fix: adapt TOC to body heading levels

[Restuta]

Summary

• make the right-nav TOC adapt to the heading levels actually used in the article body instead of hard-coding /
• ignore the title heading when determining TOC depth
• keep a two-level TOC window: first body heading level plus one nested level
• rename TOC depth classes from numeric tags to semantic root/child classes
• add a regression test for documents that use body headings

Why

Docs authored in Obsidian often use headings inside the body. The previous TOC logic only indexed /, so those documents silently lost major sections in the right nav.

Verification

pubmd@0.1.0 verify
npm run test && npm run lint && npm run typecheck && npm run build

pubmd@0.1.0 test
vitest run

RUN v2.1.9 /Users/restuta/Projects/pubmd

✓ tests/unit/slug.test.ts (3 tests) 4ms
✓ tests/unit/blob-store.test.ts (4 tests) 20ms
✓ tests/unit/markdown.test.ts (15 tests) 39ms
✓ tests/integration/server.test.ts (1 test) 196ms
✓ tests/integration/cli.test.ts (1 test) 1524ms
✓ cli integration > claims, publishes, republishes, lists, and removes through the real CLI 1523ms

Test Files 5 passed (5)
Tests 24 passed (24)
Start at 13:33:28
Duration 3.37s (transform 1.20s, setup 0ms, collect 2.94s, tests 1.78s, environment 4ms, prepare 2.83s)

pubmd@0.1.0 lint
biome check .

Checked 32 files in 26ms. No fixes applied.

pubmd@0.1.0 typecheck
tsc --noEmit

pubmd@0.1.0 build
tsc -p tsconfig.json

• browser-tested on a local pubmd server with a fixture document that used body headings; verified the right nav contained , , nested / , and

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
publish-it	Ready	Preview, Comment	Mar 24, 2026 6:33am

[vercel]

XSS vulnerability in JSON.stringify usage within script tag allows attackers to inject arbitrary JavaScript via malicious document titles.