Citali/old.cms.fellies.org
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Citali:todo/mvp0-admin-i18n-baseline
Branches Tags
Citali:dev Citali:todo/mvp1-media-library-replace-flow Citali:todo/mvp1-page-management-scheduling Citali:todo/mvp1-public-rendering-integration-completion Citali:todo/mvp1-announcements-news-completion Citali:todo/mvp1-commissions-management-completion Citali:todo/mvp1-users-management-baseline Citali:todo/mvp1-navigation-management-completion Citali:todo/mvp1-page-builder-reusable-blocks Citali:todo/mvp1-media-type-presets Citali:todo/mvp1-artwork-rendition-management Citali:todo/mvp1-artwork-refinement-fields Citali:todo/mvp1-portfolio-grouping-management Citali:todo/mvp1-media-enrichment Citali:todo/mvp1-page-builder-blocks Citali:todo/mvp1-news-archives Citali:todo/mvp1-public-rendering-integration Citali:todo/mvp1-navigation-news-translations Citali:todo/mvp1-translated-content-crud-tests Citali:todo/mvp1-admin-form-component-tests Citali:todo/mvp1-code-handover-docs-baseline Citali:todo/mvp1-owner-support-guard-tests Citali:todo/mvp1-header-banner-management Citali:todo/mvp1-auth-policy-integration-tests Citali:todo/mvp1-owner-support-integration-tests Citali:todo/mvp1-unit-service-tests Citali:todo/mvp1-e2e-happy-paths Citali:todo/mvp1-announcements-news Citali:todo/mvp1-commissions-customers Citali:todo/mvp1-pages-navigation-builder Citali:todo/mvp1-media-upload-pipeline Citali:todo/mvp1-media-foundation Citali:todo/mvp0-staging-deploy-checklist Citali:todo/mvp0-release-closeout Citali:todo/mvp0-ci-version-stamping-tests Citali:todo/mvp0-footer-version-hash Citali:todo/mvp0-docs-conventions Citali:todo/mvp0-testing-hardening Citali:todo/mvp0-public-app-topics Citali:todo/mvp0-admin-ia-skeleton Citali:todo/mvp0-admin-i18n-baseline Citali:todo/mvp0-crud-foundation Citali:todo/mvp0-i18n-baseline Citali:todo/mvp0-owner-invariant-enforcement Citali:todo/mvp0-better-auth-core Citali:todo/mvp0-rbac-model-and-enforcement Citali:code Citali:main Citali:refactor Citali:staging
Citali:mvp0-complete
..
compare: Citali:todo/mvp1-e2e-happy-paths
Branches Tags
Citali:todo/mvp1-media-library-replace-flow Citali:todo/mvp1-page-management-scheduling Citali:todo/mvp1-public-rendering-integration-completion Citali:todo/mvp1-announcements-news-completion Citali:todo/mvp1-commissions-management-completion Citali:todo/mvp1-users-management-baseline Citali:todo/mvp1-navigation-management-completion Citali:todo/mvp1-page-builder-reusable-blocks Citali:todo/mvp1-media-type-presets Citali:todo/mvp1-artwork-rendition-management Citali:todo/mvp1-artwork-refinement-fields Citali:todo/mvp1-portfolio-grouping-management Citali:todo/mvp1-media-enrichment Citali:todo/mvp1-page-builder-blocks Citali:todo/mvp1-news-archives Citali:todo/mvp1-public-rendering-integration Citali:todo/mvp1-navigation-news-translations Citali:todo/mvp1-translated-content-crud-tests Citali:todo/mvp1-admin-form-component-tests Citali:todo/mvp1-code-handover-docs-baseline Citali:dev Citali:todo/mvp1-owner-support-guard-tests Citali:todo/mvp1-header-banner-management Citali:todo/mvp1-auth-policy-integration-tests Citali:todo/mvp1-owner-support-integration-tests Citali:todo/mvp1-unit-service-tests Citali:todo/mvp1-e2e-happy-paths Citali:todo/mvp1-announcements-news Citali:todo/mvp1-commissions-customers Citali:todo/mvp1-pages-navigation-builder Citali:todo/mvp1-media-upload-pipeline Citali:todo/mvp1-media-foundation Citali:todo/mvp0-staging-deploy-checklist Citali:todo/mvp0-release-closeout Citali:todo/mvp0-ci-version-stamping-tests Citali:todo/mvp0-footer-version-hash Citali:todo/mvp0-docs-conventions Citali:todo/mvp0-testing-hardening Citali:todo/mvp0-public-app-topics Citali:todo/mvp0-admin-ia-skeleton Citali:todo/mvp0-admin-i18n-baseline Citali:todo/mvp0-crud-foundation Citali:todo/mvp0-i18n-baseline Citali:todo/mvp0-owner-invariant-enforcement Citali:todo/mvp0-better-auth-core Citali:todo/mvp0-rbac-model-and-enforcement Citali:code Citali:main Citali:refactor Citali:staging
Citali:mvp0-complete

38 Commits
todo/mvp0- ... todo/mvp1-

Author SHA1 Message Date
Citali
7c4b667bc7 test(e2e): add mvp1 happy path scenarios 2026-02-12 20:11:21 +01:00
Citali
dbf817c255 feat(content): add announcements and public news flows 2026-02-12 20:08:08 +01:00
Citali
994b33e081 feat(commissions): add customer records and kanban workflow baseline 2026-02-12 20:01:49 +01:00
Citali
f65a9ea03f feat(web): render cms pages and navigation from db 2026-02-12 19:58:01 +01:00
Citali
281b1d7a1b feat(pages): add pages and navigation builder baseline 2026-02-12 19:30:09 +01:00
Citali
7d9bc9dca9 feat(media): add admin media CRUD preview and storage cleanup 2026-02-12 19:15:26 +01:00
Citali
3e4f0b6c75 refactor(media): use asset-centric storage key layout 2026-02-12 18:41:01 +01:00
Citali
86a8af25d8 feat(media): default to s3 with local upload fallback 2026-02-12 18:16:11 +01:00
Citali
19738b77d8 feat(media): support local and s3 upload providers 2026-02-12 12:02:31 +01:00
Citali
5becba602c feat(media): add mvp1 upload pipeline baseline 2026-02-12 11:57:39 +01:00
Citali
ad351ed73a feat(media): complete mvp1 media foundation workflows 2026-02-11 22:56:01 +01:00
Citali
d727ab8b5b feat(media): scaffold mvp1 media and portfolio foundation 2026-02-11 22:46:24 +01:00
Citali
5b47fafe89 docs(product): add cms feature topics, package catalog, and inspiration notes
Some checks failed
CMS CI / Governance Checks (push) Successful in 1m2s
Details
CMS CI / Lint Typecheck Unit E2E (push) Failing after 3m24s
Details
2026-02-11 22:35:46 +01:00
Citali
37fabad1f8 chore(repo): update turbo dependency
Some checks failed
CMS CI / Governance Checks (push) Successful in 1m5s
Details
CMS CI / Lint Typecheck Unit E2E (push) Failing after 3m40s
Details
2026-02-11 22:08:01 +01:00
Citali
637dfd2651 docs(ops): add staging deployment checklist and evidence template 2026-02-11 19:11:45 +01:00
Citali
f9f2b4eb15 docs(gitflow): add branch protection verification checklist 2026-02-11 19:09:57 +01:00
Citali
ccac669454 feat(release): publish gitea release notes and enable production rollback 2026-02-11 19:09:22 +01:00
Citali
af52b8581f feat(ci): stamp build metadata and validate footer version hash 2026-02-11 19:06:55 +01:00
Citali
3de4d5732e feat(versioning): show runtime version and git hash in app footers 2026-02-11 19:01:53 +01:00
Citali
14c3df623a fix(db): organize imports for biome check
Some checks failed
CMS CI / Governance Checks (push) Successful in 1m2s
Details
CMS CI / Lint Typecheck Unit E2E (push) Failing after 3m38s
Details
2026-02-11 18:45:30 +01:00
Citali
a57464d818 chore(repo): remove theoretical workflow and fix prisma ci generation
Some checks failed
CMS CI / Governance Checks (push) Successful in 1m6s
Details
CMS CI / Lint Typecheck Unit E2E (push) Failing after 1m8s
Details
2026-02-11 18:26:42 +01:00
Citali
c174f840bc fix(ci): gitea workflows
Some checks failed
CMS CI/CD (Theoretical) / Lint Typecheck Tests (push) Failing after 35s
Details
CMS CI / Governance Checks (push) Successful in 1m1s
Details
CMS CI/CD (Theoretical) / Build Staging Images (push) Has been skipped
Details
CMS CI/CD (Theoretical) / Build Production Images (push) Has been skipped
Details
CMS CI/CD (Theoretical) / Deploy Staging (Placeholder) (push) Has been skipped
Details
CMS CI / Lint Typecheck Unit E2E (push) Failing after 1m25s
Details
CMS CI/CD (Theoretical) / Deploy Production (Placeholder) (push) Has been skipped
Details
2026-02-11 13:12:12 +01:00
Citali
334a5e3526 chore(ci): add gitea actions runner compose setup 2026-02-11 12:25:57 +01:00
Citali
516b773012 docs(versioning): define release policy and close MVP0 pipeline tasks
Some checks failed
CMS CI/CD (Theoretical) / Lint Typecheck Tests (push) Failing after 5m34s
Details
CMS CI / Governance Checks (push) Failing after 4m47s
Details
CMS CI/CD (Theoretical) / Build Staging Images (push) Has been skipped
Details
CMS CI / Lint Typecheck Unit E2E (push) Has been skipped
Details
CMS CI/CD (Theoretical) / Build Production Images (push) Has been skipped
Details
CMS CI/CD (Theoretical) / Deploy Staging (Placeholder) (push) Has been skipped
Details
CMS CI/CD (Theoretical) / Deploy Production (Placeholder) (push) Has been skipped
Details
2026-02-11 12:19:50 +01:00
Citali
21cc55a1b9 ci(gitflow): enforce branch and PR governance checks 2026-02-11 12:19:39 +01:00
Citali
969e88670f ci(delivery): add deploy and release workflow scaffolds 2026-02-11 12:19:31 +01:00
Citali
cec87679ca docs(adr): add glossary pages and ADR baseline structure 2026-02-11 12:12:34 +01:00
Citali
4d6e17a13b docs(ops): add environment and deployment runbook 2026-02-11 12:11:08 +01:00
Citali
7b4b23fc4f docs(crud): add implementation examples and complete docs task 2026-02-11 12:10:28 +01:00
Citali
5872593b01 docs(i18n): add conventions guide and wire docs navigation 2026-02-11 12:09:43 +01:00
Citali
3b130568e9 test(mvp0): complete remaining i18n, RBAC, and CRUD coverage 2026-02-11 12:06:27 +01:00
Citali
8390689c8d feat(web): complete MVP0 public layout, banner, and SEO baseline 2026-02-10 22:04:53 +01:00
Citali
bf1a92d129 feat(admin): add IA shell and protected section skeleton routes 2026-02-10 21:34:26 +01:00
Citali
36b09cd9d7 test(crud): finalize MVP1 gate CRUD contract coverage 2026-02-10 21:26:49 +01:00
Citali
70fc154f97 merge: todo/mvp0-admin-i18n-baseline into dev 2026-02-10 21:21:35 +01:00
Citali
c4d0499d12 merge: todo/mvp0-crud-foundation into dev 2026-02-10 21:21:32 +01:00
Citali
d16fb6e121 merge: todo/mvp0-i18n-baseline into dev 2026-02-10 21:21:28 +01:00
Citali
a508e3203a merge: todo/mvp0-owner-invariant-enforcement into dev 2026-02-10 21:21:25 +01:00
127 changed files with 9877 additions and 335 deletions
Expand all files Collapse all files

14
.env.example
View File

@@ -10,5 +10,19 @@ CMS_SUPPORT_EMAIL="support@cms.local"
CMS_SUPPORT_PASSWORD="change-me-support-password" CMS_SUPPORT_PASSWORD="change-me-support-password"
CMS_SUPPORT_NAME="Technical Support" CMS_SUPPORT_NAME="Technical Support"
CMS_SUPPORT_LOGIN_KEY="support-access-change-me" CMS_SUPPORT_LOGIN_KEY="support-access-change-me"
CMS_MEDIA_STORAGE_PROVIDER="s3"
CMS_MEDIA_STORAGE_TENANT_ID="default"
CMS_MEDIA_UPLOAD_MAX_BYTES="26214400"
# Optional: override local media storage directory for admin upload adapter.
# CMS_MEDIA_LOCAL_STORAGE_DIR="/absolute/path/to/media-storage"
# S3/object-storage config (default provider). If unavailable, upload falls back to local storage.
# CMS_MEDIA_S3_BUCKET="cms-media"
# CMS_MEDIA_S3_REGION="eu-central-1"
# CMS_MEDIA_S3_ACCESS_KEY_ID=""
# CMS_MEDIA_S3_SECRET_ACCESS_KEY=""
# CMS_MEDIA_S3_ENDPOINT="" # optional (e.g. MinIO, R2)
# CMS_MEDIA_S3_FORCE_PATH_STYLE="false"
NEXT_PUBLIC_APP_VERSION="0.1.0-dev"
NEXT_PUBLIC_GIT_SHA="local"
# Optional dev bypass role for admin middleware. Leave empty to require auth login. # Optional dev bypass role for admin middleware. Leave empty to require auth login.
# CMS_DEV_ROLE="admin" # CMS_DEV_ROLE="admin"

4
.env.gitea-runner.example Normal file
View File

@@ -0,0 +1,4 @@
GITEA_INSTANCE_URL="https://git.example.com"
GITEA_RUNNER_REGISTRATION_TOKEN="replace-with-runner-registration-token"
GITEA_RUNNER_NAME="cms-runner"
GITEA_RUNNER_LABELS="ubuntu-latest:docker://node:20-bookworm"

17
.gitea/PULL_REQUEST_TEMPLATE.md Normal file
View File

@@ -0,0 +1,17 @@
## Summary
- TODO item reference (exact text): `...`
- Scope (single primary TODO item): `...`
## Checklist
- [ ] Linked TODO item is in `TODO.md`
- [ ] Branch name follows `todo/*`, `refactor/*`, or `code/*`
- [ ] `bun run check`
- [ ] `bun run typecheck`
- [ ] `bun run test`
- [ ] E2E validation plan included (`bun run test:e2e` or reason if deferred)
## Notes
- Risks / migrations / rollout notes:

25
.gitea/scripts/check-branch-name.sh Executable file
View File

@@ -0,0 +1,25 @@
#!/usr/bin/env sh
set -eu
branch="${1:-}"
if [ -z "$branch" ]; then
echo "Missing branch name."
exit 1
fi
case "$branch" in
dev|staging|main)
echo "Long-lived branch detected: $branch"
exit 0
;;
esac
if printf "%s" "$branch" | grep -Eq '^(todo|refactor|code)\/[a-z0-9]+([._-][a-z0-9]+)*$'; then
echo "Branch naming valid: $branch"
exit 0
fi
echo "Invalid branch name: $branch"
echo "Expected: todo/<slug> | refactor/<slug> | code/<slug>"
exit 1

17
.gitea/scripts/check-pr-todo-reference.sh Executable file
View File

@@ -0,0 +1,17 @@
#!/usr/bin/env sh
set -eu
body="${1:-}"
if [ -z "$body" ]; then
echo "PR body is empty."
exit 1
fi
if printf "%s" "$body" | grep -Eq 'TODO|todo|\[P[1-3]\]'; then
echo "PR body includes TODO reference."
exit 0
fi
echo "PR body must reference the related TODO item."
exit 1

34
.gitea/scripts/configure-branch-protection.sh Executable file
View File

@@ -0,0 +1,34 @@
#!/usr/bin/env sh
set -eu
if [ "${#}" -ne 4 ]; then
echo "Usage: $0 <base-url> <owner> <repo> <token>"
exit 1
fi
base_url="$1"
owner="$2"
repo="$3"
token="$4"
protect_branch() {
branch="$1"
curl -sS -X POST \
"${base_url}/api/v1/repos/${owner}/${repo}/branch_protections" \
-H "Authorization: token ${token}" \
-H "Content-Type: application/json" \
-d "{
\"branch_name\": \"${branch}\",
\"enable_push\": false,
\"enable_push_whitelist\": false,
\"enable_merge_whitelist\": false,
\"enable_status_check\": true,
\"status_check_contexts\": [\"Governance Checks\", \"Lint Typecheck Unit E2E\"]
}" >/dev/null
}
protect_branch "main"
protect_branch "staging"
echo "Branch protection applied for main and staging."

45
.gitea/scripts/extract-release-notes.sh Normal file
View File

@@ -0,0 +1,45 @@
#!/usr/bin/env sh
set -eu
tag="${1:-}"
if [ -z "$tag" ]; then
echo "Missing release tag argument (expected vX.Y.Z)."
exit 1
fi
if [ ! -f CHANGELOG.md ]; then
echo "CHANGELOG.md not found."
exit 1
fi
version="${tag#v}"
awk -v version="$version" '
BEGIN {
in_section = 0
started = 0
}
/^## / {
if (in_section == 1) {
exit
}
if (index($0, version) > 0) {
in_section = 1
started = 1
print $0
next
}
}
{
if (in_section == 1) {
print $0
}
}
END {
if (started == 0) {
exit 2
}
}
' CHANGELOG.md

80
.gitea/scripts/publish-gitea-release.mjs Normal file
View File

@@ -0,0 +1,80 @@
import { readFileSync } from "node:fs"
const tag = process.env.RELEASE_TAG?.trim()
const releaseName = process.env.RELEASE_NAME?.trim() || tag
const bodyFile = process.env.RELEASE_BODY_FILE?.trim() || ".gitea-release-notes.md"
const serverUrl = process.env.GITHUB_SERVER_URL?.trim()
const repository = process.env.GITHUB_REPOSITORY?.trim()
const token = process.env.GITEA_RELEASE_TOKEN?.trim()
if (!tag) {
throw new Error("RELEASE_TAG is required")
}
if (!serverUrl || !repository) {
throw new Error("GITHUB_SERVER_URL and GITHUB_REPOSITORY are required")
}
if (!token) {
throw new Error("GITEA_RELEASE_TOKEN is required")
}
const body = readFileSync(bodyFile, "utf8")
const baseApi = `${serverUrl.replace(/\/$/, "")}/api/v1/repos/${repository}`
async function request(path, options = {}) {
const response = await fetch(`${baseApi}${path}`, {
...options,
headers: {
"content-type": "application/json",
authorization: `token ${token}`,
...(options.headers ?? {}),
},
})
return response
}
const payload = {
tag_name: tag,
target_commitish: "main",
name: releaseName,
body,
draft: false,
prerelease: false,
}
const existingResponse = await request(`/releases/tags/${encodeURIComponent(tag)}`)
if (existingResponse.ok) {
const existing = await existingResponse.json()
const updateResponse = await request(`/releases/${existing.id}`, {
method: "PATCH",
body: JSON.stringify({
...payload,
target_commitish: existing.target_commitish ?? payload.target_commitish,
}),
})
if (!updateResponse.ok) {
const message = await updateResponse.text()
throw new Error(`Failed to update release: ${updateResponse.status} ${message}`)
}
console.log(`Updated release for tag ${tag}`)
} else if (existingResponse.status === 404) {
const createResponse = await request("/releases", {
method: "POST",
body: JSON.stringify(payload),
})
if (!createResponse.ok) {
const message = await createResponse.text()
throw new Error(`Failed to create release: ${createResponse.status} ${message}`)
}
console.log(`Created release for tag ${tag}`)
} else {
const message = await existingResponse.text()
throw new Error(`Failed to query existing release: ${existingResponse.status} ${message}`)
}

18
.gitea/scripts/validate-tag-version.sh Executable file
View File

@@ -0,0 +1,18 @@
#!/usr/bin/env sh
set -eu
tag="${1:-}"
if [ -z "$tag" ]; then
echo "Missing tag ref name (expected vX.Y.Z)."
exit 1
fi
version="$(node -p "require('./package.json').version")"
if [ "$tag" != "v$version" ]; then
echo "Tag/version mismatch: tag=$tag package.json=$version"
exit 1
fi
echo "Tag matches package.json version: $tag"

113
.gitea/workflows/ci-cd-theoretical.yml
View File

@@ -1,113 +0,0 @@
name: CMS CI/CD (Theoretical)
on:
pull_request:
push:
branches:
- dev
- main
- staging
tags:
- "v*"
workflow_dispatch:
env:
BUN_VERSION: "1.3.5"
jobs:
quality:
name: Lint Typecheck Tests
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: ${{ env.BUN_VERSION }}
- name: Install dependencies
run: bun install --frozen-lockfile
- name: Generate Prisma client
run: bun run db:generate
- name: Lint
run: bun run lint
- name: Typecheck
run: bun run typecheck
- name: Unit and component tests
run: bun run test
- name: E2E suite discovery check
run: bun run test:e2e --list
- name: Conventional commit check (latest commit)
run: bun run commitlint
build_staging_images:
name: Build Staging Images
runs-on: ubuntu-latest
needs: quality
if: github.ref == 'refs/heads/staging'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Build web image (staging)
run: docker build -f apps/web/Dockerfile -t cms-web:staging .
- name: Build admin image (staging)
run: docker build -f apps/admin/Dockerfile -t cms-admin:staging .
build_production_images:
name: Build Production Images
runs-on: ubuntu-latest
needs: quality
if: startsWith(github.ref, 'refs/tags/v')
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Build web image (production)
run: docker build -f apps/web/Dockerfile -t cms-web:${{ github.ref_name }} .
- name: Build admin image (production)
run: docker build -f apps/admin/Dockerfile -t cms-admin:${{ github.ref_name }} .
- name: Generate changelog
run: |
bun install --frozen-lockfile
bun run changelog:release
- name: Push images (placeholder)
run: |
echo "TODO: docker login to registry"
echo "TODO: docker push cms-web:${{ github.ref_name }}"
echo "TODO: docker push cms-admin:${{ github.ref_name }}"
echo "TODO: publish CHANGELOG.md content as release notes"
deploy_staging:
name: Deploy Staging (Placeholder)
runs-on: ubuntu-latest
needs: build_staging_images
if: github.ref == 'refs/heads/staging'
steps:
- name: Deploy placeholder
run: |
echo "TODO: Pull and restart staging compose on target host"
echo "docker compose -f docker-compose.staging.yml up -d"
deploy_production:
name: Deploy Production (Placeholder)
runs-on: ubuntu-latest
needs: build_production_images
if: startsWith(github.ref, 'refs/tags/v')
steps:
- name: Deploy placeholder
run: |
echo "TODO: Pull and restart production compose on target host"
echo "docker compose -f docker-compose.production.yml up -d"

41
.gitea/workflows/ci.yml
View File

@@ -25,9 +25,39 @@ env:
CMS_SUPPORT_LOGIN_KEY: "support-access" CMS_SUPPORT_LOGIN_KEY: "support-access"
jobs: jobs:
governance:
name: Governance Checks
runs-on: node22-bun
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Validate branch naming
run: |
branch="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}"
sh .gitea/scripts/check-branch-name.sh "$branch"
- name: Validate PR TODO reference
if: github.event_name == 'pull_request'
run: |
body='${{ github.event.pull_request.body }}'
sh .gitea/scripts/check-pr-todo-reference.sh "$body"
- name: Commit schema check (latest commit)
uses: oven-sh/setup-bun@v2
with:
bun-version: ${{ env.BUN_VERSION }}
- name: Install dependencies for commitlint
run: bun install --frozen-lockfile
- name: Commitlint
run: bun run commitlint
quality: quality:
name: Lint Typecheck Unit E2E name: Lint Typecheck Unit E2E
runs-on: ubuntu-latest needs: governance
runs-on: node22-bun
services: services:
postgres: postgres:
image: postgres:16-alpine image: postgres:16-alpine
@@ -54,12 +84,21 @@ jobs:
- name: Install dependencies - name: Install dependencies
run: bun install --frozen-lockfile run: bun install --frozen-lockfile
- name: Resolve build metadata
run: |
version=$(bun -e 'const pkg = JSON.parse(await Bun.file("package.json").text()); console.log(pkg.version)')
echo "NEXT_PUBLIC_APP_VERSION=$version" >> "$GITHUB_ENV"
echo "NEXT_PUBLIC_GIT_SHA=${GITHUB_SHA}" >> "$GITHUB_ENV"
- name: Install Playwright browser deps - name: Install Playwright browser deps
run: bunx playwright install --with-deps chromium run: bunx playwright install --with-deps chromium
- name: Lint and format checks - name: Lint and format checks
run: bun run check run: bun run check
- name: Generate Prisma client
run: bun run db:generate
- name: Typecheck - name: Typecheck
run: bun run typecheck run: bun run typecheck

54
.gitea/workflows/deploy.yml Normal file
View File

@@ -0,0 +1,54 @@
name: CMS Deploy
on:
workflow_dispatch:
inputs:
environment:
description: "Target environment"
required: true
type: choice
options:
- staging
- production
image_tag:
description: "Image tag to deploy (e.g. v0.1.0)"
required: true
rollback_tag:
description: "Optional rollback tag"
required: false
jobs:
deploy:
name: Deploy Compose Stack
runs-on: node22-bun
steps:
- name: Resolve deployment target
id: target
run: |
if [ "${{ github.event.inputs.environment }}" = "staging" ]; then
echo "host=${{ secrets.CMS_STAGING_HOST }}" >> "$GITHUB_OUTPUT"
echo "user=${{ secrets.CMS_STAGING_USER }}" >> "$GITHUB_OUTPUT"
echo "compose=docker-compose.staging.yml" >> "$GITHUB_OUTPUT"
else
echo "host=${{ secrets.CMS_PRODUCTION_HOST }}" >> "$GITHUB_OUTPUT"
echo "user=${{ secrets.CMS_PRODUCTION_USER }}" >> "$GITHUB_OUTPUT"
echo "compose=docker-compose.production.yml" >> "$GITHUB_OUTPUT"
fi
- name: Setup SSH
run: |
mkdir -p ~/.ssh
echo "${{ secrets.CMS_DEPLOY_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan -H "${{ steps.target.outputs.host }}" >> ~/.ssh/known_hosts
- name: Deploy image tag
run: |
ssh "${{ steps.target.outputs.user }}@${{ steps.target.outputs.host }}" \
"cd ${{ secrets.CMS_REMOTE_DEPLOY_PATH }} && CMS_IMAGE_TAG=${{ github.event.inputs.image_tag }} docker compose -f ${{ steps.target.outputs.compose }} up -d"
- name: Optional rollback
if: github.event.inputs.rollback_tag != ''
run: |
ssh "${{ steps.target.outputs.user }}@${{ steps.target.outputs.host }}" \
"cd ${{ secrets.CMS_REMOTE_DEPLOY_PATH }} && CMS_IMAGE_TAG=${{ github.event.inputs.rollback_tag }} docker compose -f ${{ steps.target.outputs.compose }} up -d"

103
.gitea/workflows/release.yml Normal file
View File

@@ -0,0 +1,103 @@
name: CMS Release
on:
push:
tags:
- "v*"
workflow_dispatch:
inputs:
release_tag:
description: "Release tag in vX.Y.Z format"
required: false
rollback_image_tag:
description: "Optional rollback image tag"
required: false
env:
BUN_VERSION: "1.3.5"
REGISTRY: ${{ secrets.CMS_IMAGE_REGISTRY }}
IMAGE_NAMESPACE: ${{ secrets.CMS_IMAGE_NAMESPACE }}
jobs:
release:
name: Build Push Changelog
if: github.event_name == 'push' || github.event.inputs.rollback_image_tag == ''
runs-on: node22-bun
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: ${{ env.BUN_VERSION }}
- name: Install dependencies
run: bun install --frozen-lockfile
- name: Resolve release tag
id: tag
run: |
if [ "${GITHUB_EVENT_NAME}" = "workflow_dispatch" ]; then
if [ -z "${{ github.event.inputs.release_tag }}" ]; then
echo "release_tag input is required when publishing a release manually."
exit 1
fi
echo "value=${{ github.event.inputs.release_tag }}" >> "$GITHUB_OUTPUT"
else
echo "value=${GITHUB_REF_NAME}" >> "$GITHUB_OUTPUT"
fi
- name: Validate tag against package version
run: sh .gitea/scripts/validate-tag-version.sh "${{ steps.tag.outputs.value }}"
- name: Generate changelog
run: bun run changelog:release
- name: Build release notes payload
run: |
if ! sh .gitea/scripts/extract-release-notes.sh "${{ steps.tag.outputs.value }}" > .gitea-release-notes.md; then
echo "Could not isolate section for tag ${{ steps.tag.outputs.value }}. Falling back to full CHANGELOG.md."
cp CHANGELOG.md .gitea-release-notes.md
fi
- name: Login to image registry
run: |
echo "${{ secrets.CMS_IMAGE_REGISTRY_PASSWORD }}" | docker login "${{ env.REGISTRY }}" -u "${{ secrets.CMS_IMAGE_REGISTRY_USER }}" --password-stdin
- name: Build and push web image
run: |
image="${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/cms-web:${{ steps.tag.outputs.value }}"
docker build -f apps/web/Dockerfile -t "$image" .
docker push "$image"
- name: Build and push admin image
run: |
image="${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/cms-admin:${{ steps.tag.outputs.value }}"
docker build -f apps/admin/Dockerfile -t "$image" .
docker push "$image"
- name: Publish release notes to Gitea
env:
RELEASE_TAG: ${{ steps.tag.outputs.value }}
RELEASE_NAME: ${{ steps.tag.outputs.value }}
RELEASE_BODY_FILE: ".gitea-release-notes.md"
GITEA_RELEASE_TOKEN: ${{ secrets.GITEA_RELEASE_TOKEN }}
run: bun .gitea/scripts/publish-gitea-release.mjs
rollback:
name: Rollback Production (Manual)
if: github.event_name == 'workflow_dispatch' && github.event.inputs.rollback_image_tag != ''
runs-on: node22-bun
steps:
- name: Setup SSH
run: |
mkdir -p ~/.ssh
echo "${{ secrets.CMS_DEPLOY_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan -H "${{ secrets.CMS_PRODUCTION_HOST }}" >> ~/.ssh/known_hosts
- name: Apply rollback image tag on production
run: |
ssh "${{ secrets.CMS_PRODUCTION_USER }}@${{ secrets.CMS_PRODUCTION_HOST }}" \
"cd ${{ secrets.CMS_REMOTE_DEPLOY_PATH }} && CMS_IMAGE_TAG=${{ github.event.inputs.rollback_image_tag }} docker compose -f docker-compose.production.yml pull && CMS_IMAGE_TAG=${{ github.event.inputs.rollback_image_tag }} docker compose -f docker-compose.production.yml up -d"

5
.gitignore vendored
View File

@@ -24,6 +24,7 @@ test-results
!.env.example !.env.example
!.env.staging.example !.env.staging.example
!.env.production.example !.env.production.example
!.env.gitea-runner.example
# prisma # prisma
packages/db/prisma/dev.db* packages/db/prisma/dev.db*
@@ -31,3 +32,7 @@ packages/db/prisma/generated/
# misc # misc
.DS_Store .DS_Store
# local media storage
.data/
apps/admin/.data/

7
BRANCHING.md
View File

@@ -96,6 +96,13 @@ Apply in repository settings:
Optional: Optional:
- Protect `dev` from direct push if team size/process requires stricter control. - Protect `dev` from direct push if team size/process requires stricter control.
- Automate protection via `.gitea/scripts/configure-branch-protection.sh`.
## Governance Automation
- Branch naming check: `.gitea/scripts/check-branch-name.sh`
- PR TODO reference check: `.gitea/scripts/check-pr-todo-reference.sh`
- PR template: `.gitea/PULL_REQUEST_TEMPLATE.md`
## Commit Signing Notes ## Commit Signing Notes

2
CONTRIBUTING.md
View File

@@ -4,6 +4,8 @@
Follow `BRANCHING.md` for long-lived and task branch rules. Follow `BRANCHING.md` for long-lived and task branch rules.
Pull requests should use `.gitea/PULL_REQUEST_TEMPLATE.md` and link the exact TODO item.
## Commit Message Schema ## Commit Message Schema
This repository uses Conventional Commits. This repository uses Conventional Commits.

16
README.md
View File

@@ -3,6 +3,7 @@
Roadmap and progress are tracked in `TODO.md` (also visible in admin at `/todo`). Roadmap and progress are tracked in `TODO.md` (also visible in admin at `/todo`).
Branch model and promotion flow are documented in `BRANCHING.md`. Branch model and promotion flow are documented in `BRANCHING.md`.
Commit schema and changelog workflow are documented in `CONTRIBUTING.md`. Commit schema and changelog workflow are documented in `CONTRIBUTING.md`.
Versioning and release policy are documented in `VERSIONING.md`.
A baseline monorepo with: A baseline monorepo with:
@@ -96,10 +97,11 @@ bunx playwright install
## Delivery Scaffolding ## Delivery Scaffolding
The repo includes a theoretical CI/CD and deployment baseline: The repo includes a CI/CD and deployment baseline:
- Gitea workflow: `.gitea/workflows/ci-cd-theoretical.yml` - Quality gate workflow: `.gitea/workflows/ci.yml`
- Real quality gate workflow: `.gitea/workflows/ci.yml` - Deployment workflow: `.gitea/workflows/deploy.yml`
- Release workflow: `.gitea/workflows/release.yml`
- App images: - App images:
- `apps/web/Dockerfile` - `apps/web/Dockerfile`
- `apps/admin/Dockerfile` - `apps/admin/Dockerfile`
@@ -118,12 +120,20 @@ Environment examples:
- `.env.staging.example` - `.env.staging.example`
- `.env.production.example` - `.env.production.example`
- `.env.gitea-runner.example`
Notes: Notes:
- `dev` remains your local non-docker Bun workflow. - `dev` remains your local non-docker Bun workflow.
- Staging and production compose files are templates and still require real secrets, registry strategy, and deployment host wiring. - Staging and production compose files are templates and still require real secrets, registry strategy, and deployment host wiring.
Gitea Actions runner compose (self-hosted):
```bash
cp .env.gitea-runner.example .env.gitea-runner
docker compose --env-file .env.gitea-runner -f docker-compose.gitea-runner.yml up -d
```
## Changelog ## Changelog
- Changelog file: `CHANGELOG.md` - Changelog file: `CHANGELOG.md`

