // Authenticate
+            const apiKey = authenticateApiKey(event);
+            if (!apiKey) {
+                return json({ error: 'Unauthorized — invalid or missing API key' }, { status: 401 });
+            }
+            const restPath = event.params.restPath || '';
+            const route = matchRoute(method, restPath);
+            if (!route) {
+                return json({ error: 'Not found' }, { status: 404 });
+            }
+            try {
+                switch (route.handler) {
+                    case 'schema': {
+                        // Pass restPath minus 'schema/' prefix
+                        const schemaPath = restPath === 'schema' ? '' : restPath.slice(7);
+                        event.params.restPath = schemaPath;
+                        return await schemaRoutes.GET(event);
+                    }
+                    case 'languages':
+                        return await languagesRoutes.GET();
+                    case 'collections': {
+                        const [slug, id] = route.params;
+                        switch (method) {
+                            case 'GET':
+                                return await collectionsRoutes.GET(event, slug, id);
+                            case 'POST':
+                                return await collectionsRoutes.POST(event, slug);
+                            case 'PUT':
+                                if (!id)
+                                    return json({ error: 'Entry ID required' }, { status: 400 });
+                                return await collectionsRoutes.PUT(event, slug, id);
+                            case 'DELETE':
+                                if (!id)
+                                    return json({ error: 'Entry ID required' }, { status: 400 });
+                                return await collectionsRoutes.DELETE(event, slug, id);
+                        }
+                        break;
+                    }
+                    case 'singletons': {
+                        const [slug] = route.params;
+                        switch (method) {
+                            case 'GET':
+                                return await singletonsRoutes.GET(event, slug);
+                            case 'PUT':
+                                return await singletonsRoutes.PUT(event, slug);
+                            default:
+                                return json({ error: 'Method not allowed' }, { status: 405 });
+                        }
+                    }
+                    case 'entries': {
+                        const [id, action] = route.params;
+                        return await entriesRoutes.POST(event, id, action);
+                    }
+                }
+            }
+            catch (err) {
+                const message = err instanceof Error ? err.message : 'Internal server error';
+                const status = message === 'Unauthorized' ? 401
+                    : message === 'Forbidden' ? 403
+                        : message.includes('not found') || message.includes('Not found') ? 404
+                            : 500;
+                return json({ error: message }, { status });
+            }
+            return json({ error: 'Not found' }, { status: 404 });
+        };
+    }
+    return {
+        GET: handle('GET'),
+        POST: handle('POST'),
+        PUT: handle('PUT'),
+        DELETE: handle('DELETE')
+    };
+}

package/dist/admin/api/rest/middleware/apiKey.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import type { RequestEvent } from '@sveltejs/kit';
+import type { ApiKeyConfig } from '../../../../types/cms.js';
+export declare function extractApiKey(event: RequestEvent): string | null;
+export declare function validateApiKey(key: string): ApiKeyConfig | null;
+export declare function setSyntheticUser(event: RequestEvent, apiKey: ApiKeyConfig): void;
+export declare function authenticateApiKey(event: RequestEvent): ApiKeyConfig | null;

package/dist/admin/api/rest/middleware/apiKey.js ADDED Viewed

@@ -0,0 +1,45 @@
+import { getCMS } from '../../../../core/cms.js';
+export function extractApiKey(event) {
+    const authHeader = event.request.headers.get('authorization');
+    if (authHeader?.startsWith('Bearer ')) {
+        return authHeader.slice(7);
+    }
+    return event.request.headers.get('x-api-key');
+}
+export function validateApiKey(key) {
+    const cms = getCMS();
+    return cms.apiKeys.find((k) => k.key === key) ?? null;
+}
+export function setSyntheticUser(event, apiKey) {
+    const name = apiKey.name || 'api';
+    event.locals.user = {
+        id: `api:${name}`,
+        name,
+        role: apiKey.role || 'admin',
+        email: `${name}@api.local`,
+        emailVerified: true,
+        createdAt: new Date(),
+        updatedAt: new Date(),
+        image: null
+    };
+    event.locals.session = {
+        id: 'api-session',
+        userId: `api:${name}`,
+        expiresAt: new Date(Date.now() + 86400000),
+        token: '',
+        createdAt: new Date(),
+        updatedAt: new Date(),
+        ipAddress: null,
+        userAgent: null
+    };
+}
+export function authenticateApiKey(event) {
+    const key = extractApiKey(event);
+    if (!key)
+        return null;
+    const apiKey = validateApiKey(key);
+    if (!apiKey)
+        return null;
+    setSyntheticUser(event, apiKey);
+    return apiKey;
+}

