npm - @iflow-mcp/jakeliume-webpeel - Versions diffs - 0.22.0 - Mend

@iflow-mcp/jakeliume-webpeel 0.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (547) hide show

package/LICENSE +15 -0
package/README.md +313 -0
package/dist/cache.d.ts +30 -0
package/dist/cache.js +139 -0
package/dist/cli/commands/auth.d.ts +5 -0
package/dist/cli/commands/auth.js +411 -0
package/dist/cli/commands/doctor.d.ts +37 -0
package/dist/cli/commands/doctor.js +371 -0
package/dist/cli/commands/fetch.d.ts +6 -0
package/dist/cli/commands/fetch.js +1345 -0
package/dist/cli/commands/guide.d.ts +2 -0
package/dist/cli/commands/guide.js +183 -0
package/dist/cli/commands/interact.d.ts +5 -0
package/dist/cli/commands/interact.js +840 -0
package/dist/cli/commands/jobs.d.ts +5 -0
package/dist/cli/commands/jobs.js +997 -0
package/dist/cli/commands/monitor.d.ts +12 -0
package/dist/cli/commands/monitor.js +197 -0
package/dist/cli/commands/observe.d.ts +12 -0
package/dist/cli/commands/observe.js +158 -0
package/dist/cli/commands/screenshot.d.ts +5 -0
package/dist/cli/commands/screenshot.js +282 -0
package/dist/cli/commands/search.d.ts +5 -0
package/dist/cli/commands/search.js +1021 -0
package/dist/cli/commands/setup.d.ts +13 -0
package/dist/cli/commands/setup.js +244 -0
package/dist/cli/commands/skill.d.ts +15 -0
package/dist/cli/commands/skill.js +195 -0
package/dist/cli/utils.d.ts +84 -0
package/dist/cli/utils.js +806 -0
package/dist/cli-auth.d.ts +75 -0
package/dist/cli-auth.js +369 -0
package/dist/cli.d.ts +17 -0
package/dist/cli.js +99 -0
package/dist/core/actions.d.ts +69 -0
package/dist/core/actions.js +495 -0
package/dist/core/agent.d.ts +98 -0
package/dist/core/agent.js +558 -0
package/dist/core/answer.d.ts +42 -0
package/dist/core/answer.js +395 -0
package/dist/core/application-tracker.d.ts +84 -0
package/dist/core/application-tracker.js +184 -0
package/dist/core/apply.d.ts +162 -0
package/dist/core/apply.js +816 -0
package/dist/core/auth-detection.d.ts +35 -0
package/dist/core/auth-detection.js +358 -0
package/dist/core/auto-extract.d.ts +82 -0
package/dist/core/auto-extract.js +604 -0
package/dist/core/auto-interact.d.ts +23 -0
package/dist/core/auto-interact.js +246 -0
package/dist/core/bm25-filter.d.ts +66 -0
package/dist/core/bm25-filter.js +288 -0
package/dist/core/branding.d.ts +54 -0
package/dist/core/branding.js +234 -0
package/dist/core/browser-fetch.d.ts +323 -0
package/dist/core/browser-fetch.js +1600 -0
package/dist/core/browser-pool.d.ts +91 -0
package/dist/core/browser-pool.js +550 -0
package/dist/core/budget.d.ts +42 -0
package/dist/core/budget.js +324 -0
package/dist/core/business-intel.d.ts +47 -0
package/dist/core/business-intel.js +279 -0
package/dist/core/cache.d.ts +13 -0
package/dist/core/cache.js +121 -0
package/dist/core/cf-worker-proxy.d.ts +32 -0
package/dist/core/cf-worker-proxy.js +87 -0
package/dist/core/challenge-detection.d.ts +26 -0
package/dist/core/challenge-detection.js +468 -0
package/dist/core/change-tracking.d.ts +75 -0
package/dist/core/change-tracking.js +276 -0
package/dist/core/chunker.d.ts +46 -0
package/dist/core/chunker.js +249 -0
package/dist/core/chunking.d.ts +42 -0
package/dist/core/chunking.js +181 -0
package/dist/core/circuit-breaker.d.ts +44 -0
package/dist/core/circuit-breaker.js +85 -0
package/dist/core/content-pruner.d.ts +47 -0
package/dist/core/content-pruner.js +425 -0
package/dist/core/cookie-cache.d.ts +60 -0
package/dist/core/cookie-cache.js +163 -0
package/dist/core/crawl-checkpoint.d.ts +54 -0
package/dist/core/crawl-checkpoint.js +104 -0
package/dist/core/crawler.d.ts +84 -0
package/dist/core/crawler.js +349 -0
package/dist/core/cross-verify.d.ts +27 -0
package/dist/core/cross-verify.js +93 -0
package/dist/core/deep-fetch.d.ts +74 -0
package/dist/core/deep-fetch.js +405 -0
package/dist/core/deep-research.d.ts +141 -0
package/dist/core/deep-research.js +972 -0
package/dist/core/design-analysis.d.ts +70 -0
package/dist/core/design-analysis.js +490 -0
package/dist/core/design-compare.d.ts +38 -0
package/dist/core/design-compare.js +264 -0
package/dist/core/diff.d.ts +61 -0
package/dist/core/diff.js +289 -0
package/dist/core/dns-cache.d.ts +20 -0
package/dist/core/dns-cache.js +198 -0
package/dist/core/documents.d.ts +23 -0
package/dist/core/documents.js +123 -0
package/dist/core/domain-memory.d.ts +66 -0
package/dist/core/domain-memory.js +163 -0
package/dist/core/domain-verify.d.ts +40 -0
package/dist/core/domain-verify.js +379 -0
package/dist/core/engine-ranker.d.ts +112 -0
package/dist/core/engine-ranker.js +395 -0
package/dist/core/extract-inline.d.ts +38 -0
package/dist/core/extract-inline.js +215 -0
package/dist/core/extract-listings.d.ts +38 -0
package/dist/core/extract-listings.js +461 -0
package/dist/core/extract.d.ts +9 -0
package/dist/core/extract.js +139 -0
package/dist/core/fetch-cache.d.ts +57 -0
package/dist/core/fetch-cache.js +95 -0
package/dist/core/fetcher.d.ts +13 -0
package/dist/core/fetcher.js +12 -0
package/dist/core/google-cache.d.ts +29 -0
package/dist/core/google-cache.js +180 -0
package/dist/core/google-serp-parser.d.ts +82 -0
package/dist/core/google-serp-parser.js +287 -0
package/dist/core/hotel-search.d.ts +122 -0
package/dist/core/hotel-search.js +382 -0
package/dist/core/http-fetch.d.ts +72 -0
package/dist/core/http-fetch.js +820 -0
package/dist/core/human.d.ts +175 -0
package/dist/core/human.js +680 -0
package/dist/core/image-caption.d.ts +44 -0
package/dist/core/image-caption.js +271 -0
package/dist/core/jobs.d.ts +75 -0
package/dist/core/jobs.js +634 -0
package/dist/core/json-ld.d.ts +15 -0
package/dist/core/json-ld.js +617 -0
package/dist/core/language-detect.d.ts +18 -0
package/dist/core/language-detect.js +135 -0
package/dist/core/links.d.ts +10 -0
package/dist/core/links.js +44 -0
package/dist/core/llm-extract.d.ts +71 -0
package/dist/core/llm-extract.js +507 -0
package/dist/core/llm-provider.d.ts +100 -0
package/dist/core/llm-provider.js +702 -0
package/dist/core/local-search.d.ts +60 -0
package/dist/core/local-search.js +308 -0
package/dist/core/logger.d.ts +28 -0
package/dist/core/logger.js +104 -0
package/dist/core/map.d.ts +33 -0
package/dist/core/map.js +127 -0
package/dist/core/markdown.d.ts +92 -0
package/dist/core/markdown.js +809 -0
package/dist/core/metadata.d.ts +34 -0
package/dist/core/metadata.js +422 -0