181
TODO.md
View File

@@ -32,30 +32,30 @@ This file is the single source of truth for roadmap and delivery progress.
- [x] [P1] First-start onboarding route for initial owner creation (`/welcome`) - [x] [P1] First-start onboarding route for initial owner creation (`/welcome`)
- [x] [P1] Split auth entry points (`/welcome`, `/login`, `/register`) with cross-links - [x] [P1] Split auth entry points (`/welcome`, `/login`, `/register`) with cross-links
- [x] [P2] Support fallback sign-in route (`/support/:key`) as break-glass access - [x] [P2] Support fallback sign-in route (`/support/:key`) as break-glass access
- [~] [P1] Reusable CRUD base patterns (list/detail/editor/service/repository) - [x] [P1] Reusable CRUD base patterns (list/detail/editor/service/repository)
- [~] [P1] Shared CRUD validation strategy (Zod + server-side enforcement) - [x] [P1] Shared CRUD validation strategy (Zod + server-side enforcement)
- [~] [P1] Shared error and audit hooks for CRUD mutations - [x] [P1] Shared error and audit hooks for CRUD mutations
### Admin App ### Admin App
- [x] [P1] Separate Next.js admin app in monorepo - [x] [P1] Separate Next.js admin app in monorepo
- [x] [P1] App Router + TypeScript + `src/` structure - [x] [P1] App Router + TypeScript + `src/` structure
- [x] [P1] Shared DB access via `@cms/db` - [x] [P1] Shared DB access via `@cms/db`
- [~] [P2] Base admin dashboard shell and roadmap page (`/todo`) - [x] [P2] Base admin dashboard shell and roadmap page (`/todo`)
- [x] [P1] Authentication and session model (`admin`, `editor`, `manager`) - [x] [P1] Authentication and session model (`admin`, `editor`, `manager`)
- [x] [P1] Protected admin routes and session handling - [x] [P1] Protected admin routes and session handling
- [~] [P1] Temporary admin posts CRUD sandbox for baseline functional validation - [x] [P1] Temporary admin posts CRUD sandbox for baseline functional validation
- [~] [P1] Core admin IA (pages/media/users/commissions/settings) - [x] [P1] Core admin IA (pages/media/users/commissions/settings)
### Public App ### Public App
- [x] [P1] Separate Next.js public app in monorepo - [x] [P1] Separate Next.js public app in monorepo
- [x] [P1] App Router + TypeScript + `src/` structure - [x] [P1] App Router + TypeScript + `src/` structure
- [~] [P1] Public app connected to shared data layer - [x] [P1] Public app connected to shared data layer
- [ ] [P1] Localized route structure and middleware rules - [x] [P1] Localized route structure and middleware rules
- [ ] [P2] Public layout system (header/footer/navigation) - [x] [P2] Public layout system (header/footer/navigation)
- [ ] [P1] Header banner rendering from CMS-managed content - [x] [P1] Header banner rendering from CMS-managed content
- [ ] [P2] Basic SEO defaults (metadata, OG, sitemap, robots) - [x] [P2] Basic SEO defaults (metadata, OG, sitemap, robots)
### Testing ### Testing
@@ -63,80 +63,126 @@ This file is the single source of truth for roadmap and delivery progress.
- [x] [P1] Playwright baseline with web/admin projects - [x] [P1] Playwright baseline with web/admin projects
- [x] [P1] CI workflow for lint/typecheck/unit/e2e gates - [x] [P1] CI workflow for lint/typecheck/unit/e2e gates
- [x] [P1] Test data strategy (seed fixtures + isolated e2e data) - [x] [P1] Test data strategy (seed fixtures + isolated e2e data)
- [~] [P1] RBAC policy unit tests and permission regression suite - [x] [P1] RBAC policy unit tests and permission regression suite
- [ ] [P1] i18n unit tests (locale resolution, fallback, message key loading) - [x] [P1] i18n unit tests (locale resolution, fallback, message key loading)
- [x] [P1] i18n integration tests (admin/public locale switch and persistence) - [x] [P1] i18n integration tests (admin/public locale switch and persistence)
- [ ] [P1] i18n e2e smoke tests (localized headings/content per route) - [x] [P1] i18n e2e smoke tests (localized headings/content per route)
- [ ] [P1] CRUD contract tests for shared service patterns - [x] [P1] CRUD contract tests for shared service patterns
### Documentation ### Documentation
- [x] [P1] Docs tool baseline added (`docs/` via VitePress) - [x] [P1] Docs tool baseline added (`docs/` via VitePress)
- [x] [P1] RBAC and permission model documentation in docs site - [x] [P1] RBAC and permission model documentation in docs site
- [ ] [P2] i18n conventions docs (keys, namespaces, fallback, translation workflow) - [x] [P2] i18n conventions docs (keys, namespaces, fallback, translation workflow)
- [~] [P1] CRUD base patterns documentation and examples - [x] [P1] CRUD base patterns documentation and examples
- [ ] [P1] Environment and deployment runbook docs (dev/staging/production) - [x] [P1] Environment and deployment runbook docs (dev/staging/production)
- [ ] [P2] API and domain glossary pages - [x] [P2] API and domain glossary pages
- [ ] [P2] Architecture Decision Records (ADR) structure and first ADRs - [x] [P2] Architecture Decision Records (ADR) structure and first ADRs
### Delivery Pipeline And Runtime ### Delivery Pipeline And Runtime
- [x] [P2] Theoretical Gitea Actions workflow scaffold (`.gitea/workflows/ci-cd-theoretical.yml`) - [x] [P2] Gitea workflow baseline (`.gitea/workflows/ci.yml`, `.gitea/workflows/deploy.yml`, `.gitea/workflows/release.yml`)
- [x] [P2] Bun-based Dockerfiles for public and admin apps - [x] [P2] Bun-based Dockerfiles for public and admin apps
- [x] [P2] Staging and production docker-compose templates - [x] [P2] Staging and production docker-compose templates
- [ ] [P1] Registry credentials and image push strategy - [x] [P1] Registry credentials and image push strategy
- [ ] [P1] Staging deployment automation against real host - [~] [P1] Staging deployment automation against real host
- [ ] [P1] Production promotion and rollback procedure - [~] [P1] Production promotion and rollback procedure
### Git Flow And Branching ### Git Flow And Branching
- [ ] [P1] Protect `main` and `staging` branches in Gitea - [~] [P1] Protect `main` and `staging` branches in Gitea
- [ ] [P1] Define PR gates: lint + typecheck + unit + e2e list minimum - [x] [P1] Define PR gates: lint + typecheck + unit + e2e list minimum
- [ ] [P1] Enforce one todo item per branch naming convention - [x] [P1] Enforce one todo item per branch naming convention
- [ ] [P2] Add PR template requiring linked TODO step - [x] [P2] Add PR template requiring linked TODO step
- [ ] [P2] Define branch lifecycle for `todo/*`, `refactor/*`, and `code/*` - [x] [P2] Define branch lifecycle for `todo/*`, `refactor/*`, and `code/*`
- [x] [P2] Conventional commit schema documentation (`CONTRIBUTING.md`) - [x] [P2] Conventional commit schema documentation (`CONTRIBUTING.md`)
- [x] [P2] Changelog scaffold and generation scripts (`CHANGELOG.md`, `bun run changelog:*`) - [x] [P2] Changelog scaffold and generation scripts (`CHANGELOG.md`, `bun run changelog:*`)
- [ ] [P1] Versioning policy definition (SemVer strategy + when to bump major/minor/patch) - [x] [P1] Versioning policy definition (SemVer strategy + when to bump major/minor/patch)
- [ ] [P1] Source of truth for version (`package.json` root) and release tagging rules (`vX.Y.Z`) - [x] [P1] Source of truth for version (`package.json` root) and release tagging rules (`vX.Y.Z`)
- [ ] [P1] Build metadata policy for git hash (`+sha.<short>`) in app runtime footer - [x] [P1] Build metadata policy for git hash (`+sha.<short>`) in app runtime footer
- [ ] [P1] App footer implementation plan for version + commit hash (admin + web) - [x] [P1] App footer implementation plan for version + commit hash (admin + web)
- [ ] [P2] Automated version injection in CI (stamping build from tag + commit hash) - [x] [P2] Automated version injection in CI (stamping build from tag + commit hash)
- [ ] [P2] Validation tests for displayed version/hash consistency per deployment - [x] [P2] Validation tests for displayed version/hash consistency per deployment
- [ ] [P1] Release tagging and changelog publication policy in CI - [x] [P1] Release tagging and changelog publication policy in CI
### MVP0 Close-Out Checklist
- [~] [P1] Verify and document protected branch rules in Gitea (`main`, `staging`)
- [~] [P1] Run first staging deployment against a real host with deploy workflow and document result
- [x] [P1] Replace release workflow placeholders with real release-notes and rollback execution steps
- [x] [P1] Expose runtime version + short git hash in admin and public app footer
- [x] [P2] Add CI build stamping for version/hash values consumed by app footers
- [x] [P2] Add automated tests validating displayed version/hash format and consistency
## MVP 1: Core CMS Business Features ## MVP 1: Core CMS Business Features
### MVP1 Suggested Branch Order
- [x] [P1] `todo/mvp1-media-foundation`:
media model, artwork entity, grouping primitives (gallery/album/category/tag), rendition slots
- [~] [P1] `todo/mvp1-media-upload-pipeline`:
S3/local upload adapter, media processing presets, metadata input flows, admin media CRUD UI
- [~] [P1] `todo/mvp1-pages-navigation-builder`:
page CRUD, navigation tree, reusable page blocks (forms/price cards/gallery embeds)
- [~] [P1] `todo/mvp1-commissions-customers`:
commission request intake + admin CRUD + kanban + customer entity/linking
- [~] [P1] `todo/mvp1-announcements-news`:
announcement management/rendering + news/blog CRUD and public rendering
- [~] [P1] `todo/mvp1-public-rendering-integration`:
public rendering for pages/navigation/media/portfolio/announcements and commissioning entrypoints
- [~] [P1] `todo/mvp1-e2e-happy-paths`:
end-to-end scenarios for page publish, media flow, announcement display, commission flow
### Separate Product Ideas Backlog (Non-Blocking)
- [ ] [P2] Smart homepage section presets for artists (featured artwork, latest news, open commissions)
- [ ] [P2] Portfolio narrative mode (series story + process notes + ordered media sequence)
- [ ] [P2] Reusable CTA/form snippets with per-page override tokens
- [ ] [P2] Lightweight CRM timeline per customer (requests, replies, outcomes)
- [ ] [P3] AI-assisted alt text and metadata suggestion workflow (human approval required)
- [ ] [P3] Auto-generated social crops/promo packs from selected artworks
### Admin App (Primary Focus) ### Admin App (Primary Focus)
- [ ] [P1] Page management (create/edit/publish/unpublish/schedule) - [~] [P1] Page management (create/edit/publish/unpublish/schedule)
- [ ] [P1] Navigation management (menus, nested items, order, visibility) - [ ] [P1] Page builder with reusable content blocks (hero, rich text, gallery, CTA, forms, price cards)
- [ ] [P1] Media library (upload, browse, replace, delete) - [~] [P1] Navigation management (menus, nested items, order, visibility)
- [ ] [P1] Media enrichment metadata (alt text, copyright, author, source, tags) - [~] [P1] Media library (upload, browse, replace, delete) with media-type classification (artwork, banner, promo, generic, video/gif)
- [ ] [P1] Media refinement for artworks (medium, dimensions, year, framing, availability) - [ ] [P1] Media enrichment metadata (alt text, copyright, author, source, tags, licensing, usage context)
- [ ] [P1] Portfolio grouping primitives (galleries, albums, categories, tags) with ordering/visibility controls
- [ ] [P1] Artwork refinement fields (medium, dimensions, year, framing, availability, price visibility)
- [ ] [P1] Artwork rendition management (thumbnail, card, full, retina/custom sizes)
- [ ] [P1] Type-specific processing presets (artwork/banner/promo/video/gif) with validation rules
- [ ] [P1] Users management (invite, roles, status) - [ ] [P1] Users management (invite, roles, status)
- [ ] [P1] Disable/ban user function and enforcement in auth/session checks - [ ] [P1] Disable/ban user function and enforcement in auth/session checks
- [~] [P1] Owner/support protection rules in user management actions (cannot delete/demote) - [~] [P1] Owner/support protection rules in user management actions (cannot delete/demote)
- [ ] [P1] Commissions management (request intake, owner, due date, notes) - [~] [P1] Commissions management (request intake, owner, due date, notes, linked customer, linked artworks)
- [ ] [P1] Kanban workflow for commissions (new, scoped, in-progress, review, done) - [~] [P1] Customer records (contact profile, notes, consent flags, recurrence marker)
- [~] [P1] Customer-to-commission linkage and reuse workflow (no re-entry for recurring customers)
- [~] [P1] Kanban workflow for commissions (new, scoped, in-progress, review, done)
- [ ] [P1] Header banner management (message, CTA, active window) - [ ] [P1] Header banner management (message, CTA, active window)
- [~] [P1] Announcements management (prominent site notices with schedule, priority, and audience targeting)
- [~] [P2] News/blog editorial workflow (draft/review/publish, authoring metadata)
### Public App ### Public App
- [ ] [P1] Dynamic page rendering from CMS page entities - [~] [P1] Dynamic page rendering from CMS page entities
- [ ] [P1] Navigation rendering from managed menu structure - [~] [P1] Navigation rendering from managed menu structure
- [ ] [P1] Media entity rendering with enrichment data - [ ] [P1] Media entity rendering with enrichment data
- [ ] [P1] Portfolio views (gallery/album/category/tag) for artworks with filter and sort controls
- [ ] [P1] Rendition-aware media delivery (thumbnail/card/full) per template slot
- [ ] [P1] Translation-ready content model for public entities (pages/news/navigation labels) - [ ] [P1] Translation-ready content model for public entities (pages/news/navigation labels)
- [ ] [P2] Artwork views and listing filters - [ ] [P2] Artwork views and listing filters
- [ ] [P1] Commission request submission flow - [ ] [P1] Commission request submission flow
- [ ] [P1] Header banner render logic and fallbacks - [ ] [P1] Header banner render logic and fallbacks
- [ ] [P1] Announcement render slots (homepage + optional global/top banner position)
### News / Blog (Secondary Track) ### News / Blog (Secondary Track)
- [ ] [P2] News/blog content type (not primary CMS domain) - [~] [P1] News/blog content type (editorial content for artist updates and process posts)
- [ ] [P2] Admin list/editor for news posts - [~] [P1] Admin list/editor for news posts
- [ ] [P2] Public news index + detail pages - [~] [P1] Public news index + detail pages
- [ ] [P3] Tag/category and basic archive support - [ ] [P2] Tag/category and basic archive support
### Testing ### Testing
@@ -145,9 +191,9 @@ This file is the single source of truth for roadmap and delivery progress.
- [ ] [P1] Integration tests for owner invariant and hidden support-user protection - [ ] [P1] Integration tests for owner invariant and hidden support-user protection
- [ ] [P1] Integration tests for registration allow/deny behavior - [ ] [P1] Integration tests for registration allow/deny behavior
- [ ] [P1] Integration tests for translated content CRUD and locale-specific validation - [ ] [P1] Integration tests for translated content CRUD and locale-specific validation
- [ ] [P1] E2E happy paths: create page, publish, see on public app - [~] [P1] E2E happy paths: create page, publish, see on public app
- [ ] [P1] E2E happy paths: media upload + artwork refinement display - [~] [P1] E2E happy paths: media upload + artwork refinement display
- [ ] [P1] E2E happy paths: commissions kanban transitions - [~] [P1] E2E happy paths: commissions kanban transitions
## MVP 2: Production Readiness ## MVP 2: Production Readiness
@@ -156,6 +202,12 @@ This file is the single source of truth for roadmap and delivery progress.
- [ ] [P1] Audit log for key content operations - [ ] [P1] Audit log for key content operations
- [ ] [P2] Revision history for pages/navigation/media metadata - [ ] [P2] Revision history for pages/navigation/media metadata
- [ ] [P1] Permission matrix refinement with granular scopes - [ ] [P1] Permission matrix refinement with granular scopes
- [ ] [P2] Media processing orchestration UI (queue status, retries, processing diagnostics)
- [ ] [P2] Automatic color palette extraction from artworks (stored for theming/filtering)
- [ ] [P2] Watermark pipeline for artwork renditions with configurable watermark asset/position/opacity
- [ ] [P2] Advanced media transforms by type (video transcode profiles, gif optimization, banner safe-area presets)
- [ ] [P2] Announcement targeting refinement (locale/segment targeting rules)
- [ ] [P2] Customer lifecycle tooling (status stages, communication history, export)
- [ ] [P1] Verify email pipeline and operational templates (welcome/verify/resend) - [ ] [P1] Verify email pipeline and operational templates (welcome/verify/resend)
- [ ] [P1] Forgot password/reset password pipeline and support tooling - [ ] [P1] Forgot password/reset password pipeline and support tooling
- [ ] [P2] GUI page to edit role-permission mappings with safety guardrails - [ ] [P2] GUI page to edit role-permission mappings with safety guardrails
@@ -170,6 +222,7 @@ This file is the single source of truth for roadmap and delivery progress.
- [ ] [P2] Performance budget checks (Core Web Vitals) - [ ] [P2] Performance budget checks (Core Web Vitals)
- [ ] [P1] 404/500 content-aware error pages - [ ] [P1] 404/500 content-aware error pages
- [ ] [P1] Accessibility review and fixes - [ ] [P1] Accessibility review and fixes
- [ ] [P2] Theme assistance from extracted artwork palettes (opt-in per page/section)
### Platform ### Platform
@@ -203,6 +256,30 @@ This file is the single source of truth for roadmap and delivery progress.
- [2026-02-10] Admin self-registration policy is now managed via `/settings` and persisted in `system_setting`; env var is fallback/default only. - [2026-02-10] Admin self-registration policy is now managed via `/settings` and persisted in `system_setting`; env var is fallback/default only.
- [2026-02-10] E2E now runs with deterministic preparation (`test:e2e:prepare`: generate + migrate deploy + seed) before Playwright execution. - [2026-02-10] E2E now runs with deterministic preparation (`test:e2e:prepare`: generate + migrate deploy + seed) before Playwright execution.
- [2026-02-10] CI quality workflow `.gitea/workflows/ci.yml` enforces `check`, `typecheck`, `test`, and `test:e2e` against a PostgreSQL service. - [2026-02-10] CI quality workflow `.gitea/workflows/ci.yml` enforces `check`, `typecheck`, `test`, and `test:e2e` against a PostgreSQL service.
- [2026-02-10] Admin app now uses a shared shell with permission-aware navigation and dedicated IA routes (`/pages`, `/media`, `/users`, `/commissions`).
- [2026-02-10] Public app now has a shared site layout (`banner/header/footer`), DB-backed header banner config, and SEO defaults (`metadata`, `robots`, `sitemap`).
- [2026-02-10] Testing baseline now includes explicit RBAC regression checks, locale-resolution unit tests (admin/web), CRUD service contract tests, and i18n smoke e2e routes.
- [2026-02-10] i18n conventions are now documented as an engineering standard (`docs/product-engineering/i18n-conventions.md`).
- [2026-02-10] Docs now include a domain glossary, public API glossary, and ADR baseline with initial accepted decision (`ADR 0001`).
- [2026-02-10] Delivery and release governance now include branch/PR policy checks, deploy/release workflows, and explicit versioning policy (`VERSIONING.md`).
- [2026-02-11] Release workflow now publishes changelog-derived notes to Gitea releases and supports executable production rollback via SSH + compose tag switch.
- [2026-02-11] Branch protection verification checklist is now documented; final UI-level verification remains environment-specific.
- [2026-02-11] Added a staging deployment execution checklist and deployment-record template to capture first real-host rollout evidence.
- [2026-02-11] Artist-focused feature map refined: MVP1 covers portfolio media/domain CRUD + announcements + customer/commission linking; MVP2 covers advanced automation (watermark, palette extraction, media transform pipelines).
- [2026-02-11] `gaertan` inspiration to reuse: S3 object strategy with signed delivery, commission type/options/extras/custom-input modeling, request-status kanban mapping, and gallery rendition/color extraction patterns.
- [2026-02-11] MVP1 media foundation started: portfolio domain models (`MediaAsset`, `Artwork`, galleries/albums/categories/tags, rendition links) plus initial admin `/media` and `/portfolio` data views.
- [2026-02-11] `prisma migrate dev --name media_foundation` can fail when DB endpoint is unreachable; apply this named migration once `DATABASE_URL` host is reachable again.
- [2026-02-11] MVP1 media foundation now includes baseline create/link workflows in admin (`/media`, `/portfolio`), seeded sample portfolio entities, and schema/service test coverage.
- [2026-02-12] MVP1 media upload pipeline started: admin `/api/media/upload` accepts metadata + file upload with permission checks, stores files via local adapter (`.data/media`), and persists upload metadata to `MediaAsset`.
- [2026-02-12] Upload storage is now provider-based (`local` + `s3`) via `CMS_MEDIA_STORAGE_PROVIDER`; admin-side GUI toggle remains a later MVP item.
- [2026-02-12] Media storage keys now use asset-centric layout (`tenant/<id>/asset/<assetId>/<fileRole>/<assetId>__<variant>.<ext>`) with DB-managed media taxonomy.
- [2026-02-12] Admin media CRUD now includes list-to-detail flow (`/media/:id`) with metadata edit and delete actions.
- [2026-02-12] MVP1 pages/navigation baseline started: `Page`, `NavigationMenu`, and `NavigationItem` models plus admin CRUD routes (`/pages`, `/pages/:id`, `/navigation`).
- [2026-02-12] Public app now renders CMS-managed navigation (header) and CMS-managed pages by slug (including homepage when `home` page exists).
- [2026-02-12] Commissions/customer baseline added: admin `/commissions` now supports customer creation, commission intake, status transitions, and a basic kanban board.
- [2026-02-12] Announcements/news baseline added: admin `/announcements` + `/news` management screens and public announcement rendering slots (`global_top`, `homepage`).
- [2026-02-12] Public news routes now exist at `/news` and `/news/:slug` (detail restricted to published posts).
- [2026-02-12] Added `e2e/happy-paths.pw.ts` covering admin login, page publish/public rendering, announcement rendering, media upload, and commission status transition.
## How We Use This File ## How We Use This File

71
VERSIONING.md Normal file
View File

@@ -0,0 +1,71 @@
# Versioning Policy
## Source Of Truth
- Canonical version: root `package.json` field `version`
- Tag format: `vX.Y.Z`
Tag validation is enforced in CI:
- `.gitea/scripts/validate-tag-version.sh`
## SemVer Strategy
- `major`: breaking API/behavior changes
- `minor`: backward-compatible features
- `patch`: backward-compatible fixes
## Build Metadata Policy
Use git metadata in runtime display format:
- `<version>+sha.<short>`
Example:
- `0.1.0+sha.a1b2c3d`
## Footer Display Plan (Admin + Web)
Planned runtime footer fields:
- app name
- version from root `package.json`
- commit hash (short)
- environment (`dev|staging|production`)
Implementation note:
- inject values at build/deploy time through env vars
- render in shared footer components
## CI Version Injection
Release/deploy workflows pass release tag and commit metadata:
- `.gitea/workflows/release.yml`
- `.gitea/workflows/deploy.yml`
Required inputs:
- release tag (`vX.Y.Z`)
- image tag for deployment
## Validation Strategy
CI validations:
- tag equals `v${package.json.version}`
- required checks pass before release builds
Runtime validations (planned):
- smoke tests assert footer version/hash format
- environment-specific deployment checks assert expected image tag
## Changelog and Release Publication
- changelog generation command:
- `bun run changelog:release`
- release workflow generates changelog on tag pipeline
- release notes publication remains a dedicated step in CI workflow.

1
apps/admin/package.json
View File

@@ -12,6 +12,7 @@
"typecheck": "tsc -p tsconfig.json --noEmit" "typecheck": "tsc -p tsconfig.json --noEmit"
}, },
"dependencies": { "dependencies": {
"@aws-sdk/client-s3": "3.988.0",
"@cms/content": "workspace:*", "@cms/content": "workspace:*",
"@cms/db": "workspace:*", "@cms/db": "workspace:*",
"@cms/i18n": "workspace:*", "@cms/i18n": "workspace:*",

423
apps/admin/src/app/announcements/page.tsx Normal file
View File

@@ -0,0 +1,423 @@
import {
createAnnouncement,
deleteAnnouncement,
listAnnouncements,
updateAnnouncement,
} from "@cms/db"
import { Button } from "@cms/ui/button"
import { revalidatePath } from "next/cache"
import { redirect } from "next/navigation"
import { AdminShell } from "@/components/admin-shell"
import { requirePermissionForRoute } from "@/lib/route-guards"
export const dynamic = "force-dynamic"
type SearchParamsInput = Record<string, string | string[] | undefined>
function readFirstValue(value: string | string[] | undefined): string | null {
if (Array.isArray(value)) {
return value[0] ?? null
}
return value ?? null
}
function readInputString(formData: FormData, field: string): string {
const value = formData.get(field)
return typeof value === "string" ? value.trim() : ""
}
function readNullableString(formData: FormData, field: string): string | null {
const value = readInputString(formData, field)
return value.length > 0 ? value : null
}
function readNullableDate(formData: FormData, field: string): Date | null {
const value = readInputString(formData, field)
if (!value) {
return null
}
const parsed = new Date(value)
if (Number.isNaN(parsed.getTime())) {
return null
}
return parsed
}
function readInt(formData: FormData, field: string, fallback = 100): number {
const value = readInputString(formData, field)
if (!value) {
return fallback
}
const parsed = Number.parseInt(value, 10)
if (!Number.isFinite(parsed)) {
return fallback
}
return parsed
}
function redirectWithState(params: { notice?: string; error?: string }) {
const query = new URLSearchParams()
if (params.notice) {
query.set("notice", params.notice)
}
if (params.error) {
query.set("error", params.error)
}
const value = query.toString()
redirect(value ? `/announcements?${value}` : "/announcements")
}
async function createAnnouncementAction(formData: FormData) {
"use server"
await requirePermissionForRoute({
nextPath: "/announcements",
permission: "banner:write",
scope: "global",
})
try {
await createAnnouncement({
title: readInputString(formData, "title"),
message: readInputString(formData, "message"),
placement: readInputString(formData, "placement"),
priority: readInt(formData, "priority", 100),
ctaLabel: readNullableString(formData, "ctaLabel"),
ctaHref: readNullableString(formData, "ctaHref"),
startsAt: readNullableDate(formData, "startsAt"),
endsAt: readNullableDate(formData, "endsAt"),
isVisible: readInputString(formData, "isVisible") === "true",
})
} catch {
redirectWithState({ error: "Failed to create announcement." })
}
revalidatePath("/announcements")
revalidatePath("/")
redirectWithState({ notice: "Announcement created." })
}
async function updateAnnouncementAction(formData: FormData) {
"use server"
await requirePermissionForRoute({
nextPath: "/announcements",
permission: "banner:write",
scope: "global",
})
try {
await updateAnnouncement({
id: readInputString(formData, "id"),
title: readInputString(formData, "title"),
message: readInputString(formData, "message"),
placement: readInputString(formData, "placement"),
priority: readInt(formData, "priority", 100),
ctaLabel: readNullableString(formData, "ctaLabel"),
ctaHref: readNullableString(formData, "ctaHref"),
startsAt: readNullableDate(formData, "startsAt"),
endsAt: readNullableDate(formData, "endsAt"),
isVisible: readInputString(formData, "isVisible") === "true",
})
} catch {
redirectWithState({ error: "Failed to update announcement." })
}
revalidatePath("/announcements")
revalidatePath("/")
redirectWithState({ notice: "Announcement updated." })
}
async function deleteAnnouncementAction(formData: FormData) {
"use server"
await requirePermissionForRoute({
nextPath: "/announcements",
permission: "banner:write",
scope: "global",
})
try {
await deleteAnnouncement(readInputString(formData, "id"))
} catch {
redirectWithState({ error: "Failed to delete announcement." })
}
revalidatePath("/announcements")
revalidatePath("/")
redirectWithState({ notice: "Announcement deleted." })
}
function dateInputValue(value: Date | null): string {
if (!value) {
return ""
}
return value.toISOString().slice(0, 10)
}
export default async function AnnouncementsPage({
searchParams,
}: {
searchParams: Promise<SearchParamsInput>
}) {
const role = await requirePermissionForRoute({
nextPath: "/announcements",
permission: "banner:read",
scope: "global",
})
const [resolvedSearchParams, announcements] = await Promise.all([
searchParams,
listAnnouncements(200),
])
const notice = readFirstValue(resolvedSearchParams.notice)
const error = readFirstValue(resolvedSearchParams.error)
return (
<AdminShell
role={role}
activePath="/announcements"
badge="Admin App"
title="Announcements"
description="Manage public site announcements with schedule and placement controls."
>
{notice ? (
<section className="rounded-xl border border-emerald-300 bg-emerald-50 px-4 py-3 text-sm text-emerald-800">
{notice}
</section>
) : null}
{error ? (
<section className="rounded-xl border border-red-300 bg-red-50 px-4 py-3 text-sm text-red-800">
{error}
</section>
) : null}
<section className="rounded-xl border border-neutral-200 p-6">
<h2 className="text-xl font-medium">Create Announcement</h2>
<form action={createAnnouncementAction} className="mt-4 space-y-3">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Title</span>
<input
name="title"
required
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Message</span>
<textarea
name="message"
rows={3}
required
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<div className="grid gap-3 md:grid-cols-3">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Placement</span>
<select
name="placement"
defaultValue="global_top"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
>
<option value="global_top">global_top</option>
<option value="homepage">homepage</option>
</select>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Priority</span>
<input
name="priority"
type="number"
min={0}
defaultValue="100"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="inline-flex items-center gap-2 pt-6 text-sm text-neutral-700">
<input
name="isVisible"
type="checkbox"
value="true"
defaultChecked
className="size-4"
/>
Visible
</label>
</div>
<div className="grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">CTA label</span>
<input
name="ctaLabel"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">CTA href</span>
<input
name="ctaHref"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
</div>
<div className="grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Starts at</span>
<input
name="startsAt"
type="date"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Ends at</span>
<input
name="endsAt"
type="date"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
</div>
<Button type="submit">Create announcement</Button>
</form>
</section>
<section className="space-y-3">
{announcements.length === 0 ? (
<article className="rounded-xl border border-neutral-200 p-6 text-sm text-neutral-600">
No announcements yet.
</article>
) : (
announcements.map((announcement) => (
<form
key={announcement.id}
action={updateAnnouncementAction}
className="rounded-xl border border-neutral-200 p-6"
>
<input type="hidden" name="id" value={announcement.id} />
<div className="grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Title</span>
<input
name="title"
defaultValue={announcement.title}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Placement</span>
<select
name="placement"
defaultValue={announcement.placement}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
>
<option value="global_top">global_top</option>
<option value="homepage">homepage</option>
</select>
</label>
</div>
<label className="mt-3 block space-y-1">
<span className="text-xs text-neutral-600">Message</span>
<textarea
name="message"
rows={2}
defaultValue={announcement.message}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<div className="mt-3 grid gap-3 md:grid-cols-3">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Priority</span>
<input
name="priority"
type="number"
min={0}
defaultValue={announcement.priority}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Starts</span>
<input
name="startsAt"
type="date"
defaultValue={dateInputValue(announcement.startsAt)}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Ends</span>
<input
name="endsAt"
type="date"
defaultValue={dateInputValue(announcement.endsAt)}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
</div>
<div className="mt-3 grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">CTA label</span>
<input
name="ctaLabel"
defaultValue={announcement.ctaLabel ?? ""}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">CTA href</span>
<input
name="ctaHref"
defaultValue={announcement.ctaHref ?? ""}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
</div>
<div className="mt-3 flex flex-wrap items-center justify-between gap-3">
<label className="inline-flex items-center gap-2 text-sm text-neutral-700">
<input
name="isVisible"
type="checkbox"
value="true"
defaultChecked={announcement.isVisible}
className="size-4"
/>
Visible
</label>
<div className="flex items-center gap-2">
<Button type="submit" size="sm">
Save
</Button>
<button
type="submit"
formAction={deleteAnnouncementAction}
className="rounded-md border border-red-300 px-3 py-2 text-sm text-red-700"
>
Delete
</button>
</div>
</div>
</form>
))
)}
</section>
</AdminShell>
)
}

120
apps/admin/src/app/api/media/file/[id]/route.ts Normal file
View File

@@ -0,0 +1,120 @@
import { readFile } from "node:fs/promises"
import path from "node:path"
import { GetObjectCommand } from "@aws-sdk/client-s3"
import { hasPermission } from "@cms/content/rbac"
import { getMediaAssetById } from "@cms/db"
import { auth, resolveRoleFromAuthSession } from "@/lib/auth/server"
import { resolveLocalMediaBaseDirectory } from "@/lib/media/local-storage"
import { createS3Client, resolveS3Config } from "@/lib/media/s3-storage"
import { resolveMediaStorageProvider } from "@/lib/media/storage"
export const runtime = "nodejs"
type RouteContext = {
params: Promise<{ id: string }>
}
async function readFromLocalStorage(storageKey: string): Promise<Uint8Array> {
const baseDirectory = resolveLocalMediaBaseDirectory()
const outputPath = path.join(baseDirectory, storageKey)
return readFile(outputPath)
}
async function readFromS3Storage(storageKey: string): Promise<Uint8Array> {
const config = resolveS3Config()
const client = createS3Client(config)
const response = await client.send(
new GetObjectCommand({
Bucket: config.bucket,
Key: storageKey,
}),
)
if (!response.Body) {
throw new Error("S3 object body is empty")
}
return response.Body.transformToByteArray()
}
function toBody(data: Uint8Array): BodyInit {
const bytes = new Uint8Array(data.byteLength)
bytes.set(data)
return bytes
}
export async function GET(request: Request, context: RouteContext): Promise<Response> {
const session = await auth.api
.getSession({
headers: request.headers,
})
.catch(() => null)
const role = resolveRoleFromAuthSession(session)
if (!role) {
return Response.json(
{
message: "Unauthorized",
},
{ status: 401 },
)
}
if (!hasPermission(role, "media:read", "team")) {
return Response.json(
{
message: "Missing permission: media:read",
},
{ status: 403 },
)
}
const { id } = await context.params
const asset = await getMediaAssetById(id)
if (!asset || !asset.storageKey) {
return Response.json(
{
message: "Media file not found",
},
{ status: 404 },
)
}
const preferred = resolveMediaStorageProvider(process.env.CMS_MEDIA_STORAGE_PROVIDER)
const reads =
preferred === "s3"
? [
() => readFromS3Storage(asset.storageKey as string),
() => readFromLocalStorage(asset.storageKey as string),
]
: [
() => readFromLocalStorage(asset.storageKey as string),
() => readFromS3Storage(asset.storageKey as string),
]
for (const read of reads) {
try {
const data = await read()
return new Response(toBody(data), {
status: 200,
headers: {
"content-type": asset.mimeType || "application/octet-stream",
"cache-control": "private, max-age=0, no-store",
},
})
} catch {
// Try next backend.
}
}
return Response.json(
{
message: "Unable to read media file from configured storage backends",
},
{ status: 404 },
)
}

207
apps/admin/src/app/api/media/upload/route.ts Normal file
View File

@@ -0,0 +1,207 @@
import { randomUUID } from "node:crypto"
import { hasPermission } from "@cms/content/rbac"
import { createMediaAsset } from "@cms/db"
import { auth, resolveRoleFromAuthSession } from "@/lib/auth/server"
import { storeUpload } from "@/lib/media/storage"
export const runtime = "nodejs"
const MAX_UPLOAD_BYTES = Number(process.env.CMS_MEDIA_UPLOAD_MAX_BYTES ?? 25 * 1024 * 1024)
type AllowedRule = {
mimePrefix?: string
mimeExact?: string[]
}
const ALLOWED_MIME_BY_TYPE: Record<string, AllowedRule> = {
artwork: {
mimePrefix: "image/",
},
banner: {
mimePrefix: "image/",
},
promotion: {
mimePrefix: "image/",
},
video: {
mimePrefix: "video/",
},
gif: {
mimeExact: ["image/gif"],
},
generic: {
mimePrefix: "",
},
}
function parseTextField(formData: FormData, field: string): string {
const value = formData.get(field)
return typeof value === "string" ? value.trim() : ""
}
function parseOptionalField(formData: FormData, field: string): string | undefined {
const value = parseTextField(formData, field)
return value.length > 0 ? value : undefined
}
function parseTags(formData: FormData): string[] {
const value = parseTextField(formData, "tags")
if (!value) {
return []
}
return value
.split(",")
.map((item) => item.trim())
.filter((item) => item.length > 0)
}
function deriveTitleFromFilename(fileName: string): string {
const trimmed = fileName.trim()
if (!trimmed) {
return "Untitled media"
}
const dotIndex = trimmed.lastIndexOf(".")
const base = dotIndex > 0 ? trimmed.slice(0, dotIndex) : trimmed
const normalized = base.trim()
return normalized.length > 0 ? normalized : "Untitled media"
}
function isMimeAllowed(mediaType: string, mimeType: string): boolean {
const rule = ALLOWED_MIME_BY_TYPE[mediaType]
if (!rule) {
return false
}
if (rule.mimeExact?.includes(mimeType)) {
return true
}
if (rule.mimePrefix === "") {
return true
}
return rule.mimePrefix ? mimeType.startsWith(rule.mimePrefix) : false
}
function badRequest(message: string): Response {
return Response.json(
{
message,
},
{ status: 400 },
)
}
export async function POST(request: Request): Promise<Response> {
const session = await auth.api
.getSession({
headers: request.headers,
})
.catch(() => null)
const role = resolveRoleFromAuthSession(session)
if (!role) {
return Response.json(
{
message: "Unauthorized",
},
{ status: 401 },
)
}
if (!hasPermission(role, "media:write", "team")) {
return Response.json(
{
message: "Missing permission: media:write",
},
{ status: 403 },
)
}
const formData = await request.formData().catch(() => null)
if (!formData) {
return badRequest("Invalid form payload.")
}
const type = parseTextField(formData, "type")
const fileEntry = formData.get("file")
if (!type) {
return badRequest("Type is required.")
}
if (!(fileEntry instanceof File)) {
return badRequest("File is required.")
}
if (fileEntry.size === 0) {
return badRequest("File is empty.")
}
if (fileEntry.size > MAX_UPLOAD_BYTES) {
return badRequest(
`File is too large. Maximum upload is ${Math.floor(MAX_UPLOAD_BYTES / 1024 / 1024)} MB.`,
)
}
if (!isMimeAllowed(type, fileEntry.type)) {
return badRequest(`File type ${fileEntry.type || "unknown"} is not allowed for ${type}.`)
}
const title = parseTextField(formData, "title") || deriveTitleFromFilename(fileEntry.name)
const mediaAssetId = randomUUID()
const variant = "original"
const fileRole = "original"
try {
const stored = await storeUpload({
file: fileEntry,
assetId: mediaAssetId,
variant,
fileRole,
})
const created = await createMediaAsset({
id: mediaAssetId,
title,
type,
description: parseOptionalField(formData, "description"),
altText: parseOptionalField(formData, "altText"),
source: parseOptionalField(formData, "source"),
copyright: parseOptionalField(formData, "copyright"),
author: parseOptionalField(formData, "author"),
tags: parseTags(formData),
storageKey: stored.storageKey,
mimeType: fileEntry.type || undefined,
sizeBytes: fileEntry.size,
isPublished: parseTextField(formData, "isPublished") === "true",
})
return Response.json(
{
id: created.id,
provider: stored.provider,
warning: stored.fallbackReason,
notice: "Media uploaded successfully.",
},
{ status: 201 },
)
} catch (error) {
const message = error instanceof Error ? error.message : "Upload failed. Please try again."
return Response.json(
{
message,
},
{ status: 500 },
)
}
}

454
apps/admin/src/app/commissions/page.tsx Normal file
View File

@@ -0,0 +1,454 @@
import {
commissionKanbanOrder,
createCommission,
createCustomer,
listCommissions,
listCustomers,
updateCommissionStatus,
} from "@cms/db"
import { Button } from "@cms/ui/button"
import { revalidatePath } from "next/cache"
import { redirect } from "next/navigation"
import { AdminShell } from "@/components/admin-shell"
import { requirePermissionForRoute } from "@/lib/route-guards"
export const dynamic = "force-dynamic"
type SearchParamsInput = Record<string, string | string[] | undefined>
function readFirstValue(value: string | string[] | undefined): string | null {
if (Array.isArray(value)) {
return value[0] ?? null
}
return value ?? null
}
function readInputString(formData: FormData, field: string): string {
const value = formData.get(field)
return typeof value === "string" ? value.trim() : ""
}
function readNullableString(formData: FormData, field: string): string | null {
const value = readInputString(formData, field)
return value.length > 0 ? value : null
}
function readNullableNumber(formData: FormData, field: string): number | null {
const value = readInputString(formData, field)
if (!value) {
return null
}
const parsed = Number.parseFloat(value)
if (!Number.isFinite(parsed)) {
return null
}
return parsed
}
function readNullableDate(formData: FormData, field: string): Date | null {
const value = readInputString(formData, field)
if (!value) {
return null
}
const parsed = new Date(value)
if (Number.isNaN(parsed.getTime())) {
return null
}
return parsed
}
function redirectWithState(params: { notice?: string; error?: string }) {
const query = new URLSearchParams()
if (params.notice) {
query.set("notice", params.notice)
}
if (params.error) {
query.set("error", params.error)
}
const value = query.toString()
redirect(value ? `/commissions?${value}` : "/commissions")
}
async function createCustomerAction(formData: FormData) {
"use server"
await requirePermissionForRoute({
nextPath: "/commissions",
permission: "commissions:write",
scope: "own",
})
try {
await createCustomer({
name: readInputString(formData, "name"),
email: readNullableString(formData, "email"),
phone: readNullableString(formData, "phone"),
instagram: readNullableString(formData, "instagram"),
notes: readNullableString(formData, "notes"),
isRecurring: readInputString(formData, "isRecurring") === "true",
})
} catch {
redirectWithState({ error: "Failed to create customer." })
}
revalidatePath("/commissions")
redirectWithState({ notice: "Customer created." })
}
async function createCommissionAction(formData: FormData) {
"use server"
await requirePermissionForRoute({
nextPath: "/commissions",
permission: "commissions:write",
scope: "own",
})
try {
await createCommission({
title: readInputString(formData, "title"),
description: readNullableString(formData, "description"),
status: readInputString(formData, "status"),
customerId: readNullableString(formData, "customerId"),
assignedUserId: readNullableString(formData, "assignedUserId"),
budgetMin: readNullableNumber(formData, "budgetMin"),
budgetMax: readNullableNumber(formData, "budgetMax"),
dueAt: readNullableDate(formData, "dueAt"),
})
} catch {
redirectWithState({ error: "Failed to create commission." })
}
revalidatePath("/commissions")
redirectWithState({ notice: "Commission created." })
}
async function updateCommissionStatusAction(formData: FormData) {
"use server"
await requirePermissionForRoute({
nextPath: "/commissions",
permission: "commissions:transition",
scope: "own",
})
try {
await updateCommissionStatus({
id: readInputString(formData, "id"),
status: readInputString(formData, "status"),
})
} catch {
redirectWithState({ error: "Failed to transition commission." })
}
revalidatePath("/commissions")
redirectWithState({ notice: "Commission status updated." })
}
function formatDate(value: Date | null) {
if (!value) {
return "-"
}
return value.toLocaleDateString("en-US")
}
export default async function CommissionsManagementPage({
searchParams,
}: {
searchParams: Promise<SearchParamsInput>
}) {
const role = await requirePermissionForRoute({
nextPath: "/commissions",
permission: "commissions:read",
scope: "own",
})
const [resolvedSearchParams, customers, commissions] = await Promise.all([
searchParams,
listCustomers(200),
listCommissions(300),
])
const notice = readFirstValue(resolvedSearchParams.notice)
const error = readFirstValue(resolvedSearchParams.error)
return (
<AdminShell
role={role}
activePath="/commissions"
badge="Admin App"
title="Commissions"
description="Manage customers and commission requests with kanban-style status transitions."
>
{notice ? (
<section className="rounded-xl border border-emerald-300 bg-emerald-50 px-4 py-3 text-sm text-emerald-800">
{notice}
</section>
) : null}
{error ? (
<section className="rounded-xl border border-red-300 bg-red-50 px-4 py-3 text-sm text-red-800">
{error}
</section>
) : null}
<section className="grid gap-4 xl:grid-cols-2">
<article className="rounded-xl border border-neutral-200 p-6">
<h2 className="text-xl font-medium">Create Customer</h2>
<form action={createCustomerAction} className="mt-4 space-y-3">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Name</span>
<input
name="name"
required
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<div className="grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Email</span>
<input
name="email"
type="email"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Phone</span>
<input
name="phone"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
</div>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Instagram</span>
<input
name="instagram"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Notes</span>
<textarea
name="notes"
rows={3}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="inline-flex items-center gap-2 text-sm text-neutral-700">
<input name="isRecurring" type="checkbox" value="true" className="size-4" />
Recurring customer
</label>
<Button type="submit">Create customer</Button>
</form>
</article>
<article className="rounded-xl border border-neutral-200 p-6">
<h2 className="text-xl font-medium">Create Commission</h2>
<form action={createCommissionAction} className="mt-4 space-y-3">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Title</span>
<input
name="title"
required
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Description</span>
<textarea
name="description"
rows={3}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<div className="grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Status</span>
<select
name="status"
defaultValue="new"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
>
{commissionKanbanOrder.map((status) => (
<option key={status} value={status}>
{status}
</option>
))}
</select>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Customer</span>
<select
name="customerId"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
>
<option value="">(none)</option>
{customers.map((customer) => (
<option key={customer.id} value={customer.id}>
{customer.name}
</option>
))}
</select>
</label>
</div>
<div className="grid gap-3 md:grid-cols-3">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Assigned user id</span>
<input
name="assignedUserId"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Budget min</span>
<input
name="budgetMin"
type="number"
min={0}
step="0.01"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Budget max</span>
<input
name="budgetMax"
type="number"
min={0}
step="0.01"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
</div>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Due date</span>
<input
name="dueAt"
type="date"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<Button type="submit">Create commission</Button>
</form>
</article>
</section>
<section className="space-y-4">
<h2 className="text-xl font-medium">Kanban Board</h2>
<div className="grid gap-3 xl:grid-cols-6">
{commissionKanbanOrder.map((status) => {
const items = commissions.filter((commission) => commission.status === status)
return (
<article
key={status}
className="rounded-xl border border-neutral-200 bg-neutral-50 p-3"
>
<header className="mb-3 flex items-center justify-between">
<h3 className="text-sm font-semibold uppercase tracking-wide text-neutral-700">
{status}
</h3>
<span className="text-xs text-neutral-500">{items.length}</span>
</header>
<div className="space-y-2">
{items.length === 0 ? (
<p className="text-xs text-neutral-500">No commissions</p>
) : (
items.map((commission) => (
<form
key={commission.id}
action={updateCommissionStatusAction}
className="rounded border border-neutral-200 bg-white p-2"
>
<input type="hidden" name="id" value={commission.id} />
<div className="space-y-1">
<p className="text-sm font-medium">{commission.title}</p>
<p className="text-xs text-neutral-600">
{commission.customer?.name ?? "No customer"}
</p>
<p className="text-xs text-neutral-500">
Due: {formatDate(commission.dueAt)}
</p>
</div>
<div className="mt-2 flex items-center gap-2">
<select
name="status"
defaultValue={commission.status}
className="w-full rounded border border-neutral-300 px-2 py-1 text-xs"
>
{commissionKanbanOrder.map((value) => (
<option key={value} value={value}>
{value}
</option>
))}
</select>
<button
type="submit"
className="rounded border border-neutral-300 px-2 py-1 text-xs"
>
Move
</button>
</div>
</form>
))
)}
</div>
</article>
)
})}
</div>
</section>
<section className="rounded-xl border border-neutral-200 p-6">
<h2 className="text-xl font-medium">Customers</h2>
<div className="mt-4 overflow-x-auto">
<table className="min-w-full text-left text-sm">
<thead className="text-xs uppercase tracking-wide text-neutral-500">
<tr>
<th className="py-2 pr-4">Name</th>
<th className="py-2 pr-4">Email</th>
<th className="py-2 pr-4">Phone</th>
<th className="py-2 pr-4">Recurring</th>
</tr>
</thead>
<tbody>
{customers.length === 0 ? (
<tr>
<td className="py-3 text-neutral-500" colSpan={4}>
No customers yet.
</td>
</tr>
) : (
customers.map((customer) => (
<tr key={customer.id} className="border-t border-neutral-200">
<td className="py-3 pr-4">{customer.name}</td>
<td className="py-3 pr-4 text-neutral-600">{customer.email ?? "-"}</td>
<td className="py-3 pr-4 text-neutral-600">{customer.phone ?? "-"}</td>
<td className="py-3 pr-4">{customer.isRecurring ? "yes" : "no"}</td>
</tr>
))
)}
</tbody>
</table>
</div>
</section>
</AdminShell>
)
}

