@jahia/agentic 0.4.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (373) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/dist/claude/.claude/rules/jahia.md +1 -37
  3. package/dist/claude/.claude/skills/jahia-cnd-author/SKILL.md +94 -0
  4. package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  5. package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  6. package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  7. package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  8. package/dist/{opencode/.opencode/agents → claude/.claude/skills/jahia-cnd-author/references}/cnd-numbers-dates.md +32 -1
  9. package/dist/{opencode/.opencode/agents → claude/.claude/skills/jahia-cnd-author/references}/cnd-string-selectors.md +49 -10
  10. package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  11. package/dist/claude/.claude/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  12. package/dist/claude/.claude/skills/jahia-dev-accessibility/SKILL.md +5 -265
  13. package/dist/claude/.claude/skills/jahia-dev-build-component/SKILL.md +13 -8
  14. package/dist/claude/CLAUDE.md +2 -38
  15. package/dist/codex/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
  16. package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  17. package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  18. package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  19. package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  20. package/dist/{claude/.claude/agents → codex/.agents/skills/jahia-cnd-author/references}/cnd-numbers-dates.md +32 -1
  21. package/dist/{cursor/.cursor/agents → codex/.agents/skills/jahia-cnd-author/references}/cnd-string-selectors.md +49 -10
  22. package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  23. package/dist/codex/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  24. package/dist/codex/.agents/skills/jahia-dev-accessibility/SKILL.md +5 -265
  25. package/dist/codex/.agents/skills/jahia-dev-build-component/SKILL.md +13 -8
  26. package/dist/codex/AGENTS.md +2 -38
  27. package/dist/copilot/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
  28. package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  29. package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  30. package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  31. package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  32. package/dist/{cursor/.cursor/agents → copilot/.agents/skills/jahia-cnd-author/references}/cnd-numbers-dates.md +32 -1
  33. package/dist/{claude/.claude/agents → copilot/.agents/skills/jahia-cnd-author/references}/cnd-string-selectors.md +49 -10
  34. package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  35. package/dist/copilot/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  36. package/dist/copilot/.agents/skills/jahia-dev-accessibility/SKILL.md +5 -265
  37. package/dist/copilot/.agents/skills/jahia-dev-build-component/SKILL.md +13 -8
  38. package/dist/copilot/AGENTS.md +2 -38
  39. package/dist/cursor/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
  40. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  41. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  42. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
  43. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  44. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  45. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
  46. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
  47. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  48. package/dist/cursor/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  49. package/dist/cursor/.agents/skills/jahia-dev-accessibility/SKILL.md +5 -265
  50. package/dist/cursor/.agents/skills/jahia-dev-build-component/SKILL.md +13 -8
  51. package/dist/cursor/.cursor/rules/jahia.mdc +1 -37
  52. package/dist/gemini/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
  53. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  54. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  55. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
  56. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  57. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  58. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
  59. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
  60. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  61. package/dist/gemini/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  62. package/dist/gemini/.agents/skills/jahia-dev-accessibility/SKILL.md +5 -265
  63. package/dist/gemini/.agents/skills/jahia-dev-build-component/SKILL.md +13 -8
  64. package/dist/gemini/AGENTS.md +2 -38
  65. package/dist/opencode/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
  66. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  67. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  68. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
  69. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  70. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  71. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
  72. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
  73. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  74. package/dist/opencode/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  75. package/dist/opencode/.agents/skills/jahia-dev-accessibility/SKILL.md +5 -265
  76. package/dist/opencode/.agents/skills/jahia-dev-build-component/SKILL.md +13 -8
  77. package/dist/opencode/AGENTS.md +2 -38
  78. package/dist/windsurf/.windsurf/rules/jahia.md +1 -37
  79. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/SKILL.md +94 -0
  80. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  81. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  82. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
  83. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  84. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  85. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
  86. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
  87. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  88. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  89. package/dist/windsurf/.windsurf/skills/jahia-dev-accessibility/SKILL.md +5 -265
  90. package/dist/windsurf/.windsurf/skills/jahia-dev-build-component/SKILL.md +13 -8
  91. package/dist/windsurf/AGENTS.md +2 -38
  92. package/package.json +1 -1
  93. package/dist/claude/.claude/agents/cnd-jahia-mixins.md +0 -113
  94. package/dist/claude/.claude/agents/jahia-cnd-author.md +0 -130
  95. package/dist/claude/.claude/agents/jahia-dev-worker.md +0 -264
  96. package/dist/claude/.claude/agents/jahia-reviewer.md +0 -105
  97. package/dist/claude/.claude/skills/jahia/SKILL.md +0 -148
  98. package/dist/claude/.claude/skills/jahia-content/SKILL.md +0 -157
  99. package/dist/claude/.claude/skills/jahia-content-create-content/SKILL.md +0 -359
  100. package/dist/claude/.claude/skills/jahia-content-explore-structure/SKILL.md +0 -255
  101. package/dist/claude/.claude/skills/jahia-content-media-upload/SKILL.md +0 -197
  102. package/dist/claude/.claude/skills/jahia-content-move-content/SKILL.md +0 -231
  103. package/dist/claude/.claude/skills/jahia-content-organize/SKILL.md +0 -209
  104. package/dist/claude/.claude/skills/jahia-content-publish/SKILL.md +0 -181
  105. package/dist/claude/.claude/skills/jahia-content-query-content/SKILL.md +0 -174
  106. package/dist/claude/.claude/skills/jahia-content-translate-content/SKILL.md +0 -226
  107. package/dist/claude/.claude/skills/jahia-dev/SKILL.md +0 -124
  108. package/dist/claude/.claude/skills/jahia-dev-apis/SKILL.md +0 -52
  109. package/dist/claude/.claude/skills/jahia-dev-apis/references/authentication.md +0 -484
  110. package/dist/claude/.claude/skills/jahia-dev-apis/references/graphql.md +0 -657
