@actuate-media/plugin-ai 0.4.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +191 -0
  2. package/README.md +29 -0
  3. package/package.json +4 -3
package/CHANGELOG.md ADDED
@@ -0,0 +1,191 @@
1
+ # @actuate-media/plugin-ai
2
+
3
+ ## 0.4.1
4
+
5
+ ### Patch Changes
6
+
7
+ - 854152d: Developer experience improvements from external-consumer feedback:
8
+ - Every published package now ships its `CHANGELOG.md` in the npm tarball, and packages that were missing a `README.md` (cli, cms-admin, cms-core, import, platform-vercel, all plugins, sections-react) now have one — so release notes and usage docs are visible on npmjs.com and in `node_modules`.
9
+ - New client-safe form validation entry point: `@actuate-media/cms-core/forms/client` exports `validateFormFieldClient()`, `validateFormValuesClient()`, visibility/conditional helpers, and the exact `FORM_EMAIL_RE` / `FORM_PHONE_RE` regexes the server enforces — zero Node dependencies, so public-site forms can mirror server rules without reimplementing them. The server validator now imports the same primitives, so client and server can never drift.
10
+
11
+ ## 0.4.0
12
+
13
+ ### Minor Changes
14
+
15
+ - 01eef99: AI reliability & safety hardening from the production-readiness audit.
16
+ - **New optional `analyzeImage` provider capability (multimodal vision).** OpenAI and Anthropic providers implement it; callers feature-detect and fall back to a text-only heuristic. Previously "vision" features (alt-text, auto-tagging) only received a URL string and hallucinated their output.
17
+ - **Safe-search now fails closed.** `autoTagImage` returns `isSafe: false` when the model output can't be confidently parsed as safe, instead of defaulting to safe.
18
+ - **Hard timeouts on every provider request.** All `fetch` calls use `AbortSignal.timeout`, so a hung upstream connection can no longer hold a serverless function open indefinitely.
19
+ - **Prompt-injection isolation.** Untrusted free-text is wrapped in delimited fences across the writing assistant, translator, meta-generator, and content-generator paths.
20
+ - **Library-level input/token caps** clamp oversized input and output-token budgets even when a route-level cap is bypassed.
21
+ - **Provider error bodies are truncated** before being surfaced in thrown error messages.
22
+ - `proofread` output is validated against the allowed change-type enum.
23
+
24
+ ## 0.3.0
25
+
26
+ ### Minor Changes
27
+
28
+ - 313a23f: Add Slice F — AI quality pass.
29
+
30
+ `plugin-ai` exposes a new `auditDocument()` composer that combines SEO,
31
+ readability (Flesch-Kincaid / Gunning Fog / SMOG averaged + remapped to a
32
+ 0-100 score), accessibility, and freshness scoring into a single
33
+ composite grade with prioritized actionable issues. The composer is
34
+ deterministic — it never calls an LLM — so it's cheap enough to invoke
35
+ on every save or debounced keystroke.
36
+
37
+ `cms-core` adds two HTTP endpoints:
38
+ - `POST /ai/audit-document` — runs the composite audit against a stored
39
+ document (`{ collection, id }`) or ad-hoc content. Honors field-level
40
+ access control when loading from the DB.
41
+ - `POST /ai/suggest-internal-links` — scans published documents for
42
+ phrases the supplied content could link to, returning ranked
43
+ anchor-text + target-URL suggestions. Optionally scopes to a single
44
+ collection.
45
+
46
+ `mcp-server` exposes both endpoints as MCP tools (`audit_document` and
47
+ `suggest_internal_links`) so AI agents can grade drafts and propose
48
+ internal links before publish.
49
+
50
+ Docs: `docs/ai-quality-audit.md`.
51
+
52
+ ## 0.2.1
53
+
54
+ ### Patch Changes
55
+
56
+ - 4433301: Phase 2 Slice D — Content Relations & References.
57
+ - **cms-core**: runtime support for the `relationship` field type — referential validation and opt-in depth-1 population.
58
+ - **Validation**: every create/update verifies that referenced IDs point at live (non-deleted) documents in the declared target collection(s). Broken references fail with a precise error (`Relation field "author" references document "team-x42" which does not exist in collection "team".`). Updates only re-validate fields the caller actually touched.
59
+ - **Population**: pass `?populate=author,relatedPosts` (or `*`) on `GET /collections/:slug/:id` and `GET /resolve` to expand stored IDs into `{ id, collection, title, slug, status, data }` summaries. Batches by target collection (≤ 1 query per collection per request); soft-deleted refs fall back to raw IDs.
60
+ - **Presets**: new `relationField()` and `relatedDocsField()` helpers. Built-in collection presets now wire `posts.relatedPosts → posts`, `case-studies.services → services` (the `locations.servicesOffered → services` relation continues unchanged).
61
+ - **Multi-target**: `relationTo: ['posts', 'case-studies']` continues to work — validator accepts a doc if it lives in any target.