423
apps/admin/src/app/media/[id]/page.tsx Normal file
View File

@@ -0,0 +1,423 @@
import { deleteMediaAsset, getMediaAssetById, updateMediaAsset } from "@cms/db"
import { Button } from "@cms/ui/button"
import Link from "next/link"
import { redirect } from "next/navigation"
import { AdminShell } from "@/components/admin-shell"
import { deleteStoredMediaObject } from "@/lib/media/storage"
import { requirePermissionForRoute } from "@/lib/route-guards"
export const dynamic = "force-dynamic"
type SearchParamsInput = Record<string, string | string[] | undefined>
type PageProps = {
params: Promise<{ id: string }>
searchParams: Promise<SearchParamsInput>
}
function readFirstValue(value: string | string[] | undefined): string | null {
if (Array.isArray(value)) {
return value[0] ?? null
}
return value ?? null
}
function readInputString(formData: FormData, field: string): string {
const value = formData.get(field)
return typeof value === "string" ? value.trim() : ""
}
function readNullableString(formData: FormData, field: string): string | null {
const value = readInputString(formData, field)
return value.length > 0 ? value : null
}
function readNullableInt(formData: FormData, field: string): number | null {
const value = readInputString(formData, field)
if (!value) {
return null
}
const parsed = Number.parseInt(value, 10)
if (!Number.isFinite(parsed)) {
return null
}
return parsed
}
function readTags(formData: FormData): string[] {
const raw = readInputString(formData, "tags")
if (!raw) {
return []
}
return raw
.split(",")
.map((item) => item.trim())
.filter((item) => item.length > 0)
}
function redirectWithState(mediaAssetId: string, params: { notice?: string; error?: string }) {
const query = new URLSearchParams()
if (params.notice) {
query.set("notice", params.notice)
}
if (params.error) {
query.set("error", params.error)
}
const value = query.toString()
redirect(value ? `/media/${mediaAssetId}?${value}` : `/media/${mediaAssetId}`)
}
function toLocalDateTimeInputValue(date: Date): string {
const offset = date.getTimezoneOffset() * 60_000
return new Date(date.getTime() - offset).toISOString().slice(0, 16)
}
export default async function MediaAssetEditorPage({ params, searchParams }: PageProps) {
const role = await requirePermissionForRoute({
nextPath: "/media",
permission: "media:read",
scope: "team",
})
const resolvedParams = await params
const mediaAssetId = resolvedParams.id
const [resolvedSearchParams, asset] = await Promise.all([
searchParams,
getMediaAssetById(mediaAssetId),
])
if (!asset) {
redirect("/media?error=Media+asset+not+found")
}
const mediaAsset = asset
const notice = readFirstValue(resolvedSearchParams.notice)
const error = readFirstValue(resolvedSearchParams.error)
const previewUrl = mediaAsset.storageKey ? `/api/media/file/${mediaAsset.id}` : null
const isImage = Boolean(mediaAsset.mimeType?.startsWith("image/"))
const isVideo = Boolean(mediaAsset.mimeType?.startsWith("video/"))
async function updateMediaAssetAction(formData: FormData) {
"use server"
await requirePermissionForRoute({
nextPath: "/media",
permission: "media:write",
scope: "team",
})
try {
await updateMediaAsset({
id: mediaAssetId,
title: readInputString(formData, "title"),
type: readInputString(formData, "type"),
description: readNullableString(formData, "description"),
altText: readNullableString(formData, "altText"),
source: readNullableString(formData, "source"),
copyright: readNullableString(formData, "copyright"),
author: readNullableString(formData, "author"),
tags: readTags(formData),
mimeType: readNullableString(formData, "mimeType"),
width: readNullableInt(formData, "width"),
height: readNullableInt(formData, "height"),
sizeBytes: readNullableInt(formData, "sizeBytes"),
isPublished: readInputString(formData, "isPublished") === "true",
})
} catch {
redirectWithState(mediaAssetId, {
error: "Failed to update media asset. Validate values and try again.",
})
}
redirectWithState(mediaAssetId, { notice: "Media asset updated." })
}
async function deleteMediaAssetAction() {
"use server"
await requirePermissionForRoute({
nextPath: "/media",
permission: "media:write",
scope: "team",
})
try {
if (mediaAsset.storageKey) {
await deleteStoredMediaObject(mediaAsset.storageKey)
}
await deleteMediaAsset(mediaAssetId)
} catch {
redirectWithState(mediaAssetId, {
error:
"Failed to delete media asset and file from storage. Check storage config and links.",
})
}
redirect("/media?notice=Media+asset+deleted")
}
return (
<AdminShell
role={role}
activePath="/media"
badge="Admin App"
title="Media Asset"
description="View, edit, and delete uploaded media metadata."
>
{notice ? (
<section className="rounded-xl border border-emerald-300 bg-emerald-50 px-4 py-3 text-sm text-emerald-800">
{notice}
</section>
) : null}
{error ? (
<section className="rounded-xl border border-red-300 bg-red-50 px-4 py-3 text-sm text-red-800">
{error}
</section>
) : null}
<section className="rounded-xl border border-neutral-200 p-6">
<h3 className="text-lg font-medium">Preview</h3>
<p className="mt-1 text-sm text-neutral-600">
{mediaAsset.mimeType ? `MIME: ${mediaAsset.mimeType}` : "MIME: unknown"}
</p>
<div className="mt-4 rounded-lg border border-neutral-200 bg-neutral-50 p-3">
{!previewUrl ? (
<p className="text-sm text-neutral-600">
No stored file is linked for this media asset.
</p>
) : isImage ? (
// biome-ignore lint/performance/noImgElement: Auth-protected media preview requires direct browser request with session cookies.
<img
src={previewUrl}
alt={mediaAsset.altText || mediaAsset.title}
className="max-h-[26rem] w-auto rounded border border-neutral-200 bg-white"
/>
) : isVideo ? (
// biome-ignore lint/a11y/useMediaCaption: Preview uses source assets without guaranteed caption tracks.
<video
src={previewUrl}
controls
preload="metadata"
className="max-h-[26rem] w-full rounded border border-neutral-200 bg-black"
/>
) : (
<p className="text-sm text-neutral-700">
Inline preview is not available for this media type.
</p>
)}
</div>
{previewUrl ? (
<a
href={previewUrl}
target="_blank"
rel="noreferrer"
className="mt-3 inline-block text-sm text-neutral-700 underline underline-offset-2"
>
Open raw media file
</a>
) : null}
</section>
<section className="rounded-xl border border-neutral-200 p-6">
<div className="flex flex-wrap items-center justify-between gap-3">
<div>
<h2 className="text-xl font-medium">{mediaAsset.title}</h2>
<p className="mt-1 text-xs text-neutral-600">ID: {mediaAsset.id}</p>
</div>
<Link href="/media" className="text-sm text-neutral-700 underline underline-offset-2">
Back to media list
</Link>
</div>
<form action={updateMediaAssetAction} className="mt-6 space-y-3">
<div className="grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Title</span>
<input
name="title"
defaultValue={mediaAsset.title}
required
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Type</span>
<select
name="type"
defaultValue={mediaAsset.type}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
>
<option value="artwork">artwork</option>
<option value="banner">banner</option>
<option value="promotion">promotion</option>
<option value="video">video</option>
<option value="gif">gif</option>
<option value="generic">generic</option>
</select>
</label>
</div>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Description</span>
<textarea
name="description"
rows={3}
defaultValue={mediaAsset.description ?? ""}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<div className="grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Alt text</span>
<input
name="altText"
defaultValue={mediaAsset.altText ?? ""}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Author</span>
<input
name="author"
defaultValue={mediaAsset.author ?? ""}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
</div>
<div className="grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Source</span>
<input
name="source"
defaultValue={mediaAsset.source ?? ""}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Copyright</span>
<input
name="copyright"
defaultValue={mediaAsset.copyright ?? ""}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
</div>
<div className="grid gap-3 md:grid-cols-3">
<label className="space-y-1">
<span className="text-xs text-neutral-600">MIME type</span>
<input
name="mimeType"
defaultValue={mediaAsset.mimeType ?? ""}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Width</span>
<input
name="width"
type="number"
min={1}
defaultValue={mediaAsset.width ?? ""}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Height</span>
<input
name="height"
type="number"
min={1}
defaultValue={mediaAsset.height ?? ""}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
</div>
<div className="grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Size (bytes)</span>
<input
name="sizeBytes"
type="number"
min={0}
defaultValue={mediaAsset.sizeBytes ?? ""}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Tags (comma-separated)</span>
<input
name="tags"
defaultValue={mediaAsset.tags.join(", ")}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
</div>
<label className="inline-flex items-center gap-2 text-sm text-neutral-700">
<input
type="checkbox"
name="isPublished"
value="true"
defaultChecked={mediaAsset.isPublished}
className="size-4"
/>
Published
</label>
<div className="grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Storage key</span>
<input
value={mediaAsset.storageKey ?? "-"}
readOnly
className="w-full rounded border border-neutral-200 bg-neutral-50 px-3 py-2 text-xs text-neutral-600"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Last updated</span>
<input
value={toLocalDateTimeInputValue(mediaAsset.updatedAt)}
readOnly
className="w-full rounded border border-neutral-200 bg-neutral-50 px-3 py-2 text-xs text-neutral-600"
/>
</label>
</div>
<Button type="submit">Save changes</Button>
</form>
</section>
<section className="rounded-xl border border-red-300 bg-red-50 p-6">
<h3 className="text-lg font-medium text-red-800">Danger Zone</h3>
<p className="mt-1 text-sm text-red-700">
Deleting this media asset is permanent. Any linked artwork rendition references will also
be removed.
</p>
<form action={deleteMediaAssetAction} className="mt-4">
<Button type="submit" variant="secondary" className="border border-red-300 text-red-800">
Delete media asset
</Button>
</form>
</section>
</AdminShell>
)
}

169
apps/admin/src/app/media/page.tsx Normal file
View File

@@ -0,0 +1,169 @@
import { getMediaFoundationSummary, listMediaAssets } from "@cms/db"
import Link from "next/link"
import { AdminShell } from "@/components/admin-shell"
import { FlashQueryCleanup } from "@/components/media/flash-query-cleanup"
import { MediaUploadForm } from "@/components/media/media-upload-form"
import { resolveMediaStorageProvider } from "@/lib/media/storage"
import { requirePermissionForRoute } from "@/lib/route-guards"
export const dynamic = "force-dynamic"
type SearchParamsInput = Record<string, string | string[] | undefined>
function readFirstValue(value: string | string[] | undefined): string | null {
if (Array.isArray(value)) {
return value[0] ?? null
}
return value ?? null
}
export default async function MediaManagementPage({
searchParams,
}: {
searchParams: Promise<SearchParamsInput>
}) {
const role = await requirePermissionForRoute({
nextPath: "/media",
permission: "media:read",
scope: "team",
})
const [resolvedSearchParams, summary, assets] = await Promise.all([
searchParams,
getMediaFoundationSummary(),
listMediaAssets(20),
])
const notice = readFirstValue(resolvedSearchParams.notice)
const error = readFirstValue(resolvedSearchParams.error)
const uploadedVia = readFirstValue(resolvedSearchParams.uploadedVia)
const warning = readFirstValue(resolvedSearchParams.warning)
const activeStorageProvider = resolveMediaStorageProvider(process.env.CMS_MEDIA_STORAGE_PROVIDER)
const hasFlashQuery = Boolean(notice || error || warning || uploadedVia)
return (
<AdminShell
role={role}
activePath="/media"
badge="Admin App"
title="Media"
description="Media foundation baseline for assets, artwork renditions, and grouping metadata."
>
<FlashQueryCleanup enabled={hasFlashQuery} />
{notice ? (
<section className="rounded-xl border border-emerald-300 bg-emerald-50 px-4 py-3 text-sm text-emerald-800">
<div className="flex flex-wrap items-center gap-2">
<span>{notice}</span>
{uploadedVia ? (
<span className="rounded border border-emerald-300 bg-white px-2 py-0.5 text-xs font-medium uppercase tracking-wide text-emerald-700">
Stored via: {uploadedVia}
</span>
) : null}
</div>
</section>
) : null}
{error ? (
<section className="rounded-xl border border-red-300 bg-red-50 px-4 py-3 text-sm text-red-800">
{error}
</section>
) : null}
{warning ? (
<section className="rounded-xl border border-amber-300 bg-amber-50 px-4 py-3 text-sm text-amber-900">
{warning}
</section>
) : null}
<section className="grid gap-3 sm:grid-cols-2 xl:grid-cols-3">
<article className="rounded-xl border border-neutral-200 p-4">
<p className="text-xs uppercase tracking-[0.2em] text-neutral-500">Media Assets</p>
<p className="mt-2 text-3xl font-semibold">{summary.mediaAssets}</p>
</article>
<article className="rounded-xl border border-neutral-200 p-4">
<p className="text-xs uppercase tracking-[0.2em] text-neutral-500">Artworks</p>
<p className="mt-2 text-3xl font-semibold">{summary.artworks}</p>
</article>
<article className="rounded-xl border border-neutral-200 p-4">
<p className="text-xs uppercase tracking-[0.2em] text-neutral-500">Groups</p>
<p className="mt-2 text-3xl font-semibold">
{summary.galleries + summary.albums + summary.categories + summary.tags}
</p>
<p className="mt-1 text-xs text-neutral-500">
{summary.galleries} galleries · {summary.albums} albums · {summary.categories}{" "}
categories · {summary.tags} tags
</p>
</article>
</section>
<section className="rounded-xl border border-neutral-200 p-6">
<h2 className="text-xl font-medium">Upload Media Asset</h2>
<p className="mt-1 text-sm text-neutral-600">
Upload storage provider: <strong>{activeStorageProvider}</strong>. You can switch via
`CMS_MEDIA_STORAGE_PROVIDER` (`s3` default, `local` fallback) until the admin settings
toggle lands.
</p>
<MediaUploadForm />
</section>
<section className="rounded-xl border border-neutral-200 p-6">
<div className="flex items-center justify-between gap-2">
<h2 className="text-xl font-medium">Recent Media Assets</h2>
<span className="text-xs uppercase tracking-[0.2em] text-neutral-500">
MVP1 Upload Pipeline
</span>
</div>
<div className="mt-4 overflow-x-auto">
<table className="min-w-full text-left text-sm">
<thead className="text-xs uppercase tracking-wide text-neutral-500">
<tr>
<th className="py-2 pr-4">Title</th>
<th className="py-2 pr-4">Type</th>
<th className="py-2 pr-4">MIME</th>
<th className="py-2 pr-4">Size</th>
<th className="py-2 pr-4">Published</th>
<th className="py-2 pr-4">Updated</th>
<th className="py-2 pr-4">Actions</th>
</tr>
</thead>
<tbody>
{assets.length === 0 ? (
<tr>
<td className="py-3 text-neutral-500" colSpan={7}>
No media assets yet. Upload your first asset above.
</td>
</tr>
) : (
assets.map((asset) => (
<tr key={asset.id} className="border-t border-neutral-200">
<td className="py-3 pr-4">{asset.title}</td>
<td className="py-3 pr-4">{asset.type}</td>
<td className="py-3 pr-4 text-neutral-600">{asset.mimeType ?? "-"}</td>
<td className="py-3 pr-4 text-neutral-600">
{typeof asset.sizeBytes === "number"
? `${Math.max(1, Math.round(asset.sizeBytes / 1024))} KB`
: "-"}
</td>
<td className="py-3 pr-4">{asset.isPublished ? "yes" : "no"}</td>
<td className="py-3 pr-4 text-neutral-600">
{asset.updatedAt.toLocaleDateString("en-US")}
</td>
<td className="py-3 pr-4">
<Link
href={`/media/${asset.id}`}
className="text-xs font-medium text-neutral-700 underline underline-offset-2"
>
Open
</Link>
</td>
</tr>
))
)}
</tbody>
</table>
</div>
</section>
</AdminShell>
)
}

446
apps/admin/src/app/navigation/page.tsx Normal file
View File

@@ -0,0 +1,446 @@
import {
createNavigationItem,
createNavigationMenu,
deleteNavigationItem,
listNavigationMenus,
listPages,
updateNavigationItem,
} from "@cms/db"
import { Button } from "@cms/ui/button"
import { revalidatePath } from "next/cache"
import { redirect } from "next/navigation"
import { AdminShell } from "@/components/admin-shell"
import { requirePermissionForRoute } from "@/lib/route-guards"
export const dynamic = "force-dynamic"
type SearchParamsInput = Record<string, string | string[] | undefined>
function readFirstValue(value: string | string[] | undefined): string | null {
if (Array.isArray(value)) {
return value[0] ?? null
}
return value ?? null
}
function readInputString(formData: FormData, field: string): string {
const value = formData.get(field)
return typeof value === "string" ? value.trim() : ""
}
function readNullableString(formData: FormData, field: string): string | null {
const value = readInputString(formData, field)
return value.length > 0 ? value : null
}
function readInt(formData: FormData, field: string, fallback = 0): number {
const value = readInputString(formData, field)
if (!value) {
return fallback
}
const parsed = Number.parseInt(value, 10)
if (!Number.isFinite(parsed)) {
return fallback
}
return parsed
}
function redirectWithState(params: { notice?: string; error?: string }) {
const query = new URLSearchParams()
if (params.notice) {
query.set("notice", params.notice)
}
if (params.error) {
query.set("error", params.error)
}
const value = query.toString()
redirect(value ? `/navigation?${value}` : "/navigation")
}
async function createMenuAction(formData: FormData) {
"use server"
await requirePermissionForRoute({
nextPath: "/navigation",
permission: "navigation:write",
scope: "team",
})
try {
await createNavigationMenu({
name: readInputString(formData, "name"),
slug: readInputString(formData, "slug"),
location: readInputString(formData, "location"),
isVisible: readInputString(formData, "isVisible") === "true",
})
} catch {
redirectWithState({ error: "Failed to create navigation menu." })
}
revalidatePath("/navigation")
redirectWithState({ notice: "Navigation menu created." })
}
async function createItemAction(formData: FormData) {
"use server"
await requirePermissionForRoute({
nextPath: "/navigation",
permission: "navigation:write",
scope: "team",
})
try {
await createNavigationItem({
menuId: readInputString(formData, "menuId"),
label: readInputString(formData, "label"),
href: readNullableString(formData, "href"),
pageId: readNullableString(formData, "pageId"),
parentId: readNullableString(formData, "parentId"),
sortOrder: readInt(formData, "sortOrder", 0),
isVisible: readInputString(formData, "isVisible") === "true",
})
} catch {
redirectWithState({ error: "Failed to create navigation item." })
}
revalidatePath("/navigation")
redirectWithState({ notice: "Navigation item created." })
}
async function updateItemAction(formData: FormData) {
"use server"
await requirePermissionForRoute({
nextPath: "/navigation",
permission: "navigation:write",
scope: "team",
})
try {
await updateNavigationItem({
id: readInputString(formData, "id"),
label: readInputString(formData, "label"),
href: readNullableString(formData, "href"),
pageId: readNullableString(formData, "pageId"),
parentId: readNullableString(formData, "parentId"),
sortOrder: readInt(formData, "sortOrder", 0),
isVisible: readInputString(formData, "isVisible") === "true",
})
} catch {
redirectWithState({ error: "Failed to update navigation item." })
}
revalidatePath("/navigation")
redirectWithState({ notice: "Navigation item updated." })
}
async function deleteItemAction(formData: FormData) {
"use server"
await requirePermissionForRoute({
nextPath: "/navigation",
permission: "navigation:write",
scope: "team",
})
try {
await deleteNavigationItem(readInputString(formData, "id"))
} catch {
redirectWithState({ error: "Failed to delete navigation item." })
}
revalidatePath("/navigation")
redirectWithState({ notice: "Navigation item deleted." })
}
export default async function NavigationManagementPage({
searchParams,
}: {
searchParams: Promise<SearchParamsInput>
}) {
const role = await requirePermissionForRoute({
nextPath: "/navigation",
permission: "navigation:read",
scope: "team",
})
const [resolvedSearchParams, menus, pages] = await Promise.all([
searchParams,
listNavigationMenus(),
listPages(200),
])
const notice = readFirstValue(resolvedSearchParams.notice)
const error = readFirstValue(resolvedSearchParams.error)
return (
<AdminShell
role={role}
activePath="/navigation"
badge="Admin App"
title="Navigation"
description="Manage menus and navigation entries linked to pages or custom routes."
>
{notice ? (
<section className="rounded-xl border border-emerald-300 bg-emerald-50 px-4 py-3 text-sm text-emerald-800">
{notice}
</section>
) : null}
{error ? (
<section className="rounded-xl border border-red-300 bg-red-50 px-4 py-3 text-sm text-red-800">
{error}
</section>
) : null}
<section className="grid gap-4 lg:grid-cols-2">
<article className="rounded-xl border border-neutral-200 p-6">
<h2 className="text-xl font-medium">Create Menu</h2>
<form action={createMenuAction} className="mt-4 space-y-3">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Name</span>
<input
name="name"
required
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Slug</span>
<input
name="slug"
required
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Location</span>
<input
name="location"
defaultValue="primary"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="inline-flex items-center gap-2 text-sm text-neutral-700">
<input
name="isVisible"
type="checkbox"
value="true"
defaultChecked
className="size-4"
/>
Visible
</label>
<Button type="submit">Create menu</Button>
</form>
</article>
<article className="rounded-xl border border-neutral-200 p-6">
<h2 className="text-xl font-medium">Create Navigation Item</h2>
<form action={createItemAction} className="mt-4 space-y-3">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Menu</span>
<select
name="menuId"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
>
{menus.map((menu) => (
<option key={menu.id} value={menu.id}>
{menu.name} ({menu.location})
</option>
))}
</select>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Label</span>
<input
name="label"
required
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<div className="grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Custom href</span>
<input
name="href"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Linked page</span>
<select
name="pageId"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
>
<option value="">(none)</option>
{pages.map((page) => (
<option key={page.id} value={page.id}>
{page.title} (/{page.slug})
</option>
))}
</select>
</label>
</div>
<div className="grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Parent item id</span>
<input
name="parentId"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Sort order</span>
<input
name="sortOrder"
defaultValue="0"
type="number"
min={0}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
</div>
<label className="inline-flex items-center gap-2 text-sm text-neutral-700">
<input
name="isVisible"
type="checkbox"
value="true"
defaultChecked
className="size-4"
/>
Visible
</label>
<Button type="submit">Create item</Button>
</form>
</article>
</section>
<section className="space-y-4">
{menus.length === 0 ? (
<article className="rounded-xl border border-neutral-200 p-6 text-sm text-neutral-600">
No navigation menus yet.
</article>
) : (
menus.map((menu) => (
<article key={menu.id} className="rounded-xl border border-neutral-200 p-6">
<div className="flex flex-wrap items-center justify-between gap-2">
<h3 className="text-lg font-medium">
{menu.name} <span className="text-sm text-neutral-500">({menu.location})</span>
</h3>
<span className="text-xs text-neutral-500">
{menu.isVisible ? "visible" : "hidden"}
</span>
</div>
<div className="mt-4 space-y-3">
{menu.items.length === 0 ? (
<p className="text-sm text-neutral-600">No items in this menu.</p>
) : (
menu.items.map((item) => (
<form
key={item.id}
action={updateItemAction}
className="rounded-lg border border-neutral-200 p-3"
>
<input type="hidden" name="id" value={item.id} />
<div className="grid gap-3 md:grid-cols-5">
<label className="space-y-1 md:col-span-2">
<span className="text-xs text-neutral-600">Label</span>
<input
name="label"
defaultValue={item.label}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1 md:col-span-2">
<span className="text-xs text-neutral-600">Href</span>
<input
name="href"
defaultValue={item.href ?? ""}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Sort</span>
<input
name="sortOrder"
type="number"
min={0}
defaultValue={item.sortOrder}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
</div>
<div className="mt-3 grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Linked page</span>
<select
name="pageId"
defaultValue={item.pageId ?? ""}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
>
<option value="">(none)</option>
{pages.map((page) => (
<option key={page.id} value={page.id}>
{page.title} (/{page.slug})
</option>
))}
</select>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Parent id</span>
<input
name="parentId"
defaultValue={item.parentId ?? ""}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
</div>
<div className="mt-3 flex flex-wrap items-center justify-between gap-3">
<label className="inline-flex items-center gap-2 text-sm text-neutral-700">
<input
type="checkbox"
name="isVisible"
value="true"
defaultChecked={item.isVisible}
className="size-4"
/>
Visible
</label>
<div className="flex items-center gap-2">
<Button type="submit" size="sm">
Save item
</Button>
<button
type="submit"
formAction={deleteItemAction}
className="rounded-md border border-red-300 px-3 py-2 text-sm text-red-700"
>
Delete
</button>
</div>
</div>
</form>
))
)}
</div>
</article>
))
)}
</section>
</AdminShell>
)
}

276
apps/admin/src/app/news/page.tsx Normal file
View File

@@ -0,0 +1,276 @@
import { createPost, deletePost, listPosts, updatePost } from "@cms/db"
import { Button } from "@cms/ui/button"
import { revalidatePath } from "next/cache"
import { redirect } from "next/navigation"
import { AdminShell } from "@/components/admin-shell"
import { requirePermissionForRoute } from "@/lib/route-guards"
export const dynamic = "force-dynamic"
type SearchParamsInput = Record<string, string | string[] | undefined>
function readFirstValue(value: string | string[] | undefined): string | null {
if (Array.isArray(value)) {
return value[0] ?? null
}
return value ?? null
}
function readInputString(formData: FormData, field: string): string {
const value = formData.get(field)
return typeof value === "string" ? value.trim() : ""
}
function readNullableString(formData: FormData, field: string): string | undefined {
const value = readInputString(formData, field)
return value.length > 0 ? value : undefined
}
function redirectWithState(params: { notice?: string; error?: string }) {
const query = new URLSearchParams()
if (params.notice) {
query.set("notice", params.notice)
}
if (params.error) {
query.set("error", params.error)
}
const value = query.toString()
redirect(value ? `/news?${value}` : "/news")
}
async function createNewsAction(formData: FormData) {
"use server"
await requirePermissionForRoute({
nextPath: "/news",
permission: "news:write",
scope: "team",
})
try {
await createPost({
title: readInputString(formData, "title"),
slug: readInputString(formData, "slug"),
excerpt: readNullableString(formData, "excerpt"),
body: readInputString(formData, "body"),
status: readInputString(formData, "status") === "published" ? "published" : "draft",
})
} catch {
redirectWithState({ error: "Failed to create post." })
}
revalidatePath("/news")
revalidatePath("/")
redirectWithState({ notice: "Post created." })
}
async function updateNewsAction(formData: FormData) {
"use server"
await requirePermissionForRoute({
nextPath: "/news",
permission: "news:write",
scope: "team",
})
try {
await updatePost(readInputString(formData, "id"), {
title: readInputString(formData, "title"),
slug: readInputString(formData, "slug"),
excerpt: readNullableString(formData, "excerpt"),
body: readInputString(formData, "body"),
status: readInputString(formData, "status") === "published" ? "published" : "draft",
})
} catch {
redirectWithState({ error: "Failed to update post." })
}
revalidatePath("/news")
revalidatePath("/")
redirectWithState({ notice: "Post updated." })
}
async function deleteNewsAction(formData: FormData) {
"use server"
await requirePermissionForRoute({
nextPath: "/news",
permission: "news:write",
scope: "team",
})
try {
await deletePost(readInputString(formData, "id"))
} catch {
redirectWithState({ error: "Failed to delete post." })
}
revalidatePath("/news")
revalidatePath("/")
redirectWithState({ notice: "Post deleted." })
}
export default async function NewsManagementPage({
searchParams,
}: {
searchParams: Promise<SearchParamsInput>
}) {
const role = await requirePermissionForRoute({
nextPath: "/news",
permission: "news:read",
scope: "team",
})
const [resolvedSearchParams, posts] = await Promise.all([searchParams, listPosts()])
const notice = readFirstValue(resolvedSearchParams.notice)
const error = readFirstValue(resolvedSearchParams.error)
return (
<AdminShell
role={role}
activePath="/news"
badge="Admin App"
title="News"
description="Manage blog/news posts for public updates and announcements archive."
>
{notice ? (
<section className="rounded-xl border border-emerald-300 bg-emerald-50 px-4 py-3 text-sm text-emerald-800">
{notice}
</section>
) : null}
{error ? (
<section className="rounded-xl border border-red-300 bg-red-50 px-4 py-3 text-sm text-red-800">
{error}
</section>
) : null}
<section className="rounded-xl border border-neutral-200 p-6">
<h2 className="text-xl font-medium">Create Post</h2>
<form action={createNewsAction} className="mt-4 space-y-3">
<div className="grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Title</span>
<input
name="title"
required
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Slug</span>
<input
name="slug"
required
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
</div>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Excerpt</span>
<input
name="excerpt"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Body</span>
<textarea
name="body"
rows={5}
required
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Status</span>
<select
name="status"
defaultValue="draft"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
>
<option value="draft">draft</option>
<option value="published">published</option>
</select>
</label>
<Button type="submit">Create post</Button>
</form>
</section>
<section className="space-y-3">
{posts.map((post) => (
<form
key={post.id}
action={updateNewsAction}
className="rounded-xl border border-neutral-200 p-6"
>
<input type="hidden" name="id" value={post.id} />
<div className="grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Title</span>
<input
name="title"
defaultValue={post.title}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Slug</span>
<input
name="slug"
defaultValue={post.slug}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
</div>
<label className="mt-3 block space-y-1">
<span className="text-xs text-neutral-600">Excerpt</span>
<input
name="excerpt"
defaultValue={post.excerpt ?? ""}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="mt-3 block space-y-1">
<span className="text-xs text-neutral-600">Body</span>
<textarea
name="body"
rows={4}
defaultValue={post.body}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<div className="mt-3 flex flex-wrap items-center justify-between gap-3">
<select
name="status"
defaultValue={post.status}
className="rounded border border-neutral-300 px-3 py-2 text-sm"
>
<option value="draft">draft</option>
<option value="published">published</option>
</select>
<div className="flex items-center gap-2">
<Button type="submit" size="sm">
Save
</Button>
<button
type="submit"
formAction={deleteNewsAction}
className="rounded-md border border-red-300 px-3 py-2 text-sm text-red-700"
>
Delete
</button>
</div>
</div>
</form>
))}
</section>
</AdminShell>
)
}

61
apps/admin/src/app/page.tsx
View File

@@ -5,11 +5,10 @@ import { revalidatePath } from "next/cache"
import Link from "next/link" import Link from "next/link"
import { redirect } from "next/navigation" import { redirect } from "next/navigation"
import { AdminLocaleSwitcher } from "@/components/admin-locale-switcher" import { AdminShell } from "@/components/admin-shell"
import { translateMessage } from "@/i18n/messages" import { translateMessage } from "@/i18n/messages"
import { getAdminMessages, resolveAdminLocale } from "@/i18n/server" import { getAdminMessages, resolveAdminLocale } from "@/i18n/server"
import { resolveRoleFromServerContext } from "@/lib/access-server" import { requirePermissionForRoute } from "@/lib/route-guards"
import { LogoutButton } from "./logout-button"
export const dynamic = "force-dynamic" export const dynamic = "force-dynamic"
@@ -39,11 +38,11 @@ function readOptionalField(formData: FormData, field: string): string | undefine
} }
async function requireNewsWritePermission() { async function requireNewsWritePermission() {
const role = await resolveRoleFromServerContext() await requirePermissionForRoute({
nextPath: "/",
if (!role || !hasPermission(role, "news:write", "team")) { permission: "news:write",
redirect("/unauthorized?required=news:write&scope=team") scope: "team",
} })
} }
function redirectWithState(params: { notice?: string; error?: string }) { function redirectWithState(params: { notice?: string; error?: string }) {
@@ -156,15 +155,11 @@ export default async function AdminHomePage({
}: { }: {
searchParams: Promise<SearchParamsInput> searchParams: Promise<SearchParamsInput>
}) { }) {
const role = await resolveRoleFromServerContext() const role = await requirePermissionForRoute({
nextPath: "/",
if (!role) { permission: "news:read",
redirect("/login?next=/") scope: "team",
} })
if (!hasPermission(role, "news:read", "team")) {
redirect("/unauthorized?required=news:read&scope=team")
}
const [resolvedSearchParams, locale, posts] = await Promise.all([ const [resolvedSearchParams, locale, posts] = await Promise.all([
searchParams, searchParams,
@@ -179,21 +174,14 @@ export default async function AdminHomePage({
const canCreatePost = hasPermission(role, "news:write", "team") const canCreatePost = hasPermission(role, "news:write", "team")
return ( return (
<main className="mx-auto flex min-h-screen w-full max-w-4xl flex-col gap-8 px-6 py-16"> <AdminShell
<header className="space-y-3"> role={role}
<div className="flex items-center justify-between gap-3"> activePath="/"
<p className="text-sm uppercase tracking-[0.2em] text-neutral-500"> badge={t("dashboard.badge", "Admin App")}
{t("dashboard.badge", "Admin App")} title={t("dashboard.title", "Content Dashboard")}
</p> description={t("dashboard.description", "Manage posts from a dedicated admin surface.")}
<AdminLocaleSwitcher /> actions={
</div> <>
<h1 className="text-4xl font-semibold tracking-tight">
{t("dashboard.title", "Content Dashboard")}
</h1>
<p className="text-neutral-600">
{t("dashboard.description", "Manage posts from a dedicated admin surface.")}
</p>
<div className="flex items-center gap-3 pt-2">
<Link <Link
href="/todo" href="/todo"
className="inline-flex rounded-md border border-neutral-300 px-4 py-2 text-sm font-medium hover:bg-neutral-100" className="inline-flex rounded-md border border-neutral-300 px-4 py-2 text-sm font-medium hover:bg-neutral-100"
@@ -206,10 +194,9 @@ export default async function AdminHomePage({
> >
{t("settings.title", "Settings")} {t("settings.title", "Settings")}
</Link> </Link>
<LogoutButton /> </>
</div> }
</header> >
{notice ? ( {notice ? (
<section className="rounded-xl border border-emerald-300 bg-emerald-50 px-4 py-3 text-sm text-emerald-800"> <section className="rounded-xl border border-emerald-300 bg-emerald-50 px-4 py-3 text-sm text-emerald-800">
{notice} {notice}
@@ -413,6 +400,6 @@ export default async function AdminHomePage({
))} ))}
</div> </div>
</section> </section>
</main> </AdminShell>
) )
} }