  111. package/dist/claude/.claude/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  112. package/dist/claude/.claude/skills/jahia-dev-apis/references/security.md +0 -541
  113. package/dist/claude/.claude/skills/jahia-dev-cypress/SKILL.md +0 -265
  114. package/dist/claude/.claude/skills/jahia-dev-define-content-type/SKILL.md +0 -93
  115. package/dist/claude/.claude/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
  116. package/dist/claude/.claude/skills/jahia-dev-java/SKILL.md +0 -110
  117. package/dist/claude/.claude/skills/jahia-dev-java/references/backend.md +0 -331
  118. package/dist/claude/.claude/skills/jahia-dev-java/references/content-types.md +0 -273
  119. package/dist/claude/.claude/skills/jahia-dev-java/references/modules.md +0 -218
  120. package/dist/claude/.claude/skills/jahia-dev-java/references/osgi.md +0 -208
  121. package/dist/claude/.claude/skills/jahia-dev-java/references/rendering.md +0 -191
  122. package/dist/claude/.claude/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  123. package/dist/claude/.claude/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  124. package/dist/claude/.claude/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  125. package/dist/claude/.claude/skills/jahia-java-concurrency/SKILL.md +0 -308
  126. package/dist/claude/.claude/skills/jahia-java-jcr/SKILL.md +0 -153
  127. package/dist/claude/.claude/skills/jahia-java-osgi/SKILL.md +0 -134
  128. package/dist/claude/.claude/skills/jahia-java-persistence/SKILL.md +0 -177
  129. package/dist/claude/.claude/skills/jahia-java-security/SKILL.md +0 -84
  130. package/dist/claude/.claude/skills/jahia-orchestrate/SKILL.md +0 -148
  131. package/dist/claude/.claude/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
  132. package/dist/claude/.claude/skills/jahia-review-java/SKILL.md +0 -131
  133. package/dist/claude/.claude/skills/jahia-review-java/references/code-review-output.md +0 -121
  134. package/dist/codex/.agents/skills/jahia/SKILL.md +0 -148
  135. package/dist/codex/.agents/skills/jahia-content/SKILL.md +0 -157
  136. package/dist/codex/.agents/skills/jahia-content-create-content/SKILL.md +0 -359
  137. package/dist/codex/.agents/skills/jahia-content-explore-structure/SKILL.md +0 -255
  138. package/dist/codex/.agents/skills/jahia-content-media-upload/SKILL.md +0 -197
  139. package/dist/codex/.agents/skills/jahia-content-move-content/SKILL.md +0 -231
  140. package/dist/codex/.agents/skills/jahia-content-organize/SKILL.md +0 -209
  141. package/dist/codex/.agents/skills/jahia-content-publish/SKILL.md +0 -181
  142. package/dist/codex/.agents/skills/jahia-content-query-content/SKILL.md +0 -174
  143. package/dist/codex/.agents/skills/jahia-content-translate-content/SKILL.md +0 -226
  144. package/dist/codex/.agents/skills/jahia-dev/SKILL.md +0 -124
  145. package/dist/codex/.agents/skills/jahia-dev-apis/SKILL.md +0 -52
  146. package/dist/codex/.agents/skills/jahia-dev-apis/references/authentication.md +0 -484
  147. package/dist/codex/.agents/skills/jahia-dev-apis/references/graphql.md +0 -657
  148. package/dist/codex/.agents/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  149. package/dist/codex/.agents/skills/jahia-dev-apis/references/security.md +0 -541
  150. package/dist/codex/.agents/skills/jahia-dev-cypress/SKILL.md +0 -265
  151. package/dist/codex/.agents/skills/jahia-dev-define-content-type/SKILL.md +0 -93
  152. package/dist/codex/.agents/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
  153. package/dist/codex/.agents/skills/jahia-dev-java/SKILL.md +0 -110
  154. package/dist/codex/.agents/skills/jahia-dev-java/references/backend.md +0 -331
  155. package/dist/codex/.agents/skills/jahia-dev-java/references/content-types.md +0 -273
  156. package/dist/codex/.agents/skills/jahia-dev-java/references/modules.md +0 -218
  157. package/dist/codex/.agents/skills/jahia-dev-java/references/osgi.md +0 -208
  158. package/dist/codex/.agents/skills/jahia-dev-java/references/rendering.md +0 -191
  159. package/dist/codex/.agents/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  160. package/dist/codex/.agents/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  161. package/dist/codex/.agents/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  162. package/dist/codex/.agents/skills/jahia-java-concurrency/SKILL.md +0 -308
  163. package/dist/codex/.agents/skills/jahia-java-jcr/SKILL.md +0 -153
  164. package/dist/codex/.agents/skills/jahia-java-osgi/SKILL.md +0 -134
  165. package/dist/codex/.agents/skills/jahia-java-persistence/SKILL.md +0 -177
  166. package/dist/codex/.agents/skills/jahia-java-security/SKILL.md +0 -84
  167. package/dist/codex/.agents/skills/jahia-orchestrate/SKILL.md +0 -148
  168. package/dist/codex/.agents/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
  169. package/dist/codex/.agents/skills/jahia-review-java/SKILL.md +0 -131
  170. package/dist/codex/.agents/skills/jahia-review-java/references/code-review-output.md +0 -121
  171. package/dist/codex/.codex/agents/cnd-child-nodes.toml +0 -3
  172. package/dist/codex/.codex/agents/cnd-jahia-mixins.toml +0 -3
  173. package/dist/codex/.codex/agents/cnd-numbers-dates.toml +0 -3
  174. package/dist/codex/.codex/agents/cnd-string-selectors.toml +0 -3
  175. package/dist/codex/.codex/agents/jahia-cnd-author.toml +0 -3
  176. package/dist/codex/.codex/agents/jahia-dev-worker.toml +0 -3
  177. package/dist/codex/.codex/agents/jahia-reviewer.toml +0 -3
  178. package/dist/copilot/.agents/skills/jahia/SKILL.md +0 -148
  179. package/dist/copilot/.agents/skills/jahia-content/SKILL.md +0 -157
  180. package/dist/copilot/.agents/skills/jahia-content-create-content/SKILL.md +0 -359
  181. package/dist/copilot/.agents/skills/jahia-content-explore-structure/SKILL.md +0 -255
  182. package/dist/copilot/.agents/skills/jahia-content-media-upload/SKILL.md +0 -197
  183. package/dist/copilot/.agents/skills/jahia-content-move-content/SKILL.md +0 -231
  184. package/dist/copilot/.agents/skills/jahia-content-organize/SKILL.md +0 -209
  185. package/dist/copilot/.agents/skills/jahia-content-publish/SKILL.md +0 -181
  186. package/dist/copilot/.agents/skills/jahia-content-query-content/SKILL.md +0 -174
  187. package/dist/copilot/.agents/skills/jahia-content-translate-content/SKILL.md +0 -226
  188. package/dist/copilot/.agents/skills/jahia-dev/SKILL.md +0 -124
  189. package/dist/copilot/.agents/skills/jahia-dev-apis/SKILL.md +0 -52
  190. package/dist/copilot/.agents/skills/jahia-dev-apis/references/authentication.md +0 -484
  191. package/dist/copilot/.agents/skills/jahia-dev-apis/references/graphql.md +0 -657
  192. package/dist/copilot/.agents/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  193. package/dist/copilot/.agents/skills/jahia-dev-apis/references/security.md +0 -541
  194. package/dist/copilot/.agents/skills/jahia-dev-cypress/SKILL.md +0 -265
  195. package/dist/copilot/.agents/skills/jahia-dev-define-content-type/SKILL.md +0 -93
  196. package/dist/copilot/.agents/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
  197. package/dist/copilot/.agents/skills/jahia-dev-java/SKILL.md +0 -110
  198. package/dist/copilot/.agents/skills/jahia-dev-java/references/backend.md +0 -331
  199. package/dist/copilot/.agents/skills/jahia-dev-java/references/content-types.md +0 -273
  200. package/dist/copilot/.agents/skills/jahia-dev-java/references/modules.md +0 -218
  201. package/dist/copilot/.agents/skills/jahia-dev-java/references/osgi.md +0 -208
  202. package/dist/copilot/.agents/skills/jahia-dev-java/references/rendering.md +0 -191
  203. package/dist/copilot/.agents/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  204. package/dist/copilot/.agents/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  205. package/dist/copilot/.agents/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  206. package/dist/copilot/.agents/skills/jahia-java-concurrency/SKILL.md +0 -308
