@jahia/agentic 0.4.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (373) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/dist/claude/.claude/rules/jahia.md +1 -37
  3. package/dist/claude/.claude/skills/jahia-cnd-author/SKILL.md +94 -0
  4. package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  5. package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  6. package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  7. package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  8. package/dist/{opencode/.opencode/agents → claude/.claude/skills/jahia-cnd-author/references}/cnd-numbers-dates.md +32 -1
  9. package/dist/{opencode/.opencode/agents → claude/.claude/skills/jahia-cnd-author/references}/cnd-string-selectors.md +49 -10
  10. package/dist/claude/.claude/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  11. package/dist/claude/.claude/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  12. package/dist/claude/.claude/skills/jahia-dev-accessibility/SKILL.md +5 -265
  13. package/dist/claude/.claude/skills/jahia-dev-build-component/SKILL.md +13 -8
  14. package/dist/claude/CLAUDE.md +2 -38
  15. package/dist/codex/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
  16. package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  17. package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  18. package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  19. package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  20. package/dist/{claude/.claude/agents → codex/.agents/skills/jahia-cnd-author/references}/cnd-numbers-dates.md +32 -1
  21. package/dist/{cursor/.cursor/agents → codex/.agents/skills/jahia-cnd-author/references}/cnd-string-selectors.md +49 -10
  22. package/dist/codex/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  23. package/dist/codex/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  24. package/dist/codex/.agents/skills/jahia-dev-accessibility/SKILL.md +5 -265
  25. package/dist/codex/.agents/skills/jahia-dev-build-component/SKILL.md +13 -8
  26. package/dist/codex/AGENTS.md +2 -38
  27. package/dist/copilot/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
  28. package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  29. package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  30. package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  31. package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  32. package/dist/{cursor/.cursor/agents → copilot/.agents/skills/jahia-cnd-author/references}/cnd-numbers-dates.md +32 -1
  33. package/dist/{claude/.claude/agents → copilot/.agents/skills/jahia-cnd-author/references}/cnd-string-selectors.md +49 -10
  34. package/dist/copilot/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  35. package/dist/copilot/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  36. package/dist/copilot/.agents/skills/jahia-dev-accessibility/SKILL.md +5 -265
  37. package/dist/copilot/.agents/skills/jahia-dev-build-component/SKILL.md +13 -8
  38. package/dist/copilot/AGENTS.md +2 -38
  39. package/dist/cursor/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
  40. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  41. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  42. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
  43. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  44. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  45. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
  46. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
  47. package/dist/cursor/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  48. package/dist/cursor/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  49. package/dist/cursor/.agents/skills/jahia-dev-accessibility/SKILL.md +5 -265
  50. package/dist/cursor/.agents/skills/jahia-dev-build-component/SKILL.md +13 -8
  51. package/dist/cursor/.cursor/rules/jahia.mdc +1 -37
  52. package/dist/gemini/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
  53. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  54. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  55. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
  56. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  57. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  58. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
  59. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
  60. package/dist/gemini/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  61. package/dist/gemini/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  62. package/dist/gemini/.agents/skills/jahia-dev-accessibility/SKILL.md +5 -265
  63. package/dist/gemini/.agents/skills/jahia-dev-build-component/SKILL.md +13 -8
  64. package/dist/gemini/AGENTS.md +2 -38
  65. package/dist/opencode/.agents/skills/jahia-cnd-author/SKILL.md +94 -0
  66. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  67. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  68. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
  69. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  70. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  71. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
  72. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
  73. package/dist/opencode/.agents/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  74. package/dist/opencode/.agents/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  75. package/dist/opencode/.agents/skills/jahia-dev-accessibility/SKILL.md +5 -265
  76. package/dist/opencode/.agents/skills/jahia-dev-build-component/SKILL.md +13 -8
  77. package/dist/opencode/AGENTS.md +2 -38
  78. package/dist/windsurf/.windsurf/rules/jahia.md +1 -37
  79. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/SKILL.md +94 -0
  80. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-area-types.md +55 -0
  81. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-authoring-experience.md +92 -0
  82. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-child-nodes.md +74 -0
  83. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-jahia-mixins.md +510 -0
  84. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-modeling-decisions.md +87 -0
  85. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-numbers-dates.md +92 -0
  86. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-string-selectors.md +133 -0
  87. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/cnd-syntax.md +119 -0
  88. package/dist/windsurf/.windsurf/skills/jahia-cnd-author/references/types-ts-mapping.md +73 -0