242
apps/admin/src/app/pages/[id]/page.tsx Normal file
View File

@@ -0,0 +1,242 @@
import { deletePage, getPageById, updatePage } from "@cms/db"
import { Button } from "@cms/ui/button"
import Link from "next/link"
import { redirect } from "next/navigation"
import { AdminShell } from "@/components/admin-shell"
import { requirePermissionForRoute } from "@/lib/route-guards"
export const dynamic = "force-dynamic"
type SearchParamsInput = Record<string, string | string[] | undefined>
type PageProps = {
params: Promise<{ id: string }>
searchParams: Promise<SearchParamsInput>
}
function readFirstValue(value: string | string[] | undefined): string | null {
if (Array.isArray(value)) {
return value[0] ?? null
}
return value ?? null
}
function readInputString(formData: FormData, field: string): string {
const value = formData.get(field)
return typeof value === "string" ? value.trim() : ""
}
function readNullableString(formData: FormData, field: string): string | null {
const value = readInputString(formData, field)
return value.length > 0 ? value : null
}
function redirectWithState(pageId: string, params: { notice?: string; error?: string }) {
const query = new URLSearchParams()
if (params.notice) {
query.set("notice", params.notice)
}
if (params.error) {
query.set("error", params.error)
}
const value = query.toString()
redirect(value ? `/pages/${pageId}?${value}` : `/pages/${pageId}`)
}
export default async function PageEditorPage({ params, searchParams }: PageProps) {
const role = await requirePermissionForRoute({
nextPath: "/pages",
permission: "pages:read",
scope: "team",
})
const resolvedParams = await params
const pageId = resolvedParams.id
const [resolvedSearchParams, pageRecord] = await Promise.all([searchParams, getPageById(pageId)])
if (!pageRecord) {
redirect("/pages?error=Page+not+found")
}
const page = pageRecord
const notice = readFirstValue(resolvedSearchParams.notice)
const error = readFirstValue(resolvedSearchParams.error)
async function updatePageAction(formData: FormData) {
"use server"
await requirePermissionForRoute({
nextPath: "/pages",
permission: "pages:write",
scope: "team",
})
try {
await updatePage({
id: pageId,
title: readInputString(formData, "title"),
slug: readInputString(formData, "slug"),
status: readInputString(formData, "status"),
summary: readNullableString(formData, "summary"),
content: readInputString(formData, "content"),
seoTitle: readNullableString(formData, "seoTitle"),
seoDescription: readNullableString(formData, "seoDescription"),
})
} catch {
redirectWithState(pageId, {
error: "Failed to update page. Validate values and try again.",
})
}
redirectWithState(pageId, {
notice: "Page updated.",
})
}
async function deletePageAction() {
"use server"
await requirePermissionForRoute({
nextPath: "/pages",
permission: "pages:write",
scope: "team",
})
try {
await deletePage(pageId)
} catch {
redirectWithState(pageId, {
error: "Failed to delete page. Remove linked navigation references first.",
})
}
redirect("/pages?notice=Page+deleted")
}
return (
<AdminShell
role={role}
activePath="/pages"
badge="Admin App"
title="Page Editor"
description="Edit page metadata, content, and publication status."
>
{notice ? (
<section className="rounded-xl border border-emerald-300 bg-emerald-50 px-4 py-3 text-sm text-emerald-800">
{notice}
</section>
) : null}
{error ? (
<section className="rounded-xl border border-red-300 bg-red-50 px-4 py-3 text-sm text-red-800">
{error}
</section>
) : null}
<section className="rounded-xl border border-neutral-200 p-6">
<div className="flex flex-wrap items-center justify-between gap-3">
<div>
<h2 className="text-xl font-medium">{page.title}</h2>
<p className="mt-1 text-xs text-neutral-600">ID: {page.id}</p>
</div>
<Link href="/pages" className="text-sm text-neutral-700 underline underline-offset-2">
Back to pages
</Link>
</div>
<form action={updatePageAction} className="mt-6 space-y-3">
<div className="grid gap-3 md:grid-cols-3">
<label className="space-y-1 md:col-span-2">
<span className="text-xs text-neutral-600">Title</span>
<input
name="title"
defaultValue={page.title}
required
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Status</span>
<select
name="status"
defaultValue={page.status}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
>
<option value="draft">draft</option>
<option value="published">published</option>
</select>
</label>
</div>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Slug</span>
<input
name="slug"
defaultValue={page.slug}
required
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Summary</span>
<input
name="summary"
defaultValue={page.summary ?? ""}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Content</span>
<textarea
name="content"
rows={10}
defaultValue={page.content}
required
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<div className="grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">SEO title</span>
<input
name="seoTitle"
defaultValue={page.seoTitle ?? ""}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">SEO description</span>
<input
name="seoDescription"
defaultValue={page.seoDescription ?? ""}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
</div>
<Button type="submit">Save page</Button>
</form>
</section>
<section className="rounded-xl border border-red-300 bg-red-50 p-6">
<h3 className="text-lg font-medium text-red-800">Danger Zone</h3>
<p className="mt-1 text-sm text-red-700">
Deleting this page is permanent and may break linked navigation items.
</p>
<form action={deletePageAction} className="mt-4">
<Button type="submit" variant="secondary" className="border border-red-300 text-red-800">
Delete page
</Button>
</form>
</section>
</AdminShell>
)
}

230
apps/admin/src/app/pages/page.tsx Normal file
View File

@@ -0,0 +1,230 @@
import { createPage, listPages } from "@cms/db"
import { Button } from "@cms/ui/button"
import { revalidatePath } from "next/cache"
import Link from "next/link"
import { redirect } from "next/navigation"
import { AdminShell } from "@/components/admin-shell"
import { requirePermissionForRoute } from "@/lib/route-guards"
export const dynamic = "force-dynamic"
type SearchParamsInput = Record<string, string | string[] | undefined>
function readFirstValue(value: string | string[] | undefined): string | null {
if (Array.isArray(value)) {
return value[0] ?? null
}
return value ?? null
}
function readInputString(formData: FormData, field: string): string {
const value = formData.get(field)
return typeof value === "string" ? value.trim() : ""
}
function readNullableString(formData: FormData, field: string): string | null {
const value = readInputString(formData, field)
return value.length > 0 ? value : null
}
function redirectWithState(params: { notice?: string; error?: string }) {
const query = new URLSearchParams()
if (params.notice) {
query.set("notice", params.notice)
}
if (params.error) {
query.set("error", params.error)
}
const value = query.toString()
redirect(value ? `/pages?${value}` : "/pages")
}
async function createPageAction(formData: FormData) {
"use server"
await requirePermissionForRoute({
nextPath: "/pages",
permission: "pages:write",
scope: "team",
})
try {
await createPage({
title: readInputString(formData, "title"),
slug: readInputString(formData, "slug"),
status: readInputString(formData, "status"),
summary: readNullableString(formData, "summary"),
content: readInputString(formData, "content"),
seoTitle: readNullableString(formData, "seoTitle"),
seoDescription: readNullableString(formData, "seoDescription"),
})
} catch {
redirectWithState({
error: "Failed to create page. Validate slug/title/content and try again.",
})
}
revalidatePath("/pages")
revalidatePath("/navigation")
redirectWithState({ notice: "Page created." })
}
export default async function PagesManagementPage({
searchParams,
}: {
searchParams: Promise<SearchParamsInput>
}) {
const role = await requirePermissionForRoute({
nextPath: "/pages",
permission: "pages:read",
scope: "team",
})
const [resolvedSearchParams, pages] = await Promise.all([searchParams, listPages(100)])
const notice = readFirstValue(resolvedSearchParams.notice)
const error = readFirstValue(resolvedSearchParams.error)
return (
<AdminShell
role={role}
activePath="/pages"
badge="Admin App"
title="Pages"
description="Create, update, and manage published page entities."
>
{notice ? (
<section className="rounded-xl border border-emerald-300 bg-emerald-50 px-4 py-3 text-sm text-emerald-800">
{notice}
</section>
) : null}
{error ? (
<section className="rounded-xl border border-red-300 bg-red-50 px-4 py-3 text-sm text-red-800">
{error}
</section>
) : null}
<section className="rounded-xl border border-neutral-200 p-6">
<h2 className="text-xl font-medium">Create Page</h2>
<form action={createPageAction} className="mt-4 space-y-3">
<div className="grid gap-3 md:grid-cols-3">
<label className="space-y-1 md:col-span-2">
<span className="text-xs text-neutral-600">Title</span>
<input
name="title"
required
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Status</span>
<select
name="status"
defaultValue="draft"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
>
<option value="draft">draft</option>
<option value="published">published</option>
</select>
</label>
</div>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Slug</span>
<input
name="slug"
required
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Summary</span>
<input
name="summary"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Content</span>
<textarea
name="content"
rows={6}
required
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<div className="grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">SEO title</span>
<input
name="seoTitle"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">SEO description</span>
<input
name="seoDescription"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
</div>
<Button type="submit">Create page</Button>
</form>
</section>
<section className="rounded-xl border border-neutral-200 p-6">
<h2 className="text-xl font-medium">Pages</h2>
<div className="mt-4 overflow-x-auto">
<table className="min-w-full text-left text-sm">
<thead className="text-xs uppercase tracking-wide text-neutral-500">
<tr>
<th className="py-2 pr-4">Title</th>
<th className="py-2 pr-4">Slug</th>
<th className="py-2 pr-4">Status</th>
<th className="py-2 pr-4">Updated</th>
<th className="py-2 pr-4">Action</th>
</tr>
</thead>
<tbody>
{pages.length === 0 ? (
<tr>
<td className="py-3 text-neutral-500" colSpan={5}>
No pages yet.
</td>
</tr>
) : (
pages.map((page) => (
<tr key={page.id} className="border-t border-neutral-200">
<td className="py-3 pr-4">{page.title}</td>
<td className="py-3 pr-4 text-neutral-600">/{page.slug}</td>
<td className="py-3 pr-4">{page.status}</td>
<td className="py-3 pr-4 text-neutral-600">
{page.updatedAt.toLocaleDateString("en-US")}
</td>
<td className="py-3 pr-4">
<Link
href={`/pages/${page.id}`}
className="text-xs font-medium text-neutral-700 underline underline-offset-2"
>
Open
</Link>
</td>
</tr>
))
)}
</tbody>
</table>
</div>
</section>
</AdminShell>
)
}

481
apps/admin/src/app/portfolio/page.tsx Normal file
View File

@@ -0,0 +1,481 @@
import {
attachArtworkRendition,
createAlbum,
createArtwork,
createCategory,
createGallery,
createTag,
linkArtworkToGrouping,
listArtworks,
listMediaAssets,
listMediaFoundationGroups,
} from "@cms/db"
import { Button } from "@cms/ui/button"
import { revalidatePath } from "next/cache"
import { redirect } from "next/navigation"
import { AdminShell } from "@/components/admin-shell"
import { requirePermissionForRoute } from "@/lib/route-guards"
export const dynamic = "force-dynamic"
type SearchParamsInput = Record<string, string | string[] | undefined>
type GroupType = "gallery" | "album" | "category" | "tag"
function readField(formData: FormData, key: string): string {
const value = formData.get(key)
return typeof value === "string" ? value.trim() : ""
}
function readOptionalField(formData: FormData, key: string): string | undefined {
const value = readField(formData, key)
return value.length > 0 ? value : undefined
}
function readFirstValue(value: string | string[] | undefined): string | null {
if (Array.isArray(value)) {
return value[0] ?? null
}
return value ?? null
}
function slugify(input: string): string {
return input
.toLowerCase()
.trim()
.replace(/[^a-z0-9]+/g, "-")
.replace(/^-+|-+$/g, "")
.slice(0, 180)
}
function redirectWithState(params: { notice?: string; error?: string }) {
const query = new URLSearchParams()
if (params.notice) {
query.set("notice", params.notice)
}
if (params.error) {
query.set("error", params.error)
}
const value = query.toString()
redirect(value ? `/portfolio?${value}` : "/portfolio")
}
async function requireWritePermission() {
await requirePermissionForRoute({
nextPath: "/portfolio",
permission: "media:write",
scope: "team",
})
}
async function createArtworkAction(formData: FormData) {
"use server"
await requireWritePermission()
const title = readField(formData, "title")
const slug = slugify(readField(formData, "slug") || title)
try {
await createArtwork({
title,
slug,
description: readOptionalField(formData, "description"),
medium: readOptionalField(formData, "medium"),
dimensions: readOptionalField(formData, "dimensions"),
framing: readOptionalField(formData, "framing"),
availability: readOptionalField(formData, "availability"),
year: (() => {
const raw = readField(formData, "year")
return raw ? Number(raw) : undefined
})(),
})
} catch {
redirectWithState({ error: "Failed to create artwork." })
}
revalidatePath("/portfolio")
redirectWithState({ notice: "Artwork created." })
}
async function createGroupAction(formData: FormData) {
"use server"
await requireWritePermission()
const type = readField(formData, "groupType") as GroupType
const name = readField(formData, "name")
const slug = slugify(readField(formData, "slug") || name)
try {
if (type === "gallery") {
await createGallery({
name,
slug,
description: readOptionalField(formData, "description"),
})
} else if (type === "album") {
await createAlbum({
name,
slug,
description: readOptionalField(formData, "description"),
})
} else if (type === "category") {
await createCategory({
name,
slug,
description: readOptionalField(formData, "description"),
})
} else {
await createTag({
name,
slug,
})
}
} catch {
redirectWithState({ error: "Failed to create grouping entity." })
}
revalidatePath("/portfolio")
redirectWithState({ notice: `${type} created.` })
}
async function linkArtworkGroupAction(formData: FormData) {
"use server"
await requireWritePermission()
const artworkId = readField(formData, "artworkId")
const groupType = readField(formData, "groupType") as GroupType
const groupId = readField(formData, "groupId")
try {
await linkArtworkToGrouping({
artworkId,
groupType,
groupId,
})
} catch {
redirectWithState({ error: "Failed to link artwork to grouping." })
}
revalidatePath("/portfolio")
redirectWithState({ notice: "Artwork linked to grouping." })
}
async function attachRenditionAction(formData: FormData) {
"use server"
await requireWritePermission()
try {
await attachArtworkRendition({
artworkId: readField(formData, "artworkId"),
mediaAssetId: readField(formData, "mediaAssetId"),
slot: readField(formData, "slot"),
width: (() => {
const raw = readField(formData, "width")
return raw ? Number(raw) : undefined
})(),
height: (() => {
const raw = readField(formData, "height")
return raw ? Number(raw) : undefined
})(),
isPrimary: readField(formData, "isPrimary") === "true",
})
} catch {
redirectWithState({ error: "Failed to attach artwork rendition." })
}
revalidatePath("/portfolio")
redirectWithState({ notice: "Rendition attached." })
}
export default async function PortfolioPage({
searchParams,
}: {
searchParams: Promise<SearchParamsInput>
}) {
const role = await requirePermissionForRoute({
nextPath: "/portfolio",
permission: "media:read",
scope: "team",
})
const [resolvedSearchParams, artworks, mediaAssets, groups] = await Promise.all([
searchParams,
listArtworks(30),
listMediaAssets(200),
listMediaFoundationGroups(),
])
const notice = readFirstValue(resolvedSearchParams.notice)
const error = readFirstValue(resolvedSearchParams.error)
return (
<AdminShell
role={role}
activePath="/portfolio"
badge="Admin App"
title="Portfolio"
description="Artwork foundation with rendition slots and grouping relations."
>
{notice ? (
<section className="rounded-xl border border-emerald-300 bg-emerald-50 px-4 py-3 text-sm text-emerald-800">
{notice}
</section>
) : null}
{error ? (
<section className="rounded-xl border border-red-300 bg-red-50 px-4 py-3 text-sm text-red-800">
{error}
</section>
) : null}
<section className="rounded-xl border border-neutral-200 p-6">
<h2 className="text-xl font-medium">Create Artwork</h2>
<form action={createArtworkAction} className="mt-4 space-y-3">
<div className="grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Title</span>
<input
name="title"
required
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Slug (optional)</span>
<input
name="slug"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
</div>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Description</span>
<textarea
name="description"
rows={3}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<div className="grid gap-3 md:grid-cols-2 xl:grid-cols-4">
<input
name="medium"
placeholder="Medium"
className="rounded border border-neutral-300 px-3 py-2 text-sm"
/>
<input
name="dimensions"
placeholder="Dimensions"
className="rounded border border-neutral-300 px-3 py-2 text-sm"
/>
<input
name="year"
type="number"
placeholder="Year"
className="rounded border border-neutral-300 px-3 py-2 text-sm"
/>
<input
name="framing"
placeholder="Framing"
className="rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</div>
<input
name="availability"
placeholder="Availability"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
<Button type="submit">Create artwork</Button>
</form>
</section>
<section className="rounded-xl border border-neutral-200 p-6">
<h2 className="text-xl font-medium">Create Group Entity</h2>
<form action={createGroupAction} className="mt-4 space-y-3">
<div className="grid gap-3 md:grid-cols-3">
<select
name="groupType"
defaultValue="gallery"
className="rounded border border-neutral-300 px-3 py-2 text-sm"
>
<option value="gallery">gallery</option>
<option value="album">album</option>
<option value="category">category</option>
<option value="tag">tag</option>
</select>
<input
name="name"
required
placeholder="Name"
className="rounded border border-neutral-300 px-3 py-2 text-sm"
/>
<input
name="slug"
placeholder="Slug (optional)"
className="rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</div>
<textarea
name="description"
rows={2}
placeholder="Description (optional)"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
<Button type="submit">Create group</Button>
</form>
</section>
<section className="rounded-xl border border-neutral-200 p-6">
<h2 className="text-xl font-medium">Link Artwork To Group</h2>
<div className="mt-4 grid gap-4 lg:grid-cols-2">
{(
[
{ type: "gallery" as const, label: "Gallery", items: groups.galleries },
{ type: "album" as const, label: "Album", items: groups.albums },
{ type: "category" as const, label: "Category", items: groups.categories },
{ type: "tag" as const, label: "Tag", items: groups.tags },
] as const
).map((groupConfig) => (
<form
key={groupConfig.type}
action={linkArtworkGroupAction}
className="space-y-3 rounded border border-neutral-200 p-4"
>
<h3 className="text-sm font-semibold">{groupConfig.label} Link</h3>
<input type="hidden" name="groupType" value={groupConfig.type} />
<select
name="artworkId"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
>
{artworks.map((artwork) => (
<option key={`${groupConfig.type}-${artwork.id}`} value={artwork.id}>
{artwork.title}
</option>
))}
</select>
<select
name="groupId"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
>
{groupConfig.items.map((group) => (
<option key={`${groupConfig.type}-${group.id}`} value={group.id}>
{group.name}
</option>
))}
</select>
<Button type="submit">Link artwork</Button>
</form>
))}
</div>
</section>
<section className="rounded-xl border border-neutral-200 p-6">
<h2 className="text-xl font-medium">Attach Artwork Rendition Slot</h2>
<form
action={attachRenditionAction}
className="mt-4 grid gap-3 md:grid-cols-3 xl:grid-cols-6"
>
<select name="artworkId" className="rounded border border-neutral-300 px-3 py-2 text-sm">
{artworks.map((artwork) => (
<option key={artwork.id} value={artwork.id}>
{artwork.title}
</option>
))}
</select>
<select
name="mediaAssetId"
className="rounded border border-neutral-300 px-3 py-2 text-sm"
>
{mediaAssets.map((asset) => (
<option key={asset.id} value={asset.id}>
{asset.title}
</option>
))}
</select>
<select
name="slot"
defaultValue="thumbnail"
className="rounded border border-neutral-300 px-3 py-2 text-sm"
>
<option value="thumbnail">thumbnail</option>
<option value="card">card</option>
<option value="full">full</option>
<option value="custom">custom</option>
</select>
<input
name="width"
type="number"
placeholder="width"
className="rounded border border-neutral-300 px-3 py-2 text-sm"
/>
<input
name="height"
type="number"
placeholder="height"
className="rounded border border-neutral-300 px-3 py-2 text-sm"
/>
<select
name="isPrimary"
defaultValue="false"
className="rounded border border-neutral-300 px-3 py-2 text-sm"
>
<option value="false">not primary</option>
<option value="true">primary</option>
</select>
<div className="md:col-span-3 xl:col-span-6">
<Button type="submit">Attach rendition</Button>
</div>
</form>
</section>
<section className="rounded-xl border border-neutral-200 p-6">
<div className="flex items-center justify-between gap-2">
<h2 className="text-xl font-medium">Artworks</h2>
<span className="text-xs uppercase tracking-[0.2em] text-neutral-500">
MVP1 Foundation
</span>
</div>
<div className="mt-4 overflow-x-auto">
<table className="min-w-full text-left text-sm">
<thead className="text-xs uppercase tracking-wide text-neutral-500">
<tr>
<th className="py-2 pr-4">Title</th>
<th className="py-2 pr-4">Slug</th>
<th className="py-2 pr-4">Published</th>
<th className="py-2 pr-4">Renditions</th>
<th className="py-2 pr-4">Groups</th>
</tr>
</thead>
<tbody>
{artworks.length === 0 ? (
<tr>
<td className="py-3 text-neutral-500" colSpan={5}>
No artworks yet. Add creation flows after media upload pipeline lands.
</td>
</tr>
) : (
artworks.map((artwork) => (
<tr key={artwork.id} className="border-t border-neutral-200">
<td className="py-3 pr-4">{artwork.title}</td>
<td className="py-3 pr-4 font-mono text-xs">{artwork.slug}</td>
<td className="py-3 pr-4">{artwork.isPublished ? "yes" : "no"}</td>
<td className="py-3 pr-4">{artwork.renditions.length}</td>
<td className="py-3 pr-4 text-neutral-600">
g:{artwork.galleryLinks.length} a:{artwork.albumLinks.length} c:
{artwork.categoryLinks.length} t:{artwork.tagLinks.length}
</td>
</tr>
))
)}
</tbody>
</table>
</div>
</section>
</AdminShell>
)
}

70
apps/admin/src/app/settings/page.tsx
View File

@@ -1,14 +1,13 @@
import { hasPermission } from "@cms/content/rbac"
import { isAdminSelfRegistrationEnabled, setAdminSelfRegistrationEnabled } from "@cms/db" import { isAdminSelfRegistrationEnabled, setAdminSelfRegistrationEnabled } from "@cms/db"
import { Button } from "@cms/ui/button" import { Button } from "@cms/ui/button"
import { revalidatePath } from "next/cache" import { revalidatePath } from "next/cache"
import Link from "next/link" import Link from "next/link"
import { redirect } from "next/navigation" import { redirect } from "next/navigation"
import { AdminLocaleSwitcher } from "@/components/admin-locale-switcher" import { AdminShell } from "@/components/admin-shell"
import { translateMessage } from "@/i18n/messages" import { translateMessage } from "@/i18n/messages"
import { getAdminMessages, resolveAdminLocale } from "@/i18n/server" import { getAdminMessages, resolveAdminLocale } from "@/i18n/server"
import { resolveRoleFromServerContext } from "@/lib/access-server" import { requirePermissionForRoute } from "@/lib/route-guards"
type SearchParamsInput = Promise<Record<string, string | string[] | undefined>> type SearchParamsInput = Promise<Record<string, string | string[] | undefined>>
@@ -21,15 +20,11 @@ function toSingleValue(input: string | string[] | undefined): string | null {
} }
async function requireSettingsPermission() { async function requireSettingsPermission() {
const role = await resolveRoleFromServerContext() await requirePermissionForRoute({
nextPath: "/settings",
if (!role) { permission: "users:manage_roles",
redirect("/login?next=/settings") scope: "global",
} })
if (!hasPermission(role, "users:manage_roles", "global")) {
redirect("/unauthorized?required=users:manage_roles&scope=global")
}
} }
async function getSettingsTranslator() { async function getSettingsTranslator() {
@@ -85,7 +80,11 @@ async function updateRegistrationPolicyAction(formData: FormData) {
} }
export default async function SettingsPage({ searchParams }: { searchParams: SearchParamsInput }) { export default async function SettingsPage({ searchParams }: { searchParams: SearchParamsInput }) {
await requireSettingsPermission() const role = await requirePermissionForRoute({
nextPath: "/settings",
permission: "users:manage_roles",
scope: "global",
})
const [params, locale, isRegistrationEnabled] = await Promise.all([ const [params, locale, isRegistrationEnabled] = await Promise.all([
searchParams, searchParams,
@@ -99,31 +98,24 @@ export default async function SettingsPage({ searchParams }: { searchParams: Sea
const error = toSingleValue(params.error) const error = toSingleValue(params.error)
return ( return (
<main className="mx-auto flex min-h-screen w-full max-w-4xl flex-col gap-8 px-6 py-16"> <AdminShell
<header className="space-y-3"> role={role}
<div className="flex items-center justify-between gap-3"> activePath="/settings"
<p className="text-sm uppercase tracking-[0.2em] text-neutral-500"> badge={t("settings.badge", "Admin Settings")}
{t("settings.badge", "Admin Settings")} title={t("settings.title", "Settings")}
</p> description={t(
<AdminLocaleSwitcher /> "settings.description",
</div> "Manage runtime policies for the admin authentication and onboarding flow.",
<h1 className="text-4xl font-semibold tracking-tight">{t("settings.title", "Settings")}</h1> )}
<p className="text-neutral-600"> actions={
{t( <Link
"settings.description", href="/"
"Manage runtime policies for the admin authentication and onboarding flow.", className="inline-flex rounded-md border border-neutral-300 px-4 py-2 text-sm font-medium hover:bg-neutral-100"
)} >
</p> {t("settings.actions.backToDashboard", "Back to dashboard")}
<div className="flex items-center gap-3 pt-2"> </Link>
<Link }
href="/" >
className="inline-flex rounded-md border border-neutral-300 px-4 py-2 text-sm font-medium hover:bg-neutral-100"
>
{t("settings.actions.backToDashboard", "Back to dashboard")}
</Link>
</div>
</header>
{notice ? ( {notice ? (
<section className="rounded-xl border border-emerald-300 bg-emerald-50 px-4 py-3 text-sm text-emerald-800"> <section className="rounded-xl border border-emerald-300 bg-emerald-50 px-4 py-3 text-sm text-emerald-800">
{notice} {notice}
@@ -183,6 +175,6 @@ export default async function SettingsPage({ searchParams }: { searchParams: Sea
</form> </form>
</div> </div>
</section> </section>
</main> </AdminShell>
) )
} }

56
apps/admin/src/app/todo/page.tsx
View File

@@ -1,10 +1,9 @@
import { readFile } from "node:fs/promises" import { readFile } from "node:fs/promises"
import path from "node:path" import path from "node:path"
import { hasPermission } from "@cms/content/rbac"
import Link from "next/link" import Link from "next/link"
import { redirect } from "next/navigation"
import { resolveRoleFromServerContext } from "@/lib/access-server" import { AdminShell } from "@/components/admin-shell"
import { requirePermissionForRoute } from "@/lib/route-guards"
export const dynamic = "force-dynamic" export const dynamic = "force-dynamic"
@@ -405,15 +404,11 @@ function filterButtonClass(active: boolean): string {
export default async function AdminTodoPage(props: { export default async function AdminTodoPage(props: {
searchParams?: SearchParamsInput | Promise<SearchParamsInput> searchParams?: SearchParamsInput | Promise<SearchParamsInput>
}) { }) {
const role = await resolveRoleFromServerContext() const role = await requirePermissionForRoute({
nextPath: "/todo",
if (!role) { permission: "roadmap:read",
redirect("/login?next=/todo") scope: "global",
} })
if (!hasPermission(role, "roadmap:read", "global")) {
redirect("/unauthorized?required=roadmap:read&scope=global")
}
const content = await getTodoMarkdown() const content = await getTodoMarkdown()
const sections = parseTodo(content) const sections = parseTodo(content)
@@ -434,26 +429,21 @@ export default async function AdminTodoPage(props: {
} }
return ( return (
<main className="mx-auto flex min-h-screen w-full max-w-6xl flex-col gap-8 px-6 py-12"> <AdminShell
<header className="space-y-4"> role={role}
<p className="text-sm uppercase tracking-[0.2em] text-neutral-500">Admin App</p> activePath="/todo"
<div className="flex flex-wrap items-end justify-between gap-4"> badge="Admin App"
<div className="space-y-2"> title="Roadmap and Progress"
<h1 className="text-4xl font-semibold tracking-tight">Roadmap and Progress</h1> description="Structured view from root TODO.md (single source of truth)."
<p className="text-neutral-600"> actions={
Structured view from root `TODO.md` (single source of truth). <Link
</p> href="/"
</div> className="inline-flex rounded-md border border-neutral-300 px-4 py-2 text-sm font-medium hover:bg-neutral-100"
>
<Link Back to dashboard
href="/" </Link>
className="inline-flex rounded-md border border-neutral-300 px-4 py-2 text-sm font-medium hover:bg-neutral-100" }
> >
Back to dashboard
</Link>
</div>
</header>
<section className="rounded-xl border border-neutral-200 bg-neutral-50 p-5"> <section className="rounded-xl border border-neutral-200 bg-neutral-50 p-5">
<div className="mb-4 flex items-center justify-between gap-4"> <div className="mb-4 flex items-center justify-between gap-4">
<p className="text-sm font-medium text-neutral-600">Weighted completion</p> <p className="text-sm font-medium text-neutral-600">Weighted completion</p>
@@ -607,6 +597,6 @@ export default async function AdminTodoPage(props: {
{content} {content}
</pre> </pre>
</details> </details>
</main> </AdminShell>
) )
} }

34
apps/admin/src/app/users/page.tsx Normal file
View File

@@ -0,0 +1,34 @@
import { AdminSectionPlaceholder } from "@/components/admin-section-placeholder"
import { AdminShell } from "@/components/admin-shell"
import { requirePermissionForRoute } from "@/lib/route-guards"
export const dynamic = "force-dynamic"
export default async function UsersManagementPage() {
const role = await requirePermissionForRoute({
nextPath: "/users",
permission: "users:read",
scope: "own",
})
return (
<AdminShell
role={role}
activePath="/users"
badge="Admin App"
title="Users"
description="Prepare user lifecycle and role management operations."
>
<AdminSectionPlaceholder
feature="Users Management"
summary="This route sets the guardrail and UX entrypoint for role assignment, status, and invitation flows."
requiredPermission="users:read (own)"
nextSteps={[
"Add user list, filter, and detail views.",
"Add role and permission editing actions with owner/support safety rules.",
"Add disable/ban and invite workflows.",
]}
/>
</AdminShell>
)
}

40
apps/admin/src/components/admin-section-placeholder.tsx Normal file
View File

@@ -0,0 +1,40 @@
import type { ReactNode } from "react"
type AdminSectionPlaceholderProps = {
feature: string
summary: string
requiredPermission: string
nextSteps: string[]
children?: ReactNode
}
export function AdminSectionPlaceholder({
feature,
summary,
requiredPermission,
nextSteps,
children,
}: AdminSectionPlaceholderProps) {
return (
<section className="space-y-5 rounded-xl border border-neutral-200 p-6">
<div className="space-y-2">
<h2 className="text-xl font-medium">{feature}</h2>
<p className="text-sm text-neutral-600">{summary}</p>
<p className="text-xs uppercase tracking-wide text-neutral-500">
Required permission: {requiredPermission}
</p>
</div>
{children}
<div className="rounded-lg border border-neutral-200 bg-neutral-50 p-4">
<p className="text-sm font-medium text-neutral-800">Planned next steps</p>
<ul className="mt-2 list-disc space-y-1 pl-5 text-sm text-neutral-600">
{nextSteps.map((step) => (
<li key={step}>{step}</li>
))}
</ul>
</div>
</section>
)
}

128
apps/admin/src/components/admin-shell.tsx Normal file
View File

@@ -0,0 +1,128 @@
import { hasPermission, type Permission, type PermissionScope, type Role } from "@cms/content/rbac"
import Link from "next/link"
import type { ReactNode } from "react"
import { LogoutButton } from "@/app/logout-button"
import { AdminLocaleSwitcher } from "@/components/admin-locale-switcher"
import { getBuildInfo } from "@/lib/build-info"
type AdminShellProps = {
role: Role
activePath: string
badge: string
title: string
description: string
actions?: ReactNode
children: ReactNode
}
type NavItem = {
href: string
label: string
permission: Permission
scope: PermissionScope
}
const navItems: NavItem[] = [
{ href: "/", label: "Dashboard", permission: "dashboard:read", scope: "global" },
{ href: "/pages", label: "Pages", permission: "pages:read", scope: "team" },
{ href: "/navigation", label: "Navigation", permission: "navigation:read", scope: "team" },
{ href: "/media", label: "Media", permission: "media:read", scope: "team" },
{ href: "/portfolio", label: "Portfolio", permission: "media:read", scope: "team" },
{ href: "/users", label: "Users", permission: "users:read", scope: "own" },
{ href: "/commissions", label: "Commissions", permission: "commissions:read", scope: "own" },
{ href: "/announcements", label: "Announcements", permission: "banner:read", scope: "global" },
{ href: "/news", label: "News", permission: "news:read", scope: "team" },
{ href: "/settings", label: "Settings", permission: "users:manage_roles", scope: "global" },
{ href: "/todo", label: "Roadmap", permission: "roadmap:read", scope: "global" },
]
function navItemClass(active: boolean): string {
if (active) {
return "bg-neutral-900 text-white border-neutral-900"
}
return "bg-white text-neutral-700 border-neutral-300 hover:bg-neutral-100"
}
function isActiveRoute(activePath: string, href: string): boolean {
if (href === "/") {
return activePath === "/"
}
return activePath === href || activePath.startsWith(`${href}/`)
}
export function AdminShell({
role,
activePath,
badge,
title,
description,
actions,
children,
}: AdminShellProps) {
const buildInfo = getBuildInfo()
return (
<div className="mx-auto flex min-h-screen w-full max-w-7xl gap-8 px-6 py-10">
<aside className="sticky top-0 hidden h-fit w-64 shrink-0 space-y-4 lg:block">
<div className="rounded-xl border border-neutral-200 bg-white p-4">
<p className="text-xs font-semibold uppercase tracking-[0.2em] text-neutral-500">
CMS Admin
</p>
<p className="mt-2 text-sm text-neutral-600">Role: {role}</p>
</div>
<nav className="space-y-2">
{navItems
.filter((item) => hasPermission(role, item.permission, item.scope))
.map((item) => (
<Link
key={item.href}
href={item.href}
className={`block rounded-md border px-3 py-2 text-sm font-medium ${navItemClass(isActiveRoute(activePath, item.href))}`}
>
{item.label}
</Link>
))}
</nav>
</aside>
<div className="min-w-0 flex-1 space-y-8">
<nav className="flex flex-wrap gap-2 lg:hidden">
{navItems
.filter((item) => hasPermission(role, item.permission, item.scope))
.map((item) => (
<Link
key={`mobile-${item.href}`}
href={item.href}
className={`rounded-md border px-3 py-2 text-sm font-medium ${navItemClass(isActiveRoute(activePath, item.href))}`}
>
{item.label}
</Link>
))}
</nav>
<header className="space-y-3">
<div className="flex flex-wrap items-center justify-between gap-3">
<p className="text-sm uppercase tracking-[0.2em] text-neutral-500">{badge}</p>
<div className="flex items-center gap-2">
<AdminLocaleSwitcher />
<LogoutButton />
</div>
</div>
<h1 className="text-4xl font-semibold tracking-tight">{title}</h1>
<p className="text-neutral-600">{description}</p>
{actions ? <div className="flex flex-wrap items-center gap-3 pt-1">{actions}</div> : null}
</header>
{children}
<footer className="border-t border-neutral-200 pt-4 text-xs text-neutral-500">
Build v{buildInfo.version} +sha.{buildInfo.sha}
</footer>
</div>
</div>
)
}

19
apps/admin/src/components/media/flash-query-cleanup.tsx Normal file
View File

@@ -0,0 +1,19 @@
"use client"
import { useEffect } from "react"
type FlashQueryCleanupProps = {
enabled: boolean
}
export function FlashQueryCleanup({ enabled }: FlashQueryCleanupProps) {
useEffect(() => {
if (!enabled) {
return
}
window.history.replaceState(window.history.state, "", "/media")
}, [enabled])
return null
}

167
apps/admin/src/components/media/media-upload-form.tsx Normal file
View File

@@ -0,0 +1,167 @@
"use client"
import { Button } from "@cms/ui/button"
import { type FormEvent, useState } from "react"
type MediaType = "artwork" | "banner" | "promotion" | "video" | "gif" | "generic"
const ACCEPT_BY_TYPE: Record<MediaType, string> = {
artwork: "image/jpeg,image/png,image/webp,image/avif,image/gif",
banner: "image/jpeg,image/png,image/webp,image/avif",
promotion: "image/jpeg,image/png,image/webp,image/avif,image/gif,video/mp4,video/webm",
video: "video/mp4,video/webm,video/quicktime",
gif: "image/gif",
generic: "image/*,video/*",
}
export function MediaUploadForm() {
const [isSubmitting, setIsSubmitting] = useState(false)
const [error, setError] = useState<string | null>(null)
const [mediaType, setMediaType] = useState<MediaType>("artwork")
async function handleSubmit(event: FormEvent<HTMLFormElement>) {
event.preventDefault()
const form = event.currentTarget
const formData = new FormData(form)
setError(null)
setIsSubmitting(true)
try {
const response = await fetch("/api/media/upload", {
method: "POST",
body: formData,
})
if (!response.ok) {
const payload = (await response.json().catch(() => null)) as {
message?: string
} | null
setError(payload?.message ?? "Upload failed. Please verify file and metadata.")
return
}
const payload = (await response.json().catch(() => null)) as {
notice?: string
provider?: "s3" | "local"
warning?: string
} | null
const notice = payload?.notice ?? "Media uploaded."
const provider = payload?.provider ?? "local"
const warning = payload?.warning
const warningQuery = warning ? `&warning=${encodeURIComponent(warning)}` : ""
window.location.href = `/media?notice=${encodeURIComponent(notice)}&uploadedVia=${encodeURIComponent(provider)}${warningQuery}`
} catch {
setError("Upload request failed. Please retry.")
} finally {
setIsSubmitting(false)
}
}
return (
<form onSubmit={handleSubmit} className="mt-4 space-y-3">
{error ? (
<p className="rounded border border-red-300 bg-red-50 px-3 py-2 text-sm text-red-700">
{error}
</p>
) : null}
<div className="grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Title</span>
<input
name="title"
placeholder="Optional (defaults to file name)"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Type</span>
<select
name="type"
value={mediaType}
onChange={(event) => setMediaType(event.target.value as MediaType)}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
>
<option value="artwork">artwork</option>
<option value="banner">banner</option>
<option value="promotion">promotion</option>
<option value="video">video</option>
<option value="gif">gif</option>
<option value="generic">generic</option>
</select>
</label>
</div>
<label className="space-y-1">
<span className="text-xs text-neutral-600">File</span>
<input
name="file"
type="file"
required
accept={ACCEPT_BY_TYPE[mediaType]}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Description</span>
<textarea
name="description"
rows={3}
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<div className="grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Alt text</span>
<input
name="altText"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Author</span>
<input
name="author"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
</div>
<div className="grid gap-3 md:grid-cols-2">
<label className="space-y-1">
<span className="text-xs text-neutral-600">Source</span>
<input
name="source"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Copyright</span>
<input
name="copyright"
className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
/>
</label>
</div>
<label className="space-y-1">
<span className="text-xs text-neutral-600">Tags (comma-separated)</span>
<input name="tags" className="w-full rounded border border-neutral-300 px-3 py-2 text-sm" />
</label>
<label className="inline-flex items-center gap-2 text-sm text-neutral-700">
<input name="isPublished" type="checkbox" value="true" className="size-4" />
Publish immediately
</label>
<Button type="submit" disabled={isSubmitting}>
{isSubmitting ? "Uploading..." : "Upload media"}
</Button>
</form>
)
}

17
apps/admin/src/i18n/server.test.ts Normal file
View File

@@ -0,0 +1,17 @@
import { describe, expect, it } from "vitest"
import { resolveAdminLocaleFromCookieValue } from "./server"
describe("resolveAdminLocaleFromCookieValue", () => {
it("accepts supported locales", () => {
expect(resolveAdminLocaleFromCookieValue("de")).toBe("de")
expect(resolveAdminLocaleFromCookieValue("en")).toBe("en")
expect(resolveAdminLocaleFromCookieValue("es")).toBe("es")
expect(resolveAdminLocaleFromCookieValue("fr")).toBe("fr")
})
it("falls back to default locale for unknown values", () => {
expect(resolveAdminLocaleFromCookieValue("it")).toBe("en")
expect(resolveAdminLocaleFromCookieValue(undefined)).toBe("en")
})
})

