npm - @iflow-mcp/jakeliume-webpeel - Versions diffs - 0.22.0 - Mend

@iflow-mcp/jakeliume-webpeel 0.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (547) hide show

package/LICENSE +15 -0
package/README.md +313 -0
package/dist/cache.d.ts +30 -0
package/dist/cache.js +139 -0
package/dist/cli/commands/auth.d.ts +5 -0
package/dist/cli/commands/auth.js +411 -0
package/dist/cli/commands/doctor.d.ts +37 -0
package/dist/cli/commands/doctor.js +371 -0
package/dist/cli/commands/fetch.d.ts +6 -0
package/dist/cli/commands/fetch.js +1345 -0
package/dist/cli/commands/guide.d.ts +2 -0
package/dist/cli/commands/guide.js +183 -0
package/dist/cli/commands/interact.d.ts +5 -0
package/dist/cli/commands/interact.js +840 -0
package/dist/cli/commands/jobs.d.ts +5 -0
package/dist/cli/commands/jobs.js +997 -0
package/dist/cli/commands/monitor.d.ts +12 -0
package/dist/cli/commands/monitor.js +197 -0
package/dist/cli/commands/observe.d.ts +12 -0
package/dist/cli/commands/observe.js +158 -0
package/dist/cli/commands/screenshot.d.ts +5 -0
package/dist/cli/commands/screenshot.js +282 -0
package/dist/cli/commands/search.d.ts +5 -0
package/dist/cli/commands/search.js +1021 -0
package/dist/cli/commands/setup.d.ts +13 -0
package/dist/cli/commands/setup.js +244 -0
package/dist/cli/commands/skill.d.ts +15 -0
package/dist/cli/commands/skill.js +195 -0
package/dist/cli/utils.d.ts +84 -0
package/dist/cli/utils.js +806 -0
package/dist/cli-auth.d.ts +75 -0
package/dist/cli-auth.js +369 -0
package/dist/cli.d.ts +17 -0
package/dist/cli.js +99 -0
package/dist/core/actions.d.ts +69 -0
package/dist/core/actions.js +495 -0
package/dist/core/agent.d.ts +98 -0
package/dist/core/agent.js +558 -0
package/dist/core/answer.d.ts +42 -0
package/dist/core/answer.js +395 -0
package/dist/core/application-tracker.d.ts +84 -0
package/dist/core/application-tracker.js +184 -0
package/dist/core/apply.d.ts +162 -0
package/dist/core/apply.js +816 -0
package/dist/core/auth-detection.d.ts +35 -0
package/dist/core/auth-detection.js +358 -0
package/dist/core/auto-extract.d.ts +82 -0
package/dist/core/auto-extract.js +604 -0
package/dist/core/auto-interact.d.ts +23 -0
package/dist/core/auto-interact.js +246 -0
package/dist/core/bm25-filter.d.ts +66 -0
package/dist/core/bm25-filter.js +288 -0
package/dist/core/branding.d.ts +54 -0
package/dist/core/branding.js +234 -0
package/dist/core/browser-fetch.d.ts +323 -0
package/dist/core/browser-fetch.js +1600 -0
package/dist/core/browser-pool.d.ts +91 -0
package/dist/core/browser-pool.js +550 -0
package/dist/core/budget.d.ts +42 -0
package/dist/core/budget.js +324 -0
package/dist/core/business-intel.d.ts +47 -0
package/dist/core/business-intel.js +279 -0
package/dist/core/cache.d.ts +13 -0
package/dist/core/cache.js +121 -0
package/dist/core/cf-worker-proxy.d.ts +32 -0
package/dist/core/cf-worker-proxy.js +87 -0
package/dist/core/challenge-detection.d.ts +26 -0
package/dist/core/challenge-detection.js +468 -0
package/dist/core/change-tracking.d.ts +75 -0
package/dist/core/change-tracking.js +276 -0
package/dist/core/chunker.d.ts +46 -0
package/dist/core/chunker.js +249 -0
package/dist/core/chunking.d.ts +42 -0
package/dist/core/chunking.js +181 -0
package/dist/core/circuit-breaker.d.ts +44 -0
package/dist/core/circuit-breaker.js +85 -0
package/dist/core/content-pruner.d.ts +47 -0
package/dist/core/content-pruner.js +425 -0
package/dist/core/cookie-cache.d.ts +60 -0
package/dist/core/cookie-cache.js +163 -0
package/dist/core/crawl-checkpoint.d.ts +54 -0
package/dist/core/crawl-checkpoint.js +104 -0
package/dist/core/crawler.d.ts +84 -0
package/dist/core/crawler.js +349 -0
package/dist/core/cross-verify.d.ts +27 -0
package/dist/core/cross-verify.js +93 -0
package/dist/core/deep-fetch.d.ts +74 -0
package/dist/core/deep-fetch.js +405 -0
package/dist/core/deep-research.d.ts +141 -0
package/dist/core/deep-research.js +972 -0
package/dist/core/design-analysis.d.ts +70 -0
package/dist/core/design-analysis.js +490 -0
package/dist/core/design-compare.d.ts +38 -0
package/dist/core/design-compare.js +264 -0
package/dist/core/diff.d.ts +61 -0
package/dist/core/diff.js +289 -0
package/dist/core/dns-cache.d.ts +20 -0
package/dist/core/dns-cache.js +198 -0
package/dist/core/documents.d.ts +23 -0
package/dist/core/documents.js +123 -0
package/dist/core/domain-memory.d.ts +66 -0
package/dist/core/domain-memory.js +163 -0
package/dist/core/domain-verify.d.ts +40 -0
package/dist/core/domain-verify.js +379 -0
package/dist/core/engine-ranker.d.ts +112 -0
package/dist/core/engine-ranker.js +395 -0
package/dist/core/extract-inline.d.ts +38 -0
package/dist/core/extract-inline.js +215 -0
package/dist/core/extract-listings.d.ts +38 -0
package/dist/core/extract-listings.js +461 -0
package/dist/core/extract.d.ts +9 -0
package/dist/core/extract.js +139 -0
package/dist/core/fetch-cache.d.ts +57 -0
package/dist/core/fetch-cache.js +95 -0
package/dist/core/fetcher.d.ts +13 -0
package/dist/core/fetcher.js +12 -0
package/dist/core/google-cache.d.ts +29 -0
package/dist/core/google-cache.js +180 -0
package/dist/core/google-serp-parser.d.ts +82 -0
package/dist/core/google-serp-parser.js +287 -0
package/dist/core/hotel-search.d.ts +122 -0
package/dist/core/hotel-search.js +382 -0
package/dist/core/http-fetch.d.ts +72 -0
package/dist/core/http-fetch.js +820 -0
package/dist/core/human.d.ts +175 -0
package/dist/core/human.js +680 -0
package/dist/core/image-caption.d.ts +44 -0
package/dist/core/image-caption.js +271 -0
package/dist/core/jobs.d.ts +75 -0
package/dist/core/jobs.js +634 -0
package/dist/core/json-ld.d.ts +15 -0
package/dist/core/json-ld.js +617 -0
package/dist/core/language-detect.d.ts +18 -0
package/dist/core/language-detect.js +135 -0
package/dist/core/links.d.ts +10 -0
package/dist/core/links.js +44 -0
package/dist/core/llm-extract.d.ts +71 -0
package/dist/core/llm-extract.js +507 -0
package/dist/core/llm-provider.d.ts +100 -0
package/dist/core/llm-provider.js +702 -0
package/dist/core/local-search.d.ts +60 -0
package/dist/core/local-search.js +308 -0
package/dist/core/logger.d.ts +28 -0
package/dist/core/logger.js +104 -0
package/dist/core/map.d.ts +33 -0
