@jahia/agentic 0.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (307) hide show
  1. package/README.md +48 -0
  2. package/dist/claude/.claude/rules/jahia.md +76 -0
  3. package/dist/claude/.claude/skills/jahia/SKILL.md +136 -0
  4. package/dist/claude/.claude/skills/jahia-content/SKILL.md +139 -0
  5. package/dist/claude/.claude/skills/jahia-content-create-content/SKILL.md +384 -0
  6. package/dist/claude/.claude/skills/jahia-content-explore-structure/SKILL.md +164 -0
  7. package/dist/claude/.claude/skills/jahia-content-move-content/SKILL.md +236 -0
  8. package/dist/claude/.claude/skills/jahia-content-query-content/SKILL.md +144 -0
  9. package/dist/claude/.claude/skills/jahia-content-translate-content/SKILL.md +297 -0
  10. package/dist/claude/.claude/skills/jahia-dev/SKILL.md +124 -0
  11. package/dist/claude/.claude/skills/jahia-dev-accessibility/SKILL.md +271 -0
  12. package/dist/claude/.claude/skills/jahia-dev-apis/SKILL.md +52 -0
  13. package/dist/claude/.claude/skills/jahia-dev-apis/references/authentication.md +484 -0
  14. package/dist/claude/.claude/skills/jahia-dev-apis/references/graphql.md +657 -0
  15. package/dist/claude/.claude/skills/jahia-dev-apis/references/jcr-api.md +465 -0
  16. package/dist/claude/.claude/skills/jahia-dev-apis/references/security.md +541 -0
  17. package/dist/claude/.claude/skills/jahia-dev-build-component/SKILL.md +140 -0
  18. package/dist/claude/.claude/skills/jahia-dev-create-page-template/SKILL.md +303 -0
  19. package/dist/claude/.claude/skills/jahia-dev-create-template-set/SKILL.md +232 -0
  20. package/dist/claude/.claude/skills/jahia-dev-create-view/SKILL.md +838 -0
  21. package/dist/claude/.claude/skills/jahia-dev-cypress/SKILL.md +445 -0
  22. package/dist/claude/.claude/skills/jahia-dev-debug/SKILL.md +176 -0
  23. package/dist/claude/.claude/skills/jahia-dev-define-content-type/SKILL.md +536 -0
  24. package/dist/claude/.claude/skills/jahia-dev-import-from/SKILL.md +244 -0
  25. package/dist/claude/.claude/skills/jahia-dev-java/SKILL.md +105 -0
  26. package/dist/claude/.claude/skills/jahia-dev-java/references/backend.md +331 -0
  27. package/dist/claude/.claude/skills/jahia-dev-java/references/content-types.md +273 -0
  28. package/dist/claude/.claude/skills/jahia-dev-java/references/modules.md +218 -0
  29. package/dist/claude/.claude/skills/jahia-dev-java/references/osgi.md +208 -0
  30. package/dist/claude/.claude/skills/jahia-dev-java/references/rendering.md +191 -0
  31. package/dist/claude/.claude/skills/jahia-dev-java/references/ui-extensions.md +344 -0
  32. package/dist/claude/.claude/skills/jahia-dev-jexperience/SKILL.md +269 -0
  33. package/dist/claude/.claude/skills/jahia-dev-ops/SKILL.md +50 -0
  34. package/dist/claude/.claude/skills/jahia-dev-ops/references/docker.md +151 -0
  35. package/dist/claude/.claude/skills/jahia-dev-ops/references/monitoring.md +195 -0
  36. package/dist/claude/.claude/skills/jahia-dev-ops/references/provisioning.md +269 -0
  37. package/dist/claude/.claude/skills/jahia-dev-osgi-module/SKILL.md +297 -0
  38. package/dist/claude/.claude/skills/jahia-dev-properties/SKILL.md +147 -0
  39. package/dist/claude/.claude/skills/jahia-dev-properties/references/all-properties.md +231 -0
  40. package/dist/claude/.claude/skills/jahia-dev-query-content/SKILL.md +407 -0
  41. package/dist/claude/.claude/skills/jahia-dev-review/SKILL.md +228 -0
  42. package/dist/claude/.claude/skills/jahia-dev-screenshot/SKILL.md +177 -0
  43. package/dist/claude/.claude/skills/jahia-dev-start-local/SKILL.md +129 -0
  44. package/dist/claude/.claude/skills/jahia-dev-ui-extension/SKILL.md +559 -0
  45. package/dist/claude/CLAUDE.md +90 -0
  46. package/dist/codex/.agents/skills/jahia/SKILL.md +136 -0
  47. package/dist/codex/.agents/skills/jahia-content/SKILL.md +139 -0
  48. package/dist/codex/.agents/skills/jahia-content-create-content/SKILL.md +384 -0
  49. package/dist/codex/.agents/skills/jahia-content-explore-structure/SKILL.md +164 -0
  50. package/dist/codex/.agents/skills/jahia-content-move-content/SKILL.md +236 -0
  51. package/dist/codex/.agents/skills/jahia-content-query-content/SKILL.md +144 -0
  52. package/dist/codex/.agents/skills/jahia-content-translate-content/SKILL.md +297 -0
  53. package/dist/codex/.agents/skills/jahia-dev/SKILL.md +124 -0
  54. package/dist/codex/.agents/skills/jahia-dev-accessibility/SKILL.md +271 -0
  55. package/dist/codex/.agents/skills/jahia-dev-apis/SKILL.md +52 -0
  56. package/dist/codex/.agents/skills/jahia-dev-apis/references/authentication.md +484 -0
  57. package/dist/codex/.agents/skills/jahia-dev-apis/references/graphql.md +657 -0
  58. package/dist/codex/.agents/skills/jahia-dev-apis/references/jcr-api.md +465 -0
  59. package/dist/codex/.agents/skills/jahia-dev-apis/references/security.md +541 -0
  60. package/dist/codex/.agents/skills/jahia-dev-build-component/SKILL.md +140 -0
  61. package/dist/codex/.agents/skills/jahia-dev-create-page-template/SKILL.md +303 -0
  62. package/dist/codex/.agents/skills/jahia-dev-create-template-set/SKILL.md +232 -0
  63. package/dist/codex/.agents/skills/jahia-dev-create-view/SKILL.md +838 -0
  64. package/dist/codex/.agents/skills/jahia-dev-cypress/SKILL.md +445 -0
  65. package/dist/codex/.agents/skills/jahia-dev-debug/SKILL.md +176 -0
  66. package/dist/codex/.agents/skills/jahia-dev-define-content-type/SKILL.md +536 -0
  67. package/dist/codex/.agents/skills/jahia-dev-import-from/SKILL.md +244 -0
  68. package/dist/codex/.agents/skills/jahia-dev-java/SKILL.md +105 -0
  69. package/dist/codex/.agents/skills/jahia-dev-java/references/backend.md +331 -0
  70. package/dist/codex/.agents/skills/jahia-dev-java/references/content-types.md +273 -0
  71. package/dist/codex/.agents/skills/jahia-dev-java/references/modules.md +218 -0
  72. package/dist/codex/.agents/skills/jahia-dev-java/references/osgi.md +208 -0
  73. package/dist/codex/.agents/skills/jahia-dev-java/references/rendering.md +191 -0
  74. package/dist/codex/.agents/skills/jahia-dev-java/references/ui-extensions.md +344 -0
  75. package/dist/codex/.agents/skills/jahia-dev-jexperience/SKILL.md +269 -0
  76. package/dist/codex/.agents/skills/jahia-dev-ops/SKILL.md +50 -0
  77. package/dist/codex/.agents/skills/jahia-dev-ops/references/docker.md +151 -0
  78. package/dist/codex/.agents/skills/jahia-dev-ops/references/monitoring.md +195 -0