11
apps/admin/src/i18n/server.ts
View File

@@ -4,10 +4,7 @@ import { cookies } from "next/headers"
import type { AdminMessages } from "./messages" import type { AdminMessages } from "./messages"
import { ADMIN_LOCALE_COOKIE } from "./shared" import { ADMIN_LOCALE_COOKIE } from "./shared"
export async function resolveAdminLocale(): Promise<AppLocale> { export function resolveAdminLocaleFromCookieValue(value: string | undefined): AppLocale {
const cookieStore = await cookies()
const value = cookieStore.get(ADMIN_LOCALE_COOKIE)?.value
if (value && isAppLocale(value)) { if (value && isAppLocale(value)) {
return value return value
} }
@@ -15,6 +12,12 @@ export async function resolveAdminLocale(): Promise<AppLocale> {
return defaultLocale return defaultLocale
} }
export async function resolveAdminLocale(): Promise<AppLocale> {
const cookieStore = await cookies()
const value = cookieStore.get(ADMIN_LOCALE_COOKIE)?.value
return resolveAdminLocaleFromCookieValue(value)
}
export async function getAdminMessages(locale: AppLocale): Promise<AdminMessages> { export async function getAdminMessages(locale: AppLocale): Promise<AdminMessages> {
return (await import(`../messages/${locale}.json`)).default as AdminMessages return (await import(`../messages/${locale}.json`)).default as AdminMessages
} }

35
apps/admin/src/lib/access.test.ts
View File

@@ -21,4 +21,39 @@ describe("admin route access rules", () => {
scope: "global", scope: "global",
}) })
}) })
it("maps new admin IA routes to dedicated permissions", () => {
expect(getRequiredPermission("/pages")).toEqual({
permission: "pages:read",
scope: "team",
})
expect(getRequiredPermission("/navigation")).toEqual({
permission: "navigation:read",
scope: "team",
})
expect(getRequiredPermission("/media")).toEqual({
permission: "media:read",
scope: "team",
})
expect(getRequiredPermission("/portfolio")).toEqual({
permission: "media:read",
scope: "team",
})
expect(getRequiredPermission("/users")).toEqual({
permission: "users:read",
scope: "own",
})
expect(getRequiredPermission("/commissions")).toEqual({
permission: "commissions:read",
scope: "own",
})
expect(getRequiredPermission("/announcements")).toEqual({
permission: "banner:read",
scope: "global",
})
expect(getRequiredPermission("/news")).toEqual({
permission: "news:read",
scope: "team",
})
})
}) })

56
apps/admin/src/lib/access.ts
View File

@@ -43,6 +43,62 @@ const guardRules: GuardRule[] = [
scope: "global", scope: "global",
}, },
}, },
{
route: /^\/pages(?:\/|$)/,
requirement: {
permission: "pages:read",
scope: "team",
},
},
{
route: /^\/navigation(?:\/|$)/,
requirement: {
permission: "navigation:read",
scope: "team",
},
},
{
route: /^\/media(?:\/|$)/,
requirement: {
permission: "media:read",
scope: "team",
},
},
{
route: /^\/portfolio(?:\/|$)/,
requirement: {
permission: "media:read",
scope: "team",
},
},
{
route: /^\/users(?:\/|$)/,
requirement: {
permission: "users:read",
scope: "own",
},
},
{
route: /^\/commissions(?:\/|$)/,
requirement: {
permission: "commissions:read",
scope: "own",
},
},
{
route: /^\/announcements(?:\/|$)/,
requirement: {
permission: "banner:read",
scope: "global",
},
},
{
route: /^\/news(?:\/|$)/,
requirement: {
permission: "news:read",
scope: "team",
},
},
{ {
route: /^\/settings(?:\/|$)/, route: /^\/settings(?:\/|$)/,
requirement: { requirement: {

29
apps/admin/src/lib/build-info.test.ts Normal file
View File

@@ -0,0 +1,29 @@
import { afterEach, describe, expect, it, vi } from "vitest"
import { getBuildInfo } from "./build-info"
afterEach(() => {
vi.unstubAllEnvs()
})
describe("getBuildInfo (admin)", () => {
it("returns fallback values when env is missing", () => {
vi.stubEnv("NEXT_PUBLIC_APP_VERSION", "")
vi.stubEnv("NEXT_PUBLIC_GIT_SHA", "")
expect(getBuildInfo()).toEqual({
version: "0.0.1-dev",
sha: "local",
})
})
it("uses env values and truncates git sha", () => {
vi.stubEnv("NEXT_PUBLIC_APP_VERSION", "0.2.0")
vi.stubEnv("NEXT_PUBLIC_GIT_SHA", "abcdef123456")
expect(getBuildInfo()).toEqual({
version: "0.2.0",
sha: "abcdef1",
})
})
})

21
apps/admin/src/lib/build-info.ts Normal file
View File

@@ -0,0 +1,21 @@
const FALLBACK_VERSION = "0.0.1-dev"
const FALLBACK_SHA = "local"
function shortenSha(input: string): string {
const value = input.trim()
if (!value) {
return FALLBACK_SHA
}
return value.slice(0, 7)
}
export function getBuildInfo() {
const version = process.env.NEXT_PUBLIC_APP_VERSION?.trim() || FALLBACK_VERSION
const sha = shortenSha(process.env.NEXT_PUBLIC_GIT_SHA ?? "")
return {
version,
sha,
}
}

66
apps/admin/src/lib/media/local-storage.ts Normal file
View File

@@ -0,0 +1,66 @@
import { mkdir, rm, writeFile } from "node:fs/promises"
import path from "node:path"
import { buildMediaStorageKey } from "@/lib/media/storage-key"
type StoreLocalUploadParams = {
file: File
tenantId: string
assetId: string
fileRole: string
variant: string
}
type StoredUpload = {
storageKey: string
}
export function resolveLocalMediaBaseDirectory(): string {
const configured = process.env.CMS_MEDIA_LOCAL_STORAGE_DIR?.trim()
if (configured) {
return path.resolve(configured)
}
return path.resolve(process.cwd(), ".data", "media")
}
export async function storeUploadLocally(params: StoreLocalUploadParams): Promise<StoredUpload> {
const storageKey = buildMediaStorageKey({
tenantId: params.tenantId,
assetId: params.assetId,
fileRole: params.fileRole,
variant: params.variant,
fileName: params.file.name,
})
const baseDirectory = resolveLocalMediaBaseDirectory()
const outputPath = path.join(baseDirectory, storageKey)
await mkdir(path.dirname(outputPath), { recursive: true })
const bytes = new Uint8Array(await params.file.arrayBuffer())
await writeFile(outputPath, bytes)
return { storageKey }
}
export async function deleteLocalStorageObject(storageKey: string): Promise<boolean> {
const baseDirectory = resolveLocalMediaBaseDirectory()
const outputPath = path.join(baseDirectory, storageKey)
try {
await rm(outputPath)
return true
} catch (error) {
const code =
typeof error === "object" && error !== null && "code" in error
? String((error as { code?: unknown }).code)
: ""
if (code === "ENOENT") {
return false
}
throw error
}
}

103
apps/admin/src/lib/media/s3-storage.ts Normal file
View File

@@ -0,0 +1,103 @@
import { DeleteObjectCommand, PutObjectCommand, S3Client } from "@aws-sdk/client-s3"
import { buildMediaStorageKey } from "@/lib/media/storage-key"
type StoreS3UploadParams = {
file: File
tenantId: string
assetId: string
fileRole: string
variant: string
}
type StoredUpload = {
storageKey: string
}
type S3Config = {
bucket: string
region: string
endpoint?: string
accessKeyId: string
secretAccessKey: string
forcePathStyle?: boolean
}
function parseBoolean(value: string | undefined): boolean {
return value?.toLowerCase() === "true"
}
export function resolveS3Config(): S3Config {
const bucket = process.env.CMS_MEDIA_S3_BUCKET?.trim()
const region = process.env.CMS_MEDIA_S3_REGION?.trim()
const accessKeyId = process.env.CMS_MEDIA_S3_ACCESS_KEY_ID?.trim()
const secretAccessKey = process.env.CMS_MEDIA_S3_SECRET_ACCESS_KEY?.trim()
const endpoint = process.env.CMS_MEDIA_S3_ENDPOINT?.trim() || undefined
if (!bucket || !region || !accessKeyId || !secretAccessKey) {
throw new Error(
"S3 storage selected but required env vars are missing: CMS_MEDIA_S3_BUCKET, CMS_MEDIA_S3_REGION, CMS_MEDIA_S3_ACCESS_KEY_ID, CMS_MEDIA_S3_SECRET_ACCESS_KEY",
)
}
return {
bucket,
region,
endpoint,
accessKeyId,
secretAccessKey,
forcePathStyle: parseBoolean(process.env.CMS_MEDIA_S3_FORCE_PATH_STYLE),
}
}
export function createS3Client(config: S3Config): S3Client {
return new S3Client({
region: config.region,
endpoint: config.endpoint,
forcePathStyle: config.forcePathStyle,
credentials: {
accessKeyId: config.accessKeyId,
secretAccessKey: config.secretAccessKey,
},
})
}
export async function storeUploadToS3(params: StoreS3UploadParams): Promise<StoredUpload> {
const config = resolveS3Config()
const client = createS3Client(config)
const storageKey = buildMediaStorageKey({
tenantId: params.tenantId,
assetId: params.assetId,
fileRole: params.fileRole,
variant: params.variant,
fileName: params.file.name,
})
const payload = new Uint8Array(await params.file.arrayBuffer())
await client.send(
new PutObjectCommand({
Bucket: config.bucket,
Key: storageKey,
Body: payload,
ContentType: params.file.type || undefined,
ContentLength: params.file.size,
CacheControl: "public, max-age=31536000, immutable",
}),
)
return { storageKey }
}
export async function deleteS3Object(storageKey: string): Promise<boolean> {
const config = resolveS3Config()
const client = createS3Client(config)
await client.send(
new DeleteObjectCommand({
Bucket: config.bucket,
Key: storageKey,
}),
)
return true
}

19
apps/admin/src/lib/media/storage-key.test.ts Normal file
View File

@@ -0,0 +1,19 @@
import { describe, expect, it } from "vitest"
import { buildMediaStorageKey } from "@/lib/media/storage-key"
describe("buildMediaStorageKey", () => {
it("builds asset-centric key with fileRole and variant", () => {
const key = buildMediaStorageKey({
tenantId: "default",
assetId: "550e8400-e29b-41d4-a716-446655440000",
fileRole: "original",
variant: "thumb",
fileName: "My File.PNG",
})
expect(key).toBe(
"tenant/default/asset/550e8400-e29b-41d4-a716-446655440000/original/550e8400-e29b-41d4-a716-446655440000__thumb.png",
)
})
})

49
apps/admin/src/lib/media/storage-key.ts Normal file
View File

@@ -0,0 +1,49 @@
import path from "node:path"
const FALLBACK_EXTENSION = "bin"
const DEFAULT_VARIANT = "original"
type BuildMediaStorageKeyParams = {
tenantId: string
assetId: string
fileRole: string
variant?: string
fileName: string
}
function normalizeSegment(value: string): string {
return value
.toLowerCase()
.replace(/[^a-z0-9._-]+/g, "-")
.replace(/^-+|-+$/g, "")
}
function extensionFromFilename(fileName: string): string {
const extension = path.extname(fileName).slice(1)
if (!extension) {
return FALLBACK_EXTENSION
}
const normalized = normalizeSegment(extension)
return normalized.length > 0 ? normalized : FALLBACK_EXTENSION
}
export function buildMediaStorageKey(params: BuildMediaStorageKeyParams): string {
const normalizedTenantId = normalizeSegment(params.tenantId) || "default"
const normalizedAssetId = normalizeSegment(params.assetId)
const normalizedFileRole = normalizeSegment(params.fileRole) || "original"
const normalizedVariant = normalizeSegment(params.variant ?? DEFAULT_VARIANT) || DEFAULT_VARIANT
const extension = extensionFromFilename(params.fileName)
const fileName = `${normalizedAssetId}__${normalizedVariant}.${extension}`
return [
"tenant",
normalizedTenantId,
"asset",
normalizedAssetId,
normalizedFileRole,
fileName,
].join("/")
}

23
apps/admin/src/lib/media/storage.test.ts Normal file
View File

@@ -0,0 +1,23 @@
import { describe, expect, it } from "vitest"
import { resolveMediaStorageProvider } from "@/lib/media/storage"
describe("resolveMediaStorageProvider", () => {
it("defaults to s3 when unset", () => {
expect(resolveMediaStorageProvider(undefined)).toBe("s3")
})
it("resolves s3", () => {
expect(resolveMediaStorageProvider("s3")).toBe("s3")
expect(resolveMediaStorageProvider("S3")).toBe("s3")
})
it("resolves local explicitly", () => {
expect(resolveMediaStorageProvider("local")).toBe("local")
expect(resolveMediaStorageProvider("LOCAL")).toBe("local")
})
it("falls back to s3 for unknown values", () => {
expect(resolveMediaStorageProvider("foo")).toBe("s3")
})
})

149
apps/admin/src/lib/media/storage.ts Normal file
View File

@@ -0,0 +1,149 @@
import { deleteLocalStorageObject, storeUploadLocally } from "@/lib/media/local-storage"
import { deleteS3Object, storeUploadToS3 } from "@/lib/media/s3-storage"
export type MediaStorageProvider = "local" | "s3"
type StoreUploadParams = {
file: File
assetId: string
variant: string
fileRole: string
}
type StoredUpload = {
storageKey: string
provider: MediaStorageProvider
fallbackReason?: string
}
type S3LikeError = {
name?: unknown
message?: unknown
Code?: unknown
code?: unknown
$metadata?: {
httpStatusCode?: unknown
requestId?: unknown
}
}
function resolveTenantId(): string {
return process.env.CMS_MEDIA_STORAGE_TENANT_ID?.trim() || "default"
}
function describeS3Error(error: unknown): string {
if (!error || typeof error !== "object") {
return "Unknown S3 error"
}
const err = error as S3LikeError
const details: string[] = []
if (typeof err.name === "string" && err.name.length > 0) {
details.push(`name=${err.name}`)
}
if (typeof err.message === "string" && err.message.length > 0) {
details.push(`message=${err.message}`)
}
if (typeof err.Code === "string" && err.Code.length > 0) {
details.push(`code=${err.Code}`)
} else if (typeof err.code === "string" && err.code.length > 0) {
details.push(`code=${err.code}`)
}
const status = err.$metadata?.httpStatusCode
if (typeof status === "number") {
details.push(`status=${status}`)
}
const requestId = err.$metadata?.requestId
if (typeof requestId === "string" && requestId.length > 0) {
details.push(`requestId=${requestId}`)
}
return details.length > 0 ? details.join(", ") : "Unknown S3 error"
}
export function resolveMediaStorageProvider(raw: string | undefined): MediaStorageProvider {
if (raw?.toLowerCase() === "local") {
return "local"
}
return "s3"
}
export async function storeUpload(params: StoreUploadParams): Promise<StoredUpload> {
const provider = resolveMediaStorageProvider(process.env.CMS_MEDIA_STORAGE_PROVIDER)
const tenantId = resolveTenantId()
if (provider === "s3") {
try {
const stored = await storeUploadToS3({
file: params.file,
tenantId,
assetId: params.assetId,
fileRole: params.fileRole,
variant: params.variant,
})
return {
...stored,
provider,
}
} catch (error) {
const detail = describeS3Error(error)
const fallbackStored = await storeUploadLocally({
file: params.file,
tenantId,
assetId: params.assetId,
fileRole: params.fileRole,
variant: params.variant,
})
return {
...fallbackStored,
provider: "local",
fallbackReason: `S3 upload failed; file stored locally instead. ${detail}`,
}
}
}
const stored = await storeUploadLocally({
file: params.file,
tenantId,
assetId: params.assetId,
fileRole: params.fileRole,
variant: params.variant,
})
return {
...stored,
provider,
}
}
export async function deleteStoredMediaObject(storageKey: string): Promise<void> {
const preferred = resolveMediaStorageProvider(process.env.CMS_MEDIA_STORAGE_PROVIDER)
const deleteOperations =
preferred === "s3"
? [() => deleteS3Object(storageKey), () => deleteLocalStorageObject(storageKey)]
: [() => deleteLocalStorageObject(storageKey), () => deleteS3Object(storageKey)]
const errors: string[] = []
for (const performDelete of deleteOperations) {
try {
const deleted = await performDelete()
if (deleted) {
return
}
} catch (error) {
const detail = describeS3Error(error)
errors.push(detail)
}
}
if (errors.length > 0) {
throw new Error(`Storage object deletion failed for key "${storageKey}": ${errors.join(" | ")}`)
}
}

30
apps/admin/src/lib/route-guards.ts Normal file
View File

@@ -0,0 +1,30 @@
import { hasPermission, type Permission, type PermissionScope, type Role } from "@cms/content/rbac"
import { redirect } from "next/navigation"
import { resolveRoleFromServerContext } from "@/lib/access-server"
type RequirePermissionParams = {
nextPath: string
permission: Permission
scope: PermissionScope
}
export async function requireRoleForRoute(nextPath: string): Promise<Role> {
const role = await resolveRoleFromServerContext()
if (!role) {
redirect(`/login?next=${encodeURIComponent(nextPath)}`)
}
return role
}
export async function requirePermissionForRoute(params: RequirePermissionParams): Promise<Role> {
const role = await requireRoleForRoute(params.nextPath)
if (!hasPermission(role, params.permission, params.scope)) {
redirect(`/unauthorized?required=${params.permission}&scope=${params.scope}`)
}
return role
}

21
apps/web/src/app/[locale]/[slug]/page.tsx Normal file
View File

@@ -0,0 +1,21 @@
import { getPublishedPageBySlug } from "@cms/db"
import { notFound } from "next/navigation"
import { PublicPageView } from "@/components/public-page-view"
export const dynamic = "force-dynamic"
type PageProps = {
params: Promise<{ slug: string }>
}
export default async function CmsPageRoute({ params }: PageProps) {
const { slug } = await params
const page = await getPublishedPageBySlug(slug)
if (!page) {
notFound()
}
return <PublicPageView page={page} />
}

39
apps/web/src/app/[locale]/layout.tsx
View File

@@ -1,7 +1,12 @@
import { getPublicHeaderBanner } from "@cms/db"
import { notFound } from "next/navigation" import { notFound } from "next/navigation"
import { hasLocale, NextIntlClientProvider } from "next-intl" import { hasLocale, NextIntlClientProvider } from "next-intl"
import { getTranslations } from "next-intl/server"
import type { ReactNode } from "react" import type { ReactNode } from "react"
import { PublicAnnouncements } from "@/components/public-announcements"
import { PublicHeaderBanner } from "@/components/public-header-banner"
import { PublicSiteFooter } from "@/components/public-site-footer"
import { PublicSiteHeader } from "@/components/public-site-header"
import { routing } from "@/i18n/routing" import { routing } from "@/i18n/routing"
import { Providers } from "../providers" import { Providers } from "../providers"
@@ -12,6 +17,28 @@ type LocaleLayoutProps = {
}> }>
} }
export async function generateMetadata({ params }: LocaleLayoutProps) {
const { locale } = await params
if (!hasLocale(routing.locales, locale)) {
return {}
}
const t = await getTranslations({
locale,
namespace: "Seo",
})
return {
title: t("title"),
description: t("description"),
openGraph: {
title: t("title"),
description: t("description"),
},
}
}
export default async function LocaleLayout({ children, params }: LocaleLayoutProps) { export default async function LocaleLayout({ children, params }: LocaleLayoutProps) {
const { locale } = await params const { locale } = await params
@@ -19,9 +46,17 @@ export default async function LocaleLayout({ children, params }: LocaleLayoutPro
notFound() notFound()
} }
const banner = await getPublicHeaderBanner()
return ( return (
<NextIntlClientProvider locale={locale}> <NextIntlClientProvider locale={locale}>
<Providers>{children}</Providers> <Providers>
<PublicHeaderBanner banner={banner} />
<PublicAnnouncements placement="global_top" />
<PublicSiteHeader />
<main>{children}</main>
<PublicSiteFooter />
</Providers>
</NextIntlClientProvider> </NextIntlClientProvider>
) )
} }

30
apps/web/src/app/[locale]/news/[slug]/page.tsx Normal file
View File

@@ -0,0 +1,30 @@
import { getPostBySlug } from "@cms/db"
import { notFound } from "next/navigation"
export const dynamic = "force-dynamic"
type PageProps = {
params: Promise<{ slug: string }>
}
export default async function PublicNewsDetailPage({ params }: PageProps) {
const { slug } = await params
const post = await getPostBySlug(slug)
if (!post || post.status !== "published") {
notFound()
}
return (
<article className="mx-auto w-full max-w-4xl space-y-4 px-6 py-16">
<header className="space-y-2">
<p className="text-sm uppercase tracking-[0.2em] text-neutral-500">News</p>
<h1 className="text-4xl font-semibold tracking-tight">{post.title}</h1>
{post.excerpt ? <p className="text-neutral-600">{post.excerpt}</p> : null}
</header>
<section className="prose prose-neutral max-w-none whitespace-pre-wrap rounded-xl border border-neutral-200 bg-white p-6 text-neutral-800">
{post.body}
</section>
</article>
)
}

33
apps/web/src/app/[locale]/news/page.tsx Normal file
View File

@@ -0,0 +1,33 @@
import { listPosts } from "@cms/db"
import Link from "next/link"
export const dynamic = "force-dynamic"
export default async function PublicNewsIndexPage() {
const posts = await listPosts()
return (
<section className="mx-auto w-full max-w-4xl space-y-4 px-6 py-16">
<header className="space-y-2">
<p className="text-sm uppercase tracking-[0.2em] text-neutral-500">News</p>
<h1 className="text-4xl font-semibold tracking-tight">Latest updates</h1>
</header>
<div className="space-y-3">
{posts.map((post) => (
<article key={post.id} className="rounded-lg border border-neutral-200 p-4">
<p className="text-xs uppercase tracking-wide text-neutral-500">{post.status}</p>
<h2 className="mt-1 text-lg font-medium">{post.title}</h2>
<p className="mt-2 text-sm text-neutral-600">{post.excerpt ?? "No excerpt"}</p>
<Link
href={`/news/${post.slug}`}
className="mt-2 inline-block text-sm underline underline-offset-2"
>
Read post
</Link>
</article>
))}
</div>
</section>
)
}

60
apps/web/src/app/[locale]/page.tsx
View File

@@ -1,41 +1,47 @@
import { listPosts } from "@cms/db" import { getPublishedPageBySlug, listPosts } from "@cms/db"
import { Button } from "@cms/ui/button" import { Button } from "@cms/ui/button"
import { getTranslations } from "next-intl/server" import { getTranslations } from "next-intl/server"
import { PublicAnnouncements } from "@/components/public-announcements"
import { LanguageSwitcher } from "@/components/language-switcher" import { PublicPageView } from "@/components/public-page-view"
export const dynamic = "force-dynamic" export const dynamic = "force-dynamic"
export default async function HomePage() { export default async function HomePage() {
const [posts, t] = await Promise.all([listPosts(), getTranslations("Home")]) const [homePage, posts, t] = await Promise.all([
getPublishedPageBySlug("home"),
listPosts(),
getTranslations("Home"),
])
return ( return (
<main className="mx-auto flex min-h-screen w-full max-w-3xl flex-col gap-6 px-6 py-16"> <section>
<header className="space-y-3"> {homePage ? <PublicPageView page={homePage} /> : null}
<div className="flex flex-wrap items-center justify-between gap-3"> <PublicAnnouncements placement="homepage" />
<section className="mx-auto flex w-full max-w-6xl flex-col gap-6 px-6 py-6 pb-16">
<header className="space-y-3">
<p className="text-sm uppercase tracking-[0.2em] text-neutral-500">{t("badge")}</p> <p className="text-sm uppercase tracking-[0.2em] text-neutral-500">{t("badge")}</p>
<LanguageSwitcher /> <h2 className="text-3xl font-semibold tracking-tight">{t("latestPosts")}</h2>
</div> <p className="text-neutral-600">{t("description")}</p>
<h1 className="text-4xl font-semibold tracking-tight">{t("title")}</h1> </header>
<p className="text-neutral-600">{t("description")}</p>
</header>
<section className="space-y-4 rounded-xl border border-neutral-200 p-6"> <section className="space-y-4 rounded-xl border border-neutral-200 p-6">
<div className="flex items-center justify-between"> <div className="flex items-center justify-between">
<h2 className="text-xl font-medium">{t("latestPosts")}</h2> <h3 className="text-xl font-medium">{t("latestPosts")}</h3>
<Button variant="secondary">{t("explore")}</Button> <Button variant="secondary">{t("explore")}</Button>
</div> </div>
<ul className="space-y-3"> <ul className="space-y-3">
{posts.map((post) => ( {posts.map((post) => (
<li key={post.id} className="rounded-lg border border-neutral-200 p-4"> <li key={post.id} className="rounded-lg border border-neutral-200 p-4">
<p className="text-xs uppercase tracking-wide text-neutral-500">{post.status}</p> <p className="text-xs uppercase tracking-wide text-neutral-500">{post.status}</p>
<h3 className="mt-1 text-lg font-medium">{post.title}</h3> <h4 className="mt-1 text-lg font-medium">{post.title}</h4>
<p className="mt-2 text-sm text-neutral-600">{post.excerpt ?? t("noExcerpt")}</p> <p className="mt-2 text-sm text-neutral-600">{post.excerpt ?? t("noExcerpt")}</p>
</li> </li>
))} ))}
</ul> </ul>
</section>
</section> </section>
</main> </section>
) )
} }

23
apps/web/src/app/layout.tsx
View File

@@ -3,9 +3,30 @@ import type { ReactNode } from "react"
import "./globals.css" import "./globals.css"
const metadataBase = new URL(process.env.CMS_WEB_ORIGIN ?? "http://localhost:3000")
export const metadata: Metadata = { export const metadata: Metadata = {
title: "CMS Web", metadataBase,
title: {
default: "CMS Web",
template: "%s | CMS Web",
},
description: "Public frontend for the CMS monorepo", description: "Public frontend for the CMS monorepo",
applicationName: "CMS Web",
openGraph: {
type: "website",
siteName: "CMS Web",
title: "CMS Web",
description: "Public frontend for the CMS monorepo",
url: metadataBase,
},
alternates: {
canonical: "/",
},
robots: {
index: true,
follow: true,
},
} }
export default function RootLayout({ children }: { children: ReactNode }) { export default function RootLayout({ children }: { children: ReactNode }) {

13
apps/web/src/app/robots.ts Normal file
View File

@@ -0,0 +1,13 @@
import type { MetadataRoute } from "next"
const baseUrl = process.env.CMS_WEB_ORIGIN ?? "http://localhost:3000"
export default function robots(): MetadataRoute.Robots {
return {
rules: {
userAgent: "*",
allow: "/",
},
sitemap: `${baseUrl}/sitemap.xml`,
}
}

13
apps/web/src/app/sitemap.ts Normal file
View File

@@ -0,0 +1,13 @@
import { listPublishedPageSlugs } from "@cms/db"
import type { MetadataRoute } from "next"
const baseUrl = process.env.CMS_WEB_ORIGIN ?? "http://localhost:3000"
export default async function sitemap(): Promise<MetadataRoute.Sitemap> {
const pages = await listPublishedPageSlugs()
return pages.map((page) => ({
url: page.slug === "home" ? `${baseUrl}/` : `${baseUrl}/${page.slug}`,
lastModified: page.updatedAt,
}))
}

39
apps/web/src/components/public-announcements.tsx Normal file
View File

@@ -0,0 +1,39 @@
import { listActiveAnnouncements, type PublicAnnouncement } from "@cms/db"
import Link from "next/link"
type PublicAnnouncementsProps = {
placement: "global_top" | "homepage"
}
function AnnouncementCard({ announcement }: { announcement: PublicAnnouncement }) {
return (
<article className="rounded-lg border border-blue-200 bg-blue-50 px-4 py-3 text-sm text-blue-900">
<p className="text-xs uppercase tracking-wide text-blue-700">{announcement.title}</p>
<p className="mt-1">{announcement.message}</p>
{announcement.ctaLabel && announcement.ctaHref ? (
<Link
href={announcement.ctaHref}
className="mt-2 inline-block font-medium underline underline-offset-2"
>
{announcement.ctaLabel}
</Link>
) : null}
</article>
)
}
export async function PublicAnnouncements({ placement }: PublicAnnouncementsProps) {
const announcements = await listActiveAnnouncements(placement)
if (announcements.length === 0) {
return null
}
return (
<section className="mx-auto w-full max-w-6xl space-y-2 px-6 py-3">
{announcements.map((announcement) => (
<AnnouncementCard key={announcement.id} announcement={announcement} />
))}
</section>
)
}

25
apps/web/src/components/public-header-banner.tsx Normal file
View File

@@ -0,0 +1,25 @@
import type { PublicHeaderBanner as PublicHeaderBannerData } from "@cms/db"
import Link from "next/link"
type PublicHeaderBannerProps = {
banner: PublicHeaderBannerData | null
}
export function PublicHeaderBanner({ banner }: PublicHeaderBannerProps) {
if (!banner) {
return null
}
return (
<div className="border-b border-amber-200 bg-amber-50">
<div className="mx-auto flex w-full max-w-6xl flex-wrap items-center justify-between gap-3 px-6 py-2 text-sm text-amber-900">
<p>{banner.message}</p>
{banner.ctaLabel && banner.ctaHref ? (
<Link href={banner.ctaHref} className="font-medium underline underline-offset-2">
{banner.ctaLabel}
</Link>
) : null}
</div>
</div>
)
}

26
apps/web/src/components/public-page-view.tsx Normal file
View File

@@ -0,0 +1,26 @@
type PageEntity = {
title: string
status: string
summary: string | null
content: string
}
type PublicPageViewProps = {
page: PageEntity
}
export function PublicPageView({ page }: PublicPageViewProps) {
return (
<article className="mx-auto flex w-full max-w-4xl flex-col gap-6 px-6 py-16">
<header className="space-y-3">
<p className="text-sm uppercase tracking-[0.2em] text-neutral-500">{page.status}</p>
<h1 className="text-4xl font-semibold tracking-tight">{page.title}</h1>
{page.summary ? <p className="text-neutral-600">{page.summary}</p> : null}
</header>
<section className="prose prose-neutral max-w-none whitespace-pre-wrap rounded-xl border border-neutral-200 bg-white p-6 text-neutral-800">
{page.content}
</section>
</article>
)
}

27
apps/web/src/components/public-site-footer.tsx Normal file
View File

@@ -0,0 +1,27 @@
"use client"
import { useTranslations } from "next-intl"
import { getBuildInfo } from "@/lib/build-info"
export function PublicSiteFooter() {
const t = useTranslations("Layout")
const year = new Date().getFullYear()
const buildInfo = getBuildInfo()
return (
<footer className="border-t border-neutral-200 bg-neutral-50">
<div className="mx-auto flex w-full max-w-6xl flex-wrap items-center justify-between gap-2 px-6 py-4 text-sm text-neutral-600">
<p>
{t("footer.copyright", {
year,
})}
</p>
<p>{t("footer.tagline")}</p>
<p className="font-mono text-xs text-neutral-500">
Build v{buildInfo.version} +sha.{buildInfo.sha}
</p>
</div>
</footer>
)
}

45
apps/web/src/components/public-site-header.tsx Normal file
View File

@@ -0,0 +1,45 @@
import { listPublicNavigation } from "@cms/db"
import { Link } from "@/i18n/navigation"
import { LanguageSwitcher } from "./language-switcher"
export async function PublicSiteHeader() {
const navItems = await listPublicNavigation("header")
return (
<header className="border-b border-neutral-200 bg-white/80 backdrop-blur">
<div className="mx-auto flex w-full max-w-6xl flex-wrap items-center justify-between gap-4 px-6 py-4">
<Link
href="/"
className="text-sm font-semibold uppercase tracking-[0.2em] text-neutral-700"
>
CMS Web
</Link>
<nav className="flex flex-wrap items-center gap-2">
{navItems.length === 0 ? (
<Link
href="/"
className="rounded-md border border-neutral-300 px-3 py-1.5 text-sm font-medium text-neutral-700 hover:bg-neutral-100"
>
Home
</Link>
) : (
navItems.map((item) => (
<Link
key={item.id}
href={item.href}
className="rounded-md border border-neutral-300 px-3 py-1.5 text-sm font-medium text-neutral-700 hover:bg-neutral-100"
>
{item.label}
</Link>
))
)}
</nav>
<LanguageSwitcher />
</div>
</header>
)
}

17
apps/web/src/i18n/request.test.ts Normal file
View File

@@ -0,0 +1,17 @@
import { describe, expect, it } from "vitest"
import { resolveRequestLocale } from "./request"
describe("resolveRequestLocale", () => {
it("accepts supported locales", () => {
expect(resolveRequestLocale("de")).toBe("de")
expect(resolveRequestLocale("en")).toBe("en")
expect(resolveRequestLocale("es")).toBe("es")
expect(resolveRequestLocale("fr")).toBe("fr")
})
it("falls back to default locale for unsupported values", () => {
expect(resolveRequestLocale("it")).toBe("en")
expect(resolveRequestLocale(undefined)).toBe("en")
})
})

7
apps/web/src/i18n/request.ts
View File

@@ -1,11 +1,16 @@
import type { AppLocale } from "@cms/i18n"
import { hasLocale } from "next-intl" import { hasLocale } from "next-intl"
import { getRequestConfig } from "next-intl/server" import { getRequestConfig } from "next-intl/server"
import { routing } from "./routing" import { routing } from "./routing"
export function resolveRequestLocale(requested: string | undefined): AppLocale {
return hasLocale(routing.locales, requested) ? requested : routing.defaultLocale
}
export default getRequestConfig(async ({ requestLocale }) => { export default getRequestConfig(async ({ requestLocale }) => {
const requested = await requestLocale const requested = await requestLocale
const locale = hasLocale(routing.locales, requested) ? requested : routing.defaultLocale const locale = resolveRequestLocale(requested)
return { return {
locale, locale,

29
apps/web/src/lib/build-info.test.ts Normal file
View File

@@ -0,0 +1,29 @@
import { afterEach, describe, expect, it, vi } from "vitest"
import { getBuildInfo } from "./build-info"
afterEach(() => {
vi.unstubAllEnvs()
})
describe("getBuildInfo (web)", () => {
it("returns fallback values when env is missing", () => {
vi.stubEnv("NEXT_PUBLIC_APP_VERSION", "")
vi.stubEnv("NEXT_PUBLIC_GIT_SHA", "")
expect(getBuildInfo()).toEqual({
version: "0.0.1-dev",
sha: "local",
})
})
it("uses env values and truncates git sha", () => {
vi.stubEnv("NEXT_PUBLIC_APP_VERSION", "0.2.0")
vi.stubEnv("NEXT_PUBLIC_GIT_SHA", "123456789abc")
expect(getBuildInfo()).toEqual({
version: "0.2.0",
sha: "1234567",
})
})
})

21
apps/web/src/lib/build-info.ts Normal file
View File

@@ -0,0 +1,21 @@
const FALLBACK_VERSION = "0.0.1-dev"
const FALLBACK_SHA = "local"
function shortenSha(input: string): string {
const value = input.trim()
if (!value) {
return FALLBACK_SHA
}
return value.slice(0, 7)
}
export function getBuildInfo() {
const version = process.env.NEXT_PUBLIC_APP_VERSION?.trim() || FALLBACK_VERSION
const sha = shortenSha(process.env.NEXT_PUBLIC_GIT_SHA ?? "")
return {
version,
sha,
}
}

26
apps/web/src/messages/de.json
View File

@@ -15,5 +15,31 @@
"es": "Spanisch", "es": "Spanisch",
"fr": "Französisch" "fr": "Französisch"
} }
},
"Layout": {
"brand": "CMS Web",
"nav": {
"home": "Start",
"about": "Über uns",
"contact": "Kontakt"
},
"footer": {
"copyright": "© {year} CMS Web",
"tagline": "Powered by Next.js, Bun, Prisma und TanStack."
}
},
"Seo": {
"title": "CMS Web",
"description": "Öffentliches Frontend für das CMS-Monorepo."
},
"About": {
"badge": "Über uns",
"title": "Über dieses Projekt",
"description": "Diese öffentliche App ist die Frontend-Oberfläche für CMS-gesteuerte Inhalte und kommende dynamische Seiten."
},
"Contact": {
"badge": "Kontakt",
"title": "Kontakt",
"description": "Kontakt- und Auftragsabläufe werden in den nächsten MVP-Schritten eingeführt."
} }
} }

26
apps/web/src/messages/en.json
View File

@@ -15,5 +15,31 @@
"es": "Spanish", "es": "Spanish",
"fr": "French" "fr": "French"
} }
},
"Layout": {
"brand": "CMS Web",
"nav": {
"home": "Home",
"about": "About",
"contact": "Contact"
},
"footer": {
"copyright": "© {year} CMS Web",
"tagline": "Powered by Next.js, Bun, Prisma, and TanStack."
}
},
"Seo": {
"title": "CMS Web",
"description": "Public frontend for the CMS monorepo."
},
"About": {
"badge": "About",
"title": "About this project",
"description": "This public app is the frontend surface for CMS-driven content and upcoming dynamic pages."
},
"Contact": {
"badge": "Contact",
"title": "Contact",
"description": "Contact and commission flows will be introduced in upcoming MVP steps."
} }
} }

26
apps/web/src/messages/es.json
View File

@@ -15,5 +15,31 @@
"es": "Español", "es": "Español",
"fr": "Francés" "fr": "Francés"
} }
},
"Layout": {
"brand": "CMS Web",
"nav": {
"home": "Inicio",
"about": "Acerca de",
"contact": "Contacto"
},
"footer": {
"copyright": "© {year} CMS Web",
"tagline": "Impulsado por Next.js, Bun, Prisma y TanStack."
}
},
"Seo": {
"title": "CMS Web",
"description": "Frontend público para el monorepo CMS."
},
"About": {
"badge": "Acerca de",
"title": "Sobre este proyecto",
"description": "Esta app pública es la superficie frontend para contenido gestionado por CMS y próximas páginas dinámicas."
},
"Contact": {
"badge": "Contacto",
"title": "Contacto",
"description": "Los flujos de contacto y comisiones se incorporarán en los siguientes pasos del MVP."
} }
} }

26
apps/web/src/messages/fr.json
View File

@@ -15,5 +15,31 @@
"es": "Espagnol", "es": "Espagnol",
"fr": "Français" "fr": "Français"
} }
},
"Layout": {
"brand": "CMS Web",
"nav": {
"home": "Accueil",
"about": "À propos",
"contact": "Contact"
},
"footer": {
"copyright": "© {year} CMS Web",
"tagline": "Propulsé par Next.js, Bun, Prisma et TanStack."
}
},
"Seo": {
"title": "CMS Web",
"description": "Frontend public pour le monorepo CMS."
},
"About": {
"badge": "À propos",
"title": "À propos de ce projet",
"description": "Cette application publique est la surface frontend pour le contenu piloté par CMS et les futures pages dynamiques."
},
"Contact": {
"badge": "Contact",
"title": "Contact",
"description": "Les flux de contact et de commission seront introduits dans les prochaines étapes MVP."
} }
} }

