npm - @consilioweb/payload-seo-analyzer - Versions diffs - 1.9.0 → 1.10.0 - Mend

@consilioweb/payload-seo-analyzer 1.9.0 → 1.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.js CHANGED Viewed

@@ -1,5 +1,5 @@
+import { randomBytes, timingSafeEqual, createCipheriv, scryptSync, createDecipheriv } from 'crypto';
 import { promises } from 'dns';
-import { randomBytes, timingSafeEqual, createCipheriv, createDecipheriv, scryptSync } from 'crypto';
 // src/constants.ts
 var TITLE_LENGTH_MIN = 30;
@@ -3119,6 +3119,327 @@ function createAiOptimizeHandler(targetCollections, seoConfig, localeMapping) {
     }
   };
 }
+var ALGO = "aes-256-gcm";
+var KEY_NAMESPACE = "seo-analyzer:gsc:v1";
+var FORMAT_VERSION = "v1";
+function deriveKey(secret) {
+  const explicit = process.env.SEO_GSC_ENCRYPTION_KEY;
+  if (explicit) {
+    const buf = explicit.length === 64 ? Buffer.from(explicit, "hex") : Buffer.from(explicit, "base64");
+    if (buf.length === 32) return buf;
+    throw new Error("SEO_GSC_ENCRYPTION_KEY must decode to exactly 32 bytes (hex64 or base64).");
+  }
+  if (!secret) {
+    throw new Error("No encryption secret available (set SEO_GSC_ENCRYPTION_KEY or Payload secret).");
+  }
+  return scryptSync(secret, KEY_NAMESPACE, 32);
+}
+function encryptToken(plaintext, secret) {
+  const key = deriveKey(secret);
+  const iv = randomBytes(12);
+  const cipher = createCipheriv(ALGO, key, iv);
+  const enc = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return [FORMAT_VERSION, iv.toString("base64"), tag.toString("base64"), enc.toString("base64")].join(":");
+}
+function decryptToken(payload, secret) {
+  const parts = payload.split(":");
+  if (parts.length !== 4 || parts[0] !== FORMAT_VERSION) {
+    throw new Error("Invalid encrypted token format.");
+  }
+  const key = deriveKey(secret);
+  const iv = Buffer.from(parts[1], "base64");
+  const tag = Buffer.from(parts[2], "base64");
+  const enc = Buffer.from(parts[3], "base64");
+  const decipher = createDecipheriv(ALGO, key, iv);
+  decipher.setAuthTag(tag);
+  const dec = Buffer.concat([decipher.update(enc), decipher.final()]);
+  return dec.toString("utf8");
+}
+function safeEqual(a, b) {
+  const ba = Buffer.from(a);
+  const bb = Buffer.from(b);
+  if (ba.length !== bb.length) return false;
+  return timingSafeEqual(ba, bb);
+}
+// src/helpers/gscClient.ts
+var GSC_AUTH_COLLECTION = "seo-gsc-auth";
+var GSC_SCOPES = "https://www.googleapis.com/auth/webmasters.readonly openid email";
+function isGscAdmin(user) {
+  if (!user) return false;
+  if (user.role === "admin") return true;
+  if (Array.isArray(user.roles) && user.roles.includes("admin")) return true;
+  return false;
+}
+function resolveGscSiteUrl(seoConfig) {
+  return (seoConfig?.siteUrl || process.env.NEXT_PUBLIC_SERVER_URL || process.env.PAYLOAD_PUBLIC_SERVER_URL || void 0)?.replace(/\/$/, "");
+}
+function getGscOAuthConfig(basePath, seoConfig) {
+  const clientId = process.env.GSC_OAUTH_CLIENT_ID || "";
+  const clientSecret = process.env.GSC_OAUTH_CLIENT_SECRET || "";
+  const siteUrl = resolveGscSiteUrl(seoConfig);
+  if (!clientId || !clientSecret || !siteUrl) return null;
+  return { clientId, clientSecret, siteUrl, redirectUri: `${siteUrl}/api${basePath}/gsc/callback` };
+}
+async function getOrCreateGscAuthDoc(payload) {
+  const found = await payload.find({ collection: GSC_AUTH_COLLECTION, limit: 1, overrideAccess: true });
+  if (found.docs.length > 0) return found.docs[0];
+  return payload.create({ collection: GSC_AUTH_COLLECTION, data: {}, overrideAccess: true });
+}
+async function gscTokenRequest(cfg, body) {
+  const resp = await fetch("https://oauth2.googleapis.com/token", {
+    method: "POST",
+    headers: { "content-type": "application/x-www-form-urlencoded" },
+    body: new URLSearchParams({
+      client_id: cfg.clientId,
+      client_secret: cfg.clientSecret,
+      ...body
+    }).toString()
+  });
+  const json = await resp.json();
+  if (!resp.ok) {
+    throw new Error(`Token endpoint error: ${resp.status} ${json.error || ""}`);
+  }
+  return json;
+}
+async function getGscAccessToken(payload, cfg, authDoc) {
+  if (!authDoc?.refreshTokenEnc) throw new Error("not_connected");
+  const secret = payload.secret || "";
+  let refreshToken;
+  try {
+    refreshToken = decryptToken(authDoc.refreshTokenEnc, secret);
+  } catch {
+    throw new Error("decrypt_failed");
+  }
+  const tokens = await gscTokenRequest(cfg, { refresh_token: refreshToken, grant_type: "refresh_token" });
+  const accessToken = tokens.access_token;
+  if (!accessToken) throw new Error("refresh_failed");
+  return accessToken;
+}
+async function queryGscSearchAnalytics(accessToken, property, body) {
+  const resp = await fetch(
+    `https://www.googleapis.com/webmasters/v3/sites/${encodeURIComponent(property)}/searchAnalytics/query`,
+    {
+      method: "POST",
+      headers: { authorization: `Bearer ${accessToken}`, "content-type": "application/json" },
+      body: JSON.stringify(body)
+    }
+  );
+  const json = await resp.json();
+  if (!resp.ok) {
+    const err = json.error?.message || resp.status;
+    throw new Error(`GSC query failed: ${err}`);
+  }
+  return json.rows || [];
+}
+// src/endpoints/aiAltText.ts
+var DEFAULT_MODEL2 = "claude-opus-4-8";
+var ALT_MAX = 125;
+var MAX_IMAGE_BYTES = 5 * 1024 * 1024;
+var SUPPORTED_MIME = {
+  "image/jpeg": "image/jpeg",
+  "image/jpg": "image/jpeg",
+  "image/png": "image/png",
+  "image/gif": "image/gif",
+  "image/webp": "image/webp"
+};
+function isAdmin4(user) {
+  if (!user) return false;
+  if (user.role === "admin") return true;
+  if (Array.isArray(user.roles) && user.roles.includes("admin")) return true;
+  return false;
+}
+function resolveImageUrl(media, siteUrl) {
+  const raw = typeof media.url === "string" && media.url || (typeof media.filename === "string" ? `/media/${media.filename}` : "");
+  if (!raw) return null;
+  let absolute;
+  if (/^https?:\/\//i.test(raw)) {
+    absolute = raw;
+  } else if (siteUrl) {
+    absolute = `${siteUrl.replace(/\/$/, "")}${raw.startsWith("/") ? "" : "/"}${raw}`;
+  } else {
+    return null;
+  }
+  try {
+    const target = new URL(absolute);
+    if (target.protocol !== "http:" && target.protocol !== "https:") return null;
+    const allowed = /* @__PURE__ */ new Set();
+    if (siteUrl) allowed.add(new URL(siteUrl).origin);
+    if (process.env.SEO_MEDIA_ORIGIN) allowed.add(new URL(process.env.SEO_MEDIA_ORIGIN).origin);
+    if (allowed.size > 0 && !allowed.has(target.origin)) return null;
+    if (allowed.size === 0) return null;
+    return target.toString();
+  } catch {
+    return null;
+  }
+}
+async function generateAltText(apiKey, model, base64, mediaType, language, context) {
+  const systemPrompt = `You write concise, descriptive image ALT text for accessibility and SEO.
+Rules:
+- Describe what is actually visible in the image.
+- Maximum ${ALT_MAX} characters.
+- Write in ${language === "en" ? "English" : "French"}.
+- Do NOT start with "image of", "photo of", "picture of" or similar.