package/dist/core/observe.d.ts +113 -0
package/dist/core/observe.js +395 -0
package/dist/core/ocr.d.ts +12 -0
package/dist/core/ocr.js +33 -0
package/dist/core/paginate.d.ts +31 -0
package/dist/core/paginate.js +106 -0
package/dist/core/pdf.d.ts +8 -0
package/dist/core/pdf.js +25 -0
package/dist/core/peel-tls.d.ts +25 -0
package/dist/core/peel-tls.js +220 -0
package/dist/core/pipeline.d.ts +132 -0
package/dist/core/pipeline.js +1666 -0
package/dist/core/profiles.d.ts +61 -0
package/dist/core/profiles.js +350 -0
package/dist/core/prompt-guard.d.ts +30 -0
package/dist/core/prompt-guard.js +119 -0
package/dist/core/proxy-config.d.ts +90 -0
package/dist/core/proxy-config.js +172 -0
package/dist/core/quick-answer.d.ts +53 -0
package/dist/core/quick-answer.js +833 -0
package/dist/core/rate-governor.d.ts +80 -0
package/dist/core/rate-governor.js +238 -0
package/dist/core/readability.d.ts +57 -0
package/dist/core/readability.js +533 -0
package/dist/core/research.d.ts +66 -0
package/dist/core/research.js +270 -0
package/dist/core/retry.d.ts +60 -0
package/dist/core/retry.js +119 -0
package/dist/core/safe-browsing.d.ts +30 -0
package/dist/core/safe-browsing.js +206 -0
package/dist/core/schema-extraction.d.ts +66 -0
package/dist/core/schema-extraction.js +352 -0
package/dist/core/schema-postprocess.d.ts +32 -0
package/dist/core/schema-postprocess.js +469 -0
package/dist/core/schema-templates.d.ts +19 -0
package/dist/core/schema-templates.js +143 -0
package/dist/core/screenshot.d.ts +224 -0
package/dist/core/screenshot.js +207 -0
package/dist/core/search-engines.d.ts +25 -0
package/dist/core/search-engines.js +182 -0
package/dist/core/search-provider.d.ts +243 -0
package/dist/core/search-provider.js +1629 -0
package/dist/core/searxng-provider.d.ts +35 -0
package/dist/core/searxng-provider.js +105 -0
package/dist/core/selective-evidence.d.ts +151 -0
package/dist/core/selective-evidence.js +389 -0
package/dist/core/site-search.d.ts +44 -0
package/dist/core/site-search.js +252 -0
package/dist/core/sitemap.d.ts +23 -0
package/dist/core/sitemap.js +105 -0
package/dist/core/source-credibility.d.ts +29 -0
package/dist/core/source-credibility.js +584 -0
package/dist/core/source-scoring.d.ts +166 -0
package/dist/core/source-scoring.js +396 -0
package/dist/core/stemmer.d.ts +38 -0
package/dist/core/stemmer.js +509 -0
package/dist/core/strategies.d.ts +104 -0
package/dist/core/strategies.js +1044 -0
package/dist/core/strategy-hooks.d.ts +145 -0
package/dist/core/strategy-hooks.js +74 -0
package/dist/core/structured-extract.d.ts +43 -0
package/dist/core/structured-extract.js +550 -0
package/dist/core/summarize.d.ts +17 -0
package/dist/core/summarize.js +78 -0
package/dist/core/synonyms.d.ts +42 -0
package/dist/core/synonyms.js +184 -0
package/dist/core/system-monitor.d.ts +61 -0
package/dist/core/system-monitor.js +133 -0
package/dist/core/table-format.d.ts +30 -0
package/dist/core/table-format.js +146 -0
package/dist/core/threat-feeds.d.ts +23 -0
package/dist/core/threat-feeds.js +104 -0
package/dist/core/timing.d.ts +21 -0
package/dist/core/timing.js +33 -0
package/dist/core/transcript-export.d.ts +47 -0
package/dist/core/transcript-export.js +107 -0
package/dist/core/user-agents.d.ts +82 -0
package/dist/core/user-agents.js +239 -0
package/dist/core/vertical-search.d.ts +54 -0
package/dist/core/vertical-search.js +158 -0
package/dist/core/watch-manager.d.ts +175 -0
package/dist/core/watch-manager.js +416 -0
package/dist/core/watch.d.ts +101 -0
package/dist/core/watch.js +389 -0
package/dist/core/youtube.d.ts +130 -0
package/dist/core/youtube.js +1175 -0
package/dist/ee/challenge-re-export.d.ts +1 -0
package/dist/ee/challenge-re-export.js +1 -0
package/dist/ee/challenge-solver.d.ts +72 -0
package/dist/ee/challenge-solver.js +720 -0
package/dist/ee/domain-extractors.d.ts +8 -0
package/dist/ee/domain-extractors.js +8 -0
package/dist/ee/domain-intel.d.ts +16 -0
package/dist/ee/domain-intel.js +133 -0
package/dist/ee/extractors/allrecipes.d.ts +2 -0
package/dist/ee/extractors/allrecipes.js +120 -0
package/dist/ee/extractors/amazon.d.ts +2 -0
package/dist/ee/extractors/amazon.js +78 -0
package/dist/ee/extractors/arxiv.d.ts +2 -0
package/dist/ee/extractors/arxiv.js +137 -0
package/dist/ee/extractors/bestbuy.d.ts +2 -0
package/dist/ee/extractors/bestbuy.js +78 -0
package/dist/ee/extractors/carscom.d.ts +2 -0
package/dist/ee/extractors/carscom.js +121 -0
package/dist/ee/extractors/coingecko.d.ts +2 -0
package/dist/ee/extractors/coingecko.js +134 -0
package/dist/ee/extractors/craigslist.d.ts +2 -0
package/dist/ee/extractors/craigslist.js +92 -0
package/dist/ee/extractors/devto.d.ts +2 -0
package/dist/ee/extractors/devto.js +135 -0
package/dist/ee/extractors/ebay.d.ts +2 -0
package/dist/ee/extractors/ebay.js +90 -0
package/dist/ee/extractors/espn.d.ts +2 -0
package/dist/ee/extractors/espn.js +260 -0
package/dist/ee/extractors/etsy.d.ts +2 -0
package/dist/ee/extractors/etsy.js +52 -0
package/dist/ee/extractors/facebook.d.ts +2 -0
package/dist/ee/extractors/facebook.js +46 -0
package/dist/ee/extractors/github.d.ts +2 -0
package/dist/ee/extractors/github.js +196 -0
package/dist/ee/extractors/google-flights.d.ts +2 -0
package/dist/ee/extractors/google-flights.js +176 -0
package/dist/ee/extractors/hackernews.d.ts +2 -0
package/dist/ee/extractors/hackernews.js +147 -0
package/dist/ee/extractors/imdb.d.ts +2 -0
package/dist/ee/extractors/imdb.js +172 -0
package/dist/ee/extractors/index.d.ts +26 -0
package/dist/ee/extractors/index.js +247 -0
package/dist/ee/extractors/instagram.d.ts +2 -0
package/dist/ee/extractors/instagram.js +102 -0
package/dist/ee/extractors/kalshi.d.ts +2 -0
package/dist/ee/extractors/kalshi.js +121 -0
package/dist/ee/extractors/kayak-cars.d.ts +2 -0
package/dist/ee/extractors/kayak-cars.js +270 -0
package/dist/ee/extractors/linkedin.d.ts +2 -0
package/dist/ee/extractors/linkedin.js +113 -0
package/dist/ee/extractors/medium.d.ts +2 -0
package/dist/ee/extractors/medium.js +130 -0
package/dist/ee/extractors/news.d.ts +4 -0
package/dist/ee/extractors/news.js +173 -0
package/dist/ee/extractors/npm.d.ts +2 -0
package/dist/ee/extractors/npm.js +86 -0
package/dist/ee/extractors/pdf.d.ts +2 -0
package/dist/ee/extractors/pdf.js +108 -0
package/dist/ee/extractors/pinterest.d.ts +2 -0
package/dist/ee/extractors/pinterest.js +34 -0