62
+ - Public API: `validateRelations`, `populateRelations`, `collectRelationRefs`, `parsePopulateParam`, `buildRelationLookup`, plus types `RelationLookup`, `RelationSummary`, `PopulateOptions`.
63
+ - **plugin-ai**: the document content generator now skips `relationship` fields when building the LLM prompt (the model can't know your document IDs) and accepts ID strings only on output. Prevents the AI from inventing broken references that the validator would then reject.
64
+ - **23 new tests** in `cms-core/src/__tests__/fields/relations.test.ts` covering ref collection, validation, population, populate-param parsing, multi-target relations, and array-nested relations. Full suite: 620 cms-core tests passing.
65
+ - **Docs**: new `docs/relations.md` (declaration, validation, populate, admin UI, common patterns), `?populate=` documented in `docs/api-reference.md` for both `/collections/:slug/:id` and `/resolve`.
66
+ - **Admin UI**: the existing `RelationshipField` picker continues to work — search, multi-select, status badges, "Create new" shortcut. No changes required.
67
+
68
+ ## 0.2.0
69
+
70
+ ### Minor Changes
71
+
72
+ - e6a18b5: Phase 2 Slice C — AI Content Authoring for any collection.
73
+ - **plugin-ai**: new `generateDocumentContent()` helper that maps a prompt onto a collection's field schema and returns structured field data ready to persist. Supports tone, target audience, brand voice profile, and existing-content context. Coerces LLM output to declared field types (numbers, booleans, dates, select options, array items) and drops fields the schema doesn't declare.
74
+ - **cms-core**: new `POST /collections/:slug/ai-create` endpoint — the non-page counterpart to `/page-builder/create`. Generates a complete document for any collection, persists as draft, optionally publishes via a follow-up update when the caller has admin scope. Refuses page-builder collections (use `/page-builder/create` instead). Hard caps prompt at 4000 chars and shares the per-user 20/hour AI rate-limit bucket. Returns a `warning` field when create succeeds but publish is denied.
75
+ - **mcp-server**: six new tools — `create_in_collection` (generic) plus per-type sugar tools `create_blog_post`, `create_case_study` (with `clientName` / `industry` hints), `create_service` (`category` hint), `create_location` (`cityState` hint), and `create_team_member` (`name` / `role` hints). Each per-type tool targets the conventional collection slug shipped by the cms-core collection presets, with an explicit `collection` override for sites using custom slugs.
76
+ - 19 new tests (10 unit tests in plugin-ai for the content generator, 9 integration tests in cms-core for the API endpoint covering auth, validation, persistence, publish flow, and the page-builder refusal path).
77
+ - Docs: updated `docs/api-reference.md` with the new endpoint, `docs/mcp.md` and `packages/mcp-server/README.md` with the new tools and example agent prompts.
78
+
79
+ ## 0.1.0
80
+
81
+ ### Minor Changes
82
+
83
+ - c3c55c7: Add AI-powered page generation pipeline with prompt-to-page workflow.
84
+
85
+ **cms-core**: AI pipeline types (GenerationContext, GenerationStep, StepResult, GenerationResult), prompt template builders for structure/content/SEO/accessibility steps, deterministic accessibility auto-fix engine (auditAccessibility, fixAccessibility), and API endpoints for /page-builder/generate, /page-builder/generate-block, /page-builder/audit-a11y, and /page-builder/fix-a11y.
86
+
87
+ **plugin-ai**: Multi-step generatePage() pipeline that runs structure → content → SEO → accessibility steps sequentially via AIProvider, with validation retry, graceful fallback, progress callbacks, and token tracking. Single-block generateBlockContent() for context-aware content generation.
88
+
89
+ **cms-admin**: AI Generate Dialog with prompt input, tone selection, step toggles, business context fields, real-time generation progress, and step-by-step review with accept/regenerate flow. AI Block Assist button for one-click content generation per block. AI button integrated into the builder toolbar.
90
+
91
+ ## 0.0.11
92
+
93
+ ### Patch Changes
94
+
95
+ - b5de8dd: Fix ESM module resolution and dependency duplication issues reported during consumer integration.
96
+ - Add "default" export condition to all platform and plugin packages so they resolve correctly from require() contexts (fixes ERR_PACKAGE_PATH_NOT_EXPORTED in next.config.ts and serverless functions).
97
+ - Move @actuate-media/cms-core from direct dependencies to peerDependencies across all packages to prevent duplicate installations when consumer version ranges don't exactly match the pinned version.
98
+ - Add "prepack" lifecycle script to create-actuate-cms to guarantee dist/ is built before npm publishes the package (fixes empty dist/ in v0.4.0).
