nextly 0.0.1 → 0.0.2-alpha.1

package/dist/chunk-P7NH2OSC.mjs

@@ -0,0 +1,2605 @@
+import {
+  reloadNextlyConfig,
+  resolveCollectionTableName
+} from "./chunk-2OALJTK6.mjs";
+import {
+  runBootTimeApplyIfDev
+} from "./chunk-R6JJQHFC.mjs";
+import {
+  buildClaims,
+  signAccessToken
+} from "./chunk-X23WKS3Z.mjs";
+import {
+  getService,
+  isServicesRegistered,
+  registerServices,
+  shutdownServices
+} from "./chunk-X7TXCYYN.mjs";
+import {
+  AuthService,
+  PermissionService,
+  RolePermissionService,
+  RoleService,
+  UserAccountService,
+  transformRichTextFields
+} from "./chunk-NSEFNNU4.mjs";
+import {
+  env
+} from "./chunk-UJ2IMJ4W.mjs";
+import {
+  getImageProcessor
+} from "./chunk-EGXBZCGC.mjs";
+import {
+  container
+} from "./chunk-D5HQBNUB.mjs";
+import {
+  NextlyError
+} from "./chunk-NRUWQ5Z7.mjs";
+
+// src/direct-api/namespaces/auth.ts
+async function login(ctx, args) {
+  const user = await ctx.authService.verifyCredentials(
+    args.email,
+    args.password
+  );
+  const secret = env.NEXTLY_SECRET;
+  if (!secret) {
+    throw new NextlyError({
+      code: "INTERNAL_ERROR",
+      publicMessage: "NEXTLY_SECRET is not configured. Set NEXTLY_SECRET in your environment variables.",
+      statusCode: 500
+    });
+  }
+  const maxAge = 30 * 24 * 60 * 60;
+  const exp = Math.floor(Date.now() / 1e3) + maxAge;
+  const claims = buildClaims({
+    userId: String(user.id),
+    email: user.email,
+    name: user.name || "",
+    image: user.image ?? null,
+    roleIds: []
+  });
+  const token = await signAccessToken(claims, secret, maxAge);
+  return {
+    user,
+    token,
+    exp
+  };
+}
+async function logout() {
+  return;
+}
+async function me(ctx, args) {
+  if (!args.user?.id) {
+    throw new NextlyError({
+      code: "INVALID_INPUT",
+      publicMessage: "user.id is required for me() - Direct API requires explicit user context",
+      statusCode: 400
+    });
+  }
+  try {
+    const user = await ctx.userAccountService.getCurrentUser(args.user.id);
+    return {
+      user
+    };
+  } catch (err) {
+    if (NextlyError.isNotFound(err)) {
+      throw NextlyError.notFound({ logContext: { userId: args.user.id } });
+    }
+    throw err;
+  }
+}
+async function updateMe(ctx, args) {
+  if (!args.user?.id) {
+    throw new NextlyError({
+      code: "INVALID_INPUT",
+      publicMessage: "user.id is required for updateMe() - Direct API requires explicit user context",
+      statusCode: 400
+    });
+  }
+  try {
+    const user = await ctx.userAccountService.updateCurrentUser(
+      args.user.id,
+      args.data
+    );
+    return {
+      user
+    };
+  } catch (err) {
+    if (NextlyError.isNotFound(err)) {
+      throw NextlyError.notFound({ logContext: { userId: args.user.id } });
+    }
+    throw err;
+  }
+}
+async function register(ctx, args) {
+  const { email, password, collection: _collection, ...rest } = args;
+  const user = await ctx.authService.registerUser({
+    email,
+    password,
+    name: rest.name
+  });
+  return {
+    user
+  };
+}
+async function changePassword(ctx, args) {
+  if (!args.user?.id) {
+    throw new NextlyError({
+      code: "INVALID_INPUT",
+      publicMessage: "user.id is required for changePassword() - Direct API requires explicit user context",
+      statusCode: 400
+    });
+  }
+  await ctx.authService.changePassword(
+    args.user.id,
+    args.currentPassword,
+    args.newPassword
+  );
+  return { success: true };
+}
+async function forgotPassword(ctx, args) {
+  const result = await ctx.authService.generatePasswordResetToken(args.email, {
+    disableEmail: args.disableEmail,
+    expiration: args.expiration,
+    redirectPath: args.redirectPath
+  });
+  return {
+    success: true,
+    token: result.token
+  };
+}
+async function resetPassword(ctx, args) {
+  const result = await ctx.authService.resetPasswordWithToken(
+    args.token,
+    args.password
+  );
+  return {
+    success: true,
+    email: result.email
+  };
+}
+async function verifyEmail(ctx, args) {
+  const result = await ctx.authService.verifyEmail(args.token);
+  return {
+    success: true,
+    email: result.email
+  };
+}
+
+// src/direct-api/namespaces/helpers.ts
+function mergeConfig(defaultConfig, args) {
+  return {
+    ...defaultConfig,
+    ...args
+  };
+}
+function createRequestContext(args) {
+  if (!args.user) {
+    return { locale: args.locale };
+  }
+  return {
+    user: {
+      id: args.user.id,
+      email: "",
+      role: args.user.role ?? "user",
+      permissions: []
+    },
+    locale: args.locale
+  };
+}
+function createErrorFromResult(result) {
+  return new NextlyError({
+    code: statusCodeToErrorCode(result.statusCode),
+    publicMessage: result.message,
+    statusCode: result.statusCode,
+    logContext: result.data !== void 0 && result.data !== null ? { resultData: result.data } : void 0
+  });
+}
+function createErrorFromSingleResult(result) {
+  const message = result.message || result.errors?.map((e) => e.message).join(", ") || "Operation failed";
+  if (result.statusCode === 400 && result.errors && result.errors.length > 0) {
+    return NextlyError.validation({
+      errors: result.errors.map((e) => ({
+        path: e.field ?? "",
+        code: "VALIDATION_ERROR",
+        message: e.message
+      }))
+    });
+  }
+  return new NextlyError({
+    code: statusCodeToErrorCode(result.statusCode),
+    publicMessage: message,
+    statusCode: result.statusCode
+  });
+}
+function statusCodeToErrorCode(statusCode) {
+  switch (statusCode) {
+    case 400:
+      return "VALIDATION_ERROR";
+    case 401:
+      return "AUTH_REQUIRED";
+    case 403:
+      return "FORBIDDEN";
+    case 404:
+      return "NOT_FOUND";
+    case 409:
+      return "CONFLICT";
+    case 413:
+      return "PAYLOAD_TOO_LARGE";
+    case 415:
+      return "UNSUPPORTED_MEDIA_TYPE";
+    case 422:
+      return "INVALID_INPUT";
+    case 429:
+      return "RATE_LIMITED";
+    case 502:
+      return "EXTERNAL_SERVICE_ERROR";
+    case 503:
+      return "SERVICE_UNAVAILABLE";
+    default:
+      return "INTERNAL_ERROR";
+  }
+}
+function isNotFoundError(error) {
+  return NextlyError.isNotFound(error);
+}
+function looksLikeId(value) {
+  if (/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(
+    value
+  )) {
+    return true;
+  }
+  if (/^\d+$/.test(value)) {
+    return true;
+  }
+  if (/^c[a-z0-9]{24,}$/i.test(value)) {
+    return true;
+  }
+  return false;
+}
+function mapRole(role) {
+  return {
+    id: role.id,
+    name: role.name,
+    slug: role.slug,
+    description: role.description ?? null,
+    level: role.level,
+    isSystem: Boolean(role.isSystem)
+  };
+}
+function mapPermission(perm) {
+  return {
+    id: perm.id,
+    name: perm.name,
+    slug: perm.slug,
+    action: perm.action,
+    resource: perm.resource,
+    description: perm.description ?? null
+  };
+}
+function mapComponentRecord(record) {
+  return {
+    id: record.id,
+    slug: record.slug,
+    label: record.label,
+    tableName: record.tableName,
+    description: record.description ?? void 0,
+    fields: Array.isArray(record.fields) ? record.fields : [],
+    admin: record.admin,
+    source: record.source,
+    locked: record.locked,
+    configPath: record.configPath ?? void 0,
+    schemaHash: record.schemaHash,
+    schemaVersion: record.schemaVersion,
+    migrationStatus: record.migrationStatus,
+    lastMigrationId: record.lastMigrationId ?? void 0,
+    createdBy: record.createdBy ?? void 0,
+    createdAt: record.createdAt,
+    updatedAt: record.updatedAt
+  };
+}
+function toListResult(result, limit, page) {
+  const total = result.pagination.total;
+  const totalPages = Math.max(1, Math.ceil(total / limit));
+  return {
+    items: result.data,
+    meta: {
+      total,
+      page,
+      limit,
+      totalPages,
+      hasNext: page < totalPages,
+      hasPrev: page > 1
+    }
+  };
+}
+function sliceListResult(items, limit, page) {
+  const effectiveLimit = limit ?? items.length;
+  const effectivePage = page ?? 1;
+  const start = (effectivePage - 1) * effectiveLimit;
+  const paged = items.slice(start, start + effectiveLimit);
+  const total = items.length;
+  const totalPages = effectiveLimit > 0 ? Math.max(1, Math.ceil(total / effectiveLimit)) : 1;
+  return {
+    items: paged,
+    meta: {
+      total,
+      page: effectivePage,
+      limit: effectiveLimit,
+      totalPages,
+      hasNext: effectivePage < totalPages,
+      hasPrev: effectivePage > 1
+    }
+  };
+}
+function buildMutationMessage(collection, verb) {
+  const noun = collection.charAt(0).toUpperCase() + collection.slice(1);
+  return `${noun} ${verb}.`;
+}
+
+// src/direct-api/namespaces/collections.ts
+async function find(ctx, args) {
+  const config = mergeConfig(ctx.defaultConfig, args);
+  const result = await ctx.collectionsHandler.listEntries({
+    collectionName: args.collection,
+    page: args.page,
+    limit: args.limit,
+    where: args.where,
+    depth: config.depth,
+    select: args.select,
+    sort: args.sort,
+    richTextFormat: config.richTextFormat,
+    overrideAccess: config.overrideAccess,
+    user: config.user ? { id: config.user.id, role: config.user.role } : void 0,
+    context: config.context
+  });
+  if (!result.success) {
+    throw createErrorFromResult(result);
+  }
+  const legacy = result.data;
+  const total = legacy.totalDocs ?? legacy.docs.length;
+  const limit = legacy.limit ?? args.limit ?? legacy.docs.length;
+  const page = legacy.page ?? args.page ?? 1;
+  const totalPages = legacy.totalPages ?? Math.max(1, Math.ceil(total / Math.max(limit, 1)));
+  return {
+    items: legacy.docs,
+    meta: {
+      total,
+      page,
+      limit,
+      totalPages,
+      hasNext: legacy.hasNextPage ?? page < totalPages,
+      hasPrev: legacy.hasPrevPage ?? page > 1
+    }
+  };
+}
+async function findByID(ctx, args) {
+  const config = mergeConfig(ctx.defaultConfig, args);
+  try {
+    const result = await ctx.collectionsHandler.getEntry({
+      collectionName: args.collection,
+      entryId: args.id,
+      depth: config.depth,
+      select: args.select,
+      richTextFormat: config.richTextFormat,
+      overrideAccess: config.overrideAccess,
+      user: config.user ? { id: config.user.id, role: config.user.role } : void 0,
+      context: config.context
+    });
+    if (!result.success) {
+      if (config.disableErrors) {
+        return null;
+      }
+      throw createErrorFromResult(result);
+    }
