Smoke tests only ran astro dev, which uses Vite's on-demand compilation
and never invokes the adapter build pipeline. Build failures in
cloudflare/playground demos (or any adapter-dependent site) passed CI
undetected. Add a build verification suite that runs astro build for
every site in the matrix before the existing runtime tests.
Bumps smoke test CI timeout from 15 to 30 minutes to accommodate.
* fix: allow public access to search and suggest API endpoints
The search and suggest endpoints required search:read permission,
blocking unauthenticated visitors from using the LiveSearch component.
This is safe because the search query layer defaults to status=published,
so public users only see published content.
Fixes#104
* fix: add changeset for public search API access
Patch bump for emdash - allows public access to search API endpoints.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Matt Van Horn <455140+mvanhorn@users.noreply.github.com>
Co-authored-by: Matt Kane <mkane@cloudflare.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: prevent media upload OOM on Workers via client thumbnails + server safety net
Large image uploads (5MB+) crash Cloudflare Workers (128MB limit) because
generatePlaceholder() decodes entire images to raw RGBA pixels. A 4000x3000
JPEG becomes ~48MB RGBA, exceeding the isolate memory budget.
Two-layer fix:
- Client-side: browser generates a 64px canvas thumbnail for oversized images
and sends it alongside the upload. Server generates blurhash from the
thumbnail (~16KB RGBA) instead of decoding the full image.
- Server-side: reads dimensions from image headers via image-size and skips
placeholder generation when estimated decoded size exceeds 32MB. This covers
API/CLI uploads that don't provide thumbnails.
* chore: add changeset for media upload OOM fix
* fix: clamp upload thumbnail to 64x64 box for extreme aspect ratios
Naive sizing (thumbW=64, thumbH=(h/w)*64) could produce an enormous canvas
for very tall or very wide images — e.g. a 100x840000 image would allocate
a 64x537600 canvas client-side, reintroducing the memory blowup this feature
exists to prevent.
Extract computeThumbnailSize() that fits the image within a 64x64 box by
scaling against max(width, height), wrap canvas allocation and drawImage
in try/catch with a no-thumbnail fallback, and add unit tests covering
extreme aspect ratios.
---------
Co-authored-by: Matt Kane <mkane@cloudflare.com>
* fix: passkeys behind TLS reverse proxy
Add passkeyPublicOrigin and wire it through passkey routes so origin/rpId match
the browser when dev runs behind nginx. Expose dev-only /_emdash/api/dev/passkey-url,
add admin messaging for insecure WebAuthn contexts, nginx repro under demos/simple,
and direct kysely dependency for the simple demo Node adapter bundle.
Made-with: Cursor
* docs: add passkeyPublicOrigin to configuration reference
Adds the new passkeyPublicOrigin option and reverse proxy guidance
to the public-facing configuration docs as requested in PR review.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* update tests and more docs
* fix: add missing refresh-server-pat fixture and restore docs heading
---------
Co-authored-by: Joseph Eftekhari <jdeftekhari@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* refactor: split smoke and integration test configs into separate CI jobs
* fix: move CLA labeling from triage to CLA workflow
* fix: install formatters in temp dir to avoid catalog: protocol error
* fix: handle 404 when removing labels that don't exist on the PR
* fix(admin): use collection urlPattern for preview button fallback URL
The preview button hardcoded fallback URLs as /${collection}/${slug},
ignoring the collection's urlPattern setting. Collections with custom
URL patterns (e.g. urlPattern: "/biljke/{slug}" on a "biljka" collection)
would open a 404 instead of the correct page.
Thread urlPattern through the manifest and use it in the ContentEditor
preview fallback.
Fixes#167
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Filip Ilic <ilic.filip@gmail.com>
* chore: add changeset for preview URL pattern fix
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Filip Ilic <ilic.filip@gmail.com>
---------
Signed-off-by: Filip Ilic <ilic.filip@gmail.com>
Co-authored-by: Matt Kane <mkane@cloudflare.com>
* perf(db): optimize D1 indexes to eliminate full table scans
- Add composite indexes to ec_* tables for common query patterns
- Replace single-column indexes with (deleted_at, updated_at, id) composite
- Add (deleted_at, status) index for count queries
- Add (deleted_at, created_at, id) index for chronological ordering
- Optimize comment counting with partial indexes per status
- Rewrite countByStatus() to use parallel WHERE queries instead of GROUP BY
Fixes#131
* chore: add changeset for D1 index optimization
* style: wrap changeset description for formatting compliance
Replace placeholder text branding ("— EmDash") with actual logo SVGs
from the brand assets. Adds Logo.tsx with LogoIcon (icon mark) and
LogoLockup (icon + wordmark) components.
- Sidebar: gradient icon mark replaces em dash text character
- Login, Signup, Setup: full lockup SVG with currentColor wordmark
- Welcome modal: logo icon replaces Sparkle placeholder
- Favicon: real gradient icon SVG replaces emoji
* fix(tests): remove explicit beforeAll timeouts that override global hookTimeout
Integration tests passed 60s timeouts to beforeAll, overriding the
120s hookTimeout in vitest.smoke.config.ts. On CI the dev server
startup can consume the full 60s, leaving no time for setup + seeding.
Also bumps createTestServer's default waitForServer timeout from 60s
to 90s, leaving 30s margin within the 120s hook budget.
* fix(tests): don't remove shared node_modules symlink during cleanup
Multiple integration test suites run concurrently and share the
fixture/node_modules symlink. When the suite that created it finishes
first, its cleanup deletes the symlink, causing other suites to fail
with MODULE_NOT_FOUND when their server process tries to resolve astro.
The symlink is gitignored so it's safe to leave in place.
On a fresh CF deployment, if the first request hits a public page, the
middleware fast-path skips runtime init. Template helpers like
getSiteSettings() then query an empty database and crash with
'no such table: options'.
Add a one-time setup probe in the middleware fast-path: check if the
migrations table exists, and redirect to the setup wizard if not.
The check is cached for the worker lifetime after first success.
Also includes release workflow update to use GitHub App token and
admin branding changeset.