225
bun.lock
View File

@@ -17,7 +17,7 @@
"conventional-changelog-cli": "5.0.0", "conventional-changelog-cli": "5.0.0",
"jsdom": "28.0.0", "jsdom": "28.0.0",
"msw": "2.12.9", "msw": "2.12.9",
"turbo": "2.8.3", "turbo": "^2.8.6",
"typescript": "5.9.3", "typescript": "5.9.3",
"vite-tsconfig-paths": "6.1.0", "vite-tsconfig-paths": "6.1.0",
"vitepress": "1.6.4", "vitepress": "1.6.4",
@@ -28,6 +28,7 @@
"name": "@cms/admin", "name": "@cms/admin",
"version": "0.0.1", "version": "0.0.1",
"dependencies": { "dependencies": {
"@aws-sdk/client-s3": "^3.988.0",
"@cms/content": "workspace:*", "@cms/content": "workspace:*",
"@cms/db": "workspace:*", "@cms/db": "workspace:*",
"@cms/i18n": "workspace:*", "@cms/i18n": "workspace:*",
@@ -207,6 +208,88 @@
"@asamuzakjp/nwsapi": ["@asamuzakjp/nwsapi@2.3.9", "", {}, "sha512-n8GuYSrI9bF7FFZ/SjhwevlHc8xaVlb/7HmHelnc/PZXBD2ZR49NnN9sMMuDdEGPeeRQ5d0hqlSlEpgCX3Wl0Q=="], "@asamuzakjp/nwsapi": ["@asamuzakjp/nwsapi@2.3.9", "", {}, "sha512-n8GuYSrI9bF7FFZ/SjhwevlHc8xaVlb/7HmHelnc/PZXBD2ZR49NnN9sMMuDdEGPeeRQ5d0hqlSlEpgCX3Wl0Q=="],
"@aws-crypto/crc32": ["@aws-crypto/crc32@5.2.0", "", { "dependencies": { "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", "tslib": "^2.6.2" } }, "sha512-nLbCWqQNgUiwwtFsen1AdzAtvuLRsQS8rYgMuxCrdKf9kOssamGLuPwyTY9wyYblNr9+1XM8v6zoDTPPSIeANg=="],
"@aws-crypto/crc32c": ["@aws-crypto/crc32c@5.2.0", "", { "dependencies": { "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", "tslib": "^2.6.2" } }, "sha512-+iWb8qaHLYKrNvGRbiYRHSdKRWhto5XlZUEBwDjYNf+ly5SVYG6zEoYIdxvf5R3zyeP16w4PLBn3rH1xc74Rag=="],
"@aws-crypto/sha1-browser": ["@aws-crypto/sha1-browser@5.2.0", "", { "dependencies": { "@aws-crypto/supports-web-crypto": "^5.2.0", "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", "@aws-sdk/util-locate-window": "^3.0.0", "@smithy/util-utf8": "^2.0.0", "tslib": "^2.6.2" } }, "sha512-OH6lveCFfcDjX4dbAvCFSYUjJZjDr/3XJ3xHtjn3Oj5b9RjojQo8npoLeA/bNwkOkrSQ0wgrHzXk4tDRxGKJeg=="],
"@aws-crypto/sha256-browser": ["@aws-crypto/sha256-browser@5.2.0", "", { "dependencies": { "@aws-crypto/sha256-js": "^5.2.0", "@aws-crypto/supports-web-crypto": "^5.2.0", "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", "@aws-sdk/util-locate-window": "^3.0.0", "@smithy/util-utf8": "^2.0.0", "tslib": "^2.6.2" } }, "sha512-AXfN/lGotSQwu6HNcEsIASo7kWXZ5HYWvfOmSNKDsEqC4OashTp8alTmaz+F7TC2L083SFv5RdB+qU3Vs1kZqw=="],
"@aws-crypto/sha256-js": ["@aws-crypto/sha256-js@5.2.0", "", { "dependencies": { "@aws-crypto/util": "^5.2.0", "@aws-sdk/types": "^3.222.0", "tslib": "^2.6.2" } }, "sha512-FFQQyu7edu4ufvIZ+OadFpHHOt+eSTBaYaki44c+akjg7qZg9oOQeLlk77F6tSYqjDAFClrHJk9tMf0HdVyOvA=="],
"@aws-crypto/supports-web-crypto": ["@aws-crypto/supports-web-crypto@5.2.0", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-iAvUotm021kM33eCdNfwIN//F77/IADDSs58i+MDaOqFrVjZo9bAal0NK7HurRuWLLpF1iLX7gbWrjHjeo+YFg=="],
"@aws-crypto/util": ["@aws-crypto/util@5.2.0", "", { "dependencies": { "@aws-sdk/types": "^3.222.0", "@smithy/util-utf8": "^2.0.0", "tslib": "^2.6.2" } }, "sha512-4RkU9EsI6ZpBve5fseQlGNUWKMa1RLPQ1dnjnQoe07ldfIzcsGb5hC5W0Dm7u423KWzawlrpbjXBrXCEv9zazQ=="],
"@aws-sdk/client-s3": ["@aws-sdk/client-s3@3.988.0", "", { "dependencies": { "@aws-crypto/sha1-browser": "5.2.0", "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", "@aws-sdk/core": "^3.973.8", "@aws-sdk/credential-provider-node": "^3.972.7", "@aws-sdk/middleware-bucket-endpoint": "^3.972.3", "@aws-sdk/middleware-expect-continue": "^3.972.3", "@aws-sdk/middleware-flexible-checksums": "^3.972.6", "@aws-sdk/middleware-host-header": "^3.972.3", "@aws-sdk/middleware-location-constraint": "^3.972.3", "@aws-sdk/middleware-logger": "^3.972.3", "@aws-sdk/middleware-recursion-detection": "^3.972.3", "@aws-sdk/middleware-sdk-s3": "^3.972.8", "@aws-sdk/middleware-ssec": "^3.972.3", "@aws-sdk/middleware-user-agent": "^3.972.8", "@aws-sdk/region-config-resolver": "^3.972.3", "@aws-sdk/signature-v4-multi-region": "3.988.0", "@aws-sdk/types": "^3.973.1", "@aws-sdk/util-endpoints": "3.988.0", "@aws-sdk/util-user-agent-browser": "^3.972.3", "@aws-sdk/util-user-agent-node": "^3.972.6", "@smithy/config-resolver": "^4.4.6", "@smithy/core": "^3.23.0", "@smithy/eventstream-serde-browser": "^4.2.8", "@smithy/eventstream-serde-config-resolver": "^4.3.8", "@smithy/eventstream-serde-node": "^4.2.8", "@smithy/fetch-http-handler": "^5.3.9", "@smithy/hash-blob-browser": "^4.2.9", "@smithy/hash-node": "^4.2.8", "@smithy/hash-stream-node": "^4.2.8", "@smithy/invalid-dependency": "^4.2.8", "@smithy/md5-js": "^4.2.8", "@smithy/middleware-content-length": "^4.2.8", "@smithy/middleware-endpoint": "^4.4.14", "@smithy/middleware-retry": "^4.4.31", "@smithy/middleware-serde": "^4.2.9", "@smithy/middleware-stack": "^4.2.8", "@smithy/node-config-provider": "^4.3.8", "@smithy/node-http-handler": "^4.4.10", "@smithy/protocol-http": "^5.3.8", "@smithy/smithy-client": "^4.11.3", "@smithy/types": "^4.12.0", "@smithy/url-parser": "^4.2.8", "@smithy/util-base64": "^4.3.0", "@smithy/util-body-length-browser": "^4.2.0", "@smithy/util-body-length-node": "^4.2.1", "@smithy/util-defaults-mode-browser": "^4.3.30", "@smithy/util-defaults-mode-node": "^4.2.33", "@smithy/util-endpoints": "^3.2.8", "@smithy/util-middleware": "^4.2.8", "@smithy/util-retry": "^4.2.8", "@smithy/util-stream": "^4.5.12", "@smithy/util-utf8": "^4.2.0", "@smithy/util-waiter": "^4.2.8", "tslib": "^2.6.2" } }, "sha512-mt7AdkieJJ5hEKeCxH4sdTTd679shUjo/cUvNY0fUHgQIPZa1jRuekTXnRytRrEwdrZWJDx56n1S8ism2uX7jg=="],
"@aws-sdk/client-sso": ["@aws-sdk/client-sso@3.988.0", "", { "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", "@aws-sdk/core": "^3.973.8", "@aws-sdk/middleware-host-header": "^3.972.3", "@aws-sdk/middleware-logger": "^3.972.3", "@aws-sdk/middleware-recursion-detection": "^3.972.3", "@aws-sdk/middleware-user-agent": "^3.972.8", "@aws-sdk/region-config-resolver": "^3.972.3", "@aws-sdk/types": "^3.973.1", "@aws-sdk/util-endpoints": "3.988.0", "@aws-sdk/util-user-agent-browser": "^3.972.3", "@aws-sdk/util-user-agent-node": "^3.972.6", "@smithy/config-resolver": "^4.4.6", "@smithy/core": "^3.23.0", "@smithy/fetch-http-handler": "^5.3.9", "@smithy/hash-node": "^4.2.8", "@smithy/invalid-dependency": "^4.2.8", "@smithy/middleware-content-length": "^4.2.8", "@smithy/middleware-endpoint": "^4.4.14", "@smithy/middleware-retry": "^4.4.31", "@smithy/middleware-serde": "^4.2.9", "@smithy/middleware-stack": "^4.2.8", "@smithy/node-config-provider": "^4.3.8", "@smithy/node-http-handler": "^4.4.10", "@smithy/protocol-http": "^5.3.8", "@smithy/smithy-client": "^4.11.3", "@smithy/types": "^4.12.0", "@smithy/url-parser": "^4.2.8", "@smithy/util-base64": "^4.3.0", "@smithy/util-body-length-browser": "^4.2.0", "@smithy/util-body-length-node": "^4.2.1", "@smithy/util-defaults-mode-browser": "^4.3.30", "@smithy/util-defaults-mode-node": "^4.2.33", "@smithy/util-endpoints": "^3.2.8", "@smithy/util-middleware": "^4.2.8", "@smithy/util-retry": "^4.2.8", "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-ThqQ7aF1k0Zz4yJRwegHw+T1rM3a7ZPvvEUSEdvn5Z8zTeWgJAbtqW/6ejPsMLmFOlHgNcwDQN/e69OvtEOoIQ=="],
"@aws-sdk/core": ["@aws-sdk/core@3.973.8", "", { "dependencies": { "@aws-sdk/types": "^3.973.1", "@aws-sdk/xml-builder": "^3.972.4", "@smithy/core": "^3.23.0", "@smithy/node-config-provider": "^4.3.8", "@smithy/property-provider": "^4.2.8", "@smithy/protocol-http": "^5.3.8", "@smithy/signature-v4": "^5.3.8", "@smithy/smithy-client": "^4.11.3", "@smithy/types": "^4.12.0", "@smithy/util-base64": "^4.3.0", "@smithy/util-middleware": "^4.2.8", "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-WeYJ2sfvRLbbUIrjGMUXcEHGu5SJk53jz3K9F8vFP42zWyROzPJ2NB6lMu9vWl5hnMwzwabX7pJc9Euh3JyMGw=="],
"@aws-sdk/crc64-nvme": ["@aws-sdk/crc64-nvme@3.972.0", "", { "dependencies": { "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-ThlLhTqX68jvoIVv+pryOdb5coP1cX1/MaTbB9xkGDCbWbsqQcLqzPxuSoW1DCnAAIacmXCWpzUNOB9pv+xXQw=="],
"@aws-sdk/credential-provider-env": ["@aws-sdk/credential-provider-env@3.972.6", "", { "dependencies": { "@aws-sdk/core": "^3.973.8", "@aws-sdk/types": "^3.973.1", "@smithy/property-provider": "^4.2.8", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-+dYEBWgTqkQQHFUllvBL8SLyXyLKWdxLMD1LmKJRvmb0NMJuaJFG/qg78C+LE67eeGbipYcE+gJ48VlLBGHlMw=="],
"@aws-sdk/credential-provider-http": ["@aws-sdk/credential-provider-http@3.972.8", "", { "dependencies": { "@aws-sdk/core": "^3.973.8", "@aws-sdk/types": "^3.973.1", "@smithy/fetch-http-handler": "^5.3.9", "@smithy/node-http-handler": "^4.4.10", "@smithy/property-provider": "^4.2.8", "@smithy/protocol-http": "^5.3.8", "@smithy/smithy-client": "^4.11.3", "@smithy/types": "^4.12.0", "@smithy/util-stream": "^4.5.12", "tslib": "^2.6.2" } }, "sha512-z3QkozMV8kOFisN2pgRag/f0zPDrw96mY+ejAM0xssV/+YQ2kklbylRNI/TcTQUDnGg0yPxNjyV6F2EM2zPTwg=="],
"@aws-sdk/credential-provider-ini": ["@aws-sdk/credential-provider-ini@3.972.6", "", { "dependencies": { "@aws-sdk/core": "^3.973.8", "@aws-sdk/credential-provider-env": "^3.972.6", "@aws-sdk/credential-provider-http": "^3.972.8", "@aws-sdk/credential-provider-login": "^3.972.6", "@aws-sdk/credential-provider-process": "^3.972.6", "@aws-sdk/credential-provider-sso": "^3.972.6", "@aws-sdk/credential-provider-web-identity": "^3.972.6", "@aws-sdk/nested-clients": "3.988.0", "@aws-sdk/types": "^3.973.1", "@smithy/credential-provider-imds": "^4.2.8", "@smithy/property-provider": "^4.2.8", "@smithy/shared-ini-file-loader": "^4.4.3", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-6tkIYFv3sZH1XsjQq+veOmx8XWRnyqTZ5zx/sMtdu/xFRIzrJM1Y2wAXeCJL1rhYSB7uJSZ1PgALI2WVTj78ow=="],
"@aws-sdk/credential-provider-login": ["@aws-sdk/credential-provider-login@3.972.6", "", { "dependencies": { "@aws-sdk/core": "^3.973.8", "@aws-sdk/nested-clients": "3.988.0", "@aws-sdk/types": "^3.973.1", "@smithy/property-provider": "^4.2.8", "@smithy/protocol-http": "^5.3.8", "@smithy/shared-ini-file-loader": "^4.4.3", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-LXsoBoaTSGHdRCQXlWSA0CHHh05KWncb592h9ElklnPus++8kYn1Ic6acBR4LKFQ0RjjMVgwe5ypUpmTSUOjPA=="],
"@aws-sdk/credential-provider-node": ["@aws-sdk/credential-provider-node@3.972.7", "", { "dependencies": { "@aws-sdk/credential-provider-env": "^3.972.6", "@aws-sdk/credential-provider-http": "^3.972.8", "@aws-sdk/credential-provider-ini": "^3.972.6", "@aws-sdk/credential-provider-process": "^3.972.6", "@aws-sdk/credential-provider-sso": "^3.972.6", "@aws-sdk/credential-provider-web-identity": "^3.972.6", "@aws-sdk/types": "^3.973.1", "@smithy/credential-provider-imds": "^4.2.8", "@smithy/property-provider": "^4.2.8", "@smithy/shared-ini-file-loader": "^4.4.3", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-PuJ1IkISG7ZDpBFYpGotaay6dYtmriBYuHJ/Oko4VHxh8YN5vfoWnMNYFEWuzOfyLmP7o9kDVW0BlYIpb3skvw=="],
"@aws-sdk/credential-provider-process": ["@aws-sdk/credential-provider-process@3.972.6", "", { "dependencies": { "@aws-sdk/core": "^3.973.8", "@aws-sdk/types": "^3.973.1", "@smithy/property-provider": "^4.2.8", "@smithy/shared-ini-file-loader": "^4.4.3", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-Yf34cjIZJHVnD92jnVYy3tNjM+Q4WJtffLK2Ehn0nKpZfqd1m7SI0ra22Lym4C53ED76oZENVSS2wimoXJtChQ=="],
"@aws-sdk/credential-provider-sso": ["@aws-sdk/credential-provider-sso@3.972.6", "", { "dependencies": { "@aws-sdk/client-sso": "3.988.0", "@aws-sdk/core": "^3.973.8", "@aws-sdk/token-providers": "3.988.0", "@aws-sdk/types": "^3.973.1", "@smithy/property-provider": "^4.2.8", "@smithy/shared-ini-file-loader": "^4.4.3", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-2+5UVwUYdD4BBOkLpKJ11MQ8wQeyJGDVMDRH5eWOULAh9d6HJq07R69M/mNNMC9NTjr3mB1T0KGDn4qyQh5jzg=="],
"@aws-sdk/credential-provider-web-identity": ["@aws-sdk/credential-provider-web-identity@3.972.6", "", { "dependencies": { "@aws-sdk/core": "^3.973.8", "@aws-sdk/nested-clients": "3.988.0", "@aws-sdk/types": "^3.973.1", "@smithy/property-provider": "^4.2.8", "@smithy/shared-ini-file-loader": "^4.4.3", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-pdJzwKtlDxBnvZ04pWMqttijmkUIlwOsS0GcxCjzEVyUMpARysl0S0ks74+gs2Pdev3Ujz+BTAjOc1tQgAxGqA=="],
"@aws-sdk/middleware-bucket-endpoint": ["@aws-sdk/middleware-bucket-endpoint@3.972.3", "", { "dependencies": { "@aws-sdk/types": "^3.973.1", "@aws-sdk/util-arn-parser": "^3.972.2", "@smithy/node-config-provider": "^4.3.8", "@smithy/protocol-http": "^5.3.8", "@smithy/types": "^4.12.0", "@smithy/util-config-provider": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-fmbgWYirF67YF1GfD7cg5N6HHQ96EyRNx/rDIrTF277/zTWVuPI2qS/ZHgofwR1NZPe/NWvoppflQY01LrbVLg=="],
"@aws-sdk/middleware-expect-continue": ["@aws-sdk/middleware-expect-continue@3.972.3", "", { "dependencies": { "@aws-sdk/types": "^3.973.1", "@smithy/protocol-http": "^5.3.8", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-4msC33RZsXQpUKR5QR4HnvBSNCPLGHmB55oDiROqqgyOc+TOfVu2xgi5goA7ms6MdZLeEh2905UfWMnMMF4mRg=="],
"@aws-sdk/middleware-flexible-checksums": ["@aws-sdk/middleware-flexible-checksums@3.972.6", "", { "dependencies": { "@aws-crypto/crc32": "5.2.0", "@aws-crypto/crc32c": "5.2.0", "@aws-crypto/util": "5.2.0", "@aws-sdk/core": "^3.973.8", "@aws-sdk/crc64-nvme": "3.972.0", "@aws-sdk/types": "^3.973.1", "@smithy/is-array-buffer": "^4.2.0", "@smithy/node-config-provider": "^4.3.8", "@smithy/protocol-http": "^5.3.8", "@smithy/types": "^4.12.0", "@smithy/util-middleware": "^4.2.8", "@smithy/util-stream": "^4.5.12", "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-g5DadWO58IgQKuq+uLL3pLohOwLiA67gB49xj8694BW+LpHLNu/tjCqwLfIaWvZyABbv0LXeNiiTuTnjdgkZWw=="],
"@aws-sdk/middleware-host-header": ["@aws-sdk/middleware-host-header@3.972.3", "", { "dependencies": { "@aws-sdk/types": "^3.973.1", "@smithy/protocol-http": "^5.3.8", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-aknPTb2M+G3s+0qLCx4Li/qGZH8IIYjugHMv15JTYMe6mgZO8VBpYgeGYsNMGCqCZOcWzuf900jFBG5bopfzmA=="],
"@aws-sdk/middleware-location-constraint": ["@aws-sdk/middleware-location-constraint@3.972.3", "", { "dependencies": { "@aws-sdk/types": "^3.973.1", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-nIg64CVrsXp67vbK0U1/Is8rik3huS3QkRHn2DRDx4NldrEFMgdkZGI/+cZMKD9k4YOS110Dfu21KZLHrFA/1g=="],
"@aws-sdk/middleware-logger": ["@aws-sdk/middleware-logger@3.972.3", "", { "dependencies": { "@aws-sdk/types": "^3.973.1", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-Ftg09xNNRqaz9QNzlfdQWfpqMCJbsQdnZVJP55jfhbKi1+FTWxGuvfPoBhDHIovqWKjqbuiew3HuhxbJ0+OjgA=="],
"@aws-sdk/middleware-recursion-detection": ["@aws-sdk/middleware-recursion-detection@3.972.3", "", { "dependencies": { "@aws-sdk/types": "^3.973.1", "@aws/lambda-invoke-store": "^0.2.2", "@smithy/protocol-http": "^5.3.8", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-PY57QhzNuXHnwbJgbWYTrqIDHYSeOlhfYERTAuc16LKZpTZRJUjzBFokp9hF7u1fuGeE3D70ERXzdbMBOqQz7Q=="],
"@aws-sdk/middleware-sdk-s3": ["@aws-sdk/middleware-sdk-s3@3.972.8", "", { "dependencies": { "@aws-sdk/core": "^3.973.8", "@aws-sdk/types": "^3.973.1", "@aws-sdk/util-arn-parser": "^3.972.2", "@smithy/core": "^3.23.0", "@smithy/node-config-provider": "^4.3.8", "@smithy/protocol-http": "^5.3.8", "@smithy/signature-v4": "^5.3.8", "@smithy/smithy-client": "^4.11.3", "@smithy/types": "^4.12.0", "@smithy/util-config-provider": "^4.2.0", "@smithy/util-middleware": "^4.2.8", "@smithy/util-stream": "^4.5.12", "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-/yJdahpN/q3Dc88qXBTQVZfnXryLnxfCoP4hGClbKjuF0VCMxrz3il7sj0GhIkEQt5OM5+lA88XrvbjjuwSxIg=="],
"@aws-sdk/middleware-ssec": ["@aws-sdk/middleware-ssec@3.972.3", "", { "dependencies": { "@aws-sdk/types": "^3.973.1", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-dU6kDuULN3o3jEHcjm0c4zWJlY1zWVkjG9NPe9qxYLLpcbdj5kRYBS2DdWYD+1B9f910DezRuws7xDEqKkHQIg=="],
"@aws-sdk/middleware-user-agent": ["@aws-sdk/middleware-user-agent@3.972.8", "", { "dependencies": { "@aws-sdk/core": "^3.973.8", "@aws-sdk/types": "^3.973.1", "@aws-sdk/util-endpoints": "3.988.0", "@smithy/core": "^3.23.0", "@smithy/protocol-http": "^5.3.8", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-3PGL+Kvh1PhB0EeJeqNqOWQgipdqFheO4OUKc6aYiFwEpM5t9AyE5hjjxZ5X6iSj8JiduWFZLPwASzF6wQRgFg=="],
"@aws-sdk/nested-clients": ["@aws-sdk/nested-clients@3.988.0", "", { "dependencies": { "@aws-crypto/sha256-browser": "5.2.0", "@aws-crypto/sha256-js": "5.2.0", "@aws-sdk/core": "^3.973.8", "@aws-sdk/middleware-host-header": "^3.972.3", "@aws-sdk/middleware-logger": "^3.972.3", "@aws-sdk/middleware-recursion-detection": "^3.972.3", "@aws-sdk/middleware-user-agent": "^3.972.8", "@aws-sdk/region-config-resolver": "^3.972.3", "@aws-sdk/types": "^3.973.1", "@aws-sdk/util-endpoints": "3.988.0", "@aws-sdk/util-user-agent-browser": "^3.972.3", "@aws-sdk/util-user-agent-node": "^3.972.6", "@smithy/config-resolver": "^4.4.6", "@smithy/core": "^3.23.0", "@smithy/fetch-http-handler": "^5.3.9", "@smithy/hash-node": "^4.2.8", "@smithy/invalid-dependency": "^4.2.8", "@smithy/middleware-content-length": "^4.2.8", "@smithy/middleware-endpoint": "^4.4.14", "@smithy/middleware-retry": "^4.4.31", "@smithy/middleware-serde": "^4.2.9", "@smithy/middleware-stack": "^4.2.8", "@smithy/node-config-provider": "^4.3.8", "@smithy/node-http-handler": "^4.4.10", "@smithy/protocol-http": "^5.3.8", "@smithy/smithy-client": "^4.11.3", "@smithy/types": "^4.12.0", "@smithy/url-parser": "^4.2.8", "@smithy/util-base64": "^4.3.0", "@smithy/util-body-length-browser": "^4.2.0", "@smithy/util-body-length-node": "^4.2.1", "@smithy/util-defaults-mode-browser": "^4.3.30", "@smithy/util-defaults-mode-node": "^4.2.33", "@smithy/util-endpoints": "^3.2.8", "@smithy/util-middleware": "^4.2.8", "@smithy/util-retry": "^4.2.8", "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-OgYV9k1oBCQ6dOM+wWAMNNehXA8L4iwr7ydFV+JDHyuuu0Ko7tDXnLEtEmeQGYRcAFU3MGasmlBkMB8vf4POrg=="],
"@aws-sdk/region-config-resolver": ["@aws-sdk/region-config-resolver@3.972.3", "", { "dependencies": { "@aws-sdk/types": "^3.973.1", "@smithy/config-resolver": "^4.4.6", "@smithy/node-config-provider": "^4.3.8", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-v4J8qYAWfOMcZ4MJUyatntOicTzEMaU7j3OpkRCGGFSL2NgXQ5VbxauIyORA+pxdKZ0qQG2tCQjQjZDlXEC3Ow=="],
"@aws-sdk/signature-v4-multi-region": ["@aws-sdk/signature-v4-multi-region@3.988.0", "", { "dependencies": { "@aws-sdk/middleware-sdk-s3": "^3.972.8", "@aws-sdk/types": "^3.973.1", "@smithy/protocol-http": "^5.3.8", "@smithy/signature-v4": "^5.3.8", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-SXwhbe2v0Jno7QLIBmZWAL2eVzGmXkfLLy0WkM6ZJVhE0SFUcnymDwMUA1oMDUvyArzvKBiU8khQ2ImheCKOHQ=="],
"@aws-sdk/token-providers": ["@aws-sdk/token-providers@3.988.0", "", { "dependencies": { "@aws-sdk/core": "^3.973.8", "@aws-sdk/nested-clients": "3.988.0", "@aws-sdk/types": "^3.973.1", "@smithy/property-provider": "^4.2.8", "@smithy/shared-ini-file-loader": "^4.4.3", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-xvXVlRVKHnF2h6fgWBm64aPP5J+58aJyGfRrQa/uFh8a9mcK68mLfJOYq+ZSxQy/UN3McafJ2ILAy7IWzT9kRw=="],
"@aws-sdk/types": ["@aws-sdk/types@3.973.1", "", { "dependencies": { "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-DwHBiMNOB468JiX6+i34c+THsKHErYUdNQ3HexeXZvVn4zouLjgaS4FejiGSi2HyBuzuyHg7SuOPmjSvoU9NRg=="],
"@aws-sdk/util-arn-parser": ["@aws-sdk/util-arn-parser@3.972.2", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-VkykWbqMjlSgBFDyrY3nOSqupMc6ivXuGmvci6Q3NnLq5kC+mKQe2QBZ4nrWRE/jqOxeFP2uYzLtwncYYcvQDg=="],
"@aws-sdk/util-endpoints": ["@aws-sdk/util-endpoints@3.988.0", "", { "dependencies": { "@aws-sdk/types": "^3.973.1", "@smithy/types": "^4.12.0", "@smithy/url-parser": "^4.2.8", "@smithy/util-endpoints": "^3.2.8", "tslib": "^2.6.2" } }, "sha512-HuXu4boeUWU0DQiLslbgdvuQ4ZMCo4Lsk97w8BIUokql2o9MvjE5dwqI5pzGt0K7afO1FybjidUQVTMLuZNTOA=="],
"@aws-sdk/util-locate-window": ["@aws-sdk/util-locate-window@3.965.4", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-H1onv5SkgPBK2P6JR2MjGgbOnttoNzSPIRoeZTNPZYyaplwGg50zS3amXvXqF0/qfXpWEC9rLWU564QTB9bSog=="],
"@aws-sdk/util-user-agent-browser": ["@aws-sdk/util-user-agent-browser@3.972.3", "", { "dependencies": { "@aws-sdk/types": "^3.973.1", "@smithy/types": "^4.12.0", "bowser": "^2.11.0", "tslib": "^2.6.2" } }, "sha512-JurOwkRUcXD/5MTDBcqdyQ9eVedtAsZgw5rBwktsPTN7QtPiS2Ld1jkJepNgYoCufz1Wcut9iup7GJDoIHp8Fw=="],
"@aws-sdk/util-user-agent-node": ["@aws-sdk/util-user-agent-node@3.972.6", "", { "dependencies": { "@aws-sdk/middleware-user-agent": "^3.972.8", "@aws-sdk/types": "^3.973.1", "@smithy/node-config-provider": "^4.3.8", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" }, "peerDependencies": { "aws-crt": ">=1.0.0" }, "optionalPeers": ["aws-crt"] }, "sha512-966xH8TPqkqOXP7EwnEThcKKz0SNP9kVJBKd9M8bNXE4GSqVouMKKnFBwYnzbWVKuLXubzX5seokcX4a0JLJIA=="],
"@aws-sdk/xml-builder": ["@aws-sdk/xml-builder@3.972.4", "", { "dependencies": { "@smithy/types": "^4.12.0", "fast-xml-parser": "5.3.4", "tslib": "^2.6.2" } }, "sha512-0zJ05ANfYqI6+rGqj8samZBFod0dPPousBjLEqg8WdxSgbMAkRgLyn81lP215Do0rFJ/17LIXwr7q0yK24mP6Q=="],
"@aws/lambda-invoke-store": ["@aws/lambda-invoke-store@0.2.3", "", {}, "sha512-oLvsaPMTBejkkmHhjf09xTgk71mOqyr/409NKhRIL08If7AhVfUsJhVsx386uJaqNd42v9kWamQ9lFbkoC2dYw=="],
"@babel/code-frame": ["@babel/code-frame@7.29.0", "", { "dependencies": { "@babel/helper-validator-identifier": "^7.28.5", "js-tokens": "^4.0.0", "picocolors": "^1.1.1" } }, "sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw=="], "@babel/code-frame": ["@babel/code-frame@7.29.0", "", { "dependencies": { "@babel/helper-validator-identifier": "^7.28.5", "js-tokens": "^4.0.0", "picocolors": "^1.1.1" } }, "sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw=="],
"@babel/compat-data": ["@babel/compat-data@7.29.0", "", {}, "sha512-T1NCJqT/j9+cn8fvkt7jtwbLBfLC/1y1c7NtCeXFRgzGTsafi68MRv8yzkYSapBnFA6L3U2VSc02ciDzoAJhJg=="], "@babel/compat-data": ["@babel/compat-data@7.29.0", "", {}, "sha512-T1NCJqT/j9+cn8fvkt7jtwbLBfLC/1y1c7NtCeXFRgzGTsafi68MRv8yzkYSapBnFA6L3U2VSc02ciDzoAJhJg=="],
@@ -633,6 +716,108 @@
"@shikijs/vscode-textmate": ["@shikijs/vscode-textmate@10.0.2", "", {}, "sha512-83yeghZ2xxin3Nj8z1NMd/NCuca+gsYXswywDy5bHvwlWL8tpTQmzGeUuHd9FC3E/SBEMvzJRwWEOz5gGes9Qg=="], "@shikijs/vscode-textmate": ["@shikijs/vscode-textmate@10.0.2", "", {}, "sha512-83yeghZ2xxin3Nj8z1NMd/NCuca+gsYXswywDy5bHvwlWL8tpTQmzGeUuHd9FC3E/SBEMvzJRwWEOz5gGes9Qg=="],
"@smithy/abort-controller": ["@smithy/abort-controller@4.2.8", "", { "dependencies": { "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-peuVfkYHAmS5ybKxWcfraK7WBBP0J+rkfUcbHJJKQ4ir3UAUNQI+Y4Vt/PqSzGqgloJ5O1dk7+WzNL8wcCSXbw=="],
"@smithy/chunked-blob-reader": ["@smithy/chunked-blob-reader@5.2.0", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-WmU0TnhEAJLWvfSeMxBNe5xtbselEO8+4wG0NtZeL8oR21WgH1xiO37El+/Y+H/Ie4SCwBy3MxYWmOYaGgZueA=="],
"@smithy/chunked-blob-reader-native": ["@smithy/chunked-blob-reader-native@4.2.1", "", { "dependencies": { "@smithy/util-base64": "^4.3.0", "tslib": "^2.6.2" } }, "sha512-lX9Ay+6LisTfpLid2zZtIhSEjHMZoAR5hHCR4H7tBz/Zkfr5ea8RcQ7Tk4mi0P76p4cN+Btz16Ffno7YHpKXnQ=="],
"@smithy/config-resolver": ["@smithy/config-resolver@4.4.6", "", { "dependencies": { "@smithy/node-config-provider": "^4.3.8", "@smithy/types": "^4.12.0", "@smithy/util-config-provider": "^4.2.0", "@smithy/util-endpoints": "^3.2.8", "@smithy/util-middleware": "^4.2.8", "tslib": "^2.6.2" } }, "sha512-qJpzYC64kaj3S0fueiu3kXm8xPrR3PcXDPEgnaNMRn0EjNSZFoFjvbUp0YUDsRhN1CB90EnHJtbxWKevnH99UQ=="],
"@smithy/core": ["@smithy/core@3.23.0", "", { "dependencies": { "@smithy/middleware-serde": "^4.2.9", "@smithy/protocol-http": "^5.3.8", "@smithy/types": "^4.12.0", "@smithy/util-base64": "^4.3.0", "@smithy/util-body-length-browser": "^4.2.0", "@smithy/util-middleware": "^4.2.8", "@smithy/util-stream": "^4.5.12", "@smithy/util-utf8": "^4.2.0", "@smithy/uuid": "^1.1.0", "tslib": "^2.6.2" } }, "sha512-Yq4UPVoQICM9zHnByLmG8632t2M0+yap4T7ANVw482J0W7HW0pOuxwVmeOwzJqX2Q89fkXz0Vybz55Wj2Xzrsg=="],
"@smithy/credential-provider-imds": ["@smithy/credential-provider-imds@4.2.8", "", { "dependencies": { "@smithy/node-config-provider": "^4.3.8", "@smithy/property-provider": "^4.2.8", "@smithy/types": "^4.12.0", "@smithy/url-parser": "^4.2.8", "tslib": "^2.6.2" } }, "sha512-FNT0xHS1c/CPN8upqbMFP83+ul5YgdisfCfkZ86Jh2NSmnqw/AJ6x5pEogVCTVvSm7j9MopRU89bmDelxuDMYw=="],
"@smithy/eventstream-codec": ["@smithy/eventstream-codec@4.2.8", "", { "dependencies": { "@aws-crypto/crc32": "5.2.0", "@smithy/types": "^4.12.0", "@smithy/util-hex-encoding": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-jS/O5Q14UsufqoGhov7dHLOPCzkYJl9QDzusI2Psh4wyYx/izhzvX9P4D69aTxcdfVhEPhjK+wYyn/PzLjKbbw=="],
"@smithy/eventstream-serde-browser": ["@smithy/eventstream-serde-browser@4.2.8", "", { "dependencies": { "@smithy/eventstream-serde-universal": "^4.2.8", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-MTfQT/CRQz5g24ayXdjg53V0mhucZth4PESoA5IhvaWVDTOQLfo8qI9vzqHcPsdd2v6sqfTYqF5L/l+pea5Uyw=="],
"@smithy/eventstream-serde-config-resolver": ["@smithy/eventstream-serde-config-resolver@4.3.8", "", { "dependencies": { "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-ah12+luBiDGzBruhu3efNy1IlbwSEdNiw8fOZksoKoWW1ZHvO/04MQsdnws/9Aj+5b0YXSSN2JXKy/ClIsW8MQ=="],
"@smithy/eventstream-serde-node": ["@smithy/eventstream-serde-node@4.2.8", "", { "dependencies": { "@smithy/eventstream-serde-universal": "^4.2.8", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-cYpCpp29z6EJHa5T9WL0KAlq3SOKUQkcgSoeRfRVwjGgSFl7Uh32eYGt7IDYCX20skiEdRffyDpvF2efEZPC0A=="],
"@smithy/eventstream-serde-universal": ["@smithy/eventstream-serde-universal@4.2.8", "", { "dependencies": { "@smithy/eventstream-codec": "^4.2.8", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-iJ6YNJd0bntJYnX6s52NC4WFYcZeKrPUr1Kmmr5AwZcwCSzVpS7oavAmxMR7pMq7V+D1G4s9F5NJK0xwOsKAlQ=="],
"@smithy/fetch-http-handler": ["@smithy/fetch-http-handler@5.3.9", "", { "dependencies": { "@smithy/protocol-http": "^5.3.8", "@smithy/querystring-builder": "^4.2.8", "@smithy/types": "^4.12.0", "@smithy/util-base64": "^4.3.0", "tslib": "^2.6.2" } }, "sha512-I4UhmcTYXBrct03rwzQX1Y/iqQlzVQaPxWjCjula++5EmWq9YGBrx6bbGqluGc1f0XEfhSkiY4jhLgbsJUMKRA=="],
"@smithy/hash-blob-browser": ["@smithy/hash-blob-browser@4.2.9", "", { "dependencies": { "@smithy/chunked-blob-reader": "^5.2.0", "@smithy/chunked-blob-reader-native": "^4.2.1", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-m80d/iicI7DlBDxyQP6Th7BW/ejDGiF0bgI754+tiwK0lgMkcaIBgvwwVc7OFbY4eUzpGtnig52MhPAEJ7iNYg=="],
"@smithy/hash-node": ["@smithy/hash-node@4.2.8", "", { "dependencies": { "@smithy/types": "^4.12.0", "@smithy/util-buffer-from": "^4.2.0", "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-7ZIlPbmaDGxVoxErDZnuFG18WekhbA/g2/i97wGj+wUBeS6pcUeAym8u4BXh/75RXWhgIJhyC11hBzig6MljwA=="],
"@smithy/hash-stream-node": ["@smithy/hash-stream-node@4.2.8", "", { "dependencies": { "@smithy/types": "^4.12.0", "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-v0FLTXgHrTeheYZFGhR+ehX5qUm4IQsjAiL9qehad2cyjMWcN2QG6/4mSwbSgEQzI7jwfoXj7z4fxZUx/Mhj2w=="],
"@smithy/invalid-dependency": ["@smithy/invalid-dependency@4.2.8", "", { "dependencies": { "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-N9iozRybwAQ2dn9Fot9kI6/w9vos2oTXLhtK7ovGqwZjlOcxu6XhPlpLpC+INsxktqHinn5gS2DXDjDF2kG5sQ=="],
"@smithy/is-array-buffer": ["@smithy/is-array-buffer@4.2.0", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-DZZZBvC7sjcYh4MazJSGiWMI2L7E0oCiRHREDzIxi/M2LY79/21iXt6aPLHge82wi5LsuRF5A06Ds3+0mlh6CQ=="],
"@smithy/md5-js": ["@smithy/md5-js@4.2.8", "", { "dependencies": { "@smithy/types": "^4.12.0", "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-oGMaLj4tVZzLi3itBa9TCswgMBr7k9b+qKYowQ6x1rTyTuO1IU2YHdHUa+891OsOH+wCsH7aTPRsTJO3RMQmjQ=="],
"@smithy/middleware-content-length": ["@smithy/middleware-content-length@4.2.8", "", { "dependencies": { "@smithy/protocol-http": "^5.3.8", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-RO0jeoaYAB1qBRhfVyq0pMgBoUK34YEJxVxyjOWYZiOKOq2yMZ4MnVXMZCUDenpozHue207+9P5ilTV1zeda0A=="],
"@smithy/middleware-endpoint": ["@smithy/middleware-endpoint@4.4.14", "", { "dependencies": { "@smithy/core": "^3.23.0", "@smithy/middleware-serde": "^4.2.9", "@smithy/node-config-provider": "^4.3.8", "@smithy/shared-ini-file-loader": "^4.4.3", "@smithy/types": "^4.12.0", "@smithy/url-parser": "^4.2.8", "@smithy/util-middleware": "^4.2.8", "tslib": "^2.6.2" } }, "sha512-FUFNE5KVeaY6U/GL0nzAAHkaCHzXLZcY1EhtQnsAqhD8Du13oPKtMB9/0WK4/LK6a/T5OZ24wPoSShff5iI6Ag=="],
"@smithy/middleware-retry": ["@smithy/middleware-retry@4.4.31", "", { "dependencies": { "@smithy/node-config-provider": "^4.3.8", "@smithy/protocol-http": "^5.3.8", "@smithy/service-error-classification": "^4.2.8", "@smithy/smithy-client": "^4.11.3", "@smithy/types": "^4.12.0", "@smithy/util-middleware": "^4.2.8", "@smithy/util-retry": "^4.2.8", "@smithy/uuid": "^1.1.0", "tslib": "^2.6.2" } }, "sha512-RXBzLpMkIrxBPe4C8OmEOHvS8aH9RUuCOH++Acb5jZDEblxDjyg6un72X9IcbrGTJoiUwmI7hLypNfuDACypbg=="],
"@smithy/middleware-serde": ["@smithy/middleware-serde@4.2.9", "", { "dependencies": { "@smithy/protocol-http": "^5.3.8", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-eMNiej0u/snzDvlqRGSN3Vl0ESn3838+nKyVfF2FKNXFbi4SERYT6PR392D39iczngbqqGG0Jl1DlCnp7tBbXQ=="],
"@smithy/middleware-stack": ["@smithy/middleware-stack@4.2.8", "", { "dependencies": { "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-w6LCfOviTYQjBctOKSwy6A8FIkQy7ICvglrZFl6Bw4FmcQ1Z420fUtIhxaUZZshRe0VCq4kvDiPiXrPZAe8oRA=="],
"@smithy/node-config-provider": ["@smithy/node-config-provider@4.3.8", "", { "dependencies": { "@smithy/property-provider": "^4.2.8", "@smithy/shared-ini-file-loader": "^4.4.3", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-aFP1ai4lrbVlWjfpAfRSL8KFcnJQYfTl5QxLJXY32vghJrDuFyPZ6LtUL+JEGYiFRG1PfPLHLoxj107ulncLIg=="],
"@smithy/node-http-handler": ["@smithy/node-http-handler@4.4.10", "", { "dependencies": { "@smithy/abort-controller": "^4.2.8", "@smithy/protocol-http": "^5.3.8", "@smithy/querystring-builder": "^4.2.8", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-u4YeUwOWRZaHbWaebvrs3UhwQwj+2VNmcVCwXcYTvPIuVyM7Ex1ftAj+fdbG/P4AkBwLq/+SKn+ydOI4ZJE9PA=="],
"@smithy/property-provider": ["@smithy/property-provider@4.2.8", "", { "dependencies": { "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-EtCTbyIveCKeOXDSWSdze3k612yCPq1YbXsbqX3UHhkOSW8zKsM9NOJG5gTIya0vbY2DIaieG8pKo1rITHYL0w=="],
"@smithy/protocol-http": ["@smithy/protocol-http@5.3.8", "", { "dependencies": { "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-QNINVDhxpZ5QnP3aviNHQFlRogQZDfYlCkQT+7tJnErPQbDhysondEjhikuANxgMsZrkGeiAxXy4jguEGsDrWQ=="],
"@smithy/querystring-builder": ["@smithy/querystring-builder@4.2.8", "", { "dependencies": { "@smithy/types": "^4.12.0", "@smithy/util-uri-escape": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-Xr83r31+DrE8CP3MqPgMJl+pQlLLmOfiEUnoyAlGzzJIrEsbKsPy1hqH0qySaQm4oWrCBlUqRt+idEgunKB+iw=="],
"@smithy/querystring-parser": ["@smithy/querystring-parser@4.2.8", "", { "dependencies": { "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-vUurovluVy50CUlazOiXkPq40KGvGWSdmusa3130MwrR1UNnNgKAlj58wlOe61XSHRpUfIIh6cE0zZ8mzKaDPA=="],
"@smithy/service-error-classification": ["@smithy/service-error-classification@4.2.8", "", { "dependencies": { "@smithy/types": "^4.12.0" } }, "sha512-mZ5xddodpJhEt3RkCjbmUQuXUOaPNTkbMGR0bcS8FE0bJDLMZlhmpgrvPNCYglVw5rsYTpSnv19womw9WWXKQQ=="],
"@smithy/shared-ini-file-loader": ["@smithy/shared-ini-file-loader@4.4.3", "", { "dependencies": { "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-DfQjxXQnzC5UbCUPeC3Ie8u+rIWZTvuDPAGU/BxzrOGhRvgUanaP68kDZA+jaT3ZI+djOf+4dERGlm9mWfFDrg=="],
"@smithy/signature-v4": ["@smithy/signature-v4@5.3.8", "", { "dependencies": { "@smithy/is-array-buffer": "^4.2.0", "@smithy/protocol-http": "^5.3.8", "@smithy/types": "^4.12.0", "@smithy/util-hex-encoding": "^4.2.0", "@smithy/util-middleware": "^4.2.8", "@smithy/util-uri-escape": "^4.2.0", "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-6A4vdGj7qKNRF16UIcO8HhHjKW27thsxYci+5r/uVRkdcBEkOEiY8OMPuydLX4QHSrJqGHPJzPRwwVTqbLZJhg=="],
"@smithy/smithy-client": ["@smithy/smithy-client@4.11.3", "", { "dependencies": { "@smithy/core": "^3.23.0", "@smithy/middleware-endpoint": "^4.4.14", "@smithy/middleware-stack": "^4.2.8", "@smithy/protocol-http": "^5.3.8", "@smithy/types": "^4.12.0", "@smithy/util-stream": "^4.5.12", "tslib": "^2.6.2" } }, "sha512-Q7kY5sDau8OoE6Y9zJoRGgje8P4/UY0WzH8R2ok0PDh+iJ+ZnEKowhjEqYafVcubkbYxQVaqwm3iufktzhprGg=="],
"@smithy/types": ["@smithy/types@4.12.0", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-9YcuJVTOBDjg9LWo23Qp0lTQ3D7fQsQtwle0jVfpbUHy9qBwCEgKuVH4FqFB3VYu0nwdHKiEMA+oXz7oV8X1kw=="],
"@smithy/url-parser": ["@smithy/url-parser@4.2.8", "", { "dependencies": { "@smithy/querystring-parser": "^4.2.8", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-NQho9U68TGMEU639YkXnVMV3GEFFULmmaWdlu1E9qzyIePOHsoSnagTGSDv1Zi8DCNN6btxOSdgmy5E/hsZwhA=="],
"@smithy/util-base64": ["@smithy/util-base64@4.3.0", "", { "dependencies": { "@smithy/util-buffer-from": "^4.2.0", "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-GkXZ59JfyxsIwNTWFnjmFEI8kZpRNIBfxKjv09+nkAWPt/4aGaEWMM04m4sxgNVWkbt2MdSvE3KF/PfX4nFedQ=="],
"@smithy/util-body-length-browser": ["@smithy/util-body-length-browser@4.2.0", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-Fkoh/I76szMKJnBXWPdFkQJl2r9SjPt3cMzLdOB6eJ4Pnpas8hVoWPYemX/peO0yrrvldgCUVJqOAjUrOLjbxg=="],
"@smithy/util-body-length-node": ["@smithy/util-body-length-node@4.2.1", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-h53dz/pISVrVrfxV1iqXlx5pRg3V2YWFcSQyPyXZRrZoZj4R4DeWRDo1a7dd3CPTcFi3kE+98tuNyD2axyZReA=="],
"@smithy/util-buffer-from": ["@smithy/util-buffer-from@4.2.0", "", { "dependencies": { "@smithy/is-array-buffer": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-kAY9hTKulTNevM2nlRtxAG2FQ3B2OR6QIrPY3zE5LqJy1oxzmgBGsHLWTcNhWXKchgA0WHW+mZkQrng/pgcCew=="],
"@smithy/util-config-provider": ["@smithy/util-config-provider@4.2.0", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-YEjpl6XJ36FTKmD+kRJJWYvrHeUvm5ykaUS5xK+6oXffQPHeEM4/nXlZPe+Wu0lsgRUcNZiliYNh/y7q9c2y6Q=="],
"@smithy/util-defaults-mode-browser": ["@smithy/util-defaults-mode-browser@4.3.30", "", { "dependencies": { "@smithy/property-provider": "^4.2.8", "@smithy/smithy-client": "^4.11.3", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-cMni0uVU27zxOiU8TuC8pQLC1pYeZ/xEMxvchSK/ILwleRd1ugobOcIRr5vXtcRqKd4aBLWlpeBoDPJJ91LQng=="],
"@smithy/util-defaults-mode-node": ["@smithy/util-defaults-mode-node@4.2.33", "", { "dependencies": { "@smithy/config-resolver": "^4.4.6", "@smithy/credential-provider-imds": "^4.2.8", "@smithy/node-config-provider": "^4.3.8", "@smithy/property-provider": "^4.2.8", "@smithy/smithy-client": "^4.11.3", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-LEb2aq5F4oZUSzWBG7S53d4UytZSkOEJPXcBq/xbG2/TmK9EW5naUZ8lKu1BEyWMzdHIzEVN16M3k8oxDq+DJA=="],
"@smithy/util-endpoints": ["@smithy/util-endpoints@3.2.8", "", { "dependencies": { "@smithy/node-config-provider": "^4.3.8", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-8JaVTn3pBDkhZgHQ8R0epwWt+BqPSLCjdjXXusK1onwJlRuN69fbvSK66aIKKO7SwVFM6x2J2ox5X8pOaWcUEw=="],
"@smithy/util-hex-encoding": ["@smithy/util-hex-encoding@4.2.0", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-CCQBwJIvXMLKxVbO88IukazJD9a4kQ9ZN7/UMGBjBcJYvatpWk+9g870El4cB8/EJxfe+k+y0GmR9CAzkF+Nbw=="],
"@smithy/util-middleware": ["@smithy/util-middleware@4.2.8", "", { "dependencies": { "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-PMqfeJxLcNPMDgvPbbLl/2Vpin+luxqTGPpW3NAQVLbRrFRzTa4rNAASYeIGjRV9Ytuhzny39SpyU04EQreF+A=="],
"@smithy/util-retry": ["@smithy/util-retry@4.2.8", "", { "dependencies": { "@smithy/service-error-classification": "^4.2.8", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-CfJqwvoRY0kTGe5AkQokpURNCT1u/MkRzMTASWMPPo2hNSnKtF1D45dQl3DE2LKLr4m+PW9mCeBMJr5mCAVThg=="],
"@smithy/util-stream": ["@smithy/util-stream@4.5.12", "", { "dependencies": { "@smithy/fetch-http-handler": "^5.3.9", "@smithy/node-http-handler": "^4.4.10", "@smithy/types": "^4.12.0", "@smithy/util-base64": "^4.3.0", "@smithy/util-buffer-from": "^4.2.0", "@smithy/util-hex-encoding": "^4.2.0", "@smithy/util-utf8": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-D8tgkrmhAX/UNeCZbqbEO3uqyghUnEmmoO9YEvRuwxjlkKKUE7FOgCJnqpTlQPe9MApdWPky58mNQQHbnCzoNg=="],
"@smithy/util-uri-escape": ["@smithy/util-uri-escape@4.2.0", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-igZpCKV9+E/Mzrpq6YacdTQ0qTiLm85gD6N/IrmyDvQFA4UnU3d5g3m8tMT/6zG/vVkWSU+VxeUyGonL62DuxA=="],
"@smithy/util-utf8": ["@smithy/util-utf8@4.2.0", "", { "dependencies": { "@smithy/util-buffer-from": "^4.2.0", "tslib": "^2.6.2" } }, "sha512-zBPfuzoI8xyBtR2P6WQj63Rz8i3AmfAaJLuNG8dWsfvPe8lO4aCPYLn879mEgHndZH1zQ2oXmG8O1GGzzaoZiw=="],
"@smithy/util-waiter": ["@smithy/util-waiter@4.2.8", "", { "dependencies": { "@smithy/abort-controller": "^4.2.8", "@smithy/types": "^4.12.0", "tslib": "^2.6.2" } }, "sha512-n+lahlMWk+aejGuax7DPWtqav8HYnWxQwR+LCG2BgCUmaGcTe9qZCFsmw8TMg9iG75HOwhrJCX9TCJRLH+Yzqg=="],
"@smithy/uuid": ["@smithy/uuid@1.1.0", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-4aUIteuyxtBUhVdiQqcDhKFitwfd9hqoSDYY2KRXiWtgoWJ9Bmise+KfEPDiVHWeJepvF8xJO9/9+WDIciMFFw=="],
"@standard-schema/spec": ["@standard-schema/spec@1.1.0", "", {}, "sha512-l2aFy5jALhniG5HgqrD6jXLi/rUWrKvqN/qJx6yoJsgKhblVd+iqqU4RCXavm/jPityDo5TCvKMnpjKnOriy0w=="], "@standard-schema/spec": ["@standard-schema/spec@1.1.0", "", {}, "sha512-l2aFy5jALhniG5HgqrD6jXLi/rUWrKvqN/qJx6yoJsgKhblVd+iqqU4RCXavm/jPityDo5TCvKMnpjKnOriy0w=="],
"@swc/helpers": ["@swc/helpers@0.5.15", "", { "dependencies": { "tslib": "^2.8.0" } }, "sha512-JQ5TuMi45Owi4/BIMAJBoSQoOJu12oOk/gADqlcUL9JEdHB8vyjUSsxqeNXnmXHjYKMi2WcYtezGEEhqUI/E2g=="], "@swc/helpers": ["@swc/helpers@0.5.15", "", { "dependencies": { "tslib": "^2.8.0" } }, "sha512-JQ5TuMi45Owi4/BIMAJBoSQoOJu12oOk/gADqlcUL9JEdHB8vyjUSsxqeNXnmXHjYKMi2WcYtezGEEhqUI/E2g=="],
@@ -829,6 +1014,8 @@
"birpc": ["birpc@2.9.0", "", {}, "sha512-KrayHS5pBi69Xi9JmvoqrIgYGDkD6mcSe/i6YKi3w5kekCLzrX4+nawcXqrj2tIp50Kw/mT/s3p+GVK0A0sKxw=="], "birpc": ["birpc@2.9.0", "", {}, "sha512-KrayHS5pBi69Xi9JmvoqrIgYGDkD6mcSe/i6YKi3w5kekCLzrX4+nawcXqrj2tIp50Kw/mT/s3p+GVK0A0sKxw=="],
"bowser": ["bowser@2.14.1", "", {}, "sha512-tzPjzCxygAKWFOJP011oxFHs57HzIhOEracIgAePE4pqB3LikALKnSzUyU4MGs9/iCEUuHlAJTjTc5M+u7YEGg=="],
"browserslist": ["browserslist@4.28.1", "", { "dependencies": { "baseline-browser-mapping": "^2.9.0", "caniuse-lite": "^1.0.30001759", "electron-to-chromium": "^1.5.263", "node-releases": "^2.0.27", "update-browserslist-db": "^1.2.0" }, "bin": { "browserslist": "cli.js" } }, "sha512-ZC5Bd0LgJXgwGqUknZY/vkUQ04r8NXnJZ3yYi4vDmSiZmC/pdSN0NbNRPxZpbtO4uAfDUAFffO8IZoM3Gj8IkA=="], "browserslist": ["browserslist@4.28.1", "", { "dependencies": { "baseline-browser-mapping": "^2.9.0", "caniuse-lite": "^1.0.30001759", "electron-to-chromium": "^1.5.263", "node-releases": "^2.0.27", "update-browserslist-db": "^1.2.0" }, "bin": { "browserslist": "cli.js" } }, "sha512-ZC5Bd0LgJXgwGqUknZY/vkUQ04r8NXnJZ3yYi4vDmSiZmC/pdSN0NbNRPxZpbtO4uAfDUAFffO8IZoM3Gj8IkA=="],
"c12": ["c12@3.1.0", "", { "dependencies": { "chokidar": "^4.0.3", "confbox": "^0.2.2", "defu": "^6.1.4", "dotenv": "^16.6.1", "exsolve": "^1.0.7", "giget": "^2.0.0", "jiti": "^2.4.2", "ohash": "^2.0.11", "pathe": "^2.0.3", "perfect-debounce": "^1.0.0", "pkg-types": "^2.2.0", "rc9": "^2.1.2" }, "peerDependencies": { "magicast": "^0.3.5" }, "optionalPeers": ["magicast"] }, "sha512-uWoS8OU1MEIsOv8p/5a82c3H31LsWVR5qiyXVfBNOzfffjUWtPnhAb4BYI2uG2HfGmZmFjCtui5XNWaps+iFuw=="], "c12": ["c12@3.1.0", "", { "dependencies": { "chokidar": "^4.0.3", "confbox": "^0.2.2", "defu": "^6.1.4", "dotenv": "^16.6.1", "exsolve": "^1.0.7", "giget": "^2.0.0", "jiti": "^2.4.2", "ohash": "^2.0.11", "pathe": "^2.0.3", "perfect-debounce": "^1.0.0", "pkg-types": "^2.2.0", "rc9": "^2.1.2" }, "peerDependencies": { "magicast": "^0.3.5" }, "optionalPeers": ["magicast"] }, "sha512-uWoS8OU1MEIsOv8p/5a82c3H31LsWVR5qiyXVfBNOzfffjUWtPnhAb4BYI2uG2HfGmZmFjCtui5XNWaps+iFuw=="],
@@ -989,6 +1176,8 @@
"fast-uri": ["fast-uri@3.1.0", "", {}, "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA=="], "fast-uri": ["fast-uri@3.1.0", "", {}, "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA=="],
"fast-xml-parser": ["fast-xml-parser@5.3.4", "", { "dependencies": { "strnum": "^2.1.0" }, "bin": { "fxparser": "src/cli/cli.js" } }, "sha512-EFd6afGmXlCx8H8WTZHhAoDaWaGyuIBoZJ2mknrNxug+aZKjkp0a0dlars9Izl+jF+7Gu1/5f/2h68cQpe0IiA=="],
"fdir": ["fdir@6.5.0", "", { "peerDependencies": { "picomatch": "^3 || ^4" }, "optionalPeers": ["picomatch"] }, "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg=="], "fdir": ["fdir@6.5.0", "", { "peerDependencies": { "picomatch": "^3 || ^4" }, "optionalPeers": ["picomatch"] }, "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg=="],
"find-up-simple": ["find-up-simple@1.0.1", "", {}, "sha512-afd4O7zpqHeRyg4PfDQsXmlDe2PfdHtJt6Akt8jOWaApLOZk5JXs6VMR29lz03pRe9mpykrRCYIYxaJYcfpncQ=="], "find-up-simple": ["find-up-simple@1.0.1", "", {}, "sha512-afd4O7zpqHeRyg4PfDQsXmlDe2PfdHtJt6Akt8jOWaApLOZk5JXs6VMR29lz03pRe9mpykrRCYIYxaJYcfpncQ=="],
@@ -1407,6 +1596,8 @@
"strip-indent": ["strip-indent@3.0.0", "", { "dependencies": { "min-indent": "^1.0.0" } }, "sha512-laJTa3Jb+VQpaC6DseHhF7dXVqHTfJPCRDaEbid/drOhgitgYku/letMUqOXFoWV0zIIUbjpdH2t+tYj4bQMRQ=="], "strip-indent": ["strip-indent@3.0.0", "", { "dependencies": { "min-indent": "^1.0.0" } }, "sha512-laJTa3Jb+VQpaC6DseHhF7dXVqHTfJPCRDaEbid/drOhgitgYku/letMUqOXFoWV0zIIUbjpdH2t+tYj4bQMRQ=="],
"strnum": ["strnum@2.1.2", "", {}, "sha512-l63NF9y/cLROq/yqKXSLtcMeeyOfnSQlfMSlzFt/K73oIaD8DGaQWd7Z34X9GPiKqP5rbSh84Hl4bOlLcjiSrQ=="],
"styled-jsx": ["styled-jsx@5.1.6", "", { "dependencies": { "client-only": "0.0.1" }, "peerDependencies": { "react": ">= 16.8.0 || 17.x.x || ^18.0.0-0 || ^19.0.0-0" } }, "sha512-qSVyDTeMotdvQYoHWLNGwRFJHC+i+ZvdBRYosOFgC+Wg1vx4frN2/RG/NA7SYqqvKNLf39P2LSRA2pu6n0XYZA=="], "styled-jsx": ["styled-jsx@5.1.6", "", { "dependencies": { "client-only": "0.0.1" }, "peerDependencies": { "react": ">= 16.8.0 || 17.x.x || ^18.0.0-0 || ^19.0.0-0" } }, "sha512-qSVyDTeMotdvQYoHWLNGwRFJHC+i+ZvdBRYosOFgC+Wg1vx4frN2/RG/NA7SYqqvKNLf39P2LSRA2pu6n0XYZA=="],
"superjson": ["superjson@2.2.6", "", { "dependencies": { "copy-anything": "^4" } }, "sha512-H+ue8Zo4vJmV2nRjpx86P35lzwDT3nItnIsocgumgr0hHMQ+ZGq5vrERg9kJBo5AWGmxZDhzDo+WVIJqkB0cGA=="], "superjson": ["superjson@2.2.6", "", { "dependencies": { "copy-anything": "^4" } }, "sha512-H+ue8Zo4vJmV2nRjpx86P35lzwDT3nItnIsocgumgr0hHMQ+ZGq5vrERg9kJBo5AWGmxZDhzDo+WVIJqkB0cGA=="],
@@ -1451,19 +1642,19 @@
"tslib": ["tslib@2.8.1", "", {}, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="], "tslib": ["tslib@2.8.1", "", {}, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
"turbo": ["turbo@2.8.3", "", { "optionalDependencies": { "turbo-darwin-64": "2.8.3", "turbo-darwin-arm64": "2.8.3", "turbo-linux-64": "2.8.3", "turbo-linux-arm64": "2.8.3", "turbo-windows-64": "2.8.3", "turbo-windows-arm64": "2.8.3" }, "bin": { "turbo": "bin/turbo" } }, "sha512-8Osxz5Tu/Dw2kb31EAY+nhq/YZ3wzmQSmYa1nIArqxgCAldxv9TPlrAiaBUDVnKA4aiPn0OFBD1ACcpc5VFOAQ=="], "turbo": ["turbo@2.8.6", "", { "optionalDependencies": { "turbo-darwin-64": "2.8.6", "turbo-darwin-arm64": "2.8.6", "turbo-linux-64": "2.8.6", "turbo-linux-arm64": "2.8.6", "turbo-windows-64": "2.8.6", "turbo-windows-arm64": "2.8.6" }, "bin": { "turbo": "bin/turbo" } }, "sha512-QMj1SQwUYehc+xJ9SxXn56UO43hfKN64/NFetVW1BwzysRqn+q0FSgrmk+IbJ+djfd8j8zXGKGeqsnUcXwQSUQ=="],
"turbo-darwin-64": ["turbo-darwin-64@2.8.3", "", { "os": "darwin", "cpu": "x64" }, "sha512-4kXRLfcygLOeNcP6JquqRLmGB/ATjjfehiojL2dJkL7GFm3SPSXbq7oNj8UbD8XriYQ5hPaSuz59iF1ijPHkTw=="], "turbo-darwin-64": ["turbo-darwin-64@2.8.6", "", { "os": "darwin", "cpu": "x64" }, "sha512-6QeZ/aLZizekiI6tKZN0IGP1a1WYZ9c/qDKPa0rSmj2X0O0Iw/ES4rKZV40S5n8SUJdiU01EFLygHJ2oWaYKXg=="],
"turbo-darwin-arm64": ["turbo-darwin-arm64@2.8.3", "", { "os": "darwin", "cpu": "arm64" }, "sha512-xF7uCeC0UY0Hrv/tqax0BMbFlVP1J/aRyeGQPZT4NjvIPj8gSPDgFhfkfz06DhUwDg5NgMo04uiSkAWE8WB/QQ=="], "turbo-darwin-arm64": ["turbo-darwin-arm64@2.8.6", "", { "os": "darwin", "cpu": "arm64" }, "sha512-RS4Z902vB93cQD3PJS/1IMmS0HefrB5ZXuw4ECOrxhOGz5jJVmYFJ6weDzedjoTDeYHHXGo1NoiCSHg69ngWKA=="],
"turbo-linux-64": ["turbo-linux-64@2.8.3", "", { "os": "linux", "cpu": "x64" }, "sha512-vxMDXwaOjweW/4etY7BxrXCSkvtwh0PbwVafyfT1Ww659SedUxd5rM3V2ZCmbwG8NiCfY7d6VtxyHx3Wh1GoZA=="], "turbo-linux-64": ["turbo-linux-64@2.8.6", "", { "os": "linux", "cpu": "x64" }, "sha512-hCWDnDepYbrSJdByuryKFoHAGFkvgBYXr6qdaGsYhX1Wgq8isqXCQBKOo99Y/9tXDwKGEeQ7xnkdFvSL7AQ4iQ=="],
"turbo-linux-arm64": ["turbo-linux-arm64@2.8.3", "", { "os": "linux", "cpu": "arm64" }, "sha512-mQX7uYBZFkuPLLlKaNe9IjR1JIef4YvY8f21xFocvttXvdPebnq3PK1Zjzl9A1zun2BEuWNUwQIL8lgvN9Pm3Q=="], "turbo-linux-arm64": ["turbo-linux-arm64@2.8.6", "", { "os": "linux", "cpu": "arm64" }, "sha512-oS15aCYEpynG/l69xs/ZnQ0dnz0pHhfHg70Zf5J+j5Cam0/RA0MpcryjneN/9G0PmP8a/6ZxnL5nZahX+wOBPA=="],
"turbo-windows-64": ["turbo-windows-64@2.8.3", "", { "os": "win32", "cpu": "x64" }, "sha512-YLGEfppGxZj3VWcNOVa08h6ISsVKiG85aCAWosOKNUjb6yErWEuydv6/qImRJUI+tDLvDvW7BxopAkujRnWCrw=="], "turbo-windows-64": ["turbo-windows-64@2.8.6", "", { "os": "win32", "cpu": "x64" }, "sha512-eqBxqJD7H/uk9V0QO10VgwY9J2BUXejsGuzChln72Yl+o8GZwsvhOekndRxccR90J8ZO+LKO24+3VzHFh4Cu/g=="],
"turbo-windows-arm64": ["turbo-windows-arm64@2.8.3", "", { "os": "win32", "cpu": "arm64" }, "sha512-afTUGKBRmOJU1smQSBnFGcbq0iabAPwh1uXu2BVk7BREg30/1gMnJh9DFEQTah+UD3n3ru8V55J83RQNFfqoyw=="], "turbo-windows-arm64": ["turbo-windows-arm64@2.8.6", "", { "os": "win32", "cpu": "arm64" }, "sha512-I3VEQyxIlNZ6XTg4fLKAkuhcwzIs/GD7Vs1yhelH2aUTjf08wprjBWknDqP7mjAHMpsosRrq4DtfSZEQm83Hxg=="],
"type-fest": ["type-fest@5.4.4", "", { "dependencies": { "tagged-tag": "^1.0.0" } }, "sha512-JnTrzGu+zPV3aXIUhnyWJj4z/wigMsdYajGLIYakqyOW1nPllzXEJee0QQbHj+CTIQtXGlAjuK0UY+2xTyjVAw=="], "type-fest": ["type-fest@5.4.4", "", { "dependencies": { "tagged-tag": "^1.0.0" } }, "sha512-JnTrzGu+zPV3aXIUhnyWJj4z/wigMsdYajGLIYakqyOW1nPllzXEJee0QQbHj+CTIQtXGlAjuK0UY+2xTyjVAw=="],
@@ -1553,6 +1744,12 @@
"zwitch": ["zwitch@2.0.4", "", {}, "sha512-bXE4cR/kVZhKZX/RjPEflHaKVhUVl85noU3v6b8apfQEc1x4A+zBxjZ4lN8LqGd6WZ3dl98pY4o717VFmoPp+A=="], "zwitch": ["zwitch@2.0.4", "", {}, "sha512-bXE4cR/kVZhKZX/RjPEflHaKVhUVl85noU3v6b8apfQEc1x4A+zBxjZ4lN8LqGd6WZ3dl98pY4o717VFmoPp+A=="],
"@aws-crypto/sha1-browser/@smithy/util-utf8": ["@smithy/util-utf8@2.3.0", "", { "dependencies": { "@smithy/util-buffer-from": "^2.2.0", "tslib": "^2.6.2" } }, "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A=="],
"@aws-crypto/sha256-browser/@smithy/util-utf8": ["@smithy/util-utf8@2.3.0", "", { "dependencies": { "@smithy/util-buffer-from": "^2.2.0", "tslib": "^2.6.2" } }, "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A=="],
"@aws-crypto/util/@smithy/util-utf8": ["@smithy/util-utf8@2.3.0", "", { "dependencies": { "@smithy/util-buffer-from": "^2.2.0", "tslib": "^2.6.2" } }, "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A=="],
"@babel/helper-compilation-targets/lru-cache": ["lru-cache@5.1.1", "", { "dependencies": { "yallist": "^3.0.2" } }, "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w=="], "@babel/helper-compilation-targets/lru-cache": ["lru-cache@5.1.1", "", { "dependencies": { "yallist": "^3.0.2" } }, "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w=="],
"@commitlint/is-ignored/semver": ["semver@7.7.4", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA=="], "@commitlint/is-ignored/semver": ["semver@7.7.4", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA=="],
@@ -1637,6 +1834,12 @@
"wrap-ansi/ansi-styles": ["ansi-styles@4.3.0", "", { "dependencies": { "color-convert": "^2.0.1" } }, "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg=="], "wrap-ansi/ansi-styles": ["ansi-styles@4.3.0", "", { "dependencies": { "color-convert": "^2.0.1" } }, "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg=="],
"@aws-crypto/sha1-browser/@smithy/util-utf8/@smithy/util-buffer-from": ["@smithy/util-buffer-from@2.2.0", "", { "dependencies": { "@smithy/is-array-buffer": "^2.2.0", "tslib": "^2.6.2" } }, "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA=="],
"@aws-crypto/sha256-browser/@smithy/util-utf8/@smithy/util-buffer-from": ["@smithy/util-buffer-from@2.2.0", "", { "dependencies": { "@smithy/is-array-buffer": "^2.2.0", "tslib": "^2.6.2" } }, "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA=="],
"@aws-crypto/util/@smithy/util-utf8/@smithy/util-buffer-from": ["@smithy/util-buffer-from@2.2.0", "", { "dependencies": { "@smithy/is-array-buffer": "^2.2.0", "tslib": "^2.6.2" } }, "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA=="],
"@inquirer/core/wrap-ansi/ansi-styles": ["ansi-styles@4.3.0", "", { "dependencies": { "color-convert": "^2.0.1" } }, "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg=="], "@inquirer/core/wrap-ansi/ansi-styles": ["ansi-styles@4.3.0", "", { "dependencies": { "color-convert": "^2.0.1" } }, "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg=="],
"@vitejs/plugin-vue/vite/esbuild": ["esbuild@0.21.5", "", { "optionalDependencies": { "@esbuild/aix-ppc64": "0.21.5", "@esbuild/android-arm": "0.21.5", "@esbuild/android-arm64": "0.21.5", "@esbuild/android-x64": "0.21.5", "@esbuild/darwin-arm64": "0.21.5", "@esbuild/darwin-x64": "0.21.5", "@esbuild/freebsd-arm64": "0.21.5", "@esbuild/freebsd-x64": "0.21.5", "@esbuild/linux-arm": "0.21.5", "@esbuild/linux-arm64": "0.21.5", "@esbuild/linux-ia32": "0.21.5", "@esbuild/linux-loong64": "0.21.5", "@esbuild/linux-mips64el": "0.21.5", "@esbuild/linux-ppc64": "0.21.5", "@esbuild/linux-riscv64": "0.21.5", "@esbuild/linux-s390x": "0.21.5", "@esbuild/linux-x64": "0.21.5", "@esbuild/netbsd-x64": "0.21.5", "@esbuild/openbsd-x64": "0.21.5", "@esbuild/sunos-x64": "0.21.5", "@esbuild/win32-arm64": "0.21.5", "@esbuild/win32-ia32": "0.21.5", "@esbuild/win32-x64": "0.21.5" }, "bin": { "esbuild": "bin/esbuild" } }, "sha512-mg3OPMV4hXywwpoDxu3Qda5xCKQi+vCTZq8S9J/EpkhB2HzKXq4SNFZE3+NK93JYxc8VMSep+lOUSC/RVKaBqw=="], "@vitejs/plugin-vue/vite/esbuild": ["esbuild@0.21.5", "", { "optionalDependencies": { "@esbuild/aix-ppc64": "0.21.5", "@esbuild/android-arm": "0.21.5", "@esbuild/android-arm64": "0.21.5", "@esbuild/android-x64": "0.21.5", "@esbuild/darwin-arm64": "0.21.5", "@esbuild/darwin-x64": "0.21.5", "@esbuild/freebsd-arm64": "0.21.5", "@esbuild/freebsd-x64": "0.21.5", "@esbuild/linux-arm": "0.21.5", "@esbuild/linux-arm64": "0.21.5", "@esbuild/linux-ia32": "0.21.5", "@esbuild/linux-loong64": "0.21.5", "@esbuild/linux-mips64el": "0.21.5", "@esbuild/linux-ppc64": "0.21.5", "@esbuild/linux-riscv64": "0.21.5", "@esbuild/linux-s390x": "0.21.5", "@esbuild/linux-x64": "0.21.5", "@esbuild/netbsd-x64": "0.21.5", "@esbuild/openbsd-x64": "0.21.5", "@esbuild/sunos-x64": "0.21.5", "@esbuild/win32-arm64": "0.21.5", "@esbuild/win32-ia32": "0.21.5", "@esbuild/win32-x64": "0.21.5" }, "bin": { "esbuild": "bin/esbuild" } }, "sha512-mg3OPMV4hXywwpoDxu3Qda5xCKQi+vCTZq8S9J/EpkhB2HzKXq4SNFZE3+NK93JYxc8VMSep+lOUSC/RVKaBqw=="],
@@ -1647,6 +1850,12 @@
"vitepress/vite/fsevents": ["fsevents@2.3.3", "", { "os": "darwin" }, "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw=="], "vitepress/vite/fsevents": ["fsevents@2.3.3", "", { "os": "darwin" }, "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw=="],
"@aws-crypto/sha1-browser/@smithy/util-utf8/@smithy/util-buffer-from/@smithy/is-array-buffer": ["@smithy/is-array-buffer@2.2.0", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA=="],
"@aws-crypto/sha256-browser/@smithy/util-utf8/@smithy/util-buffer-from/@smithy/is-array-buffer": ["@smithy/is-array-buffer@2.2.0", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA=="],
"@aws-crypto/util/@smithy/util-utf8/@smithy/util-buffer-from/@smithy/is-array-buffer": ["@smithy/is-array-buffer@2.2.0", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA=="],
"@vitejs/plugin-vue/vite/esbuild/@esbuild/aix-ppc64": ["@esbuild/aix-ppc64@0.21.5", "", { "os": "aix", "cpu": "ppc64" }, "sha512-1SDgH6ZSPTlggy1yI6+Dbkiz8xzpHJEVAlF/AM1tHPLsf5STom9rwtjE4hKAF20FfXXNTFqEYXyJNWh1GiZedQ=="], "@vitejs/plugin-vue/vite/esbuild/@esbuild/aix-ppc64": ["@esbuild/aix-ppc64@0.21.5", "", { "os": "aix", "cpu": "ppc64" }, "sha512-1SDgH6ZSPTlggy1yI6+Dbkiz8xzpHJEVAlF/AM1tHPLsf5STom9rwtjE4hKAF20FfXXNTFqEYXyJNWh1GiZedQ=="],
"@vitejs/plugin-vue/vite/esbuild/@esbuild/android-arm": ["@esbuild/android-arm@0.21.5", "", { "os": "android", "cpu": "arm" }, "sha512-vCPvzSjpPHEi1siZdlvAlsPxXl7WbOVUBBAowWug4rJHb68Ox8KualB+1ocNvT5fjv6wpkX6o/iEpbDrf68zcg=="], "@vitejs/plugin-vue/vite/esbuild/@esbuild/android-arm": ["@esbuild/android-arm@0.21.5", "", { "os": "android", "cpu": "arm" }, "sha512-vCPvzSjpPHEi1siZdlvAlsPxXl7WbOVUBBAowWug4rJHb68Ox8KualB+1ocNvT5fjv6wpkX6o/iEpbDrf68zcg=="],