package/dist/core/map.js +127 -0
package/dist/core/markdown.d.ts +92 -0
package/dist/core/markdown.js +809 -0
package/dist/core/metadata.d.ts +34 -0
package/dist/core/metadata.js +422 -0
package/dist/core/observe.d.ts +113 -0
package/dist/core/observe.js +395 -0
package/dist/core/ocr.d.ts +12 -0
package/dist/core/ocr.js +33 -0
package/dist/core/paginate.d.ts +31 -0
package/dist/core/paginate.js +106 -0
package/dist/core/pdf.d.ts +8 -0
package/dist/core/pdf.js +25 -0
package/dist/core/peel-tls.d.ts +25 -0
package/dist/core/peel-tls.js +220 -0
package/dist/core/pipeline.d.ts +132 -0
package/dist/core/pipeline.js +1666 -0
package/dist/core/profiles.d.ts +61 -0
package/dist/core/profiles.js +350 -0
package/dist/core/prompt-guard.d.ts +30 -0
package/dist/core/prompt-guard.js +119 -0
package/dist/core/proxy-config.d.ts +90 -0
package/dist/core/proxy-config.js +172 -0
package/dist/core/quick-answer.d.ts +53 -0
package/dist/core/quick-answer.js +833 -0
package/dist/core/rate-governor.d.ts +80 -0
package/dist/core/rate-governor.js +238 -0
package/dist/core/readability.d.ts +57 -0
package/dist/core/readability.js +533 -0
package/dist/core/research.d.ts +66 -0
package/dist/core/research.js +270 -0
package/dist/core/retry.d.ts +60 -0
package/dist/core/retry.js +119 -0
package/dist/core/safe-browsing.d.ts +30 -0
package/dist/core/safe-browsing.js +206 -0
package/dist/core/schema-extraction.d.ts +66 -0
package/dist/core/schema-extraction.js +352 -0
package/dist/core/schema-postprocess.d.ts +32 -0
package/dist/core/schema-postprocess.js +469 -0
package/dist/core/schema-templates.d.ts +19 -0
package/dist/core/schema-templates.js +143 -0
package/dist/core/screenshot.d.ts +224 -0
package/dist/core/screenshot.js +207 -0
package/dist/core/search-engines.d.ts +25 -0
package/dist/core/search-engines.js +182 -0
package/dist/core/search-provider.d.ts +243 -0
package/dist/core/search-provider.js +1629 -0
package/dist/core/searxng-provider.d.ts +35 -0
package/dist/core/searxng-provider.js +105 -0
package/dist/core/selective-evidence.d.ts +151 -0
package/dist/core/selective-evidence.js +389 -0
package/dist/core/site-search.d.ts +44 -0
package/dist/core/site-search.js +252 -0
package/dist/core/sitemap.d.ts +23 -0
package/dist/core/sitemap.js +105 -0
package/dist/core/source-credibility.d.ts +29 -0
package/dist/core/source-credibility.js +584 -0
package/dist/core/source-scoring.d.ts +166 -0
package/dist/core/source-scoring.js +396 -0
package/dist/core/stemmer.d.ts +38 -0
package/dist/core/stemmer.js +509 -0
package/dist/core/strategies.d.ts +104 -0
package/dist/core/strategies.js +1044 -0
package/dist/core/strategy-hooks.d.ts +145 -0
package/dist/core/strategy-hooks.js +74 -0
package/dist/core/structured-extract.d.ts +43 -0
package/dist/core/structured-extract.js +550 -0
package/dist/core/summarize.d.ts +17 -0
package/dist/core/summarize.js +78 -0
package/dist/core/synonyms.d.ts +42 -0
package/dist/core/synonyms.js +184 -0
package/dist/core/system-monitor.d.ts +61 -0
package/dist/core/system-monitor.js +133 -0
package/dist/core/table-format.d.ts +30 -0
package/dist/core/table-format.js +146 -0
package/dist/core/threat-feeds.d.ts +23 -0
package/dist/core/threat-feeds.js +104 -0
package/dist/core/timing.d.ts +21 -0
package/dist/core/timing.js +33 -0
package/dist/core/transcript-export.d.ts +47 -0
package/dist/core/transcript-export.js +107 -0
package/dist/core/user-agents.d.ts +82 -0
package/dist/core/user-agents.js +239 -0
package/dist/core/vertical-search.d.ts +54 -0
package/dist/core/vertical-search.js +158 -0
package/dist/core/watch-manager.d.ts +175 -0
package/dist/core/watch-manager.js +416 -0
package/dist/core/watch.d.ts +101 -0
package/dist/core/watch.js +389 -0
package/dist/core/youtube.d.ts +130 -0
package/dist/core/youtube.js +1175 -0
package/dist/ee/challenge-re-export.d.ts +1 -0
package/dist/ee/challenge-re-export.js +1 -0
package/dist/ee/challenge-solver.d.ts +72 -0
package/dist/ee/challenge-solver.js +720 -0
package/dist/ee/domain-extractors.d.ts +8 -0
package/dist/ee/domain-extractors.js +8 -0
package/dist/ee/domain-intel.d.ts +16 -0
package/dist/ee/domain-intel.js +133 -0
package/dist/ee/extractors/allrecipes.d.ts +2 -0
package/dist/ee/extractors/allrecipes.js +120 -0
package/dist/ee/extractors/amazon.d.ts +2 -0
package/dist/ee/extractors/amazon.js +78 -0
package/dist/ee/extractors/arxiv.d.ts +2 -0
package/dist/ee/extractors/arxiv.js +137 -0
package/dist/ee/extractors/bestbuy.d.ts +2 -0
package/dist/ee/extractors/bestbuy.js +78 -0
package/dist/ee/extractors/carscom.d.ts +2 -0
package/dist/ee/extractors/carscom.js +121 -0
package/dist/ee/extractors/coingecko.d.ts +2 -0
package/dist/ee/extractors/coingecko.js +134 -0
package/dist/ee/extractors/craigslist.d.ts +2 -0
package/dist/ee/extractors/craigslist.js +92 -0
package/dist/ee/extractors/devto.d.ts +2 -0
package/dist/ee/extractors/devto.js +135 -0
package/dist/ee/extractors/ebay.d.ts +2 -0
package/dist/ee/extractors/ebay.js +90 -0
package/dist/ee/extractors/espn.d.ts +2 -0
package/dist/ee/extractors/espn.js +260 -0
package/dist/ee/extractors/etsy.d.ts +2 -0
package/dist/ee/extractors/etsy.js +52 -0
package/dist/ee/extractors/facebook.d.ts +2 -0
package/dist/ee/extractors/facebook.js +46 -0
package/dist/ee/extractors/github.d.ts +2 -0
package/dist/ee/extractors/github.js +196 -0
package/dist/ee/extractors/google-flights.d.ts +2 -0
package/dist/ee/extractors/google-flights.js +176 -0
package/dist/ee/extractors/hackernews.d.ts +2 -0
package/dist/ee/extractors/hackernews.js +147 -0
package/dist/ee/extractors/imdb.d.ts +2 -0
package/dist/ee/extractors/imdb.js +172 -0
package/dist/ee/extractors/index.d.ts +26 -0
package/dist/ee/extractors/index.js +247 -0
package/dist/ee/extractors/instagram.d.ts +2 -0
package/dist/ee/extractors/instagram.js +102 -0
package/dist/ee/extractors/kalshi.d.ts +2 -0
package/dist/ee/extractors/kalshi.js +121 -0
package/dist/ee/extractors/kayak-cars.d.ts +2 -0
package/dist/ee/extractors/kayak-cars.js +270 -0
package/dist/ee/extractors/linkedin.d.ts +2 -0
package/dist/ee/extractors/linkedin.js +113 -0
package/dist/ee/extractors/medium.d.ts +2 -0
