@jahia/agentic 0.3.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (398) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/dist/claude/.claude/rules/jahia.md +13 -40
  3. package/dist/claude/.claude/skills/jahia-cnd-author/SKILL.md +94 -0
  4. package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  5. package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  6. package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
  7. package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  8. package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  9. package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
  10. package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
  11. package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  12. package/dist/claude/.claude/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  13. package/dist/claude/.claude/skills/jahia-dev-accessibility/SKILL.md +5 -265
  14. package/dist/claude/.claude/skills/jahia-dev-build-component/SKILL.md +15 -7
  15. package/dist/claude/.claude/skills/jahia-dev-create-page-template/SKILL.md +59 -21
  16. package/dist/claude/.claude/skills/jahia-dev-create-template-set/SKILL.md +20 -47
  17. package/dist/claude/.claude/skills/jahia-dev-create-view/SKILL.md +3 -3
  18. package/dist/claude/.claude/skills/jahia-dev-review-cnd/SKILL.md +79 -0
  19. package/dist/claude/.claude/skills/jahia-dev-review-cnd/scripts/check-cnd.d.mts +13 -0
  20. package/dist/claude/.claude/skills/jahia-dev-review-cnd/scripts/check-cnd.mjs +198 -0
  21. package/dist/claude/.claude/skills/jahia-dev-site-review/SKILL.md +70 -0
  22. package/dist/claude/.claude/skills/jahia-dev-site-review/scripts/review-pages.mjs +85 -0
  23. package/dist/claude/.claude/skills/jahia-dev-start-local/SKILL.md +18 -26
  24. package/dist/claude/CLAUDE.md +14 -41
  25. package/dist/codex/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
  26. package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  27. package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  28. package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
  29. package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  30. package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  31. package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
  32. package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
  33. package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  34. package/dist/codex/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  35. package/dist/codex/.agents/skills/jahia-dev-accessibility/SKILL.md +5 -265
  36. package/dist/codex/.agents/skills/jahia-dev-build-component/SKILL.md +15 -7
  37. package/dist/codex/.agents/skills/jahia-dev-create-page-template/SKILL.md +59 -21
  38. package/dist/codex/.agents/skills/jahia-dev-create-template-set/SKILL.md +20 -47
  39. package/dist/codex/.agents/skills/jahia-dev-create-view/SKILL.md +3 -3
  40. package/dist/codex/.agents/skills/jahia-dev-review-cnd/SKILL.md +79 -0
  41. package/dist/codex/.agents/skills/jahia-dev-review-cnd/scripts/check-cnd.d.mts +13 -0
  42. package/dist/codex/.agents/skills/jahia-dev-review-cnd/scripts/check-cnd.mjs +198 -0
  43. package/dist/codex/.agents/skills/jahia-dev-site-review/SKILL.md +70 -0
  44. package/dist/codex/.agents/skills/jahia-dev-site-review/scripts/review-pages.mjs +85 -0
  45. package/dist/codex/.agents/skills/jahia-dev-start-local/SKILL.md +18 -26
  46. package/dist/codex/AGENTS.md +15 -42
  47. package/dist/copilot/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
  48. package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  49. package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  50. package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
  51. package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  52. package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  53. package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
  54. package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
  55. package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  56. package/dist/copilot/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  57. package/dist/copilot/.agents/skills/jahia-dev-accessibility/SKILL.md +5 -265
  58. package/dist/copilot/.agents/skills/jahia-dev-build-component/SKILL.md +15 -7
  59. package/dist/copilot/.agents/skills/jahia-dev-create-page-template/SKILL.md +59 -21
  60. package/dist/copilot/.agents/skills/jahia-dev-create-template-set/SKILL.md +20 -47
  61. package/dist/copilot/.agents/skills/jahia-dev-create-view/SKILL.md +3 -3
  62. package/dist/copilot/.agents/skills/jahia-dev-review-cnd/SKILL.md +79 -0
  63. package/dist/copilot/.agents/skills/jahia-dev-review-cnd/scripts/check-cnd.d.mts +13 -0
  64. package/dist/copilot/.agents/skills/jahia-dev-review-cnd/scripts/check-cnd.mjs +198 -0
  65. package/dist/copilot/.agents/skills/jahia-dev-site-review/SKILL.md +70 -0
  66. package/dist/copilot/.agents/skills/jahia-dev-site-review/scripts/review-pages.mjs +85 -0
  67. package/dist/copilot/.agents/skills/jahia-dev-start-local/SKILL.md +18 -26
  68. package/dist/copilot/AGENTS.md +15 -42
  69. package/dist/cursor/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
  70. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  71. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  72. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
  73. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  74. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  75. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
  76. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
  77. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  78. package/dist/cursor/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  79. package/dist/cursor/.agents/skills/jahia-dev-accessibility/SKILL.md +5 -265
  80. package/dist/cursor/.agents/skills/jahia-dev-build-component/SKILL.md +15 -7
  81. package/dist/cursor/.agents/skills/jahia-dev-create-page-template/SKILL.md +59 -21
  82. package/dist/cursor/.agents/skills/jahia-dev-create-template-set/SKILL.md +20 -47
  83. package/dist/cursor/.agents/skills/jahia-dev-create-view/SKILL.md +3 -3
  84. package/dist/cursor/.agents/skills/jahia-dev-review-cnd/SKILL.md +79 -0
  85. package/dist/cursor/.agents/skills/jahia-dev-review-cnd/scripts/check-cnd.d.mts +13 -0
  86. package/dist/cursor/.agents/skills/jahia-dev-review-cnd/scripts/check-cnd.mjs +198 -0
  87. package/dist/cursor/.agents/skills/jahia-dev-site-review/SKILL.md +70 -0
  88. package/dist/cursor/.agents/skills/jahia-dev-site-review/scripts/review-pages.mjs +85 -0
  89. package/dist/cursor/.agents/skills/jahia-dev-start-local/SKILL.md +18 -26
  90. package/dist/cursor/.cursor/rules/jahia.mdc +13 -40
  91. package/dist/gemini/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