package/dist/admin/api/rest/routes/collections.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { type RequestEvent } from '@sveltejs/kit';
+export declare function GET(event: RequestEvent, slug: string, id?: string): Promise<Response>;
+export declare function POST(event: RequestEvent, slug: string): Promise<Response>;
+export declare function PUT(event: RequestEvent, slug: string, id: string): Promise<Response>;
+export declare function DELETE(_event: RequestEvent, slug: string, id: string): Promise<Response>;

package/dist/admin/api/rest/routes/collections.js ADDED Viewed

@@ -0,0 +1,104 @@
+import { json } from '@sveltejs/kit';
+import { getCMS } from '../../../../core/cms.js';
+import { getRawEntries, getRawEntry, countRawEntries } from '../../../../core/server/entries/operations/get.js';
+import { createEntry } from '../../../../core/server/entries/operations/create.js';
+import { upsertDraftVersion } from '../../../../core/server/entries/operations/update.js';
+import { deleteEntry } from '../../../../core/server/entries/operations/delete.js';
+export async function GET(event, slug, id) {
+    const cms = getCMS();
+    if (!cms.collections[slug]) {
+        return json({ error: `Collection "${slug}" not found` }, { status: 404 });
+    }
+    // GET /collections/:slug/:id — single entry
+    if (id) {
+        const entry = await getRawEntry({ id, slug, includeArchived: true });
+        if (!entry) {
+            return json({ error: 'Entry not found' }, { status: 404 });
+        }
+        return json({
+            id: entry.id,
+            slug: entry.slug,
+            type: entry.type,
+            createdAt: entry.createdAt,
+            updatedAt: entry.updatedAt,
+            publishedAt: entry.publishedAt,
+            archivedAt: entry.archivedAt,
+            availableLocales: entry.availableLocales,
+            sortOrder: entry.sortOrder,
+            draftData: entry.draftVersion?.data ?? null,
+            publishedData: entry.publishedVersion?.data ?? null,
+            draftVersionId: entry.draftVersion?.id ?? null,
+            publishedVersionId: entry.publishedVersion?.id ?? null
+        });
+    }
+    // GET /collections/:slug — list
+    const url = event.url;
+    const status = url.searchParams.get('status') || undefined;
+    const limit = parseInt(url.searchParams.get('limit') || '50', 10);
+    const offset = parseInt(url.searchParams.get('offset') || '0', 10);
+    const includeArchived = status === 'archived';
+    const onlyArchived = status === 'archived';
+    const [entries, total] = await Promise.all([
+        getRawEntries({ slug, limit, offset, includeArchived, onlyArchived }),
+        countRawEntries({ slug, includeArchived, onlyArchived })
+    ]);
+    const items = entries.map((entry) => ({
+        id: entry.id,
+        slug: entry.slug,
+        type: entry.type,
+        createdAt: entry.createdAt,
+        updatedAt: entry.updatedAt,
+        publishedAt: entry.publishedAt,
+        archivedAt: entry.archivedAt,
+        availableLocales: entry.availableLocales,
+        sortOrder: entry.sortOrder,
+        draftData: entry.draftVersion?.data ?? null,
+        publishedData: entry.publishedVersion?.data ?? null
+    }));
+    return json({ items, total, limit, offset });
+}
+export async function POST(event, slug) {
+    const cms = getCMS();
+    if (!cms.collections[slug]) {
+        return json({ error: `Collection "${slug}" not found` }, { status: 404 });
+    }
+    const body = await event.request.json().catch(() => null);
+    const entry = await createEntry({ slug, type: 'collection' });
+    // If data provided, save as draft
+    if (body?.data && typeof body.data === 'object') {
+        await upsertDraftVersion(entry.id, body.data, { skipValidation: true });
+    }
+    return json({ id: entry.id, slug: entry.slug }, { status: 201 });
+}
+export async function PUT(event, slug, id) {
+    const cms = getCMS();
+    if (!cms.collections[slug]) {
+        return json({ error: `Collection "${slug}" not found` }, { status: 404 });
+    }
+    const entry = await getRawEntry({ id, slug });
+    if (!entry) {
+        return json({ error: 'Entry not found' }, { status: 404 });
+    }
+    const body = await event.request.json().catch(() => null);
+    if (!body?.data || typeof body.data !== 'object') {
+        return json({ error: 'Request body must contain "data" object' }, { status: 400 });
+    }
+    const version = await upsertDraftVersion(entry.id, body.data, { skipValidation: true });
+    return json({
+        id: entry.id,
+        versionId: version.id,
+        versionNumber: version.versionNumber
+    });
+}
+export async function DELETE(_event, slug, id) {
+    const cms = getCMS();
+    if (!cms.collections[slug]) {
+        return json({ error: `Collection "${slug}" not found` }, { status: 404 });
+    }
+    const entry = await getRawEntry({ id, slug, includeArchived: true });
+    if (!entry) {
+        return json({ error: 'Entry not found' }, { status: 404 });
+    }
+    await deleteEntry(entry.id);
+    return json({ success: true });
+}