package/dist/ee/extractors/medium.js +130 -0
package/dist/ee/extractors/news.d.ts +4 -0
package/dist/ee/extractors/news.js +173 -0
package/dist/ee/extractors/npm.d.ts +2 -0
package/dist/ee/extractors/npm.js +86 -0
package/dist/ee/extractors/pdf.d.ts +2 -0
package/dist/ee/extractors/pdf.js +108 -0
package/dist/ee/extractors/pinterest.d.ts +2 -0
package/dist/ee/extractors/pinterest.js +34 -0
package/dist/ee/extractors/polymarket.d.ts +2 -0
package/dist/ee/extractors/polymarket.js +358 -0
package/dist/ee/extractors/producthunt.d.ts +2 -0
package/dist/ee/extractors/producthunt.js +88 -0
package/dist/ee/extractors/pubmed.d.ts +2 -0
package/dist/ee/extractors/pubmed.js +162 -0
package/dist/ee/extractors/pypi.d.ts +2 -0
package/dist/ee/extractors/pypi.js +80 -0
package/dist/ee/extractors/reddit.d.ts +2 -0
package/dist/ee/extractors/reddit.js +438 -0
package/dist/ee/extractors/redfin.d.ts +2 -0
package/dist/ee/extractors/redfin.js +156 -0
package/dist/ee/extractors/semanticscholar.d.ts +2 -0
package/dist/ee/extractors/semanticscholar.js +131 -0
package/dist/ee/extractors/shared.d.ts +12 -0
package/dist/ee/extractors/shared.js +76 -0
package/dist/ee/extractors/soundcloud.d.ts +2 -0
package/dist/ee/extractors/soundcloud.js +34 -0
package/dist/ee/extractors/sportsbetting.d.ts +2 -0
package/dist/ee/extractors/sportsbetting.js +37 -0
package/dist/ee/extractors/spotify.d.ts +2 -0
package/dist/ee/extractors/spotify.js +34 -0
package/dist/ee/extractors/stackoverflow.d.ts +2 -0
package/dist/ee/extractors/stackoverflow.js +61 -0
package/dist/ee/extractors/substack.d.ts +2 -0
package/dist/ee/extractors/substack.js +115 -0
package/dist/ee/extractors/substackroot.d.ts +2 -0
package/dist/ee/extractors/substackroot.js +46 -0
package/dist/ee/extractors/tiktok.d.ts +2 -0
package/dist/ee/extractors/tiktok.js +29 -0
package/dist/ee/extractors/tradingview.d.ts +2 -0
package/dist/ee/extractors/tradingview.js +182 -0
package/dist/ee/extractors/twitch.d.ts +2 -0
package/dist/ee/extractors/twitch.js +36 -0
package/dist/ee/extractors/twitter.d.ts +2 -0
package/dist/ee/extractors/twitter.js +327 -0
package/dist/ee/extractors/types.d.ts +14 -0
package/dist/ee/extractors/types.js +1 -0
package/dist/ee/extractors/walmart.d.ts +2 -0
package/dist/ee/extractors/walmart.js +50 -0
package/dist/ee/extractors/weather.d.ts +2 -0
package/dist/ee/extractors/weather.js +133 -0
package/dist/ee/extractors/wikipedia.d.ts +4 -0
package/dist/ee/extractors/wikipedia.js +235 -0
package/dist/ee/extractors/yelp.d.ts +2 -0
package/dist/ee/extractors/yelp.js +216 -0
package/dist/ee/extractors/youtube.d.ts +2 -0
package/dist/ee/extractors/youtube.js +189 -0
package/dist/ee/extractors/zillow.d.ts +54 -0
package/dist/ee/extractors/zillow.js +247 -0
package/dist/ee/extractors-re-export.d.ts +1 -0
package/dist/ee/extractors-re-export.js +1 -0
package/dist/ee/premium-hooks.d.ts +20 -0
package/dist/ee/premium-hooks.js +50 -0
package/dist/ee/spa-detection.d.ts +2 -0
package/dist/ee/spa-detection.js +2 -0
package/dist/ee/stability.d.ts +4 -0
package/dist/ee/stability.js +29 -0
package/dist/ee/swr-cache.d.ts +14 -0
package/dist/ee/swr-cache.js +34 -0
package/dist/index.d.ts +143 -0
package/dist/index.js +291 -0
package/dist/integrations/index.d.ts +2 -0
package/dist/integrations/index.js +2 -0
package/dist/integrations/langchain.d.ts +64 -0
package/dist/integrations/langchain.js +115 -0
package/dist/integrations/llamaindex.d.ts +50 -0
package/dist/integrations/llamaindex.js +91 -0
package/dist/mcp/handlers/act.d.ts +5 -0
package/dist/mcp/handlers/act.js +34 -0
package/dist/mcp/handlers/definitions.d.ts +6 -0
package/dist/mcp/handlers/definitions.js +395 -0
package/dist/mcp/handlers/extract.d.ts +7 -0
package/dist/mcp/handlers/extract.js +135 -0
package/dist/mcp/handlers/fetch.d.ts +6 -0
package/dist/mcp/handlers/fetch.js +98 -0
package/dist/mcp/handlers/find.d.ts +5 -0
package/dist/mcp/handlers/find.js +137 -0
package/dist/mcp/handlers/index.d.ts +13 -0
package/dist/mcp/handlers/index.js +63 -0
package/dist/mcp/handlers/legacy.d.ts +25 -0
package/dist/mcp/handlers/legacy.js +450 -0
package/dist/mcp/handlers/meta.d.ts +6 -0
package/dist/mcp/handlers/meta.js +40 -0
package/dist/mcp/handlers/monitor.d.ts +5 -0
package/dist/mcp/handlers/monitor.js +41 -0
package/dist/mcp/handlers/observe.d.ts +8 -0
package/dist/mcp/handlers/observe.js +37 -0
package/dist/mcp/handlers/read.d.ts +6 -0
package/dist/mcp/handlers/read.js +78 -0
package/dist/mcp/handlers/see.d.ts +5 -0
package/dist/mcp/handlers/see.js +75 -0
package/dist/mcp/handlers/types.d.ts +29 -0
package/dist/mcp/handlers/types.js +28 -0
package/dist/mcp/server.d.ts +7 -0
package/dist/mcp/server.js +108 -0
package/dist/mcp/smart-router.d.ts +23 -0
package/dist/mcp/smart-router.js +178 -0
package/dist/server/app.d.ts +14 -0
package/dist/server/app.js +632 -0
package/dist/server/auth-store.d.ts +28 -0
package/dist/server/auth-store.js +88 -0
package/dist/server/bull-queues.d.ts +60 -0
package/dist/server/bull-queues.js +90 -0
package/dist/server/email-service.d.ts +55 -0
package/dist/server/email-service.js +291 -0
package/dist/server/job-queue.d.ts +100 -0
package/dist/server/job-queue.js +145 -0
package/dist/server/logger.d.ts +10 -0
package/dist/server/logger.js +37 -0
package/dist/server/middleware/audit-log.d.ts +14 -0
package/dist/server/middleware/audit-log.js +73 -0
package/dist/server/middleware/auth.d.ts +35 -0
package/dist/server/middleware/auth.js +225 -0
package/dist/server/middleware/rate-limit.d.ts +50 -0
package/dist/server/middleware/rate-limit.js +270 -0
package/dist/server/middleware/scope-guard.d.ts +25 -0
package/dist/server/middleware/scope-guard.js +45 -0
package/dist/server/middleware/url-validator.d.ts +15 -0
package/dist/server/middleware/url-validator.js +201 -0
package/dist/server/openapi.yaml +6418 -0
package/dist/server/pg-auth-store.d.ts +146 -0
package/dist/server/pg-auth-store.js +576 -0
package/dist/server/pg-job-queue.d.ts +59 -0
package/dist/server/pg-job-queue.js +375 -0
package/dist/server/routes/activity.d.ts +6 -0
package/dist/server/routes/activity.js +79 -0
package/dist/server/routes/admin-active.d.ts +7 -0