  89. package/dist/windsurf/.windsurf/skills/jahia-dev-accessibility/SKILL.md +5 -265
  90. package/dist/windsurf/.windsurf/skills/jahia-dev-build-component/SKILL.md +13 -8
  91. package/dist/windsurf/AGENTS.md +2 -38
  92. package/package.json +1 -1
  93. package/dist/claude/.claude/agents/cnd-jahia-mixins.md +0 -113
  94. package/dist/claude/.claude/agents/jahia-cnd-author.md +0 -130
  95. package/dist/claude/.claude/agents/jahia-dev-worker.md +0 -264
  96. package/dist/claude/.claude/agents/jahia-reviewer.md +0 -105
  97. package/dist/claude/.claude/skills/jahia/SKILL.md +0 -148
  98. package/dist/claude/.claude/skills/jahia-content/SKILL.md +0 -157
  99. package/dist/claude/.claude/skills/jahia-content-create-content/SKILL.md +0 -359
  100. package/dist/claude/.claude/skills/jahia-content-explore-structure/SKILL.md +0 -255
  101. package/dist/claude/.claude/skills/jahia-content-media-upload/SKILL.md +0 -197
  102. package/dist/claude/.claude/skills/jahia-content-move-content/SKILL.md +0 -231
  103. package/dist/claude/.claude/skills/jahia-content-organize/SKILL.md +0 -209
  104. package/dist/claude/.claude/skills/jahia-content-publish/SKILL.md +0 -181
  105. package/dist/claude/.claude/skills/jahia-content-query-content/SKILL.md +0 -174
  106. package/dist/claude/.claude/skills/jahia-content-translate-content/SKILL.md +0 -226
  107. package/dist/claude/.claude/skills/jahia-dev/SKILL.md +0 -124
  108. package/dist/claude/.claude/skills/jahia-dev-apis/SKILL.md +0 -52
  109. package/dist/claude/.claude/skills/jahia-dev-apis/references/authentication.md +0 -484
  110. package/dist/claude/.claude/skills/jahia-dev-apis/references/graphql.md +0 -657
  111. package/dist/claude/.claude/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  112. package/dist/claude/.claude/skills/jahia-dev-apis/references/security.md +0 -541
  113. package/dist/claude/.claude/skills/jahia-dev-cypress/SKILL.md +0 -265
  114. package/dist/claude/.claude/skills/jahia-dev-define-content-type/SKILL.md +0 -93
  115. package/dist/claude/.claude/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
  116. package/dist/claude/.claude/skills/jahia-dev-java/SKILL.md +0 -110
  117. package/dist/claude/.claude/skills/jahia-dev-java/references/backend.md +0 -331
  118. package/dist/claude/.claude/skills/jahia-dev-java/references/content-types.md +0 -273
  119. package/dist/claude/.claude/skills/jahia-dev-java/references/modules.md +0 -218
  120. package/dist/claude/.claude/skills/jahia-dev-java/references/osgi.md +0 -208
  121. package/dist/claude/.claude/skills/jahia-dev-java/references/rendering.md +0 -191
  122. package/dist/claude/.claude/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  123. package/dist/claude/.claude/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  124. package/dist/claude/.claude/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  125. package/dist/claude/.claude/skills/jahia-java-concurrency/SKILL.md +0 -308
  126. package/dist/claude/.claude/skills/jahia-java-jcr/SKILL.md +0 -153
  127. package/dist/claude/.claude/skills/jahia-java-osgi/SKILL.md +0 -134
  128. package/dist/claude/.claude/skills/jahia-java-persistence/SKILL.md +0 -177
  129. package/dist/claude/.claude/skills/jahia-java-security/SKILL.md +0 -84
  130. package/dist/claude/.claude/skills/jahia-orchestrate/SKILL.md +0 -148
  131. package/dist/claude/.claude/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
  132. package/dist/claude/.claude/skills/jahia-review-java/SKILL.md +0 -131
  133. package/dist/claude/.claude/skills/jahia-review-java/references/code-review-output.md +0 -121
  134. package/dist/codex/.agents/skills/jahia/SKILL.md +0 -148
  135. package/dist/codex/.agents/skills/jahia-content/SKILL.md +0 -157
  136. package/dist/codex/.agents/skills/jahia-content-create-content/SKILL.md +0 -359
  137. package/dist/codex/.agents/skills/jahia-content-explore-structure/SKILL.md +0 -255
  138. package/dist/codex/.agents/skills/jahia-content-media-upload/SKILL.md +0 -197
  139. package/dist/codex/.agents/skills/jahia-content-move-content/SKILL.md +0 -231
  140. package/dist/codex/.agents/skills/jahia-content-organize/SKILL.md +0 -209
  141. package/dist/codex/.agents/skills/jahia-content-publish/SKILL.md +0 -181
  142. package/dist/codex/.agents/skills/jahia-content-query-content/SKILL.md +0 -174
  143. package/dist/codex/.agents/skills/jahia-content-translate-content/SKILL.md +0 -226
  144. package/dist/codex/.agents/skills/jahia-dev/SKILL.md +0 -124
  145. package/dist/codex/.agents/skills/jahia-dev-apis/SKILL.md +0 -52
  146. package/dist/codex/.agents/skills/jahia-dev-apis/references/authentication.md +0 -484
  147. package/dist/codex/.agents/skills/jahia-dev-apis/references/graphql.md +0 -657
  148. package/dist/codex/.agents/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  149. package/dist/codex/.agents/skills/jahia-dev-apis/references/security.md +0 -541
  150. package/dist/codex/.agents/skills/jahia-dev-cypress/SKILL.md +0 -265
  151. package/dist/codex/.agents/skills/jahia-dev-define-content-type/SKILL.md +0 -93
  152. package/dist/codex/.agents/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
  153. package/dist/codex/.agents/skills/jahia-dev-java/SKILL.md +0 -110
  154. package/dist/codex/.agents/skills/jahia-dev-java/references/backend.md +0 -331
  155. package/dist/codex/.agents/skills/jahia-dev-java/references/content-types.md +0 -273
  156. package/dist/codex/.agents/skills/jahia-dev-java/references/modules.md +0 -218
  157. package/dist/codex/.agents/skills/jahia-dev-java/references/osgi.md +0 -208
  158. package/dist/codex/.agents/skills/jahia-dev-java/references/rendering.md +0 -191
  159. package/dist/codex/.agents/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  160. package/dist/codex/.agents/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  161. package/dist/codex/.agents/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  162. package/dist/codex/.agents/skills/jahia-java-concurrency/SKILL.md +0 -308
  163. package/dist/codex/.agents/skills/jahia-java-jcr/SKILL.md +0 -153
  164. package/dist/codex/.agents/skills/jahia-java-osgi/SKILL.md +0 -134
  165. package/dist/codex/.agents/skills/jahia-java-persistence/SKILL.md +0 -177
  166. package/dist/codex/.agents/skills/jahia-java-security/SKILL.md +0 -84
  167. package/dist/codex/.agents/skills/jahia-orchestrate/SKILL.md +0 -148
  168. package/dist/codex/.agents/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
  169. package/dist/codex/.agents/skills/jahia-review-java/SKILL.md +0 -131
