Merge branch 'main' into fix/issue-14047

Author: cderv

llm-docs/publishing-architecture.md

@@ -0,0 +1,243 @@
+---
+main_commit: 76b946025
+analyzed_date: 2026-02-16
+key_files:
+  - src/publish/provider-types.ts
+  - src/publish/provider.ts
+  - src/publish/publish.ts
+  - src/publish/config.ts
+  - src/publish/common/publish.ts
+  - src/publish/common/bundle.ts
+  - src/publish/common/account.ts
+  - src/publish/types.ts
+  - src/command/publish/cmd.ts
+  - src/publish/posit-connect-cloud/posit-connect-cloud.ts
+  - src/publish/posit-connect-cloud/api/index.ts
+  - src/publish/posit-connect-cloud/api/types.ts
+---
+
+# Quarto Publishing Architecture
+
+How `quarto publish` works internally. Covers the provider interface, publish patterns, account management, and the end-to-end publish flow.
+
+## Provider Interface
+
+File: `src/publish/provider-types.ts`
+
+Every publish target implements `PublishProvider`:
+
+```typescript
+export interface PublishProvider {
+  name: string;              // e.g. "netlify", "rsconnect", "quarto-pub"
+  description: string;       // Human-readable name
+  requiresServer: boolean;   // true if user provides server URL (e.g. rsconnect)
+  hidden?: boolean;          // Hide from provider selection
+  listOriginOnly?: boolean;  // Only list in origin project
+
+  accountTokens(): Promise<AccountToken[]>;
+  removeToken(token: AccountToken): void;
+  authorizeToken(options: PublishOptions, target?: PublishRecord): Promise<AccountToken | undefined>;
+  resolveTarget(account: AccountToken, target: PublishRecord): Promise<PublishRecord | undefined>;
+  publish(
+    account: AccountToken, type: "document" | "site", input: string,
+    title: string, slug: string,
+    render: (flags?: RenderFlags) => Promise<PublishFiles>,
+    options: PublishOptions, target?: PublishRecord
+  ): Promise<[PublishRecord | undefined, URL | undefined]>;
+  isUnauthorized(error: Error): boolean;
+  isNotFound(error: Error): boolean;
+}
+```
+
+Key types:
+
+- `AccountToken` — stored credential with `name`, `server?`, `token` (generic string or structured object)
+- `AccountTokenType` — `"authorized"` (user-stored) or `"environment"` (env var)
+- `PublishRecord` — entry in `_publish.yml` with `id`, `url`, `code?`
+- `PublishFiles` — `{ baseDir: string, rootFile: string, files: string[], metafiles?: string[] }`
+
+## Provider Registration
+
+File: `src/publish/provider.ts`
+
+Providers are imported and added to `kPublishProviders`:
+
+```typescript
+const kPublishProviders = [
+  quartoPubProvider,
+  ghpagesProvider,
+  rsconnectProvider,
+  netlifyProvider,
+  positConnectCloudProvider,
+  confluenceProvider,
+  huggingfaceProvider,
+];
+```
+
+Discovery functions: `publishProviders()`, `findProvider(name)`.
+
+There is also a deprecation warning for the old `posit-cloud` provider (removed in `142a8791f`) that now suggests using `posit-connect-cloud` as an alternative.
+
+## Two Publish Patterns
+
+### Pattern A: File-by-file upload
+
+Used by: `quarto-pub`, `netlify`
+
+File: `src/publish/common/publish.ts`
+
+Uses `handlePublish()` which:
+1. SHA-1 hashes each file in the rendered output
+2. Creates a deploy with a file manifest (listing all files + checksums)
+3. Server responds with which files it needs (doesn't already have)
+4. Uploads only changed files individually
+5. Activates the deploy
+
+Providers using this pattern implement `PublishHandler`:
+
+```typescript
+export interface PublishHandler {
+  name: string;
+  createSite(type, title, slug, account): Promise<[string, string]>;
+  createDeploy(siteId, account, files): Promise<PublishDeploy>;
+  getDeploy(deployId, account): Promise<PublishDeploy>;
+  uploadDeployFile(deployId, path, fileBody, account): Promise<void>;
+}
+```
+
+### Pattern B: Bundle upload
+
+Used by: `rsconnect` (Posit Connect), `posit-connect-cloud` (Posit Connect Cloud)
+
+File: `src/publish/common/bundle.ts`
+
+Uses `createBundle()` which:
+1. Creates a `manifest.json` with file checksums, `appmode`, `content_category`, etc.
+2. Packages all files + manifest into a `.tar.gz` archive
+3. Returns `{ bundlePath: string, manifest: object }`
+
+The provider then uploads the entire bundle as a single blob and triggers deployment. Each provider using this pattern has its own publish logic (not via `handlePublish()`).
+
+`createBundle()` signature:
+```typescript
+function createBundle(
+  type: "document" | "site",
+  files: PublishFiles,
+  tempContext: TempContext
+): Promise<{ bundlePath: string; manifest: Record<string, unknown> }>
+```
+
+## End-to-End Publish Flow
+
+### 1. CLI Entry
+