+- No quotes around the result. Return ONLY the alt text, nothing else.`;
+  const userText = `Filename: ${context.filename}${context.title ? `
+Page/context: ${context.title}` : ""}
+Write the alt text for this image:`;
+  const response = await fetch("https://api.anthropic.com/v1/messages", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "x-api-key": apiKey,
+      "anthropic-version": "2023-06-01"
+    },
+    body: JSON.stringify({
+      model,
+      max_tokens: 150,
+      system: systemPrompt,
+      messages: [
+        {
+          role: "user",
+          content: [
+            { type: "image", source: { type: "base64", media_type: mediaType, data: base64 } },
+            { type: "text", text: userText }
+          ]
+        }
+      ]
+    })
+  });
+  if (!response.ok) {
+    const body = await response.text();
+    throw new Error(`Claude API error ${response.status}: ${body}`);
+  }
+  const data = await response.json();
+  if (data.stop_reason === "refusal") return null;
+  const text = (data.content?.find((b) => b.type === "text")?.text || "").trim().replace(/^["']|["']$/g, "");
+  if (!text) return null;
+  return text.length > ALT_MAX ? text.slice(0, ALT_MAX).trim() : text;
+}
+function createAltTextAuditHandler(uploadsCollection) {
+  return async (req) => {
+    try {
+      if (!isAdmin4(req.user)) return Response.json({ error: "Forbidden" }, { status: 403 });
+      const url = new URL(req.url);
+      const limit = Math.min(200, Math.max(1, parseInt(url.searchParams.get("limit") || "50", 10)));
+      try {
+        const missing = await req.payload.find({
+          collection: uploadsCollection,
+          where: { or: [{ alt: { exists: false } }, { alt: { equals: "" } }] },
+          limit,
+          depth: 0,
+          overrideAccess: true
+        });
+        const items = missing.docs.map((d) => ({
+          id: d.id,
+          filename: d.filename || "",
+          url: d.url || "",
+          mimeType: d.mimeType || "",
+          alt: d.alt || ""
+        }));
+        return Response.json(
+          { collection: uploadsCollection, missingCount: missing.totalDocs, items },
+          { headers: { "Cache-Control": "no-store" } }
+        );
+      } catch {
+        return Response.json(
+          { collection: uploadsCollection, missingCount: 0, items: [], note: "no_alt_field" },
+          { headers: { "Cache-Control": "no-store" } }
+        );
+      }
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "Internal server error";
+      req.payload.logger.error(`[seo] alt-text-audit error: ${message}`);
+      return Response.json({ error: message }, { status: 500 });
+    }
+  };
+}
+function createAiAltTextHandler(uploadsCollection, seoConfig) {
+  return async (req) => {
+    try {
+      if (!isAdmin4(req.user)) return Response.json({ error: "Forbidden" }, { status: 403 });
+      const body = await parseJsonBody(req);
+      const collection = typeof body.collection === "string" ? body.collection : uploadsCollection;
+      const id = body.id != null ? String(body.id) : void 0;
+      const apply = body.apply === true;
+      const providedAlt = typeof body.altText === "string" ? body.altText.trim() : void 0;
+      if (!id) return Response.json({ error: "Missing required field: id" }, { status: 400 });
+      if (apply && providedAlt) {
+        const alt2 = providedAlt.slice(0, ALT_MAX);
+        await req.payload.update({ collection, id, data: { alt: alt2 }, overrideAccess: true });
+        return Response.json({ alt: alt2, applied: true, method: "manual" });
+      }
+      const apiKey = process.env.ANTHROPIC_API_KEY;
+      if (!apiKey) {
+        return Response.json(
+          { error: "AI not configured. Set ANTHROPIC_API_KEY to generate alt text.", code: "no_api_key" },
+          { status: 400 }
+        );
+      }
+      let media;
+      try {
+        media = await req.payload.findByID({ collection, id, depth: 0, overrideAccess: true });
+      } catch {
+        return Response.json({ error: `Media not found: ${collection}/${id}` }, { status: 404 });
+      }
+      const mime = media.mimeType || "";
+      const mediaType = SUPPORTED_MIME[mime.toLowerCase()];
+      if (!mediaType) {
+        return Response.json(
+          { error: `Unsupported image type for vision: ${mime || "unknown"} (use JPEG, PNG, GIF or WebP).` },
+          { status: 422 }
+        );
+      }
+      const siteUrl = resolveGscSiteUrl(seoConfig);
+      const imageUrl = resolveImageUrl(media, siteUrl);
+      if (!imageUrl) {
+        return Response.json(
+          { error: "Could not resolve a safe image URL (must be on the site origin or SEO_MEDIA_ORIGIN)." },
+          { status: 422 }
+        );
+      }
+      let base64;
+      try {
+        const imgResp = await fetch(imageUrl);
+        if (!imgResp.ok) throw new Error(`fetch ${imgResp.status}`);
+        const buf = Buffer.from(await imgResp.arrayBuffer());
+        if (buf.byteLength > MAX_IMAGE_BYTES) {
+          return Response.json({ error: "Image too large for vision (max 5 MB)." }, { status: 413 });
+        }
+        base64 = buf.toString("base64");
+      } catch (e) {
+        return Response.json({ error: `Could not fetch image: ${e instanceof Error ? e.message : "error"}` }, { status: 502 });
+      }
+      const model = process.env.SEO_AI_MODEL || DEFAULT_MODEL2;
+      const language = seoConfig?.locale === "en" ? "en" : "fr";
+      let alt;
+      try {
+        alt = await generateAltText(apiKey, model, base64, mediaType, language, {
+          filename: media.filename || "",
+          title: typeof body.context === "string" ? body.context : void 0
+        });
+      } catch (e) {
+        req.payload.logger.error(`[seo] ai-alt-text Claude error: ${e instanceof Error ? e.message : "unknown"}`);
+        return Response.json({ error: "Alt-text generation failed." }, { status: 502 });
+      }
+      if (!alt) {
+        return Response.json({ error: "The model did not return alt text (possibly declined)." }, { status: 502 });
+      }
+      let applied = false;
+      if (apply) {
+        await req.payload.update({ collection, id, data: { alt }, overrideAccess: true });
+        applied = true;
+      }
+      return Response.json({ alt, applied, method: "ai", model });
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "Internal server error";
+      req.payload.logger.error(`[seo] ai-alt-text error: ${message}`);
+      return Response.json({ error: message }, { status: 500 });
+    }
+  };
+}
 // src/endpoints/cannibalization.ts
 function canonicalIntent(keyword) {
@@ -3704,7 +4025,7 @@ function getDateThreshold(period) {
       return new Date(now.getTime() - 30 * 24 * 60 * 60 * 1e3);
   }
 }
-function isAdmin4(user) {
+function isAdmin5(user) {
   if (!user) return false;
   if (user.role === "admin") return true;
   if (Array.isArray(user.roles) && user.roles.includes("admin")) return true;
@@ -3809,7 +4130,7 @@ function createPerformanceHandler() {
         });
       }
       if (method === "POST") {
-        if (!isAdmin4(req.user)) {
+        if (!isAdmin5(req.user)) {
           return Response.json({ error: "Admin access required" }, { status: 403 });
         }
         const body = await parseJsonBody(req);
@@ -4107,96 +4428,12 @@ function createCoreWebVitalsHandler(seoConfig) {
     }
   };
 }
-var ALGO = "aes-256-gcm";
-var KEY_NAMESPACE = "seo-analyzer:gsc:v1";
-var FORMAT_VERSION = "v1";
-function deriveKey(secret) {
-  const explicit = process.env.SEO_GSC_ENCRYPTION_KEY;
-  if (explicit) {
-    const buf = explicit.length === 64 ? Buffer.from(explicit, "hex") : Buffer.from(explicit, "base64");
-    if (buf.length === 32) return buf;
-    throw new Error("SEO_GSC_ENCRYPTION_KEY must decode to exactly 32 bytes (hex64 or base64).");
-  }
-  if (!secret) {
-    throw new Error("No encryption secret available (set SEO_GSC_ENCRYPTION_KEY or Payload secret).");
-  }
-  return scryptSync(secret, KEY_NAMESPACE, 32);
-}
-function encryptToken(plaintext, secret) {
-  const key = deriveKey(secret);
-  const iv = randomBytes(12);
-  const cipher = createCipheriv(ALGO, key, iv);
-  const enc = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
-  const tag = cipher.getAuthTag();