package/dist/server/routes/admin-active.js +120 -0
package/dist/server/routes/admin-stats.d.ts +7 -0
package/dist/server/routes/admin-stats.js +176 -0
package/dist/server/routes/agent.d.ts +24 -0
package/dist/server/routes/agent.js +480 -0
package/dist/server/routes/answer.d.ts +5 -0
package/dist/server/routes/answer.js +125 -0
package/dist/server/routes/ask.d.ts +28 -0
package/dist/server/routes/ask.js +295 -0
package/dist/server/routes/batch.d.ts +6 -0
package/dist/server/routes/batch.js +493 -0
package/dist/server/routes/cache-warm.d.ts +25 -0
package/dist/server/routes/cache-warm.js +212 -0
package/dist/server/routes/cli-usage.d.ts +6 -0
package/dist/server/routes/cli-usage.js +127 -0
package/dist/server/routes/compat.d.ts +23 -0
package/dist/server/routes/compat.js +652 -0
package/dist/server/routes/crawl.d.ts +13 -0
package/dist/server/routes/crawl.js +287 -0
package/dist/server/routes/deep-fetch.d.ts +8 -0
package/dist/server/routes/deep-fetch.js +57 -0
package/dist/server/routes/deep-research.d.ts +11 -0
package/dist/server/routes/deep-research.js +232 -0
package/dist/server/routes/demo.d.ts +24 -0
package/dist/server/routes/demo.js +517 -0
package/dist/server/routes/do.d.ts +8 -0
package/dist/server/routes/do.js +72 -0
package/dist/server/routes/extract.d.ts +14 -0
package/dist/server/routes/extract.js +325 -0
package/dist/server/routes/feed.d.ts +15 -0
package/dist/server/routes/feed.js +311 -0
package/dist/server/routes/fetch-queue.d.ts +13 -0
package/dist/server/routes/fetch-queue.js +357 -0
package/dist/server/routes/fetch.d.ts +7 -0
package/dist/server/routes/fetch.js +1274 -0
package/dist/server/routes/go.d.ts +14 -0
package/dist/server/routes/go.js +81 -0
package/dist/server/routes/health.d.ts +11 -0
package/dist/server/routes/health.js +141 -0
package/dist/server/routes/jobs.d.ts +7 -0
package/dist/server/routes/jobs.js +574 -0
package/dist/server/routes/map.d.ts +11 -0
package/dist/server/routes/map.js +116 -0
package/dist/server/routes/mcp.d.ts +14 -0
package/dist/server/routes/mcp.js +197 -0
package/dist/server/routes/metrics.d.ts +37 -0
package/dist/server/routes/metrics.js +149 -0
package/dist/server/routes/oauth.d.ts +9 -0
package/dist/server/routes/oauth.js +396 -0
package/dist/server/routes/playground.d.ts +17 -0
package/dist/server/routes/playground.js +283 -0
package/dist/server/routes/reader.d.ts +18 -0
package/dist/server/routes/reader.js +192 -0
package/dist/server/routes/research.d.ts +14 -0
package/dist/server/routes/research.js +482 -0
package/dist/server/routes/screenshot.d.ts +22 -0
package/dist/server/routes/screenshot.js +820 -0
package/dist/server/routes/search.d.ts +6 -0
package/dist/server/routes/search.js +874 -0
package/dist/server/routes/session.d.ts +17 -0
package/dist/server/routes/session.js +548 -0
package/dist/server/routes/share.d.ts +18 -0
package/dist/server/routes/share.js +462 -0
package/dist/server/routes/smart-search/handlers/cars.d.ts +2 -0
package/dist/server/routes/smart-search/handlers/cars.js +102 -0
package/dist/server/routes/smart-search/handlers/flights.d.ts +2 -0
package/dist/server/routes/smart-search/handlers/flights.js +72 -0
package/dist/server/routes/smart-search/handlers/general.d.ts +13 -0
package/dist/server/routes/smart-search/handlers/general.js +717 -0
package/dist/server/routes/smart-search/handlers/hotels.d.ts +2 -0
package/dist/server/routes/smart-search/handlers/hotels.js +88 -0
package/dist/server/routes/smart-search/handlers/products.d.ts +2 -0
package/dist/server/routes/smart-search/handlers/products.js +1309 -0
package/dist/server/routes/smart-search/handlers/rental.d.ts +2 -0
package/dist/server/routes/smart-search/handlers/rental.js +154 -0
package/dist/server/routes/smart-search/handlers/restaurants.d.ts +2 -0
package/dist/server/routes/smart-search/handlers/restaurants.js +225 -0
package/dist/server/routes/smart-search/handlers/transit-verdict.d.ts +41 -0
package/dist/server/routes/smart-search/handlers/transit-verdict.js +224 -0
package/dist/server/routes/smart-search/index.d.ts +19 -0
package/dist/server/routes/smart-search/index.js +546 -0
package/dist/server/routes/smart-search/intent.d.ts +3 -0
package/dist/server/routes/smart-search/intent.js +264 -0
package/dist/server/routes/smart-search/llm.d.ts +16 -0
package/dist/server/routes/smart-search/llm.js +70 -0
package/dist/server/routes/smart-search/sources/reddit.d.ts +18 -0
package/dist/server/routes/smart-search/sources/reddit.js +34 -0
package/dist/server/routes/smart-search/sources/yelp.d.ts +25 -0
package/dist/server/routes/smart-search/sources/yelp.js +171 -0
package/dist/server/routes/smart-search/sources/youtube.d.ts +8 -0
package/dist/server/routes/smart-search/sources/youtube.js +9 -0
package/dist/server/routes/smart-search/types.d.ts +81 -0
package/dist/server/routes/smart-search/types.js +1 -0
package/dist/server/routes/smart-search/utils.d.ts +20 -0
package/dist/server/routes/smart-search/utils.js +146 -0
package/dist/server/routes/stats.d.ts +6 -0
package/dist/server/routes/stats.js +71 -0
package/dist/server/routes/stripe.d.ts +15 -0
package/dist/server/routes/stripe.js +296 -0
package/dist/server/routes/transcript-export.d.ts +10 -0
package/dist/server/routes/transcript-export.js +178 -0
package/dist/server/routes/usage.d.ts +9 -0
package/dist/server/routes/usage.js +279 -0
package/dist/server/routes/users.d.ts +8 -0
package/dist/server/routes/users.js +1867 -0
package/dist/server/routes/watch.d.ts +15 -0
package/dist/server/routes/watch.js +309 -0
package/dist/server/routes/webhooks.d.ts +26 -0
package/dist/server/routes/webhooks.js +170 -0
package/dist/server/routes/youtube.d.ts +6 -0
package/dist/server/routes/youtube.js +130 -0
package/dist/server/sentry.d.ts +14 -0
package/dist/server/sentry.js +104 -0
package/dist/server/types.d.ts +15 -0
package/dist/server/types.js +7 -0
package/dist/server/utils/response.d.ts +44 -0
package/dist/server/utils/response.js +69 -0
package/dist/server/utils/sse.d.ts +22 -0
package/dist/server/utils/sse.js +38 -0
package/dist/types.d.ts +552 -0
package/dist/types.js +39 -0
package/llms.txt +105 -0
package/package.json +189 -0