package/dist/ee/extractors/polymarket.d.ts +2 -0
package/dist/ee/extractors/polymarket.js +358 -0
package/dist/ee/extractors/producthunt.d.ts +2 -0
package/dist/ee/extractors/producthunt.js +88 -0
package/dist/ee/extractors/pubmed.d.ts +2 -0
package/dist/ee/extractors/pubmed.js +162 -0
package/dist/ee/extractors/pypi.d.ts +2 -0
package/dist/ee/extractors/pypi.js +80 -0
package/dist/ee/extractors/reddit.d.ts +2 -0
package/dist/ee/extractors/reddit.js +438 -0
package/dist/ee/extractors/redfin.d.ts +2 -0
package/dist/ee/extractors/redfin.js +156 -0
package/dist/ee/extractors/semanticscholar.d.ts +2 -0
package/dist/ee/extractors/semanticscholar.js +131 -0
package/dist/ee/extractors/shared.d.ts +12 -0
package/dist/ee/extractors/shared.js +76 -0
package/dist/ee/extractors/soundcloud.d.ts +2 -0
package/dist/ee/extractors/soundcloud.js +34 -0
package/dist/ee/extractors/sportsbetting.d.ts +2 -0
package/dist/ee/extractors/sportsbetting.js +37 -0
package/dist/ee/extractors/spotify.d.ts +2 -0
package/dist/ee/extractors/spotify.js +34 -0
package/dist/ee/extractors/stackoverflow.d.ts +2 -0
package/dist/ee/extractors/stackoverflow.js +61 -0
package/dist/ee/extractors/substack.d.ts +2 -0
package/dist/ee/extractors/substack.js +115 -0
package/dist/ee/extractors/substackroot.d.ts +2 -0
package/dist/ee/extractors/substackroot.js +46 -0
package/dist/ee/extractors/tiktok.d.ts +2 -0
package/dist/ee/extractors/tiktok.js +29 -0
package/dist/ee/extractors/tradingview.d.ts +2 -0
package/dist/ee/extractors/tradingview.js +182 -0
package/dist/ee/extractors/twitch.d.ts +2 -0
package/dist/ee/extractors/twitch.js +36 -0
package/dist/ee/extractors/twitter.d.ts +2 -0
package/dist/ee/extractors/twitter.js +327 -0
package/dist/ee/extractors/types.d.ts +14 -0
package/dist/ee/extractors/types.js +1 -0
package/dist/ee/extractors/walmart.d.ts +2 -0
package/dist/ee/extractors/walmart.js +50 -0
package/dist/ee/extractors/weather.d.ts +2 -0
package/dist/ee/extractors/weather.js +133 -0
package/dist/ee/extractors/wikipedia.d.ts +4 -0
package/dist/ee/extractors/wikipedia.js +235 -0
package/dist/ee/extractors/yelp.d.ts +2 -0
package/dist/ee/extractors/yelp.js +216 -0
package/dist/ee/extractors/youtube.d.ts +2 -0
package/dist/ee/extractors/youtube.js +189 -0
package/dist/ee/extractors/zillow.d.ts +54 -0
package/dist/ee/extractors/zillow.js +247 -0
package/dist/ee/extractors-re-export.d.ts +1 -0
package/dist/ee/extractors-re-export.js +1 -0
package/dist/ee/premium-hooks.d.ts +20 -0
package/dist/ee/premium-hooks.js +50 -0
package/dist/ee/spa-detection.d.ts +2 -0
package/dist/ee/spa-detection.js +2 -0
package/dist/ee/stability.d.ts +4 -0
package/dist/ee/stability.js +29 -0
package/dist/ee/swr-cache.d.ts +14 -0
package/dist/ee/swr-cache.js +34 -0
package/dist/index.d.ts +143 -0
package/dist/index.js +291 -0
package/dist/integrations/index.d.ts +2 -0
package/dist/integrations/index.js +2 -0
package/dist/integrations/langchain.d.ts +64 -0
package/dist/integrations/langchain.js +115 -0
package/dist/integrations/llamaindex.d.ts +50 -0
package/dist/integrations/llamaindex.js +91 -0
package/dist/mcp/handlers/act.d.ts +5 -0
package/dist/mcp/handlers/act.js +34 -0
package/dist/mcp/handlers/definitions.d.ts +6 -0
package/dist/mcp/handlers/definitions.js +395 -0
package/dist/mcp/handlers/extract.d.ts +7 -0
package/dist/mcp/handlers/extract.js +135 -0
package/dist/mcp/handlers/fetch.d.ts +6 -0
package/dist/mcp/handlers/fetch.js +98 -0
package/dist/mcp/handlers/find.d.ts +5 -0
package/dist/mcp/handlers/find.js +137 -0
package/dist/mcp/handlers/index.d.ts +13 -0
package/dist/mcp/handlers/index.js +63 -0
package/dist/mcp/handlers/legacy.d.ts +25 -0
package/dist/mcp/handlers/legacy.js +450 -0
package/dist/mcp/handlers/meta.d.ts +6 -0
package/dist/mcp/handlers/meta.js +40 -0
package/dist/mcp/handlers/monitor.d.ts +5 -0
package/dist/mcp/handlers/monitor.js +41 -0
package/dist/mcp/handlers/observe.d.ts +8 -0
package/dist/mcp/handlers/observe.js +37 -0
package/dist/mcp/handlers/read.d.ts +6 -0
package/dist/mcp/handlers/read.js +78 -0
package/dist/mcp/handlers/see.d.ts +5 -0
package/dist/mcp/handlers/see.js +75 -0
package/dist/mcp/handlers/types.d.ts +29 -0
package/dist/mcp/handlers/types.js +28 -0
package/dist/mcp/server.d.ts +7 -0
package/dist/mcp/server.js +108 -0
package/dist/mcp/smart-router.d.ts +23 -0
package/dist/mcp/smart-router.js +178 -0
package/dist/server/app.d.ts +14 -0
package/dist/server/app.js +632 -0
package/dist/server/auth-store.d.ts +28 -0
package/dist/server/auth-store.js +88 -0
package/dist/server/bull-queues.d.ts +60 -0
package/dist/server/bull-queues.js +90 -0
package/dist/server/email-service.d.ts +55 -0
package/dist/server/email-service.js +291 -0
package/dist/server/job-queue.d.ts +100 -0
package/dist/server/job-queue.js +145 -0
package/dist/server/logger.d.ts +10 -0
package/dist/server/logger.js +37 -0
package/dist/server/middleware/audit-log.d.ts +14 -0
package/dist/server/middleware/audit-log.js +73 -0
package/dist/server/middleware/auth.d.ts +35 -0
package/dist/server/middleware/auth.js +225 -0
package/dist/server/middleware/rate-limit.d.ts +50 -0
package/dist/server/middleware/rate-limit.js +270 -0
package/dist/server/middleware/scope-guard.d.ts +25 -0
package/dist/server/middleware/scope-guard.js +45 -0
package/dist/server/middleware/url-validator.d.ts +15 -0
package/dist/server/middleware/url-validator.js +201 -0
package/dist/server/openapi.yaml +6418 -0
package/dist/server/pg-auth-store.d.ts +146 -0
package/dist/server/pg-auth-store.js +576 -0
package/dist/server/pg-job-queue.d.ts +59 -0
package/dist/server/pg-job-queue.js +375 -0
package/dist/server/routes/activity.d.ts +6 -0
package/dist/server/routes/activity.js +79 -0
package/dist/server/routes/admin-active.d.ts +7 -0
package/dist/server/routes/admin-active.js +120 -0
package/dist/server/routes/admin-stats.d.ts +7 -0
package/dist/server/routes/admin-stats.js +176 -0
package/dist/server/routes/agent.d.ts +24 -0
package/dist/server/routes/agent.js +480 -0
package/dist/server/routes/answer.d.ts +5 -0
package/dist/server/routes/answer.js +125 -0
package/dist/server/routes/ask.d.ts +28 -0
package/dist/server/routes/ask.js +295 -0
package/dist/server/routes/batch.d.ts +6 -0
package/dist/server/routes/batch.js +493 -0
package/dist/server/routes/cache-warm.d.ts +25 -0
package/dist/server/routes/cache-warm.js +212 -0