-  return [FORMAT_VERSION, iv.toString("base64"), tag.toString("base64"), enc.toString("base64")].join(":");
-}
-function decryptToken(payload, secret) {
-  const parts = payload.split(":");
-  if (parts.length !== 4 || parts[0] !== FORMAT_VERSION) {
-    throw new Error("Invalid encrypted token format.");
-  }
-  const key = deriveKey(secret);
-  const iv = Buffer.from(parts[1], "base64");
-  const tag = Buffer.from(parts[2], "base64");
-  const enc = Buffer.from(parts[3], "base64");
-  const decipher = createDecipheriv(ALGO, key, iv);
-  decipher.setAuthTag(tag);
-  const dec = Buffer.concat([decipher.update(enc), decipher.final()]);
-  return dec.toString("utf8");
-}
-function safeEqual(a, b) {
-  const ba = Buffer.from(a);
-  const bb = Buffer.from(b);
-  if (ba.length !== bb.length) return false;
-  return timingSafeEqual(ba, bb);
-}
-// src/endpoints/gscOAuth.ts
-var AUTH_COLLECTION = "seo-gsc-auth";
-var SCOPES = "https://www.googleapis.com/auth/webmasters.readonly openid email";
-function isAdmin5(user) {
-  if (!user) return false;
-  if (user.role === "admin") return true;
-  if (Array.isArray(user.roles) && user.roles.includes("admin")) return true;
-  return false;
-}
-function resolveSiteUrl2(seoConfig) {
-  return (seoConfig?.siteUrl || process.env.NEXT_PUBLIC_SERVER_URL || process.env.PAYLOAD_PUBLIC_SERVER_URL || void 0)?.replace(/\/$/, "");
-}
-function getOAuthConfig(basePath, seoConfig) {
-  const clientId = process.env.GSC_OAUTH_CLIENT_ID || "";
-  const clientSecret = process.env.GSC_OAUTH_CLIENT_SECRET || "";
-  const siteUrl = resolveSiteUrl2(seoConfig);
-  if (!clientId || !clientSecret || !siteUrl) return null;
-  return { clientId, clientSecret, siteUrl, redirectUri: `${siteUrl}/api${basePath}/gsc/callback` };
-}
-async function getOrCreateAuthDoc(payload) {
-  const found = await payload.find({ collection: AUTH_COLLECTION, limit: 1, overrideAccess: true });
-  if (found.docs.length > 0) return found.docs[0];
-  return payload.create({ collection: AUTH_COLLECTION, data: {}, overrideAccess: true });
-}
-async function tokenRequest(cfg, body) {
-  const resp = await fetch("https://oauth2.googleapis.com/token", {
-    method: "POST",
-    headers: { "content-type": "application/x-www-form-urlencoded" },
-    body: new URLSearchParams({
-      client_id: cfg.clientId,
-      client_secret: cfg.clientSecret,
-      ...body
-    }).toString()
-  });
-  const json = await resp.json();
-  if (!resp.ok) {
-    throw new Error(`Token endpoint error: ${resp.status} ${json.error || ""}`);
-  }
-  return json;
-}
 function createGscStatusHandler(basePath, seoConfig) {
   return async (req) => {
     try {
       if (!req.user) return Response.json({ error: "Unauthorized" }, { status: 401 });
-      const cfg = getOAuthConfig(basePath, seoConfig);
-      const doc = await getOrCreateAuthDoc(req.payload);
+      const cfg = getGscOAuthConfig(basePath, seoConfig);
+      const doc = await getOrCreateGscAuthDoc(req.payload);
       return Response.json(
         {
           configured: !!cfg,
@@ -4218,8 +4455,8 @@ function createGscStatusHandler(basePath, seoConfig) {
 function createGscAuthStartHandler(basePath, seoConfig) {
   return async (req) => {
     try {
-      if (!isAdmin5(req.user)) return Response.json({ error: "Forbidden" }, { status: 403 });
-      const cfg = getOAuthConfig(basePath, seoConfig);
+      if (!isGscAdmin(req.user)) return Response.json({ error: "Forbidden" }, { status: 403 });
+      const cfg = getGscOAuthConfig(basePath, seoConfig);
       if (!cfg) {
         return Response.json(
           { error: "GSC OAuth not configured. Set GSC_OAUTH_CLIENT_ID, GSC_OAUTH_CLIENT_SECRET and siteUrl." },
@@ -4227,9 +4464,9 @@ function createGscAuthStartHandler(basePath, seoConfig) {
         );
       }
       const state = randomBytes(24).toString("hex");
-      const doc = await getOrCreateAuthDoc(req.payload);
+      const doc = await getOrCreateGscAuthDoc(req.payload);
       await req.payload.update({
-        collection: AUTH_COLLECTION,
+        collection: GSC_AUTH_COLLECTION,
         id: doc.id,
         data: { pendingState: state },
         overrideAccess: true
@@ -4238,7 +4475,7 @@ function createGscAuthStartHandler(basePath, seoConfig) {
       authUrl.searchParams.set("client_id", cfg.clientId);
       authUrl.searchParams.set("redirect_uri", cfg.redirectUri);
       authUrl.searchParams.set("response_type", "code");
-      authUrl.searchParams.set("scope", SCOPES);
+      authUrl.searchParams.set("scope", GSC_SCOPES);
       authUrl.searchParams.set("access_type", "offline");
       authUrl.searchParams.set("prompt", "consent");
       authUrl.searchParams.set("state", state);
@@ -4257,10 +4494,10 @@ function createGscCallbackHandler(basePath, seoConfig) {
       { status: 200, headers: { "content-type": "text/html; charset=utf-8" } }
     );
     try {
-      if (!isAdmin5(req.user)) {
+      if (!isGscAdmin(req.user)) {
         return htmlPage("Connection failed", "You must be signed in as an admin to connect Google Search Console.");
       }
-      const cfg = getOAuthConfig(basePath, seoConfig);
+      const cfg = getGscOAuthConfig(basePath, seoConfig);
       if (!cfg) return htmlPage("Connection failed", "GSC OAuth is not configured on the server.");
       const url = new URL(req.url);
       const code = url.searchParams.get("code");
@@ -4268,11 +4505,11 @@ function createGscCallbackHandler(basePath, seoConfig) {
       const oauthError = url.searchParams.get("error");
       if (oauthError) return htmlPage("Connection cancelled", `Google returned: ${oauthError}`);
       if (!code || !state) return htmlPage("Connection failed", "Missing code or state.");
-      const doc = await getOrCreateAuthDoc(req.payload);
+      const doc = await getOrCreateGscAuthDoc(req.payload);
       if (!doc.pendingState || !safeEqual(state, doc.pendingState)) {
         return htmlPage("Connection failed", "Invalid state (possible CSRF). Please restart the connection.");
       }
-      const tokens = await tokenRequest(cfg, {
+      const tokens = await gscTokenRequest(cfg, {
         code,
         redirect_uri: cfg.redirectUri,
         grant_type: "authorization_code"
@@ -4298,14 +4535,14 @@ function createGscCallbackHandler(basePath, seoConfig) {
       const secret = req.payload.secret || "";
       const refreshTokenEnc = encryptToken(refreshToken, secret);
       await req.payload.update({
-        collection: AUTH_COLLECTION,
+        collection: GSC_AUTH_COLLECTION,
         id: doc.id,
         data: {
           refreshTokenEnc,
           pendingState: null,
           connectedEmail: email,
           connectedAt: (/* @__PURE__ */ new Date()).toISOString(),
-          scope: tokens.scope || SCOPES,
+          scope: tokens.scope || GSC_SCOPES,
           propertyUrl: doc.propertyUrl || cfg.siteUrl
         },
         overrideAccess: true
@@ -4321,26 +4558,26 @@ function createGscCallbackHandler(basePath, seoConfig) {
 function createGscDataHandler(basePath, seoConfig) {
   return async (req) => {
     try {
-      if (!isAdmin5(req.user)) return Response.json({ error: "Forbidden" }, { status: 403 });
-      const cfg = getOAuthConfig(basePath, seoConfig);
+      if (!isGscAdmin(req.user)) return Response.json({ error: "Forbidden" }, { status: 403 });
+      const cfg = getGscOAuthConfig(basePath, seoConfig);
       if (!cfg) return Response.json({ error: "GSC OAuth not configured." }, { status: 400 });
-      const doc = await getOrCreateAuthDoc(req.payload);
+      const doc = await getOrCreateGscAuthDoc(req.payload);
       if (!doc.refreshTokenEnc) {
         return Response.json({ error: "Not connected to Google Search Console." }, { status: 409 });
       }
-      const secret = req.payload.secret || "";
-      let refreshToken;
+      let accessToken;
       try {
-        refreshToken = decryptToken(doc.refreshTokenEnc, secret);
-      } catch {
-        return Response.json(
-          { error: "Stored token could not be decrypted (encryption key changed?). Reconnect GSC." },
-          { status: 409 }
-        );
+        accessToken = await getGscAccessToken(req.payload, cfg, doc);
+      } catch (e) {
+        const code = e instanceof Error ? e.message : "refresh_failed";
+        if (code === "decrypt_failed") {