  79. package/dist/codex/.agents/skills/jahia-dev-ops/references/provisioning.md +269 -0
  80. package/dist/codex/.agents/skills/jahia-dev-osgi-module/SKILL.md +297 -0
  81. package/dist/codex/.agents/skills/jahia-dev-properties/SKILL.md +147 -0
  82. package/dist/codex/.agents/skills/jahia-dev-properties/references/all-properties.md +231 -0
  83. package/dist/codex/.agents/skills/jahia-dev-query-content/SKILL.md +407 -0
  84. package/dist/codex/.agents/skills/jahia-dev-review/SKILL.md +228 -0
  85. package/dist/codex/.agents/skills/jahia-dev-screenshot/SKILL.md +177 -0
  86. package/dist/codex/.agents/skills/jahia-dev-start-local/SKILL.md +129 -0
  87. package/dist/codex/.agents/skills/jahia-dev-ui-extension/SKILL.md +559 -0
  88. package/dist/codex/AGENTS.md +89 -0
  89. package/dist/copilot/.agents/skills/jahia/SKILL.md +136 -0
  90. package/dist/copilot/.agents/skills/jahia-content/SKILL.md +139 -0
  91. package/dist/copilot/.agents/skills/jahia-content-create-content/SKILL.md +384 -0
  92. package/dist/copilot/.agents/skills/jahia-content-explore-structure/SKILL.md +164 -0
  93. package/dist/copilot/.agents/skills/jahia-content-move-content/SKILL.md +236 -0
  94. package/dist/copilot/.agents/skills/jahia-content-query-content/SKILL.md +144 -0
  95. package/dist/copilot/.agents/skills/jahia-content-translate-content/SKILL.md +297 -0
  96. package/dist/copilot/.agents/skills/jahia-dev/SKILL.md +124 -0
  97. package/dist/copilot/.agents/skills/jahia-dev-accessibility/SKILL.md +271 -0
  98. package/dist/copilot/.agents/skills/jahia-dev-apis/SKILL.md +52 -0
  99. package/dist/copilot/.agents/skills/jahia-dev-apis/references/authentication.md +484 -0
  100. package/dist/copilot/.agents/skills/jahia-dev-apis/references/graphql.md +657 -0
  101. package/dist/copilot/.agents/skills/jahia-dev-apis/references/jcr-api.md +465 -0
  102. package/dist/copilot/.agents/skills/jahia-dev-apis/references/security.md +541 -0
  103. package/dist/copilot/.agents/skills/jahia-dev-build-component/SKILL.md +140 -0
  104. package/dist/copilot/.agents/skills/jahia-dev-create-page-template/SKILL.md +303 -0
  105. package/dist/copilot/.agents/skills/jahia-dev-create-template-set/SKILL.md +232 -0
  106. package/dist/copilot/.agents/skills/jahia-dev-create-view/SKILL.md +838 -0
  107. package/dist/copilot/.agents/skills/jahia-dev-cypress/SKILL.md +445 -0
  108. package/dist/copilot/.agents/skills/jahia-dev-debug/SKILL.md +176 -0
  109. package/dist/copilot/.agents/skills/jahia-dev-define-content-type/SKILL.md +536 -0
  110. package/dist/copilot/.agents/skills/jahia-dev-import-from/SKILL.md +244 -0
  111. package/dist/copilot/.agents/skills/jahia-dev-java/SKILL.md +105 -0
  112. package/dist/copilot/.agents/skills/jahia-dev-java/references/backend.md +331 -0
  113. package/dist/copilot/.agents/skills/jahia-dev-java/references/content-types.md +273 -0
  114. package/dist/copilot/.agents/skills/jahia-dev-java/references/modules.md +218 -0
  115. package/dist/copilot/.agents/skills/jahia-dev-java/references/osgi.md +208 -0
  116. package/dist/copilot/.agents/skills/jahia-dev-java/references/rendering.md +191 -0
  117. package/dist/copilot/.agents/skills/jahia-dev-java/references/ui-extensions.md +344 -0
  118. package/dist/copilot/.agents/skills/jahia-dev-jexperience/SKILL.md +269 -0
  119. package/dist/copilot/.agents/skills/jahia-dev-ops/SKILL.md +50 -0
  120. package/dist/copilot/.agents/skills/jahia-dev-ops/references/docker.md +151 -0
  121. package/dist/copilot/.agents/skills/jahia-dev-ops/references/monitoring.md +195 -0
  122. package/dist/copilot/.agents/skills/jahia-dev-ops/references/provisioning.md +269 -0
  123. package/dist/copilot/.agents/skills/jahia-dev-osgi-module/SKILL.md +297 -0
  124. package/dist/copilot/.agents/skills/jahia-dev-properties/SKILL.md +147 -0
  125. package/dist/copilot/.agents/skills/jahia-dev-properties/references/all-properties.md +231 -0
  126. package/dist/copilot/.agents/skills/jahia-dev-query-content/SKILL.md +407 -0
  127. package/dist/copilot/.agents/skills/jahia-dev-review/SKILL.md +228 -0
  128. package/dist/copilot/.agents/skills/jahia-dev-screenshot/SKILL.md +177 -0
  129. package/dist/copilot/.agents/skills/jahia-dev-start-local/SKILL.md +129 -0
  130. package/dist/copilot/.agents/skills/jahia-dev-ui-extension/SKILL.md +559 -0
  131. package/dist/copilot/AGENTS.md +89 -0
  132. package/dist/cursor/.agents/skills/jahia/SKILL.md +136 -0
  133. package/dist/cursor/.agents/skills/jahia-content/SKILL.md +139 -0
  134. package/dist/cursor/.agents/skills/jahia-content-create-content/SKILL.md +384 -0
  135. package/dist/cursor/.agents/skills/jahia-content-explore-structure/SKILL.md +164 -0
  136. package/dist/cursor/.agents/skills/jahia-content-move-content/SKILL.md +236 -0
  137. package/dist/cursor/.agents/skills/jahia-content-query-content/SKILL.md +144 -0
  138. package/dist/cursor/.agents/skills/jahia-content-translate-content/SKILL.md +297 -0
  139. package/dist/cursor/.agents/skills/jahia-dev/SKILL.md +124 -0
  140. package/dist/cursor/.agents/skills/jahia-dev-accessibility/SKILL.md +271 -0
  141. package/dist/cursor/.agents/skills/jahia-dev-apis/SKILL.md +52 -0
  142. package/dist/cursor/.agents/skills/jahia-dev-apis/references/authentication.md +484 -0
  143. package/dist/cursor/.agents/skills/jahia-dev-apis/references/graphql.md +657 -0
  144. package/dist/cursor/.agents/skills/jahia-dev-apis/references/jcr-api.md +465 -0
  145. package/dist/cursor/.agents/skills/jahia-dev-apis/references/security.md +541 -0
  146. package/dist/cursor/.agents/skills/jahia-dev-build-component/SKILL.md +140 -0
  147. package/dist/cursor/.agents/skills/jahia-dev-create-page-template/SKILL.md +303 -0
  148. package/dist/cursor/.agents/skills/jahia-dev-create-template-set/SKILL.md +232 -0
  149. package/dist/cursor/.agents/skills/jahia-dev-create-view/SKILL.md +838 -0
  150. package/dist/cursor/.agents/skills/jahia-dev-cypress/SKILL.md +445 -0
  151. package/dist/cursor/.agents/skills/jahia-dev-debug/SKILL.md +176 -0
  152. package/dist/cursor/.agents/skills/jahia-dev-define-content-type/SKILL.md +536 -0
  153. package/dist/cursor/.agents/skills/jahia-dev-import-from/SKILL.md +244 -0
  154. package/dist/cursor/.agents/skills/jahia-dev-java/SKILL.md +105 -0
  155. package/dist/cursor/.agents/skills/jahia-dev-java/references/backend.md +331 -0