package/dist/server/job-queue.js ADDED Viewed

@@ -0,0 +1,145 @@
+/**
+ * Job queue for async operations
+ *
+ * Factory creates PostgreSQL-backed queue in production or in-memory queue for local dev.
+ * Tracks crawl, batch scrape, and extraction jobs with progress updates.
+ */
+import { randomUUID } from 'crypto';
+import { PostgresJobQueue } from './pg-job-queue.js';
+import { createLogger } from './logger.js';
+const log = createLogger('job-queue');
+/**
+ * In-memory job queue for local development
+ */
+export class InMemoryJobQueue {
+    jobs = new Map();
+    cleanupInterval;
+    constructor() {
+        // Clean expired jobs every hour
+        this.cleanupInterval = setInterval(() => {
+            this.cleanExpired();
+        }, 60 * 60 * 1000);
+    }
+    /**
+     * Create a new job
+     */
+    createJob(type, webhook, ownerId) {
+        const now = new Date().toISOString();
+        const job = {
+            id: randomUUID(),
+            type,
+            status: 'queued',
+            progress: 0,
+            total: 0,
+            completed: 0,
+            creditsUsed: 0,
+            data: [],
+            webhook,
+            ownerId,
+            createdAt: now,
+            updatedAt: now,
+            expiresAt: new Date(Date.now() + 25 * 60 * 60 * 1000).toISOString(), // 25h from now (updated on completion)
+        };
+        this.jobs.set(job.id, job);
+        return job;
+    }
+    /**
+     * Get a job by ID
+     */
+    getJob(id) {
+        return this.jobs.get(id) || null;
+    }
+    /**
+     * Update a job
+     */
+    updateJob(id, update) {
+        const job = this.jobs.get(id);
+        if (!job)
+            return;
+        Object.assign(job, update, {
+            updatedAt: new Date().toISOString(),
+        });
+        // When job completes/fails, set expiration to 24h from now
+        if (update.status === 'completed' || update.status === 'failed') {
+            job.expiresAt = new Date(Date.now() + 24 * 60 * 60 * 1000).toISOString();
+        }
+        // Update progress percentage
+        if (job.total > 0) {
+            job.progress = Math.round((job.completed / job.total) * 100);
+        }
+        this.jobs.set(id, job);
+    }
+    /**
+     * Cancel a job
+     */
+    cancelJob(id) {
+        const job = this.jobs.get(id);
+        if (!job)
+            return false;
+        // Can only cancel queued or processing jobs
+        if (job.status !== 'queued' && job.status !== 'processing') {
+            return false;
+        }
+        this.updateJob(id, {
+            status: 'cancelled',
+            expiresAt: new Date(Date.now() + 24 * 60 * 60 * 1000).toISOString(),
+        });
+        return true;
+    }
+    /**
+     * List jobs with optional filters
+     */
+    listJobs(options) {
+        let jobs = Array.from(this.jobs.values());
+        if (options?.ownerId) {
+            jobs = jobs.filter(j => j.ownerId === options.ownerId);
+        }
+        if (options?.type) {
+            jobs = jobs.filter(j => j.type === options.type);
+        }
+        if (options?.status) {
+            jobs = jobs.filter(j => j.status === options.status);
+        }
+        // Sort by creation time (newest first)
+        jobs.sort((a, b) => new Date(b.createdAt).getTime() - new Date(a.createdAt).getTime());
+        if (options?.limit) {
+            jobs = jobs.slice(0, options.limit);
+        }
+        return jobs;
+    }
+    /**
+     * Remove expired jobs
+     */
+    cleanExpired() {
+        const now = Date.now();
+        for (const [id, job] of this.jobs.entries()) {
+            if (new Date(job.expiresAt).getTime() < now) {
+                this.jobs.delete(id);
+            }
+        }
+    }
+    /**
+     * Clean up interval on shutdown
+     */
+    destroy() {
+        clearInterval(this.cleanupInterval);
+    }
+}
+/**
+ * Create job queue based on environment
+ * - Uses PostgreSQL if DATABASE_URL is set
+ * - Falls back to in-memory for local development
+ */
+export function createJobQueue() {
+    if (process.env.DATABASE_URL) {
+        log.info('Using PostgreSQL job queue');
+        return new PostgresJobQueue();
+    }
+    else {
+        log.info('Using in-memory job queue');
+        return new InMemoryJobQueue();
+    }
+}
+// Legacy global instance for backwards compatibility (deprecated)
+// @deprecated Use createJobQueue() instead
+export const jobQueue = new InMemoryJobQueue();