+    return result.data;
+  } catch (error) {
+    if (config.disableErrors && isNotFoundError(error)) {
+      return null;
+    }
+    throw error;
+  }
+}
+async function create(ctx, args) {
+  const config = mergeConfig(ctx.defaultConfig, args);
+  const result = await ctx.collectionsHandler.createEntry(
+    {
+      collectionName: args.collection,
+      overrideAccess: config.overrideAccess,
+      user: config.user ? { id: config.user.id, role: config.user.role } : void 0,
+      context: config.context
+    },
+    args.data
+  );
+  if (!result.success) {
+    throw createErrorFromResult(result);
+  }
+  return {
+    message: buildMutationMessage(args.collection, "created"),
+    item: result.data
+  };
+}
+async function update(ctx, args) {
+  const config = mergeConfig(ctx.defaultConfig, args);
+  if (!args.id && !args.where) {
+    throw new NextlyError({
+      code: "INVALID_INPUT",
+      publicMessage: "Either 'id' or 'where' clause is required for update",
+      statusCode: 400
+    });
+  }
+  if (args.id) {
+    const result = await ctx.collectionsHandler.updateEntry(
+      {
+        collectionName: args.collection,
+        entryId: args.id,
+        overrideAccess: config.overrideAccess,
+        user: config.user ? { id: config.user.id, role: config.user.role } : void 0,
+        context: config.context
+      },
+      args.data
+    );
+    if (!result.success) {
+      throw createErrorFromResult(result);
+    }
+    return {
+      message: buildMutationMessage(args.collection, "updated"),
+      item: result.data
+    };
+  }
+  if (args.where) {
+    const bulkResult = await ctx.collectionsHandler.bulkUpdateByQuery(
+      {
+        collectionName: args.collection,
+        where: args.where,
+        data: args.data,
+        overrideAccess: config.overrideAccess,
+        user: config.user ? { id: config.user.id, role: config.user.role } : void 0,
+        context: config.context
+      },
+      { limit: 1 }
+    );
+    if (bulkResult.successCount === 0) {
+      throw NextlyError.notFound({
+        logContext: {
+          collection: args.collection,
+          where: args.where,
+          reason: "where-clause-no-match"
+        }
+      });
+    }
+    const updated = await findByID(ctx, {
+      collection: args.collection,
+      id: bulkResult.successes[0].id
+    });
+    if (!updated) {
+      throw new NextlyError({
+        code: "INTERNAL_ERROR",
+        publicMessage: "Document was updated but could not be retrieved",
+        statusCode: 500
+      });
+    }
+    return {
+      message: buildMutationMessage(args.collection, "updated"),
+      item: updated
+    };
+  }
+  throw new NextlyError({
+    code: "INVALID_INPUT",
+    publicMessage: "Either 'id' or 'where' clause is required for update",
+    statusCode: 400
+  });
+}
+async function deleteEntry(ctx, args) {
+  const config = mergeConfig(ctx.defaultConfig, args);
+  if (!args.id && !args.where) {
+    throw new NextlyError({
+      code: "INVALID_INPUT",
+      publicMessage: "Either 'id' or 'where' clause is required for delete",
+      statusCode: 400
+    });
+  }
+  if (args.id) {
+    const result = await ctx.collectionsHandler.deleteEntry({
+      collectionName: args.collection,
+      entryId: args.id,
+      overrideAccess: config.overrideAccess,
+      user: config.user ? { id: config.user.id, role: config.user.role } : void 0,
+      context: config.context
+    });
+    if (!result.success) {
+      throw createErrorFromResult(result);
+    }
+    return {
+      message: buildMutationMessage(args.collection, "deleted"),
+      item: { id: args.id }
+    };
+  }
+  if (args.where) {
+    const bulkResult = await ctx.collectionsHandler.bulkDeleteByQuery(
+      {
+        collectionName: args.collection,
+        where: args.where,
+        overrideAccess: config.overrideAccess,
+        user: config.user ? { id: config.user.id, role: config.user.role } : void 0,
+        context: config.context
+      },
+      { limit: 1e3 }
+    );
+    return {
+      deleted: true,
+      ids: bulkResult.successes.map((s) => s.id)
+    };
+  }
+  throw new NextlyError({
+    code: "INVALID_INPUT",
+    publicMessage: "Either 'id' or 'where' clause is required for delete",
+    statusCode: 400
+  });
+}
+async function count(ctx, args) {
+  const config = mergeConfig(ctx.defaultConfig, args);
+  const result = await ctx.collectionsHandler.countEntries({
+    collectionName: args.collection,
+    where: args.where,
+    overrideAccess: config.overrideAccess,
+    user: config.user ? { id: config.user.id, role: config.user.role } : void 0,
+    context: config.context
+  });
+  if (!result.success) {
+    throw createErrorFromResult(result);
+  }
+  const legacy = result.data;
+  return { total: legacy.total ?? legacy.totalDocs ?? 0 };
+}
+async function bulkDelete(ctx, args) {
+  const config = mergeConfig(ctx.defaultConfig, args);
+  const bulkResult = await ctx.collectionsHandler.bulkDeleteEntries({
+    collectionName: args.collection,
+    ids: args.ids,
+    overrideAccess: config.overrideAccess,
+    user: config.user ? { id: config.user.id, role: config.user.role } : void 0,
+    context: config.context
+  });
+  return bulkResult;
+}
+async function duplicate(ctx, args) {
+  const config = mergeConfig(ctx.defaultConfig, args);
+  const result = await ctx.collectionsHandler.duplicateEntry({
+    collectionName: args.collection,
+    entryId: args.id,
+    overrides: args.overrides,
+    overrideAccess: config.overrideAccess,
+    user: config.user ? { id: config.user.id, role: config.user.role } : void 0,
+    context: config.context
+  });
+  if (!result.success) {
+    throw createErrorFromResult(result);
+  }
+  return {
+    message: buildMutationMessage(args.collection, "duplicated"),
+    item: result.data
+  };
+}
+
+// src/direct-api/namespaces/singles.ts
+async function findSingle(ctx, args) {
+  const config = mergeConfig(ctx.defaultConfig, args);
+  const result = await ctx.singleEntryService.get(args.slug, {
+    depth: config.depth,
+    locale: config.locale,
+    user: config.user ? { id: config.user.id, email: config.user.role } : void 0,
+    overrideAccess: config.overrideAccess,
+    context: config.context
+  });
+  if (!result.success) {
+    throw createErrorFromSingleResult(result);
+  }
+  let data = result.data;
+  if (config.richTextFormat && config.richTextFormat !== "json" && result.data) {
+    const single = await ctx.singleRegistryService.getSingleBySlug(args.slug);
+    if (single?.fields && Array.isArray(single.fields)) {
+      data = transformRichTextFields(
+        result.data,
+        single.fields,
+        config.richTextFormat
+      );
+    }
+  }
+  return data;
+}
+async function updateSingle(ctx, args) {
+  const config = mergeConfig(ctx.defaultConfig, args);
+  const result = await ctx.singleEntryService.update(args.slug, args.data, {
+    locale: config.locale,
+    user: config.user ? { id: config.user.id, email: config.user.role } : void 0,
+    overrideAccess: config.overrideAccess,
+    context: config.context
+  });
+  if (!result.success) {
+    throw createErrorFromSingleResult(result);
+  }
+  return result.data;
+}
+async function findSingles(ctx, args = {}) {
+  const config = mergeConfig(ctx.defaultConfig, args);
+  const registryResult = await ctx.singleRegistryService.listSingles({
+    source: args.source,
+    migrationStatus: args.migrationStatus,
+    locked: args.locked,
+    search: args.search,
+    limit: args.limit,
+    offset: args.offset
+  });
+  const entries = await Promise.all(
+    registryResult.data.map(async (record) => {
+      const result = await ctx.singleEntryService.get(record.slug, {
+        depth: config.depth,
+        locale: config.locale,
+        user: config.user ? { id: config.user.id, email: config.user.role } : void 0,
+        overrideAccess: config.overrideAccess,
+        context: config.context
+      });
+      if (!result.success) {
+        throw createErrorFromSingleResult(result);
+      }
+      return {
+        slug: record.slug,
+        label: record.label,
+        data: result.data
+      };
+    })
+  );
+  return {
+    docs: entries,
+    totalDocs: registryResult.total,
+    limit: args.limit ?? registryResult.data.length,
+    offset: args.offset ?? 0
+  };
+}
+
+// src/direct-api/namespaces/users.ts
+function createUsersNamespace(ctx) {
+  return {
+    async find(args = {}) {
+      const limit = args.limit ?? 10;
+      const page = args.page ?? 1;
+      const result = await ctx.userService.listUsers(
+        {
+          pagination: { limit, page },
+          search: args.search,
+          emailVerified: args.emailVerified,
+          hasPassword: args.hasPassword,
+          sortBy: args.sortBy,
+          sortOrder: args.sortOrder
+        },
+        createRequestContext(args)
+      );
+      return toListResult(result, limit, page);
+    },
+    async findOne(args = {}) {
+      const result = await ctx.userService.listUsers(
+        {
+          pagination: { limit: 1, page: 1 },
+          search: args.search,
+          emailVerified: args.emailVerified,
+          hasPassword: args.hasPassword
+        },
+        createRequestContext(args)
+      );
+      return result.data[0] ?? null;
+    },
+    async findByID(args) {
+      const config = mergeConfig(ctx.defaultConfig, args);
+      try {
+        const user = await ctx.userService.findById(
+          args.id,
+          createRequestContext(args)
+        );
+        return user;
+      } catch (error) {
+        if (config.disableErrors && isNotFoundError(error)) {
+          return null;
+        }
+        throw error;
+      }
+    },
+    async create(args) {
+      const data = args.data ?? {};
+      const { name, image, roles, isActive, ...customFields } = data;
+      const user = await ctx.userService.create(
+        {
+          email: args.email,
+          name: name ?? "",
+          password: args.password,
+          image,
+          roles,
+          isActive,
+          ...customFields
+        },
+        createRequestContext(args)
+      );
+      return {
+        message: "User created.",
+        item: user
+      };
+    },
+    async update(args) {
+      if (!args.id) {
+        throw new NextlyError({
+          code: "INVALID_INPUT",
+          publicMessage: "'id' is required for users.update()",
+          statusCode: 400
+        });
+      }
+      const data = args.data ?? {};