  92. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  93. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  94. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
  95. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  96. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  97. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
  98. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
  99. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  100. package/dist/gemini/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  101. package/dist/gemini/.agents/skills/jahia-dev-accessibility/SKILL.md +5 -265
  102. package/dist/gemini/.agents/skills/jahia-dev-build-component/SKILL.md +15 -7
  103. package/dist/gemini/.agents/skills/jahia-dev-create-page-template/SKILL.md +59 -21
  104. package/dist/gemini/.agents/skills/jahia-dev-create-template-set/SKILL.md +20 -47
  105. package/dist/gemini/.agents/skills/jahia-dev-create-view/SKILL.md +3 -3
  106. package/dist/gemini/.agents/skills/jahia-dev-review-cnd/SKILL.md +79 -0
  107. package/dist/gemini/.agents/skills/jahia-dev-review-cnd/scripts/check-cnd.d.mts +13 -0
  108. package/dist/gemini/.agents/skills/jahia-dev-review-cnd/scripts/check-cnd.mjs +198 -0
  109. package/dist/gemini/.agents/skills/jahia-dev-site-review/SKILL.md +70 -0
  110. package/dist/gemini/.agents/skills/jahia-dev-site-review/scripts/review-pages.mjs +85 -0
  111. package/dist/gemini/.agents/skills/jahia-dev-start-local/SKILL.md +18 -26
  112. package/dist/gemini/AGENTS.md +15 -42
  113. package/dist/gemini/GEMINI.md +2 -2
  114. package/dist/index.js +13 -0
  115. package/dist/opencode/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
  116. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  117. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  118. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
  119. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  120. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  121. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
  122. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
  123. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  124. package/dist/opencode/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  125. package/dist/opencode/.agents/skills/jahia-dev-accessibility/SKILL.md +5 -265
  126. package/dist/opencode/.agents/skills/jahia-dev-build-component/SKILL.md +15 -7
  127. package/dist/opencode/.agents/skills/jahia-dev-create-page-template/SKILL.md +59 -21
  128. package/dist/opencode/.agents/skills/jahia-dev-create-template-set/SKILL.md +20 -47
  129. package/dist/opencode/.agents/skills/jahia-dev-create-view/SKILL.md +3 -3
  130. package/dist/opencode/.agents/skills/jahia-dev-review-cnd/SKILL.md +79 -0
  131. package/dist/opencode/.agents/skills/jahia-dev-review-cnd/scripts/check-cnd.d.mts +13 -0
  132. package/dist/opencode/.agents/skills/jahia-dev-review-cnd/scripts/check-cnd.mjs +198 -0
  133. package/dist/opencode/.agents/skills/jahia-dev-site-review/SKILL.md +70 -0
  134. package/dist/opencode/.agents/skills/jahia-dev-site-review/scripts/review-pages.mjs +85 -0
  135. package/dist/opencode/.agents/skills/jahia-dev-start-local/SKILL.md +18 -26
  136. package/dist/opencode/AGENTS.md +15 -42
  137. package/dist/windsurf/.windsurf/rules/jahia.md +13 -40
  138. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/SKILL.md +94 -0
  139. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  140. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  141. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
  142. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  143. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  144. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
  145. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
  146. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  147. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  148. package/dist/windsurf/.windsurf/skills/jahia-dev-accessibility/SKILL.md +5 -265
  149. package/dist/windsurf/.windsurf/skills/jahia-dev-build-component/SKILL.md +15 -7
  150. package/dist/windsurf/.windsurf/skills/jahia-dev-create-page-template/SKILL.md +59 -21
  151. package/dist/windsurf/.windsurf/skills/jahia-dev-create-template-set/SKILL.md +20 -47
  152. package/dist/windsurf/.windsurf/skills/jahia-dev-create-view/SKILL.md +3 -3
  153. package/dist/windsurf/.windsurf/skills/jahia-dev-review-cnd/SKILL.md +79 -0
  154. package/dist/windsurf/.windsurf/skills/jahia-dev-review-cnd/scripts/check-cnd.d.mts +13 -0
  155. package/dist/windsurf/.windsurf/skills/jahia-dev-review-cnd/scripts/check-cnd.mjs +198 -0
  156. package/dist/windsurf/.windsurf/skills/jahia-dev-site-review/SKILL.md +70 -0
  157. package/dist/windsurf/.windsurf/skills/jahia-dev-site-review/scripts/review-pages.mjs +85 -0
  158. package/dist/windsurf/.windsurf/skills/jahia-dev-start-local/SKILL.md +18 -26
  159. package/dist/windsurf/AGENTS.md +15 -42
  160. package/package.json +1 -1
  161. package/dist/claude/.claude/skills/jahia/SKILL.md +0 -144
  162. package/dist/claude/.claude/skills/jahia-content/SKILL.md +0 -157
  163. package/dist/claude/.claude/skills/jahia-content-create-content/SKILL.md +0 -359
  164. package/dist/claude/.claude/skills/jahia-content-explore-structure/SKILL.md +0 -255
  165. package/dist/claude/.claude/skills/jahia-content-media-upload/SKILL.md +0 -197
  166. package/dist/claude/.claude/skills/jahia-content-move-content/SKILL.md +0 -231
  167. package/dist/claude/.claude/skills/jahia-content-organize/SKILL.md +0 -209
  168. package/dist/claude/.claude/skills/jahia-content-publish/SKILL.md +0 -181
  169. package/dist/claude/.claude/skills/jahia-content-query-content/SKILL.md +0 -174
  170. package/dist/claude/.claude/skills/jahia-content-translate-content/SKILL.md +0 -226
  171. package/dist/claude/.claude/skills/jahia-dev/SKILL.md +0 -124
  172. package/dist/claude/.claude/skills/jahia-dev-apis/SKILL.md +0 -52
  173. package/dist/claude/.claude/skills/jahia-dev-apis/references/authentication.md +0 -484
  174. package/dist/claude/.claude/skills/jahia-dev-apis/references/graphql.md +0 -657
  175. package/dist/claude/.claude/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  176. package/dist/claude/.claude/skills/jahia-dev-apis/references/security.md +0 -541
  177. package/dist/claude/.claude/skills/jahia-dev-cypress/SKILL.md +0 -265
  178. package/dist/claude/.claude/skills/jahia-dev-define-content-type/SKILL.md +0 -536
  179. package/dist/claude/.claude/skills/jahia-dev-java/SKILL.md +0 -110
  180. package/dist/claude/.claude/skills/jahia-dev-java/references/backend.md +0 -331
  181. package/dist/claude/.claude/skills/jahia-dev-java/references/content-types.md +0 -273