  156. package/dist/cursor/.agents/skills/jahia-dev-java/references/content-types.md +273 -0
  157. package/dist/cursor/.agents/skills/jahia-dev-java/references/modules.md +218 -0
  158. package/dist/cursor/.agents/skills/jahia-dev-java/references/osgi.md +208 -0
  159. package/dist/cursor/.agents/skills/jahia-dev-java/references/rendering.md +191 -0
  160. package/dist/cursor/.agents/skills/jahia-dev-java/references/ui-extensions.md +344 -0
  161. package/dist/cursor/.agents/skills/jahia-dev-jexperience/SKILL.md +269 -0
  162. package/dist/cursor/.agents/skills/jahia-dev-ops/SKILL.md +50 -0
  163. package/dist/cursor/.agents/skills/jahia-dev-ops/references/docker.md +151 -0
  164. package/dist/cursor/.agents/skills/jahia-dev-ops/references/monitoring.md +195 -0
  165. package/dist/cursor/.agents/skills/jahia-dev-ops/references/provisioning.md +269 -0
  166. package/dist/cursor/.agents/skills/jahia-dev-osgi-module/SKILL.md +297 -0
  167. package/dist/cursor/.agents/skills/jahia-dev-properties/SKILL.md +147 -0
  168. package/dist/cursor/.agents/skills/jahia-dev-properties/references/all-properties.md +231 -0
  169. package/dist/cursor/.agents/skills/jahia-dev-query-content/SKILL.md +407 -0
  170. package/dist/cursor/.agents/skills/jahia-dev-review/SKILL.md +228 -0
  171. package/dist/cursor/.agents/skills/jahia-dev-screenshot/SKILL.md +177 -0
  172. package/dist/cursor/.agents/skills/jahia-dev-start-local/SKILL.md +129 -0
  173. package/dist/cursor/.agents/skills/jahia-dev-ui-extension/SKILL.md +559 -0
  174. package/dist/cursor/.cursor/rules/jahia.mdc +80 -0
  175. package/dist/gemini/.agents/skills/jahia/SKILL.md +136 -0
  176. package/dist/gemini/.agents/skills/jahia-content/SKILL.md +139 -0
  177. package/dist/gemini/.agents/skills/jahia-content-create-content/SKILL.md +384 -0
  178. package/dist/gemini/.agents/skills/jahia-content-explore-structure/SKILL.md +164 -0
  179. package/dist/gemini/.agents/skills/jahia-content-move-content/SKILL.md +236 -0
  180. package/dist/gemini/.agents/skills/jahia-content-query-content/SKILL.md +144 -0
  181. package/dist/gemini/.agents/skills/jahia-content-translate-content/SKILL.md +297 -0
  182. package/dist/gemini/.agents/skills/jahia-dev/SKILL.md +124 -0
  183. package/dist/gemini/.agents/skills/jahia-dev-accessibility/SKILL.md +271 -0
  184. package/dist/gemini/.agents/skills/jahia-dev-apis/SKILL.md +52 -0
  185. package/dist/gemini/.agents/skills/jahia-dev-apis/references/authentication.md +484 -0
  186. package/dist/gemini/.agents/skills/jahia-dev-apis/references/graphql.md +657 -0
  187. package/dist/gemini/.agents/skills/jahia-dev-apis/references/jcr-api.md +465 -0
  188. package/dist/gemini/.agents/skills/jahia-dev-apis/references/security.md +541 -0
  189. package/dist/gemini/.agents/skills/jahia-dev-build-component/SKILL.md +140 -0
  190. package/dist/gemini/.agents/skills/jahia-dev-create-page-template/SKILL.md +303 -0
  191. package/dist/gemini/.agents/skills/jahia-dev-create-template-set/SKILL.md +232 -0
  192. package/dist/gemini/.agents/skills/jahia-dev-create-view/SKILL.md +838 -0
  193. package/dist/gemini/.agents/skills/jahia-dev-cypress/SKILL.md +445 -0
  194. package/dist/gemini/.agents/skills/jahia-dev-debug/SKILL.md +176 -0
  195. package/dist/gemini/.agents/skills/jahia-dev-define-content-type/SKILL.md +536 -0
  196. package/dist/gemini/.agents/skills/jahia-dev-import-from/SKILL.md +244 -0
  197. package/dist/gemini/.agents/skills/jahia-dev-java/SKILL.md +105 -0
  198. package/dist/gemini/.agents/skills/jahia-dev-java/references/backend.md +331 -0
  199. package/dist/gemini/.agents/skills/jahia-dev-java/references/content-types.md +273 -0
  200. package/dist/gemini/.agents/skills/jahia-dev-java/references/modules.md +218 -0
  201. package/dist/gemini/.agents/skills/jahia-dev-java/references/osgi.md +208 -0
  202. package/dist/gemini/.agents/skills/jahia-dev-java/references/rendering.md +191 -0
  203. package/dist/gemini/.agents/skills/jahia-dev-java/references/ui-extensions.md +344 -0
  204. package/dist/gemini/.agents/skills/jahia-dev-jexperience/SKILL.md +269 -0
  205. package/dist/gemini/.agents/skills/jahia-dev-ops/SKILL.md +50 -0
  206. package/dist/gemini/.agents/skills/jahia-dev-ops/references/docker.md +151 -0
  207. package/dist/gemini/.agents/skills/jahia-dev-ops/references/monitoring.md +195 -0
  208. package/dist/gemini/.agents/skills/jahia-dev-ops/references/provisioning.md +269 -0
  209. package/dist/gemini/.agents/skills/jahia-dev-osgi-module/SKILL.md +297 -0
  210. package/dist/gemini/.agents/skills/jahia-dev-properties/SKILL.md +147 -0
  211. package/dist/gemini/.agents/skills/jahia-dev-properties/references/all-properties.md +231 -0
  212. package/dist/gemini/.agents/skills/jahia-dev-query-content/SKILL.md +407 -0
  213. package/dist/gemini/.agents/skills/jahia-dev-review/SKILL.md +228 -0
  214. package/dist/gemini/.agents/skills/jahia-dev-screenshot/SKILL.md +177 -0
  215. package/dist/gemini/.agents/skills/jahia-dev-start-local/SKILL.md +129 -0
  216. package/dist/gemini/.agents/skills/jahia-dev-ui-extension/SKILL.md +559 -0
  217. package/dist/gemini/AGENTS.md +89 -0
  218. package/dist/gemini/GEMINI.md +6 -0
  219. package/dist/index.js +975 -0
  220. package/dist/opencode/.agents/skills/jahia/SKILL.md +136 -0
  221. package/dist/opencode/.agents/skills/jahia-content/SKILL.md +139 -0
  222. package/dist/opencode/.agents/skills/jahia-content-create-content/SKILL.md +384 -0
  223. package/dist/opencode/.agents/skills/jahia-content-explore-structure/SKILL.md +164 -0
  224. package/dist/opencode/.agents/skills/jahia-content-move-content/SKILL.md +236 -0
  225. package/dist/opencode/.agents/skills/jahia-content-query-content/SKILL.md +144 -0
  226. package/dist/opencode/.agents/skills/jahia-content-translate-content/SKILL.md +297 -0
  227. package/dist/opencode/.agents/skills/jahia-dev/SKILL.md +124 -0
  228. package/dist/opencode/.agents/skills/jahia-dev-accessibility/SKILL.md +271 -0
  229. package/dist/opencode/.agents/skills/jahia-dev-apis/SKILL.md +52 -0
  230. package/dist/opencode/.agents/skills/jahia-dev-apis/references/authentication.md +484 -0
  231. package/dist/opencode/.agents/skills/jahia-dev-apis/references/graphql.md +657 -0
  232. package/dist/opencode/.agents/skills/jahia-dev-apis/references/jcr-api.md +465 -0
  233. package/dist/opencode/.agents/skills/jahia-dev-apis/references/security.md +541 -0