package/dist/server/logger.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * Lightweight structured logger — no external dependencies.
+ * Respects LOG_LEVEL env var: debug | info | warn | error  (default: info)
+ */
+export declare function createLogger(component: string): {
+    debug(msg: string, data?: Record<string, unknown>): void;
+    info(msg: string, data?: Record<string, unknown>): void;
+    warn(msg: string, data?: Record<string, unknown>): void;
+    error(msg: string, data?: Record<string, unknown>): void;
+};

package/dist/server/logger.js ADDED Viewed

@@ -0,0 +1,37 @@
+/**
+ * Lightweight structured logger — no external dependencies.
+ * Respects LOG_LEVEL env var: debug | info | warn | error  (default: info)
+ */
+const LEVELS = { debug: 0, info: 1, warn: 2, error: 3 };
+const LOG_LEVEL = (process.env.LOG_LEVEL ?? 'info');
+function shouldLog(level) {
+    return LEVELS[level] >= (LEVELS[LOG_LEVEL] ?? LEVELS.info);
+}
+function formatLog(level, component, message, data) {
+    const ts = new Date().toISOString();
+    const base = `${ts} [${level.toUpperCase()}] [${component}] ${message}`;
+    if (data && Object.keys(data).length > 0) {
+        return `${base} ${JSON.stringify(data)}`;
+    }
+    return base;
+}
+export function createLogger(component) {
+    return {
+        debug(msg, data) {
+            if (shouldLog('debug'))
+                console.debug(formatLog('debug', component, msg, data));
+        },
+        info(msg, data) {
+            if (shouldLog('info'))
+                console.info(formatLog('info', component, msg, data));
+        },
+        warn(msg, data) {
+            if (shouldLog('warn'))
+                console.warn(formatLog('warn', component, msg, data));
+        },
+        error(msg, data) {
+            if (shouldLog('error'))
+                console.error(formatLog('error', component, msg, data));
+        },
+    };
+}

package/dist/server/middleware/audit-log.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * WebPeel Audit Logging Middleware
+ *
+ * Records who accessed which API endpoints and the outcome.
+ * Designed to be privacy-safe:
+ *  - Logs userId, keyId, method, path, status, duration, IP, user-agent
+ *  - Does NOT log: request bodies, auth headers, query params (may contain API keys)
+ *  - Only logs /v1/ endpoints (skips health checks, static files)
+ *
+ * When DATABASE_URL is set, also writes to usage_logs table (fire-and-forget).
+ */
+import { Request, Response, NextFunction } from 'express';
+import '../types.js';
+export declare function auditMiddleware(req: Request, res: Response, next: NextFunction): void;

package/dist/server/middleware/audit-log.js ADDED Viewed

@@ -0,0 +1,73 @@
+/**
+ * WebPeel Audit Logging Middleware
+ *
+ * Records who accessed which API endpoints and the outcome.
+ * Designed to be privacy-safe:
+ *  - Logs userId, keyId, method, path, status, duration, IP, user-agent
+ *  - Does NOT log: request bodies, auth headers, query params (may contain API keys)
+ *  - Only logs /v1/ endpoints (skips health checks, static files)
+ *
+ * When DATABASE_URL is set, also writes to usage_logs table (fire-and-forget).
+ */
+import '../types.js'; // Augments Express.Request with requestId
+import { createLogger } from '../logger.js';
+import pg from 'pg';
+const auditLog = createLogger('audit');
+// ── Singleton audit DB pool ───────────────────────────────────────────────────
+// One small pool shared by all requests — created lazily on first /v1/ request.
+let _auditPool = null;
+function getAuditPool() {
+    if (!_auditPool && process.env.DATABASE_URL) {
+        _auditPool = new pg.Pool({
+            connectionString: process.env.DATABASE_URL,
+            ssl: process.env.DATABASE_URL.includes('sslmode=require')
+                ? { rejectUnauthorized: process.env.PG_REJECT_UNAUTHORIZED !== 'false' }
+                : undefined,
+            max: 3,
+            idleTimeoutMillis: 30_000,
+        });
+    }
+    return _auditPool;
+}
+export function auditMiddleware(req, res, next) {
+    const startTime = Date.now();
+    res.on('finish', () => {
+        const duration = Date.now() - startTime;
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        const auth = req.auth;
+        const userId = auth?.keyInfo?.accountId || 'anonymous';
+        // Use a truncated prefix of the key as a safe identifier (never log the full key)
+        const rawKey = auth?.keyInfo?.key;
+        const keyId = rawKey ? rawKey.slice(0, 8) + '...' : 'none';
+        const clientIp = req.headers['cf-connecting-ip'] ||
+            req.headers['x-forwarded-for'] ||
+            req.ip;
+        // Only log API endpoints (skip health checks, static files)
+        if (req.path.startsWith('/v1/')) {
+            auditLog.info(`${req.method} ${req.path}`, {
+                action: `${req.method} ${req.path}`,
+                userId,
+                keyId,
+                statusCode: res.statusCode,
+                duration,
+                ip: clientIp,
+                userAgent: req.headers['user-agent']?.slice(0, 100),
+                // DO NOT log: request body, auth headers, query params (may contain API keys or secrets)
+            });
+            // ── Fire-and-forget DB write ────────────────────────────────────────────
+            // Only runs when DATABASE_URL is set. Never slows down the response.
+            if (process.env.DATABASE_URL) {
+                const dbUserId = userId !== 'anonymous' ? userId : null;
+                const urlParam = typeof req.query?.url === 'string' ? req.query.url.slice(0, 2048) : null;
+                getAuditPool()
+                    .query(`INSERT INTO usage_logs
+              (user_id, url, endpoint, method, status_code, processing_time_ms, ip_address, created_at)
+             VALUES ($1, $2, $3, $4, $5, $6, $7, NOW())`, [dbUserId, urlParam, req.path, req.method, res.statusCode, duration, clientIp])
+                    .catch(() => {
+                    // Ignore audit DB failures — never propagate to the request
+                });
+            }
+        }
+    });
+    next();
+}