+      const { email, name, image, emailVerified, isActive, ...customFields } = data;
+      const user = await ctx.userService.update(
+        args.id,
+        {
+          email,
+          name,
+          image,
+          emailVerified,
+          isActive,
+          ...customFields
+        },
+        createRequestContext(args)
+      );
+      return {
+        message: "User updated.",
+        item: user
+      };
+    },
+    async delete(args) {
+      if (!args.id) {
+        throw new NextlyError({
+          code: "INVALID_INPUT",
+          publicMessage: "'id' is required for users.delete()",
+          statusCode: 400
+        });
+      }
+      await ctx.userService.delete(args.id, createRequestContext(args));
+      return {
+        message: "User deleted.",
+        item: { id: args.id }
+      };
+    }
+  };
+}
+
+// src/direct-api/namespaces/media.ts
+function createMediaNamespace(ctx) {
+  const folders = {
+    async list(args = {}) {
+      if (args.parent) {
+        return await ctx.mediaService.listSubfolders(
+          args.parent,
+          createRequestContext(args)
+        );
+      }
+      return await ctx.mediaService.listRootFolders(createRequestContext(args));
+    },
+    async create(args) {
+      if (!args.name) {
+        throw new NextlyError({
+          code: "INVALID_INPUT",
+          publicMessage: "'name' is required for media.folders.create()",
+          statusCode: 400
+        });
+      }
+      return await ctx.mediaService.createFolder(
+        {
+          name: args.name,
+          description: args.description,
+          color: args.color,
+          icon: args.icon,
+          parentId: args.parent ?? null
+        },
+        createRequestContext(args)
+      );
+    }
+  };
+  return {
+    async upload(args) {
+      return await ctx.mediaService.upload(
+        {
+          buffer: args.file.data,
+          filename: args.file.name,
+          mimeType: args.file.mimetype,
+          size: args.file.size,
+          altText: args.altText,
+          folderId: args.folder ?? null
+        },
+        createRequestContext(args)
+      );
+    },
+    async find(args = {}) {
+      const limit = args.limit ?? 24;
+      const page = args.page ?? 1;
+      const result = await ctx.mediaService.listMedia(
+        {
+          page,
+          limit,
+          search: args.search,
+          type: args.mimeType,
+          folderId: args.folder,
+          sortBy: args.sortBy,
+          sortOrder: args.sortOrder
+        },
+        createRequestContext(args)
+      );
+      return toListResult(result, limit, page);
+    },
+    async findByID(args) {
+      const config = mergeConfig(ctx.defaultConfig, args);
+      try {
+        return await ctx.mediaService.findById(
+          args.id,
+          createRequestContext(args)
+        );
+      } catch (error) {
+        if (config.disableErrors && isNotFoundError(error)) {
+          return null;
+        }
+        throw error;
+      }
+    },
+    async update(args) {
+      if (!args.id) {
+        throw new NextlyError({
+          code: "INVALID_INPUT",
+          publicMessage: "'id' is required for media.update()",
+          statusCode: 400
+        });
+      }
+      const item = await ctx.mediaService.update(
+        args.id,
+        {
+          filename: args.data.filename,
+          altText: args.data.altText,
+          caption: args.data.caption,
+          tags: args.data.tags,
+          folderId: args.data.folderId
+        },
+        createRequestContext(args)
+      );
+      return {
+        message: "Media updated.",
+        item
+      };
+    },
+    async delete(args) {
+      if (!args.id) {
+        throw new NextlyError({
+          code: "INVALID_INPUT",
+          publicMessage: "'id' is required for media.delete()",
+          statusCode: 400
+        });
+      }
+      await ctx.mediaService.delete(args.id, createRequestContext(args));
+      return {
+        message: "Media deleted.",
+        item: { id: args.id }
+      };
+    },
+    async bulkDelete(args) {
+      if (!args.ids || args.ids.length === 0) {
+        return {
+          successes: [],
+          failures: [],
+          total: 0,
+          successCount: 0,
+          failedCount: 0
+        };
+      }
+      return ctx.mediaService.bulkDelete(args.ids, createRequestContext(args));
+    },
+    folders
+  };
+}
+
+// src/direct-api/namespaces/forms.ts
+function createFormsNamespace(ctx) {
+  const namespace = {
+    async find(args = {}) {
+      const limit = args.limit ?? 10;
+      const page = args.page ?? 1;
+      const where = {};
+      if (args.status) {
+        where.status = { equals: args.status };
+      }
+      const result = await ctx.collectionsHandler.listEntries({
+        collectionName: ctx.formsCollectionSlug,
+        page,
+        limit,
+        where: Object.keys(where).length > 0 ? where : void 0
+      });
+      if (!result.success) {
+        throw createErrorFromResult(result);
+      }
+      const legacy = result.data;
+      const total = legacy.totalDocs ?? legacy.docs.length;
+      const totalPages = legacy.totalPages ?? Math.max(1, Math.ceil(total / Math.max(limit, 1)));
+      return {
+        items: legacy.docs,
+        meta: {
+          total,
+          page,
+          limit,
+          totalPages,
+          hasNext: legacy.hasNextPage ?? page < totalPages,
+          hasPrev: legacy.hasPrevPage ?? page > 1
+        }
+      };
+    },
+    async findBySlug(args) {
+      const config = mergeConfig(ctx.defaultConfig, args);
+      if (!args.slug) {
+        throw new NextlyError({
+          code: "INVALID_INPUT",
+          publicMessage: "'slug' is required for forms.findBySlug()",
+          statusCode: 400
+        });
+      }
+      try {
+        const result = await ctx.collectionsHandler.listEntries({
+          collectionName: ctx.formsCollectionSlug,
+          where: { slug: { equals: args.slug } },
+          limit: 1
+        });
+        if (!result.success) {
+          if (config.disableErrors) {
+            return null;
+          }
+          throw createErrorFromResult(result);
+        }
+        const docs = result.data.docs;
+        if (!docs || docs.length === 0) {
+          if (config.disableErrors) {
+            return null;
+          }
+          throw NextlyError.notFound({
+            logContext: { slug: args.slug, entity: "form" }
+          });
+        }
+        return docs[0];
+      } catch (error) {
+        if (config.disableErrors && isNotFoundError(error)) {
+          return null;
+        }
+        throw error;
+      }
+    },
+    async submit(args) {
+      if (!args.form) {
+        throw new NextlyError({
+          code: "INVALID_INPUT",
+          publicMessage: "'form' (slug) is required for forms.submit()",
+          statusCode: 400
+        });
+      }
+      if (!args.data || typeof args.data !== "object") {
+        throw new NextlyError({
+          code: "INVALID_INPUT",
+          publicMessage: "'data' is required for forms.submit()",
+          statusCode: 400
+        });
+      }
+      const form = await namespace.findBySlug({
+        slug: args.form,
+        disableErrors: true
+      });
+      if (!form) {
+        return {
+          success: false,
+          error: "Form not found"
+        };
+      }
+      if (form.status !== "published") {
+        return {
+          success: false,
+          error: "This form is not currently accepting submissions"
+        };
+      }
+      const submissionData = {
+        form: form.id,
+        data: args.data,
+        status: "new",
+        submittedAt: /* @__PURE__ */ new Date()
+      };
+      if (args.metadata?.ipAddress) {
+        submissionData.ipAddress = args.metadata.ipAddress;
+      }
+      if (args.metadata?.userAgent) {
+        submissionData.userAgent = args.metadata.userAgent;
+      }
+      const createResult = await ctx.collectionsHandler.createEntry(
+        { collectionName: ctx.submissionsCollectionSlug },
+        submissionData
+      );
+      if (!createResult.success) {
+        return {
+          success: false,
+          error: createResult.message || "Failed to create submission"
+        };
+      }
+      const settings = form.settings;
+      const redirect = settings?.confirmationType === "redirect" ? settings.redirectUrl : void 0;
+      return {
+        success: true,
+        submission: createResult.data,
+        redirect
+      };
+    },
+    async submissions(args) {
+      if (!args.form) {
+        throw new NextlyError({
+          code: "INVALID_INPUT",
+          publicMessage: "'form' (slug or ID) is required for forms.submissions()",
+          statusCode: 400
+        });
+      }
+      const limit = args.limit ?? 10;
+      const page = args.page ?? 1;
+      let formId = args.form;
+      const isSlug = !looksLikeId(args.form);
+      if (isSlug) {
+        const form = await namespace.findBySlug({
+          slug: args.form,
+          disableErrors: true
+        });
+        if (!form) {
+          throw NextlyError.notFound({
+            logContext: { slug: args.form, entity: "form" }
+          });
+        }
+        formId = form.id;
+      }
+      const result = await ctx.collectionsHandler.listEntries({
+        collectionName: ctx.submissionsCollectionSlug,
+        page,
+        limit,
+        where: { form: { equals: formId } }
+      });
+      if (!result.success) {
+        throw createErrorFromResult(result);
+      }
+      const legacy = result.data;
+      const total = legacy.totalDocs ?? legacy.docs.length;
+      const totalPages = legacy.totalPages ?? Math.max(1, Math.ceil(total / Math.max(limit, 1)));
+      return {
+        items: legacy.docs,
+        meta: {
+          total,
+          page,
+          limit,
+          totalPages,
+          hasNext: legacy.hasNextPage ?? page < totalPages,
+          hasPrev: legacy.hasPrevPage ?? page > 1
+        }
+      };
+    }
+  };
+  return namespace;
+}
+
+// src/direct-api/namespaces/components.ts
+function createComponentsNamespace(ctx) {
+  return {
+    async find(args = {}) {
+      const result = await ctx.componentRegistryService.listComponents({
+        source: args.source,
+        migrationStatus: args.migrationStatus,
+        locked: args.locked,
+        search: args.search,
+        limit: args.limit,
+        offset: args.offset
+      });
+      const limit = args.limit ?? result.data.length;
+      const offset = args.offset ?? 0;