  234. package/dist/opencode/.agents/skills/jahia-dev-build-component/SKILL.md +140 -0
  235. package/dist/opencode/.agents/skills/jahia-dev-create-page-template/SKILL.md +303 -0
  236. package/dist/opencode/.agents/skills/jahia-dev-create-template-set/SKILL.md +232 -0
  237. package/dist/opencode/.agents/skills/jahia-dev-create-view/SKILL.md +838 -0
  238. package/dist/opencode/.agents/skills/jahia-dev-cypress/SKILL.md +445 -0
  239. package/dist/opencode/.agents/skills/jahia-dev-debug/SKILL.md +176 -0
  240. package/dist/opencode/.agents/skills/jahia-dev-define-content-type/SKILL.md +536 -0
  241. package/dist/opencode/.agents/skills/jahia-dev-import-from/SKILL.md +244 -0
  242. package/dist/opencode/.agents/skills/jahia-dev-java/SKILL.md +105 -0
  243. package/dist/opencode/.agents/skills/jahia-dev-java/references/backend.md +331 -0
  244. package/dist/opencode/.agents/skills/jahia-dev-java/references/content-types.md +273 -0
  245. package/dist/opencode/.agents/skills/jahia-dev-java/references/modules.md +218 -0
  246. package/dist/opencode/.agents/skills/jahia-dev-java/references/osgi.md +208 -0
  247. package/dist/opencode/.agents/skills/jahia-dev-java/references/rendering.md +191 -0
  248. package/dist/opencode/.agents/skills/jahia-dev-java/references/ui-extensions.md +344 -0
  249. package/dist/opencode/.agents/skills/jahia-dev-jexperience/SKILL.md +269 -0
  250. package/dist/opencode/.agents/skills/jahia-dev-ops/SKILL.md +50 -0
  251. package/dist/opencode/.agents/skills/jahia-dev-ops/references/docker.md +151 -0
  252. package/dist/opencode/.agents/skills/jahia-dev-ops/references/monitoring.md +195 -0
  253. package/dist/opencode/.agents/skills/jahia-dev-ops/references/provisioning.md +269 -0
  254. package/dist/opencode/.agents/skills/jahia-dev-osgi-module/SKILL.md +297 -0
  255. package/dist/opencode/.agents/skills/jahia-dev-properties/SKILL.md +147 -0
  256. package/dist/opencode/.agents/skills/jahia-dev-properties/references/all-properties.md +231 -0
  257. package/dist/opencode/.agents/skills/jahia-dev-query-content/SKILL.md +407 -0
  258. package/dist/opencode/.agents/skills/jahia-dev-review/SKILL.md +228 -0
  259. package/dist/opencode/.agents/skills/jahia-dev-screenshot/SKILL.md +177 -0
  260. package/dist/opencode/.agents/skills/jahia-dev-start-local/SKILL.md +129 -0
  261. package/dist/opencode/.agents/skills/jahia-dev-ui-extension/SKILL.md +559 -0
  262. package/dist/opencode/AGENTS.md +89 -0
  263. package/dist/windsurf/.windsurf/rules/jahia.md +80 -0
  264. package/dist/windsurf/.windsurf/skills/jahia/SKILL.md +136 -0
  265. package/dist/windsurf/.windsurf/skills/jahia-content/SKILL.md +139 -0
  266. package/dist/windsurf/.windsurf/skills/jahia-content-create-content/SKILL.md +384 -0
  267. package/dist/windsurf/.windsurf/skills/jahia-content-explore-structure/SKILL.md +164 -0
  268. package/dist/windsurf/.windsurf/skills/jahia-content-move-content/SKILL.md +236 -0
  269. package/dist/windsurf/.windsurf/skills/jahia-content-query-content/SKILL.md +144 -0
  270. package/dist/windsurf/.windsurf/skills/jahia-content-translate-content/SKILL.md +297 -0
  271. package/dist/windsurf/.windsurf/skills/jahia-dev/SKILL.md +124 -0
  272. package/dist/windsurf/.windsurf/skills/jahia-dev-accessibility/SKILL.md +271 -0
  273. package/dist/windsurf/.windsurf/skills/jahia-dev-apis/SKILL.md +52 -0
  274. package/dist/windsurf/.windsurf/skills/jahia-dev-apis/references/authentication.md +484 -0
  275. package/dist/windsurf/.windsurf/skills/jahia-dev-apis/references/graphql.md +657 -0
  276. package/dist/windsurf/.windsurf/skills/jahia-dev-apis/references/jcr-api.md +465 -0
  277. package/dist/windsurf/.windsurf/skills/jahia-dev-apis/references/security.md +541 -0
  278. package/dist/windsurf/.windsurf/skills/jahia-dev-build-component/SKILL.md +140 -0
  279. package/dist/windsurf/.windsurf/skills/jahia-dev-create-page-template/SKILL.md +303 -0
  280. package/dist/windsurf/.windsurf/skills/jahia-dev-create-template-set/SKILL.md +232 -0
  281. package/dist/windsurf/.windsurf/skills/jahia-dev-create-view/SKILL.md +838 -0
  282. package/dist/windsurf/.windsurf/skills/jahia-dev-cypress/SKILL.md +445 -0
  283. package/dist/windsurf/.windsurf/skills/jahia-dev-debug/SKILL.md +176 -0
  284. package/dist/windsurf/.windsurf/skills/jahia-dev-define-content-type/SKILL.md +536 -0
  285. package/dist/windsurf/.windsurf/skills/jahia-dev-import-from/SKILL.md +244 -0
  286. package/dist/windsurf/.windsurf/skills/jahia-dev-java/SKILL.md +105 -0
  287. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/backend.md +331 -0
  288. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/content-types.md +273 -0
  289. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/modules.md +218 -0
  290. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/osgi.md +208 -0
  291. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/rendering.md +191 -0
  292. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/ui-extensions.md +344 -0
  293. package/dist/windsurf/.windsurf/skills/jahia-dev-jexperience/SKILL.md +269 -0
  294. package/dist/windsurf/.windsurf/skills/jahia-dev-ops/SKILL.md +50 -0
  295. package/dist/windsurf/.windsurf/skills/jahia-dev-ops/references/docker.md +151 -0
  296. package/dist/windsurf/.windsurf/skills/jahia-dev-ops/references/monitoring.md +195 -0
  297. package/dist/windsurf/.windsurf/skills/jahia-dev-ops/references/provisioning.md +269 -0
  298. package/dist/windsurf/.windsurf/skills/jahia-dev-osgi-module/SKILL.md +297 -0
  299. package/dist/windsurf/.windsurf/skills/jahia-dev-properties/SKILL.md +147 -0
  300. package/dist/windsurf/.windsurf/skills/jahia-dev-properties/references/all-properties.md +231 -0
  301. package/dist/windsurf/.windsurf/skills/jahia-dev-query-content/SKILL.md +407 -0
  302. package/dist/windsurf/.windsurf/skills/jahia-dev-review/SKILL.md +228 -0
  303. package/dist/windsurf/.windsurf/skills/jahia-dev-screenshot/SKILL.md +177 -0
  304. package/dist/windsurf/.windsurf/skills/jahia-dev-start-local/SKILL.md +129 -0
  305. package/dist/windsurf/.windsurf/skills/jahia-dev-ui-extension/SKILL.md +559 -0
  306. package/dist/windsurf/AGENTS.md +89 -0
  307. package/package.json +28 -0
@@ -0,0 +1,541 @@
1
+ # Security Reference
2
+
3
+ Covers the security filter/service (scope-based API authorization), HTML filtering (XSS protection), and Content Security Policy (CSP).