package/dist/server/middleware/auth.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+/**
+ * API key authentication middleware with SOFT LIMIT enforcement
+ *
+ * Philosophy: Never fully block users. When weekly limits are exceeded,
+ * degrade to HTTP-only mode instead of returning 429.
+ * BURST limits (hourly) are HARD limits and return 429.
+ *
+ * Dual auth: Accepts both API keys AND JWT session tokens.
+ * API keys are validated via the auth store; JWTs are verified with JWT_SECRET.
+ * Dashboard pages use JWT tokens; CLI/SDK users use API keys.
+ */
+import { Request, Response, NextFunction } from 'express';
+import { AuthStore, ApiKeyInfo } from '../auth-store.js';
+import { KeyScope } from '../pg-auth-store.js';
+import '../types.js';
+declare global {
+    namespace Express {
+        interface Request {
+            auth?: {
+                keyInfo: ApiKeyInfo | null;
+                tier: 'free' | 'starter' | 'pro' | 'enterprise' | 'max' | 'admin';
+                rateLimit: number;
+                softLimited: boolean;
+                extraUsageAvailable: boolean;
+            };
+            /**
+             * Permission scope of the authenticated API key.
+             * Undefined when authenticated via JWT (dashboard session) — JWT users bypass scope enforcement.
+             * Set to 'full' | 'read' | 'restricted' for API key requests.
+             */
+            keyScope?: KeyScope;
+        }
+    }
+}
+export declare function createAuthMiddleware(authStore: AuthStore): (req: Request, res: Response, next: NextFunction) => Promise<void>;

package/dist/server/middleware/auth.js ADDED Viewed

@@ -0,0 +1,225 @@
+/**
+ * API key authentication middleware with SOFT LIMIT enforcement
+ *
+ * Philosophy: Never fully block users. When weekly limits are exceeded,
+ * degrade to HTTP-only mode instead of returning 429.
+ * BURST limits (hourly) are HARD limits and return 429.
+ *
+ * Dual auth: Accepts both API keys AND JWT session tokens.
+ * API keys are validated via the auth store; JWTs are verified with JWT_SECRET.
+ * Dashboard pages use JWT tokens; CLI/SDK users use API keys.
+ */
+import jwt from 'jsonwebtoken';
+import { PostgresAuthStore } from '../pg-auth-store.js';
+import '../types.js'; // Augments Express.Request with requestId
+export function createAuthMiddleware(authStore) {
+    return async (req, res, next) => {
+        try {
+            // Extract API key from Authorization header or X-API-Key header
+            const authHeader = req.headers.authorization;
+            const apiKeyHeader = req.headers['x-api-key'];
+            // SECURITY: Skip API key auth for public/JWT-protected endpoints
+            // These routes either need no auth or use their own JWT middleware
+            const isPublicEndpoint = req.path === '/health' || req.path === '/ready' ||
+                req.path.startsWith('/v1/auth/') ||
+                req.path === '/v1/webhooks/stripe' ||
+                req.path === '/v1/me' ||
+                req.path.startsWith('/v1/keys') ||
+                req.path.startsWith('/v1/extra-usage');
+            if (isPublicEndpoint) {
+                req.auth = {
+                    keyInfo: null,
+                    tier: 'free',
+                    rateLimit: 10,
+                    softLimited: false,
+                    extraUsageAvailable: false,
+                };
+                return next();
+            }
+            // SECURITY: Ensure headers are strings before processing (guards against
+            // malformed multi-value headers that would cause a null reference crash → 502)
+            const rawAuth = typeof authHeader === 'string' ? authHeader : undefined;
+            const rawApiKey = typeof apiKeyHeader === 'string' ? apiKeyHeader : undefined;
+            let apiKey = null;
+            if (rawAuth?.startsWith('Bearer ')) {
+                apiKey = rawAuth.slice(7);
+            }
+            else if (rawApiKey) {
+                apiKey = rawApiKey;
+            }
+            if (!apiKey) {
+                // No credentials supplied — let the request through unauthenticated.
+                // Public routes (/health, /v1/auth/*) already returned above.
+                // Protected routes must check req.auth?.keyInfo and return 401 themselves.
+                req.auth = undefined;
+                return next();
+            }
+            // Validate API key if provided
+            let keyInfo = null;
+            let softLimited = false;
+            let extraUsageAvailable = false;
+            if (apiKey) {
+                keyInfo = await authStore.validateKey(apiKey);
+                if (!keyInfo) {
+                    // Check if key exists but is expired (before falling through to JWT)
+                    if (authStore instanceof PostgresAuthStore) {
+                        const expired = await authStore.isKeyExpired(apiKey);
+                        if (expired) {
+                            res.status(401).json({
+                                success: false,
+                                error: {
+                                    type: 'key_expired',
+                                    message: 'This API key has expired.',
+                                    hint: 'Generate a new key at https://app.webpeel.dev/keys',
+                                    docs: 'https://webpeel.dev/docs/errors#unauthorized',
+                                },
+                                metadata: { requestId: req.requestId },
+                            });
+                            return;
+                        }
+                    }
+                    // API key not found — try JWT session token as fallback.
+                    // Dashboard uses JWT tokens (from /v1/auth/login or /v1/auth/oauth),
+                    // while CLI/SDK users use API keys. Support both seamlessly.
+                    const jwtSecret = process.env.JWT_SECRET;
+                    if (jwtSecret) {
+                        try {
+                            const payload = jwt.verify(apiKey, jwtSecret);
+                            if (payload.userId) {
+                                // Valid JWT — treat as authenticated session user.
+                                // Set req.auth with null keyInfo (no API key) and attach
+                                // the JWT payload so routes can use req.user.userId.
+                                req.auth = {
+                                    keyInfo: null,
+                                    tier: payload.tier || 'free',
+                                    rateLimit: 25,
+                                    softLimited: false,
+                                    extraUsageAvailable: false,
+                                };
+                                req.user = payload;
+                                return next();
+                            }
+                        }
+                        catch (e) {
+                            if (process.env.DEBUG)
+                                console.debug('[webpeel]', 'jwt verify failed:', e instanceof Error ? e.message : e);
+                        }
+                    }
+                    // Firecrawl compat routes expect { error: "string" } not { error: { type, message } }
+                    const isCompatRoute = /^\/(v[12]\/(scrape|crawl|map|search))/.test(req.path);
+                    if (isCompatRoute) {
+                        res.status(401).json({
+                            success: false,
+                            error: 'Invalid or expired API key. Get one at https://app.webpeel.dev/keys',
+                        });
+                    }
+                    else {
+                        res.status(401).json({
+                            success: false,
+                            error: {
+                                type: 'invalid_key',
+                                message: 'Invalid or expired API key.',
+                                hint: 'Check your key at https://app.webpeel.dev/keys or generate a new one.',
+                                docs: 'https://webpeel.dev/docs/errors#unauthorized',
+                            },
+                            metadata: { requestId: req.requestId },
+                        });
+                    }
+                    return;
+                }
+                // Check limits (only for PostgresAuthStore, skip for admin tier)
+                if (authStore instanceof PostgresAuthStore && keyInfo?.tier !== 'admin') {
+                    // HARD LIMIT: Check burst limit first (per-hour cap)
+                    const { allowed: burstAllowed, burst } = await authStore.checkBurstLimit(apiKey);
+                    if (!burstAllowed) {
+                        // Burst limit exceeded - HARD 429 with Retry-After
+                        const retryAfterSeconds = 60 * parseInt(burst.resetsIn.match(/\d+/)?.[0] || '1', 10);
+                        res.setHeader('Retry-After', retryAfterSeconds.toString());
+                        res.setHeader('X-Burst-Limit', burst.limit.toString());
+                        res.setHeader('X-Burst-Used', burst.count.toString());
+                        const tier = keyInfo?.tier || 'free';
+                        const upgradeHint = tier === 'free'
+                            ? ' Upgrade to Pro ($9/mo) for 100/hr → https://webpeel.dev/pricing'
+                            : tier === 'pro'
+                                ? ' Upgrade to Max ($29/mo) for 500/hr → https://webpeel.dev/pricing'
+                                : '';
+                        res.status(429).json({
+                            success: false,
+                            error: {
+                                type: 'burst_limit_exceeded',
+                                message: `Hourly burst limit exceeded (${burst.count}/${burst.limit} on ${tier} plan). Resets in ${burst.resetsIn}.`,
+                                hint: `Retry after ${burst.resetsIn}.${upgradeHint}`,
+                                docs: 'https://webpeel.dev/docs/errors#rate-limited',
+                            },
+                            metadata: { requestId: req.requestId },
+                        });
+                        return;
+                    }
+                    // Add burst headers
+                    res.setHeader('X-Burst-Limit', burst.limit.toString());
+                    res.setHeader('X-Burst-Used', burst.count.toString());
+                    res.setHeader('X-Burst-Remaining', burst.remaining.toString());
+                    // SOFT LIMIT: Check weekly usage
+                    const { allowed, usage } = await authStore.checkLimit(apiKey);
+                    // Check if extra usage is available
+                    if (!allowed) {
+                        extraUsageAvailable = await authStore.canUseExtraUsage(apiKey);
+                        if (!extraUsageAvailable) {
+                            // Over weekly quota, no extra usage — SOFT LIMIT (degrade to HTTP-only)
+                            softLimited = true;
+                            res.setHeader('X-Soft-Limited', 'true');
+                            res.setHeader('X-Soft-Limit-Reason', 'Weekly quota exceeded. Requests degraded to HTTP-only mode.');
+                            res.setHeader('X-Upgrade-URL', 'https://webpeel.dev/pricing');
+                        }
+                    }
+                    // Add weekly usage headers
+                    if (usage) {
+                        res.setHeader('X-Weekly-Limit', usage.totalAvailable.toString());
+                        res.setHeader('X-Weekly-Used', usage.totalUsed.toString());
+                        res.setHeader('X-Weekly-Remaining', Math.max(0, usage.remaining).toString());
+                        res.setHeader('X-Weekly-Percent', usage.percentUsed.toString());
+                        res.setHeader('X-Weekly-Resets-At', usage.resetsAt);
+                        // Warn if over 80% usage and not using extra usage
+                        if (usage.percentUsed >= 80 && !softLimited && !extraUsageAvailable) {
+                            res.setHeader('X-Usage-Warning', `You've used ${usage.percentUsed}% of your weekly quota. Consider upgrading at https://webpeel.dev/pricing`);
+                        }
+                    }
+                    // Add extra usage headers if available
+                    const extraInfo = await authStore.getExtraUsageInfo(apiKey);
+                    if (extraInfo) {
+                        res.setHeader('X-Extra-Usage-Enabled', extraInfo.enabled ? 'true' : 'false');
+                        res.setHeader('X-Extra-Usage-Balance', extraInfo.balance.toFixed(2));
+                        if (extraInfo.enabled) {
+                            res.setHeader('X-Extra-Usage-Spent', extraInfo.spent.toFixed(2));
+                            res.setHeader('X-Extra-Usage-Limit', extraInfo.spendingLimit.toFixed(2));
+                        }
+                    }
+                }
+            }
+            // Set auth context on request
+            req.auth = {
+                keyInfo,
+                tier: keyInfo?.tier || 'free',
+                rateLimit: keyInfo?.rateLimit || 10,
+                softLimited,
+                extraUsageAvailable,
+            };
+            // Attach API key scope (only for API key auth; JWT users get undefined = bypass scope checks)
+            if (keyInfo) {
+                req.keyScope = keyInfo.scope || 'full';
+            }
+            next();
+        }
+        catch (_error) {
+            res.status(500).json({
+                success: false,
+                error: {
+                    type: 'internal_error',
+                    message: 'Authentication failed',
+                    docs: 'https://webpeel.dev/docs/errors#internal-error',
+                },
+                metadata: { requestId: req.requestId },
+            });
+        }
+    };
+}