+          return Response.json(
+            { error: "Stored token could not be decrypted (encryption key changed?). Reconnect GSC." },
+            { status: 409 }
+          );
+        }
+        return Response.json({ error: "Could not refresh access token." }, { status: 502 });
       }
-      const tokens = await tokenRequest(cfg, { refresh_token: refreshToken, grant_type: "refresh_token" });
-      const accessToken = tokens.access_token;
-      if (!accessToken) return Response.json({ error: "Could not refresh access token." }, { status: 502 });
       const url = new URL(req.url);
       const today = /* @__PURE__ */ new Date();
       const defaultEnd = today.toISOString().slice(0, 10);
@@ -4350,21 +4587,19 @@ function createGscDataHandler(basePath, seoConfig) {
       const dimension = url.searchParams.get("dimension") === "page" ? "page" : "query";
       const rowLimit = Math.min(1e3, Math.max(1, parseInt(url.searchParams.get("rowLimit") || "100", 10)));
       const property = doc.propertyUrl || cfg.siteUrl;
-      const gscResp = await fetch(
-        `https://www.googleapis.com/webmasters/v3/sites/${encodeURIComponent(property)}/searchAnalytics/query`,
-        {
-          method: "POST",
-          headers: { authorization: `Bearer ${accessToken}`, "content-type": "application/json" },
-          body: JSON.stringify({ startDate, endDate, dimensions: [dimension], rowLimit })
-        }
-      );
-      const gscJson = await gscResp.json();
-      if (!gscResp.ok) {
-        const err = gscJson.error?.message || gscResp.status;
-        return Response.json({ error: `GSC query failed: ${err}` }, { status: 502 });
+      let rows;
+      try {
+        rows = await queryGscSearchAnalytics(accessToken, property, {
+          startDate,
+          endDate,
+          dimensions: [dimension],
+          rowLimit
+        });
+      } catch (e) {
+        return Response.json({ error: e instanceof Error ? e.message : "GSC query failed" }, { status: 502 });
       }
       return Response.json(
-        { property, startDate, endDate, dimension, rows: gscJson.rows || [] },
+        { property, startDate, endDate, dimension, rows },
         { headers: { "Cache-Control": "no-store" } }
       );
     } catch (error) {
@@ -4377,10 +4612,10 @@ function createGscDataHandler(basePath, seoConfig) {
 function createGscDisconnectHandler() {
   return async (req) => {
     try {
-      if (!isAdmin5(req.user)) return Response.json({ error: "Forbidden" }, { status: 403 });
-      const doc = await getOrCreateAuthDoc(req.payload);
+      if (!isGscAdmin(req.user)) return Response.json({ error: "Forbidden" }, { status: 403 });
+      const doc = await getOrCreateGscAuthDoc(req.payload);
       await req.payload.update({
-        collection: AUTH_COLLECTION,
+        collection: GSC_AUTH_COLLECTION,
         id: doc.id,
         data: { refreshTokenEnc: null, pendingState: null, connectedEmail: null, connectedAt: null, scope: null },
         overrideAccess: true
@@ -4925,7 +5160,33 @@ function createLinkGraphHandler(targetCollections, globals = []) {
   };
 }
-// src/endpoints/schemaGenerator.ts
+// src/helpers/buildSchema.ts
+var SCHEMA_TYPES = [
+  "Article",
+  "LocalBusiness",
+  "BreadcrumbList",
+  "FAQPage",
+  "Product",
+  "Organization",
+  "Person",
+  "Event",
+  "Recipe",
+  "Video"
+];
+function resolveSiteUrl2(explicit) {
+  return (explicit || process.env.NEXT_PUBLIC_SERVER_URL || process.env.PAYLOAD_PUBLIC_SERVER_URL || "http://localhost:3000").replace(/\/$/, "");
+}
+function getSchemaImageUrl(metaImage, heroMedia, siteUrl) {
+  const img = metaImage || heroMedia;
+  if (!img) return void 0;
+  if (typeof img.url === "string") {
+    return img.url.startsWith("http") ? img.url : `${siteUrl}${img.url}`;
+  }
+  if (typeof img.filename === "string") {
+    return `${siteUrl}/media/${img.filename}`;
+  }
+  return void 0;
+}
 function detectSchemaType(collection, doc) {
   if (collection === "posts") return "Article";
   const layout = doc.layout;
@@ -4946,16 +5207,25 @@ function detectSchemaType(collection, doc) {
   }
   return "Article";
 }
+function buildAuthors(authors) {
+  return authors.filter((a) => a && typeof a === "object").map((a) => {
+    const author = a;
+    return {
+      "@type": "Person",
+      name: author.name || author.firstName || "Author"
+    };
+  });
+}
 function buildArticleSchema(doc, siteUrl) {
   const meta = doc.meta || {};
   const heroMedia = doc.hero?.media;
-  const imageUrl = getImageUrl(meta.image, heroMedia, siteUrl);
+  const imageUrl = getSchemaImageUrl(meta.image, heroMedia, siteUrl);
   const schema = {
     "@context": "https://schema.org",
     "@type": "Article",
     headline: meta.title || doc.title || "",
     description: meta.description || "",
-    datePublished: doc.createdAt || void 0,
+    datePublished: doc.publishedAt || doc.createdAt || void 0,
     dateModified: doc.updatedAt || void 0,
     mainEntityOfPage: {
       "@type": "WebPage",
@@ -5054,7 +5324,7 @@ function buildFAQSchema(doc) {
 function buildProductSchema(doc, siteUrl) {
   const meta = doc.meta || {};
   const heroMedia = doc.hero?.media;
-  const imageUrl = getImageUrl(meta.image, heroMedia, siteUrl);
+  const imageUrl = getSchemaImageUrl(meta.image, heroMedia, siteUrl);
   const schema = {
     "@context": "https://schema.org",
     "@type": "Product",
@@ -5127,7 +5397,7 @@ function buildEventSchema(doc, siteUrl) {
 function buildRecipeSchema(doc, siteUrl) {
   const meta = doc.meta || {};
   const heroMedia = doc.hero?.media;
-  const imageUrl = getImageUrl(meta.image, heroMedia, siteUrl);
+  const imageUrl = getSchemaImageUrl(meta.image, heroMedia, siteUrl);
   const schema = {
     "@context": "https://schema.org",
     "@type": "Recipe",
@@ -5144,7 +5414,7 @@ function buildRecipeSchema(doc, siteUrl) {
 function buildVideoSchema(doc, siteUrl) {
   const meta = doc.meta || {};
   const heroMedia = doc.hero?.media;
-  const imageUrl = getImageUrl(meta.image, heroMedia, siteUrl);
+  const imageUrl = getSchemaImageUrl(meta.image, heroMedia, siteUrl);
   const schema = {
     "@context": "https://schema.org",
     "@type": "VideoObject",
@@ -5157,26 +5427,51 @@ function buildVideoSchema(doc, siteUrl) {
   if (doc.duration) schema.duration = doc.duration;
   return schema;
 }
-function getImageUrl(metaImage, heroMedia, siteUrl) {
-  const img = metaImage || heroMedia;
-  if (!img) return void 0;
-  if (typeof img.url === "string") {
-    return img.url.startsWith("http") ? img.url : `${siteUrl}${img.url}`;
-  }
-  if (typeof img.filename === "string") {
-    return `${siteUrl}/media/${img.filename}`;
-  }
-  return void 0;
-}
-function buildAuthors(authors) {
-  return authors.filter((a) => a && typeof a === "object").map((a) => {
-    const author = a;
-    return {
-      "@type": "Person",
-      name: author.name || author.firstName || "Author"
-    };
-  });
+function buildJsonLd(doc, options = {}) {
+  const siteUrl = resolveSiteUrl2(options.siteUrl);
+  const schemaType = options.type || detectSchemaType(options.collection || "", doc);
+  let jsonLd;
+  switch (schemaType) {
+    case "Article":
+      jsonLd = buildArticleSchema(doc, siteUrl);
+      break;
+    case "LocalBusiness":
+      jsonLd = buildLocalBusinessSchema(doc, siteUrl);
+      break;
+    case "BreadcrumbList":
+      jsonLd = buildBreadcrumbSchema(doc, siteUrl);
+      break;
+    case "FAQPage":
+      jsonLd = buildFAQSchema(doc);
+      break;
+    case "Product":
+      jsonLd = buildProductSchema(doc, siteUrl);
+      break;
+    case "Organization":
+      jsonLd = buildOrganizationSchema(doc, siteUrl);
+      break;
+    case "Person":
+      jsonLd = buildPersonSchema(doc, siteUrl);
+      break;
+    case "Event":
+      jsonLd = buildEventSchema(doc, siteUrl);
+      break;
+    case "Recipe":
+      jsonLd = buildRecipeSchema(doc, siteUrl);
+      break;
+    case "Video":
+      jsonLd = buildVideoSchema(doc, siteUrl);
+      break;
+  }
+  const cleaned = JSON.parse(JSON.stringify(jsonLd));
+  return { type: schemaType, jsonLd: cleaned };
+}
+function renderJsonLdScript(doc, options = {}) {
+  const { jsonLd } = buildJsonLd(doc, options);
+  return `<script type="application/ld+json">${JSON.stringify(jsonLd)}</script>`;