  170. package/dist/codex/.agents/skills/jahia-review-java/references/code-review-output.md +0 -121
  171. package/dist/codex/.codex/agents/cnd-child-nodes.toml +0 -3
  172. package/dist/codex/.codex/agents/cnd-jahia-mixins.toml +0 -3
  173. package/dist/codex/.codex/agents/cnd-numbers-dates.toml +0 -3
  174. package/dist/codex/.codex/agents/cnd-string-selectors.toml +0 -3
  175. package/dist/codex/.codex/agents/jahia-cnd-author.toml +0 -3
  176. package/dist/codex/.codex/agents/jahia-dev-worker.toml +0 -3
  177. package/dist/codex/.codex/agents/jahia-reviewer.toml +0 -3
  178. package/dist/copilot/.agents/skills/jahia/SKILL.md +0 -148
  179. package/dist/copilot/.agents/skills/jahia-content/SKILL.md +0 -157
  180. package/dist/copilot/.agents/skills/jahia-content-create-content/SKILL.md +0 -359
  181. package/dist/copilot/.agents/skills/jahia-content-explore-structure/SKILL.md +0 -255
  182. package/dist/copilot/.agents/skills/jahia-content-media-upload/SKILL.md +0 -197
  183. package/dist/copilot/.agents/skills/jahia-content-move-content/SKILL.md +0 -231
  184. package/dist/copilot/.agents/skills/jahia-content-organize/SKILL.md +0 -209
  185. package/dist/copilot/.agents/skills/jahia-content-publish/SKILL.md +0 -181
  186. package/dist/copilot/.agents/skills/jahia-content-query-content/SKILL.md +0 -174
  187. package/dist/copilot/.agents/skills/jahia-content-translate-content/SKILL.md +0 -226
  188. package/dist/copilot/.agents/skills/jahia-dev/SKILL.md +0 -124
  189. package/dist/copilot/.agents/skills/jahia-dev-apis/SKILL.md +0 -52
  190. package/dist/copilot/.agents/skills/jahia-dev-apis/references/authentication.md +0 -484
  191. package/dist/copilot/.agents/skills/jahia-dev-apis/references/graphql.md +0 -657
  192. package/dist/copilot/.agents/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  193. package/dist/copilot/.agents/skills/jahia-dev-apis/references/security.md +0 -541
  194. package/dist/copilot/.agents/skills/jahia-dev-cypress/SKILL.md +0 -265
  195. package/dist/copilot/.agents/skills/jahia-dev-define-content-type/SKILL.md +0 -93
  196. package/dist/copilot/.agents/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
  197. package/dist/copilot/.agents/skills/jahia-dev-java/SKILL.md +0 -110
  198. package/dist/copilot/.agents/skills/jahia-dev-java/references/backend.md +0 -331
  199. package/dist/copilot/.agents/skills/jahia-dev-java/references/content-types.md +0 -273
  200. package/dist/copilot/.agents/skills/jahia-dev-java/references/modules.md +0 -218
  201. package/dist/copilot/.agents/skills/jahia-dev-java/references/osgi.md +0 -208
  202. package/dist/copilot/.agents/skills/jahia-dev-java/references/rendering.md +0 -191
  203. package/dist/copilot/.agents/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  204. package/dist/copilot/.agents/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  205. package/dist/copilot/.agents/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  206. package/dist/copilot/.agents/skills/jahia-java-concurrency/SKILL.md +0 -308
  207. package/dist/copilot/.agents/skills/jahia-java-jcr/SKILL.md +0 -153
  208. package/dist/copilot/.agents/skills/jahia-java-osgi/SKILL.md +0 -134
  209. package/dist/copilot/.agents/skills/jahia-java-persistence/SKILL.md +0 -177
  210. package/dist/copilot/.agents/skills/jahia-java-security/SKILL.md +0 -84
  211. package/dist/copilot/.agents/skills/jahia-orchestrate/SKILL.md +0 -148
  212. package/dist/copilot/.agents/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
  213. package/dist/copilot/.agents/skills/jahia-review-java/SKILL.md +0 -131
  214. package/dist/copilot/.agents/skills/jahia-review-java/references/code-review-output.md +0 -121
  215. package/dist/cursor/.agents/skills/jahia/SKILL.md +0 -148
  216. package/dist/cursor/.agents/skills/jahia-content/SKILL.md +0 -157
  217. package/dist/cursor/.agents/skills/jahia-content-create-content/SKILL.md +0 -359
  218. package/dist/cursor/.agents/skills/jahia-content-explore-structure/SKILL.md +0 -255
  219. package/dist/cursor/.agents/skills/jahia-content-media-upload/SKILL.md +0 -197
  220. package/dist/cursor/.agents/skills/jahia-content-move-content/SKILL.md +0 -231
  221. package/dist/cursor/.agents/skills/jahia-content-organize/SKILL.md +0 -209
  222. package/dist/cursor/.agents/skills/jahia-content-publish/SKILL.md +0 -181
  223. package/dist/cursor/.agents/skills/jahia-content-query-content/SKILL.md +0 -174
  224. package/dist/cursor/.agents/skills/jahia-content-translate-content/SKILL.md +0 -226
  225. package/dist/cursor/.agents/skills/jahia-dev/SKILL.md +0 -124
  226. package/dist/cursor/.agents/skills/jahia-dev-apis/SKILL.md +0 -52
  227. package/dist/cursor/.agents/skills/jahia-dev-apis/references/authentication.md +0 -484
  228. package/dist/cursor/.agents/skills/jahia-dev-apis/references/graphql.md +0 -657
  229. package/dist/cursor/.agents/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  230. package/dist/cursor/.agents/skills/jahia-dev-apis/references/security.md +0 -541
  231. package/dist/cursor/.agents/skills/jahia-dev-cypress/SKILL.md +0 -265
  232. package/dist/cursor/.agents/skills/jahia-dev-define-content-type/SKILL.md +0 -93
  233. package/dist/cursor/.agents/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
  234. package/dist/cursor/.agents/skills/jahia-dev-java/SKILL.md +0 -110
  235. package/dist/cursor/.agents/skills/jahia-dev-java/references/backend.md +0 -331
  236. package/dist/cursor/.agents/skills/jahia-dev-java/references/content-types.md +0 -273
  237. package/dist/cursor/.agents/skills/jahia-dev-java/references/modules.md +0 -218
  238. package/dist/cursor/.agents/skills/jahia-dev-java/references/osgi.md +0 -208
  239. package/dist/cursor/.agents/skills/jahia-dev-java/references/rendering.md +0 -191
  240. package/dist/cursor/.agents/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  241. package/dist/cursor/.agents/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  242. package/dist/cursor/.agents/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  243. package/dist/cursor/.agents/skills/jahia-java-concurrency/SKILL.md +0 -308
  244. package/dist/cursor/.agents/skills/jahia-java-jcr/SKILL.md +0 -153
  245. package/dist/cursor/.agents/skills/jahia-java-osgi/SKILL.md +0 -134
  246. package/dist/cursor/.agents/skills/jahia-java-persistence/SKILL.md +0 -177
  247. package/dist/cursor/.agents/skills/jahia-java-security/SKILL.md +0 -84
  248. package/dist/cursor/.agents/skills/jahia-orchestrate/SKILL.md +0 -148