  182. package/dist/claude/.claude/skills/jahia-dev-java/references/modules.md +0 -218
  183. package/dist/claude/.claude/skills/jahia-dev-java/references/osgi.md +0 -208
  184. package/dist/claude/.claude/skills/jahia-dev-java/references/rendering.md +0 -191
  185. package/dist/claude/.claude/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  186. package/dist/claude/.claude/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  187. package/dist/claude/.claude/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  188. package/dist/claude/.claude/skills/jahia-java-concurrency/SKILL.md +0 -308
  189. package/dist/claude/.claude/skills/jahia-java-jcr/SKILL.md +0 -153
  190. package/dist/claude/.claude/skills/jahia-java-osgi/SKILL.md +0 -134
  191. package/dist/claude/.claude/skills/jahia-java-persistence/SKILL.md +0 -177
  192. package/dist/claude/.claude/skills/jahia-java-security/SKILL.md +0 -84
  193. package/dist/claude/.claude/skills/jahia-review-java/SKILL.md +0 -131
  194. package/dist/claude/.claude/skills/jahia-review-java/references/code-review-output.md +0 -121
  195. package/dist/codex/.agents/skills/jahia/SKILL.md +0 -144
  196. package/dist/codex/.agents/skills/jahia-content/SKILL.md +0 -157
  197. package/dist/codex/.agents/skills/jahia-content-create-content/SKILL.md +0 -359
  198. package/dist/codex/.agents/skills/jahia-content-explore-structure/SKILL.md +0 -255
  199. package/dist/codex/.agents/skills/jahia-content-media-upload/SKILL.md +0 -197
  200. package/dist/codex/.agents/skills/jahia-content-move-content/SKILL.md +0 -231
  201. package/dist/codex/.agents/skills/jahia-content-organize/SKILL.md +0 -209
  202. package/dist/codex/.agents/skills/jahia-content-publish/SKILL.md +0 -181
  203. package/dist/codex/.agents/skills/jahia-content-query-content/SKILL.md +0 -174
  204. package/dist/codex/.agents/skills/jahia-content-translate-content/SKILL.md +0 -226
  205. package/dist/codex/.agents/skills/jahia-dev/SKILL.md +0 -124
  206. package/dist/codex/.agents/skills/jahia-dev-apis/SKILL.md +0 -52
  207. package/dist/codex/.agents/skills/jahia-dev-apis/references/authentication.md +0 -484
  208. package/dist/codex/.agents/skills/jahia-dev-apis/references/graphql.md +0 -657
  209. package/dist/codex/.agents/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  210. package/dist/codex/.agents/skills/jahia-dev-apis/references/security.md +0 -541
  211. package/dist/codex/.agents/skills/jahia-dev-cypress/SKILL.md +0 -265
  212. package/dist/codex/.agents/skills/jahia-dev-define-content-type/SKILL.md +0 -536
  213. package/dist/codex/.agents/skills/jahia-dev-java/SKILL.md +0 -110
  214. package/dist/codex/.agents/skills/jahia-dev-java/references/backend.md +0 -331
  215. package/dist/codex/.agents/skills/jahia-dev-java/references/content-types.md +0 -273
  216. package/dist/codex/.agents/skills/jahia-dev-java/references/modules.md +0 -218
  217. package/dist/codex/.agents/skills/jahia-dev-java/references/osgi.md +0 -208
  218. package/dist/codex/.agents/skills/jahia-dev-java/references/rendering.md +0 -191
  219. package/dist/codex/.agents/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  220. package/dist/codex/.agents/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  221. package/dist/codex/.agents/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  222. package/dist/codex/.agents/skills/jahia-java-concurrency/SKILL.md +0 -308
  223. package/dist/codex/.agents/skills/jahia-java-jcr/SKILL.md +0 -153
  224. package/dist/codex/.agents/skills/jahia-java-osgi/SKILL.md +0 -134
  225. package/dist/codex/.agents/skills/jahia-java-persistence/SKILL.md +0 -177
  226. package/dist/codex/.agents/skills/jahia-java-security/SKILL.md +0 -84
  227. package/dist/codex/.agents/skills/jahia-review-java/SKILL.md +0 -131
  228. package/dist/codex/.agents/skills/jahia-review-java/references/code-review-output.md +0 -121
  229. package/dist/copilot/.agents/skills/jahia/SKILL.md +0 -144
  230. package/dist/copilot/.agents/skills/jahia-content/SKILL.md +0 -157
  231. package/dist/copilot/.agents/skills/jahia-content-create-content/SKILL.md +0 -359
  232. package/dist/copilot/.agents/skills/jahia-content-explore-structure/SKILL.md +0 -255
  233. package/dist/copilot/.agents/skills/jahia-content-media-upload/SKILL.md +0 -197
  234. package/dist/copilot/.agents/skills/jahia-content-move-content/SKILL.md +0 -231
  235. package/dist/copilot/.agents/skills/jahia-content-organize/SKILL.md +0 -209
  236. package/dist/copilot/.agents/skills/jahia-content-publish/SKILL.md +0 -181
  237. package/dist/copilot/.agents/skills/jahia-content-query-content/SKILL.md +0 -174
  238. package/dist/copilot/.agents/skills/jahia-content-translate-content/SKILL.md +0 -226
  239. package/dist/copilot/.agents/skills/jahia-dev/SKILL.md +0 -124
  240. package/dist/copilot/.agents/skills/jahia-dev-apis/SKILL.md +0 -52
  241. package/dist/copilot/.agents/skills/jahia-dev-apis/references/authentication.md +0 -484
  242. package/dist/copilot/.agents/skills/jahia-dev-apis/references/graphql.md +0 -657
  243. package/dist/copilot/.agents/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  244. package/dist/copilot/.agents/skills/jahia-dev-apis/references/security.md +0 -541
  245. package/dist/copilot/.agents/skills/jahia-dev-cypress/SKILL.md +0 -265
  246. package/dist/copilot/.agents/skills/jahia-dev-define-content-type/SKILL.md +0 -536
  247. package/dist/copilot/.agents/skills/jahia-dev-java/SKILL.md +0 -110
  248. package/dist/copilot/.agents/skills/jahia-dev-java/references/backend.md +0 -331
  249. package/dist/copilot/.agents/skills/jahia-dev-java/references/content-types.md +0 -273
  250. package/dist/copilot/.agents/skills/jahia-dev-java/references/modules.md +0 -218
  251. package/dist/copilot/.agents/skills/jahia-dev-java/references/osgi.md +0 -208
  252. package/dist/copilot/.agents/skills/jahia-dev-java/references/rendering.md +0 -191
  253. package/dist/copilot/.agents/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  254. package/dist/copilot/.agents/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  255. package/dist/copilot/.agents/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  256. package/dist/copilot/.agents/skills/jahia-java-concurrency/SKILL.md +0 -308
  257. package/dist/copilot/.agents/skills/jahia-java-jcr/SKILL.md +0 -153
  258. package/dist/copilot/.agents/skills/jahia-java-osgi/SKILL.md +0 -134
  259. package/dist/copilot/.agents/skills/jahia-java-persistence/SKILL.md +0 -177
  260. package/dist/copilot/.agents/skills/jahia-java-security/SKILL.md +0 -84
  261. package/dist/copilot/.agents/skills/jahia-review-java/SKILL.md +0 -131
  262. package/dist/copilot/.agents/skills/jahia-review-java/references/code-review-output.md +0 -121
  263. package/dist/cursor/.agents/skills/jahia/SKILL.md +0 -144
  264. package/dist/cursor/.agents/skills/jahia-content/SKILL.md +0 -157