4
+
5
+ ## Table of Contents
6
+
7
+ - [Security Service and Filter](#security-service-and-filter)
8
+ - [Overview](#overview)
9
+ - [Authorization configuration](#authorization-configuration)
10
+ - [Scope grants](#scope-grants)
11
+ - [Auto-apply rules](#auto-apply-rules)
12
+ - [User constraints](#user-constraints)
13
+ - [Configuration profiles](#configuration-profiles)
14
+ - [Extending an existing scope](#extending-an-existing-scope)
15
+ - [Packaging configuration in a module](#packaging-configuration-in-a-module)
16
+ - [Checking API authorization from Java](#checking-api-authorization-from-java)
17
+ - [CORS filter](#cors-filter)
18
+ - [JWT tokens (deprecated)](#jwt-tokens-deprecated)
19
+ - [Legacy mode and migration](#legacy-mode-and-migration)
20
+ - [HTML Filtering (XSS Protection)](#html-filtering-xss-protection)
21
+ - [Overview](#overview-1)
22
+ - [Configuration file priority](#configuration-file-priority)
23
+ - [Configuration structure](#configuration-structure)
24
+ - [Strategies: SANITIZE vs REJECT](#strategies-sanitize-vs-reject)
25
+ - [Process and skip settings](#process-and-skip-settings)
26
+ - [Skip on permissions](#skip-on-permissions)
27
+ - [Rule sets — allowed elements and attributes](#rule-sets--allowed-elements-and-attributes)
28
+ - [GraphQL API for validation](#graphql-api-for-validation)
29
+ - [Which properties are filtered](#which-properties-are-filtered)
30
+ - [Best practices](#best-practices)
31
+ - [Migrating from v1 to v2](#migrating-from-v1-to-v2)
32
+ - [Content Security Policy (CSP)](#content-security-policy-csp)
33
+ - [Installation and enabling](#installation-and-enabling)
34
+ - [Site-level CSP](#site-level-csp)
35
+ - [Page-level CSP override](#page-level-csp-override)
36
+ - [Report-only mode](#report-only-mode)
37
+ - [Nonce generation](#nonce-generation)
38
+ - [CSP examples](#csp-examples)
39
+
40
+ ---
41
+
42
+ ## Security Service and Filter
43
+
44
+ ### Overview
45
+
46
+ The `security-filter` bundle protects all Jahia APIs (GraphQL, RESTful JCR, views, custom APIs) from unauthorized access, XSS/CSRF attacks, and provides CORS support.
47
+
48
+ **Core principle:** All API access is **denied by default**. Access is explicitly granted via scope-based configuration files. Without any configuration, even the Jahia Administration UI will not work.
49
+
50
+ Configuration files live in `digital-factory-data/karaf/etc/` with the filename pattern:
51
+
52
+ ```
53
+ org.jahia.bundles.api.authorization-*.yml
54
+ or
55
+ org.jahia.bundles.api.authorization-*.cfg
56
+ ```
57
+
58
+ YAML format is supported from Jahia 8.1.0.0 onward (recommended).
59
+
60
+ ### Authorization configuration
61
+
62
+ The configuration is a list of named **scopes**. Each scope grants access to one or more APIs.
63
+
64
+ - If a request holds **at least one** scope that grants the API → access **granted**
65
+ - If a request holds **no** scope that grants the API → access **denied**
66
+
67
+ Scopes can be associated with a request via:
68
+ - Personal API tokens (explicitly carrying scopes)
69
+ - JWT tokens (deprecated — see below)
70
+ - Automatic rules based on request origin
71
+
72
+ **Minimal YAML scope example:**
73
+
74
+ ```yaml
75
+ myscope:
76
+ description: Can access some graphql API
77
+ metadata:
78
+ visible: true
79
+ auto_apply:
80
+ - origin: hosted
81
+ grants:
82
+ - api: graphql.MyGqlType
83
+ node: none
84
+ ```
85
+
86
+ Equivalent in `.cfg` format:
87
+
88
+ ```properties
89
+ myscope.description = Can access some graphql API
90
+ myscope.metadata.visible = true
91
+ myscope.auto_apply[0].origin = hosted
92
+ myscope.grants[0].api = graphql.MyGqlType
93
+ myscope.grants[0].node = none
94
+ ```
95
+
96
+ ### Scope grants
97
+
98
+ A scope contains one or more grants. Within a single grant, **all conditions must match** (AND logic). Multiple grants use OR logic (any one matching grant grants access).
99
+
100
+ **Grant conditions:**
101
+
102
+ **`api`** — API identifier (dot-separated). Examples:
103
+ - `graphql.MyGqlType` — specific GraphQL type
104
+ - `graphql.JcrNode, graphql.JcrProperty` — multiple types (comma-separated)
105
+ - `view.json.tree` — the `tree.json` view
106
+ - `jcrestapi` — all JCRest API calls
107
+
108
+ API names by subsystem:
109
+ - GraphQL: `graphql.<gql-type>.<gql-field>`
110
+ - JCRest API: `jcrestapi.<query-type>`
111
+ - AJAX views: `view.<template-type>.<view-name>`
112
+
113
+ Include/exclude syntax:
114
+
115
+ ```yaml
116
+ grants:
117
+ - api:
118
+ include: graphql
119
+ exclude: graphql.GqlAdmin, graphql.JcrNode
120
+ ```
121
+
122
+ **`node`** — matches requests involving a JCR node. Use `node: none` for requests that do not return a node. Sub-entries:
123
+
124
+ ```yaml
125
+ grants:
126
+ - node:
127
+ pathPattern: /,/sites(/.*)?
128
+ excludedPathPattern: /sites/[^/]+/users(/.*)?
129
+ workspace: live # or: default
130
+ nodeType: jnt:page
131
+ excludedNodeType: jnt:file
132
+ withPermission: myPermission
133
+ ```
134
+
135
+ **Combining conditions (AND within one grant):**
136
+
137
+ ```yaml
138
+ grants:
139
+ - api: graphql
140
+ node: none
141
+ # Allows GraphQL calls that do NOT involve a node
142
+ ```
143
+
144
+ **Multiple grants (OR between grants):**
145
+
146
+ ```yaml
147
+ grants:
148
+ - api: graphql
149
+ - node: none
150
+ # Allows ALL GraphQL calls, AND all calls that don't involve a node
151
+ ```
152
+
153
+ ### Auto-apply rules
154
+
155
+ Scopes can be automatically applied based on request origin (checked against `Origin` and `Referer` headers):
156
+
157
+ ```yaml
158
+ auto_apply:
159
+ - origin: hosted # same server as Jahia (same origin)
160
+ - origin: same # alias for hosted
161
+ - origin: http://www.mysite.com # specific trusted origin
162
+ ```
163
+
164
+ To always apply a scope regardless of origin:
165
+
166
+ ```yaml
167
+ auto_apply:
168
+ - always: true
169
+ ```
170
+
171
+ ### User constraints
172
+
173
+ Restrict a scope to specific users:
174
+
175
+ ```yaml
176
+ # Restrict to users with a specific permission on a node:
177
+ constraints:
178
+ - user_permission: manageModules
179
+ path: /sites
180
+ workspace: live
181
+
182
+ # Restrict to privileged users only:
183
+ constraints:
184
+ - privileged_user: true
185
+ ```
186
+
187
+ The scope will **never** be applied to users who do not meet the constraints.