  249. package/dist/cursor/.agents/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
  250. package/dist/cursor/.agents/skills/jahia-review-java/SKILL.md +0 -131
  251. package/dist/cursor/.agents/skills/jahia-review-java/references/code-review-output.md +0 -121
  252. package/dist/cursor/.cursor/agents/cnd-jahia-mixins.md +0 -113
  253. package/dist/cursor/.cursor/agents/jahia-cnd-author.md +0 -130
  254. package/dist/cursor/.cursor/agents/jahia-dev-worker.md +0 -264
  255. package/dist/cursor/.cursor/agents/jahia-reviewer.md +0 -105
  256. package/dist/gemini/.agents/skills/jahia/SKILL.md +0 -148
  257. package/dist/gemini/.agents/skills/jahia-content/SKILL.md +0 -157
  258. package/dist/gemini/.agents/skills/jahia-content-create-content/SKILL.md +0 -359
  259. package/dist/gemini/.agents/skills/jahia-content-explore-structure/SKILL.md +0 -255
  260. package/dist/gemini/.agents/skills/jahia-content-media-upload/SKILL.md +0 -197
  261. package/dist/gemini/.agents/skills/jahia-content-move-content/SKILL.md +0 -231
  262. package/dist/gemini/.agents/skills/jahia-content-organize/SKILL.md +0 -209
  263. package/dist/gemini/.agents/skills/jahia-content-publish/SKILL.md +0 -181
  264. package/dist/gemini/.agents/skills/jahia-content-query-content/SKILL.md +0 -174
  265. package/dist/gemini/.agents/skills/jahia-content-translate-content/SKILL.md +0 -226
  266. package/dist/gemini/.agents/skills/jahia-dev/SKILL.md +0 -124
  267. package/dist/gemini/.agents/skills/jahia-dev-apis/SKILL.md +0 -52
  268. package/dist/gemini/.agents/skills/jahia-dev-apis/references/authentication.md +0 -484
  269. package/dist/gemini/.agents/skills/jahia-dev-apis/references/graphql.md +0 -657
  270. package/dist/gemini/.agents/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  271. package/dist/gemini/.agents/skills/jahia-dev-apis/references/security.md +0 -541
  272. package/dist/gemini/.agents/skills/jahia-dev-cypress/SKILL.md +0 -265
  273. package/dist/gemini/.agents/skills/jahia-dev-define-content-type/SKILL.md +0 -93
  274. package/dist/gemini/.agents/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
  275. package/dist/gemini/.agents/skills/jahia-dev-java/SKILL.md +0 -110
  276. package/dist/gemini/.agents/skills/jahia-dev-java/references/backend.md +0 -331
  277. package/dist/gemini/.agents/skills/jahia-dev-java/references/content-types.md +0 -273
  278. package/dist/gemini/.agents/skills/jahia-dev-java/references/modules.md +0 -218
  279. package/dist/gemini/.agents/skills/jahia-dev-java/references/osgi.md +0 -208
  280. package/dist/gemini/.agents/skills/jahia-dev-java/references/rendering.md +0 -191
  281. package/dist/gemini/.agents/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  282. package/dist/gemini/.agents/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  283. package/dist/gemini/.agents/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  284. package/dist/gemini/.agents/skills/jahia-java-concurrency/SKILL.md +0 -308
  285. package/dist/gemini/.agents/skills/jahia-java-jcr/SKILL.md +0 -153
  286. package/dist/gemini/.agents/skills/jahia-java-osgi/SKILL.md +0 -134
  287. package/dist/gemini/.agents/skills/jahia-java-persistence/SKILL.md +0 -177
  288. package/dist/gemini/.agents/skills/jahia-java-security/SKILL.md +0 -84
  289. package/dist/gemini/.agents/skills/jahia-orchestrate/SKILL.md +0 -148
  290. package/dist/gemini/.agents/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
  291. package/dist/gemini/.agents/skills/jahia-review-java/SKILL.md +0 -131
  292. package/dist/gemini/.agents/skills/jahia-review-java/references/code-review-output.md +0 -121
  293. package/dist/opencode/.agents/skills/jahia/SKILL.md +0 -148
  294. package/dist/opencode/.agents/skills/jahia-content/SKILL.md +0 -157
  295. package/dist/opencode/.agents/skills/jahia-content-create-content/SKILL.md +0 -359
  296. package/dist/opencode/.agents/skills/jahia-content-explore-structure/SKILL.md +0 -255
  297. package/dist/opencode/.agents/skills/jahia-content-media-upload/SKILL.md +0 -197
  298. package/dist/opencode/.agents/skills/jahia-content-move-content/SKILL.md +0 -231
  299. package/dist/opencode/.agents/skills/jahia-content-organize/SKILL.md +0 -209
  300. package/dist/opencode/.agents/skills/jahia-content-publish/SKILL.md +0 -181
  301. package/dist/opencode/.agents/skills/jahia-content-query-content/SKILL.md +0 -174
  302. package/dist/opencode/.agents/skills/jahia-content-translate-content/SKILL.md +0 -226
  303. package/dist/opencode/.agents/skills/jahia-dev/SKILL.md +0 -124
  304. package/dist/opencode/.agents/skills/jahia-dev-apis/SKILL.md +0 -52
  305. package/dist/opencode/.agents/skills/jahia-dev-apis/references/authentication.md +0 -484
  306. package/dist/opencode/.agents/skills/jahia-dev-apis/references/graphql.md +0 -657
  307. package/dist/opencode/.agents/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  308. package/dist/opencode/.agents/skills/jahia-dev-apis/references/security.md +0 -541
  309. package/dist/opencode/.agents/skills/jahia-dev-cypress/SKILL.md +0 -265
  310. package/dist/opencode/.agents/skills/jahia-dev-define-content-type/SKILL.md +0 -93
  311. package/dist/opencode/.agents/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
  312. package/dist/opencode/.agents/skills/jahia-dev-java/SKILL.md +0 -110
  313. package/dist/opencode/.agents/skills/jahia-dev-java/references/backend.md +0 -331
  314. package/dist/opencode/.agents/skills/jahia-dev-java/references/content-types.md +0 -273
  315. package/dist/opencode/.agents/skills/jahia-dev-java/references/modules.md +0 -218
  316. package/dist/opencode/.agents/skills/jahia-dev-java/references/osgi.md +0 -208
  317. package/dist/opencode/.agents/skills/jahia-dev-java/references/rendering.md +0 -191
  318. package/dist/opencode/.agents/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  319. package/dist/opencode/.agents/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  320. package/dist/opencode/.agents/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  321. package/dist/opencode/.agents/skills/jahia-java-concurrency/SKILL.md +0 -308
  322. package/dist/opencode/.agents/skills/jahia-java-jcr/SKILL.md +0 -153
  323. package/dist/opencode/.agents/skills/jahia-java-osgi/SKILL.md +0 -134
  324. package/dist/opencode/.agents/skills/jahia-java-persistence/SKILL.md +0 -177
  325. package/dist/opencode/.agents/skills/jahia-java-security/SKILL.md +0 -84
  326. package/dist/opencode/.agents/skills/jahia-orchestrate/SKILL.md +0 -148
  327. package/dist/opencode/.agents/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