+      const total = result.total;
+      const effectiveLimit = limit > 0 ? limit : Math.max(total, 1);
+      const totalPages = Math.max(1, Math.ceil(total / effectiveLimit));
+      const page = Math.floor(offset / effectiveLimit) + 1;
+      return {
+        items: result.data.map(mapComponentRecord),
+        meta: {
+          total,
+          page,
+          limit,
+          totalPages,
+          hasNext: page < totalPages,
+          hasPrev: page > 1
+        }
+      };
+    },
+    async findBySlug(args) {
+      const config = mergeConfig(ctx.defaultConfig, args);
+      if (!args.slug) {
+        throw new NextlyError({
+          code: "INVALID_INPUT",
+          publicMessage: "'slug' is required for components.findBySlug()",
+          statusCode: 400
+        });
+      }
+      try {
+        const component = await ctx.componentRegistryService.getComponentBySlug(
+          args.slug
+        );
+        if (!component) {
+          if (config.disableErrors) {
+            return null;
+          }
+          throw NextlyError.notFound({
+            logContext: { slug: args.slug, entity: "component" }
+          });
+        }
+        return mapComponentRecord(component);
+      } catch (error) {
+        if (error instanceof NextlyError) {
+          throw error;
+        }
+        if (config.disableErrors && isNotFoundError(error)) {
+          return null;
+        }
+        throw error;
+      }
+    },
+    async create(args) {
+      if (!args.slug) {
+        throw new NextlyError({
+          code: "INVALID_INPUT",
+          publicMessage: "'slug' is required for components.create()",
+          statusCode: 400
+        });
+      }
+      if (!args.label) {
+        throw new NextlyError({
+          code: "INVALID_INPUT",
+          publicMessage: "'label' is required for components.create()",
+          statusCode: 400
+        });
+      }
+      if (!args.fields || !Array.isArray(args.fields)) {
+        throw new NextlyError({
+          code: "INVALID_INPUT",
+          publicMessage: "'fields' array is required for components.create()",
+          statusCode: 400
+        });
+      }
+      const { calculateSchemaHash } = await import("./schema-hash-FMMG6VPJ.mjs");
+      const fieldsTyped = args.fields;
+      const schemaHash = calculateSchemaHash(fieldsTyped);
+      const component = await ctx.componentRegistryService.registerComponent({
+        slug: args.slug,
+        label: args.label,
+        tableName: args.tableName ?? `comp_${args.slug}`,
+        description: args.description,
+        fields: fieldsTyped,
+        admin: args.admin,
+        source: "ui",
+        locked: false,
+        schemaHash,
+        schemaVersion: 1,
+        migrationStatus: "pending"
+      });
+      return {
+        message: "Component created.",
+        item: mapComponentRecord(component)
+      };
+    },
+    async update(args) {
+      if (!args.slug) {
+        throw new NextlyError({
+          code: "INVALID_INPUT",
+          publicMessage: "'slug' is required for components.update()",
+          statusCode: 400
+        });
+      }
+      if (!args.data || typeof args.data !== "object") {
+        throw new NextlyError({
+          code: "INVALID_INPUT",
+          publicMessage: "'data' object is required for components.update()",
+          statusCode: 400
+        });
+      }
+      const updateData = {};
+      if (args.data.label !== void 0) {
+        updateData.label = args.data.label;
+      }
+      if (args.data.description !== void 0) {
+        updateData.description = args.data.description;
+      }
+      if (args.data.fields !== void 0) {
+        const fieldsTyped = args.data.fields;
+        updateData.fields = fieldsTyped;
+        const { calculateSchemaHash } = await import("./schema-hash-FMMG6VPJ.mjs");
+        updateData.schemaHash = calculateSchemaHash(fieldsTyped);
+      }
+      if (args.data.admin !== void 0) {
+        updateData.admin = args.data.admin;
+      }
+      const component = await ctx.componentRegistryService.updateComponent(
+        args.slug,
+        updateData,
+        { source: "ui" }
+      );
+      return {
+        message: "Component updated.",
+        item: mapComponentRecord(component)
+      };
+    },
+    async delete(args) {
+      if (!args.slug) {
+        throw new NextlyError({
+          code: "INVALID_INPUT",
+          publicMessage: "'slug' is required for components.delete()",
+          statusCode: 400
+        });
+      }
+      await ctx.componentRegistryService.deleteComponent(args.slug);
+      return {
+        message: "Component deleted.",
+        item: { slug: args.slug }
+      };
+    }
+  };
+}
+
+// src/direct-api/namespaces/email.ts
+function createEmailNamespace(ctx) {
+  return {
+    async send(args) {
+      const to = Array.isArray(args.to) ? args.to[0] : args.to;
+      const result = await ctx.emailSendService.send({
+        to,
+        subject: args.subject,
+        html: args.html,
+        plainText: args.text,
+        providerId: args.providerId,
+        attachments: args.attachments
+      });
+      return {
+        success: result.success,
+        messageId: result.messageId
+      };
+    },
+    async sendWithTemplate(args) {
+      const to = Array.isArray(args.to) ? args.to[0] : args.to;
+      const sendOptions = {};
+      if (args.providerId) sendOptions.providerId = args.providerId;
+      if (args.attachments) sendOptions.attachments = args.attachments;
+      const result = await ctx.emailSendService.sendWithTemplate(
+        args.template,
+        to,
+        args.variables ?? {},
+        Object.keys(sendOptions).length > 0 ? sendOptions : void 0
+      );
+      return {
+        success: result.success,
+        messageId: result.messageId
+      };
+    }
+  };
+}
+function createEmailProvidersNamespace(ctx) {
+  return {
+    async find(args = {}) {
+      const providers = await ctx.emailProviderService.listProviders();
+      return sliceListResult(providers, args.limit, args.page);
+    },
+    async findByID(args) {
+      const config = mergeConfig(ctx.defaultConfig, args);
+      try {
+        return await ctx.emailProviderService.getProvider(args.id);
+      } catch (error) {
+        if (config.disableErrors && isNotFoundError(error)) {
+          return null;
+        }
+        throw error;
+      }
+    },
+    async create(args) {
+      const item = await ctx.emailProviderService.createProvider({
+        name: args.data.name,
+        type: args.data.type,
+        fromEmail: args.data.fromEmail,
+        fromName: args.data.fromName,
+        configuration: args.data.configuration,
+        isDefault: args.data.isDefault
+      });
+      return { message: "Email provider created.", item };
+    },
+    async update(args) {
+      const item = await ctx.emailProviderService.updateProvider(
+        args.id,
+        args.data
+      );
+      return { message: "Email provider updated.", item };
+    },
+    async delete(args) {
+      await ctx.emailProviderService.deleteProvider(args.id);
+      return {
+        message: "Email provider deleted.",
+        item: { id: args.id }
+      };
+    },
+    async setDefault(args) {
+      return await ctx.emailProviderService.setDefault(args.id);
+    },
+    async test(args) {
+      return await ctx.emailProviderService.testProvider(args.id, args.to);
+    }
+  };
+}
+function createEmailTemplatesNamespace(ctx) {
+  return {
+    async find(args = {}) {
+      const templates = await ctx.emailTemplateService.listTemplates();
+      return sliceListResult(templates, args.limit, args.page);
+    },
+    async findByID(args) {
+      const config = mergeConfig(ctx.defaultConfig, args);
+      try {
+        return await ctx.emailTemplateService.getTemplate(args.id);
+      } catch (error) {
+        if (config.disableErrors && isNotFoundError(error)) {
+          return null;
+        }
+        throw error;
+      }
+    },
+    async findBySlug(args) {
+      const config = mergeConfig(ctx.defaultConfig, args);
+      try {
+        const template = await ctx.emailTemplateService.getTemplateBySlug(
+          args.slug
+        );
+        if (!template) {
+          if (config.disableErrors) {
+            return null;
+          }
+          throw NextlyError.notFound({
+            logContext: { slug: args.slug, entity: "emailTemplate" }
+          });
+        }
+        return template;
+      } catch (error) {
+        if (error instanceof NextlyError) {
+          throw error;
+        }
+        if (config.disableErrors && isNotFoundError(error)) {
+          return null;
+        }
+        throw error;
+      }
+    },
+    async create(args) {
+      const item = await ctx.emailTemplateService.createTemplate({
+        name: args.data.name,
+        slug: args.data.slug,
+        subject: args.data.subject,
+        htmlContent: args.data.htmlContent,
+        plainTextContent: args.data.textContent,
+        variables: args.data.variables,
+        attachments: args.data.attachments
+      });
+      return { message: "Email template created.", item };
+    },
+    async update(args) {
+      const { textContent, variables, attachments, ...rest } = args.data;
+      const updateData = {
+        ...rest
+      };
+      if (textContent !== void 0) {
+        updateData.plainTextContent = textContent;
+      }
+      if (variables !== void 0) {
+        updateData.variables = variables;
+      }
+      if (attachments !== void 0) {
+        updateData.attachments = attachments;
+      }
+      const item = await ctx.emailTemplateService.updateTemplate(
+        args.id,
+        updateData
+      );
+      return { message: "Email template updated.", item };
+    },
+    async delete(args) {
+      await ctx.emailTemplateService.deleteTemplate(args.id);
+      return {
+        message: "Email template deleted.",
+        item: { id: args.id }
+      };
+    },
+    async preview(args) {
+      return await ctx.emailTemplateService.previewTemplate(
+        args.id,
+        args.data ?? {}
+      );
+    },
+    async getLayout(_args = {}) {
+      return await ctx.emailTemplateService.getLayout();
+    },
+    async updateLayout(args) {
+      await ctx.emailTemplateService.updateLayout(args.data);
+    }
+  };
+}
+function createUserFieldsNamespace(ctx) {
+  return {
+    async find(args = {}) {
+      const allFields = args.includeInactive ? await ctx.userFieldDefinitionService.listFields() : await ctx.userFieldDefinitionService.getMergedFields();
