- move promise and env-var principles to top of code standards section
- clarify build strategy: bundle:false applies to all src/ files, not just suffixed ones
- update RSC boundary explanation to describe module isolation approach
- add note about jsx loader handling .js files via esbuild
- remove redundant section headers and inline comments in examples
- fix grammar in singleton bundling warning
- update tagline in README.md and docs to reflect multi-purpose scope
- rephrase project description in PROJECT.md to position zen as an extensible admin platform
- remove detailed core documentation sections from PROJECT.md
- fix typo "palteforme" in directory structure comment
- replace cms references with platform wording in DEV.md
BREAKING CHANGE: sup config now derives entries from package.json#exports and a server/client glob instead of manual lists; module structure follows flat + barrel convention with .server.js/.client.js runtime suffixes
- Remove all module-related entry points from package.json exports
- Remove module source files from tsup build configuration
- Clean up external dependencies related to modules
- Update DEV.md to reflect modules removal from architecture
- Clarify package description to specify Next.js CMS
- Add `storagePublicPrefixes` and `storageAccessPolicies` fields to
both internal and external module config loading in discovery.js
- Add a module-level `MIME_TYPES` constant in storage/utils.js to
avoid recreating the object on every `getMimeType` call
- Remove unused `validateImageDimensions` export from storage/index.js
- Remove dead `isFinite` check after `Math.min/max` in `getPresignedUrl`
(result is always finite at that point)
- Remove unused `warn` import from storage/utils.js
- Add documentation rule in DEV.md: comments must always reflect the
actual behavior of the code they describe
Replace hardcoded `users/` path-based access control with a
declarative `storageAccessPolicies` system defined per module via
`defineModule()`.
- Add `storageAccessPolicies` field to `defineModule()` defaults with
support for `owner` and `admin` policy types
- Expose `getAllStorageAccessPolicies()` from the modules/storage layer
- Refactor `handleGetFile` in `storage/api.js` to resolve access
control dynamically from registered policies instead of hardcoded
path checks
- Add `ZEN_STORAGE_ENDPOINT` env var and update `.env.example` to
support S3-compatible backends (Cloudflare R2, Backblaze B2)
- Document the env/doc sync convention in `DEV.md`
- Add `@zen/core/api` to the `external` array in `tsup.config.js` to
prevent build failures caused by unresolved `dist/` imports at build time
- Document the externals rule in `docs/DEV.md`: any `@zen/core/*` import
used in bundled module files must be declared as external, with an
explanation of why and a code example to follow
Restructure the core API module to improve clarity, consistency, and
maintainability:
- Introduce `defineApiRoutes()` helper for declarative route definitions
with built-in config validation at startup
- Add `apiSuccess()` / `apiError()` response utilities; enforce their
use across all handlers (core and modules)
- Move auth enforcement to route definitions (`auth: 'public' | 'user' |
'admin'`), removing manual auth checks from handlers
- Extract core routes into `core-routes.js`; router now has no knowledge
of specific features
- Rename `nx-route.js` to `route-handler.js` and update package.json
export accordingly
- Update ARCHITECTURE.md to reflect new API conventions and point to
`src/core/api/README.md` for details
Move the "Publier le package" section from DEV.md to a new
PUBLICATION.md file, and add references to ARCHITECTURE.md and
PUBLICATION.md in the main DEV.md index. This reduces the size of
DEV.md and improves discoverability by grouping related content
into focused documents.
Replace the terse DEV.md with a comprehensive French-language guide
covering code standards, security rules, and the npm publish workflow.
Key changes:
- Expand code principles into readable prose (single responsibility,
control flow, input validation, promise handling, minimal scope)
- Add concrete security sections: parameterized queries, secret
management via env vars, dependency auditing, and opaque error
messages
- Document the full publish procedure (version bump, build, audit,
npm publish with provenance, git tag)
- Remove the NASA Power of Ten bullet list in favor of actionable,
project-specific guidelines
Replace the project directory tree and PR integration/versioning
sections with a new "Philosophie de développement" section covering
the NASA Power of Ten rules and security-by-design principles.
- Remove `zen-setup` binary from package.json and package-lock.json
- Replace manual setup steps with `npx @zen/start` CLI command
- Simplify INSTALL.md by reducing steps from 6 to 4
- Update DEV.md to reflect removal of zen-setup from CLI scripts
- Fix relative path to `.env.example` in documentation
hykocx