  265. package/dist/cursor/.agents/skills/jahia-content-create-content/SKILL.md +0 -359
  266. package/dist/cursor/.agents/skills/jahia-content-explore-structure/SKILL.md +0 -255
  267. package/dist/cursor/.agents/skills/jahia-content-media-upload/SKILL.md +0 -197
  268. package/dist/cursor/.agents/skills/jahia-content-move-content/SKILL.md +0 -231
  269. package/dist/cursor/.agents/skills/jahia-content-organize/SKILL.md +0 -209
  270. package/dist/cursor/.agents/skills/jahia-content-publish/SKILL.md +0 -181
  271. package/dist/cursor/.agents/skills/jahia-content-query-content/SKILL.md +0 -174
  272. package/dist/cursor/.agents/skills/jahia-content-translate-content/SKILL.md +0 -226
  273. package/dist/cursor/.agents/skills/jahia-dev/SKILL.md +0 -124
  274. package/dist/cursor/.agents/skills/jahia-dev-apis/SKILL.md +0 -52
  275. package/dist/cursor/.agents/skills/jahia-dev-apis/references/authentication.md +0 -484
  276. package/dist/cursor/.agents/skills/jahia-dev-apis/references/graphql.md +0 -657
  277. package/dist/cursor/.agents/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  278. package/dist/cursor/.agents/skills/jahia-dev-apis/references/security.md +0 -541
  279. package/dist/cursor/.agents/skills/jahia-dev-cypress/SKILL.md +0 -265
  280. package/dist/cursor/.agents/skills/jahia-dev-define-content-type/SKILL.md +0 -536
  281. package/dist/cursor/.agents/skills/jahia-dev-java/SKILL.md +0 -110
  282. package/dist/cursor/.agents/skills/jahia-dev-java/references/backend.md +0 -331
  283. package/dist/cursor/.agents/skills/jahia-dev-java/references/content-types.md +0 -273
  284. package/dist/cursor/.agents/skills/jahia-dev-java/references/modules.md +0 -218
  285. package/dist/cursor/.agents/skills/jahia-dev-java/references/osgi.md +0 -208
  286. package/dist/cursor/.agents/skills/jahia-dev-java/references/rendering.md +0 -191
  287. package/dist/cursor/.agents/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  288. package/dist/cursor/.agents/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  289. package/dist/cursor/.agents/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  290. package/dist/cursor/.agents/skills/jahia-java-concurrency/SKILL.md +0 -308
  291. package/dist/cursor/.agents/skills/jahia-java-jcr/SKILL.md +0 -153
  292. package/dist/cursor/.agents/skills/jahia-java-osgi/SKILL.md +0 -134
  293. package/dist/cursor/.agents/skills/jahia-java-persistence/SKILL.md +0 -177
  294. package/dist/cursor/.agents/skills/jahia-java-security/SKILL.md +0 -84
  295. package/dist/cursor/.agents/skills/jahia-review-java/SKILL.md +0 -131
  296. package/dist/cursor/.agents/skills/jahia-review-java/references/code-review-output.md +0 -121
  297. package/dist/gemini/.agents/skills/jahia/SKILL.md +0 -144
  298. package/dist/gemini/.agents/skills/jahia-content/SKILL.md +0 -157
  299. package/dist/gemini/.agents/skills/jahia-content-create-content/SKILL.md +0 -359
  300. package/dist/gemini/.agents/skills/jahia-content-explore-structure/SKILL.md +0 -255
  301. package/dist/gemini/.agents/skills/jahia-content-media-upload/SKILL.md +0 -197
  302. package/dist/gemini/.agents/skills/jahia-content-move-content/SKILL.md +0 -231
  303. package/dist/gemini/.agents/skills/jahia-content-organize/SKILL.md +0 -209
  304. package/dist/gemini/.agents/skills/jahia-content-publish/SKILL.md +0 -181
  305. package/dist/gemini/.agents/skills/jahia-content-query-content/SKILL.md +0 -174
  306. package/dist/gemini/.agents/skills/jahia-content-translate-content/SKILL.md +0 -226
  307. package/dist/gemini/.agents/skills/jahia-dev/SKILL.md +0 -124
  308. package/dist/gemini/.agents/skills/jahia-dev-apis/SKILL.md +0 -52
  309. package/dist/gemini/.agents/skills/jahia-dev-apis/references/authentication.md +0 -484
  310. package/dist/gemini/.agents/skills/jahia-dev-apis/references/graphql.md +0 -657
  311. package/dist/gemini/.agents/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  312. package/dist/gemini/.agents/skills/jahia-dev-apis/references/security.md +0 -541
  313. package/dist/gemini/.agents/skills/jahia-dev-cypress/SKILL.md +0 -265
  314. package/dist/gemini/.agents/skills/jahia-dev-define-content-type/SKILL.md +0 -536
  315. package/dist/gemini/.agents/skills/jahia-dev-java/SKILL.md +0 -110
  316. package/dist/gemini/.agents/skills/jahia-dev-java/references/backend.md +0 -331
  317. package/dist/gemini/.agents/skills/jahia-dev-java/references/content-types.md +0 -273
  318. package/dist/gemini/.agents/skills/jahia-dev-java/references/modules.md +0 -218
  319. package/dist/gemini/.agents/skills/jahia-dev-java/references/osgi.md +0 -208
  320. package/dist/gemini/.agents/skills/jahia-dev-java/references/rendering.md +0 -191
  321. package/dist/gemini/.agents/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  322. package/dist/gemini/.agents/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  323. package/dist/gemini/.agents/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  324. package/dist/gemini/.agents/skills/jahia-java-concurrency/SKILL.md +0 -308
  325. package/dist/gemini/.agents/skills/jahia-java-jcr/SKILL.md +0 -153
  326. package/dist/gemini/.agents/skills/jahia-java-osgi/SKILL.md +0 -134
  327. package/dist/gemini/.agents/skills/jahia-java-persistence/SKILL.md +0 -177
  328. package/dist/gemini/.agents/skills/jahia-java-security/SKILL.md +0 -84
  329. package/dist/gemini/.agents/skills/jahia-review-java/SKILL.md +0 -131
  330. package/dist/gemini/.agents/skills/jahia-review-java/references/code-review-output.md +0 -121
  331. package/dist/opencode/.agents/skills/jahia/SKILL.md +0 -144
  332. package/dist/opencode/.agents/skills/jahia-content/SKILL.md +0 -157
  333. package/dist/opencode/.agents/skills/jahia-content-create-content/SKILL.md +0 -359
  334. package/dist/opencode/.agents/skills/jahia-content-explore-structure/SKILL.md +0 -255
  335. package/dist/opencode/.agents/skills/jahia-content-media-upload/SKILL.md +0 -197
  336. package/dist/opencode/.agents/skills/jahia-content-move-content/SKILL.md +0 -231
  337. package/dist/opencode/.agents/skills/jahia-content-organize/SKILL.md +0 -209
  338. package/dist/opencode/.agents/skills/jahia-content-publish/SKILL.md +0 -181
  339. package/dist/opencode/.agents/skills/jahia-content-query-content/SKILL.md +0 -174
  340. package/dist/opencode/.agents/skills/jahia-content-translate-content/SKILL.md +0 -226
  341. package/dist/opencode/.agents/skills/jahia-dev/SKILL.md +0 -124
  342. package/dist/opencode/.agents/skills/jahia-dev-apis/SKILL.md +0 -52
  343. package/dist/opencode/.agents/skills/jahia-dev-apis/references/authentication.md +0 -484
  344. package/dist/opencode/.agents/skills/jahia-dev-apis/references/graphql.md +0 -657
