feat(demo): add story 1 — Sorano: Rock and Time

plugins/flex-objects/flex-objects.yaml

@@ -0,0 +1,32 @@
+enabled: true
+
+built_in_css: true
+extra_admin_twig_path: 'theme://admin/templates'
+
+# Media proxy (PROTOTYPE — see docs/specs/media-proxy.md)
+# Serve Flex Object media through PHP with an optional read-permission check,
+# so object media can live under a locked-down user/data instead of being
+# linked with a public /user/data/... URL.
+media_proxy:
+  enabled: false              # opt-in while prototyping
+  base: '/flex-media'         # public route prefix
+  authorize: false            # reads are NOT ACL-gated for now; flip on to honour the object's read ACL
+  cache_control: 'public, max-age=604800'
+
+# Security settings
+security:
+  # Restrict non-superusers from modifying page form/process settings via header fields
+  # When enabled, header.form, header.forms, header.process, header.twig are stripped for non-superusers
+  # Set to false if editors legitimately need to modify forms (use with caution)
+  restrict_page_frontmatter: true
+
+admin_list:
+  per_page: 15
+  order:
+    by: updated_timestamp
+    dir: desc
+
+directories:
+  - 'blueprints://flex-objects/pages.yaml'
+  - 'blueprints://flex-objects/user-accounts.yaml'
+  - 'blueprints://flex-objects/user-groups.yaml'