+      return sliceListResult(allFields, args.limit, args.page);
+    },
+    async findByID(args) {
+      const config = mergeConfig(ctx.defaultConfig, args);
+      try {
+        return await ctx.userFieldDefinitionService.getField(args.id);
+      } catch (error) {
+        if (config.disableErrors && isNotFoundError(error)) {
+          return null;
+        }
+        throw error;
+      }
+    },
+    async create(args) {
+      const item = await ctx.userFieldDefinitionService.createField({
+        name: args.data.name,
+        label: args.data.label,
+        type: args.data.type,
+        required: args.data.required,
+        defaultValue: args.data.defaultValue,
+        options: args.data.options,
+        placeholder: args.data.placeholder,
+        description: args.data.description,
+        sortOrder: args.data.sortOrder,
+        source: "ui"
+      });
+      return { message: "User field created.", item };
+    },
+    async update(args) {
+      const item = await ctx.userFieldDefinitionService.updateField(
+        args.id,
+        args.data
+      );
+      return { message: "User field updated.", item };
+    },
+    async delete(args) {
+      await ctx.userFieldDefinitionService.deleteField(args.id);
+      return {
+        message: "User field deleted.",
+        item: { id: args.id }
+      };
+    },
+    async reorder(args) {
+      return await ctx.userFieldDefinitionService.reorderFields(
+        args.orderedIds
+      );
+    }
+  };
+}
+
+// src/direct-api/namespaces/rbac.ts
+import { eq } from "drizzle-orm";
+function createRolesNamespace(ctx) {
+  return {
+    async find(args = {}) {
+      const result = await ctx.rbacRoleService.listRoles({
+        search: args.search,
+        page: args.page ?? 1,
+        limit: args.limit ?? 10
+      });
+      const data = result.data;
+      const items = data.map((r) => mapRole(r));
+      const total = result.meta?.total ?? items.length;
+      const limit = args.limit ?? 10;
+      const page = args.page ?? 1;
+      const totalPages = Math.max(1, Math.ceil(total / limit));
+      return {
+        items,
+        meta: {
+          total,
+          page,
+          limit,
+          totalPages,
+          hasNext: page < totalPages,
+          hasPrev: page > 1
+        }
+      };
+    },
+    async findByID(args) {
+      const role = await ctx.rbacRoleService.getRoleById(args.id);
+      return mapRole(role);
+    },
+    async create(args) {
+      const role = await ctx.rbacRoleService.createRole({
+        name: args.data.name,
+        slug: args.data.slug,
+        description: args.data.description,
+        level: args.data.level ?? 0,
+        permissionIds: args.data.permissionIds ?? [],
+        childRoleIds: args.data.childRoleIds ?? []
+      });
+      return {
+        message: "Role created.",
+        item: mapRole(role)
+      };
+    },
+    async update(args) {
+      await ctx.rbacRoleService.updateRole(args.id, {
+        name: args.data.name,
+        slug: args.data.slug,
+        description: args.data.description ?? void 0,
+        level: args.data.level
+      });
+      const updated = await ctx.rbacRoleService.getRoleById(args.id);
+      return {
+        message: "Role updated.",
+        item: mapRole(updated)
+      };
+    },
+    async delete(args) {
+      await ctx.rbacRoleService.deleteRole(args.id);
+      return {
+        message: "Role deleted.",
+        item: { id: args.id }
+      };
+    },
+    async getPermissions(args) {
+      const rolePerms = await ctx.rbacRolePermissionService.listRolePermissions(
+        args.id
+      );
+      const fullPerms = await Promise.all(
+        rolePerms.map(async (rp) => {
+          try {
+            const perm = await ctx.rbacPermissionService.getPermissionById(
+              rp.id
+            );
+            return mapPermission(perm);
+          } catch {
+            return null;
+          }
+        })
+      );
+      return fullPerms.filter((p) => p !== null);
+    },
+    async setPermissions(args) {
+      const updatedPerms = await ctx.rbacRolePermissionService.setRolePermissions(
+        args.roleId,
+        args.permissionIds
+      );
+      const fullPerms = await Promise.all(
+        updatedPerms.map(async (rp) => {
+          try {
+            const perm = await ctx.rbacPermissionService.getPermissionById(
+              rp.id
+            );
+            return mapPermission(perm);
+          } catch {
+            return null;
+          }
+        })
+      );
+      return fullPerms.filter((p) => p !== null);
+    }
+  };
+}
+function createPermissionsNamespace(ctx) {
+  return {
+    async find(args = {}) {
+      const limit = args.limit ?? 10;
+      const page = args.page ?? 1;
+      const result = await ctx.rbacPermissionService.listPermissions({
+        page,
+        limit,
+        search: args.search,
+        resource: args.resource,
+        action: args.action
+      });
+      const total = result.meta?.total ?? result.data.length;
+      const totalPages = Math.max(1, Math.ceil(total / limit));
+      const items = result.data.map((p) => mapPermission(p));
+      return {
+        items,
+        meta: {
+          total,
+          page,
+          limit,
+          totalPages,
+          hasNext: page < totalPages,
+          hasPrev: page > 1
+        }
+      };
+    },
+    async findByID(args) {
+      try {
+        const perm = await ctx.rbacPermissionService.getPermissionById(args.id);
+        return mapPermission(perm);
+      } catch (error) {
+        if (args.disableErrors && NextlyError.isNotFound(error)) {
+          return null;
+        }
+        throw error;
+      }
+    },
+    async create(args) {
+      const { name, slug, action, resource, description } = args.data;
+      const ensured = await ctx.rbacPermissionService.ensurePermission(
+        action,
+        resource,
+        name,
+        slug,
+        description
+      );
+      const fetched = await ctx.rbacPermissionService.getPermissionById(
+        ensured.id
+      );
+      return {
+        message: "Permission created.",
+        item: mapPermission(fetched)
+      };
+    },
+    async delete(args) {
+      await ctx.rbacPermissionService.deletePermissionById(args.id);
+      return {
+        message: "Permission deleted.",
+        item: { id: args.id }
+      };
+    }
+  };
+}
+function createAccessNamespace(ctx) {
+  return {
+    async check(args) {
+      return await ctx.rbacAccessControlService.checkAccess({
+        userId: args.userId,
+        operation: args.operation,
+        resource: args.resource
+      });
+    },
+    async checkApiKey(args) {
+      try {
+        const auth = await ctx.apiKeyService.authenticateApiKey(args.rawKey);
+        if (!auth) return { valid: false };
+        const [permissions, roles, meta] = await Promise.all([
+          ctx.apiKeyService.resolveApiKeyPermissions(
+            auth.tokenType,
+            auth.roleId,
+            auth.userId,
+            auth.id
+          ),
+          ctx.apiKeyService.resolveApiKeyRoles(
+            auth.tokenType,
+            auth.roleId,
+            auth.userId
+          ),
+          ctx.apiKeyService.getApiKeyById(auth.id, auth.userId, {
+            allUsers: true
+          })
+        ]);
+        return {
+          valid: true,
+          userId: auth.userId,
+          tokenType: auth.tokenType,
+          permissions,
+          roles,
+          expiresAt: meta?.expiresAt ?? null
+        };
+      } catch {
+        return { valid: false };
+      }
+    }
+  };
+}
+async function resolveApiKeyOwner(apiKeyService, id) {
+  const adapter = container.get("adapter");
+  const privateTable = apiKeyService.apiKeysTable;
+  const db = adapter.getDrizzle();
+  const rows = await db.select({ userId: privateTable.userId }).from(privateTable).where(eq(privateTable.id, id)).limit(1);
+  if (rows.length === 0) {
+    throw NextlyError.notFound({ logContext: { entity: "apiKey", apiKeyId: id } });
+  }
+  return rows[0].userId;
+}
+function createApiKeysNamespace(ctx) {
+  return {
+    async list(args = {}) {
+      const allUsers = !args.userId;
+      return await ctx.apiKeyService.listApiKeys(args.userId ?? "", {
+        allUsers
+      });
+    },
+    async findByID(args) {
+      return await ctx.apiKeyService.getApiKeyById(args.id, "", {
+        allUsers: true
+      });
+    },
+    async create(args) {
+      const { meta, key } = await ctx.apiKeyService.createApiKey(args.userId, {
+        name: args.name,
+        description: args.description ?? void 0,
+        tokenType: args.tokenType,
+        roleId: args.roleId ?? void 0,
+        expiresIn: args.expiresIn
+      });
+      return { doc: meta, key };
+    },
+    async update(args) {
+      const userId = await resolveApiKeyOwner(ctx.apiKeyService, args.id);
+      return await ctx.apiKeyService.updateApiKey(args.id, userId, {
+        name: args.name,
+        description: args.description ?? void 0
+      });
+    },
+    async revoke(args) {
+      const userId = await resolveApiKeyOwner(ctx.apiKeyService, args.id);
+      await ctx.apiKeyService.revokeApiKey(args.id, userId);
+      return { success: true };
+    }
+  };
+}
+
+// src/direct-api/nextly.ts
+var Nextly = class {
+  /**
+   * Default configuration applied to all operations.
+   *
+   * @internal
+   */
+  defaultConfig;
+  users;
+  media;
+  forms;
+  components;
+  email;
+  emailProviders;
+  emailTemplates;
+  userFields;
+  roles;
+  permissions;
+  access;
+  apiKeys;
+  /**
+   * Create a new Nextly instance.
+   *
+   * @param config - Default configuration for all operations
+   */
+  constructor(config = {}) {
+    this.defaultConfig = {
+      overrideAccess: true,
+      ...config
+    };
+    this.users = createUsersNamespace(this);
+    this.media = createMediaNamespace(this);
+    this.forms = createFormsNamespace(this);
+    this.components = createComponentsNamespace(this);
+    this.email = createEmailNamespace(this);
+    this.emailProviders = createEmailProvidersNamespace(this);
+    this.emailTemplates = createEmailTemplatesNamespace(this);
+    this.userFields = createUserFieldsNamespace(this);
+    this.roles = createRolesNamespace(this);
+    this.permissions = createPermissionsNamespace(this);
+    this.access = createAccessNamespace(this);
+    this.apiKeys = createApiKeysNamespace(this);
+  }
+  /**
+   * Get the forms collection slug.