  345. package/dist/opencode/.agents/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  346. package/dist/opencode/.agents/skills/jahia-dev-apis/references/security.md +0 -541
  347. package/dist/opencode/.agents/skills/jahia-dev-cypress/SKILL.md +0 -265
  348. package/dist/opencode/.agents/skills/jahia-dev-define-content-type/SKILL.md +0 -536
  349. package/dist/opencode/.agents/skills/jahia-dev-java/SKILL.md +0 -110
  350. package/dist/opencode/.agents/skills/jahia-dev-java/references/backend.md +0 -331
  351. package/dist/opencode/.agents/skills/jahia-dev-java/references/content-types.md +0 -273
  352. package/dist/opencode/.agents/skills/jahia-dev-java/references/modules.md +0 -218
  353. package/dist/opencode/.agents/skills/jahia-dev-java/references/osgi.md +0 -208
  354. package/dist/opencode/.agents/skills/jahia-dev-java/references/rendering.md +0 -191
  355. package/dist/opencode/.agents/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  356. package/dist/opencode/.agents/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  357. package/dist/opencode/.agents/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  358. package/dist/opencode/.agents/skills/jahia-java-concurrency/SKILL.md +0 -308
  359. package/dist/opencode/.agents/skills/jahia-java-jcr/SKILL.md +0 -153
  360. package/dist/opencode/.agents/skills/jahia-java-osgi/SKILL.md +0 -134
  361. package/dist/opencode/.agents/skills/jahia-java-persistence/SKILL.md +0 -177
  362. package/dist/opencode/.agents/skills/jahia-java-security/SKILL.md +0 -84
  363. package/dist/opencode/.agents/skills/jahia-review-java/SKILL.md +0 -131
  364. package/dist/opencode/.agents/skills/jahia-review-java/references/code-review-output.md +0 -121
  365. package/dist/windsurf/.windsurf/skills/jahia/SKILL.md +0 -144
  366. package/dist/windsurf/.windsurf/skills/jahia-content/SKILL.md +0 -157
  367. package/dist/windsurf/.windsurf/skills/jahia-content-create-content/SKILL.md +0 -359
  368. package/dist/windsurf/.windsurf/skills/jahia-content-explore-structure/SKILL.md +0 -255
  369. package/dist/windsurf/.windsurf/skills/jahia-content-media-upload/SKILL.md +0 -197
  370. package/dist/windsurf/.windsurf/skills/jahia-content-move-content/SKILL.md +0 -231
  371. package/dist/windsurf/.windsurf/skills/jahia-content-organize/SKILL.md +0 -209
  372. package/dist/windsurf/.windsurf/skills/jahia-content-publish/SKILL.md +0 -181
  373. package/dist/windsurf/.windsurf/skills/jahia-content-query-content/SKILL.md +0 -174
  374. package/dist/windsurf/.windsurf/skills/jahia-content-translate-content/SKILL.md +0 -226
  375. package/dist/windsurf/.windsurf/skills/jahia-dev/SKILL.md +0 -124
  376. package/dist/windsurf/.windsurf/skills/jahia-dev-apis/SKILL.md +0 -52
  377. package/dist/windsurf/.windsurf/skills/jahia-dev-apis/references/authentication.md +0 -484
  378. package/dist/windsurf/.windsurf/skills/jahia-dev-apis/references/graphql.md +0 -657
  379. package/dist/windsurf/.windsurf/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  380. package/dist/windsurf/.windsurf/skills/jahia-dev-apis/references/security.md +0 -541
  381. package/dist/windsurf/.windsurf/skills/jahia-dev-cypress/SKILL.md +0 -265
  382. package/dist/windsurf/.windsurf/skills/jahia-dev-define-content-type/SKILL.md +0 -536
  383. package/dist/windsurf/.windsurf/skills/jahia-dev-java/SKILL.md +0 -110
  384. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/backend.md +0 -331
  385. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/content-types.md +0 -273
  386. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/modules.md +0 -218
  387. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/osgi.md +0 -208
  388. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/rendering.md +0 -191
  389. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  390. package/dist/windsurf/.windsurf/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  391. package/dist/windsurf/.windsurf/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  392. package/dist/windsurf/.windsurf/skills/jahia-java-concurrency/SKILL.md +0 -308
  393. package/dist/windsurf/.windsurf/skills/jahia-java-jcr/SKILL.md +0 -153
  394. package/dist/windsurf/.windsurf/skills/jahia-java-osgi/SKILL.md +0 -134
  395. package/dist/windsurf/.windsurf/skills/jahia-java-persistence/SKILL.md +0 -177
  396. package/dist/windsurf/.windsurf/skills/jahia-java-security/SKILL.md +0 -84
  397. package/dist/windsurf/.windsurf/skills/jahia-review-java/SKILL.md +0 -131
  398. package/dist/windsurf/.windsurf/skills/jahia-review-java/references/code-review-output.md +0 -121
@@ -1,541 +0,0 @@
1
- # Security Reference
2
-
3
- Covers the security filter/service (scope-based API authorization), HTML filtering (XSS protection), and Content Security Policy (CSP).
4
-
5
- ## Table of Contents
6
-
7
- - [Security Service and Filter](#security-service-and-filter)
8
- - [Overview](#overview)
9
- - [Authorization configuration](#authorization-configuration)
10
- - [Scope grants](#scope-grants)
11
- - [Auto-apply rules](#auto-apply-rules)
12
- - [User constraints](#user-constraints)
13
- - [Configuration profiles](#configuration-profiles)
14
- - [Extending an existing scope](#extending-an-existing-scope)
15
- - [Packaging configuration in a module](#packaging-configuration-in-a-module)
16
- - [Checking API authorization from Java](#checking-api-authorization-from-java)
17
- - [CORS filter](#cors-filter)
18
- - [JWT tokens (deprecated)](#jwt-tokens-deprecated)
19
- - [Legacy mode and migration](#legacy-mode-and-migration)
20
- - [HTML Filtering (XSS Protection)](#html-filtering-xss-protection)
21
- - [Overview](#overview-1)
22
- - [Configuration file priority](#configuration-file-priority)
23
- - [Configuration structure](#configuration-structure)
24
- - [Strategies: SANITIZE vs REJECT](#strategies-sanitize-vs-reject)
25
- - [Process and skip settings](#process-and-skip-settings)
26
- - [Skip on permissions](#skip-on-permissions)
27
- - [Rule sets — allowed elements and attributes](#rule-sets--allowed-elements-and-attributes)
28
- - [GraphQL API for validation](#graphql-api-for-validation)
29
- - [Which properties are filtered](#which-properties-are-filtered)
30
- - [Best practices](#best-practices)
31
- - [Migrating from v1 to v2](#migrating-from-v1-to-v2)
32
- - [Content Security Policy (CSP)](#content-security-policy-csp)
33
- - [Installation and enabling](#installation-and-enabling)
34
- - [Site-level CSP](#site-level-csp)
35
- - [Page-level CSP override](#page-level-csp-override)
36
- - [Report-only mode](#report-only-mode)
37
- - [Nonce generation](#nonce-generation)
38
- - [CSP examples](#csp-examples)
39
-
40
- ---
41
-
42
- ## Security Service and Filter
43
-
44
- ### Overview
45
-
46
- The `security-filter` bundle protects all Jahia APIs (GraphQL, RESTful JCR, views, custom APIs) from unauthorized access, XSS/CSRF attacks, and provides CORS support.