+File: `src/command/publish/cmd.ts`
+
+`quarto publish [provider] [path]` invokes `publishAction()`.
+
+### 2. Resolve Deployment Target
+
+File: `src/publish/config.ts`
+
+Reads `_publish.yml` to find existing publish targets. Format:
+
+```yaml
+- source: document.qmd
+  provider-name:
+    - id: site-or-content-id
+      url: https://published-url.example.com
+```
+
+### 3. Select Provider
+
+If not specified on CLI, user is prompted to choose from available providers.
+
+### 4. Resolve Account
+
+File: `src/publish/common/account.ts`
+
+Account resolution order:
+1. Environment variable tokens (via provider's `accountTokens()`)
+2. Stored tokens in `~/.quarto/publish/accounts/{provider}/accounts.json`
+3. Interactive authorization (via provider's `authorizeToken()`)
+
+Token storage functions:
+- `readAccessTokens<T>(provider)` — reads stored tokens
+- `writeAccessToken<T>(provider, token, compareFn)` — writes/updates token
+- `readAccessTokenFile(provider)` — raw file path
+
+### 5. Publish
+
+File: `src/publish/publish.ts`
+
+`publishSite()` or `publishDocument()` coordinates:
+1. Calls provider's `publish()`, passing a `render` callback
+2. Provider calls `renderForPublish()` (or `render()` directly for sites)
+3. Provider uploads and deploys
+4. Returns `[PublishRecord, URL]`
+
+**Important:** Providers publishing documents should call `renderForPublish()` instead of `render()` directly. `renderForPublish()` wraps `render()` and stages the output: for HTML documents it copies `document.html` → `index.html`, for PDFs it creates a pdf.js viewer wrapper as `index.html`. Without this staging, the primary file name won't match `index.html` and bundle-based providers will fail.
+
+### 6. Update `_publish.yml`
+
+File: `src/publish/config.ts`
+
+The returned `PublishRecord` is written back to `_publish.yml` for future republishing.
+
+## Account / Token Management
+
+File: `src/publish/common/account.ts`
+
+### Storage
+
+Tokens stored at: `~/.quarto/publish/accounts/{provider}/accounts.json`
+
+Format: JSON array of `AccountToken` objects. The `token` field is provider-specific (can be a string or structured object).
+
+### Authorization Patterns
+
+**Ticket-based auth** (quarto-pub): `authorizeAccessToken()` in `src/publish/common/account.ts`
+- Opens browser to auth URL
+- Polls a ticket endpoint until user completes auth
+- Exchanges ticket for access token
+
+**API key auth** (rsconnect): User provides API key directly or via env var.
+
+**OAuth Device Code** (posit-connect-cloud): Uses RFC 8628 Device Code flow. See `src/publish/posit-connect-cloud/api/index.ts` for implementation.
+
+### Environment Variables
+
+Each provider can check for env vars in `accountTokens()`. Convention:
+- `QUARTO_PUB_AUTH_TOKEN`
+- `CONNECT_SERVER` + `CONNECT_API_KEY` (rsconnect)
+- `NETLIFY_AUTH_TOKEN`
+- `POSIT_CONNECT_CLOUD_ACCESS_TOKEN` + `POSIT_CONNECT_CLOUD_REFRESH_TOKEN` + `POSIT_CONNECT_CLOUD_ACCOUNT_ID` (posit-connect-cloud)
+
+## Existing Providers Summary
+
+| Provider | Pattern | Auth | `requiresServer` |
+|----------|---------|------|-------------------|
+| `quarto-pub` | A (file-by-file) | Ticket-based OAuth | false |
+| `netlify` | A (file-by-file) | API key / env var | false |
+| `rsconnect` | B (bundle) | API key (`Key <key>`) | true |
+| `ghpages` | Custom (git push) | Git credentials | false |
+| `confluence` | Custom | API token | true |
+| `posit-connect-cloud` | B (bundle) | OAuth Device Code (RFC 8628) | false |
+| `huggingface` | Custom | HF token | false |
+
+## Reusable Utilities
+
+| Utility | File | Purpose |
+|---------|------|---------|
+| `createBundle()` | `src/publish/common/bundle.ts` | tar.gz bundle with manifest.json |
+| `readAccessTokens<T>()` | `src/publish/common/account.ts` | Read stored tokens |
+| `writeAccessToken<T>()` | `src/publish/common/account.ts` | Write/update token |
+| `authorizeAccessToken()` | `src/publish/common/account.ts` | Ticket-based auth flow |
+| `renderForPublish()` | `src/publish/common/publish.ts` | Render + stage documents (HTML→index.html, PDF→pdf.js wrapper) |
+| `handlePublish()` | `src/publish/common/publish.ts` | File-by-file upload orchestration |
+| `withSpinner()` | `src/core/console.ts` | Progress spinner display |
+| `completeMessage()` | `src/core/console.ts` | Success/failure messages |
+| `createTempContext()` | `src/core/temp.ts` | Temp file management |
+| `openUrl()` | `src/core/shell.ts` | Open URL in browser |
+| `isServerSession()` | `src/core/platform.ts` | Detect headless/CI environment |
+| `ApiError` | `src/publish/types.ts` | HTTP error type with status code |