package/dist/server/middleware/rate-limit.d.ts ADDED Viewed

@@ -0,0 +1,50 @@
+/**
+ * Redis-backed rate limiting middleware.
+ *
+ * Uses `rate-limiter-flexible` for atomic Redis operations — works correctly
+ * across all 6 K8s API pods (shared state via Redis).
+ *
+ * Falls back to in-memory when REDIS_URL is not set (CLI/local dev).
+ *
+ * Features:
+ * - Per-key (API key or IP) rate limiting
+ * - Tier-based limits: free=50/hr, pro=100/hr, max=500/hr
+ * - Route-based cost weighting: crawl=5x, render=3x, batch/screenshot=2x
+ * - Per-IP rate limiting ON TOP of API key limits (abuse prevention)
+ * - Exempt paths for health/docs endpoints
+ */
+import { Request, Response, NextFunction } from 'express';
+import '../types.js';
+export declare class RateLimiter {
+    private keyLimiter;
+    private ipLimiter;
+    private windowMs;
+    private initialized;
+    private initPromise;
+    constructor(windowMs?: number);
+    private init;
+    waitForInit(): Promise<void>;
+    /**
+     * Check if request is allowed.
+     * Returns { allowed, remaining, retryAfter? }
+     */
+    checkLimit(identifier: string, limit: number, cost?: number): Promise<{
+        allowed: boolean;
+        remaining: number;
+        retryAfter?: number;
+    }>;
+    /**
+     * Check per-IP limit (global cap regardless of API key).
+     */
+    checkIpLimit(ip: string, cost?: number): Promise<{
+        allowed: boolean;
+        remaining: number;
+        retryAfter?: number;
+    }>;
+    /**
+     * Backward compat: cleanup is no-op for Redis (TTL handles it).
+     * Kept for in-memory fallback and for app.ts which calls it on an interval.
+     */
+    cleanup(): void;
+}
+export declare function createRateLimitMiddleware(limiter: RateLimiter): (req: Request, res: Response, next: NextFunction) => Promise<void>;