package/dist/server/routes/cli-usage.d.ts +6 -0
package/dist/server/routes/cli-usage.js +127 -0
package/dist/server/routes/compat.d.ts +23 -0
package/dist/server/routes/compat.js +652 -0
package/dist/server/routes/crawl.d.ts +13 -0
package/dist/server/routes/crawl.js +287 -0
package/dist/server/routes/deep-fetch.d.ts +8 -0
package/dist/server/routes/deep-fetch.js +57 -0
package/dist/server/routes/deep-research.d.ts +11 -0
package/dist/server/routes/deep-research.js +232 -0
package/dist/server/routes/demo.d.ts +24 -0
package/dist/server/routes/demo.js +517 -0
package/dist/server/routes/do.d.ts +8 -0
package/dist/server/routes/do.js +72 -0
package/dist/server/routes/extract.d.ts +14 -0
package/dist/server/routes/extract.js +325 -0
package/dist/server/routes/feed.d.ts +15 -0
package/dist/server/routes/feed.js +311 -0
package/dist/server/routes/fetch-queue.d.ts +13 -0
package/dist/server/routes/fetch-queue.js +357 -0
package/dist/server/routes/fetch.d.ts +7 -0
package/dist/server/routes/fetch.js +1274 -0
package/dist/server/routes/go.d.ts +14 -0
package/dist/server/routes/go.js +81 -0
package/dist/server/routes/health.d.ts +11 -0
package/dist/server/routes/health.js +141 -0
package/dist/server/routes/jobs.d.ts +7 -0
package/dist/server/routes/jobs.js +574 -0
package/dist/server/routes/map.d.ts +11 -0
package/dist/server/routes/map.js +116 -0
package/dist/server/routes/mcp.d.ts +14 -0
package/dist/server/routes/mcp.js +197 -0
package/dist/server/routes/metrics.d.ts +37 -0
package/dist/server/routes/metrics.js +149 -0
package/dist/server/routes/oauth.d.ts +9 -0
package/dist/server/routes/oauth.js +396 -0
package/dist/server/routes/playground.d.ts +17 -0
package/dist/server/routes/playground.js +283 -0
package/dist/server/routes/reader.d.ts +18 -0
package/dist/server/routes/reader.js +192 -0
package/dist/server/routes/research.d.ts +14 -0
package/dist/server/routes/research.js +482 -0
package/dist/server/routes/screenshot.d.ts +22 -0
package/dist/server/routes/screenshot.js +820 -0
package/dist/server/routes/search.d.ts +6 -0
package/dist/server/routes/search.js +874 -0
package/dist/server/routes/session.d.ts +17 -0
package/dist/server/routes/session.js +548 -0
package/dist/server/routes/share.d.ts +18 -0
package/dist/server/routes/share.js +462 -0
package/dist/server/routes/smart-search/handlers/cars.d.ts +2 -0
package/dist/server/routes/smart-search/handlers/cars.js +102 -0
package/dist/server/routes/smart-search/handlers/flights.d.ts +2 -0
package/dist/server/routes/smart-search/handlers/flights.js +72 -0
package/dist/server/routes/smart-search/handlers/general.d.ts +13 -0
package/dist/server/routes/smart-search/handlers/general.js +717 -0
package/dist/server/routes/smart-search/handlers/hotels.d.ts +2 -0
package/dist/server/routes/smart-search/handlers/hotels.js +88 -0
package/dist/server/routes/smart-search/handlers/products.d.ts +2 -0
package/dist/server/routes/smart-search/handlers/products.js +1309 -0
package/dist/server/routes/smart-search/handlers/rental.d.ts +2 -0
package/dist/server/routes/smart-search/handlers/rental.js +154 -0
package/dist/server/routes/smart-search/handlers/restaurants.d.ts +2 -0
package/dist/server/routes/smart-search/handlers/restaurants.js +225 -0
package/dist/server/routes/smart-search/handlers/transit-verdict.d.ts +41 -0
package/dist/server/routes/smart-search/handlers/transit-verdict.js +224 -0
package/dist/server/routes/smart-search/index.d.ts +19 -0
package/dist/server/routes/smart-search/index.js +546 -0
package/dist/server/routes/smart-search/intent.d.ts +3 -0
package/dist/server/routes/smart-search/intent.js +264 -0
package/dist/server/routes/smart-search/llm.d.ts +16 -0
package/dist/server/routes/smart-search/llm.js +70 -0
package/dist/server/routes/smart-search/sources/reddit.d.ts +18 -0
package/dist/server/routes/smart-search/sources/reddit.js +34 -0
package/dist/server/routes/smart-search/sources/yelp.d.ts +25 -0
package/dist/server/routes/smart-search/sources/yelp.js +171 -0
package/dist/server/routes/smart-search/sources/youtube.d.ts +8 -0
package/dist/server/routes/smart-search/sources/youtube.js +9 -0
package/dist/server/routes/smart-search/types.d.ts +81 -0
package/dist/server/routes/smart-search/types.js +1 -0
package/dist/server/routes/smart-search/utils.d.ts +20 -0
package/dist/server/routes/smart-search/utils.js +146 -0
package/dist/server/routes/stats.d.ts +6 -0
package/dist/server/routes/stats.js +71 -0
package/dist/server/routes/stripe.d.ts +15 -0
package/dist/server/routes/stripe.js +296 -0
package/dist/server/routes/transcript-export.d.ts +10 -0
package/dist/server/routes/transcript-export.js +178 -0
package/dist/server/routes/usage.d.ts +9 -0
package/dist/server/routes/usage.js +279 -0
package/dist/server/routes/users.d.ts +8 -0
package/dist/server/routes/users.js +1867 -0
package/dist/server/routes/watch.d.ts +15 -0
package/dist/server/routes/watch.js +309 -0
package/dist/server/routes/webhooks.d.ts +26 -0
package/dist/server/routes/webhooks.js +170 -0
package/dist/server/routes/youtube.d.ts +6 -0
package/dist/server/routes/youtube.js +130 -0
package/dist/server/sentry.d.ts +14 -0
package/dist/server/sentry.js +104 -0
package/dist/server/types.d.ts +15 -0
package/dist/server/types.js +7 -0
package/dist/server/utils/response.d.ts +44 -0
package/dist/server/utils/response.js +69 -0
package/dist/server/utils/sse.d.ts +22 -0
package/dist/server/utils/sse.js +38 -0
package/dist/types.d.ts +552 -0
package/dist/types.js +39 -0
package/llms.txt +105 -0
package/package.json +189 -0

package/dist/server/app.js ADDED Viewed

@@ -0,0 +1,632 @@
+/**
+ * WebPeel API Server
+ * Express-based REST API for hosted deployments
+ */
+// Force IPv4-first DNS resolution to prevent IPv6 failures in containers
+// (Render's Docker containers can't do IPv6 outbound, causing IANA/Cloudflare sites to fail)
+import dns from 'dns';
+dns.setDefaultResultOrder('ipv4first');
+import express from 'express';
+import './types.js'; // Augments Express.Request with requestId
+import cors from 'cors';
+import helmet from 'helmet';
+import { createLogger } from './logger.js';
+const log = createLogger('server');
+import { InMemoryAuthStore } from './auth-store.js';
+import { PostgresAuthStore } from './pg-auth-store.js';
+import { createAuthMiddleware } from './middleware/auth.js';