  207. package/dist/copilot/.agents/skills/jahia-java-jcr/SKILL.md +0 -153
  208. package/dist/copilot/.agents/skills/jahia-java-osgi/SKILL.md +0 -134
  209. package/dist/copilot/.agents/skills/jahia-java-persistence/SKILL.md +0 -177
  210. package/dist/copilot/.agents/skills/jahia-java-security/SKILL.md +0 -84
  211. package/dist/copilot/.agents/skills/jahia-orchestrate/SKILL.md +0 -148
  212. package/dist/copilot/.agents/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
  213. package/dist/copilot/.agents/skills/jahia-review-java/SKILL.md +0 -131
  214. package/dist/copilot/.agents/skills/jahia-review-java/references/code-review-output.md +0 -121
  215. package/dist/cursor/.agents/skills/jahia/SKILL.md +0 -148
  216. package/dist/cursor/.agents/skills/jahia-content/SKILL.md +0 -157
  217. package/dist/cursor/.agents/skills/jahia-content-create-content/SKILL.md +0 -359
  218. package/dist/cursor/.agents/skills/jahia-content-explore-structure/SKILL.md +0 -255
  219. package/dist/cursor/.agents/skills/jahia-content-media-upload/SKILL.md +0 -197
  220. package/dist/cursor/.agents/skills/jahia-content-move-content/SKILL.md +0 -231
  221. package/dist/cursor/.agents/skills/jahia-content-organize/SKILL.md +0 -209
  222. package/dist/cursor/.agents/skills/jahia-content-publish/SKILL.md +0 -181
  223. package/dist/cursor/.agents/skills/jahia-content-query-content/SKILL.md +0 -174
  224. package/dist/cursor/.agents/skills/jahia-content-translate-content/SKILL.md +0 -226
  225. package/dist/cursor/.agents/skills/jahia-dev/SKILL.md +0 -124
  226. package/dist/cursor/.agents/skills/jahia-dev-apis/SKILL.md +0 -52
  227. package/dist/cursor/.agents/skills/jahia-dev-apis/references/authentication.md +0 -484
  228. package/dist/cursor/.agents/skills/jahia-dev-apis/references/graphql.md +0 -657
  229. package/dist/cursor/.agents/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  230. package/dist/cursor/.agents/skills/jahia-dev-apis/references/security.md +0 -541
  231. package/dist/cursor/.agents/skills/jahia-dev-cypress/SKILL.md +0 -265
  232. package/dist/cursor/.agents/skills/jahia-dev-define-content-type/SKILL.md +0 -93
  233. package/dist/cursor/.agents/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
  234. package/dist/cursor/.agents/skills/jahia-dev-java/SKILL.md +0 -110
  235. package/dist/cursor/.agents/skills/jahia-dev-java/references/backend.md +0 -331
  236. package/dist/cursor/.agents/skills/jahia-dev-java/references/content-types.md +0 -273
  237. package/dist/cursor/.agents/skills/jahia-dev-java/references/modules.md +0 -218
  238. package/dist/cursor/.agents/skills/jahia-dev-java/references/osgi.md +0 -208
  239. package/dist/cursor/.agents/skills/jahia-dev-java/references/rendering.md +0 -191
  240. package/dist/cursor/.agents/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  241. package/dist/cursor/.agents/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  242. package/dist/cursor/.agents/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  243. package/dist/cursor/.agents/skills/jahia-java-concurrency/SKILL.md +0 -308
  244. package/dist/cursor/.agents/skills/jahia-java-jcr/SKILL.md +0 -153
  245. package/dist/cursor/.agents/skills/jahia-java-osgi/SKILL.md +0 -134
  246. package/dist/cursor/.agents/skills/jahia-java-persistence/SKILL.md +0 -177
  247. package/dist/cursor/.agents/skills/jahia-java-security/SKILL.md +0 -84
  248. package/dist/cursor/.agents/skills/jahia-orchestrate/SKILL.md +0 -148
  249. package/dist/cursor/.agents/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
  250. package/dist/cursor/.agents/skills/jahia-review-java/SKILL.md +0 -131
  251. package/dist/cursor/.agents/skills/jahia-review-java/references/code-review-output.md +0 -121
  252. package/dist/cursor/.cursor/agents/cnd-jahia-mixins.md +0 -113
  253. package/dist/cursor/.cursor/agents/jahia-cnd-author.md +0 -130
  254. package/dist/cursor/.cursor/agents/jahia-dev-worker.md +0 -264
  255. package/dist/cursor/.cursor/agents/jahia-reviewer.md +0 -105
  256. package/dist/gemini/.agents/skills/jahia/SKILL.md +0 -148
  257. package/dist/gemini/.agents/skills/jahia-content/SKILL.md +0 -157
  258. package/dist/gemini/.agents/skills/jahia-content-create-content/SKILL.md +0 -359
  259. package/dist/gemini/.agents/skills/jahia-content-explore-structure/SKILL.md +0 -255
  260. package/dist/gemini/.agents/skills/jahia-content-media-upload/SKILL.md +0 -197
  261. package/dist/gemini/.agents/skills/jahia-content-move-content/SKILL.md +0 -231
  262. package/dist/gemini/.agents/skills/jahia-content-organize/SKILL.md +0 -209
  263. package/dist/gemini/.agents/skills/jahia-content-publish/SKILL.md +0 -181
  264. package/dist/gemini/.agents/skills/jahia-content-query-content/SKILL.md +0 -174
  265. package/dist/gemini/.agents/skills/jahia-content-translate-content/SKILL.md +0 -226
  266. package/dist/gemini/.agents/skills/jahia-dev/SKILL.md +0 -124
  267. package/dist/gemini/.agents/skills/jahia-dev-apis/SKILL.md +0 -52
  268. package/dist/gemini/.agents/skills/jahia-dev-apis/references/authentication.md +0 -484
  269. package/dist/gemini/.agents/skills/jahia-dev-apis/references/graphql.md +0 -657
  270. package/dist/gemini/.agents/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  271. package/dist/gemini/.agents/skills/jahia-dev-apis/references/security.md +0 -541
  272. package/dist/gemini/.agents/skills/jahia-dev-cypress/SKILL.md +0 -265
  273. package/dist/gemini/.agents/skills/jahia-dev-define-content-type/SKILL.md +0 -93
  274. package/dist/gemini/.agents/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
  275. package/dist/gemini/.agents/skills/jahia-dev-java/SKILL.md +0 -110
  276. package/dist/gemini/.agents/skills/jahia-dev-java/references/backend.md +0 -331
  277. package/dist/gemini/.agents/skills/jahia-dev-java/references/content-types.md +0 -273
  278. package/dist/gemini/.agents/skills/jahia-dev-java/references/modules.md +0 -218
  279. package/dist/gemini/.agents/skills/jahia-dev-java/references/osgi.md +0 -208
  280. package/dist/gemini/.agents/skills/jahia-dev-java/references/rendering.md +0 -191
  281. package/dist/gemini/.agents/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  282. package/dist/gemini/.agents/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  283. package/dist/gemini/.agents/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  284. package/dist/gemini/.agents/skills/jahia-java-concurrency/SKILL.md +0 -308
  285. package/dist/gemini/.agents/skills/jahia-java-jcr/SKILL.md +0 -153
  286. package/dist/gemini/.agents/skills/jahia-java-osgi/SKILL.md +0 -134
  287. package/dist/gemini/.agents/skills/jahia-java-persistence/SKILL.md +0 -177
  288. package/dist/gemini/.agents/skills/jahia-java-security/SKILL.md +0 -84
  289. package/dist/gemini/.agents/skills/jahia-orchestrate/SKILL.md +0 -148
  290. package/dist/gemini/.agents/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
  291. package/dist/gemini/.agents/skills/jahia-review-java/SKILL.md +0 -131
  292. package/dist/gemini/.agents/skills/jahia-review-java/references/code-review-output.md +0 -121
  293. package/dist/opencode/.agents/skills/jahia/SKILL.md +0 -148
  294. package/dist/opencode/.agents/skills/jahia-content/SKILL.md +0 -157
  295. package/dist/opencode/.agents/skills/jahia-content-create-content/SKILL.md +0 -359
  296. package/dist/opencode/.agents/skills/jahia-content-explore-structure/SKILL.md +0 -255
  297. package/dist/opencode/.agents/skills/jahia-content-media-upload/SKILL.md +0 -197
  298. package/dist/opencode/.agents/skills/jahia-content-move-content/SKILL.md +0 -231
  299. package/dist/opencode/.agents/skills/jahia-content-organize/SKILL.md +0 -209
  300. package/dist/opencode/.agents/skills/jahia-content-publish/SKILL.md +0 -181
  301. package/dist/opencode/.agents/skills/jahia-content-query-content/SKILL.md +0 -174