188
+
189
+ ### Configuration profiles
190
+
191
+ Set a profile in `org.jahia.bundles.api.security.cfg` via `security.profile`:
192
+
193
+ | Profile | Description | Recommendation |
194
+ |---------|-------------|----------------|
195
+ | `default` | No API calls from external origins or non-privileged users | **Recommended** |
196
+ | `compat` | More open; compatible with pre-8.1 behavior | Not recommended for production |
197
+ | `open` | Allows every call | Never use in production |
198
+
199
+ The `compat` profile was introduced in 2021 as a migration aid and is not intended for ongoing production use.
200
+
201
+ ### Extending an existing scope
202
+
203
+ Add grants or auto-apply rules to an existing scope from another configuration file:
204
+
205
+ ```yaml
206
+ graphql:
207
+ auto_apply:
208
+ - origin: http://www.mytrusted-origin.com
209
+ ```
210
+
211
+ ### Packaging configuration in a module
212
+
213
+ Place configuration files in `META-INF/configurations/` within your module JAR. They are deployed to `karaf/etc` at module startup (supported from DX 7.2.2.0).
214
+
215
+ ### Checking API authorization from Java
216
+
217
+ The bundle exposes an OSGi service implementing `org.jahia.services.securityfilter.PermissionService`. Call `hasPermission(query)` with a map:
218
+
219
+ ```java
220
+ Map<String, Object> query = new HashMap<>();
221
+ query.put("api", "my-api.type.sub-type"); // required
222
+ query.put("node", jcrNodeWrapper); // optional
223
+ boolean allowed = permissionService.hasPermission(query);
224
+ ```
225
+
226
+ The `api` key value is tested by `ApiGrant`; the `node` key value (a `JCRNodeWrapper`) is tested by `NodeGrant`.
227
+
228
+ ### CORS filter
229
+
230
+ The security-filter module includes a global CORS filter based on the Tomcat implementation. Configure it in `org.jahia.bundles.api.security.cfg`. All Tomcat CORS filter settings are supported — see [Tomcat CORS Filter docs](https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#CORS_Filter).
231
+
232
+ ### JWT tokens (deprecated)
233
+
234
+ JWT tokens are **deprecated** — use personal API tokens instead.
235
+
236
+ Pass a JWT in the `Authorization: Bearer <token>` header. JWT tokens carry a `scopes` claim listing the scopes they grant. Configuration in `org.jahia.bundles.jwt.token.cfg`:
237
+
238
+ ```properties
239
+ jwt.issuer = MyOrg
240
+ jwt.audience = http://jahia.com
241
+ jwt.algorithm = HMAC_SHA256
242
+ jwt.secret = my_super_secret_change_this
243
+ ```
244
+
245
+ Tokens can be generated via **Developer Tools > JWT Configuration** in development mode.
246
+
247
+ ### Legacy mode and migration
248
+
249
+ Enable legacy mode in `org.jahia.bundles.api.security.cfg`:
250
+
251
+ ```properties
252
+ security.legacyMode=true
253
+ ```
254
+
255
+ In legacy mode, old `org.jahia.modules.api.permissions-*.cfg` files are used. The new authorization YAML files are ignored.
256
+
257
+ Enable migration reporting to compare behaviors:
258
+
259
+ ```properties
260
+ security.migrationReporting=true
261
+ ```
262
+
263
+ This logs differences between legacy and standard mode without changing the active enforcement.
264
+
265
+ **Debugging:** Set `org.jahia.bundles.securityfilter.core` (or `.legacy` for legacy mode) to `DEBUG` in log4j to log every permission check with its result and matching grant.
266
+
267
+ ---
268
+
269
+ ## HTML Filtering (XSS Protection)
270
+
271
+ ### Overview
272
+
273
+ The HTML Filtering module (v2) provides XSS protection for JCR properties containing HTML markup. It is **active as soon as the module is installed** — no per-site enablement is required. Compatible with Jahia 8.1.8.0+.
274
+
275
+ HTML filtering applies to content saves. It does not filter rendered output.
276
+
277
+ ### Configuration file priority
278
+
279
+ Three configuration levels (highest to lowest priority):
280
+
281
+ | Level | Filename | Purpose |
282
+ |-------|----------|---------|
283
+ | Site-specific | `org.jahia.modules.htmlfiltering.site-<SITE_KEY>.yml` | Per-site overrides |
284
+ | Global custom | `org.jahia.modules.htmlfiltering.global.custom.yml` | Admin customizations for all sites |
285
+ | Global default | `org.jahia.modules.htmlfiltering.global.default.yml` | Shipped with module; do not modify |
286
+
287
+ If a configuration file is invalid, it is skipped and the next level in the chain is used. Check logs to confirm your configuration loaded.
288
+
289
+ ### Configuration structure
290
+
291
+ All configuration files share the same structure with separate `editWorkspace` and `liveWorkspace` sections (both must be present for the file to be valid):
292
+
293
+ ```yaml
294
+ htmlFiltering:
295
+ formatDefinitions:
296
+ HTML_ID: '[a-zA-Z0-9\:\-_\.]+'
297
+ NUMBER_OR_PERCENT: '\d+%?'
298
+ LINKS_URL: '(?:(?:[\p{L}\p{N}\\\.#@$%\+&;\-_~,\?=/!{}:]+|#(\w)+)|(\s*(?:(?:ht|f)tps?://|mailto:)[\p{L}\p{N}][\p{L}\p{N}\p{Zs}\.#@$%\+&:\-_~,\?=/!\(\)]*+\s*))'
299
+ editWorkspace:
300
+ strategy: REJECT
301
+ skipOnPermissions: []
302
+ process: ['nt:base.*']
303
+ skip: []
304
+ allowedRuleSet:
305
+ elements:
306
+ # rules for allowed elements and attributes
307
+ protocols: [http, https, mailto]
308
+ liveWorkspace:
309
+ strategy: SANITIZE
310
+ skipOnPermissions: []
311
+ process: ['nt:base.*']
312
+ skip: []
313
+ allowedRuleSet:
314
+ elements:
315
+ # rules for allowed elements and attributes
316
+ protocols: [http, https, mailto]
317
+ ```
318
+
319
+ ### Strategies: SANITIZE vs REJECT
320
+
321
+ | Strategy | Behavior | Recommended for |
322
+ |----------|----------|----------------|
323
+ | `SANITIZE` | Removes disallowed tags/attributes silently | `liveWorkspace` (no direct user feedback) |
324
+ | `REJECT` | Rejects the save operation if any disallowed content found | `editWorkspace` (editors can correct) |
325
+
326
+ **SANITIZE behavior by tag type:**
327
+ - Block-level tags (e.g., `<p>`): tag is removed but text content is kept (`<p>hello</p>` → `hello`)
328
+ - Other tags (e.g., `<script>`): tag and all its content are removed entirely
329
+
330
+ ### Process and skip settings
331
+
332
+ Control which node types and properties are filtered:
333
+
334
+ ```yaml
335
+ process: ['nt:base.*'] # Filter all properties of all node types
336
+ skip: ['nt:myNodeType.*'] # Skip all properties of a specific node type
337
+ skip: ['nt:myNodeType.myProp'] # Skip a specific property
338
+ ```
339
+
340
+ `skip` takes precedence over `process`. The notation supports any node type/property combination that exists on the node, even via mixins — for example `skip: ['jnt:bigText.j:htmlContent']` is valid even if `j:htmlContent` is defined on a mixin.
341
+
342
+ ### Skip on permissions
343
+
344
+ Bypass filtering for users holding specific permissions:
345
+
346
+ ```yaml
347
+ skipOnPermissions: ['view-full-wysiwyg-editor', 'site-admin']
348
+ ```
349
+
350
+ **Warning:** If a privileged user saves HTML content with elements that would be filtered for less privileged users, those users will be unable to later edit that content (their save will be rejected). Use `skipOnPermissions` with care and only for trusted users.