+import { createRateLimitMiddleware, RateLimiter } from './middleware/rate-limit.js';
+import { createHealthRouter } from './routes/health.js';
+import { createFetchRouter } from './routes/fetch.js';
+import { createSearchRouter } from './routes/search.js';
+import { createSmartSearchRouter } from './routes/smart-search/index.js';
+import { createUserRouter } from './routes/users.js';
+import { createStripeRouter, createBillingPortalRouter } from './routes/stripe.js';
+import { createOAuthRouter } from './routes/oauth.js';
+import { createStatsRouter } from './routes/stats.js';
+import { createActivityRouter } from './routes/activity.js';
+import { createCLIUsageRouter } from './routes/cli-usage.js';
+import { createUsageRouter } from './routes/usage.js';
+import { createAdminStatsRouter } from './routes/admin-stats.js';
+import { createAdminActiveRouter } from './routes/admin-active.js';
+import { createJobsRouter } from './routes/jobs.js';
+import { createBatchRouter } from './routes/batch.js';
+import { createAnswerRouter } from './routes/answer.js';
+import { createDeepResearchRouter } from './routes/deep-research.js';
+import { createResearchRouter } from './routes/research.js';
+import { createAskRouter } from './routes/ask.js';
+import { createMcpRouter } from './routes/mcp.js';
+import { createDoRouter } from './routes/do.js';
+import { createYouTubeRouter } from './routes/youtube.js';
+import { createTranscriptExportRouter } from './routes/transcript-export.js';
+import { createDeepFetchRouter } from './routes/deep-fetch.js';
+import { createFeedRouter } from './routes/feed.js';
+import { createGoRouter } from './routes/go.js';
+import { createWatchRouter } from './routes/watch.js';
+import pg from 'pg';
+import { createScreenshotRouter } from './routes/screenshot.js';
+import { createDemoRouter } from './routes/demo.js';
+import { createPlaygroundRouter } from './routes/playground.js';
+import { createReaderRouter } from './routes/reader.js';
+import { createSharePublicRouter, createShareRouter } from './routes/share.js';
+import { createJobQueue } from './job-queue.js';
+import { createQueueFetchRouter } from './routes/fetch-queue.js';
+import { createCompatRouter } from './routes/compat.js';
+import { createCrawlRouter } from './routes/crawl.js';
+import { createMapRouter } from './routes/map.js';
+import { createExtractRouter } from './routes/extract.js';
+import { createAgentRouter } from './routes/agent.js';
+import { createSessionRouter } from './routes/session.js';
+import { createSentryHooks } from './sentry.js';
+import { createMetricsRouter, metricsMiddleware } from './routes/metrics.js';
+import { requireScope } from './middleware/scope-guard.js';
+import { auditMiddleware } from './middleware/audit-log.js';
+import { createCacheWarmRouter, startCacheWarmer } from './routes/cache-warm.js';
+import { warmup, cleanup as cleanupFetcher } from '../core/fetcher.js';
+// Proprietary modules — loaded dynamically so the build works without TypeScript source.
+let setExtractorRedis;
+let registerPremiumHooks;
+try {
+    const de = await import('../ee/domain-extractors.js');
+    setExtractorRedis = de.setExtractorRedis;
+}
+catch { /* ee module not available */ }
+try {
+    const ph = await import('../ee/premium-hooks.js');
+    registerPremiumHooks = ph.registerPremiumHooks;
+}
+catch { /* ee module not available */ }
+import { readFileSync } from 'fs';
+import { join, dirname } from 'path';
+import { fileURLToPath } from 'url';
+// Resolve path to the OpenAPI spec (works from both src/ and dist/)
+const __dirname_app = dirname(fileURLToPath(import.meta.url));
+let _openApiYaml = null;
+function getOpenApiYaml() {
+    if (_openApiYaml !== null)
+        return _openApiYaml;
+    try {
+        // Try src/server/openapi.yaml relative to compiled dist/server/
+        const candidates = [
+            join(__dirname_app, 'openapi.yaml'),
+            join(__dirname_app, '..', '..', 'src', 'server', 'openapi.yaml'),
+        ];
+        for (const candidate of candidates) {
+            try {
+                _openApiYaml = readFileSync(candidate, 'utf-8');
+                return _openApiYaml;
+            }
+            catch {
+                // try next
+            }
+        }
+        throw new Error('openapi.yaml not found');
+    }
+    catch (e) {
+        return '# openapi.yaml not found\n';
+    }
+}
+// ─── Graceful shutdown state ─────────────────────────────────────────────────
+// Shared between createApp (middleware reads it) and startServer (shutdown sets it).
+let isShuttingDown = false;
+const activeRequests = new Set();
+export function createApp(config = {}) {
+    const app = express();
+    // SECURITY: Trust proxy for Render/production (HTTPS only)
+    app.set('trust proxy', 1);
+    // ─── Request ID ─────────────────────────────────────────────────────────────
+    // Generate a UUID v4 for every request so errors and logs are traceable.
+    // Must run before all other middleware so req.requestId is always set.
+    app.use((req, res, next) => {
+        req.requestId = crypto.randomUUID();
+        res.setHeader('X-Request-Id', req.requestId);
+        next();
+    });
+    // ─── Shutdown-aware request tracking ────────────────────────────────────────
+    // Must be AFTER request ID (needs req.requestId) and BEFORE timeouts/auth.
+    // During shutdown: returns 503 to new requests; tracks active requests to drain.
+    app.use((req, res, next) => {
+        if (isShuttingDown) {
+            res.setHeader('Retry-After', '10');
+            res.status(503).json({
+                success: false,
+                error: {
+                    type: 'service_unavailable',
+                    message: 'Server is shutting down. Retry shortly.',
+                    docs: 'https://webpeel.dev/docs/errors#service-unavailable',
+                },
+            });
+            return;
+        }
+        const id = req.requestId;
+        activeRequests.add(id);
+        const cleanup = () => activeRequests.delete(id);
+        res.on('finish', cleanup);
+        res.on('close', cleanup);
+        next();
+    });
+    // ─── Prometheus metrics middleware ──────────────────────────────────────────
+    // Records request counts, durations, and active request gauge.