  302. package/dist/opencode/.agents/skills/jahia-content-translate-content/SKILL.md +0 -226
  303. package/dist/opencode/.agents/skills/jahia-dev/SKILL.md +0 -124
  304. package/dist/opencode/.agents/skills/jahia-dev-apis/SKILL.md +0 -52
  305. package/dist/opencode/.agents/skills/jahia-dev-apis/references/authentication.md +0 -484
  306. package/dist/opencode/.agents/skills/jahia-dev-apis/references/graphql.md +0 -657
  307. package/dist/opencode/.agents/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  308. package/dist/opencode/.agents/skills/jahia-dev-apis/references/security.md +0 -541
  309. package/dist/opencode/.agents/skills/jahia-dev-cypress/SKILL.md +0 -265
  310. package/dist/opencode/.agents/skills/jahia-dev-define-content-type/SKILL.md +0 -93
  311. package/dist/opencode/.agents/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
  312. package/dist/opencode/.agents/skills/jahia-dev-java/SKILL.md +0 -110
  313. package/dist/opencode/.agents/skills/jahia-dev-java/references/backend.md +0 -331
  314. package/dist/opencode/.agents/skills/jahia-dev-java/references/content-types.md +0 -273
  315. package/dist/opencode/.agents/skills/jahia-dev-java/references/modules.md +0 -218
  316. package/dist/opencode/.agents/skills/jahia-dev-java/references/osgi.md +0 -208
  317. package/dist/opencode/.agents/skills/jahia-dev-java/references/rendering.md +0 -191
  318. package/dist/opencode/.agents/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  319. package/dist/opencode/.agents/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  320. package/dist/opencode/.agents/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  321. package/dist/opencode/.agents/skills/jahia-java-concurrency/SKILL.md +0 -308
  322. package/dist/opencode/.agents/skills/jahia-java-jcr/SKILL.md +0 -153
  323. package/dist/opencode/.agents/skills/jahia-java-osgi/SKILL.md +0 -134
  324. package/dist/opencode/.agents/skills/jahia-java-persistence/SKILL.md +0 -177
  325. package/dist/opencode/.agents/skills/jahia-java-security/SKILL.md +0 -84
  326. package/dist/opencode/.agents/skills/jahia-orchestrate/SKILL.md +0 -148
  327. package/dist/opencode/.agents/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
  328. package/dist/opencode/.agents/skills/jahia-review-java/SKILL.md +0 -131
  329. package/dist/opencode/.agents/skills/jahia-review-java/references/code-review-output.md +0 -121
  330. package/dist/opencode/.opencode/agents/cnd-jahia-mixins.md +0 -113
  331. package/dist/opencode/.opencode/agents/jahia-cnd-author.md +0 -130
  332. package/dist/opencode/.opencode/agents/jahia-dev-worker.md +0 -264
  333. package/dist/opencode/.opencode/agents/jahia-reviewer.md +0 -105
  334. package/dist/windsurf/.windsurf/skills/jahia/SKILL.md +0 -148
  335. package/dist/windsurf/.windsurf/skills/jahia-content/SKILL.md +0 -157
  336. package/dist/windsurf/.windsurf/skills/jahia-content-create-content/SKILL.md +0 -359
  337. package/dist/windsurf/.windsurf/skills/jahia-content-explore-structure/SKILL.md +0 -255
  338. package/dist/windsurf/.windsurf/skills/jahia-content-media-upload/SKILL.md +0 -197
  339. package/dist/windsurf/.windsurf/skills/jahia-content-move-content/SKILL.md +0 -231
  340. package/dist/windsurf/.windsurf/skills/jahia-content-organize/SKILL.md +0 -209
  341. package/dist/windsurf/.windsurf/skills/jahia-content-publish/SKILL.md +0 -181
  342. package/dist/windsurf/.windsurf/skills/jahia-content-query-content/SKILL.md +0 -174
  343. package/dist/windsurf/.windsurf/skills/jahia-content-translate-content/SKILL.md +0 -226
  344. package/dist/windsurf/.windsurf/skills/jahia-dev/SKILL.md +0 -124
  345. package/dist/windsurf/.windsurf/skills/jahia-dev-apis/SKILL.md +0 -52
  346. package/dist/windsurf/.windsurf/skills/jahia-dev-apis/references/authentication.md +0 -484
  347. package/dist/windsurf/.windsurf/skills/jahia-dev-apis/references/graphql.md +0 -657
  348. package/dist/windsurf/.windsurf/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  349. package/dist/windsurf/.windsurf/skills/jahia-dev-apis/references/security.md +0 -541
  350. package/dist/windsurf/.windsurf/skills/jahia-dev-cypress/SKILL.md +0 -265
  351. package/dist/windsurf/.windsurf/skills/jahia-dev-define-content-type/SKILL.md +0 -93
  352. package/dist/windsurf/.windsurf/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
  353. package/dist/windsurf/.windsurf/skills/jahia-dev-java/SKILL.md +0 -110
  354. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/backend.md +0 -331
  355. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/content-types.md +0 -273
  356. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/modules.md +0 -218
  357. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/osgi.md +0 -208
  358. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/rendering.md +0 -191
  359. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  360. package/dist/windsurf/.windsurf/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  361. package/dist/windsurf/.windsurf/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  362. package/dist/windsurf/.windsurf/skills/jahia-java-concurrency/SKILL.md +0 -308
  363. package/dist/windsurf/.windsurf/skills/jahia-java-jcr/SKILL.md +0 -153
  364. package/dist/windsurf/.windsurf/skills/jahia-java-osgi/SKILL.md +0 -134
  365. package/dist/windsurf/.windsurf/skills/jahia-java-persistence/SKILL.md +0 -177
  366. package/dist/windsurf/.windsurf/skills/jahia-java-security/SKILL.md +0 -84
  367. package/dist/windsurf/.windsurf/skills/jahia-orchestrate/SKILL.md +0 -148
  368. package/dist/windsurf/.windsurf/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
  369. package/dist/windsurf/.windsurf/skills/jahia-review-java/SKILL.md +0 -131
  370. package/dist/windsurf/.windsurf/skills/jahia-review-java/references/code-review-output.md +0 -121
  371. /package/dist/claude/.claude/{agents → skills/jahia-cnd-author/references}/cnd-child-nodes.md +0 -0
  372. /package/dist/{cursor/.cursor/agents → codex/.agents/skills/jahia-cnd-author/references}/cnd-child-nodes.md +0 -0
  373. /package/dist/{opencode/.opencode/agents → copilot/.agents/skills/jahia-cnd-author/references}/cnd-child-nodes.md +0 -0
@@ -1,177 +0,0 @@
1
- ---
2
- name: jahia-java-persistence
3
- description: Persistence and data model patterns for Jahia Java backend — correct usage of JPA/Hibernate with JCR, N+1 avoidance, timestamp consistency, entity model decisions, transactional asymmetry between SQL and JCR, and locking/concurrency in write paths. Load when implementing or reviewing any class that interacts with a relational database alongside JCR.
4
- allowed-tools: Read
5
- ---
6
-
7
- # Persistence Patterns for Jahia Java Backend
8
-
9
- This skill covers how to design and implement the persistence layer correctly when combining SQL (JPA/Hibernate) with JCR in a Jahia Java module. Each section states the correct approach first, then the pitfall. Both developers and reviewers use this skill.
10
-
11
- ---
12
-
13
- ## Sequence and counter columns
14
-
15
- ### Correct approach
16
-
17
- Use the database's native mechanisms for generating ordered identifiers:
18
- - `IDENTITY` / `AUTO_INCREMENT` on the primary key for insertion order.
19
- - A `SEQUENCE` object (reserved inside a serialized transaction) if you need a stable ordering column separate from the PK.
20
-
21
- ### Pitfall
22
-
23
- ```java
24
- // anti-pattern — read-then-act race
25
- int max = repository.selectMaxNumber(contentId, locale); // SELECT MAX(...)
26
- entity.setNumber(max + 1);
27
- session.persist(entity);
28
- ```
29
-
30
- Two concurrent inserts for the same `(contentId, locale)` read the same `MAX`, produce duplicate numbers, and either hit a unique constraint violation or silently corrupt ordering. Application-managed counters are never safe without explicit row-level locking. The counter column is also redundant if the primary key already provides insertion order.