 }
+// src/endpoints/schemaGenerator.ts
 function createSchemaGeneratorHandler(targetCollections) {
   return async (req) => {
     try {
@@ -5188,74 +5483,30 @@ function createSchemaGeneratorHandler(targetCollections) {
       const id = url.searchParams.get("id");
       const typeOverrideRaw = url.searchParams.get("type");
       if (!collection || !id) {
-        return Response.json(
-          { error: "Missing required query params: collection, id" },
-          { status: 400 }
-        );
+        return Response.json({ error: "Missing required query params: collection, id" }, { status: 400 });
       }
-      const validTypes = ["Article", "LocalBusiness", "BreadcrumbList", "FAQPage", "Product", "Organization", "Person", "Event", "Recipe", "Video"];
-      if (typeOverrideRaw !== null && !validTypes.includes(typeOverrideRaw)) {
+      if (typeOverrideRaw !== null && !SCHEMA_TYPES.includes(typeOverrideRaw)) {
         return Response.json(
-          { error: `Invalid schema type. Valid types: ${validTypes.join(", ")}` },
+          { error: `Invalid schema type. Valid types: ${SCHEMA_TYPES.join(", ")}` },
           { status: 400 }
         );
       }
-      const typeOverride = typeOverrideRaw;
+      const typeOverride = typeOverrideRaw || void 0;
       if (targetCollections && !targetCollections.includes(collection)) {
         return Response.json({ error: "Collection not allowed" }, { status: 403 });
       }
       let doc;
       try {
-        const result = await req.payload.findByID({
-          collection,
-          id,
-          depth: 1,
-          overrideAccess: true
-        });
+        const result = await req.payload.findByID({ collection, id, depth: 1, overrideAccess: true });
         doc = result;
       } catch {
         return Response.json({ error: `Document not found: ${collection}/${id}` }, { status: 404 });
       }
-      const siteUrl = (process.env.NEXT_PUBLIC_SERVER_URL || process.env.PAYLOAD_PUBLIC_SERVER_URL || "http://localhost:3000").replace(/\/$/, "");
-      const schemaType = typeOverride || detectSchemaType(collection, doc);
-      let jsonLd;
-      switch (schemaType) {
-        case "Article":
-          jsonLd = buildArticleSchema(doc, siteUrl);
-          break;
-        case "LocalBusiness":
-          jsonLd = buildLocalBusinessSchema(doc, siteUrl);
-          break;
-        case "BreadcrumbList":
-          jsonLd = buildBreadcrumbSchema(doc, siteUrl);
-          break;
-        case "FAQPage":
-          jsonLd = buildFAQSchema(doc);
-          break;
-        case "Product":
-          jsonLd = buildProductSchema(doc, siteUrl);
-          break;
-        case "Organization":
-          jsonLd = buildOrganizationSchema(doc, siteUrl);
-          break;
-        case "Person":
-          jsonLd = buildPersonSchema(doc, siteUrl);
-          break;
-        case "Event":
-          jsonLd = buildEventSchema(doc, siteUrl);
-          break;
-        case "Recipe":
-          jsonLd = buildRecipeSchema(doc, siteUrl);
-          break;
-        case "Video":
-          jsonLd = buildVideoSchema(doc, siteUrl);
-          break;
-      }
-      const cleaned = JSON.parse(JSON.stringify(jsonLd));
+      const { type, jsonLd } = buildJsonLd(doc, { collection, type: typeOverride });
       return Response.json({
-        type: schemaType,
-        jsonLd: cleaned,
-        html: `<script type="application/ld+json">${JSON.stringify(cleaned, null, 2)}</script>`
+        type,
+        jsonLd,
+        html: `<script type="application/ld+json">${JSON.stringify(jsonLd, null, 2)}</script>`
       });
     } catch (error) {
       const message = error instanceof Error ? error.message : "Internal server error";
@@ -6405,6 +6656,219 @@ function createSeoGscAuthCollection() {
   };
 }
+// src/collections/SeoRankHistory.ts
+function createSeoRankHistoryCollection() {
+  return {
+    slug: "seo-rank-history",
+    admin: {
+      custom: { navHidden: true }
+    },
+    access: {
+      read: ({ req }) => !!req.user,
+      create: ({ req }) => req.user?.role === "admin",
+      update: ({ req }) => req.user?.role === "admin",
+      delete: ({ req }) => req.user?.role === "admin"
+    },
+    timestamps: false,
+    fields: [
+      {
+        name: "query",
+        type: "text",
+        required: true,
+        index: true,
+        admin: { description: "Search query (keyword) tracked" }
+      },
+      {
+        name: "page",
+        type: "text",
+        admin: { description: "Landing page URL (when tracked by page)" }
+      },
+      {
+        name: "position",
+        type: "number",
+        required: true,
+        admin: { description: "Average SERP position over the snapshot window (lower is better)" }
+      },
+      {
+        name: "clicks",
+        type: "number",
+        admin: { description: "Clicks over the snapshot window" }
+      },
+      {
+        name: "impressions",
+        type: "number",
+        admin: { description: "Impressions over the snapshot window" }
+      },
+      {
+        name: "ctr",
+        type: "number",
+        admin: { description: "Click-through rate (0-1) over the snapshot window" }
+      },
+      {
+        name: "property",
+        type: "text",
+        admin: { description: "GSC property the snapshot was taken from" }
+      },
+      {
+        // YYYY-MM-DD — used to deduplicate one snapshot per query per day.
+        name: "dateKey",
+        type: "text",
+        required: true,
+        index: true,
+        admin: { description: "Snapshot day (YYYY-MM-DD), one snapshot per query per day" }
+      },
+      {
+        name: "snapshotDate",
+        type: "date",
+        required: true,
+        index: true,
+        admin: { description: "Exact timestamp of the snapshot" }
+      }
+    ]
+  };
+}
+// src/endpoints/rankTracking.ts
+var RANK_COLLECTION = "seo-rank-history";
+var round1 = (n) => Math.round(n * 10) / 10;
+async function runRankSnapshot(payload, basePath, seoConfig, opts) {
+  const cfg = getGscOAuthConfig(basePath, seoConfig);
+  if (!cfg) return { ok: false, reason: "not_configured" };
+  const authDoc = await getOrCreateGscAuthDoc(payload);
+  if (!authDoc.refreshTokenEnc) return { ok: false, reason: "not_connected" };
+  let accessToken;
+  try {
+    accessToken = await getGscAccessToken(payload, cfg, authDoc);
+  } catch (e) {
+    return { ok: false, reason: e instanceof Error ? e.message : "refresh_failed" };
+  }
+  const property = authDoc.propertyUrl || cfg.siteUrl;
+  const windowDays = Math.min(90, Math.max(1, 7));
+  const rowLimit = Math.min(1e3, Math.max(1, 100));
+  const end = new Date(Date.now() - 2 * 864e5);
+  const start = new Date(end.getTime() - (windowDays - 1) * 864e5);
+  const endDate = end.toISOString().slice(0, 10);
+  const startDate = start.toISOString().slice(0, 10);
+  let rows;
+  try {
+    rows = await queryGscSearchAnalytics(accessToken, property, {
+      startDate,
+      endDate,
+      dimensions: ["query"],
+      rowLimit
+    });
+  } catch (e) {
+    return { ok: false, reason: e instanceof Error ? e.message : "query_failed" };
+  }
+  const todayKey = (/* @__PURE__ */ new Date()).toISOString().slice(0, 10);
+  const existing = await payload.find({
+    collection: RANK_COLLECTION,
+    where: { dateKey: { equals: todayKey } },
+    limit: 2e3,
+    depth: 0,
+    overrideAccess: true
+  });
+  const already = new Set(existing.docs.map((d) => d.query));
+  let stored = 0;
+  const nowIso = (/* @__PURE__ */ new Date()).toISOString();
+  for (const r of rows) {
+    const query = r.keys?.[0];
+    if (!query || already.has(query)) continue;
+    try {
+      await payload.create({
+        collection: RANK_COLLECTION,
+        data: {
+          query,
+          position: round1(r.position),
+          clicks: r.clicks,
+          impressions: r.impressions,
+          ctr: r.ctr,
+          property,
+          dateKey: todayKey,
+          snapshotDate: nowIso
+        },
+        overrideAccess: true
+      });
+      stored++;
+    } catch (e) {
+      payload.logger.warn(`[seo] rank-snapshot: skipped "${query}": ${e instanceof Error ? e.message : "error"}`);
+    }
+  }
+  return { ok: true, stored, scanned: rows.length, startDate, endDate };