news/changelog-1.9.md

@@ -1,5 +1,9 @@
 All changes included in 1.9:
 
+## Shortcodes
+
+- ([#13342](https://github.com/quarto-dev/quarto-cli/issues/13342)): Ensure that the `contents` shortcode works inside metadata.
+
 ## Regression fixes
 
 - ([#13396](https://github.com/quarto-dev/quarto-cli/issues/13396)): Fix `quarto publish connect` regression.
@@ -15,6 +19,7 @@ All changes included in 1.9:
 ## Dependencies
 
 - Update `pandoc` to 3.8.3
+  - ([#13925](https://github.com/quarto-dev/quarto-cli/issues/13925)): Pandoc 3.8.3 introduces `^[text]^` as inline footnote syntax. This conflicts with superscript containing a Span at the start (e.g., `^[text]{.class}^`) since the `^[` sequence now triggers footnote parsing. A workaround is to insert a zero-width space or other invisible character between `^` and `[`.
 - Update `typst` to 0.14.2
 - Update `esbuild` to 0.25.10
 - Update `deno` to 2.4.5
@@ -41,7 +46,10 @@ All changes included in 1.9:
 - ([#11929](https://github.com/quarto-dev/quarto-cli/issues/11929)): Import all `brand.typography.fonts` in CSS, whether or not fonts are referenced by typography elements.
 - ([#13413](https://github.com/quarto-dev/quarto-cli/issues/13413)): Fix uncentered play button in `video` shortcodes from cross-reference divs. (author: @bruvellu)
 - ([#13508](https://github.com/quarto-dev/quarto-cli/issues/13508)): Add `aria-label` support to `video` shortcode for improved accessibility.
+- ([#13685](https://github.com/quarto-dev/quarto-cli/issues/13685)): Fix remote font URLs in brand extensions being incorrectly joined with the extension path, resulting in broken font imports.
+- ([#13825](https://github.com/quarto-dev/quarto-cli/issues/13825)): Fix `column: margin` not working with `renderings: [light, dark]` option. Column classes are now preserved when applying theme classes to cell outputs.
 - ([#13883](https://github.com/quarto-dev/quarto-cli/issues/13883)): Fix unequal top/bottom spacing in simple untitled callouts.
+- ([#13900](https://github.com/quarto-dev/quarto-cli/issues/13900)): Warn when `renderings` cell option contains duplicate names. Previously, duplicate names like `[dark, light, dark, light]` would silently use only the last output for each name.
 