99
+
100
+ ## 0.0.10
101
+
102
+ ### Patch Changes
103
+
104
+ - Updated dependencies [54c7a3b]
105
+ - @actuate-media/cms-core@0.6.0
106
+
107
+ ## 0.0.9
108
+
109
+ ### Patch Changes
110
+
111
+ - Updated dependencies [c08cf8b]
112
+ - Updated dependencies [80aa939]
113
+ - @actuate-media/cms-core@0.5.0
114
+
115
+ ## 0.0.8
116
+
117
+ ### Patch Changes
118
+
119
+ - Updated dependencies [f2cf7d7]
120
+ - @actuate-media/cms-core@0.4.0
121
+
122
+ ## 0.0.7
123
+
124
+ ### Patch Changes
125
+
126
+ - Updated dependencies [0621037]
127
+ - @actuate-media/cms-core@0.3.1
128
+
129
+ ## 0.0.6
130
+
131
+ ### Patch Changes
132
+
133
+ - Updated dependencies [4e3a5eb]
134
+ - @actuate-media/cms-core@0.3.0
135
+
136
+ ## 0.0.5
137
+
138
+ ### Patch Changes
139
+
140
+ - Updated dependencies
141
+ - @actuate-media/cms-core@0.2.3
142
+
143
+ ## 0.0.4
144
+
145
+ ### Patch Changes
146
+
147
+ - Updated dependencies
148
+ - @actuate-media/cms-core@0.2.2
149
+
150
+ ## 0.0.3
151
+
152
+ ### Patch Changes
153
+
154
+ - Updated dependencies
155
+ - @actuate-media/cms-core@0.2.1
156
+
157
+ ## 0.0.2
158
+
159
+ ### Patch Changes
160
+
161
+ - 3fd38a2: Fix all 13 integration issues discovered during MaidPro.co deployment
162
+
163
+ **cms-core:**
164
+ - Add .js extensions to all ESM relative imports (58 files)
165
+ - Replace workspace:\* with versioned deps in all packages
166
+ - Add sideEffects:false for proper tree-shaking
167
+ - Subpath exports (/config, /api, /middleware, /next) avoid barrel side effects
168
+ - Stats/search routes use safeCount/safeFindMany for missing Prisma models
169
+ - Ship prisma/cms-schema.prisma with all required CMS models
170
+ - Accept both CMS_SECRET and CMS_SESSION_SECRET with clear error messages
171
+ - Fix hardcoded /admin paths in OAuth flow (now uses getAdminPath())
172
+ - Loosen withActuateCMS and createCMSMiddleware parameter types
173
+ - Auto-inject transpilePackages and serverExternalPackages in withActuateCMS
174
+ - Unify PluginDefinition with ActuatePlugin interface
175
+
176
+ **cms-admin:**
177
+ - Scope all 40+ CSS theme variables to .actuate-admin instead of :root
178
+ - ThemeProvider applies dark class to .actuate-admin, not document.documentElement
179
+ - Scaffold uses (admin)/(site) route groups for full CSS/script isolation
180
+ - Sidebar branding supports custom logo via config.admin.branding
181
+
182
+ **platform-vercel:**
183
+ - Email adapter accepts both `from` and `defaultFrom`
184
+
185
+ **All plugin/platform packages:**
186
+ - Fix ESM .js extensions in compiled output
187
+ - Replace workspace:\* with ^0.1.0 for publishable deps
188
+
189
+ - Updated dependencies [682dac7]
190
+ - Updated dependencies [3fd38a2]
191
+ - @actuate-media/cms-core@0.2.0
package/README.md ADDED
@@ -0,0 +1,29 @@
1
+ # @actuate-media/plugin-ai
2
+
3
+ AI features for [Actuate CMS](https://github.com/actuate-media/actuatecms) —
4
+ governed model routing, inline co-author actions, and AI-assisted content
5
+ tooling.
6
+
7
+ ```bash
8
+ npm install @actuate-media/plugin-ai
9
+ ```
10
+
11
+ ## Usage
12
+
13
+ ```ts
14
+ import { aiPlugin } from '@actuate-media/plugin-ai'
15
+
16
+ export default defineConfig({
17
+ plugins: [aiPlugin()],
18
+ // ...
19
+ })
20
+ ```
21
+
22
+ ## Release notes
23
+
24
+ See [CHANGELOG.md](./CHANGELOG.md) (shipped with the package) or the
25
+ [GitHub releases](https://github.com/actuate-media/actuatecms/releases).
26
+
27
+ ## License
28
+
29
+ MIT
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@actuate-media/plugin-ai",
3
- "version": "0.4.0",
3
+ "version": "0.4.1",
4
4
  "repository": {
5
5
  "type": "git",
6
6
  "url": "https://github.com/actuatecms/actuatecms.git",
@@ -20,13 +20,14 @@
20
20
  "main": "./dist/index.js",
21
21
  "types": "./dist/index.d.ts",
22
22
  "files": [
23
- "dist"
23
+ "dist",
24
+ "CHANGELOG.md"
24
25
  ],
25
26
  "devDependencies": {
26
27
  "@types/react": "^19.0.0",
27
28
  "typescript": "^5.7.0",
28
29
  "vitest": "^4.1.0",
29
- "@actuate-media/cms-core": "0.52.0"
30
+ "@actuate-media/cms-core": "0.61.0"
30
31
  },
31
32
  "peerDependencies": {
32
33
  "@actuate-media/cms-core": ">=0.1.0",