+}
+function createRankSnapshotHandler(basePath, seoConfig) {
+  return async (req) => {
+    try {
+      if (!isGscAdmin(req.user)) return Response.json({ error: "Forbidden" }, { status: 403 });
+      const result = await runRankSnapshot(req.payload, basePath, seoConfig);
+      if (!result.ok) {
+        const status = result.reason === "not_connected" || result.reason === "not_configured" ? 409 : 502;
+        return Response.json(result, { status, headers: { "Cache-Control": "no-store" } });
+      }
+      return Response.json(result, { headers: { "Cache-Control": "no-store" } });
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "Internal server error";
+      req.payload.logger.error(`[seo] rank-snapshot error: ${message}`);
+      return Response.json({ error: message }, { status: 500 });
+    }
+  };
+}
+function createRankHistoryHandler() {
+  return async (req) => {
+    try {
+      if (!isGscAdmin(req.user)) return Response.json({ error: "Forbidden" }, { status: 403 });
+      const url = new URL(req.url);
+      const days = Math.min(180, Math.max(7, parseInt(url.searchParams.get("days") || "35", 10)));
+      const since = new Date(Date.now() - days * 864e5).toISOString();
+      const all = await req.payload.find({
+        collection: RANK_COLLECTION,
+        where: { snapshotDate: { greater_than: since } },
+        sort: "-snapshotDate",
+        limit: 5e3,
+        depth: 0,
+        overrideAccess: true
+      });
+      const byQuery = /* @__PURE__ */ new Map();
+      for (const d of all.docs) {
+        const q = d.query;
+        const arr = byQuery.get(q);
+        if (arr) arr.push(d);
+        else byQuery.set(q, [d]);
+      }
+      const movers = Array.from(byQuery.entries()).map(([query, snaps]) => {
+        const latest = snaps[0];
+        const previous = snaps.find((s) => s.dateKey !== latest.dateKey) || null;
+        const delta = previous ? round1(previous.position - latest.position) : 0;
+        return {
+          query,
+          page: latest.page || null,
+          position: latest.position,
+          previousPosition: previous ? previous.position : null,
+          delta,
+          clicks: latest.clicks ?? 0,
+          impressions: latest.impressions ?? 0,
+          ctr: latest.ctr ?? 0,
+          snapshotDate: latest.snapshotDate,
+          history: snaps.slice(0, 30).map((s) => ({ date: s.dateKey, position: s.position })).reverse()
+        };
+      });
+      movers.sort((a, b) => (b.impressions || 0) - (a.impressions || 0));
+      return Response.json(
+        {
+          count: movers.length,
+          lastSnapshot: all.docs[0]?.snapshotDate || null,
+          movers
+        },
+        { headers: { "Cache-Control": "no-store" } }
+      );
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "Internal server error";
+      req.payload.logger.error(`[seo] rank-history error: ${message}`);
+      return Response.json({ error: message }, { status: 500 });
+    }
+  };
+}
 // src/rateLimiter.ts
 function createRateLimiter(maxRequests, windowMs) {
   const store = /* @__PURE__ */ new Map();
@@ -6749,6 +7213,296 @@ function stopCacheWarmUp() {
   }
 }
+// src/rankTracker.ts
+var SNAPSHOT_INTERVAL = 24 * 60 * 60 * 1e3;
+var STARTUP_DELAY2 = 30 * 1e3;
+var intervalId2 = null;
+var listenersAttached2 = false;
+async function doSnapshot(payload, basePath, seoConfig) {
+  try {
+    const result = await runRankSnapshot(payload, basePath, seoConfig);
+    if (result.ok) {
+      payload.logger.info(`[seo] rank-tracker: snapshot stored ${result.stored}/${result.scanned} queries`);
+    } else if (result.reason !== "not_connected" && result.reason !== "not_configured") {
+      payload.logger.warn(`[seo] rank-tracker: snapshot skipped (${result.reason})`);
+    }
+  } catch (error) {
+    payload.logger.error(`[seo] rank-tracker error: ${error instanceof Error ? error.message : "unknown"}`);
+  }
+}
+function startRankTracker(payload, basePath, seoConfig) {
+  setTimeout(() => {
+    void doSnapshot(payload, basePath, seoConfig);
+  }, STARTUP_DELAY2);
+  intervalId2 = setInterval(() => {
+    void doSnapshot(payload, basePath, seoConfig);
+  }, SNAPSHOT_INTERVAL);
+  if (!listenersAttached2) {
+    const cleanup = () => stopRankTracker();
+    process.on("SIGTERM", cleanup);
+    process.on("SIGINT", cleanup);
+    listenersAttached2 = true;
+  }
+  payload.logger.info("[seo] rank-tracker: scheduled startup + every 24h");
+}
+function stopRankTracker() {
+  if (intervalId2) {
+    clearInterval(intervalId2);
+    intervalId2 = null;
+  }
+}
+// src/endpoints/alerts.ts
+function isAdmin8(user) {
+  if (!user) return false;
+  if (user.role === "admin") return true;
+  if (Array.isArray(user.roles) && user.roles.includes("admin")) return true;
+  return false;
+}
+function getAlertConfig() {
+  return {
+    webhookUrl: process.env.SEO_ALERT_WEBHOOK_URL || "",
+    emails: (process.env.SEO_ALERT_EMAIL || "").split(",").map((s) => s.trim()).filter(Boolean),
+    scoreDrop: parseInt(process.env.SEO_ALERT_SCORE_DROP || "10", 10) || 10,
+    positionDrop: parseInt(process.env.SEO_ALERT_POSITION_DROP || "5", 10) || 5,
+    windowHours: Math.max(1, parseInt(process.env.SEO_ALERT_WINDOW_HOURS || "24", 10) || 24)
+  };
+}
+var round12 = (n) => Math.round(n * 10) / 10;
+async function buildAlertDigest(payload, cfg) {
+  const now = Date.now();
+  const since = new Date(now - cfg.windowHours * 36e5).toISOString();
+  const scoreRegressions = [];
+  try {
+    const hist = await payload.find({
+      collection: "seo-score-history",
+      where: { snapshotDate: { greater_than: new Date(now - 14 * 864e5).toISOString() } },
+      sort: "-snapshotDate",
+      limit: 5e3,
+      depth: 0,
+      overrideAccess: true
+    });
+    const byDoc = /* @__PURE__ */ new Map();
+    for (const h of hist.docs) {
+      const key = `${h.documentId}::${h.collection}`;
+      const arr = byDoc.get(key);
+      if (arr) arr.push(h);
+      else byDoc.set(key, [h]);
+    }
+    for (const [key, snaps] of byDoc) {
+      const latest = snaps[0];
+      const oldest = snaps[snaps.length - 1];
+      const drop = oldest.score - latest.score;
+      if (drop >= cfg.scoreDrop) {
+        const [documentId, collection] = key.split("::");
+        scoreRegressions.push({
+          documentId,
+          collection,
+          from: oldest.score,
+          to: latest.score,
+          drop
+        });
+      }
+    }
+    scoreRegressions.sort((a, b) => b.drop - a.drop);
+  } catch {
+  }
+  const newNotFound = [];
+  try {
+    const logs = await payload.find({
+      collection: "seo-logs",
+      where: {
+        and: [{ lastSeen: { greater_than: since } }, { ignored: { not_equals: true } }]
+      },
+      sort: "-count",
+      limit: 50,
+      depth: 0,
+      overrideAccess: true
+    });
+    for (const l of logs.docs) {
+      newNotFound.push({
+        url: l.url || "",
+        count: l.count || 1,
+        lastSeen: l.lastSeen || ""
+      });
+    }
+  } catch {
+  }
+  const rankDrops = [];
+  try {
+    const ranks = await payload.find({
+      collection: "seo-rank-history",
+      where: { snapshotDate: { greater_than: new Date(now - 35 * 864e5).toISOString() } },
+      sort: "-snapshotDate",
+      limit: 5e3,
+      depth: 0,
+      overrideAccess: true
+    });
+    const byQuery = /* @__PURE__ */ new Map();
+    for (const r of ranks.docs) {
+      const q = r.query;
+      const arr = byQuery.get(q);
+      if (arr) arr.push(r);
+      else byQuery.set(q, [r]);
+    }
+    for (const [query, snaps] of byQuery) {
+      const latest = snaps[0];
+      const previous = snaps.find((s) => s.dateKey !== latest.dateKey);
+      if (!previous) continue;
+      const drop = round12(latest.position - previous.position);
+      if (drop >= cfg.positionDrop) {
+        rankDrops.push({ query, from: previous.position, to: latest.position, drop });
+      }
+    }
+    rankDrops.sort((a, b) => b.drop - a.drop);
+  } catch {
+  }
+  const totalIssues = scoreRegressions.length + newNotFound.length + rankDrops.length;
+  return {
+    since,
+    generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    scoreRegressions,
+    newNotFound,
+    rankDrops,
+    totalIssues
+  };
+}