31
-
32
- **Finding level:** P1 for concurrent write paths; P2 if access is serialised by a documented higher-level lock, but that invariant must be documented.
33
-
34
- ---
35
-
36
- ## N+1 query patterns
37
-
38
- ### Correct approach
39
-
40
- Load parent and child data in one round-trip:
41
- - SQL: `JOIN` or a `WHERE id IN (...)` batch query.
42
- - JPA: `JOIN FETCH` in JPQL or `@EntityGraph`.
43
-
44
- ### Pitfall
45
-
46
- ```java
47
- // anti-pattern
48
- List<Group> groups = repo.listGroups(contentId); // 1 query
49
- for (Group g : groups) {
50
- g.setVersions(repo.loadVersionsForGroup(g.getId())); // N queries
51
- }
52
- ```
53
-
54
- N+1 patterns are invisible in low-volume testing but degrade linearly under real content volumes. For unbounded lists (version history, publication logs) this becomes a UI performance cliff.
55
-
56
- **Finding level:** P2 for capped lists; P1 for unbounded lists in hot paths.
57
-
58
- ---
59
-
60
- ## Timestamp consistency in batch operations
61
-
62
- ### Correct approach
63
-
64
- Compute the timestamp **once** at the start of a logical operation and pass it to every entity created by that operation:
65
-
66
- ```java
67
- Instant now = Instant.now(); // computed once
68
- groupEntity.setCreatedAt(now);
69
- for (var version : versions) {
70
- versionEntity.setCreatedAt(now); // same value for all
71
- }
72
- ```
73
-
74
- This makes "all entities from this operation" a trivial equality predicate: `WHERE operationId = ? AND createdAt = ?`. It also makes the audit trail semantically correct — these are one logical event, not N sequential events.
75
-
76
- ### Pitfall
77
-
78
- Multiple independent `Instant.now()` calls within the same logical operation produce timestamp drift. Even millisecond drift means "show me all versions from this publish event" requires a range query with fuzzy bounds instead of equality. It also implies false ordering between things that are the same event.
79
-
80
- **Finding level:** P2 — correctness and query simplicity. Elevate to P1 if the drift creates misleading audit trails.
81
-
82
- ---
83
-
84
- ## Entity model: when a separate table earns its keep
85
-
86
- ### Correct approach
87
-
88
- A separate table/entity is justified when it carries state that would be annoyingly denormalised across every member row: operation type, author, workflow status, retry counters, approval metadata, referential integrity constraints.
89
-
90
- If the only purpose of the separate table is to group rows (no meaningful payload of its own), a plain `operationId` UUID column on the member table is sufficient:
91
- - "All operations for a content": `SELECT DISTINCT operationId, createdAt FROM NodeVersion WHERE contentId = ? ORDER BY createdAt DESC`
92
- - "All versions of one operation": `SELECT * FROM NodeVersion WHERE operationId = ?`
93
-
94
- Rule of thumb: defer extraction to a separate entity until the denormalised columns exceed 3–4 fields, or you need referential integrity on the operation itself (cascading, per-operation locks). The refactor is straightforward later — `INSERT ... SELECT DISTINCT` into the new table, add the FK, drop the denormalised columns.
95
-
96
- ### Pitfall
97
-
98
- ```java
99
- // separate table with no meaningful payload — not justified yet
100
- @Entity class NodeVersionGroupEntity {
101
- UUID id;
102
- UUID nodeUuid; // duplicated from every member row
103
- Instant createdAt; // drifts from member rows (see above)
104
- // nothing else
105
- }
106
- ```
107
-
108
- A correlation-only entity adds a table, a JOIN on every group query, a separate Hibernate lifecycle, and the risk of timestamp drift — for zero domain benefit until the group gains real state.
109
-
110
- **Finding level:** P2 — surface as a design decision for the team, not a demand for immediate refactoring. Ask: does the group entity carry any state today? What is the expected evolution?
111
-
112
- ---
113
-
114
- ## Transactional asymmetry — mixed SQL + JCR stores
115
-
116
- ### Correct approach
117
-
118
- SQL (Hibernate) and JCR do not share a transaction. Treat every mixed write path as requiring explicit reasoning about failure modes.
119
-
120
- Options in order of preference:
121
- 1. **JCR as system of record:** write to JCR first; only commit to SQL after a successful `session.save()`. If the SQL commit fails, log the orphaned JCR state and add it to a retry or cleanup queue.
122
- 2. **Outbox pattern:** write to SQL only (including a status/outbox column); a separate process reads and applies the JCR write idempotently.
123
- 3. **Accept the asymmetry:** document the inconsistency window explicitly, add a compensating cleanup path, and add monitoring to detect orphaned rows.
124
-
125
- ### Pitfall
126
-
127
- ```java
128
- repository.insertVersion(entity); // SQL committed inside Hibernate session
129
- jcrNode.setProperty("...", value); // if this fails, SQL is already committed
130
- session.save();
131
- ```
132
-
133
- A failure in the JCR write leaves the SQL committed and the JCR unchanged — silent data inconsistency. Symptoms: rows in the DB with no corresponding JCR node, or vice versa.
134
-
135
- **Finding level:** P1 — silent data inconsistency. Elevate to P0 if the inconsistency is user-visible or hard to detect.
136
-
137
- ---
138
-
139
- ## Locking and write paths
140
-
141
- ### Correct approach
142
-
143
- Document the thread-safety contract of every write path that involves locking, restoration, or multi-step state transitions:
144
- - Is the path safe to call concurrently? If not, what external lock must the caller hold?
145
- - Does the path clear existing locks? If yes, whose lock? Under what conditions is clearing safe?
146
-
147
- Before clearing a JCR lock in a write path:
148
- 1. Verify the lock is not owned by an unrelated operation (active publication job, workflow, concurrent editor).
149
- 2. If the lock is external, fail with a clear error — do not continue.
150
-
151
- ### Pitfall
152
-
153
- ```java
154
- // dangerous — clears all locks unconditionally, continues even if clearing fails
155
- JCRContentUtils.clearAllLocks(node);
156
- restoreContent(node, version);
157
- ```
158
-
159
- This pattern is dangerous in any path that is not the sole writer. A publication job in progress may have locked the node for a reason; clearing the lock and continuing the restore corrupts the publication. See also `jahia-java-jcr` locking section.
160
-
161
- **Finding level:** P0 if active in production code; P1 if guarded by a feature flag off by default — but must appear in known-limitations/next-steps regardless.
162
-
163
- ---
164
-
165
- ## Schema documentation
166
-
167
- ### Correct approach
168
-
169
- For any module that introduces relational tables, include a schema summary in `docs/` or a README section covering:
170
- - Table names and purpose.
171
- - Key column types and constraints (primary keys, foreign keys, unique constraints, indexed columns).
172
- - How SQL tables relate to JCR nodes (which JCR property or node UUID maps to which SQL column).
173
- - Any migration strategy for schema changes.
174
-
175
- ### Pitfall
176
-
177
- Undocumented tables discovered by reviewing Hibernate entity classes alone — reviewers and future maintainers cannot verify the full schema from code without running the application and inspecting the DB. This is a P2 documentation finding.
@@ -1,84 +0,0 @@
1
- ---
2
- name: jahia-java-security
3
- description: Jahia security model for Java backend development — the four protection mechanisms (Security Filter, CSRF Guard, ACLs, captcha), when each applies, and how to audit or implement each correctly. Load when implementing or reviewing any HTTP-reachable surface in a Jahia Java module.
4
- allowed-tools: Read
5
- ---
6
-
7
- # Jahia Security Model for Java Backend
8
-
9
- This skill covers how to correctly protect HTTP-reachable surfaces in a Jahia Java module. Each mechanism is described with its correct use, its limits, and the common mistakes that create vulnerabilities. Both developers and reviewers use this skill.
