emdash-cms/emdash @emdash-cms/sandbox-workerd@0.1.0

on GitHub

Minor Changes

• #426 02ed8ba Thanks @BenjaminPrice! - Adds workerd-based plugin sandboxing for Node.js deployments.
  • emdash: Adds isHealthy() to SandboxRunner interface, SandboxUnavailableError class, sandbox: false config option, mediaStorage field on SandboxOptions, and exports createHttpAccess/createUnrestrictedHttpAccess/PluginStorageRepository/UserRepository/OptionsRepository for platform adapters.
  • @emdash-cms/cloudflare: Implements isHealthy() on CloudflareSandboxRunner. Fixes storageQuery() and storageCount() to honor where, orderBy, and cursor options (previously ignored, causing infinite pagination loops and incorrect filtered counts). Adds storageConfig to PluginBridgeProps so PluginStorageRepository can use declared indexes.
  • @emdash-cms/sandbox-workerd: New package. WorkerdSandboxRunner for production (workerd child process + capnp config + authenticated HTTP backing service) and MiniflareDevRunner for development.

Patch Changes

• #1144 c50c3b2 Thanks @ascorbic! - Aligns the kysely peer dependency with the rest of the monorepo (>=0.29.0) and switches the dev/peer references to the workspace catalog so all packages bump in lockstep going forward.

• #1147 20c87fe Thanks @ascorbic! - Tightens the workerd sandbox internals so the package now lints and type-checks cleanly.

  • Bridge call bodies are validated with predicate-backed require* / optional* helpers instead of unchecked as casts. A misbehaving plugin that sends a malformed JSON-RPC body now gets a clear "Parameter X must be Y" error rather than triggering a downstream type confusion.
  • Content table access (ec_* collections) is centralised behind a typed asContentDb() helper. Known tables (users, media, _plugin_storage) drop their as keyof Database casts entirely.
  • HTTP init marshalling validates each field at the bridge boundary, including form-data parts.
  • The backing service uses a typed HttpError class for status-bearing errors and validates incoming chunks/body shape defensively.
  • getPluginStorageConfig() returns the real PluginStorageConfig shape from the manifest instead of Record<string, unknown>.
  • WorkerdSandboxedPlugin now implements the correct SandboxedPluginInstance interface (the old SandboxedPlugin symbol did not exist).
  • Adds a typecheck script (tsgo --noEmit) so the package participates in pnpm typecheck going forward.

  No runtime behaviour changes.

• Updated dependencies [02ed8ba, 11b3001, fae97ee, 88f544d, 9a30607, d0ff94b]:

  • emdash@0.15.0