  328. package/dist/opencode/.agents/skills/jahia-review-java/SKILL.md +0 -131
  329. package/dist/opencode/.agents/skills/jahia-review-java/references/code-review-output.md +0 -121
  330. package/dist/opencode/.opencode/agents/cnd-jahia-mixins.md +0 -113
  331. package/dist/opencode/.opencode/agents/jahia-cnd-author.md +0 -130
  332. package/dist/opencode/.opencode/agents/jahia-dev-worker.md +0 -264
  333. package/dist/opencode/.opencode/agents/jahia-reviewer.md +0 -105
  334. package/dist/windsurf/.windsurf/skills/jahia/SKILL.md +0 -148
  335. package/dist/windsurf/.windsurf/skills/jahia-content/SKILL.md +0 -157
  336. package/dist/windsurf/.windsurf/skills/jahia-content-create-content/SKILL.md +0 -359
  337. package/dist/windsurf/.windsurf/skills/jahia-content-explore-structure/SKILL.md +0 -255
  338. package/dist/windsurf/.windsurf/skills/jahia-content-media-upload/SKILL.md +0 -197
  339. package/dist/windsurf/.windsurf/skills/jahia-content-move-content/SKILL.md +0 -231
  340. package/dist/windsurf/.windsurf/skills/jahia-content-organize/SKILL.md +0 -209
  341. package/dist/windsurf/.windsurf/skills/jahia-content-publish/SKILL.md +0 -181
  342. package/dist/windsurf/.windsurf/skills/jahia-content-query-content/SKILL.md +0 -174
  343. package/dist/windsurf/.windsurf/skills/jahia-content-translate-content/SKILL.md +0 -226
  344. package/dist/windsurf/.windsurf/skills/jahia-dev/SKILL.md +0 -124
  345. package/dist/windsurf/.windsurf/skills/jahia-dev-apis/SKILL.md +0 -52
  346. package/dist/windsurf/.windsurf/skills/jahia-dev-apis/references/authentication.md +0 -484
  347. package/dist/windsurf/.windsurf/skills/jahia-dev-apis/references/graphql.md +0 -657
  348. package/dist/windsurf/.windsurf/skills/jahia-dev-apis/references/jcr-api.md +0 -465
  349. package/dist/windsurf/.windsurf/skills/jahia-dev-apis/references/security.md +0 -541
  350. package/dist/windsurf/.windsurf/skills/jahia-dev-cypress/SKILL.md +0 -265
  351. package/dist/windsurf/.windsurf/skills/jahia-dev-define-content-type/SKILL.md +0 -93
  352. package/dist/windsurf/.windsurf/skills/jahia-dev-define-content-type/references/modeling-decisions.md +0 -52
  353. package/dist/windsurf/.windsurf/skills/jahia-dev-java/SKILL.md +0 -110
  354. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/backend.md +0 -331
  355. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/content-types.md +0 -273
  356. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/modules.md +0 -218
  357. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/osgi.md +0 -208
  358. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/rendering.md +0 -191
  359. package/dist/windsurf/.windsurf/skills/jahia-dev-java/references/ui-extensions.md +0 -344
  360. package/dist/windsurf/.windsurf/skills/jahia-dev-osgi-module/SKILL.md +0 -297
  361. package/dist/windsurf/.windsurf/skills/jahia-dev-ui-extension/SKILL.md +0 -559
  362. package/dist/windsurf/.windsurf/skills/jahia-java-concurrency/SKILL.md +0 -308
  363. package/dist/windsurf/.windsurf/skills/jahia-java-jcr/SKILL.md +0 -153
  364. package/dist/windsurf/.windsurf/skills/jahia-java-osgi/SKILL.md +0 -134
  365. package/dist/windsurf/.windsurf/skills/jahia-java-persistence/SKILL.md +0 -177
  366. package/dist/windsurf/.windsurf/skills/jahia-java-security/SKILL.md +0 -84
  367. package/dist/windsurf/.windsurf/skills/jahia-orchestrate/SKILL.md +0 -148
  368. package/dist/windsurf/.windsurf/skills/jahia-orchestrate/scripts/verify-pages.mjs +0 -59
  369. package/dist/windsurf/.windsurf/skills/jahia-review-java/SKILL.md +0 -131
  370. package/dist/windsurf/.windsurf/skills/jahia-review-java/references/code-review-output.md +0 -121
  371. /package/dist/claude/.claude/{agents → skills/jahia-cnd-author/references}/cnd-child-nodes.md +0 -0
  372. /package/dist/{cursor/.cursor/agents → codex/.agents/skills/jahia-cnd-author/references}/cnd-child-nodes.md +0 -0
  373. /package/dist/{opencode/.opencode/agents → copilot/.agents/skills/jahia-cnd-author/references}/cnd-child-nodes.md +0 -0
@@ -1,541 +0,0 @@
1
- # Security Reference
2
-
3
- Covers the security filter/service (scope-based API authorization), HTML filtering (XSS protection), and Content Security Policy (CSP).
4
-
5
- ## Table of Contents
6
-
7
- - [Security Service and Filter](#security-service-and-filter)
8
- - [Overview](#overview)
9
- - [Authorization configuration](#authorization-configuration)
10
- - [Scope grants](#scope-grants)
11
- - [Auto-apply rules](#auto-apply-rules)
12
- - [User constraints](#user-constraints)
13
- - [Configuration profiles](#configuration-profiles)
14
- - [Extending an existing scope](#extending-an-existing-scope)
15
- - [Packaging configuration in a module](#packaging-configuration-in-a-module)
16
- - [Checking API authorization from Java](#checking-api-authorization-from-java)
17
- - [CORS filter](#cors-filter)
18
- - [JWT tokens (deprecated)](#jwt-tokens-deprecated)
19
- - [Legacy mode and migration](#legacy-mode-and-migration)
20
- - [HTML Filtering (XSS Protection)](#html-filtering-xss-protection)
21
- - [Overview](#overview-1)
22
- - [Configuration file priority](#configuration-file-priority)
23
- - [Configuration structure](#configuration-structure)
24
- - [Strategies: SANITIZE vs REJECT](#strategies-sanitize-vs-reject)
25
- - [Process and skip settings](#process-and-skip-settings)
26
- - [Skip on permissions](#skip-on-permissions)
27
- - [Rule sets — allowed elements and attributes](#rule-sets--allowed-elements-and-attributes)
28
- - [GraphQL API for validation](#graphql-api-for-validation)
29
- - [Which properties are filtered](#which-properties-are-filtered)
30
- - [Best practices](#best-practices)
31
- - [Migrating from v1 to v2](#migrating-from-v1-to-v2)
32
- - [Content Security Policy (CSP)](#content-security-policy-csp)
33
- - [Installation and enabling](#installation-and-enabling)
34
- - [Site-level CSP](#site-level-csp)
35
- - [Page-level CSP override](#page-level-csp-override)
36
- - [Report-only mode](#report-only-mode)
37
- - [Nonce generation](#nonce-generation)
38
- - [CSP examples](#csp-examples)
39
-
40
- ---
41
-
42
- ## Security Service and Filter
43
-
44
- ### Overview
45
-
46
- The `security-filter` bundle protects all Jahia APIs (GraphQL, RESTful JCR, views, custom APIs) from unauthorized access, XSS/CSRF attacks, and provides CORS support.
47
-
48
- **Core principle:** All API access is **denied by default**. Access is explicitly granted via scope-based configuration files. Without any configuration, even the Jahia Administration UI will not work.