2
commitlint.config.cjs
View File

@@ -6,7 +6,7 @@ module.exports = {
"always", "always",
["feat", "fix", "refactor", "perf", "test", "docs", "build", "ci", "chore", "revert"], ["feat", "fix", "refactor", "perf", "test", "docs", "build", "ci", "chore", "revert"],
], ],
"scope-empty": [2, "never"], "scope-empty": [0],
"subject-empty": [2, "never"], "subject-empty": [2, "never"],
}, },
} }

13
docker-compose.gitea-runner.yml Normal file
View File

@@ -0,0 +1,13 @@
services:
gitea-runner:
image: gitea/act_runner:latest
container_name: cms-gitea-runner
restart: unless-stopped
environment:
GITEA_INSTANCE_URL: "${GITEA_INSTANCE_URL}"
GITEA_RUNNER_REGISTRATION_TOKEN: "${GITEA_RUNNER_REGISTRATION_TOKEN}"
GITEA_RUNNER_NAME: "${GITEA_RUNNER_NAME:-cms-runner}"
GITEA_RUNNER_LABELS: "${GITEA_RUNNER_LABELS:-ubuntu-latest:docker://node:20-bookworm}"
volumes:
- ./runner-data:/data
- /var/run/docker.sock:/var/run/docker.sock

19
docs/.vitepress/config.mts
View File

@@ -21,9 +21,16 @@ export default defineConfig({
{ text: "Architecture", link: "/architecture" }, { text: "Architecture", link: "/architecture" },
{ text: "Better Auth Baseline", link: "/product-engineering/auth-baseline" }, { text: "Better Auth Baseline", link: "/product-engineering/auth-baseline" },
{ text: "CRUD Baseline", link: "/product-engineering/crud-baseline" }, { text: "CRUD Baseline", link: "/product-engineering/crud-baseline" },
{ text: "CRUD Examples", link: "/product-engineering/crud-examples" },
{ text: "i18n Baseline", link: "/product-engineering/i18n-baseline" }, { text: "i18n Baseline", link: "/product-engineering/i18n-baseline" },
{ text: "i18n Conventions", link: "/product-engineering/i18n-conventions" },
{ text: "RBAC And Permissions", link: "/product-engineering/rbac-permission-model" }, { text: "RBAC And Permissions", link: "/product-engineering/rbac-permission-model" },
{ text: "Domain Glossary", link: "/product-engineering/domain-glossary" },
{ text: "Environment Runbook", link: "/product-engineering/environment-runbook" },
{ text: "Delivery Pipeline", link: "/product-engineering/delivery-pipeline" },
{ text: "Git Flow Governance", link: "/product-engineering/git-flow-governance" },
{ text: "Testing Strategy", link: "/product-engineering/testing-strategy" }, { text: "Testing Strategy", link: "/product-engineering/testing-strategy" },
{ text: "ADR Index", link: "/adr/" },
{ text: "Workflow", link: "/workflow" }, { text: "Workflow", link: "/workflow" },
], ],
}, },
@@ -33,7 +40,17 @@ export default defineConfig({
}, },
{ {
text: "Public API", text: "Public API",
items: [{ text: "Section Overview", link: "/public-api/" }], items: [
{ text: "Section Overview", link: "/public-api/" },
{ text: "Glossary", link: "/public-api/glossary" },
],
},
{
text: "ADR",
items: [
{ text: "Index", link: "/adr/" },
{ text: "0001 Monorepo Foundation", link: "/adr/0001-monorepo-foundation" },
],
}, },
], ],
socialLinks: [{ icon: "github", link: "https://example.com/replace-with-repo" }], socialLinks: [{ icon: "github", link: "https://example.com/replace-with-repo" }],

37
docs/adr/0001-monorepo-foundation.md Normal file
View File

@@ -0,0 +1,37 @@
# ADR 0001: Monorepo Foundation
- Status: Accepted
- Date: 2026-02-10
## Context
The CMS platform requires:
- separate admin and public apps
- shared domain contracts and data access
- consistent tooling and CI quality gates
- incremental delivery through MVP stages
A fragmented multi-repo setup would increase coordination overhead and duplicate shared contracts.
## Decision
Adopt a Bun workspace monorepo with:
- `apps/admin` and `apps/web` for runtime surfaces
- shared packages (`@cms/content`, `@cms/db`, `@cms/crud`, `@cms/ui`, `@cms/i18n`)
- shared quality tooling (Biome, TypeScript, Vitest, Playwright, Turbo)
## Consequences
### Positive
- shared contract updates propagate in one change set
- easier cross-app refactors and testing
- single CI pipeline with consistent gates
### Negative
- stronger need for workspace discipline and clear boundaries
- larger repository clone/build surface
- potential for cross-package coupling if conventions are not enforced

17
docs/adr/README.md Normal file
View File

@@ -0,0 +1,17 @@
# ADR Index
Architecture Decision Records (ADRs) capture important technical decisions and context.
## Format
- Numbered files: `0001-<short-title>.md`
- Immutable once accepted (new ADRs supersede old decisions)
- Include:
- Status
- Context
- Decision
- Consequences
## Records
- [0001 - Monorepo Foundation](./0001-monorepo-foundation.md)

2
docs/index.md
View File

@@ -7,6 +7,7 @@ Engineering documentation hub for this repository.
- [Product / Engineering](/product-engineering/) - [Product / Engineering](/product-engineering/)
- [Admin / User Guides](/admin-user-guides/) - [Admin / User Guides](/admin-user-guides/)
- [Public API](/public-api/) - [Public API](/public-api/)
- [ADR Index](/adr/)
## Core Sources ## Core Sources
@@ -14,6 +15,7 @@ Engineering documentation hub for this repository.
- Branching and promotion flow: `BRANCHING.md` - Branching and promotion flow: `BRANCHING.md`
- Contribution and commit schema: `CONTRIBUTING.md` - Contribution and commit schema: `CONTRIBUTING.md`
- Release history: `CHANGELOG.md` - Release history: `CHANGELOG.md`
- Versioning and release policy: `VERSIONING.md`
## Documentation Scope ## Documentation Scope

52
docs/product-engineering/artist-cms-inspiration.md Normal file
View File

@@ -0,0 +1,52 @@
# Artist CMS Inspiration Notes
## Scope
Inspiration-only notes for implementation direction.
These are not direct copy targets and do not override current CMS roadmap decisions.
## Useful Patterns Observed in `gaertan`
### Media and Delivery
- S3-backed storage with signed URL/object access patterns.
- Route-level image streaming/proxy from storage keys.
- Multiple artwork variants/renditions for different view contexts.
- Dedicated actions for generated gallery variants and missing-variant backfill.
### Portfolio Domain
- Artwork linked to galleries/albums/tags/categories.
- Filterable portfolio pages (album/year/tag/search).
- Gallery components designed for responsive/justified layouts.
### Commissions Domain
- Rich commission model:
- types
- options
- extras
- custom cards
- custom inputs
- Public request form + admin request management.
- Commission status/kanban-like mapping for intake/in-progress/completed.
### Color and Processing
- Artwork color extraction workflows (palette/tones) from stored image files.
- Potential pipeline point for future theming and discovery filters.
## How We Should Reuse These Ideas Here
- Keep the domain approach, but normalize to current CMS architecture (`@cms/*` packages, Next app router, shared CRUD services).
- Start with deterministic MVP1 primitives:
- media CRUD + rendition slots
- portfolio grouping entities
- commission/customer linking
- Defer heavy media automation (advanced transforms/watermark/palette orchestration) to MVP2 after baseline reliability is proven.
## Guardrails
- No direct schema/code lift from `gaertan`; re-model explicitly for this repository.
- Keep upload and processing abstraction pluggable (S3 now, alternative provider later).
- Favor explicit auditability for media/commission mutations.