package/dist/admin/api/rest/routes/entries.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { type RequestEvent } from '@sveltejs/kit';
2	+ export declare function POST(_event: RequestEvent, id: string, action: string): Promise<Response>;

package/dist/admin/api/rest/routes/entries.js ADDED Viewed

@@ -0,0 +1,37 @@
+import { json } from '@sveltejs/kit';
+import { requireAuth } from '../../../remote/middleware/auth.js';
+import { getRawEntryOrThrow } from '../../../../core/server/entries/operations/get.js';
+import { updateEntry, unpublishEntry } from '../../../../core/server/entries/operations/update.js';
+export async function POST(_event, id, action) {
+    const { user } = requireAuth();
+    switch (action) {
+        case 'publish': {
+            const entry = await getRawEntryOrThrow({ id, includeArchived: false });
+            const draftVersion = entry.draftVersion;
+            if (!draftVersion) {
+                return json({ error: 'No draft version to publish' }, { status: 400 });
+            }
+            await updateEntry(id, {
+                publishedVersionId: draftVersion.id,
+                publishedAt: new Date(),
+                publishedBy: user.id,
+                archivedAt: null
+            });
+            return json({ success: true, publishedVersionId: draftVersion.id });
+        }
+        case 'unpublish': {
+            await unpublishEntry(id);
+            return json({ success: true });
+        }
+        case 'archive': {
+            await updateEntry(id, { archivedAt: new Date() });
+            return json({ success: true });
+        }
+        case 'unarchive': {
+            await updateEntry(id, { archivedAt: null });
+            return json({ success: true });
+        }
+        default:
+            return json({ error: `Unknown action "${action}"` }, { status: 400 });
+    }
+}

package/dist/admin/api/rest/routes/languages.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export declare function GET(): Promise<Response>;

package/dist/admin/api/rest/routes/languages.js ADDED Viewed

@@ -0,0 +1,5 @@
+import { json } from '@sveltejs/kit';
+import { getCMS } from '../../../../core/cms.js';
+export async function GET() {
+    return json({ languages: getCMS().languages });
+}

package/dist/admin/api/rest/routes/schema.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { type RequestEvent } from '@sveltejs/kit';
2	+ export declare function GET(event: RequestEvent): Promise<Response>;