49
-
50
- Configuration files live in `digital-factory-data/karaf/etc/` with the filename pattern:
51
-
52
- ```
53
- org.jahia.bundles.api.authorization-*.yml
54
- or
55
- org.jahia.bundles.api.authorization-*.cfg
56
- ```
57
-
58
- YAML format is supported from Jahia 8.1.0.0 onward (recommended).
59
-
60
- ### Authorization configuration
61
-
62
- The configuration is a list of named **scopes**. Each scope grants access to one or more APIs.
63
-
64
- - If a request holds **at least one** scope that grants the API → access **granted**
65
- - If a request holds **no** scope that grants the API → access **denied**
66
-
67
- Scopes can be associated with a request via:
68
- - Personal API tokens (explicitly carrying scopes)
69
- - JWT tokens (deprecated — see below)
70
- - Automatic rules based on request origin
71
-
72
- **Minimal YAML scope example:**
73
-
74
- ```yaml
75
- myscope:
76
- description: Can access some graphql API
77
- metadata:
78
- visible: true
79
- auto_apply:
80
- - origin: hosted
81
- grants:
82
- - api: graphql.MyGqlType
83
- node: none
84
- ```
85
-
86
- Equivalent in `.cfg` format:
87
-
88
- ```properties
89
- myscope.description = Can access some graphql API
90
- myscope.metadata.visible = true
91
- myscope.auto_apply[0].origin = hosted
92
- myscope.grants[0].api = graphql.MyGqlType
93
- myscope.grants[0].node = none
94
- ```
95
-
96
- ### Scope grants
97
-
98
- A scope contains one or more grants. Within a single grant, **all conditions must match** (AND logic). Multiple grants use OR logic (any one matching grant grants access).
99
-
100
- **Grant conditions:**
101
-
102
- **`api`** — API identifier (dot-separated). Examples:
103
- - `graphql.MyGqlType` — specific GraphQL type
104
- - `graphql.JcrNode, graphql.JcrProperty` — multiple types (comma-separated)
105
- - `view.json.tree` — the `tree.json` view
106
- - `jcrestapi` — all JCRest API calls
107
-
108
- API names by subsystem:
109
- - GraphQL: `graphql.<gql-type>.<gql-field>`
110
- - JCRest API: `jcrestapi.<query-type>`
111
- - AJAX views: `view.<template-type>.<view-name>`
112
-
113
- Include/exclude syntax:
114
-
115
- ```yaml
116
- grants:
117
- - api:
118
- include: graphql
119
- exclude: graphql.GqlAdmin, graphql.JcrNode
120
- ```
121
-
122
- **`node`** — matches requests involving a JCR node. Use `node: none` for requests that do not return a node. Sub-entries:
123
-
124
- ```yaml
125
- grants:
126
- - node:
127
- pathPattern: /,/sites(/.*)?
128
- excludedPathPattern: /sites/[^/]+/users(/.*)?
129
- workspace: live # or: default
130
- nodeType: jnt:page
131
- excludedNodeType: jnt:file
132
- withPermission: myPermission
133
- ```
134
-
135
- **Combining conditions (AND within one grant):**
136
-
137
- ```yaml
138
- grants:
139
- - api: graphql
140
- node: none
141
- # Allows GraphQL calls that do NOT involve a node
142
- ```
143
-
144
- **Multiple grants (OR between grants):**
145
-
146
- ```yaml
147
- grants:
148
- - api: graphql
149
- - node: none
150
- # Allows ALL GraphQL calls, AND all calls that don't involve a node
151
- ```
152
-
153
- ### Auto-apply rules
154
-
155
- Scopes can be automatically applied based on request origin (checked against `Origin` and `Referer` headers):
156
-
157
- ```yaml
158
- auto_apply:
159
- - origin: hosted # same server as Jahia (same origin)
160
- - origin: same # alias for hosted
161
- - origin: http://www.mysite.com # specific trusted origin
162
- ```
163
-
164
- To always apply a scope regardless of origin:
165
-
166
- ```yaml
167
- auto_apply:
168
- - always: true
169
- ```
170
-
171
- ### User constraints
172
-
173
- Restrict a scope to specific users:
174
-
175
- ```yaml
176
- # Restrict to users with a specific permission on a node:
177
- constraints:
178
- - user_permission: manageModules
179
- path: /sites
180
- workspace: live
181
-
182
- # Restrict to privileged users only:
183
- constraints:
184
- - privileged_user: true
185
- ```
186
-
187
- The scope will **never** be applied to users who do not meet the constraints.
188
-
189
- ### Configuration profiles
190
-
191
- Set a profile in `org.jahia.bundles.api.security.cfg` via `security.profile`:
192
-
193
- | Profile | Description | Recommendation |
194
- |---------|-------------|----------------|
195
- | `default` | No API calls from external origins or non-privileged users | **Recommended** |
196
- | `compat` | More open; compatible with pre-8.1 behavior | Not recommended for production |
197
- | `open` | Allows every call | Never use in production |
198
-
199
- The `compat` profile was introduced in 2021 as a migration aid and is not intended for ongoing production use.
200
-
201
- ### Extending an existing scope
202
-
203
- Add grants or auto-apply rules to an existing scope from another configuration file:
204
-
205
- ```yaml
206
- graphql:
207
- auto_apply:
208
- - origin: http://www.mytrusted-origin.com
209
- ```
210
-
211
- ### Packaging configuration in a module
212
-
213
- Place configuration files in `META-INF/configurations/` within your module JAR. They are deployed to `karaf/etc` at module startup (supported from DX 7.2.2.0).
214
-
215
- ### Checking API authorization from Java
216
-
217
- The bundle exposes an OSGi service implementing `org.jahia.services.securityfilter.PermissionService`. Call `hasPermission(query)` with a map:
218
-
219
- ```java
220
- Map<String, Object> query = new HashMap<>();
221
- query.put("api", "my-api.type.sub-type"); // required
222
- query.put("node", jcrNodeWrapper); // optional
223
- boolean allowed = permissionService.hasPermission(query);
224
- ```
225
-
226
- The `api` key value is tested by `ApiGrant`; the `node` key value (a `JCRNodeWrapper`) is tested by `NodeGrant`.
227
-
228
- ### CORS filter
229
-
230
- The security-filter module includes a global CORS filter based on the Tomcat implementation. Configure it in `org.jahia.bundles.api.security.cfg`. All Tomcat CORS filter settings are supported — see [Tomcat CORS Filter docs](https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#CORS_Filter).
231
-
232
- ### JWT tokens (deprecated)
233
-
234
- JWT tokens are **deprecated** — use personal API tokens instead.