+function digestToHtml(digest, siteUrl) {
+  const section = (title, rows) => rows.length ? `<h3 style="margin:18px 0 6px">${title}</h3><ul style="margin:0;padding-left:18px">${rows.join("")}</ul>` : "";
+  const reg = digest.scoreRegressions.slice(0, 20).map((r) => `<li>${r.collection}/${r.documentId} \u2014 score ${r.from} \u2192 <b>${r.to}</b> (\u2212${r.drop})</li>`);
+  const nf = digest.newNotFound.slice(0, 20).map((n) => `<li><code>${n.url}</code> \u2014 ${n.count}\xD7</li>`);
+  const rd = digest.rankDrops.slice(0, 20).map((d) => `<li>\u201C${d.query}\u201D \u2014 #${round12(d.from)} \u2192 <b>#${round12(d.to)}</b> (\u25BC${d.drop})</li>`);
+  return `<div style="font-family:system-ui;max-width:640px">
+  <h2>SEO alert digest${siteUrl ? ` \u2014 ${siteUrl}` : ""}</h2>
+  <p style="color:#6b7280;font-size:13px">${digest.totalIssues} issue(s) since ${new Date(digest.since).toLocaleString()}</p>
+  ${section("\u{1F4C9} Score regressions", reg)}
+  ${section("\u{1F517} New 404s", nf)}
+  ${section("\u{1F53B} Ranking drops", rd)}
+  ${digest.totalIssues === 0 ? "<p>No issues to report. \u{1F389}</p>" : ""}
+</div>`;
+}
+async function deliverAlertDigest(payload, digest, cfg, siteUrl) {
+  const channels = { webhook: false, email: false };
+  if (digest.totalIssues === 0) {
+    return { sent: false, reason: "nothing_to_report", channels };
+  }
+  if (cfg.webhookUrl) {
+    try {
+      await fetch(cfg.webhookUrl, {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({ type: "seo-alert-digest", siteUrl, digest })
+      });
+      channels.webhook = true;
+    } catch (e) {
+      payload.logger.warn(`[seo] alerts: webhook delivery failed: ${e instanceof Error ? e.message : "error"}`);
+    }
+  }
+  if (cfg.emails.length > 0) {
+    const send = payload.sendEmail;
+    if (typeof send === "function") {
+      try {
+        await send({
+          to: cfg.emails,
+          subject: `SEO alert digest \u2014 ${digest.totalIssues} issue(s)`,
+          html: digestToHtml(digest, siteUrl)
+        });
+        channels.email = true;
+      } catch (e) {
+        payload.logger.warn(`[seo] alerts: email delivery failed: ${e instanceof Error ? e.message : "error"}`);
+      }
+    }
+  }
+  const sent = channels.webhook || channels.email;
+  return { sent, reason: sent ? void 0 : "no_channel_configured", channels };
+}
+function createAlertsDigestHandler() {
+  return async (req) => {
+    try {
+      if (!isAdmin8(req.user)) return Response.json({ error: "Forbidden" }, { status: 403 });
+      const cfg = getAlertConfig();
+      const digest = await buildAlertDigest(req.payload, cfg);
+      return Response.json(
+        {
+          digest,
+          config: {
+            webhookConfigured: !!cfg.webhookUrl,
+            emailConfigured: cfg.emails.length > 0,
+            scoreDrop: cfg.scoreDrop,
+            positionDrop: cfg.positionDrop,
+            windowHours: cfg.windowHours
+          }
+        },
+        { headers: { "Cache-Control": "no-store" } }
+      );
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "Internal server error";
+      req.payload.logger.error(`[seo] alerts-digest error: ${message}`);
+      return Response.json({ error: message }, { status: 500 });
+    }
+  };
+}
+function createAlertsRunHandler(siteUrl) {
+  return async (req) => {
+    try {
+      if (!isAdmin8(req.user)) return Response.json({ error: "Forbidden" }, { status: 403 });
+      const cfg = getAlertConfig();
+      const digest = await buildAlertDigest(req.payload, cfg);
+      const delivery = await deliverAlertDigest(req.payload, digest, cfg, siteUrl);
+      return Response.json({ digest, delivery }, { headers: { "Cache-Control": "no-store" } });
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "Internal server error";
+      req.payload.logger.error(`[seo] alerts-run error: ${message}`);
+      return Response.json({ error: message }, { status: 500 });
+    }
+  };
+}
+// src/alertsScheduler.ts
+var STARTUP_DELAY3 = 60 * 1e3;
+var intervalId3 = null;
+var listenersAttached3 = false;
+async function runDigest(payload, siteUrl) {
+  try {
+    const cfg = getAlertConfig();
+    if (!cfg.webhookUrl && cfg.emails.length === 0) {
+      return;
+    }
+    const digest = await buildAlertDigest(payload, cfg);
+    const delivery = await deliverAlertDigest(payload, digest, cfg, siteUrl);
+    if (delivery.sent) {
+      payload.logger.info(
+        `[seo] alerts: digest delivered (${digest.totalIssues} issues; webhook=${delivery.channels.webhook} email=${delivery.channels.email})`
+      );
+    }
+  } catch (error) {
+    payload.logger.error(`[seo] alerts scheduler error: ${error instanceof Error ? error.message : "unknown"}`);
+  }
+}
+function startAlertsScheduler(payload, siteUrl) {
+  const intervalHours = Math.max(1, parseInt(process.env.SEO_ALERT_INTERVAL_HOURS || "24", 10) || 24);
+  const intervalMs = intervalHours * 60 * 60 * 1e3;
+  setTimeout(() => {
+    void runDigest(payload, siteUrl);
+  }, STARTUP_DELAY3);
+  intervalId3 = setInterval(() => {
+    void runDigest(payload, siteUrl);
+  }, intervalMs);
+  if (!listenersAttached3) {
+    const cleanup = () => stopAlertsScheduler();
+    process.on("SIGTERM", cleanup);
+    process.on("SIGINT", cleanup);
+    listenersAttached3 = true;
+  }
+  payload.logger.info(`[seo] alerts: scheduled startup + every ${intervalHours}h`);
+}
+function stopAlertsScheduler() {
+  if (intervalId3) {
+    clearInterval(intervalId3);
+    intervalId3 = null;
+  }
+}
 // src/endpoints/generate.ts
 var TYPE_TO_CONFIG_KEY = {
   title: "generateTitle",
@@ -8903,6 +9657,7 @@ function buildSeoConfig(pluginConfig) {
 var seoAnalyzerPlugin = (pluginConfig = {}) => (incomingConfig) => {
   const config = { ...incomingConfig };
   const targetCollections = pluginConfig.collections ?? ["pages", "posts"];
+  const uploadsCollection = pluginConfig.uploadsCollection ?? "media";
   const targetGlobals = pluginConfig.globals ?? [];
   const basePath = pluginConfig.endpointBasePath ?? "/seo-plugin";
   const seoConfig = buildSeoConfig(pluginConfig);
@@ -8925,6 +9680,8 @@ var seoAnalyzerPlugin = (pluginConfig = {}) => (incomingConfig) => {
     // opt-in — requires Google Cloud OAuth setup + secrets
     warmCache: true,
     // disable on low-memory hosts to skip startup pre-loading
+    alerts: false,
+    // opt-in — requires SEO_ALERT_WEBHOOK_URL and/or SEO_ALERT_EMAIL
     ...pluginConfig.features
   };
   function hasExistingSeoMeta(fields) {
@@ -9065,7 +9822,7 @@ var seoAnalyzerPlugin = (pluginConfig = {}) => (incomingConfig) => {
   if (features.redirects && !hasExistingRedirects) pluginCollections.push(createSeoRedirectsCollection(redirectsSlug));
   if (features.performance) pluginCollections.push(createSeoPerformanceCollection());
   if (features.seoLogs) pluginCollections.push(createSeoLogsCollection());
-  if (features.gscApi) pluginCollections.push(createSeoGscAuthCollection());
+  if (features.gscApi) pluginCollections.push(createSeoGscAuthCollection(), createSeoRankHistoryCollection());
   config.collections = [
     ...config.collections || [],
     ...pluginCollections
@@ -9178,7 +9935,9 @@ var seoAnalyzerPlugin = (pluginConfig = {}) => (incomingConfig) => {
     pluginEndpoints.push(
       { path: `${basePath}/ai-generate`, method: "post", handler: createAiGenerateHandler() },
       { path: `${basePath}/ai-rewrite`, method: "post", handler: createAiRewriteHandler(targetCollections) },
-      { path: `${basePath}/ai-optimize`, method: "post", handler: createAiOptimizeHandler(targetCollections, seoConfig) }
+      { path: `${basePath}/ai-optimize`, method: "post", handler: createAiOptimizeHandler(targetCollections, seoConfig) },
+      { path: `${basePath}/alt-text-audit`, method: "get", handler: createAltTextAuditHandler(uploadsCollection) },
+      { path: `${basePath}/ai-alt-text`, method: "post", handler: withRateLimit(createAiAltTextHandler(uploadsCollection, seoConfig)) }
     );
   }
   if (features.cannibalization) {
@@ -9209,7 +9968,15 @@ var seoAnalyzerPlugin = (pluginConfig = {}) => (incomingConfig) => {
       { path: `${basePath}/gsc/auth`, method: "get", handler: createGscAuthStartHandler(basePath, seoConfig) },
       { path: `${basePath}/gsc/callback`, method: "get", handler: createGscCallbackHandler(basePath, seoConfig) },