+   * Defaults to "forms" (matching the form builder plugin default).
+   *
+   * @internal
+   */
+  get formsCollectionSlug() {
+    return this.defaultConfig.forms?.collectionSlug ?? "forms";
+  }
+  /**
+   * Get the form submissions collection slug.
+   * Defaults to "form-submissions" (matching the form builder plugin default).
+   *
+   * @internal
+   */
+  get submissionsCollectionSlug() {
+    return this.defaultConfig.forms?.submissionCollectionSlug ?? "form-submissions";
+  }
+  /** @internal */
+  get collectionsHandler() {
+    return container.get("collectionsHandler");
+  }
+  /** @internal */
+  get singleEntryService() {
+    return container.get("singleEntryService");
+  }
+  /** @internal */
+  get singleRegistryService() {
+    return container.get("singleRegistryService");
+  }
+  /** Cached AuthService — not registered in the DI container. */
+  _authService = null;
+  /** @internal */
+  get authService() {
+    if (!this._authService) {
+      const adapter = container.get("adapter");
+      const logger = container.has("logger") ? container.get("logger") : console;
+      const emailService = container.has("emailService") ? container.get("emailService") : void 0;
+      this._authService = new AuthService(adapter, logger, emailService);
+    }
+    return this._authService;
+  }
+  /** Cached UserAccountService — not registered in the DI container. */
+  _userAccountService = null;
+  /** @internal */
+  get userAccountService() {
+    if (!this._userAccountService) {
+      const adapter = container.get("adapter");
+      const logger = container.has("logger") ? container.get("logger") : console;
+      this._userAccountService = new UserAccountService(adapter, logger);
+    }
+    return this._userAccountService;
+  }
+  /** @internal */
+  get userService() {
+    return container.get("userService");
+  }
+  /** @internal */
+  get mediaService() {
+    return container.get("mediaService");
+  }
+  /** @internal */
+  get componentRegistryService() {
+    return container.get("componentRegistryService");
+  }
+  /** @internal */
+  get emailProviderService() {
+    return container.get("emailProviderService");
+  }
+  /** @internal */
+  get emailTemplateService() {
+    return container.get("emailTemplateService");
+  }
+  /** @internal */
+  get userFieldDefinitionService() {
+    return container.get(
+      "userFieldDefinitionService"
+    );
+  }
+  /** @internal */
+  get emailSendService() {
+    return container.get("emailService");
+  }
+  /** Cached RoleService — not registered in the DI container. */
+  _rbacRoleService = null;
+  /** @internal */
+  get rbacRoleService() {
+    if (!this._rbacRoleService) {
+      const adapter = container.get("adapter");
+      const logger = container.has("logger") ? container.get("logger") : console;
+      this._rbacRoleService = new RoleService(adapter, logger);
+    }
+    return this._rbacRoleService;
+  }
+  /** Cached PermissionService — not registered in the DI container. */
+  _rbacPermissionService = null;
+  /** @internal */
+  get rbacPermissionService() {
+    if (!this._rbacPermissionService) {
+      const adapter = container.get("adapter");
+      const logger = container.has("logger") ? container.get("logger") : console;
+      this._rbacPermissionService = new PermissionService(adapter, logger);
+    }
+    return this._rbacPermissionService;
+  }
+  /** Cached RolePermissionService — not registered in the DI container. */
+  _rbacRolePermissionService = null;
+  /** @internal */
+  get rbacRolePermissionService() {
+    if (!this._rbacRolePermissionService) {
+      const adapter = container.get("adapter");
+      const logger = container.has("logger") ? container.get("logger") : console;
+      this._rbacRolePermissionService = new RolePermissionService(
+        adapter,
+        logger
+      );
+    }
+    return this._rbacRolePermissionService;
+  }
+  /** @internal */
+  get rbacAccessControlService() {
+    return container.get("rbacAccessControlService");
+  }
+  /** @internal */
+  get apiKeyService() {
+    return container.get("apiKeyService");
+  }
+  /**
+   * Find multiple documents in a collection.
+   *
+   * (`{ items, meta }`). Callers migrating from `{ docs, totalDocs, ... }`:
+   * `result.docs` -> `result.items`, `result.totalDocs` -> `result.meta.total`.
+   *
+   * @throws {NextlyError} If the operation fails
+   */
+  find(args) {
+    return find(this, args);
+  }
+  /**
+   * Find a single document by ID. Returns `null` when not found and
+   * `disableErrors` is `true`; otherwise throws.
+   */
+  findByID(args) {
+    return findByID(this, args);
+  }
+  /**
+   * Create a new document in a collection.
+   *
+   * created doc must read `result.item` (was a bare `T`).
+   */
+  create(args) {
+    return create(this, args);
+  }
+  /**
+   * Update a document by ID or by `where` clause (returns the first match).
+   *
+   * updated doc must read `result.item` (was a bare `T`).
+   */
+  update(args) {
+    return update(this, args);
+  }
+  /**
+   * Delete a document by ID or by `where` clause.
+   *
+   * where `item` carries the deleted `id`. The bulk-by-where path still
+   * returns the legacy `DeleteResult` shape (`{ deleted, ids }`) because
+   * a multi-row delete cannot collapse to a single mutation envelope.
+   */
+  delete(args) {
+    return deleteEntry(this, args);
+  }
+  /**
+   * Count documents matching a query.
+   *
+   */
+  count(args) {
+    return count(this, args);
+  }
+  /** Bulk-delete multiple documents by IDs (partial success pattern). */
+  bulkDelete(args) {
+    return bulkDelete(this, args);
+  }
+  /**
+   * Duplicate a document (optionally applying field overrides).
+   *
+   * duplicated doc must read `result.item` (was a bare `T`).
+   */
+  duplicate(args) {
+    return duplicate(this, args);
+  }
+  /** Get a Single (global) document by slug. */
+  findSingle(args) {
+    return findSingle(this, args);
+  }
+  /** Update a Single (global) document by slug. */
+  updateSingle(args) {
+    return updateSingle(this, args);
+  }
+  /** Fetch the content of every registered Single. */
+  findSingles(args = {}) {
+    return findSingles(this, args);
+  }
+  /** Verify credentials and return a signed session token. */
+  login(args) {
+    return login(this, args);
+  }
+  /** Logout — no-op for the Direct API (session lives in the app). */
+  logout() {
+    return logout();
+  }
+  /** Fetch the current user's profile (requires explicit `user.id`). */
+  me(args) {
+    return me(this, args);
+  }
+  /** Update the current user's profile (name/image only). */
+  updateMe(args) {
+    return updateMe(this, args);
+  }
+  /** Register a new user with email + password. */
+  register(args) {
+    return register(this, args);
+  }
+  /** Change the current user's password (requires the current password). */
+  changePassword(args) {
+    return changePassword(this, args);
+  }
+  /** Initiate password reset (always returns success to avoid leaking emails). */
+  forgotPassword(args) {
+    return forgotPassword(this, args);
+  }
+  /** Reset a user's password using a token from `forgotPassword`. */
+  resetPassword(args) {
+    return resetPassword(this, args);
+  }
+  /** Verify a user's email using a verification token. */
+  verifyEmail(args) {
+    return verifyEmail(this, args);
+  }
+};
+var globalForDirectApi = globalThis;
+function getNextly(config) {
+  if (!isServicesRegistered()) {
+    throw new NextlyError({
+      code: "INTERNAL_ERROR",
+      publicMessage: "Nextly services not initialized. Call registerServices() before using the Direct API.",
+      statusCode: 500
+    });
+  }
+  if (!globalForDirectApi.__nextly_directApiInstance) {
+    globalForDirectApi.__nextly_directApiInstance = new Nextly(config);
+    if (!container.has("nextlyDirectAPI")) {
+      container.register(
+        "nextlyDirectAPI",
+        () => globalForDirectApi.__nextly_directApiInstance
+      );
+    }
+  }
+  return globalForDirectApi.__nextly_directApiInstance;
+}
+var nextly = {
+  find: (args) => getNextly().find(args),
+  findByID: (args) => getNextly().findByID(args),
+  create: (args) => getNextly().create(args),
+  update: (args) => getNextly().update(args),
+  delete: (args) => getNextly().delete(args),
+  count: (args) => getNextly().count(args),
+  bulkDelete: (args) => getNextly().bulkDelete(args),
+  duplicate: (args) => getNextly().duplicate(args),
+  findSingle: (args) => getNextly().findSingle(args),
+  updateSingle: (args) => getNextly().updateSingle(args),
+  findSingles: (args) => getNextly().findSingles(args ?? {}),
+  login: (args) => getNextly().login(args),
+  logout: () => getNextly().logout(),
+  me: (args) => getNextly().me(args),
+  updateMe: (args) => getNextly().updateMe(args),
+  register: (args) => getNextly().register(args),
+  changePassword: (args) => getNextly().changePassword(args),
+  forgotPassword: (args) => getNextly().forgotPassword(args),
+  resetPassword: (args) => getNextly().resetPassword(args),
+  verifyEmail: (args) => getNextly().verifyEmail(args),
+  users: {
+    find: (args) => getNextly().users.find(args),
+    findOne: (args) => getNextly().users.findOne(args),
+    findByID: (args) => getNextly().users.findByID(args),
+    create: (args) => getNextly().users.create(args),
+    update: (args) => getNextly().users.update(args),
+    delete: (args) => getNextly().users.delete(args)
+  },
+  media: {
+    upload: (args) => getNextly().media.upload(args),
+    find: (args) => getNextly().media.find(args),
+    findByID: (args) => getNextly().media.findByID(args),
+    update: (args) => getNextly().media.update(args),
+    delete: (args) => getNextly().media.delete(args),
+    bulkDelete: (args) => getNextly().media.bulkDelete(args),
+    folders: {
+      list: (args) => getNextly().media.folders.list(args),
+      create: (args) => getNextly().media.folders.create(args)
+    }
+  },
+  forms: {
+    find: (args) => getNextly().forms.find(args),
+    findBySlug: (args) => getNextly().forms.findBySlug(args),
+    submit: (args) => getNextly().forms.submit(args),
+    submissions: (args) => getNextly().forms.submissions(args)
+  },
+  components: {
+    find: (args) => getNextly().components.find(args),
+    findBySlug: (args) => getNextly().components.findBySlug(args),
+    create: (args) => getNextly().components.create(args),
+    update: (args) => getNextly().components.update(args),
+    delete: (args) => getNextly().components.delete(args)
+  },
+  email: {
+    send: (args) => getNextly().email.send(args),
+    sendWithTemplate: (args) => getNextly().email.sendWithTemplate(args)
+  },
+  emailProviders: {
+    find: (args) => getNextly().emailProviders.find(args),
+    findByID: (args) => getNextly().emailProviders.findByID(args),
+    create: (args) => getNextly().emailProviders.create(args),