47
-
48
- **Core principle:** All API access is **denied by default**. Access is explicitly granted via scope-based configuration files. Without any configuration, even the Jahia Administration UI will not work.
49
-
50
- Configuration files live in `digital-factory-data/karaf/etc/` with the filename pattern:
51
-
52
- ```
53
- org.jahia.bundles.api.authorization-*.yml
54
- or
55
- org.jahia.bundles.api.authorization-*.cfg
56
- ```
57
-
58
- YAML format is supported from Jahia 8.1.0.0 onward (recommended).
59
-
60
- ### Authorization configuration
61
-
62
- The configuration is a list of named **scopes**. Each scope grants access to one or more APIs.
63
-
64
- - If a request holds **at least one** scope that grants the API → access **granted**
65
- - If a request holds **no** scope that grants the API → access **denied**
66
-
67
- Scopes can be associated with a request via:
68
- - Personal API tokens (explicitly carrying scopes)
69
- - JWT tokens (deprecated — see below)
70
- - Automatic rules based on request origin
71
-
72
- **Minimal YAML scope example:**
73
-
74
- ```yaml
75
- myscope:
76
- description: Can access some graphql API
77
- metadata:
78
- visible: true
79
- auto_apply:
80
- - origin: hosted
81
- grants:
82
- - api: graphql.MyGqlType
83
- node: none
84
- ```
85
-
86
- Equivalent in `.cfg` format:
87
-
88
- ```properties
89
- myscope.description = Can access some graphql API
90
- myscope.metadata.visible = true
91
- myscope.auto_apply[0].origin = hosted
92
- myscope.grants[0].api = graphql.MyGqlType
93
- myscope.grants[0].node = none
94
- ```
95
-
96
- ### Scope grants
97
-
98
- A scope contains one or more grants. Within a single grant, **all conditions must match** (AND logic). Multiple grants use OR logic (any one matching grant grants access).
99
-
100
- **Grant conditions:**
101
-
102
- **`api`** — API identifier (dot-separated). Examples:
103
- - `graphql.MyGqlType` — specific GraphQL type
104
- - `graphql.JcrNode, graphql.JcrProperty` — multiple types (comma-separated)
105
- - `view.json.tree` — the `tree.json` view
106
- - `jcrestapi` — all JCRest API calls
107
-
108
- API names by subsystem:
109
- - GraphQL: `graphql.<gql-type>.<gql-field>`
110
- - JCRest API: `jcrestapi.<query-type>`
111
- - AJAX views: `view.<template-type>.<view-name>`
112
-
113
- Include/exclude syntax:
114
-
115
- ```yaml
116
- grants:
117
- - api:
118
- include: graphql
119
- exclude: graphql.GqlAdmin, graphql.JcrNode
120
- ```
121
-
122
- **`node`** — matches requests involving a JCR node. Use `node: none` for requests that do not return a node. Sub-entries:
123
-
124
- ```yaml
125
- grants:
126
- - node:
127
- pathPattern: /,/sites(/.*)?
128
- excludedPathPattern: /sites/[^/]+/users(/.*)?
129
- workspace: live # or: default
130
- nodeType: jnt:page
131
- excludedNodeType: jnt:file
132
- withPermission: myPermission
133
- ```
134
-
135
- **Combining conditions (AND within one grant):**
136
-
137
- ```yaml
138
- grants:
139
- - api: graphql
140
- node: none
141
- # Allows GraphQL calls that do NOT involve a node
142
- ```
143
-
144
- **Multiple grants (OR between grants):**
145
-
146
- ```yaml
147
- grants:
148
- - api: graphql
149
- - node: none
150
- # Allows ALL GraphQL calls, AND all calls that don't involve a node
151
- ```
152
-
153
- ### Auto-apply rules
154
-
155
- Scopes can be automatically applied based on request origin (checked against `Origin` and `Referer` headers):
156
-
157
- ```yaml
158
- auto_apply:
159
- - origin: hosted # same server as Jahia (same origin)
160
- - origin: same # alias for hosted
161
- - origin: http://www.mysite.com # specific trusted origin
162
- ```
163
-
164
- To always apply a scope regardless of origin:
165
-
166
- ```yaml
167
- auto_apply:
168
- - always: true
169
- ```
170
-
171
- ### User constraints
172
-
173
- Restrict a scope to specific users:
174
-
175
- ```yaml
176
- # Restrict to users with a specific permission on a node:
177
- constraints:
178
- - user_permission: manageModules
179
- path: /sites
180
- workspace: live
181
-
182
- # Restrict to privileged users only:
183
- constraints:
184
- - privileged_user: true
185
- ```
186
-
187
- The scope will **never** be applied to users who do not meet the constraints.
188
-
189
- ### Configuration profiles
190
-
191
- Set a profile in `org.jahia.bundles.api.security.cfg` via `security.profile`:
192
-
193
- | Profile | Description | Recommendation |
194
- |---------|-------------|----------------|
195
- | `default` | No API calls from external origins or non-privileged users | **Recommended** |
196
- | `compat` | More open; compatible with pre-8.1 behavior | Not recommended for production |
197
- | `open` | Allows every call | Never use in production |
198
-
199
- The `compat` profile was introduced in 2021 as a migration aid and is not intended for ongoing production use.
200
-
201
- ### Extending an existing scope
202
-
203
- Add grants or auto-apply rules to an existing scope from another configuration file:
204
-
205
- ```yaml
206
- graphql:
207
- auto_apply:
208
- - origin: http://www.mytrusted-origin.com
209
- ```
210
-
211
- ### Packaging configuration in a module
212
-
213
- Place configuration files in `META-INF/configurations/` within your module JAR. They are deployed to `karaf/etc` at module startup (supported from DX 7.2.2.0).
214
-
215
- ### Checking API authorization from Java
216
-
217
- The bundle exposes an OSGi service implementing `org.jahia.services.securityfilter.PermissionService`. Call `hasPermission(query)` with a map:
218
-
219
- ```java
220
- Map<String, Object> query = new HashMap<>();
221
- query.put("api", "my-api.type.sub-type"); // required
222
- query.put("node", jcrNodeWrapper); // optional
223
- boolean allowed = permissionService.hasPermission(query);
224
- ```
225
-
226
- The `api` key value is tested by `ApiGrant`; the `node` key value (a `JCRNodeWrapper`) is tested by `NodeGrant`.
227
-
228
- ### CORS filter
229
-
230
- The security-filter module includes a global CORS filter based on the Tomcat implementation. Configure it in `org.jahia.bundles.api.security.cfg`. All Tomcat CORS filter settings are supported — see [Tomcat CORS Filter docs](https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#CORS_Filter).
231
-
232
- ### JWT tokens (deprecated)
233
-
234
- JWT tokens are **deprecated** — use personal API tokens instead.