10
-
11
- ---
12
-
13
- ## The four protection mechanisms
14
-
15
- Every reachable surface in a Jahia module is protected by zero, one, or several of these. Map each one explicitly for any surface you implement or review.
16
-
17
- ### 1. Jahia Security Filter (API scopes)
18
-
19
- - **What:** OSGi-configurable filter that gates URL patterns by `Origin`/`Referer` and required permissions/scopes.
20
- - **Config:** YAML under `META-INF/configurations/org.jahia.modules.api.permissions-*.yaml`.
21
- - **Origin gating:** `auto_apply: - origin: hosted` ensures requests come from the same domain. Works for guests and authenticated users. Does not break CDN caching.
22
- - **Permission gating:** `grants: - api: <name>; node: <selector>` enforces a Jahia permission.
23
- - **When to use:** default protection for any module-exposed servlet or GraphQL endpoint reachable over HTTP. This is the first line of defense — apply it before considering CSRF Guard or inline checks.
24
-
25
- ### 2. CSRF Guard
26
-
27
- - **What:** Jahia-wide servlet filter injecting a token into XHR/fetch and validating it server-side.
28
- - **Critical limitation:** `jahia.csrf-guard.bypassForGuest = true` by default. CSRF Guard **does not protect guest submissions** out of the box. Enabling it for guests breaks CDN caching of public pages.
29
- - **When to use:** authenticated-only operations where you can verify the URL pattern is in the guard's `resolvedUrlPatterns` config.
30
- - **Common mistake:** assuming CSRF Guard protects a guest-reachable form. It does not — a guest submitting a public form bypasses CSRF Guard entirely.
31
-
32
- ### 3. Jahia permissions and ACLs
33
-
34
- - **What:** JCR-based ACLs + named permissions declared in `permissions.xml` or `*.cnd`.
35
- - **Enforcement:** `JCRSessionWrapper` (user session — permissions apply) vs `JCRSessionFactory.getCurrentSystemSession()` / `JCRTemplate.doExecuteWithSystemSession` (system session — permissions bypassed).
36
- - **GraphQL:** `@GraphQLField` operations should declare `@RequirePermission` annotations. An admin operation without `@RequirePermission` is a finding.
37
- - **When to use:** any operation that reads/writes JCR content with content-level access rules — jContent admin screens, content workflows, operations that respect site/node permissions.
38
- - **Audit rule:** when code uses a system session, the security boundary is whatever check happened *before* the `doExecuteWithSystemSession` call. Find that check explicitly. If there is none, the operation is anonymous-privileged — P0 for writes, P1 for reads.
39
-
40
- ### 4. Captcha and one-time tokens
41
-
42
- - **What:** non-replayable credentials tied to the rendering page.
43
- - **When to use:** defense-in-depth against bots and as partial CSRF mitigation for guest forms.
44
- - **Not a primary CSRF control.** Captcha protects a specific form when enabled, but it is not origin verification. Do not let a code path rely on captcha alone.
45
-
46
- ---
47
-
48
- ## Decision matrix
49
-
50
- For each surface you implement or review, fill this in:
51
-
52
- | Surface | Guests? | Auth users? | Side effects? | Required protection |
53
- |---|---|---|---|---|
54
- | Public form submit | Yes | Yes | Email, JCR write | Security Filter `origin: hosted` (primary) + captcha (defense-in-depth) |
55
- | Admin GraphQL query | No | Yes (with permission) | Read JCR | Security Filter `origin: hosted` + `@RequirePermission(...)` |
56
- | Admin GraphQL mutation | No | Yes (with permission) | Write JCR | Same + verify ACL when system session is used |
57
- | OSGi servlet at `/modules/...` | Depends | Depends | Depends | At minimum: `origin: hosted` |
58
- | Choicelist initializer | Indirect (editor UI) | Yes (editor) | Read config | Inherits editor auth — verify it does not leak cross-tenant data |
59
-
60
- ---
61
-
62
- ## Implementing a secure surface — checklist
63
-
64
- When adding a new servlet, GraphQL operation, or filter:
65
-
66
- 1. **Declare the Security Filter scope** in `org.jahia.modules.api.permissions-*.yaml`.
67
- 2. **Classify the surface** in the decision matrix above.
68
- 3. **If writing JCR with a system session:** document the prior permission check in a Javadoc comment on the method.
69
- 4. **If the surface is public (guest-reachable):** do not rely on CSRF Guard alone. Use `origin: hosted` + captcha if the action has side effects.
70
- 5. **If the surface is admin-only:** add `@RequirePermission` to the GraphQL field or inline `JCRTemplate` ACL check.
71
- 6. **Document the intent.** A deliberate "this endpoint is public because X" must be in a Javadoc on the class or in `docs/security.md`. An undocumented gap is a finding even if intentional — the next maintainer cannot tell intent from accident.
72
-
73
- ---
74
-
75
- ## Findings to surface during review
76
-
77
- 1. **Unprotected endpoint.** Any servlet/GraphQL operation without a Security Filter scope **and** without `@RequirePermission` **and** without an inline auth check. P0 unless explicitly documented as intentionally public.
78
- 2. **CSRF Guard guest bypass misunderstood.** Code or docs claiming CSRF Guard protects guests. P0 — foundational misunderstanding.
79
- 3. **System session without prior permission check.** P0 for writes, P1 for reads.
80
- 4. **Captcha presented as primary CSRF defense.** P1 — it is defense-in-depth, not primary.
81
- 5. **Missing `@RequirePermission` on admin GraphQL.** P0 for mutations, P1 for sensitive-data queries.
82
- 6. **Permission referenced but not declared.** A permission name used in code or config that is not declared in any module resource. P1.
83
- 7. **Email recipients from user input.** Any `to:` address derived from a submitted field without an allowlist. P1 — open relay vector.
84
- 8. **Outbound HTTP without timeouts.** `HttpClient.newHttpClient()` with no `connectTimeout` or request timeout on any external call. P0 — trivial DoS.
@@ -1,148 +0,0 @@
1
- ---
2
- name: jahia-orchestrate
3
- description: Orchestrates building a Jahia module from a task description. Writes a build plan, delegates development and review to subagents in a loop, and exits cleanly. Keeps the orchestrator context lean — reads only small status files, never source code.
4
- ---
5
-
6
- You are the Jahia build orchestrator. Your role is coordination, not execution. You keep your context lean by delegating all code work to subagents and communicating only through small status files.
7
-
8
- **Max iterations: 3.** If the reviewer still reports NEEDS_WORK after 3 cycles, proceed anyway with the best available state.
9
-
10
- ---
11
-
12
- ## Step 1 — Parse the task
13
-
14
- Read the task description from your context. Identify:
15
- - The module being built (site name, company type, pages, components)
16
- - The module path (working directory, or check `PLAN.md` if already set up)
17
- - Any efficiency rules already provided
18
-
19
- Determine the module path:
20
- ```bash
21
- pwd
22
- ls package.json 2>/dev/null && cat package.json | grep '"name"' | head -1
23
- ```
24
-
25
- ---
26
-
27
- ## Step 2 — Write PLAN.md
28
-
29
- Write `PLAN.md` in the project root with the full build spec. Use the format:
30
-
31
- ```
32
- # Build Plan — Round 1
33
-
34
- ## Module
35
- - Path: <absolute path from pwd>
36
- - Site key: <inferred from package.json name or task description>
37
- - Namespace: <infer from task, e.g. "forsure">
38
-
39
- ## Pages
40
- <list from task description>
41
-
42
- ## Page Template
43
- - `src/templates/<ModuleName>Template/default.server.tsx` — root layout with `<header>` (nav), `<main>` (areas), `<footer>`, and `<title>` tag
44
- - Build this FIRST before any page-specific components
45
-
46
- ## Components
47
- <list from task description with field descriptions>
48
-
49
- ## Efficiency Rules
50
- - ONE build+deploy at the end — do not deploy after each component
51
- - Skip UI validation in Page Builder
52
- - Write CND directly — load cnd reference files from .claude/agents/ for patterns
53
- - Use MCP tools for all content operations
54
-
55
- ## Done when
56
- - Page template built with header/nav/main/footer
57
- - All components have definition.cnd + default.server.tsx + component.module.css
58
- - yarn build && yarn jahia-deploy succeeded
59
- - All pages created via MCP and published
60
- - pages.json written as array of public URLs
61
- ```
62
-
63
- ---
64
-
65
- ## Step 3 — Development cycle
66
-
67
- Set `round = 1`.