+    app.use(metricsMiddleware());
+    // Hard server-side timeouts — no request runs longer than this
+    app.use((req, res, next) => {
+        const path = req.path;
+        let timeoutMs = 30000; // 30s default
+        const urlParam = req.query?.url || '';
+        if (path.includes('/crawl') || path.includes('/map'))
+            timeoutMs = 300000; // 5min for crawls
+        else if (path.includes('/batch'))
+            timeoutMs = 120000; // 2min for batch
+        else if (path.includes('/screenshot'))
+            timeoutMs = 60000; // 1min for screenshots
+        else if (path.includes('/search/smart'))
+            timeoutMs = 45000; // 45s for smart search (Yelp+Reddit+Ollama chain)
+        else if (req.query?.render === 'true' || req.query?.stealth === 'true')
+            timeoutMs = 60000; // 1min for browser/stealth fetches
+        else if (urlParam.includes('youtube.com') || urlParam.includes('youtu.be'))
+            timeoutMs = 90000; // 90s for YouTube (yt-dlp needs time after simpleFetch fails)
+        req.setTimeout(timeoutMs);
+        res.setTimeout(timeoutMs, () => {
+            if (!res.headersSent) {
+                res.status(504).json({
+                    success: false,
+                    error: {
+                        type: 'timeout',
+                        message: `Request timed out after ${timeoutMs / 1000}s`,
+                        hint: 'Try reducing the scope of your request or upgrading your plan for higher limits.',
+                        docs: 'https://webpeel.dev/docs/errors#timeout',
+                    },
+                    metadata: { requestId: req.requestId },
+                });
+            }
+        });
+        next();
+    });
+    // Optional error tracking (enabled only when SENTRY_DSN is set)
+    const sentry = createSentryHooks();
+    if (sentry.requestHandler) {
+        app.use(sentry.requestHandler);
+    }
+    // Stripe webhook route MUST come before express.json() to get raw body
+    const stripeRouter = createStripeRouter();
+    app.use('/v1/webhooks/stripe', express.raw({ type: 'application/json' }), stripeRouter);
+    // Middleware
+    // SECURITY: Limit request body size to prevent DoS
+    app.use(express.json({ limit: '1mb' }));
+    // Security headers via Helmet
+    app.use(helmet({
+        contentSecurityPolicy: false, // Disabled — API serves JSON, not HTML pages
+        crossOriginEmbedderPolicy: false, // Allow embedding for widget/docs
+        hsts: { maxAge: 31536000, includeSubDomains: true, preload: true },
+        referrerPolicy: { policy: 'strict-origin-when-cross-origin' },
+        frameguard: { action: 'deny' }, // Prevent clickjacking
+        noSniff: true, // X-Content-Type-Options: nosniff
+        xssFilter: true, // X-XSS-Protection
+    }));
+    // Audit logging — records who accessed which /v1/ endpoints and the outcome.
+    // Privacy-safe: logs userId, method, path, status, duration, IP — no bodies or secrets.
+    app.use(auditMiddleware);
+    // GDPR / Privacy: Data retention policy header — indicates we only store metadata, not fetched content
+    app.use((_req, res, next) => {
+        res.setHeader('X-Data-Retention', 'metadata-only');
+        next();
+    });
+    // CORS configuration
+    // Always allow our own domains + any env-configured origins
+    const envOrigins = process.env.CORS_ORIGINS ? process.env.CORS_ORIGINS.split(',').map(s => s.trim()) : [];
+    const defaultOrigins = [
+        'https://app.webpeel.dev',
+        'https://webpeel.dev',
+        // Only allow localhost in development (security: prevents credentialed cross-origin from local pages)
+        ...(process.env.NODE_ENV !== 'production' ? ['http://localhost:3000', 'http://localhost:3001'] : []),
+    ];
+    const corsOrigins = config.corsOrigins || [...new Set([...defaultOrigins, ...envOrigins])];
+    app.use(cors({
+        origin: (origin, callback) => {
+            // Allow requests with no origin (e.g. curl, server-to-server)
+            if (!origin)
+                return callback(null, true);
+            if (corsOrigins.includes(origin))
+                return callback(null, origin);
+            // Unknown origins: allow (API key clients need cross-origin access) but no credentials.
+            // SECURITY: Return '*' instead of reflecting the origin — wildcard is incompatible with
+            // credentials (browsers reject Allow-Credentials + *), prevents origin-specific CORS caching,
+            // and avoids security-scanner false positives from reflected origins.
+            return callback(null, '*');
+        },
+        // credentials: set conditionally via post-cors middleware below
+        credentials: false,
+    }));
+    // Set Access-Control-Allow-Credentials only for trusted origins
+    app.use((req, res, next) => {
+        const origin = req.headers.origin;
+        if (origin && corsOrigins.includes(origin)) {
+            res.setHeader('Access-Control-Allow-Credentials', 'true');
+        }
+        next();
+    });
+    // GDPR / Privacy: Data retention policy header — indicates we only store metadata, not fetched content
+    app.use((_req, res, next) => {
+        res.setHeader('X-Data-Retention', 'metadata-only');
+        next();
+    });
+    // SECURITY: Security headers
+    app.disable('x-powered-by');
+    app.use((_req, res, next) => {
+        res.setHeader('X-Content-Type-Options', 'nosniff');
+        res.setHeader('X-Frame-Options', 'DENY');
+        res.setHeader('Strict-Transport-Security', 'max-age=63072000; includeSubDomains; preload');
+        res.setHeader('X-XSS-Protection', '1; mode=block');
+        res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
+        res.setHeader('Permissions-Policy', 'geolocation=(), microphone=(), camera=()');
+        // API-safe CSP: JSON-only API does not need scripts/styles/fonts.
+        // Keep this strict to reduce attack surface without affecting API clients.
+        res.setHeader('Content-Security-Policy', "default-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'");
+        // Best-effort removal of Render's origin header (may be re-added by proxy)
+        res.removeHeader('x-render-origin-server');
+        next();
+    });
+    // SECURITY: JSON parse error handler
+    app.use((err, req, res, next) => {
+        if (err instanceof SyntaxError && 'body' in err) {
+            res.status(400).json({
+                success: false,
+                error: {
+                    type: 'invalid_request',
+                    message: 'Malformed JSON in request body',
+                    hint: 'Ensure the request body is valid JSON',
+                    docs: 'https://webpeel.dev/docs/api-reference#errors',
+                },
+                requestId: req.requestId,
+            });
+            return;
+        }
+        next(err);
+    });
+    // Auth store - Use PostgreSQL if DATABASE_URL is set, otherwise in-memory
+    const usePostgres = config.usePostgres ?? !!process.env.DATABASE_URL;
+    const authStore = usePostgres
+        ? new PostgresAuthStore()
+        : new InMemoryAuthStore();
+    log.info(`Using ${usePostgres ? 'PostgreSQL' : 'in-memory'} auth store`);
+    // PostgreSQL pool for features that need direct DB access (watch, etc.)
+    const pool = process.env.DATABASE_URL
+        ? new pg.Pool({
+            connectionString: process.env.DATABASE_URL,
+            ssl: process.env.NODE_ENV === 'production' ? { rejectUnauthorized: true } : false,
+        })
+        : null;
+    // Job queue - Use PostgreSQL if DATABASE_URL is set, otherwise in-memory
+    const jobQueue = createJobQueue();
+    // Rate limiter
+    const rateLimiter = new RateLimiter(config.rateLimitWindowMs || 3_600_000); // 1 hour
+    // Clean up rate limiter every 5 minutes
+    setInterval(() => {
+        rateLimiter.cleanup();
+    }, 5 * 60 * 1000);
+    // Health check MUST be before auth/rate-limit middleware
+    // Render hits /health every ~30s; rate-limiting it causes 429 → service marked as failed
+    // Pass pool so /ready can check DB connectivity
+    app.use(createHealthRouter(pool));
+    // Prometheus metrics — admin or internal IPs (K8s Prometheus scraper) only
+    app.use(createMetricsRouter());
+    // Affiliate redirect — /go/:store/*path — public, no auth required
+    app.use(createGoRouter());
+    // OpenAPI spec — public, no auth required
+    app.get('/openapi.yaml', (_req, res) => {
+        res.setHeader('Content-Type', 'application/yaml; charset=utf-8');
+        res.setHeader('Cache-Control', 'public, max-age=3600');
+        res.send(getOpenApiYaml());
+    });
+    // Redirect /openapi.json to YAML spec (no extra dependency needed)
+    app.get('/openapi.json', (_req, res) => {
+        res.redirect(301, '/openapi.yaml');
+    });
+    // Developer-friendly redirect
+    app.get('/docs/api', (_req, res) => {
+        res.redirect('/openapi.yaml');
+    });
+    // Internal cache-warming endpoints — unauthenticated (self-auth via bearer token)
+    // Must be BEFORE auth middleware so the CF Worker can call without an API key
+    app.use(createCacheWarmRouter(pool));
+    // Demo endpoint — unauthenticated, must be before auth middleware
+    app.use(createDemoRouter());
+    // Playground endpoint — unauthenticated, CORS-locked to webpeel.dev/localhost
+    app.use('/v1/playground', createPlaygroundRouter());
+    // Public share endpoint — GET /s/:id (no auth required, must be before reader router)
+    // Registered first so valid share IDs are served before falling through to reader's /s/* search
+    app.use(createSharePublicRouter(pool));
+    // Zero-auth reader API — Jina-style URL prefix (/r/URL) and search (/s/query)
+    // Must be BEFORE auth middleware so no API key is required
+    app.use(createReaderRouter());
+    // Apply auth middleware globally
+    app.use(createAuthMiddleware(authStore));
+    // Apply rate limiting middleware globally
+    app.use(createRateLimitMiddleware(rateLimiter));
+    // Share links — POST /v1/share (auth required, after auth middleware)
+    app.use(createShareRouter(pool));
+    // First-class native routes (registered before compat so they take precedence)
+    //
+    // Scope guards enforce API key permission scopes; JWT sessions bypass them.