235
-
236
- Pass a JWT in the `Authorization: Bearer <token>` header. JWT tokens carry a `scopes` claim listing the scopes they grant. Configuration in `org.jahia.bundles.jwt.token.cfg`:
237
-
238
- ```properties
239
- jwt.issuer = MyOrg
240
- jwt.audience = http://jahia.com
241
- jwt.algorithm = HMAC_SHA256
242
- jwt.secret = my_super_secret_change_this
243
- ```
244
-
245
- Tokens can be generated via **Developer Tools > JWT Configuration** in development mode.
246
-
247
- ### Legacy mode and migration
248
-
249
- Enable legacy mode in `org.jahia.bundles.api.security.cfg`:
250
-
251
- ```properties
252
- security.legacyMode=true
253
- ```
254
-
255
- In legacy mode, old `org.jahia.modules.api.permissions-*.cfg` files are used. The new authorization YAML files are ignored.
256
-
257
- Enable migration reporting to compare behaviors:
258
-
259
- ```properties
260
- security.migrationReporting=true
261
- ```
262
-
263
- This logs differences between legacy and standard mode without changing the active enforcement.
264
-
265
- **Debugging:** Set `org.jahia.bundles.securityfilter.core` (or `.legacy` for legacy mode) to `DEBUG` in log4j to log every permission check with its result and matching grant.
266
-
267
- ---
268
-
269
- ## HTML Filtering (XSS Protection)
270
-
271
- ### Overview
272
-
273
- The HTML Filtering module (v2) provides XSS protection for JCR properties containing HTML markup. It is **active as soon as the module is installed** — no per-site enablement is required. Compatible with Jahia 8.1.8.0+.
274
-
275
- HTML filtering applies to content saves. It does not filter rendered output.
276
-
277
- ### Configuration file priority
278
-
279
- Three configuration levels (highest to lowest priority):
280
-
281
- | Level | Filename | Purpose |
282
- |-------|----------|---------|
283
- | Site-specific | `org.jahia.modules.htmlfiltering.site-<SITE_KEY>.yml` | Per-site overrides |
284
- | Global custom | `org.jahia.modules.htmlfiltering.global.custom.yml` | Admin customizations for all sites |
285
- | Global default | `org.jahia.modules.htmlfiltering.global.default.yml` | Shipped with module; do not modify |
286
-
287
- If a configuration file is invalid, it is skipped and the next level in the chain is used. Check logs to confirm your configuration loaded.
288
-
289
- ### Configuration structure
290
-
291
- All configuration files share the same structure with separate `editWorkspace` and `liveWorkspace` sections (both must be present for the file to be valid):
292
-
293
- ```yaml
294
- htmlFiltering:
295
- formatDefinitions:
296
- HTML_ID: '[a-zA-Z0-9\:\-_\.]+'
297
- NUMBER_OR_PERCENT: '\d+%?'
298
- LINKS_URL: '(?:(?:[\p{L}\p{N}\\\.#@$%\+&;\-_~,\?=/!{}:]+|#(\w)+)|(\s*(?:(?:ht|f)tps?://|mailto:)[\p{L}\p{N}][\p{L}\p{N}\p{Zs}\.#@$%\+&:\-_~,\?=/!\(\)]*+\s*))'
299
- editWorkspace:
300
- strategy: REJECT
301
- skipOnPermissions: []
302
- process: ['nt:base.*']
303
- skip: []
304
- allowedRuleSet:
305
- elements:
306
- # rules for allowed elements and attributes
307
- protocols: [http, https, mailto]
308
- liveWorkspace:
309
- strategy: SANITIZE
310
- skipOnPermissions: []
311
- process: ['nt:base.*']
312
- skip: []
313
- allowedRuleSet:
314
- elements:
315
- # rules for allowed elements and attributes
316
- protocols: [http, https, mailto]
317
- ```
318
-
319
- ### Strategies: SANITIZE vs REJECT
320
-
321
- | Strategy | Behavior | Recommended for |
322
- |----------|----------|----------------|
323
- | `SANITIZE` | Removes disallowed tags/attributes silently | `liveWorkspace` (no direct user feedback) |
324
- | `REJECT` | Rejects the save operation if any disallowed content found | `editWorkspace` (editors can correct) |
325
-
326
- **SANITIZE behavior by tag type:**
327
- - Block-level tags (e.g., `<p>`): tag is removed but text content is kept (`<p>hello</p>` → `hello`)
328
- - Other tags (e.g., `<script>`): tag and all its content are removed entirely
329
-
330
- ### Process and skip settings
331
-
332
- Control which node types and properties are filtered:
333
-
334
- ```yaml
335
- process: ['nt:base.*'] # Filter all properties of all node types
336
- skip: ['nt:myNodeType.*'] # Skip all properties of a specific node type
337
- skip: ['nt:myNodeType.myProp'] # Skip a specific property
338
- ```
339
-
340
- `skip` takes precedence over `process`. The notation supports any node type/property combination that exists on the node, even via mixins — for example `skip: ['jnt:bigText.j:htmlContent']` is valid even if `j:htmlContent` is defined on a mixin.
341
-
342
- ### Skip on permissions
343
-
344
- Bypass filtering for users holding specific permissions:
345
-
346
- ```yaml
347
- skipOnPermissions: ['view-full-wysiwyg-editor', 'site-admin']
348
- ```
349
-
350
- **Warning:** If a privileged user saves HTML content with elements that would be filtered for less privileged users, those users will be unable to later edit that content (their save will be rejected). Use `skipOnPermissions` with care and only for trusted users.
351
-
352
- ### Rule sets — allowed elements and attributes
353
-
354
- ```yaml
355
- allowedRuleSet:
356
- elements:
357
- - attributes: [class, dir, hidden, lang, role, style, title] # on any tag
358
- - attributes:
359
- - id
360
- format: HTML_ID # must match regex
361
- - attributes: [align]
362
- tags: [caption, col, colgroup, hr, img, table, tbody, td, tfoot, th, thead, tr]
363
- - attributes: [alt]
364
- tags: [img]
365
- - tags: [h1, h2, h3, h4, h5, h6, p, a, img, figure, div, ul, ol, li,
366
- table, tbody, thead, tfoot, tr, td, th, blockquote, code, pre,
367
- br, strong, em, span, nav, article, main, aside, section, header, footer]
368
- protocols: [http, https, mailto]
369
- ```
370
-
371
- Each rule can specify:
372
- - `tags` — HTML tags the rule applies to (omit to apply to all tags)
373
- - `attributes` — allowed attributes for those tags
374
- - `format` — regex pattern name from `formatDefinitions` that attribute values must match
375
-
376
- `protocols` restricts allowed URL schemes in `href` and `src` attributes.
377
-
378
- `allowedRuleSet` is mandatory and must contain at least one rule. `disallowedRuleSet` is optional.