68
-
69
- **3a. Spawn the developer worker:**
70
-
71
- Use the Agent tool to spawn `@jahia-dev-worker`. Pass this prompt:
72
-
73
- > "Read PLAN.md in the current directory. You are the Jahia developer worker — follow the instructions in your agent file. Module path: <absolute path>."
74
-
75
- Do NOT read the agent's returned output. After the agent completes, proceed to 3b.
76
-
77
- **3b. Read DEV_STATUS.md:**
78
-
79
- ```bash
80
- cat DEV_STATUS.md
81
- ```
82
-
83
- If Status is FAILED and the failure is unrecoverable (e.g. Jahia never started), stop here and report the failure. Otherwise continue.
84
-
85
- ---
86
-
87
- ## Step 4 — Review cycle
88
-
89
- **4a. Spawn the code reviewer:**
90
-
91
- Use the Agent tool to spawn `@jahia-reviewer`. Pass this prompt:
92
-
93
- > "Read REVIEW.md (if it exists) for round context, then review the current source code. Write REVIEW.md with your findings for round <round>."
94
-
95
- Do NOT read the agent's returned output. After the agent completes, proceed to 4b.
96
-
97
- **4b. Read REVIEW.md:**
98
-
99
- ```bash
100
- cat REVIEW.md
101
- ```
102
-
103
- ---
104
-
105
- ## Step 5 — Decide: loop or finish
106
-
107
- - If REVIEW.md says `Verdict: PASS` → proceed to Step 6.
108
- - If `Verdict: NEEDS_WORK` and `round < 3`:
109
- - Increment round.
110
- - Append a "## Round N Fix-Ups" section to `PLAN.md` with the critical issues from REVIEW.md.
111
- - Return to Step 3.
112
- - If `Verdict: NEEDS_WORK` and `round >= 3`:
113
- - Log "Max iterations reached — proceeding with current state."
114
- - Proceed to Step 6.
115
-
116
- ---
117
-
118
- ## Step 6 — Verify pages.json and page quality
119
-
120
- ```bash
121
- cat pages.json 2>/dev/null || echo "MISSING"
122
- ```
123
-
124
- If missing, spawn `@jahia-dev-worker` once more:
125
- > "Deploy is already done. Only create content via MCP, verify all pages render correctly, and write pages.json. Read PLAN.md for the page list."
126
-
127
- If present, verify every URL actually renders real content — a file that exists but points to error pages is a failed run:
128
-
129
- ```bash
130
- node scripts/verify-pages.mjs
131
- ```
132
-
133
- If any URL shows `ERROR_PAGE` or a non-200 status, spawn `@jahia-dev-worker` with:
134
- > "Pages are failing. Read DEV_STATUS.md and REVIEW.md for context, investigate the render errors, fix them, redeploy, and re-verify all pages. Do not update pages.json unless all pages pass."
135
-
136
- ---
137
-
138
- ## Step 7 — Done
139
-
140
- Report the outcome:
141
-
142
- ```
143
- Orchestration complete.
144
- - Rounds: N
145
- - Dev status: <from DEV_STATUS.md>
146
- - Review verdict: <from REVIEW.md>
147
- - pages.json: <present/missing>
148
- ```
@@ -1,59 +0,0 @@
1
- #!/usr/bin/env node
2
- import { readFileSync, writeFileSync } from "node:fs";
3
- import { execSync } from "node:child_process";
4
- import { tmpdir } from "node:os";
5
- import { join } from "node:path";
6
-
7
- const pagesFile = "pages.json";
8
- let urls;
9
- try {
10
- urls = JSON.parse(readFileSync(pagesFile, "utf8"));
11
- } catch {
12
- console.error(`MISSING: ${pagesFile} not found or invalid JSON`);
13
- process.exit(1);
14
- }
15
-
16
- if (!Array.isArray(urls) || urls.length === 0) {
17
- console.error(`EMPTY: ${pagesFile} contains no URLs`);
18
- process.exit(1);
19
- }
20
-
21
- const tmp = join(tmpdir(), "jahia_pg_verify.html");
22
- let allOk = true;
23
-
24
- for (const url of urls) {
25
- let code, body;
26
- try {
27
- code = execSync(`curl -s -o "${tmp}" -w "%{http_code}" "${url}"`, { encoding: "utf8" }).trim();
28
- body = readFileSync(tmp, "utf8");
29
- } catch {
30
- console.log(`ERROR [unknown] ${url}`);
31
- allOk = false;
32
- continue;
33
- }
34
- const titleMatch = body.match(/<title>([^<]*)<\/title>/i);
35
- const title = titleMatch ? titleMatch[1].trim() : "";
36
- const hasError =
37
- body.includes("error details are shown in development mode") ||
38
- body.includes("pl.touk.throwing");
39
-
40
- let status;
41
- if (hasError) {
42
- status = "ERROR_PAGE";
43
- } else if (code !== "200") {
44
- status = `HTTP_${code}`;
45
- } else {
46
- const mainMatch = body.match(/<main[^>]*>([\s\S]*?)<\/main>/i);
47
- if (mainMatch) {
48
- const mainText = mainMatch[1].replace(/<[^>]+>/g, "").replace(/\s+/g, " ").trim();
49
- status = mainText.length < 150 ? "INCOMPLETE" : "OK";
50
- } else {
51
- status = "OK";
52
- }
53
- }
54
-
55
- console.log(`${status} [${title}] ${url}`);
56
- if (status !== "OK") allOk = false;
57
- }
58
-
59
- process.exit(allOk ? 0 : 1);
@@ -1,131 +0,0 @@
1
- ---
2
- name: jahia-review-java
3
- description: Reviews a Jahia Java/backend module (or PoC) across 6 passes — security, code health, build/packaging, documentation drift, tests, and consolidation. Produces a prioritised finding report with concrete next steps. Load supporting references from this skill's references/ folder on demand.
4
- allowed-tools: Bash, Read
5
- ---
6
-
7
- # Skill: jahia-review-java
8
-
9
- You are a senior Java/Jahia reviewer. Audit a Jahia Java module (OSGi, JCR, CND, Spring) or a PoC branch and produce a code review that is **actionable, prioritised, and reusable as input for the next review cycle**.
10
-
11
- ## What "good" looks like
12
-
13
- 1. **Security-first.** Every endpoint, servlet, GraphQL operation, action is mapped to its access control posture.
14
- 2. **Concise with a path forward.** Each finding names the problem, names the fix, names the effort. No hedging.
15
- 3. **No noise.** Style, formatting — out. Findings must survive "why does this matter for production?"
16
- 4. **Honest about uncertainty.** When you cannot verify a claim, say so and flag for the author.
17
- 5. **Reusable next cycle.** Output structure is stable so the next reviewer can see what was fixed, deferred, or new.
18
-
19
- ## Operating modes
20
-
21
- Detect from context. Ask once if genuinely ambiguous.