351
+
352
+ ### Rule sets — allowed elements and attributes
353
+
354
+ ```yaml
355
+ allowedRuleSet:
356
+ elements:
357
+ - attributes: [class, dir, hidden, lang, role, style, title] # on any tag
358
+ - attributes:
359
+ - id
360
+ format: HTML_ID # must match regex
361
+ - attributes: [align]
362
+ tags: [caption, col, colgroup, hr, img, table, tbody, td, tfoot, th, thead, tr]
363
+ - attributes: [alt]
364
+ tags: [img]
365
+ - tags: [h1, h2, h3, h4, h5, h6, p, a, img, figure, div, ul, ol, li,
366
+ table, tbody, thead, tfoot, tr, td, th, blockquote, code, pre,
367
+ br, strong, em, span, nav, article, main, aside, section, header, footer]
368
+ protocols: [http, https, mailto]
369
+ ```
370
+
371
+ Each rule can specify:
372
+ - `tags` — HTML tags the rule applies to (omit to apply to all tags)
373
+ - `attributes` — allowed attributes for those tags
374
+ - `format` — regex pattern name from `formatDefinitions` that attribute values must match
375
+
376
+ `protocols` restricts allowed URL schemes in `href` and `src` attributes.
377
+
378
+ `allowedRuleSet` is mandatory and must contain at least one rule. `disallowedRuleSet` is optional.
379
+
380
+ ### GraphQL API for validation
381
+
382
+ Validate or preview HTML sanitization before saving:
383
+
384
+ ```graphql
385
+ query HtmlFiltering($html: String!, $workspace: Workspace = EDIT, $siteKey: String!) {
386
+ htmlFiltering {
387
+ validate(html: $html, workspace: $workspace, siteKey: $siteKey) {
388
+ removedTags
389
+ removedAttributes {
390
+ attributes
391
+ tag
392
+ }
393
+ sanitizedHtml
394
+ safe
395
+ }
396
+ }
397
+ }
398
+ ```
399
+
400
+ Response fields:
401
+ - `removedTags` — list of tags removed during sanitization
402
+ - `removedAttributes` — list of attributes removed, with their parent tags
403
+ - `sanitizedHtml` — the sanitized output
404
+ - `safe` — `true` if nothing was removed (input is fully compliant)
405
+
406
+ ### Which properties are filtered
407
+
408
+ A property is processed by HTML filtering only if **all** of the following are true:
409
+
410
+ 1. The current user does not have any permission listed in `skipOnPermissions`
411
+ 2. The property matches at least one pattern in `process`
412
+ 3. The property does not match any pattern in `skip`
413
+ 4. The property is declared as a `richtext` property in the CND definition
414
+
415
+ ```
416
+ [nt:myNodeType] > jnt:content, jmix:droppableContent
417
+ - myHTMLProperty (string, richtext) # filtered
418
+ - willNotBeProcessed (string) # not filtered (no richtext)
419
+ ```
420
+
421
+ **Important:** JSON overrides (jContent UI overrides) that change a property's editor to RichText are **ignored** by HTML filtering. The CND definition is authoritative. Properties must be declared `richtext` in the CND to be filtered.
422
+
423
+ ### Best practices
424
+
425
+ 1. Never modify `org.jahia.modules.htmlfiltering.global.default.yml` — create a custom or site-specific file instead.
426
+ 2. Use `skipOnPermissions` sparingly; only for users who genuinely need to contribute unrestricted HTML.
427
+ 3. Use `REJECT` in `editWorkspace` so editors receive immediate feedback; use `SANITIZE` in `liveWorkspace` for resilience.
428
+ 4. Declare HTML properties with the `richtext` constraint in CND — JSON overrides do not affect filtering.
429
+ 5. After adding or modifying a config file, verify in logs that it was loaded successfully.
430
+
431
+ ### Migrating from v1 to v2
432
+
433
+ As soon as v2 is installed, it replaces v1 entirely. v1 custom configurations are no longer read.
434
+
435
+ **Key changes in v2:**
436
+
437
+ | Area | v1 | v2 |
438
+ |------|----|----|
439
+ | Strategy | SANITIZE only | SANITIZE or REJECT per workspace |
440
+ | Workspaces | Single config | Separate `editWorkspace`/`liveWorkspace` sections |
441
+ | Format definitions | Hardcoded (e.g., `HTML_ID`) | Configurable in `formatDefinitions` |
442
+ | Config files | `org.jahia.modules.htmlfiltering.config-*.yml` | Three-tier: global default, global custom, site-specific |
443
+ | `htmlSanitizerDryRun` | Available | Removed |
444
+
445
+ **GraphQL API change:**
446
+
447
+ v1 (mutation):
448
+ ```graphql
449
+ mutation { htmlFilteringConfiguration { htmlFiltering {
450
+ testFiltering(siteKey: $siteKey, html: $text) { html, removedElements, removedAttributes { element, attributes } }
451
+ }}}
452
+ ```
453
+
454
+ v2 (query):
455
+ ```graphql
456
+ query { htmlFiltering {
457
+ validate(html: $html, workspace: $workspace, siteKey: $siteKey) {
458
+ sanitizedHtml, removedTags, removedAttributes { attributes, tag }, safe
459
+ }
460
+ }}
461
+ ```
462
+
463
+ **Migration steps:**
464
+ 1. Review existing v1 configs; note all custom rules.
465
+ 2. Create `org.jahia.modules.htmlfiltering.global.custom.yml` for global customizations.
466
+ 3. Create `org.jahia.modules.htmlfiltering.site-<SITE_KEY>.yml` for site-specific rules.
467
+ 4. Use `SANITIZE` strategy in both workspaces to replicate v1 behavior, then tighten as needed.
468
+ 5. Update any code using the v1 GraphQL API.
469
+ 6. Test thoroughly, then delete the old v1 config files.
470
+
471
+ ---
472
+
473
+ ## Content Security Policy (CSP)
474
+
475
+ ### Installation and enabling
476
+
477
+ The CSP module is installed by default with Jahia 8+. Enable it per site:
478
+
479
+ 1. Go to **Administration > Server > Modules & Extensions > Modules**.
480
+ 2. Find **Content Security Policy** and activate it on the relevant sites.
481
+
482
+ ### Site-level CSP
483
+
484
+ 1. Go to **Administration > Sites > Site properties > Edit site properties**.
485
+ 2. In the Options section, check **Add Content-Security-Policy at the site level**.
486
+ 3. Enter the CSP directive string (all on one line).
487
+ 4. Optionally enable report-only mode or specify a violation report URL.
488
+
489
+ ### Page-level CSP override
490
+
491
+ Override the site-level CSP for a specific page:
492
+
493
+ 1. In **JContent**, edit the page.
494
+ 2. In the Options section, check **Replace Content-Security-Policy at the page level**.
495
+ 3. Enter the page-specific CSP directive.
496
+
497
+ ### Report-only mode
498
+
499
+ Available only at the site level. Enable **Only report CSP violations** — violations are logged to Jahia log files instead of being blocked. Optionally specify a **Report violations to this URL** endpoint.
500
+
501
+ This is useful for testing a new CSP before enforcing it.
502
+
503
+ ### Nonce generation
504
+
505
+ To use `nonce-` in your CSP (recommended for inline scripts):
506
+
507
+ 1. Include `nonce-` (as a placeholder) in the site-level CSP value.
508
+ 2. In your custom module's view, set the `nonce` attribute on `<script>` elements to the Jahia property value `contentSecurityPolicy.nonce.placeHolder`.