+    update: (args) => getNextly().emailProviders.update(args),
+    delete: (args) => getNextly().emailProviders.delete(args),
+    setDefault: (args) => getNextly().emailProviders.setDefault(args),
+    test: (args) => getNextly().emailProviders.test(args)
+  },
+  emailTemplates: {
+    find: (args) => getNextly().emailTemplates.find(args),
+    findByID: (args) => getNextly().emailTemplates.findByID(args),
+    findBySlug: (args) => getNextly().emailTemplates.findBySlug(args),
+    create: (args) => getNextly().emailTemplates.create(args),
+    update: (args) => getNextly().emailTemplates.update(args),
+    delete: (args) => getNextly().emailTemplates.delete(args),
+    preview: (args) => getNextly().emailTemplates.preview(args),
+    getLayout: (args) => getNextly().emailTemplates.getLayout(args),
+    updateLayout: (args) => getNextly().emailTemplates.updateLayout(args)
+  },
+  userFields: {
+    find: (args) => getNextly().userFields.find(args),
+    findByID: (args) => getNextly().userFields.findByID(args),
+    create: (args) => getNextly().userFields.create(args),
+    update: (args) => getNextly().userFields.update(args),
+    delete: (args) => getNextly().userFields.delete(args),
+    reorder: (args) => getNextly().userFields.reorder(args)
+  },
+  roles: {
+    find: (args) => getNextly().roles.find(args),
+    findByID: (args) => getNextly().roles.findByID(args),
+    create: (args) => getNextly().roles.create(args),
+    update: (args) => getNextly().roles.update(args),
+    delete: (args) => getNextly().roles.delete(args),
+    getPermissions: (args) => getNextly().roles.getPermissions(args),
+    setPermissions: (args) => getNextly().roles.setPermissions(args)
+  },
+  permissions: {
+    find: (args) => getNextly().permissions.find(args),
+    findByID: (args) => getNextly().permissions.findByID(args),
+    create: (args) => getNextly().permissions.create(args),
+    delete: (args) => getNextly().permissions.delete(args)
+  },
+  apiKeys: {
+    list: (args) => getNextly().apiKeys.list(args),
+    findByID: (args) => getNextly().apiKeys.findByID(args),
+    create: (args) => getNextly().apiKeys.create(args),
+    update: (args) => getNextly().apiKeys.update(args),
+    revoke: (args) => getNextly().apiKeys.revoke(args)
+  },
+  access: {
+    check: (args) => getNextly().access.check(args),
+    checkApiKey: (args) => getNextly().access.checkApiKey(args)
+  }
+};
+
+// src/init/build-service-config.ts
+function buildServiceConfig(providedConfig) {
+  const serviceConfig = {};
+  if (providedConfig) {
+    const { config: nextlyConfig, ...rest } = providedConfig;
+    Object.assign(serviceConfig, rest);
+    if (!serviceConfig.storagePlugins && nextlyConfig?.storage) {
+      serviceConfig.storagePlugins = nextlyConfig.storage;
+      if (nextlyConfig.storage.length > 0) {
+        console.log(
+          `[Nextly] Using ${nextlyConfig.storage.length} storage plugin(s) from config`
+        );
+      }
+    }
+    if (!serviceConfig.collections && nextlyConfig?.collections) {
+      serviceConfig.collections = nextlyConfig.collections;
+      if (nextlyConfig.collections.length > 0) {
+        console.log(
+          `[Nextly] Using ${nextlyConfig.collections.length} collection(s) from config`
+        );
+      }
+    }
+    if (!serviceConfig.singles && nextlyConfig?.singles) {
+      serviceConfig.singles = nextlyConfig.singles;
+      if (nextlyConfig.singles.length > 0) {
+        console.log(
+          `[Nextly] Using ${nextlyConfig.singles.length} single(s) from config`
+        );
+      }
+    }
+    if (!serviceConfig.components && nextlyConfig?.components) {
+      serviceConfig.components = nextlyConfig.components;
+      if (nextlyConfig.components.length > 0) {
+        console.log(
+          `[Nextly] Using ${nextlyConfig.components.length} component(s) from config`
+        );
+      }
+    }
+    if (!serviceConfig.plugins && nextlyConfig?.plugins) {
+      serviceConfig.plugins = nextlyConfig.plugins;
+      if (nextlyConfig.plugins.length > 0) {
+        console.log(
+          `[Nextly] Using ${nextlyConfig.plugins.length} plugin(s) from config`
+        );
+      }
+    }
+    if (!serviceConfig.users && nextlyConfig?.users) {
+      serviceConfig.users = nextlyConfig.users;
+    }
+    if (!serviceConfig.email && nextlyConfig?.email) {
+      serviceConfig.email = nextlyConfig.email;
+    }
+    if (!serviceConfig.apiKeys && nextlyConfig?.apiKeys) {
+      serviceConfig.apiKeys = nextlyConfig.apiKeys;
+    }
+    if (!serviceConfig.security && nextlyConfig?.security) {
+      serviceConfig.security = nextlyConfig.security;
+    }
+    if (!serviceConfig.admin && nextlyConfig?.admin) {
+      serviceConfig.admin = nextlyConfig.admin;
+    }
+    if (!serviceConfig.auth && nextlyConfig?.auth) {
+      serviceConfig.auth = nextlyConfig.auth;
+    }
+  }
+  if (!serviceConfig.imageProcessor) {
+    serviceConfig.imageProcessor = getImageProcessor();
+  }
+  return serviceConfig;
+}
+
+// src/init/drift-check.ts
+async function runDriftCheck(args) {
+  const { adapter, collections, logger } = args;
+  const deps = await resolveDeps(args.deps);
+  if (collections.length === 0) return { kind: "clean" };
+  const previewPromises = collections.map(async (collection) => {
+    try {
+      const preview = await deps.previewDesiredSchema({
+        desired: {
+          collections: {
+            [collection.slug]: collection
+          },
+          singles: {},
+          components: {}
+        },
+        db: adapter.getDrizzle(),
+        dialect: adapter.dialect
+      });
+      return { ok: true, opCount: preview.operations.length };
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      logger.debug?.(
+        `[nextly] Drift preview failed for '${collection.slug}': ${msg} (continuing).`
+      );
+      return { ok: false, error: msg };
+    }
+  });
+  const results = await Promise.all(previewPromises);
+  let pendingOps = 0;
+  let failureCount = 0;
+  for (const r of results) {
+    if (r.ok) pendingOps += r.opCount;
+    else failureCount += 1;
+  }
+  if (failureCount > 0) {
+    logger.warn(
+      `[nextly] ${failureCount} of ${collections.length} drift previews failed. Run \`nextly db:sync\` to investigate.`
+    );
+  }
+  if (pendingOps === 0) return { kind: "clean" };
+  logger.warn(
+    `[nextly] Detected schema drift: ${pendingOps} pending change(s). Save your nextly.config.ts to apply via HMR, or run \`nextly db:sync\`.`
+  );
+  return { kind: "drift", pending: pendingOps };
+}
+async function resolveDeps(injected) {
+  if (injected?.previewDesiredSchema) {
+    return injected;
+  }
+  const { previewDesiredSchema } = await import("./preview-ZZTR3QGS.mjs");
+  return {
+    previewDesiredSchema: injected?.previewDesiredSchema ?? previewDesiredSchema
+  };
+}
+
+// src/init/post-init-tasks.ts
+async function runPostInitTasks() {
+  try {
+    const emailTemplateService = getService("emailTemplateService");
+    await emailTemplateService.ensureBuiltInTemplates();
+  } catch {
+  }
+  try {
+    const fieldDefService = getService("userFieldDefinitionService");
+    const config = getService("config");
+    const codeFields = config.users?.fields || [];
+    await fieldDefService.syncCodeFields(
+      codeFields
+    );
+  } catch {
+  }
+  try {
+    const userExtSchemaService = getService("userExtSchemaService");
+    await userExtSchemaService.loadMergedFields();
+    if (userExtSchemaService.hasMergedFields()) {
+      const adapter = getService("adapter");
+      const drizzleDb = adapter.getDrizzle();
+      await userExtSchemaService.ensureUserExtSchema(drizzleDb);
+    }
+  } catch {
+  }
+  try {
+    const permissionSeedService = getService("permissionSeedService");
+    const systemResult = await permissionSeedService.seedSystemPermissions();
+    const collectionResult = await permissionSeedService.seedAllCollectionPermissions();
+    const singleResult = await permissionSeedService.seedAllSinglePermissions();
+    const allNewIds = [
+      ...systemResult.newPermissionIds,
+      ...collectionResult.newPermissionIds,
+      ...singleResult.newPermissionIds
+    ];
+    if (allNewIds.length > 0) {
+      await permissionSeedService.assignNewPermissionsToSuperAdmin(allNewIds);
+    }
+  } catch {
+  }
+}
+
+// src/runtime/hmr-listener.ts
+import { WebSocket } from "ws";
+var g = globalThis;
+function ensureHmrListener() {
+  if (g.__nextly_hmrWs) return;
+  if (process.env.NODE_ENV === "production") return;
+  if (process.env.NODE_ENV === "test") return;
+  if (process.env.NEXTLY_DISABLE_HMR === "1") return;
+  try {
+    const port = process.env.PORT ?? "3000";
+    const hasHttps = process.env.USE_HTTPS === "true" || process.argv.includes("--experimental-https");
+    const protocol = hasHttps ? "wss" : "ws";
+    const prefix = process.env.__NEXT_ASSET_PREFIX ?? "";
+    const url = process.env.NEXTLY_HMR_URL_OVERRIDE ?? `${protocol}://localhost:${port}${prefix}/_next/webpack-hmr`;
+    g.__nextly_hmrWs = new WebSocket(url);
+    g.__nextly_hmrWs.onmessage = (event) => {
+      if (g.__nextly_hmrReload instanceof Promise) return;
+      if (typeof event.data !== "string") return;
+      let data;
+      try {
+        data = JSON.parse(event.data);
+      } catch {
+        return;
+      }
+      if (typeof data !== "object" || data === null) return;
+      const record = data;
+      const isServerChange = record.type === "serverComponentChanges" || record.action === "serverComponentChanges";
+      if (isServerChange) {
+        if (!(g.__nextly_hmrReload instanceof Promise)) {
+          const reload = (async () => {
+            try {
+              const { reloadNextlyConfig: reloadNextlyConfig2 } = await import("./reload-config-HWQ4G5MM.mjs");
+              await reloadNextlyConfig2();
+            } catch {
+            }
+          })();
+          markHmrReloadInFlight(reload);
+        }
+      }
+    };
+    g.__nextly_hmrWs.onerror = () => {
+    };
+  } catch {
+  }
+}
+function consumeHmrReloadFlag() {
+  if (g.__nextly_hmrReload === true) {
+    g.__nextly_hmrReload = false;
+    return true;
+  }
+  return false;
+}
+function markHmrReloadInFlight(promise) {
+  g.__nextly_hmrReload = promise;
+  void promise.finally(() => {
+    if (g.__nextly_hmrReload === promise) {
+      g.__nextly_hmrReload = false;
+    }
+  });
+}
+
+// src/init.ts
+var globalForInit = globalThis;
+async function getNextly2(options) {
+  if (!options?.config) {
+    throw new NextlyError({
+      code: "CONFIGURATION_ERROR",
+      statusCode: 500,
+      publicMessage: "Server configuration error.",
+      logMessage: "getNextly() requires a `config` parameter. Import your config and pass it: `getNextly({ config })`. If you are inside a Nextly internal handler that just needs the cached singleton, use `getCachedNextly()` instead."