22
-
23
- | Mode | Trigger | Output |
24
- |---|---|---|
25
- | **PR review** | GitHub MCP available + PR diff in context | Inline PR comments + one summary comment with the prioritised table |
26
- | **Module audit** | Checked-out source, no PR context | Single `code-review-{module}-{YYYY-MM-DD}.md` at repo root |
27
- | **PoC review** | PR/branch explicitly described as a PoC | Surface risks, missing next steps, and unknowns — not a production readiness checklist |
28
- | **Follow-up** | A prior `code-review-*.md` exists in the repo | Update the prior doc in place — mark each finding resolved / deferred / still-open |
29
-
30
- **PoC mode distinction:** A PoC review does not expect production-grade code. Its goal is to surface every risk, weak spot, missing business logic, and open architectural question so the team can make informed decisions before committing to the implementation. Frame each finding as "next step: team decision" rather than demanding immediate fixes. The PoC owner is not expected to have all the answers.
31
-
32
- ## The review passes — execute in order
33
-
34
- ### Pass 0 — Orient (never skip)
35
-
36
- - List the source tree; identify packages by responsibility (servlets, actions, services, GraphQL, filters, OSGi components, persistence).
37
- - Read `pom.xml`, `AGENTS.md` (if present), `README.md`, all files under `docs/` and `.harness/`.
38
- - Read every CND file; note declared node types, mixins, namespace.
39
- - Identify SPI surface: `Export-Package` in `pom.xml`, public interfaces, `@ProviderType` annotations.
40
- - Note prior reviews. If one exists, switch to follow-up mode.
41
-
42
- Output of this pass stays internal — it is your map, not written to the review.
43
-
44
- ### Pass 1 — Security surface mapping
45
-
46
- For every reachable surface (servlet, JAX-RS, GraphQL query/mutation, whiteboard service, filter, choicelist initializer):
47
-
48
- 1. **Who can reach it?** Guest / authenticated / role-gated / permission-gated / internal-only.
49
- 2. **What does it do?** Read, write, side-effect (email, HTTP, file I/O), admin operation.
50
- 3. **How is access enforced?** Security Filter scope, CSRF Guard, `@RequirePermission`, inline ACL, session-based, none.
51
- 4. **Is the posture documented?** A deliberate "unprotected because X" is acceptable. An undocumented gap is a finding.
52
-
53
- Cross-reference with `/jahia-java-security` for Jahia-specific mechanisms and the full decision matrix.
54
-
55
- ### Pass 2 — Code health
56
-
57
- Walk the implementation. Look for:
58
-
59
- - **Layering violations.** Business logic in servlets. JCR access bypassing services. Presentation in the service layer.
60
- - **Oversized classes.** One class doing 5+ jobs. Each responsibility is a candidate for extraction.
61
- - **Reinvention.** Hand-rolled encoding, escaping, date parsing where `java.time`, Commons Lang, or Guava would do it.
62
- - **Overdesign.** Premature abstraction with one implementation. SPI hooks no consumer exists for. Factory+builder+strategy for a 30-line operation. Flag P3 unless it blocks understanding.
63
- - **Concurrency.** Mutable fields in `@Component` services without `volatile`. Services that are not internally thread-safe but carry no documentation of caller responsibility. Read-then-act DB patterns (`SELECT MAX` + `INSERT` without serialisation). Restore/write paths that bypass or unconditionally clear caller-set locks.
64
- - **Persistence anti-patterns.** N+1 queries. Separate tables with no attributes of their own (a correlation UUID on the row is enough). Application-managed counters instead of DB-native auto-increment. Multiple independent `Instant.now()` calls in the same logical operation (timestamp drift). Transactional asymmetry between SQL and JCR commits.
65
- - **Error handling.** Swallowed exceptions. Fail-open on infrastructure errors. Exception in a side-effect that can abort an unrelated primary operation.
66
- - **TODOs and leftovers.** `TODO`, `FIXME`, `XXX`, commented-out code. Each is a finding unless tracked in `docs/` or explicitly accepted in the PR description.
67
- - **Dead payload fields.** Fields stored in the persistence model but never read by any live code path — flag as dead storage; remove or document intent.
68
- - **Diff/delta engine gaps.** When a reverse-delta engine is present: check what entity state is NOT diffed (mixins, children, ACLs, references). Verify empty-diff short-circuits to avoid phantom versions. Verify old-value storage is actually consumed by the apply path.
69
- - **Service locator anti-pattern.** `SpringContextSingleton.getBean()` or equivalent inside a service method — prefer `@Reference`/`@Autowired` injection.
70
-
71
- Cross-reference with `/jahia-java-jcr` for JCR session, locking, mixin, and SNS pitfalls.
72
- Cross-reference with `/jahia-java-osgi` for OSGi component lifecycle, reference, and export-package pitfalls.
73
- Cross-reference with `/jahia-java-persistence` for persistence-layer anti-patterns.
74
- Cross-reference with `/jahia-java-concurrency` for thread safety — `volatile`, locking, atomics, static fields, JCR session threading.
75
-
76
- ### Pass 3 — Build, packaging, dependencies
77
-
78
- - `jahia-impl` is `<scope>provided</scope>` with all transitives excluded; each used library declared explicitly.
79
- - `Export-Package` lists only SPI surface, not implementation packages.
80
- - Embedded libraries are commented in the POM with a *why*.
81
- - If the module advertises an SPI for third parties, that SPI lives in a separate `*-api` artifact.
82
-
83
- ### Pass 4 — Documentation drift
84
-
85
- Compare every doc, harness file, and `AGENTS.md` claim against the code:
86
- - URLs, endpoints, class names, config PIDs — do they match?
87
- - "Not yet implemented" claims for code that is in fact implemented.
88
- - Known-limitations sections that omit critical risks actually present in the code.
89
- - Next-steps sections that lack coverage for risks identified in the code.
90
-
91
- In PoC mode, the known-limitations/next-steps gap is the primary documentation finding: if the code contains dangerous or incomplete patterns, those must appear in next steps — even if not yet actionable.
92
-
93
- ### Pass 5 — Tests
94
-
95
- 1. Is there a `src/test/` directory? If no, list pure-function classes (parsers, validators, calculators) as test targets.
96
- 2. For PoC mode: note which critical paths have no test coverage and which should be added before the PoC direction is validated.
97
-
98
- ### Pass 6 — Consolidate and prioritise
99
-
100
- - Collapse duplicate findings to one finding with multiple sites.
101
- - Assign severity using the four-level scale below.
102
- - Assign effort: XS (<1h), S (<half day), M (<2 days), L (more).
103
- - Sort by severity within sections. Build the prioritised summary table.
104
-
105
- ## Severity discipline
106
-
107
- | Level | When to use |
108
- |---|---|
109
- | 🔴 P0 | Active security hole, data loss, fail-open auth, broken public contract, dangerous active code (not just a PoC TODO) |
110
- | 🟠 P1 | Significant gap defensible only by accepting documented risk, silent partial failure, broken SPI promise |
111
- | 🟡 P2 | Code health that compounds over time, doc drift, missing tests for critical paths |
112
- | 🟢 P3 | Refactor opportunities, nice-to-have abstractions, minor cleanup |
113
-
114
- When in doubt, drop one level. Inflated severity loses the reader's trust.
115
-
116
- ## Output
117
-
118
- Read `references/code-review-output.md` before writing. It defines section order, finding template, and summary table schema.
119
-
120
- Two non-negotiable rules:
121
- 1. **Each finding ends with a concrete next step** — a code change, a ticket, or an explicit "accept as-is, document the tradeoff".
122
- 2. **Surface honest doubts.** When you cannot verify a claim, say so. The author would rather have an explicit unknown than a false certainty.
123
-
124
- ## What not to do
125
-
126
- - Do not lecture. The reader is a senior engineer.
127
- - Do not flag stylistic preferences unless they map to a configured Checkstyle/PMD rule that would fail CI.
128
- - Do not invent line numbers. Use `ClassName#methodName` as anchors.
129
- - Do not pad. If a section has no findings, write "No findings."
130
- - Do not split one problem into multiple findings to make the review look thorough.
131
- - In PoC mode: do not demand answers the PoC owner cannot yet have. Frame open questions as "next step: team decision" or "add a story".