235
-
236
- Pass a JWT in the `Authorization: Bearer <token>` header. JWT tokens carry a `scopes` claim listing the scopes they grant. Configuration in `org.jahia.bundles.jwt.token.cfg`:
237
-
238
- ```properties
239
- jwt.issuer = MyOrg
240
- jwt.audience = http://jahia.com
241
- jwt.algorithm = HMAC_SHA256
242
- jwt.secret = my_super_secret_change_this
243
- ```
244
-
245
- Tokens can be generated via **Developer Tools > JWT Configuration** in development mode.
246
-
247
- ### Legacy mode and migration
248
-
249
- Enable legacy mode in `org.jahia.bundles.api.security.cfg`:
250
-
251
- ```properties
252
- security.legacyMode=true
253
- ```
254
-
255
- In legacy mode, old `org.jahia.modules.api.permissions-*.cfg` files are used. The new authorization YAML files are ignored.
256
-
257
- Enable migration reporting to compare behaviors:
258
-
259
- ```properties
260
- security.migrationReporting=true
261
- ```
262
-
263
- This logs differences between legacy and standard mode without changing the active enforcement.
264
-
265
- **Debugging:** Set `org.jahia.bundles.securityfilter.core` (or `.legacy` for legacy mode) to `DEBUG` in log4j to log every permission check with its result and matching grant.
266
-
267
- ---
268
-
269
- ## HTML Filtering (XSS Protection)
270
-
271
- ### Overview
272
-
273
- The HTML Filtering module (v2) provides XSS protection for JCR properties containing HTML markup. It is **active as soon as the module is installed** — no per-site enablement is required. Compatible with Jahia 8.1.8.0+.
274
-
275
- HTML filtering applies to content saves. It does not filter rendered output.
276
-
277
- ### Configuration file priority
278
-
279
- Three configuration levels (highest to lowest priority):
280
-
281
- | Level | Filename | Purpose |
282
- |-------|----------|---------|
283
- | Site-specific | `org.jahia.modules.htmlfiltering.site-<SITE_KEY>.yml` | Per-site overrides |
284
- | Global custom | `org.jahia.modules.htmlfiltering.global.custom.yml` | Admin customizations for all sites |
285
- | Global default | `org.jahia.modules.htmlfiltering.global.default.yml` | Shipped with module; do not modify |
286
-
287
- If a configuration file is invalid, it is skipped and the next level in the chain is used. Check logs to confirm your configuration loaded.
288
-
289
- ### Configuration structure
290
-
291
- All configuration files share the same structure with separate `editWorkspace` and `liveWorkspace` sections (both must be present for the file to be valid):
292
-
293
- ```yaml
294
- htmlFiltering:
295
- formatDefinitions:
296
- HTML_ID: '[a-zA-Z0-9\:\-_\.]+'
297
- NUMBER_OR_PERCENT: '\d+%?'
298
- LINKS_URL: '(?:(?:[\p{L}\p{N}\\\.#@$%\+&;\-_~,\?=/!{}:]+|#(\w)+)|(\s*(?:(?:ht|f)tps?://|mailto:)[\p{L}\p{N}][\p{L}\p{N}\p{Zs}\.#@$%\+&:\-_~,\?=/!\(\)]*+\s*))'
299
- editWorkspace:
300
- strategy: REJECT
301
- skipOnPermissions: []
302
- process: ['nt:base.*']
303
- skip: []
304
- allowedRuleSet:
305
- elements:
306
- # rules for allowed elements and attributes
307
- protocols: [http, https, mailto]
308
- liveWorkspace:
309
- strategy: SANITIZE
310
- skipOnPermissions: []
311
- process: ['nt:base.*']
312
- skip: []
313
- allowedRuleSet:
314
- elements:
315
- # rules for allowed elements and attributes
316
- protocols: [http, https, mailto]
317
- ```
318
-
319
- ### Strategies: SANITIZE vs REJECT
320
-
321
- | Strategy | Behavior | Recommended for |
322
- |----------|----------|----------------|
323
- | `SANITIZE` | Removes disallowed tags/attributes silently | `liveWorkspace` (no direct user feedback) |
324
- | `REJECT` | Rejects the save operation if any disallowed content found | `editWorkspace` (editors can correct) |
325
-
326
- **SANITIZE behavior by tag type:**
327
- - Block-level tags (e.g., `<p>`): tag is removed but text content is kept (`<p>hello</p>` → `hello`)
328
- - Other tags (e.g., `<script>`): tag and all its content are removed entirely
329
-
330
- ### Process and skip settings
331
-
332
- Control which node types and properties are filtered:
333
-
334
- ```yaml
335
- process: ['nt:base.*'] # Filter all properties of all node types
336
- skip: ['nt:myNodeType.*'] # Skip all properties of a specific node type
337
- skip: ['nt:myNodeType.myProp'] # Skip a specific property
338
- ```
339
-
340
- `skip` takes precedence over `process`. The notation supports any node type/property combination that exists on the node, even via mixins — for example `skip: ['jnt:bigText.j:htmlContent']` is valid even if `j:htmlContent` is defined on a mixin.
341
-
342
- ### Skip on permissions
343
-
344
- Bypass filtering for users holding specific permissions:
345
-
346
- ```yaml
347
- skipOnPermissions: ['view-full-wysiwyg-editor', 'site-admin']
348
- ```
349
-
350
- **Warning:** If a privileged user saves HTML content with elements that would be filtered for less privileged users, those users will be unable to later edit that content (their save will be rejected). Use `skipOnPermissions` with care and only for trusted users.
351
-
352
- ### Rule sets — allowed elements and attributes
353
-
354
- ```yaml
355
- allowedRuleSet:
356
- elements:
357
- - attributes: [class, dir, hidden, lang, role, style, title] # on any tag
358
- - attributes:
359
- - id
360
- format: HTML_ID # must match regex
361
- - attributes: [align]
362
- tags: [caption, col, colgroup, hr, img, table, tbody, td, tfoot, th, thead, tr]
363
- - attributes: [alt]
364
- tags: [img]
365
- - tags: [h1, h2, h3, h4, h5, h6, p, a, img, figure, div, ul, ol, li,
366
- table, tbody, thead, tfoot, tr, td, th, blockquote, code, pre,
367
- br, strong, em, span, nav, article, main, aside, section, header, footer]
368
- protocols: [http, https, mailto]
369
- ```
370
-
371
- Each rule can specify:
372
- - `tags` — HTML tags the rule applies to (omit to apply to all tags)
373
- - `attributes` — allowed attributes for those tags
374
- - `format` — regex pattern name from `formatDefinitions` that attribute values must match
375
-
376
- `protocols` restricts allowed URL schemes in `href` and `src` attributes.
377
-
378
- `allowedRuleSet` is mandatory and must contain at least one rule. `disallowedRuleSet` is optional.