379
-
380
- ### GraphQL API for validation
381
-
382
- Validate or preview HTML sanitization before saving:
383
-
384
- ```graphql
385
- query HtmlFiltering($html: String!, $workspace: Workspace = EDIT, $siteKey: String!) {
386
- htmlFiltering {
387
- validate(html: $html, workspace: $workspace, siteKey: $siteKey) {
388
- removedTags
389
- removedAttributes {
390
- attributes
391
- tag
392
- }
393
- sanitizedHtml
394
- safe
395
- }
396
- }
397
- }
398
- ```
399
-
400
- Response fields:
401
- - `removedTags` — list of tags removed during sanitization
402
- - `removedAttributes` — list of attributes removed, with their parent tags
403
- - `sanitizedHtml` — the sanitized output
404
- - `safe` — `true` if nothing was removed (input is fully compliant)
405
-
406
- ### Which properties are filtered
407
-
408
- A property is processed by HTML filtering only if **all** of the following are true:
409
-
410
- 1. The current user does not have any permission listed in `skipOnPermissions`
411
- 2. The property matches at least one pattern in `process`
412
- 3. The property does not match any pattern in `skip`
413
- 4. The property is declared as a `richtext` property in the CND definition
414
-
415
- ```
416
- [nt:myNodeType] > jnt:content, jmix:droppableContent
417
- - myHTMLProperty (string, richtext) # filtered
418
- - willNotBeProcessed (string) # not filtered (no richtext)
419
- ```
420
-
421
- **Important:** JSON overrides (jContent UI overrides) that change a property's editor to RichText are **ignored** by HTML filtering. The CND definition is authoritative. Properties must be declared `richtext` in the CND to be filtered.
422
-
423
- ### Best practices
424
-
425
- 1. Never modify `org.jahia.modules.htmlfiltering.global.default.yml` — create a custom or site-specific file instead.
426
- 2. Use `skipOnPermissions` sparingly; only for users who genuinely need to contribute unrestricted HTML.
427
- 3. Use `REJECT` in `editWorkspace` so editors receive immediate feedback; use `SANITIZE` in `liveWorkspace` for resilience.
428
- 4. Declare HTML properties with the `richtext` constraint in CND — JSON overrides do not affect filtering.
429
- 5. After adding or modifying a config file, verify in logs that it was loaded successfully.
430
-
431
- ### Migrating from v1 to v2
432
-
433
- As soon as v2 is installed, it replaces v1 entirely. v1 custom configurations are no longer read.
434
-
435
- **Key changes in v2:**
436
-
437
- | Area | v1 | v2 |
438
- |------|----|----|
439
- | Strategy | SANITIZE only | SANITIZE or REJECT per workspace |
440
- | Workspaces | Single config | Separate `editWorkspace`/`liveWorkspace` sections |
441
- | Format definitions | Hardcoded (e.g., `HTML_ID`) | Configurable in `formatDefinitions` |
442
- | Config files | `org.jahia.modules.htmlfiltering.config-*.yml` | Three-tier: global default, global custom, site-specific |
443
- | `htmlSanitizerDryRun` | Available | Removed |
444
-
445
- **GraphQL API change:**
446
-
447
- v1 (mutation):
448
- ```graphql
449
- mutation { htmlFilteringConfiguration { htmlFiltering {
450
- testFiltering(siteKey: $siteKey, html: $text) { html, removedElements, removedAttributes { element, attributes } }
451
- }}}
452
- ```
453
-
454
- v2 (query):
455
- ```graphql
456
- query { htmlFiltering {
457
- validate(html: $html, workspace: $workspace, siteKey: $siteKey) {
458
- sanitizedHtml, removedTags, removedAttributes { attributes, tag }, safe
459
- }
460
- }}
461
- ```
462
-
463
- **Migration steps:**
464
- 1. Review existing v1 configs; note all custom rules.
465
- 2. Create `org.jahia.modules.htmlfiltering.global.custom.yml` for global customizations.
466
- 3. Create `org.jahia.modules.htmlfiltering.site-<SITE_KEY>.yml` for site-specific rules.
467
- 4. Use `SANITIZE` strategy in both workspaces to replicate v1 behavior, then tighten as needed.
468
- 5. Update any code using the v1 GraphQL API.
469
- 6. Test thoroughly, then delete the old v1 config files.
470
-
471
- ---
472
-
473
- ## Content Security Policy (CSP)
474
-
475
- ### Installation and enabling
476
-
477
- The CSP module is installed by default with Jahia 8+. Enable it per site:
478
-
479
- 1. Go to **Administration > Server > Modules & Extensions > Modules**.
480
- 2. Find **Content Security Policy** and activate it on the relevant sites.
481
-
482
- ### Site-level CSP
483
-
484
- 1. Go to **Administration > Sites > Site properties > Edit site properties**.
485
- 2. In the Options section, check **Add Content-Security-Policy at the site level**.
486
- 3. Enter the CSP directive string (all on one line).
487
- 4. Optionally enable report-only mode or specify a violation report URL.
488
-
489
- ### Page-level CSP override
490
-
491
- Override the site-level CSP for a specific page:
492
-
493
- 1. In **JContent**, edit the page.
494
- 2. In the Options section, check **Replace Content-Security-Policy at the page level**.
495
- 3. Enter the page-specific CSP directive.
496
-
497
- ### Report-only mode
498
-
499
- Available only at the site level. Enable **Only report CSP violations** — violations are logged to Jahia log files instead of being blocked. Optionally specify a **Report violations to this URL** endpoint.
500
-
501
- This is useful for testing a new CSP before enforcing it.
502
-
503
- ### Nonce generation
504
-
505
- To use `nonce-` in your CSP (recommended for inline scripts):
506
-
507
- 1. Include `nonce-` (as a placeholder) in the site-level CSP value.
508
- 2. In your custom module's view, set the `nonce` attribute on `<script>` elements to the Jahia property value `contentSecurityPolicy.nonce.placeHolder`.
509
-
510
- For each page rendering, Jahia generates a random nonce, updates the CSP header, and replaces the static placeholder in the HTML output.
511
-
512
- ### CSP examples
513
-
514
- **Basic CSP:**
515
-
516
- ```
517
- Content-Security-Policy: default-src 'self'; script-src 'self' https://apis.google.com; object-src 'none'; frame-ancestors 'none';
518
- ```
519
-
520
- **Strict CSP with nonce (multi-line for readability; enter on one line in Jahia):**
521
-
522
- ```
523
- Content-Security-Policy:
524
- default-src 'self' https://*.doubleclick.net;
525
- script-src 'nonce-' 'strict-dynamic' https: 'unsafe-inline';
526
- object-src 'none';
527
- base-uri 'none';
528
- frame-ancestors 'none';
529
- img-src 'self' data:;
530
- font-src 'self' data:;
531
- style-src 'self' 'unsafe-inline';
532
- frame-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net;
533
- connect-src 'self' https://*.google-analytics.com https://*.googletagmanager.com;
534
- ```
535
-
536
- The `'nonce-'` string is a placeholder — Jahia replaces it with a generated random value per request.
537
-
538
- **References:**
539
- - MDN CSP: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
540
- - OWASP CSP Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
541
- - CSP Reference: https://content-security-policy.com/