 ### `typst`
 
@@ -63,6 +71,7 @@ All changes included in 1.9:
   - Two-column layout now uses `set page(columns:)` instead of `columns()` function, fixing compatibility with landscape sections.
   - Title block now properly spans both columns in multi-column layouts.
 - ([#13870](https://github.com/quarto-dev/quarto-cli/issues/13870)): Add support for `alt` attribute on cross-referenced equations for improved accessibility. (author: @mcanouil)
+- ([#13942](https://github.com/quarto-dev/quarto-cli/issues/13942)): Fix Typst compilation errors showing confusing internal stack traces. Users now see only the relevant Typst error message.
 - ([#13950](https://github.com/quarto-dev/quarto-cli/pull/13950)): Replace ctheorems with theorion package for theorem environments. Add `theorem-appearance` option to control styling: `simple` (default, classic LaTeX style), `fancy` (colored boxes with brand colors), `clouds` (rounded backgrounds), or `rainbow` (colored start border and colored title).
 - ([#13954](https://github.com/quarto-dev/quarto-cli/issues/13954)): Add support for Typst book projects via format extensions. Quarto now bundles the `orange-book` extension which provides a textbook-style format with chapter numbering, cross-references, and professional styling. Book projects with `format: typst` automatically use this extension.
 - ([#13978](https://github.com/quarto-dev/quarto-cli/pull/13978)): Keep term and description together in definition lists to avoid breaking across pages. (author: @mcanouil)
@@ -106,6 +115,7 @@ All changes included in 1.9:
 - ([#13716](https://github.com/quarto-dev/quarto-cli/issues/13716)): Fix draft pages showing blank during preview when pre-render scripts are configured.
 - ([#13847](https://github.com/quarto-dev/quarto-cli/pull/13847)): Open graph title with markdown is now processed correctly. (author: @mcanouil)
 - ([#13910](https://github.com/quarto-dev/quarto-cli/issues/13910)): Add support for `logo: false` to disable sidebar and navbar logos when using `_brand.yml`. Works in website projects (`sidebar.logo: false`, `navbar.logo: false`) and book projects (`book.sidebar.logo: false`, `book.navbar.logo: false`).
+- ([#13932](https://github.com/quarto-dev/quarto-cli/pull/13932)): Add `llms-txt: true` option to generate LLM-friendly content for websites. Creates `.llms.md` markdown files alongside HTML pages and a root `llms.txt` index file following the [llms.txt](https://llmstxt.org/) specification.
 - ([#13951](https://github.com/quarto-dev/quarto-cli/issues/13951)): Fix `image-lazy-loading` not applying `loading="lazy"` attribute to auto-detected listing images.
 - ([#14003](https://github.com/quarto-dev/quarto-cli/pull/14003)): Add text fragments to search result links so browsers scroll to and highlight the matched text on the target page.
 - ([#14047](https://github.com/quarto-dev/quarto-cli/issues/14047)): Fix search highlights cleared before user can see them when landing on a page with `?q=` search parameter.
@@ -120,6 +130,10 @@ All changes included in 1.9:
 
 ## Publishing
 
+### Posit Connect Cloud
+
+- ([#14027](https://github.com/quarto-dev/quarto-cli/issues/14027)): Add `quarto publish posit-connect-cloud` for publishing static content to Posit Connect Cloud.
+
 ### Confluence
 