+    // For routers with relative paths: app.use(path, guard, router)    ← prefix stripped, relative paths match
+    // For routers with absolute paths: app.use(path, guard) then app.use(router) ← guard at path, router sees full path
+    // /v1/crawl — full or read only (router uses relative paths)
+    app.use('/v1/crawl', requireScope('full', 'read'), createCrawlRouter(jobQueue));
+    // /v1/map — full or read only (router uses relative paths)
+    app.use('/v1/map', requireScope('full', 'read'), createMapRouter());
+    // Compat routes (/v1/scrape, /v1/search) — all scopes allowed, no guard needed
+    app.use(createCompatRouter(jobQueue));
+    app.use(createSessionRouter());
+    // /v1/extract — full or read only (router uses absolute paths, guard before router)
+    app.use('/v1/extract', requireScope('full', 'read'));
+    app.use(createExtractRouter());
+    // /v1/deep-fetch — full or read only (router uses absolute paths, guard before router)
+    app.use('/v1/deep-fetch', requireScope('full', 'read'));
+    app.use(createDeepFetchRouter());
+    // /v1/watch — full or read only (router uses absolute paths, guard before router)
+    if (pool) {
+        app.use('/v1/watch', requireScope('full', 'read'));
+        app.use(createWatchRouter(pool));
+    }
+    // /v1/fetch, /v1/search — all scopes allowed, no guard needed
+    // In queue mode (API_MODE=queue), /v1/fetch and /v1/render are replaced by
+    // queue-backed endpoints that enqueue Bull jobs and return { jobId, status }.
+    // GET /v1/jobs/:id is also provided by the queue router for result polling.
+    if (process.env.API_MODE === 'queue') {
+        app.use(createQueueFetchRouter());
+    }
+    else {
+        app.use(createFetchRouter(authStore));
+    }
+    // /v1/screenshot — full or read only (router uses absolute paths, guard before router)
+    app.use('/v1/screenshot', requireScope('full', 'read'));
+    app.use(createScreenshotRouter(authStore));
+    // /v1/feed — feed discovery and parsing (all scopes allowed, no scope guard needed)
+    app.use(createFeedRouter(authStore));
+    app.use(createSearchRouter(authStore));
+    // /v1/search/smart — intent detection + travel/commerce routing (POST)
+    app.use(createSmartSearchRouter(authStore));
+    // /v1/research — lightweight research (search → fetch → compile), BYOK LLM optional
+    app.use('/v1/research', requireScope('full', 'read'));
+    app.use(createResearchRouter());
+    app.use(createBillingPortalRouter(pool));
+    app.use(createUserRouter());
+    app.use(createOAuthRouter());
+    app.use(createStatsRouter(authStore));
+    app.use(createActivityRouter(authStore));
+    app.use(createCLIUsageRouter());
+    // Usage API — authenticated users (professional usage tracking)
+    app.use(createUsageRouter());
+    // Admin endpoints — admin tier only (routers check internally)
+    app.use(createAdminStatsRouter());
+    app.use(createAdminActiveRouter());
+    app.use(createJobsRouter(jobQueue, authStore));
+    // /v1/batch — full or read only (router uses absolute paths, guard before router)
+    app.use('/v1/batch', requireScope('full', 'read'));
+    app.use(createBatchRouter(jobQueue));
+    // Deprecation headers for declining endpoints
+    app.use('/v1/answer', (_req, res, next) => {
+        res.set('Deprecation', 'true');
+        res.set('Sunset', '2026-06-01');
+        res.set('Link', '</v1/ask>; rel="successor-version"');
+        next();
+    });
+    // /v1/answer, /v1/ask — all scopes allowed, no guard needed
+    app.use(createAnswerRouter());
+    // /v1/deep-research — full or read only
+    app.use('/v1/deep-research', requireScope('full', 'read'));
+    app.use(createDeepResearchRouter());
+    app.use(createAskRouter());
+    // /v1/agent — full or read only (router uses relative paths)
+    app.use('/v1/agent', requireScope('full', 'read'), createAgentRouter());
+    // /v1/do — full only (router uses relative paths; admin-level operation)
+    app.use('/v1/do', requireScope('full'), createDoRouter());
+    app.use(createYouTubeRouter());
+    app.use(createTranscriptExportRouter());
+    app.use(createMcpRouter(authStore, pool));
+    // 404 handler
+    app.use((req, res) => {
+        res.status(404).json({
+            success: false,
+            error: {
+                type: 'not_found',
+                message: 'Not found',
+                docs: 'https://webpeel.dev/docs/api-reference',
+            },
+            requestId: req.requestId,
+        });
+    });
+    // Sentry error middleware should run before the generic error handler.
+    if (sentry.errorHandler) {
+        app.use(sentry.errorHandler);
+    }
+    // Global error response normalizer — ensures ALL errors use the same structured shape.
+    // Catches errors thrown via next(err) that may have a flat format {error: string, message: string}.
+    // Must run before the generic error handler below.
+    app.use((err, req, res, next) => {
+        // Skip if error is already in structured format (has error.type or error.message as object)
+        if (err && typeof err.error === 'object' && err.error !== null) {
+            return next(err);
+        }
+        // Skip standard Error objects (handled by the generic error handler with Playwright sanitization)
+        if (err instanceof Error && !err.hasOwnProperty('statusCode') && !err.hasOwnProperty('status')) {
+            return next(err);
+        }
+        const statusCode = (err && (err.statusCode || err.status)) || 500;
+        if (res.headersSent)
+            return next(err);
+        const requestId = req.requestId || req.headers['x-request-id'] || crypto.randomUUID();
+        res.status(statusCode).json({
+            success: false,
+            error: {
+                type: (err && (err.type || err.error)) || 'server_error',
+                message: (err && err.message) || 'An unexpected error occurred',
+                ...((err && err.hint) ? { hint: err.hint } : {}),
+                ...((err && err.docs) ? { docs: err.docs } : {}),
+            },
+            requestId,
+        });
+    });
+    // Error handler - SECURITY: sanitize errors in production to prevent leaking
+    // Playwright stack traces, internal paths, or other sensitive details.
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    app.use((err, req, res, _next) => {
+        log.error('Unhandled error', { message: err.message, stack: err.stack }); // Log full error server-side
+        if (res.headersSent)
+            return; // Avoid double-send crash
+        if (process.env.NODE_ENV === 'production') {
+            // Strip Playwright/browser launch errors and stack traces from responses
+            const sanitized = (err.message || 'An unexpected error occurred')
+                .replace(/browserType\.launch:.*$/s, 'Browser rendering unavailable on this server. Use the CLI with --render for browser-rendered content.')