       { path: `${basePath}/gsc/data`, method: "get", handler: withRateLimit(createGscDataHandler(basePath, seoConfig)) },
-      { path: `${basePath}/gsc/disconnect`, method: "post", handler: createGscDisconnectHandler() }
+      { path: `${basePath}/gsc/disconnect`, method: "post", handler: createGscDisconnectHandler() },
+      { path: `${basePath}/rank-snapshot`, method: "post", handler: withRateLimit(createRankSnapshotHandler(basePath, seoConfig)) },
+      { path: `${basePath}/rank-history`, method: "get", handler: createRankHistoryHandler() }
+    );
+  }
+  if (features.alerts) {
+    pluginEndpoints.push(
+      { path: `${basePath}/alerts-digest`, method: "get", handler: createAlertsDigestHandler() },
+      { path: `${basePath}/alerts-run`, method: "post", handler: withRateLimit(createAlertsRunHandler(resolveGscSiteUrl(seoConfig))) }
     );
   }
   if (features.keywords) {
@@ -9355,10 +10122,90 @@ var seoAnalyzerPlugin = (pluginConfig = {}) => (incomingConfig) => {
     if (features.warmCache) {
       startCacheWarmUp(payload, basePath, targetGlobals, targetCollections);
     }
+    if (features.gscApi) {
+      startRankTracker(payload, basePath, seoConfig);
+    }
+    if (features.alerts) {
+      startAlertsScheduler(payload, resolveGscSiteUrl(seoConfig));
+    }
   };
   return config;
 };
+// src/helpers/buildMetadata.ts
+function resolveSiteUrl3(explicit) {
+  return (explicit || process.env.NEXT_PUBLIC_SERVER_URL || process.env.PAYLOAD_PUBLIC_SERVER_URL || "").replace(/\/$/, "");
+}
+function parseRobots(doc, meta) {
+  const raw = typeof meta.robots === "string" && meta.robots || typeof doc.robots === "string" && doc.robots || "";
+  let noindex = false;
+  let nofollow = false;
+  if (raw) {
+    const low = raw.toLowerCase();
+    noindex = low.includes("noindex");
+    nofollow = low.includes("nofollow");
+  }
+  if (doc.noindex === true || meta.noindex === true) noindex = true;
+  if (doc.nofollow === true || meta.nofollow === true) nofollow = true;
+  return { index: !noindex, follow: !nofollow };
+}
+function buildLanguages(doc) {
+  const raw = doc.localeAlternates || doc.alternates || doc.hreflang;
+  if (!Array.isArray(raw)) return void 0;
+  const out = {};
+  for (const a of raw) {
+    if (!a || typeof a !== "object") continue;
+    const r = a;
+    const lang = String(r.hreflang || r.locale || r.lang || "");
+    const href = String(r.href || r.url || "");
+    if (lang && href) out[lang] = href;
+  }
+  return Object.keys(out).length ? out : void 0;
+}
+function absoluteUrl(value, siteUrl) {
+  if (/^https?:\/\//i.test(value)) return value;
+  return `${siteUrl}${value.startsWith("/") ? "" : "/"}${value}`;
+}
+function buildSeoMetadata(doc, options = {}) {
+  const siteUrl = resolveSiteUrl3(options.siteUrl);
+  const meta = doc.meta || {};
+  const rawTitle = meta.title || doc.title || "";
+  const title = options.titleTemplate && rawTitle ? options.titleTemplate.replace("%s", rawTitle) : rawTitle;
+  const description = meta.description || "";
+  const slug = doc.slug || "";
+  const heroMedia = doc.hero?.media;
+  let image = getSchemaImageUrl(meta.image, heroMedia, siteUrl);
+  if (!image && options.defaultImage) image = absoluteUrl(options.defaultImage, siteUrl);
+  const explicitCanonical = typeof meta.canonicalUrl === "string" && meta.canonicalUrl || typeof doc.canonicalUrl === "string" && doc.canonicalUrl || "";
+  const canonical = explicitCanonical || (siteUrl ? `${siteUrl}${slug ? `/${slug}` : ""}` : void 0);
+  const languages = buildLanguages(doc);
+  const isPost = options.collection === "posts" || doc.isPost === true;
+  const md = {};
+  if (title) md.title = title;
+  if (description) md.description = description;
+  const alternates = {};
+  if (canonical) alternates.canonical = canonical;
+  if (languages) alternates.languages = languages;
+  if (Object.keys(alternates).length) md.alternates = alternates;
+  md.robots = parseRobots(doc, meta);
+  md.openGraph = {
+    ...rawTitle ? { title: rawTitle } : {},
+    ...description ? { description } : {},
+    ...canonical ? { url: canonical } : {},
+    ...options.siteName ? { siteName: options.siteName } : {},
+    type: isPost ? "article" : "website",
+    ...options.locale ? { locale: options.locale } : {},
+    ...image ? { images: [{ url: image }] } : {}
+  };
+  md.twitter = {
+    card: image ? "summary_large_image" : "summary",
+    ...rawTitle ? { title: rawTitle } : {},
+    ...description ? { description } : {},
+    ...image ? { images: [image] } : {}
+  };
+  return md;
+}
 // src/i18n.ts
 var rulesFr = {
   title: {
@@ -13267,4 +14114,4 @@ function analyzeSeo(data, config) {
   return { score, level, checks, ...aiReadiness ? { aiReadiness } : {} };
 }
-export { ACTION_VERBS, EVERGREEN_SLUGS, FLESCH_THRESHOLDS, GENERIC_ANCHORS, KEYWORD_DENSITY_MAX, KEYWORD_DENSITY_MIN, KEYWORD_DENSITY_WARN, LEGAL_SLUGS_MAP, MAX_RECURSION_DEPTH, META_DESC_LENGTH_MAX, META_DESC_LENGTH_MIN, MIN_WORDS_FORM, MIN_WORDS_GENERIC, MIN_WORDS_LEGAL, MIN_WORDS_POST, MIN_WORDS_THIN, POWER_WORDS, POWER_WORDS_FR, READABILITY_THRESHOLDS, SCORE_EXCELLENT, SCORE_GOOD, SCORE_OK, STOP_WORDS, STOP_WORD_COMPOUNDS_MAP, TITLE_LENGTH_MAX, TITLE_LENGTH_MIN, UTILITY_SLUGS, WARNING_MULTIPLIER, analyzeSeo, buildSeoInputFromDoc, calculateFlesch, calculateFleschFR, checkHeadingHierarchy, checkImagesInBlocks, countKeywordOccurrences, countLongSections, countSentences, countSyllablesEN, countSyllablesFR, countWords, createAiRewriteHandler, createDuplicateContentHandler, createGenerateHandler, createHistoryHandler, createKeywordResearchHandler, createPerformanceHandler, createRedirectChainsHandler, createSchemaGeneratorHandler, createSeoPerformanceCollection, createSeoScoreHistoryCollection, createSitemapAuditHandler, createTrackSeoScoreHook, detectPageType, detectPassiveVoice, extractHeadingsFromLexical, extractImagesFromLexical, extractLinkUrlsFromLexical, extractLinksFromLexical, extractListsFromLexical, extractTextFromLexical, fetchAllDocs, getActionVerbs, getActionVerbsFR, getDashboardT, getEvergreenSlugs, getGenericAnchors, getLegalSlugs, getPowerWords, getStopWordCompounds, getStopWords, getStopWordsFR, getUtilitySlugs, hasTransitionWord, isStopWordInCompoundExpression, keywordMatchesText, metaFields, normalizeForComparison, registerDashboardTranslations, resolveAnalysisLocale, seoAnalyzerPlugin, seoFields, seoAnalyzerPlugin as seoPlugin, slugifyKeyword };
+export { ACTION_VERBS, EVERGREEN_SLUGS, FLESCH_THRESHOLDS, GENERIC_ANCHORS, KEYWORD_DENSITY_MAX, KEYWORD_DENSITY_MIN, KEYWORD_DENSITY_WARN, LEGAL_SLUGS_MAP, MAX_RECURSION_DEPTH, META_DESC_LENGTH_MAX, META_DESC_LENGTH_MIN, MIN_WORDS_FORM, MIN_WORDS_GENERIC, MIN_WORDS_LEGAL, MIN_WORDS_POST, MIN_WORDS_THIN, POWER_WORDS, POWER_WORDS_FR, READABILITY_THRESHOLDS, SCHEMA_TYPES, SCORE_EXCELLENT, SCORE_GOOD, SCORE_OK, STOP_WORDS, STOP_WORD_COMPOUNDS_MAP, TITLE_LENGTH_MAX, TITLE_LENGTH_MIN, UTILITY_SLUGS, WARNING_MULTIPLIER, analyzeSeo, buildJsonLd, buildSeoInputFromDoc, buildSeoMetadata, calculateFlesch, calculateFleschFR, checkHeadingHierarchy, checkImagesInBlocks, countKeywordOccurrences, countLongSections, countSentences, countSyllablesEN, countSyllablesFR, countWords, createAiRewriteHandler, createDuplicateContentHandler, createGenerateHandler, createHistoryHandler, createKeywordResearchHandler, createPerformanceHandler, createRedirectChainsHandler, createSchemaGeneratorHandler, createSeoPerformanceCollection, createSeoScoreHistoryCollection, createSitemapAuditHandler, createTrackSeoScoreHook, detectPageType, detectPassiveVoice, detectSchemaType, extractHeadingsFromLexical, extractImagesFromLexical, extractLinkUrlsFromLexical, extractLinksFromLexical, extractListsFromLexical, extractTextFromLexical, fetchAllDocs, getActionVerbs, getActionVerbsFR, getDashboardT, getEvergreenSlugs, getGenericAnchors, getLegalSlugs, getPowerWords, getSchemaImageUrl, getStopWordCompounds, getStopWords, getStopWordsFR, getUtilitySlugs, hasTransitionWord, isStopWordInCompoundExpression, keywordMatchesText, metaFields, normalizeForComparison, registerDashboardTranslations, renderJsonLdScript, resolveAnalysisLocale, seoAnalyzerPlugin, seoFields, seoAnalyzerPlugin as seoPlugin, slugifyKeyword };