+    });
+  }
+  if (globalForInit.__nextly_cachedInstance) {
+    if (consumeHmrReloadFlag()) {
+      const reloadPromise = reloadNextlyConfig();
+      markHmrReloadInFlight(reloadPromise);
+      await reloadPromise;
+    }
+    if (options?.config?.storage && options.config.storage.length > 0) {
+      const mediaStorage = getService("mediaStorage");
+      if (!mediaStorage.hasAdapter()) {
+        for (const plugin of options.config.storage) {
+          mediaStorage.registerPlugin(plugin);
+        }
+        console.log(
+          `[Nextly] Late-registered ${options.config.storage.length} storage plugin(s)`
+        );
+      }
+    }
+    return globalForInit.__nextly_cachedInstance;
+  }
+  if (globalForInit.__nextly_initPromise) {
+    return globalForInit.__nextly_initPromise;
+  }
+  const initPromise = (async () => {
+    try {
+      if (!isServicesRegistered()) {
+        const finalConfig = buildServiceConfig(options);
+        await registerServices(finalConfig);
+        const adapter = getService("adapter");
+        const capabilities = adapter.getCapabilities();
+        console.log(`Nextly initialized with ${capabilities.dialect} database`);
+        console.log(`  - JSONB support: ${capabilities.supportsJsonb}`);
+        console.log(`  - RETURNING support: ${capabilities.supportsReturning}`);
+        console.log(`  - Full-text search: ${capabilities.supportsFts}`);
+        const config = getService("config");
+        const driftLogger = {
+          debug: (msg) => console.debug(msg),
+          info: (msg) => console.log(msg),
+          warn: (msg) => console.warn(msg),
+          error: (msg) => console.error(msg)
+        };
+        const collections = (config.collections ?? []).map((c) => ({
+          slug: c.slug,
+          tableName: resolveCollectionTableName(c.slug, c.dbName),
+          fields: c.fields ?? [],
+          // Why: forward the Draft/Published flag so the boot-time drift
+          // check actually compares the desired status column against the
+          // live DB. Without this, a code-first collection that opted into
+          // `status: true` after its table was created would never report
+          // drift, masking a missing system status column.
+          status: c.status === true
+        }));
+        await runDriftCheck({
+          adapter,
+          collections,
+          logger: driftLogger
+        });
+        await runBootTimeApplyIfDev({ caller: "init" });
+        void runPostInitTasks();
+      }
+      const directAPI = getNextly();
+      const instance = {
+        // Direct API methods
+        find: directAPI.find.bind(directAPI),
+        findByID: directAPI.findByID.bind(directAPI),
+        create: directAPI.create.bind(directAPI),
+        update: directAPI.update.bind(directAPI),
+        delete: directAPI.delete.bind(directAPI),
+        count: directAPI.count.bind(directAPI),
+        bulkDelete: directAPI.bulkDelete.bind(directAPI),
+        duplicate: directAPI.duplicate.bind(directAPI),
+        findSingle: directAPI.findSingle.bind(directAPI),
+        updateSingle: directAPI.updateSingle.bind(directAPI),
+        findSingles: directAPI.findSingles.bind(directAPI),
+        // Authentication methods
+        login: directAPI.login.bind(directAPI),
+        logout: directAPI.logout.bind(directAPI),
+        me: directAPI.me.bind(directAPI),
+        updateMe: directAPI.updateMe.bind(directAPI),
+        register: directAPI.register.bind(directAPI),
+        changePassword: directAPI.changePassword.bind(directAPI),
+        forgotPassword: directAPI.forgotPassword.bind(directAPI),
+        resetPassword: directAPI.resetPassword.bind(directAPI),
+        verifyEmail: directAPI.verifyEmail.bind(directAPI),
+        // Users API namespace (Direct API style)
+        users: directAPI.users,
+        // Media API namespace (Direct API style)
+        media: directAPI.media,
+        // Forms API namespace (Direct API style)
+        forms: directAPI.forms,
+        // Email & User Field namespaces
+        emailProviders: directAPI.emailProviders,
+        emailTemplates: directAPI.emailTemplates,
+        userFields: directAPI.userFields,
+        email: directAPI.email,
+        // RBAC namespaces 
+        roles: directAPI.roles,
+        permissions: directAPI.permissions,
+        access: directAPI.access,
+        // Service accessors
+        collections: getService("collectionService"),
+        userService: getService("userService"),
+        mediaService: getService("mediaService"),
+        storage: getService("mediaStorage"),
+        meta: getService("metaService"),
+        // Direct adapter access
+        adapter: getService("adapter"),
+        // Shutdown method
+        shutdown: async () => {
+          await shutdownServices();
+          globalForInit.__nextly_cachedInstance = null;
+          console.log("Nextly shutdown complete");
+        }
+      };
+      globalForInit.__nextly_cachedInstance = instance;
+      ensureHmrListener();
+      return instance;
+    } finally {
+      globalForInit.__nextly_initPromise = null;
+    }
+  })();
+  globalForInit.__nextly_initPromise = initPromise;
+  return initPromise;
+}
+async function getCachedNextly() {
+  if (globalForInit.__nextly_cachedInstance) {
+    return globalForInit.__nextly_cachedInstance;
+  }
+  if (globalForInit.__nextly_initPromise) {
+    return globalForInit.__nextly_initPromise;
+  }
+  if (isServicesRegistered()) {
+    const directAPI = getNextly();
+    const instance = {
+      find: directAPI.find.bind(directAPI),
+      findByID: directAPI.findByID.bind(directAPI),
+      create: directAPI.create.bind(directAPI),
+      update: directAPI.update.bind(directAPI),
+      delete: directAPI.delete.bind(directAPI),
+      count: directAPI.count.bind(directAPI),
+      bulkDelete: directAPI.bulkDelete.bind(directAPI),
+      duplicate: directAPI.duplicate.bind(directAPI),
+      findSingle: directAPI.findSingle.bind(directAPI),
+      updateSingle: directAPI.updateSingle.bind(directAPI),
+      findSingles: directAPI.findSingles.bind(directAPI),
+      login: directAPI.login.bind(directAPI),
+      logout: directAPI.logout.bind(directAPI),
+      me: directAPI.me.bind(directAPI),
+      updateMe: directAPI.updateMe.bind(directAPI),
+      register: directAPI.register.bind(directAPI),
+      changePassword: directAPI.changePassword.bind(directAPI),
+      forgotPassword: directAPI.forgotPassword.bind(directAPI),
+      resetPassword: directAPI.resetPassword.bind(directAPI),
+      verifyEmail: directAPI.verifyEmail.bind(directAPI),
+      users: directAPI.users,
+      media: directAPI.media,
+      forms: directAPI.forms,
+      emailProviders: directAPI.emailProviders,
+      emailTemplates: directAPI.emailTemplates,
+      userFields: directAPI.userFields,
+      email: directAPI.email,
+      roles: directAPI.roles,
+      permissions: directAPI.permissions,
+      access: directAPI.access,
+      collections: getService("collectionService"),
+      userService: getService("userService"),
+      mediaService: getService("mediaService"),
+      storage: getService("mediaStorage"),
+      meta: getService("metaService"),
+      adapter: getService("adapter"),
+      shutdown: async () => {
+        await shutdownServices();
+        globalForInit.__nextly_cachedInstance = null;
+      }
+    };
+    globalForInit.__nextly_cachedInstance = instance;
+    return instance;
+  }
+  throw new NextlyError({
+    code: "CONFIGURATION_ERROR",
+    statusCode: 500,
+    publicMessage: "Server configuration error.",
+    logMessage: "getCachedNextly() called before initialization. Ensure `getNextly({ config })` (or `createRegister(config)` from instrumentation.ts) has run at least once before any internal handler executes. See https://nextlyhq.com/docs/getting-started."
+  });
+}
+function createRegister(config) {
+  return async function register2() {
+    await getNextly2({ config });
+  };
+}
+async function shutdownNextly() {
+  if (globalForInit.__nextly_cachedInstance) {
+    await globalForInit.__nextly_cachedInstance.shutdown();
+  }
+}
+
+export {
+  nextly,
+  ensureHmrListener,
+  getNextly2 as getNextly,
+  getCachedNextly,
+  createRegister,
+  shutdownNextly
+};