+                .replace(/at\s+\S.*\n?/g, '') // strip "at <location>" stack lines
+                .trim() || 'An unexpected error occurred';
+            res.status(500).json({
+                success: false,
+                error: {
+                    type: 'internal_error',
+                    message: sanitized,
+                    docs: 'https://webpeel.dev/docs/api-reference#errors',
+                },
+                requestId: req.requestId,
+            });
+        }
+        else {
+            res.status(500).json({
+                success: false,
+                error: {
+                    type: 'internal_error',
+                    message: err.message || 'An unexpected error occurred',
+                    docs: 'https://webpeel.dev/docs/api-reference#errors',
+                },
+                requestId: req.requestId,
+                stack: err.stack,
+            });
+        }
+    });
+    return app;
+}
+export function startServer(config = {}) {
+    const app = createApp(config);
+    const port = config.port || parseInt(process.env.PORT || '3000', 10);
+    // Activate premium strategy hooks (SWR cache, domain intelligence, race).
+    registerPremiumHooks?.();
+    // Inject Redis into the domain extractor cache for cross-pod cache sharing.
+    // When REDIS_URL is set (multi-pod k8s deployments), all pods share one cache
+    // so the first pod to fetch a URL populates it for all others.
+    if (process.env.REDIS_URL) {
+        // @ts-ignore — ioredis CJS/ESM interop
+        import('ioredis').then((IoRedisModule) => {
+            const IoRedis = IoRedisModule.default ?? IoRedisModule;
+            const url = process.env.REDIS_URL;
+            const parsed = new URL(url);
+            const redis = new IoRedis({
+                host: parsed.hostname,
+                port: parseInt(parsed.port || '6379', 10),
+                db: parseInt(parsed.pathname?.slice(1) || '0', 10) || 0,
+                lazyConnect: true,
+                maxRetriesPerRequest: 3,
+                enableOfflineQueue: false,
+            });
+            setExtractorRedis?.(redis);
+            log.info('Redis extractor cache initialized (shared cross-pod cache active)');
+        }).catch((err) => {
+            log.warn('Failed to init Redis extractor cache (in-memory only)', { error: err.message });
+        });
+    }
+    // Pre-warm browser resources in the background to reduce first-request latency.
+    void warmup().catch((error) => {
+        log.warn('Browser warmup failed', { error: error instanceof Error ? error.message : String(error) });
+    });
+    // Build a dedicated pool for the cache warmer (separate from the app pool inside createApp)
+    const warmerPool = process.env.DATABASE_URL
+        ? new pg.Pool({
+            connectionString: process.env.DATABASE_URL,
+            ssl: process.env.NODE_ENV === 'production' ? { rejectUnauthorized: true } : false,
+            max: 2, // small pool — warmer only needs occasional queries
+        })
+        : null;
+    const server = app.listen(port, () => {
+        log.info(`WebPeel API server listening on port ${port}`);
+        log.info(`Health: http://localhost:${port}/health  Fetch: /v1/fetch  Search: /v1/search`);
+        // Start cache warmer only when opted-in
+        if (process.env.ENABLE_CACHE_WARM === 'true') {
+            log.info('Cache warming enabled (ENABLE_CACHE_WARM=true)');
+            startCacheWarmer(warmerPool);
+        }
+    });
+    // Graceful shutdown
+    const shutdown = async () => {
+        if (isShuttingDown)
+            return; // prevent double-shutdown
+        isShuttingDown = true;
+        log.info('SIGTERM received — draining active requests...');
+        // Stop accepting new connections
+        server.close(() => {
+            log.info('HTTP server closed (no new connections)');
+        });
+        // Wait for active requests (max 25s, leaving 5s buffer for cleanup)
+        const drainDeadline = Date.now() + 25_000;
+        while (activeRequests.size > 0 && Date.now() < drainDeadline) {
+            log.info(`Waiting for ${activeRequests.size} active requests to complete...`);
+            await new Promise(r => setTimeout(r, 500));
+        }
+        if (activeRequests.size > 0) {
+            log.warn(`Force-closing ${activeRequests.size} active requests`);
+        }
+        // Cleanup resources
+        try {
+            await cleanupFetcher();
+            // Close the warmer DB pool (app pool is internal to createApp)
+            if (warmerPool)
+                await warmerPool.end().catch(() => { });
+        }
+        catch (err) {
+            log.error('Error during cleanup', { error: err });
+        }
+        log.info('Clean shutdown complete');
+        process.exit(0);
+    };
+    // Force shutdown after 30s (K8s terminationGracePeriodSeconds should be 35s)
+    const forceShutdown = () => {
+        setTimeout(() => {
+            log.error('Forced shutdown after 30s timeout');
+            process.exit(1);
+        }, 30_000).unref();
+    };
+    process.on('SIGTERM', () => { forceShutdown(); void shutdown(); });
+    process.on('SIGINT', () => { forceShutdown(); void shutdown(); });
+    // Catch unhandled promise rejections (e.g. Playwright/rebrowser-patches
+    // throwing when a browser session closes mid-operation).
+    // Without this handler Node.js crashes the entire process.
+    process.on('unhandledRejection', (reason, promise) => {
+        const msg = reason instanceof Error ? reason.message : String(reason);
+        // Playwright/CDP session-closed errors are expected during high load — log but don't crash
+        if (msg.includes('cdpSession.send') ||
+            msg.includes('Target page, context or browser has been closed') ||
+            msg.includes('Protocol error') ||
+            msg.includes('session closed') ||
+            msg.includes('Target closed')) {
+            console.warn('[warn] Suppressed Playwright session-closed rejection:', msg.slice(0, 120));
+            return;
+        }
+        // Unknown rejections — log but still don't crash (pods are expensive to restart)
+        console.error('[error] Unhandled promise rejection:', reason, 'promise:', promise);
+    });
+    process.on('uncaughtException', (err) => {
+        const msg = err.message || String(err);
+        if (msg.includes('cdpSession.send') ||
+            msg.includes('Target page, context or browser has been closed') ||
+            msg.includes('Protocol error') ||
+            msg.includes('session closed')) {
+            console.warn('[warn] Suppressed Playwright uncaughtException:', msg.slice(0, 120));
+            return;
+        }
+        console.error('[error] Uncaught exception:', err);
+        // For genuinely unknown errors, exit so K8s can restart cleanly
+        process.exit(1);
+    });
+}
+// Start server if run directly
+if (import.meta.url === `file://${process.argv[1]}`) {
+    startServer();
+}

package/dist/server/auth-store.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+/**
+ * Auth store abstraction for API key validation and usage tracking
+ * Designed to easily swap from in-memory to PostgreSQL
+ */
+export interface ApiKeyInfo {
+    key: string;
+    tier: 'free' | 'starter' | 'pro' | 'enterprise' | 'max' | 'admin';
+    rateLimit: number;
+    accountId?: string;
+    createdAt: Date;
+    scope?: 'full' | 'read' | 'restricted';
+}
+export interface AuthStore {
+    validateKey(key: string): Promise<ApiKeyInfo | null>;
+    trackUsage(key: string, creditsOrType: number | 'basic' | 'stealth' | 'captcha' | 'search'): Promise<void>;
+}
+/**
+ * In-memory auth store for development and self-hosted deployments
+ */
+export declare class InMemoryAuthStore implements AuthStore {
+    private keys;
+    private usage;
+    constructor();
+    validateKey(key: string): Promise<ApiKeyInfo | null>;
+    trackUsage(key: string, creditsOrType: number | 'basic' | 'stealth' | 'captcha' | 'search'): Promise<void>;
+    addKey(keyInfo: ApiKeyInfo): void;
+    getUsage(key: string): number;
+}