244
docs/product-engineering/cms-feature-topics.md Normal file
View File

@@ -0,0 +1,244 @@
# CMS Feature Topics (Domain-Centric)
## Purpose
Describe the CMS by feature domains/modules (not personas), so implementation and UI structure stay clear.
## 1) Pages
Scope:
- create/edit/publish/unpublish/schedule pages
- slug + SEO metadata
- draft and publish states
Core entities:
- `Page`
- `PageVersion` (later)
- `SeoMeta`
MVP fit:
- MVP1 core
## 2) Navigation
Scope:
- menus, nested items, ordering, visibility
- route linking to pages or external URLs
Core entities:
- `NavigationMenu`
- `NavigationItem`
MVP fit:
- MVP1 core
## 3) Media
Scope:
- upload/browse/replace/delete media
- media-type classification (artwork, banner, promo, generic, video/gif)
- metadata management
Core entities:
- `MediaAsset`
- `MediaMetadata`
- `MediaVariant` (renditions)
MVP fit:
- MVP1 core
## 4) Portfolio / Artworks
Scope:
- artworks with grouped structures
- grouping by galleries/albums/categories/tags
- ordering and visibility
Core entities:
- `Artwork`
- `Gallery`
- `Album`
- `Category`
- `Tag`
MVP fit:
- MVP1 core
## 5) Cards and Reusable Blocks
Scope:
- reusable content blocks for pages
- card-based sections (price cards, promo cards, feature cards)
Core entities:
- `BlockTemplate`
- `BlockInstance`
- `CardPreset`
MVP fit:
- MVP1 (baseline blocks), MVP2 (advanced builder UX)
## 6) Forms
Scope:
- embeddable forms on pages
- schema-driven field definitions
- submission handling and moderation
Core entities:
- `FormDefinition`
- `FormField`
- `FormSubmission`
MVP fit:
- MVP1 for commission request path
- MVP2 for generic form builder
## 7) Announcements and Banners
Scope:
- prominent notices on public pages
- schedule windows and priority
Core entities:
- `Announcement`
- `HeaderBanner`
MVP fit:
- MVP1 core
## 8) News / Blog
Scope:
- editorial posts and updates
- author metadata, status flow
Core entities:
- `NewsPost`
- `NewsCategory`
MVP fit:
- MVP1 secondary core
## 9) Commissions
Scope:
- commission request intake
- admin processing and kanban status transitions
Core entities:
- `CommissionRequest`
- `CommissionStatus`
- `CommissionType` (options/extras/custom fields)
MVP fit:
- MVP1 core
## 10) Customers (CRM-Lite)
Scope:
- recurring customer records
- customer-to-commission linking and reuse
Core entities:
- `Customer`
- `CustomerContact`
- `CustomerCommissionLink`
MVP fit:
- MVP1 core
## 11) Users, Roles, and Permissions
Scope:
- users, role assignment, status (active/banned)
- protected owner/support invariants
Core entities:
- `User`
- `Role`
- `Permission`
MVP fit:
- MVP0/MVP1 bridge; refinements in MVP2
## 12) Settings
Scope:
- system settings and feature flags
- registration policy and future locale toggles
Core entities:
- `SystemSetting`
MVP fit:
- MVP0 baseline, expanded in MVP1/MVP2
## 13) Processing Pipelines (Later)
Scope:
- watermarking
- color extraction
- advanced media transforms
- queue/retry visibility
Core entities:
- `MediaJob`
- `MediaJobRun`
- `ExtractedPalette`
MVP fit:
- MVP2
## Suggested Admin IA Alignment
- Dashboard
- Pages
- Navigation
- Media
- Portfolio
- Announcements
- News
- Commissions
- Customers
- Users
- Settings

8
docs/product-engineering/crud-baseline.md
View File

@@ -7,6 +7,8 @@ MVP0 now includes a shared CRUD foundation package: `@cms/crud`.
Current baseline: Current baseline:
- Shared service factory: `createCrudService` - Shared service factory: `createCrudService`
- Repository contract: `list`, `findById`, `create`, `update`, `delete`
- Service surface for list/detail/editor flows: `list`, `getById`, `create`, `update`, `delete`
- Shared validation error type: `CrudValidationError` - Shared validation error type: `CrudValidationError`
- Shared not-found error type: `CrudNotFoundError` - Shared not-found error type: `CrudNotFoundError`
- Shared mutation audit hook contract: `CrudAuditHook` - Shared mutation audit hook contract: `CrudAuditHook`
@@ -24,6 +26,11 @@ Current baseline:
- `registerPostCrudAuditHook` - `registerPostCrudAuditHook`
Validation for create/update is enforced by `@cms/content` schemas. Validation for create/update is enforced by `@cms/content` schemas.
Contract tests validate:
- repository list/detail behavior via CRUD service
- validation and not-found errors
- audit payload propagation (`actor`, `metadata`)
The admin dashboard currently includes a temporary posts CRUD sandbox to validate this flow through a real app UI. The admin dashboard currently includes a temporary posts CRUD sandbox to validate this flow through a real app UI.
@@ -31,3 +38,4 @@ The admin dashboard currently includes a temporary posts CRUD sandbox to validat
- This is the base layer for future entities (pages, navigation, media, users, commissions). - This is the base layer for future entities (pages, navigation, media, users, commissions).
- Audit hook persistence/transport is intentionally left for later implementation work. - Audit hook persistence/transport is intentionally left for later implementation work.
- Implementation examples are documented in `crud-examples.md`.

69
docs/product-engineering/crud-examples.md Normal file
View File

@@ -0,0 +1,69 @@
# CRUD Examples
## Goal
Provide concrete implementation patterns for new entities adopting `@cms/crud`.
## Example: Service Factory Wiring
```ts
import { createCrudService } from "@cms/crud"
import { createPageInputSchema, updatePageInputSchema } from "@cms/content"
const pageCrudService = createCrudService({
resource: "page",
repository: pageRepository,
schemas: {
create: createPageInputSchema,
update: updatePageInputSchema,
},
auditHooks: pageAuditHooks,
})
```
## Example: Repository Contract
```ts
const pageRepository = {
list: () => db.page.findMany({ orderBy: { updatedAt: "desc" } }),
findById: (id: string) => db.page.findUnique({ where: { id } }),
create: (input: CreatePageInput) => db.page.create({ data: input }),
update: (id: string, input: UpdatePageInput) =>
db.page.update({
where: { id },
data: input,
}),
delete: (id: string) => db.page.delete({ where: { id } }),
}
```
## Example: Action Usage
```ts
export async function createPage(input: unknown, context?: CrudMutationContext) {
return pageCrudService.create(input, context)
}
export async function updatePage(id: string, input: unknown, context?: CrudMutationContext) {
return pageCrudService.update(id, input, context)
}
export async function deletePage(id: string, context?: CrudMutationContext) {
return pageCrudService.delete(id, context)
}
```
## Testing Expectations
- validation failure returns `CrudValidationError`
- missing IDs return `CrudNotFoundError`
- repository methods are called in expected order
- audit hooks receive `actor`, `metadata`, `before`, `after`
## Adoption Checklist
1. Add entity schemas in `@cms/content`
2. Add repository + service in `@cms/db`
3. Add unit tests for contract + validation
4. Wire route/action permission checks before mutations
5. Add docs links and TODO updates

83
docs/product-engineering/delivery-pipeline.md Normal file
View File

@@ -0,0 +1,83 @@
# Delivery Pipeline
## Scope
Operational pipeline baseline for image build/push, staging deploy, production promotion, and rollback.
## Registry Credentials Strategy
Use scoped Gitea secrets:
- `CMS_IMAGE_REGISTRY`
- `CMS_IMAGE_NAMESPACE`
- `CMS_IMAGE_REGISTRY_USER`
- `CMS_IMAGE_REGISTRY_PASSWORD`
Policy:
- credentials only in CI secrets
- no plaintext credentials in repo
- least privilege: push/pull for target namespace only
## Build and Push Flow
- Workflow: `.gitea/workflows/release.yml`
- Trigger:
- tag push `vX.Y.Z`
- manual `workflow_dispatch`
- Steps:
1. validate tag vs root `package.json` version
2. generate changelog
3. extract release notes from `CHANGELOG.md`
4. docker login
5. build and push `cms-web` and `cms-admin` images
6. publish/update Gitea release notes through API
Additional required secret:
- `GITEA_RELEASE_TOKEN`
## Staging Deployment Automation
- Workflow: `.gitea/workflows/deploy.yml`
- Manual input:
- `environment=staging`
- `image_tag=vX.Y.Z`
- Remote deployment uses SSH + compose file:
- `docker-compose.staging.yml`
Required secrets:
- `CMS_STAGING_HOST`
- `CMS_STAGING_USER`
- `CMS_DEPLOY_KEY`
- `CMS_REMOTE_DEPLOY_PATH`
## Production Promotion and Rollback
Promotion:
- run deploy workflow with:
- `environment=production`
- `image_tag=vX.Y.Z`
Rollback:
- release workflow supports manual production rollback by `rollback_image_tag`
- deploy workflow supports `rollback_tag` input for environment-specific rollback
- recovery action:
- rerun deploy/rollback with previous known-good tag
## Deployment Verification
After deploy:
1. app health checks (web/admin)
2. auth smoke flow
3. i18n smoke flow
4. critical route checks (`/`, `/login`, `/todo`)
## Notes
- Current workflows are production-oriented scaffolds and require secret provisioning in Gitea.
- Host hardening, network ACLs, and backup policy remain mandatory operational controls.

35
docs/product-engineering/domain-glossary.md Normal file
View File

@@ -0,0 +1,35 @@
# Domain Glossary
## Core Terms
### Owner
Highest-privilege admin role. Exactly one canonical owner must exist at all times.
### Support User
Hidden technical support account used for break-glass access and operational recovery.
### Admin Registration Policy
Runtime policy controlling whether `/register` can create additional admin users after owner bootstrap.
### Protected Account
Account that cannot be deleted/demoted through self-service flows (support + canonical owner).
### CRUD Service
Shared `@cms/crud` service abstraction combining schema validation, repository orchestration, and audit hooks.
### Permission Scope
RBAC access scope granularity: `own`, `team`, `global`.
### Roadmap Source Of Truth
`TODO.md` in repository root. Rendered in admin via `/todo`.
### Header Banner
Public-site announcement strip configured through `system_setting` key `public.header_banner`.

103
docs/product-engineering/environment-runbook.md Normal file
View File

@@ -0,0 +1,103 @@
# Environment and Deployment Runbook
## Scope
Operational baseline for `dev`, `staging`, and `production`.
## Environments
### Dev (local)
- Runtime: Bun + local Next dev servers
- Entry point: `bun run dev`
- Database: local/remote dev Postgres from `.env`
- Characteristics:
- fastest feedback
- non-production data acceptable
- migrations created here first
### Staging
- Runtime: Docker Compose (`docker-compose.staging.yml`)
- Purpose: integration validation and release candidate checks
- Characteristics:
- production-like environment
- controlled test data
- candidate for production promotion
### Production
- Runtime: Docker Compose (`docker-compose.production.yml`)
- Purpose: end-user traffic
- Characteristics:
- protected secrets and stricter access controls
- immutable release artifacts
- rollback procedures required
## Core Commands
### Local development
```bash
bun install
bun run db:generate
bun run db:migrate
bun run db:seed
bun run dev
```
### Staging compose
```bash
bun run docker:staging:up
bun run docker:staging:down
```
### Production compose
```bash
bun run docker:production:up
bun run docker:production:down
```
## Release Flow
1. Complete work on task branch.
2. Merge into `dev` and pass quality gates.
3. Promote `dev` -> `staging`.
4. Validate staging smoke/e2e + manual checks.
5. Promote `staging` -> `main` and tag release.
## Migration Policy
- Create migrations in development only.
- Apply migrations in deployment using `prisma migrate deploy`.
- Never hand-edit applied migration history.
## Rollback Baseline
Current baseline strategy:
- rollback app image/tag to previous known-good release
- restore database from backup when schema/data changes require recovery
## Secrets and Config
- Dev: `.env`
- Staging: `.env.staging` (from `.env.staging.example`)
- Production: `.env.production` (from `.env.production.example`)
Minimum sensitive values:
- `DATABASE_URL`
- `BETTER_AUTH_SECRET`
- `CMS_SUPPORT_*` credentials/keys
## Verification Checklist
- `bun run check`
- `bun run typecheck`
- `bun run test`
- `bun run test:e2e`
- app startup health for web/admin
- login flow and permissions smoke

93
docs/product-engineering/git-flow-governance.md Normal file
View File

@@ -0,0 +1,93 @@
# Git Flow Governance
## Scope
Governance rules for branch protections, PR gates, branch naming, and merge discipline.
## Branch Protection
Protected branches:
- `main`
- `staging`
Apply protections using:
- Gitea UI settings
- or automation script: `.gitea/scripts/configure-branch-protection.sh`
Minimum policy:
- no direct pushes
- PR merge required
- required status checks
- at least one reviewer approval
## Branch Protection Verification Checklist
Use this checklist in Gitea repository settings after applying policy:
1. `main` protection exists and direct push is disabled.
2. `staging` protection exists and direct push is disabled.
3. Required checks include:
- `Governance Checks`
- `Lint Typecheck Unit E2E`
4. Pull request approval is required.
5. Branch must be up to date before merge (recommended in protected branches).
API automation example:
```bash
sh .gitea/scripts/configure-branch-protection.sh \
"$GITEA_URL" \
"$GITEA_OWNER" \
"$GITEA_REPO" \
"$GITEA_ADMIN_TOKEN"
```
Notes:
- The script applies baseline protection for `main` and `staging`.
- Final verification is still required in the Gitea UI to confirm repository-specific policies.
## PR Gates
Required checks are implemented in `.gitea/workflows/ci.yml`:
- Governance Checks
- Lint Typecheck Unit E2E
## Branch Naming and TODO Scope
Allowed branch prefixes:
- `todo/`
- `refactor/`
- `code/`
Validation script:
- `.gitea/scripts/check-branch-name.sh`
Rule:
- one primary TODO item per delivery branch
PR TODO reference enforcement:
- template: `.gitea/PULL_REQUEST_TEMPLATE.md`
- CI check: `.gitea/scripts/check-pr-todo-reference.sh`
## Branch Lifecycle
1. Create short-lived branch from latest integration tip.
2. Implement one primary scope.
3. Open PR and pass required checks.
4. Merge into `dev`.
5. Promote `dev -> staging -> main`.
## Commit and Tag Policy
- Conventional commits required (`CONTRIBUTING.md`)
- release tags: `vX.Y.Z`
- changelog generated from commit history

2
docs/product-engineering/i18n-baseline.md
View File

@@ -18,4 +18,4 @@ Current baseline:
- Public app locale is resolved through `next-intl` middleware + cookie. - Public app locale is resolved through `next-intl` middleware + cookie.
- Enabled locales are currently static in code and will later be managed from admin settings. - Enabled locales are currently static in code and will later be managed from admin settings.
- Translation key conventions and workflow docs are tracked in `TODO.md`. - Translation key and workflow standards are documented in `i18n-conventions.md`.

86
docs/product-engineering/i18n-conventions.md Normal file
View File

@@ -0,0 +1,86 @@
# i18n Conventions
## Scope
This document defines translation conventions for both apps in MVP0+.
- Public app i18n: `next-intl` message namespaces and route-level usage
- Admin app i18n: JSON dictionaries + runtime resolver/provider
- Shared locale contract: `@cms/i18n` (`de`, `en`, `es`, `fr`; default `en`)
## Locale Policy
- Source of truth: `packages/i18n/src/index.ts`
- Current enabled locales are code-driven and shared across web/admin.
- Admin-managed locale toggles are planned for a later MVP.
## Key Naming Conventions
- Use `camelCase` for keys.
- Group by domain namespace (not by component filename).
- Keep keys stable; update values, not key names, during copy edits.
### Public app namespaces
- `Layout.*`
- `Home.*`
- `LanguageSwitcher.*`
- Page-specific namespaces, e.g. `About.*`, `Contact.*`
- Metadata namespace: `Seo.*`
### Admin app namespaces
- `common.*`
- `auth.*`
- `dashboard.*`
- `settings.*`
## Message Structure
- Keep messages as nested JSON objects.
- Avoid very deep nesting (prefer 2-3 levels).
- Keep punctuation in translation values, not code.
- Avoid embedding HTML in message strings.
## Fallback Rules
- Unknown/invalid locale values fallback to default locale `en`.
- Missing translation key behavior:
- Admin: `translateMessage` returns provided fallback, else key.
- Public: ensure required keys exist in locale JSON; avoid runtime missing-key states.
## Adding New Translation Keys
1. Add key/value in `apps/*/src/messages/en.json`.
2. Add equivalent key in `de/es/fr` JSON files.
3. Use key via translator:
- Web: `useTranslations("Namespace")` or `getTranslations("Namespace")`
- Admin: `useAdminT()` or server-side `translateMessage(...)`
4. Add/adjust tests for behavior where relevant.
## Translation Workflow
1. Author English source copy first.
2. Add keys in all supported locales in same change.
3. Keep semantic parity across locales.
4. Run checks:
- `bun run check`
- `bun run typecheck`
- `bun run test`
5. For route-level i18n behavior changes, run e2e smoke:
- `bunx playwright test --grep "i18n smoke"`
## QA Checklist
- Locale switch persists after refresh.
- Page headings and navigation labels translate correctly.
- Metadata (`Seo`) strings resolve per locale.
- No missing-key placeholders visible in UI.
## Related Files
- `apps/web/src/i18n/request.ts`
- `apps/web/src/i18n/routing.ts`
- `apps/admin/src/i18n/server.ts`
- `apps/admin/src/i18n/messages.ts`
- `packages/i18n/src/index.ts`

14
docs/product-engineering/index.md
View File

@@ -8,7 +8,19 @@ This section covers platform and implementation documentation for engineers and
- [Architecture](/architecture) - [Architecture](/architecture)
- [Better Auth Baseline](/product-engineering/auth-baseline) - [Better Auth Baseline](/product-engineering/auth-baseline)
- [RBAC And Permissions](/product-engineering/rbac-permission-model) - [RBAC And Permissions](/product-engineering/rbac-permission-model)
- [i18n Conventions](/product-engineering/i18n-conventions)
- [CRUD Examples](/product-engineering/crud-examples)
- [Package Catalog And Decision Notes](/product-engineering/package-catalog)
- [User Personas And Use-Case Topics](/product-engineering/user-personas-and-use-cases)
- [CMS Feature Topics (Domain-Centric)](/product-engineering/cms-feature-topics)
- [Domain Glossary](/product-engineering/domain-glossary)
- [Artist CMS Inspiration Notes](/product-engineering/artist-cms-inspiration)
- [Environment Runbook](/product-engineering/environment-runbook)
- [Staging Deployment Checklist](/product-engineering/staging-deployment-checklist)
- [Delivery Pipeline](/product-engineering/delivery-pipeline)
- [Git Flow Governance](/product-engineering/git-flow-governance)
- [Testing Strategy Baseline](/product-engineering/testing-strategy) - [Testing Strategy Baseline](/product-engineering/testing-strategy)
- [ADR Index](/adr/)
- [Workflow](/workflow) - [Workflow](/workflow)
## Scope ## Scope
@@ -20,6 +32,4 @@ This section covers platform and implementation documentation for engineers and
## Planned Expansions ## Planned Expansions
- Domain model and glossary
- ADR (Architecture Decision Record) index
- Operational playbooks (incident, rollback, recovery) - Operational playbooks (incident, rollback, recovery)

153
docs/product-engineering/package-catalog.md Normal file
View File

@@ -0,0 +1,153 @@
# Package Catalog And Decision Notes
## Purpose
Track package decisions in one place:
- what is already used
- why it is used
- when to keep/remove/replace
- which packages are candidates for later MVPs
This file is decision support, not a lockfile replacement.
## Current Core Stack (Used Now)
### Runtime and App Foundation
- `bun`:
workspace package manager + runtime for scripts and local dev.
- `next` + `react` + `react-dom`:
app framework for `admin` and `web`.
- `typescript`:
typed contracts across apps/packages.
### Data and Validation
- `prisma` + `@prisma/client` + `pg` + `@prisma/adapter-pg`:
DB schema/migrations + typed DB access on PostgreSQL.
- `zod`:
shared runtime validation for domain schemas and CRUD inputs.
### Auth, State, Data Fetching
- `better-auth`:
admin auth/session + role metadata baseline.
- `zustand`:
lightweight client state (e.g. locale/UI state).
- `@tanstack/react-query`:
async state/query cache patterns for admin/public app data fetching.
- `@tanstack/react-form` and `@tanstack/react-table`:
form/table primitives in admin workflows.
### UI and Styling
- `tailwindcss` + `@tailwindcss/postcss`:
utility-first styling baseline.
- `class-variance-authority`, `clsx`, `tailwind-merge`:
component variant + class composition in `@cms/ui`.
### Testing and Quality
- `vitest`, `@testing-library/react`, `@testing-library/jest-dom`, `@testing-library/user-event`, `msw`, `jsdom`:
unit/integration tests + UI interaction + API mocking.
- `@playwright/test`:
end-to-end tests.
- `@biomejs/biome`:
lint/format/check baseline.
- `turbo`:
monorepo task orchestration.
### Docs and Release Governance
- `vitepress`:
docs site.
- `conventional-changelog-cli`:
changelog generation from conventional commits.
- `@commitlint/cli` + `@commitlint/config-conventional`:
commit message schema enforcement.
## Media and Color Processing Notes
### Why `sharp` is typically the default choice
`sharp` is usually the best baseline for server-side image processing because:
- strong performance and memory behavior
- reliable resize/crop/format conversion pipeline
- robust support for production workloads
- good integration in Node/Bun server contexts
Use cases for this CMS:
- generate artwork renditions (thumb/card/full/custom)
- normalize uploads and output formats
- create banner/promo safe-size outputs
- optional watermark compositing pipeline
### Color extraction package options
1. `node-vibrant`
- Best for: quick dominant palette extraction for UI accents and tagging.
- Tradeoff: less control over advanced color science.
2. `colorthief`
- Best for: simple dominant-color extraction with minimal setup.
- Tradeoff: more limited output and tuning compared to richer libraries.
3. `culori` / `chroma-js` (supporting libs, often combined with extractor)
- Best for: color manipulation, conversion, contrast checks, palette normalization.
- Tradeoff: not a full image extractor by itself.
Recommended approach:
- MVP2 start with `sharp` + `node-vibrant` + `culori`
- keep extraction pipeline behind an internal adapter so replacement is easy
## Candidate Packages For Later (Not Installed Yet)
### File Upload and Storage Abstraction
- `@aws-sdk/client-s3` (+ presign utilities):
for S3/R2/object storage adapters and signed upload/download flows.
- `uploadthing` or custom presigned-upload implementation:
faster admin upload UX with secure direct-to-storage path.
### Rich Text / Page Builder
- `tiptap`:
rich editorial experience for pages/news.
- `@dnd-kit/core`:
drag-and-drop block ordering/page-builder interactions.
### Media Pipelines / Jobs
- `bullmq` + `ioredis`:
background job queue for heavy media transforms (watermark/video/etc).
### Commissions and CRM Extensions
- `@tanstack/react-virtual`:
large admin tables (requests/customers) without rendering bottlenecks.
### Observability / Reliability
- `@sentry/nextjs`:
app error monitoring.
- `pino`:
structured logs for services/workflows.
## Add/Remove Decision Rules
When adding a package, document:
1. problem it solves
2. why existing stack is insufficient
3. expected maintenance/runtime cost
4. fallback/exit plan
When removing/replacing:
1. list impacted modules
2. verify tests and migration path
3. update this catalog and related ADR/docs

100
docs/product-engineering/staging-deployment-checklist.md Normal file
View File

@@ -0,0 +1,100 @@
# Staging Deployment Checklist
## Purpose
Operational checklist for the first real staging deployment using `.gitea/workflows/deploy.yml`.
Use this once end-to-end, save the record, then mark MVP0 staging deployment as complete in `TODO.md`.
## Preconditions
- Docker host for staging is reachable via SSH.
- Gitea repo secrets are configured:
- `CMS_STAGING_HOST`
- `CMS_STAGING_USER`
- `CMS_DEPLOY_KEY`
- `CMS_REMOTE_DEPLOY_PATH`
- `CMS_IMAGE_REGISTRY`
- `CMS_IMAGE_NAMESPACE`
- `CMS_IMAGE_REGISTRY_USER`
- `CMS_IMAGE_REGISTRY_PASSWORD`
- Release image tag exists in registry (e.g. `v0.1.0`).
- Remote deploy path contains:
- `docker-compose.staging.yml`
- staging env file(s) needed by compose
## Step-by-Step Execution
1. Verify release images exist:
- `cms-web:<tag>`
- `cms-admin:<tag>`
2. In Gitea Actions, run `CMS Deploy` workflow.
3. Inputs:
- `environment=staging`
- `image_tag=<tag>`
- `rollback_tag=` (empty for normal deploy)
4. Confirm workflow success.
5. Validate staging endpoints:
- web base route
- admin login route
6. Run smoke checks on staging:
- auth login
- i18n route/switch baseline
- admin dashboard route access
7. If failure:
- rerun `CMS Deploy` with `rollback_tag=<previous-tag>`
- capture root cause and remediation notes
## Evidence To Capture
- Workflow run URL
- Deployed image tag
- Timestamp (UTC)
- Validation results (pass/fail)
- Rollback performed or not
## Deployment Record Template
Copy the block below into a new file under `docs/product-engineering/staging-deployments/`.
```md
# Staging Deployment Record - <YYYY-MM-DD>
- Date (UTC):
- Operator:
- Workflow run URL:
- Target environment: staging
- Image tag:
- Previous tag:
## Preconditions
- [ ] Secrets configured in Gitea
- [ ] Registry images available
- [ ] Remote compose path verified
## Execution
1. Triggered `CMS Deploy` with `environment=staging`, `image_tag=<tag>`
2. Workflow status: <!-- pass/fail -->
## Validation
- [ ] Web route check
- [ ] Admin login route check
- [ ] Auth smoke flow
- [ ] i18n smoke flow
- [ ] Admin dashboard access
## Rollback
- Performed: <!-- yes/no -->
- Rollback tag:
- Rollback workflow run URL:
## Outcome
- Result: <!-- success/failed -->
- Notes:
- Follow-up actions:
```

116
docs/product-engineering/user-personas-and-use-cases.md Normal file
View File

@@ -0,0 +1,116 @@
# User Personas And Use-Case Topics
## Purpose
Define who uses this CMS and which feature topics matter for each role.
This keeps roadmap decisions grounded in real workflows instead of isolated features.
## Primary Personas
### 1. Owner Artist (Primary Operator)
Main goals:
- publish and maintain portfolio website content
- manage artworks, grouped collections, and featured content
- open/close commissions and track incoming requests
Core topics:
- pages + navigation builder
- media library + artwork metadata + renditions
- announcement/banner management
- commissions + customer records
- news/blog updates
### 2. Studio Manager / Assistant
Main goals:
- handle operational content updates and commission administration
- manage customer communication and request statuses
Core topics:
- commission kanban and request triage
- customer profile maintenance
- media organization and moderation
- limited page edits under role constraints
### 3. Content Editor / Social Manager
Main goals:
- publish updates, news posts, and campaign visuals
- keep public-facing content fresh without deep admin privileges
Core topics:
- news/blog authoring
- announcements/promotions
- selected media uploads and metadata edits
- landing page block updates (where permitted)
### 4. Technical Support (Protected Role)
Main goals:
- break-glass access for incident support
- diagnostics and recovery support without owning business content
Core topics:
- support access route/key flow
- protected account safeguards
- operational diagnostics and rollback awareness
### 5. Returning Customer (Commission Client)
Main goals:
- submit repeat commission requests with reduced data re-entry
- track active request state
Core topics:
- customer-linked commission intake
- commission status visibility
- communication and requirement updates
### 6. Public Visitor / Collector / Fan
Main goals:
- discover artwork, updates, and commission availability
- navigate pages and portfolio smoothly
Core topics:
- portfolio browsing (gallery/album/tag/category)
- announcement visibility
- news/blog consumption
- commission request entry points
## Role-to-Feature Responsibility Map
- Owner Artist:
all core CMS domains
- Studio Manager:
commissions/customers/media operations
- Content Editor:
editorial/news/announcements + constrained page/media tasks
- Technical Support:
operational support only, no business ownership transfer
- Public personas:
consumption and request flows on public app
## Planning Guidance
When adding a roadmap item, always specify:
1. target persona(s)
2. primary user outcome
3. permissions required
4. public impact (if any)
If an item cannot be mapped to at least one clear persona outcome, it should not be prioritized.

43
docs/public-api/glossary.md Normal file
View File

@@ -0,0 +1,43 @@
# Public API Glossary
## Scope
Baseline terms for future public API design and integration discussions.
## Terms
### Public API
Externally consumable endpoints intended for non-admin clients.
### Resource
Entity exposed by an API endpoint (for example: `page`, `media`, `news`).
### Contract
The stable request/response schema for an endpoint version.
### Version
Compatibility boundary for API contracts (for example: `v1`).
### Authentication
Identity verification mechanism for protected API routes.
### Authorization
Permission check determining whether an authenticated actor can access a resource/action.
### Pagination
Mechanism for splitting large result sets across requests.
### Idempotency
Property where repeating a request does not change final state beyond the first successful call.
### Rate Limit
Request threshold policy applied per consumer/time window.

5
docs/public-api/index.md
View File

@@ -11,6 +11,11 @@ No stable public API surface is documented yet.
- Add API docs when real endpoints are implemented and versioned - Add API docs when real endpoints are implemented and versioned
- Use OpenAPI as source of truth for endpoint reference - Use OpenAPI as source of truth for endpoint reference
- Keep integration guides and authentication examples here - Keep integration guides and authentication examples here
- Use glossary terms consistently across API specs and guides
## Reference
- [Public API Glossary](/public-api/glossary)
## Notes ## Notes

6
docs/workflow.md
View File

@@ -28,3 +28,9 @@ Follow `BRANCHING.md`:
```bash ```bash
bun run changelog:release bun run changelog:release
``` ```
## Governance
- Branch and PR governance checks run in `.gitea/workflows/ci.yml`.
- PR template: `.gitea/PULL_REQUEST_TEMPLATE.md`
- Versioning policy: `VERSIONING.md`

86
e2e/happy-paths.pw.ts Normal file
View File

@@ -0,0 +1,86 @@
import { expect, test } from "@playwright/test"
const SUPPORT_LOGIN = process.env.CMS_SUPPORT_EMAIL ?? process.env.CMS_SUPPORT_USERNAME ?? "support"
const SUPPORT_PASSWORD = process.env.CMS_SUPPORT_PASSWORD ?? "change-me-support-password"
async function ensureAdminSession(page: import("@playwright/test").Page) {
await page.goto("/login")
const dashboardHeading = page.getByRole("heading", { name: /content dashboard/i })
if (await dashboardHeading.isVisible({ timeout: 2000 }).catch(() => false)) {
return
}
await page.locator("#email").fill(SUPPORT_LOGIN)
await page.locator("#password").fill(SUPPORT_PASSWORD)
await page.getByRole("button", { name: /sign in/i }).click()
await expect(page).toHaveURL(/\/$/)
}
function uniqueSlug(prefix: string): string {
return `${prefix}-${Date.now()}`
}
function tinyPngBuffer() {
return Buffer.from(
"iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8/x8AAwMCAO2UoR8AAAAASUVORK5CYII=",
"base64",
)
}
test.describe("mvp1 happy paths", () => {
test("admin flows create content rendered on web", async ({ page }, testInfo) => {
test.skip(testInfo.project.name !== "admin-chromium")
const pageSlug = uniqueSlug("e2e-page")
const pageTitle = `E2E Page ${pageSlug}`
const announcementTitle = `E2E Announcement ${Date.now()}`
const mediaTitle = `E2E Media ${Date.now()}`
const commissionTitle = `E2E Commission ${Date.now()}`
await ensureAdminSession(page)
await page.goto("/pages")
await page.locator('input[name="title"]').first().fill(pageTitle)
await page.locator('input[name="slug"]').first().fill(pageSlug)
await page.locator('select[name="status"]').first().selectOption("published")
await page.locator('textarea[name="content"]').first().fill("E2E published page content")
await page.getByRole("button", { name: /create page/i }).click()
await expect(page.getByText(/page created/i)).toBeVisible()
await page.goto(`http://127.0.0.1:3000/${pageSlug}`)
await expect(page.getByRole("heading", { name: pageTitle })).toBeVisible()
await page.goto("http://127.0.0.1:3001/announcements")
await page.locator('input[name="title"]').first().fill(announcementTitle)
await page.locator('textarea[name="message"]').first().fill("E2E announcement message")
await page.getByRole("button", { name: /create announcement/i }).click()
await expect(page.getByText(/announcement created/i)).toBeVisible()
await page.goto("http://127.0.0.1:3000/")
await expect(page.getByText(/e2e announcement message/i)).toBeVisible()
await page.goto("http://127.0.0.1:3001/media")
await page.locator('input[name="title"]').first().fill(mediaTitle)
await page.locator('input[name="file"]').first().setInputFiles({
name: "e2e.png",
mimeType: "image/png",
buffer: tinyPngBuffer(),
})
await page.getByRole("button", { name: /upload media/i }).click()
await expect(page.getByText(/media uploaded successfully/i)).toBeVisible()
await expect(page.getByText(new RegExp(mediaTitle, "i"))).toBeVisible()
await page.goto("http://127.0.0.1:3001/commissions")
await page.locator('input[name="title"]').nth(1).fill(commissionTitle)
await page.getByRole("button", { name: /create commission/i }).click()
await expect(page.getByText(/commission created/i)).toBeVisible()
const card = page.locator("form", { hasText: commissionTitle }).first()
await card.locator('select[name="status"]').selectOption("done")
await card.getByRole("button", { name: /move/i }).click()
await expect(page.getByText(/commission status updated/i)).toBeVisible()
})
})

29
e2e/i18n-smoke.pw.ts Normal file
View File

@@ -0,0 +1,29 @@
import { expect, test } from "@playwright/test"
test.describe("i18n smoke", () => {
test("web language selector changes selected locale", async ({ page }, testInfo) => {
test.skip(testInfo.project.name !== "web-chromium")
await page.goto("/")
const selector = page.locator("select").first()
await selector.selectOption("de")
await expect(selector).toHaveValue("de")
await selector.selectOption("es")
await expect(selector).toHaveValue("es")
})
test("admin auth language selector changes selected locale", async ({ page }, testInfo) => {
test.skip(testInfo.project.name !== "admin-chromium")
await page.goto("/login")
const selector = page.locator("select").first()
await selector.selectOption("fr")
await expect(selector).toHaveValue("fr")
await selector.selectOption("en")
await expect(selector).toHaveValue("en")
})
})

8
e2e/smoke.pw.ts
View File

@@ -1,10 +1,15 @@
import { expect, test } from "@playwright/test" import { expect, test } from "@playwright/test"
const BUILD_INFO_PATTERN = /Build v\S+ \+sha\.[a-z0-9]{5,7}/i
test("smoke", async ({ page }, testInfo) => { test("smoke", async ({ page }, testInfo) => {
await page.goto("/") await page.goto("/")
if (testInfo.project.name === "web-chromium") { if (testInfo.project.name === "web-chromium") {
await expect(page.getByRole("heading", { name: /your next\.js cms frontend/i })).toBeVisible() await expect(
page.getByRole("heading", { name: /home|your next\.js cms frontend/i }),
).toBeVisible()
await expect(page.getByText(BUILD_INFO_PATTERN)).toBeVisible()
return return
} }
@@ -12,6 +17,7 @@ test("smoke", async ({ page }, testInfo) => {
if (await dashboardHeading.isVisible({ timeout: 2000 })) { if (await dashboardHeading.isVisible({ timeout: 2000 })) {
await expect(dashboardHeading).toBeVisible() await expect(dashboardHeading).toBeVisible()
await expect(page.getByText(BUILD_INFO_PATTERN)).toBeVisible()
return return
} }

Some files were not shown because too many files have changed in this diff Show More