package/dist/admin/api/rest/routes/schema.js ADDED Viewed

@@ -0,0 +1,78 @@
+import { json } from '@sveltejs/kit';
+import { getCMS } from '../../../../core/cms.js';
+import { getFieldsFromConfig } from '../../../../core/fields/layoutUtils.js';
+function serializeField(field) {
+    const { ...rest } = field;
+    // Remove non-serializable properties
+    delete rest.icon;
+    return rest;
+}
+function serializeFields(fields) {
+    return fields.map(serializeField);
+}
+export async function GET(event) {
+    const cms = getCMS();
+    const path = event.params.restPath || '';
+    // GET /schema/collections/:slug
+    const collectionMatch = path.match(/^collections\/([^/]+)$/);
+    if (collectionMatch) {
+        const slug = collectionMatch[1];
+        const collection = cms.collections[slug];
+        if (!collection) {
+            return json({ error: `Collection "${slug}" not found` }, { status: 404 });
+        }
+        return json({
+            slug: collection.slug,
+            type: collection.type,
+            labels: collection.labels,
+            fields: serializeFields(getFieldsFromConfig(collection)),
+            orderable: collection.orderable,
+            listColumns: collection.listColumns,
+            slugField: collection.slugField
+        });
+    }
+    // GET /schema/singletons/:slug
+    const singletonMatch = path.match(/^singletons\/([^/]+)$/);
+    if (singletonMatch) {
+        const slug = singletonMatch[1];
+        const single = cms.singles[slug];
+        if (!single) {
+            return json({ error: `Singleton "${slug}" not found` }, { status: 404 });
+        }
+        return json({
+            slug: single.slug,
+            type: single.type,
+            label: single.label,
+            fields: serializeFields(getFieldsFromConfig(single))
+        });
+    }
+    // GET /schema — full schema overview
+    if (path === '') {
+        const collections = Object.values(cms.collections).map((c) => ({
+            slug: c.slug,
+            type: c.type,
+            labels: c.labels,
+            fields: serializeFields(getFieldsFromConfig(c)),
+            orderable: c.orderable,
+            listColumns: c.listColumns,
+            slugField: c.slugField
+        }));
+        const singletons = Object.values(cms.singles).map((s) => ({
+            slug: s.slug,
+            type: s.type,
+            label: s.label,
+            fields: serializeFields(getFieldsFromConfig(s))
+        }));
+        const forms = Object.values(cms.forms).map((f) => ({
+            slug: f.slug,
+            fields: f.fields
+        }));
+        return json({
+            collections,
+            singletons,
+            forms,
+            languages: cms.languages
+        });
+    }
+    return json({ error: 'Not found' }, { status: 404 });
+}

package/dist/admin/api/rest/routes/singletons.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { type RequestEvent } from '@sveltejs/kit';
+export declare function GET(_event: RequestEvent, slug: string): Promise<Response>;
+export declare function PUT(event: RequestEvent, slug: string): Promise<Response>;

package/dist/admin/api/rest/routes/singletons.js ADDED Viewed

@@ -0,0 +1,60 @@
+import { json } from '@sveltejs/kit';
+import { getCMS } from '../../../../core/cms.js';
+import { getRawEntries } from '../../../../core/server/entries/operations/get.js';
+import { createEntry } from '../../../../core/server/entries/operations/create.js';
+import { upsertDraftVersion } from '../../../../core/server/entries/operations/update.js';
+export async function GET(_event, slug) {
+    const cms = getCMS();
+    if (!cms.singles[slug]) {
+        return json({ error: `Singleton "${slug}" not found` }, { status: 404 });
+    }
+    const entries = await getRawEntries({ slug });
+    const entry = entries[0];
+    if (!entry) {
+        return json({
+            slug,
+            type: 'single',
+            draftData: null,
+            publishedData: null
+        });
+    }
+    return json({
+        id: entry.id,
+        slug: entry.slug,
+        type: entry.type,
+        createdAt: entry.createdAt,
+        updatedAt: entry.updatedAt,
+        publishedAt: entry.publishedAt,
+        draftData: entry.draftVersion?.data ?? null,
+        publishedData: entry.publishedVersion?.data ?? null,
+        draftVersionId: entry.draftVersion?.id ?? null,
+        publishedVersionId: entry.publishedVersion?.id ?? null
+    });
+}
+export async function PUT(event, slug) {
+    const cms = getCMS();
+    if (!cms.singles[slug]) {
+        return json({ error: `Singleton "${slug}" not found` }, { status: 404 });
+    }
+    const body = await event.request.json().catch(() => null);
+    if (!body?.data || typeof body.data !== 'object') {
+        return json({ error: 'Request body must contain "data" object' }, { status: 400 });
+    }
+    // Find or create singleton entry
+    const entries = await getRawEntries({ slug });
+    let entry = entries[0];
+    if (!entry) {
+        const dbEntry = await createEntry({ slug, type: 'single' });
+        const created = await getRawEntries({ slug });
+        entry = created[0];
+        if (!entry) {
+            return json({ error: 'Failed to create singleton entry' }, { status: 500 });
+        }
+    }
+    const version = await upsertDraftVersion(entry.id, body.data, { skipValidation: true });
+    return json({
+        id: entry.id,
+        versionId: version.id,
+        versionNumber: version.versionNumber
+    });
+}