509
+
510
+ For each page rendering, Jahia generates a random nonce, updates the CSP header, and replaces the static placeholder in the HTML output.
511
+
512
+ ### CSP examples
513
+
514
+ **Basic CSP:**
515
+
516
+ ```
517
+ Content-Security-Policy: default-src 'self'; script-src 'self' https://apis.google.com; object-src 'none'; frame-ancestors 'none';
518
+ ```
519
+
520
+ **Strict CSP with nonce (multi-line for readability; enter on one line in Jahia):**
521
+
522
+ ```
523
+ Content-Security-Policy:
524
+ default-src 'self' https://*.doubleclick.net;
525
+ script-src 'nonce-' 'strict-dynamic' https: 'unsafe-inline';
526
+ object-src 'none';
527
+ base-uri 'none';
528
+ frame-ancestors 'none';
529
+ img-src 'self' data:;
530
+ font-src 'self' data:;
531
+ style-src 'self' 'unsafe-inline';
532
+ frame-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net;
533
+ connect-src 'self' https://*.google-analytics.com https://*.googletagmanager.com;
534
+ ```
535
+
536
+ The `'nonce-'` string is a placeholder — Jahia replaces it with a generated random value per request.
537
+
538
+ **References:**
539
+ - MDN CSP: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
540
+ - OWASP CSP Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
541
+ - CSP Reference: https://content-security-policy.com/
@@ -0,0 +1,140 @@
1
+ ---
2
+ name: jahia-dev-build-component
3
+ description: Builds a complete Jahia component (content type + view + CSS) from a description. Meta-skill that orchestrates jahia-dev-define-content-type and jahia-dev-create-view. Use when asked to build a new UI component or section.
4
+ ---
5
+
6
+ ## Overview
7
+
8
+ This meta-skill builds a complete **Single Directory Component (SDC)** — the standard Jahia component pattern — by sequencing two atomic skills:
9
+
10
+ 1. `jahia-dev-define-content-type` → create the CND definition and `types.ts`
11
+ 2. `jahia-dev-create-view` → implement the React view and CSS Module
12
+
13
+ Run these steps in order. Do not skip to the view before the content type is defined.
14
+
15
+ **Scale of thumbs**: a well-scoped module has 1–4 page templates, 5–10 content types, 2–5 mixins, 1–4 views per type. If a request exceeds this, split it into multiple work sessions.
16
+
17
+ ---
18
+
19
+ ## Step 0 — Optional: capture reference screenshot
20
+
21
+ If the user provides a reference URL (or mentions a site to model after), invoke `/jahia-dev-screenshot` **before writing any code** to capture the visual spec.
22
+
23
+ The screenshot gives the view implementation visual context: layout, colors, typography, and component anatomy. Reference it throughout Steps 2–3.
24
+
25
+ ---
26
+
27
+ ## Step 1 — Write and confirm the content spec
28
+
29
+ Before writing any code, fill out this template and confirm with the user:
30
+
31
+ ```
32
+ Name: <ComponentName>
33
+ Description: <What is this for? What does an editor fill in?>
34
+ Fields:
35
+ - fieldName: type / i18n? / mandatory?
36
+ (repeat for each field)
37
+ Views:
38
+ - default: <describe layout>
39
+ - small (optional): <compact variant>
40
+ Used where: <Area on page / nested in <Parent> / listing item>
41
+ Has children: <yes: ChildType / no>
42
+ ```
43
+
44
+ Only proceed once the spec is confirmed.
45
+
46
+ ---
47
+
48
+ ## Step 2 — Invoke `jahia-dev-define-content-type`
49
+
50
+ Use the instructions from the `jahia-dev-define-content-type` skill to:
51
+
52
+ 1. Identify the namespace (check `settings/definitions.cnd`)
53
+ 2. Create `src/components/<Category>/<Name>/definition.cnd`
54
+ 3. Create `src/components/<Category>/<Name>/types.ts`
55
+ 4. Run `yarn build && yarn jahia-deploy` to push the type to Jahia
56
+ 5. Verify the content type appears in the Jahia content editor
57
+
58
+ ---
59
+
60
+ ## Step 3 — Invoke `jahia-dev-create-view`
61
+
62
+ Use the instructions from the `jahia-dev-create-view` skill to:
63
+
64
+ 1. Create `src/components/<Category>/<Name>/default.server.tsx`
65
+ 2. Create `src/components/<Category>/<Name>/component.module.css`
66
+ 3. Import `Props` from `./types.js`
67
+ 4. Use `buildNodeUrl`, `RenderChildren`, `RenderChild` as needed
68
+ 5. Run `yarn build && yarn jahia-deploy` to push all changes
69
+
70
+ ---
71
+
72
+ ## Step 4 — Validate and compare
73
+
74
+ 1. In Jahia Page Builder, click **New content** and select the new type
75
+ 2. Fill in the content form and click **Save**
76
+ 3. Verify the component renders correctly on the page
77
+ 4. Check for the error `No rendering set for node: <type>` — if seen, re-run `yarn build && yarn jahia-deploy`
78
+ 5. **If a reference screenshot was taken in Step 0**, invoke `/jahia-dev-screenshot` again to capture the Jahia render and compare against the reference.
79
+
80
+ ---
81
+
82
+ ## Step 5 — Accessibility check
83
+
84
+ After the component is live, invoke `/jahia-dev-accessibility` to audit it:
85
+
86
+ 1. Run the axe-core audit against the page(s) containing the new component
87
+ 2. Fix any `critical` or `serious` violations before considering the component done
88
+ 3. Report remaining violations to the user
89
+
90
+ A component is not complete until it has no critical or serious accessibility violations.
91
+
92
+ ---
93
+
94
+ ## SDC structure summary
95
+
96
+ After following this skill, the component should look like:
97
+
98
+ ```
99
+ src/components/<Category>/<Name>/
100
+ ├── definition.cnd # Content type definition
101
+ ├── types.ts # TypeScript Props interface
102
+ ├── default.server.tsx # Default React view
103
+ └── component.module.css # CSS Module styles
104
+ ```
105
+
106
+ Optional additions:
107
+ - `small.server.tsx` — named view (compact/alternate rendering)
108
+ - `<name>.client.tsx` — client-side interactive component
109
+
110
+ ---
111
+
112
+ ## Nested components
113
+
114
+ If the component has child nodes (e.g. a hero with CTA buttons), repeat Steps 2–4 for each child type, then:
115
+
116
+ 1. Add `+ * (namespace:childType)` to the parent's `definition.cnd`
117
+ 2. Add `<RenderChildren />` to the parent's view where children should appear
118
+
119
+ ---
120
+
121
+ ## Troubleshooting
122
+ > https://academy.jahia.com/tutorials-get-started/front-end-developer/making-a-hero-section
123
+
124
+ ## References
125
+
126
+ - Preparing for i18n: https://academy.jahia.com/documentation/jahia-cms/jahia-8-2/developer/javascript-module-development/preparing-for-internationalization-i18n
127
+
128
+ ---
129
+
130
+ ## Validation checklist
131
+ - [ ] Spec confirmed before writing any code
132
+ - [ ] Component count within scale of thumbs (1–4 templates, 5–10 types, 2–5 mixins, 1–4 views/type)
133
+ - [ ] `definition.cnd` created with correct namespace and mixins
134
+ - [ ] `types.ts` reflects all CND properties
135
+ - [ ] `default.server.tsx` renders without errors
136
+ - [ ] Views handle null/missing fields gracefully (mandatory does not guarantee a value at runtime)
137
+ - [ ] `component.module.css` applied and visible
138
+ - [ ] Component appears in Page Builder content picker
139
+ - [ ] Content can be created and renders on the page
140
+ - [ ] No critical or serious accessibility violations (`/jahia-dev-accessibility`)