Added access code regeneration endpoint

[ErisDS]

Context

Trial private sites mark the private-site access code setting as read-only, so the Access settings UI cannot regenerate it through the generic settings edit path without getting blocked.

Summary

• Adds an explicit POST /settings/regenerate_access_code action that generates a new private-site access code server-side.
• Writes the regenerated code with internal settings context after the normal Admin settings permissions check, without accepting a caller-provided code value.
• Updates Admin-X Access settings to call the action directly, keeping generic settings edits locked while allowing the regenerate button to work.

Testing

• source ~/.nvm/nvm.sh && nvm use 22 && pnpm test:single test/unit/server/services/settings/settings-service.test.js
• source ~/.nvm/nvm.sh && nvm use 22 && pnpm test:single test/e2e-api/admin/settings.test.js
• source ~/.nvm/nvm.sh && nvm use 22 && pnpm --filter @tryghost/admin-x-settings test:acceptance -- membership/access.test.ts

Notes

• The endpoint is intentionally an action rather than a generic settings update so clients cannot choose the replacement access code.
• This PR only covers regeneration; the broader trial private-site rollout work remains in the separate Zuul/Daisy/product follow-ups.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 654b49d4-966f-4f11-bff5-82e31d855818

📥 Commits

Reviewing files that changed from the base of the PR and between 123a13e and 5894a06.

📒 Files selected for processing (4)

• apps/admin-x-framework/src/api/settings.ts
• apps/admin-x-settings/test/acceptance/membership/access.test.ts
• ghost/core/core/server/web/api/endpoints/admin/routes.js
• ghost/core/test/e2e-api/admin/settings.test.js

---

Walkthrough

This PR introduces a dedicated backend endpoint and frontend hook for regenerating private site access codes. The service method generates a new code and persists it via internal settings context, bypassing the generic settings edit path that may be locked. The API endpoint exposes this with edit permission validation and cache invalidation. The frontend hook mirrors other settings mutations with query caching and invalidation patterns. The component switches from generic settings edits to the new hook, extracting and displaying the regenerated code. Unit, acceptance, and e2e tests verify the behavior across the stack.

Possibly related PRs

• TryGhost/Ghost#27963: Introduces the locked private site access UI and regenerate button that the main PR's component integration builds on.
• TryGhost/Ghost#27920: Adds the generatePrivateSiteAccessCode helper that the new service method uses for code generation.
• TryGhost/Ghost#27917: Enforces publicSiteAccess limits that block external edits to the password setting, creating the need for the dedicated regeneration endpoint that bypasses those restrictions.

Suggested labels

preview

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the main change: adding a new endpoint for regenerating access codes, which matches the primary objective of the changeset.
Description check	✅ Passed	The description is directly related to the changeset, providing context, summary of changes, testing evidence, and implementation notes that align with the code modifications.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch add-regenerate-access-code-endpoint

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 73.83%. Comparing base (7b87322) to head (5894a06).
⚠️ Report is 17 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #27988      +/-   ##
==========================================
+ Coverage   73.81%   73.83%   +0.01%     
==========================================
  Files        1523     1523              
  Lines      128935   128982      +47     
  Branches    15479    15484       +5     
==========================================
+ Hits        95177    95236      +59     
+ Misses      32799    32785      -14     
- Partials      959      961       +2     

Flag	Coverage Δ
admin-tests	53.57% <ø> (+0.02%)	⬆️
e2e-tests	73.83% <100.00%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.