package/dist/admin/auth-client.d.ts CHANGED Viewed

@@ -45,7 +45,7 @@ export declare const authClient: {
             }) | undefined;
             body?: (Partial<{
                 userId: string;
-                role: "user" | "admin" | ("user" | "admin")[];
+                role: "admin" | "user" | ("admin" | "user")[];
             }> & Record<string, any>) | undefined;
             query?: (Partial<Record<string, any>> & Record<string, any>) | undefined;
             params?: Record<string, any> | undefined;
@@ -58,7 +58,7 @@ export declare const authClient: {
             disableValidation?: boolean | undefined;
         }>(data_0: import("better-auth", { with: { "resolution-mode": "require" } }).Prettify<{
             userId: string;
-            role: "user" | "admin" | ("user" | "admin")[];
+            role: "admin" | "user" | ("admin" | "user")[];
         } & {
             fetchOptions?: FetchOptions | undefined;
         }>, data_1?: FetchOptions | undefined) => Promise<import("better-auth/svelte", { with: { "resolution-mode": "require" } }).BetterFetchResponse<{
@@ -192,7 +192,7 @@ export declare const authClient: {
                 email: string;
                 password: string;
                 name: string;
-                role?: "user" | "admin" | ("user" | "admin")[] | undefined;
+                role?: "admin" | "user" | ("admin" | "user")[] | undefined;
                 data?: Record<string, any>;
             }> & Record<string, any>) | undefined;
             query?: (Partial<Record<string, any>> & Record<string, any>) | undefined;
@@ -208,7 +208,7 @@ export declare const authClient: {
             email: string;
             password: string;
             name: string;
-            role?: "user" | "admin" | ("user" | "admin")[] | undefined;
+            role?: "admin" | "user" | ("admin" | "user")[] | undefined;
             data?: Record<string, any>;
         } & {
             fetchOptions?: FetchOptions | undefined;
@@ -1073,7 +1073,7 @@ export declare const authClient: {
                 permission?: never;
             }) & {
                 userId?: string;
-                role?: "user" | "admin" | undefined;
+                role?: "admin" | "user" | undefined;
             }> & Record<string, any>) | undefined;
             query?: (Partial<Record<string, any>> & Record<string, any>) | undefined;
             params?: Record<string, any> | undefined;
@@ -1098,7 +1098,7 @@ export declare const authClient: {
             permission?: never;
         }) & {
             userId?: string;
-            role?: "user" | "admin" | undefined;
+            role?: "admin" | "user" | undefined;
         }) & {
             fetchOptions?: FetchOptions | undefined;
         }>, data_1?: FetchOptions | undefined) => Promise<import("better-auth/svelte", { with: { "resolution-mode": "require" } }).BetterFetchResponse<{
@@ -3105,7 +3105,7 @@ export declare const authClient: {
     }, FetchOptions["throw"] extends true ? true : false>>;
 } & {
     admin: {
-        checkRolePermission: <R extends "user" | "admin">(data: ({
+        checkRolePermission: <R extends "admin" | "user">(data: ({
             permission: {
                 readonly user?: ("create" | "list" | "set-role" | "ban" | "impersonate" | "delete" | "set-password" | "get" | "update")[] | undefined;
                 readonly session?: ("list" | "delete" | "revoke")[] | undefined;