 - ([#13414](https://github.com/quarto-dev/quarto-cli/issues/13414)): Be more forgiving when Confluence server returns malformed JSON response. (author: @m1no)

src/command/publish/cmd.ts

@@ -1,7 +1,7 @@
 /*
  * cmd.ts
  *
- * Copyright (C) 2020-2022 Posit Software, PBC
+ * Copyright (C) 2020-2026 Posit Software, PBC
  */
 
 import { existsSync } from "../../deno_ral/fs.ts";
@@ -50,6 +50,7 @@ export const publishCommand =
         " - Quarto Pub (quarto-pub)\n" +
         " - GitHub Pages (gh-pages)\n" +
         " - Posit Connect (connect)\n" +
+        " - Posit Connect Cloud (posit-connect-cloud)\n" +
         " - Netlify (netlify)\n" +
         " - Confluence (confluence)\n" +
         " - Hugging Face Spaces (huggingface)\n\n" +
@@ -113,6 +114,10 @@ export const publishCommand =
       "Publish with explicit credentials",
       "quarto publish connect --server example.com --token 01A24233E294",
     )
+    .example(
+      "Publish project to Posit Connect Cloud",
+      "quarto publish posit-connect-cloud",
+    )
     .example(
       "Publish without confirmation prompt",
       "quarto publish --no-prompt",

src/command/render/output-typst.ts

@@ -29,6 +29,7 @@ import {
   kVariant,
 } from "../../config/constants.ts";
 import { error, warning } from "../../deno_ral/log.ts";
+import { ErrorEx } from "../../core/lib/error.ts";
 import { Format } from "../../config/types.ts";
 import { writeFileToStdout } from "../../core/console.ts";
 import { dirAndStem, expandPath } from "../../core/path.ts";
@@ -167,11 +168,10 @@ export function typstPdfOutputRecipe(
       typstOptions,
     );
     if (!result.success) {
-      // Log the error so test framework can detect it via shouldError
       if (result.stderr) {
         error(result.stderr);
       }
-      throw new Error("Typst compilation failed");
+      throw new ErrorEx("Error", "Typst compilation failed", false, false);
     }
 
     // Validate PDF against specified standards using verapdf (if available)

src/core/brand/brand.ts

@@ -32,6 +32,7 @@ import { InternalError } from "../lib/error.ts";
 import { dirname, join, relative, resolve } from "../../deno_ral/path.ts";
 import { warnOnce } from "../log.ts";
 import { isCssColorName } from "../css/color-names.ts";
+import { isExternalPath } from "../url.ts";
 import {
   LogoLightDarkSpecifierPathOptional,
   LogoOptionsPathOptional,
@@ -272,10 +273,6 @@ export class Brand {
   }
 }
 
-function isExternalPath(path: string) {
-  return /^\w+:/.test(path);
-}
-
 export type LightDarkBrand = {
   light?: Brand;
   dark?: Brand;

src/core/sass/brand.ts

@@ -26,6 +26,7 @@ import { Brand } from "../brand/brand.ts";
 import { darkModeDefault } from "../../format/html/format-html-info.ts";
 import { kBrandMode } from "../../config/constants.ts";
 import { join, relative } from "../../deno_ral/path.ts";
+import { isExternalPath } from "../url.ts";
 
 const defaultColorNameMap: Record<string, string> = {
   "link-color": "link",
@@ -162,9 +163,12 @@ const fileFontImportString = (brand: Brand, description: BrandFontFile) => {
       weight = file.weight;
       style = file.style;
     }
+    const fontUrl = isExternalPath(path)
+      ? path
+      : join(pathPrefix, path).replace(/\\/g, "/");
     parts.push(`@font-face {
     font-family: '${description.family}';
-    src: url('${join(pathPrefix, path).replace(/\\/g, "/")}');
+    src: url('${fontUrl}');
     font-weight: ${weight || "normal"};
     font-style: ${style || "normal"};
 }\n`);