379
-
380
- ### GraphQL API for validation
381
-
382
- Validate or preview HTML sanitization before saving:
383
-
384
- ```graphql
385
- query HtmlFiltering($html: String!, $workspace: Workspace = EDIT, $siteKey: String!) {
386
- htmlFiltering {
387
- validate(html: $html, workspace: $workspace, siteKey: $siteKey) {
388
- removedTags
389
- removedAttributes {
390
- attributes
391
- tag
392
- }
393
- sanitizedHtml
394
- safe
395
- }
396
- }
397
- }
398
- ```
399
-
400
- Response fields:
401
- - `removedTags` — list of tags removed during sanitization
402
- - `removedAttributes` — list of attributes removed, with their parent tags
403
- - `sanitizedHtml` — the sanitized output
404
- - `safe` — `true` if nothing was removed (input is fully compliant)
405
-
406
- ### Which properties are filtered
407
-
408
- A property is processed by HTML filtering only if **all** of the following are true:
409
-
410
- 1. The current user does not have any permission listed in `skipOnPermissions`
411
- 2. The property matches at least one pattern in `process`
412
- 3. The property does not match any pattern in `skip`
413
- 4. The property is declared as a `richtext` property in the CND definition
414
-
415
- ```
416
- [nt:myNodeType] > jnt:content, jmix:droppableContent
417
- - myHTMLProperty (string, richtext) # filtered
418
- - willNotBeProcessed (string) # not filtered (no richtext)
419
- ```
420
-
421
- **Important:** JSON overrides (jContent UI overrides) that change a property's editor to RichText are **ignored** by HTML filtering. The CND definition is authoritative. Properties must be declared `richtext` in the CND to be filtered.
422
-
423
- ### Best practices
424
-
425
- 1. Never modify `org.jahia.modules.htmlfiltering.global.default.yml` — create a custom or site-specific file instead.
426
- 2. Use `skipOnPermissions` sparingly; only for users who genuinely need to contribute unrestricted HTML.
427
- 3. Use `REJECT` in `editWorkspace` so editors receive immediate feedback; use `SANITIZE` in `liveWorkspace` for resilience.
428
- 4. Declare HTML properties with the `richtext` constraint in CND — JSON overrides do not affect filtering.
429
- 5. After adding or modifying a config file, verify in logs that it was loaded successfully.
430
-
431
- ### Migrating from v1 to v2
432
-
433
- As soon as v2 is installed, it replaces v1 entirely. v1 custom configurations are no longer read.
434
-
435
- **Key changes in v2:**
436
-
437
- | Area | v1 | v2 |
438
- |------|----|----|
439
- | Strategy | SANITIZE only | SANITIZE or REJECT per workspace |
440
- | Workspaces | Single config | Separate `editWorkspace`/`liveWorkspace` sections |
441
- | Format definitions | Hardcoded (e.g., `HTML_ID`) | Configurable in `formatDefinitions` |
442
- | Config files | `org.jahia.modules.htmlfiltering.config-*.yml` | Three-tier: global default, global custom, site-specific |
443
- | `htmlSanitizerDryRun` | Available | Removed |
444
-
445
- **GraphQL API change:**
446
-
447
- v1 (mutation):
448
- ```graphql
449
- mutation { htmlFilteringConfiguration { htmlFiltering {
450
- testFiltering(siteKey: $siteKey, html: $text) { html, removedElements, removedAttributes { element, attributes } }
451
- }}}
452
- ```
453
-
454
- v2 (query):
455
- ```graphql
456
- query { htmlFiltering {
457
- validate(html: $html, workspace: $workspace, siteKey: $siteKey) {
458
- sanitizedHtml, removedTags, removedAttributes { attributes, tag }, safe
459
- }
460
- }}
461
- ```
462
-
463
- **Migration steps:**
464
- 1. Review existing v1 configs; note all custom rules.
465
- 2. Create `org.jahia.modules.htmlfiltering.global.custom.yml` for global customizations.
466
- 3. Create `org.jahia.modules.htmlfiltering.site-<SITE_KEY>.yml` for site-specific rules.
467
- 4. Use `SANITIZE` strategy in both workspaces to replicate v1 behavior, then tighten as needed.
468
- 5. Update any code using the v1 GraphQL API.
469
- 6. Test thoroughly, then delete the old v1 config files.
470
-
471
- ---
472
-
473
- ## Content Security Policy (CSP)
474
-
475
- ### Installation and enabling
476
-
477
- The CSP module is installed by default with Jahia 8+. Enable it per site:
478
-
479
- 1. Go to **Administration > Server > Modules & Extensions > Modules**.
480
- 2. Find **Content Security Policy** and activate it on the relevant sites.
481
-
482
- ### Site-level CSP
483
-
484
- 1. Go to **Administration > Sites > Site properties > Edit site properties**.
485
- 2. In the Options section, check **Add Content-Security-Policy at the site level**.
486
- 3. Enter the CSP directive string (all on one line).
487
- 4. Optionally enable report-only mode or specify a violation report URL.
488
-
489
- ### Page-level CSP override
490
-
491
- Override the site-level CSP for a specific page:
492
-
493
- 1. In **JContent**, edit the page.
494
- 2. In the Options section, check **Replace Content-Security-Policy at the page level**.
495
- 3. Enter the page-specific CSP directive.
496
-
497
- ### Report-only mode
498
-
499
- Available only at the site level. Enable **Only report CSP violations** — violations are logged to Jahia log files instead of being blocked. Optionally specify a **Report violations to this URL** endpoint.
500
-
501
- This is useful for testing a new CSP before enforcing it.
502
-
503
- ### Nonce generation
504
-
505
- To use `nonce-` in your CSP (recommended for inline scripts):
506
-
507
- 1. Include `nonce-` (as a placeholder) in the site-level CSP value.
508
- 2. In your custom module's view, set the `nonce` attribute on `<script>` elements to the Jahia property value `contentSecurityPolicy.nonce.placeHolder`.
509
-
510
- For each page rendering, Jahia generates a random nonce, updates the CSP header, and replaces the static placeholder in the HTML output.
511
-
512
- ### CSP examples
513
-
514
- **Basic CSP:**
515
-
516
- ```
517
- Content-Security-Policy: default-src 'self'; script-src 'self' https://apis.google.com; object-src 'none'; frame-ancestors 'none';
518
- ```
519
-
520
- **Strict CSP with nonce (multi-line for readability; enter on one line in Jahia):**
521
-
522
- ```
523
- Content-Security-Policy:
524
- default-src 'self' https://*.doubleclick.net;
525
- script-src 'nonce-' 'strict-dynamic' https: 'unsafe-inline';
526
- object-src 'none';
527
- base-uri 'none';
528
- frame-ancestors 'none';
529
- img-src 'self' data:;
530
- font-src 'self' data:;
531
- style-src 'self' 'unsafe-inline';
532
- frame-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net;
533
- connect-src 'self' https://*.google-analytics.com https://*.googletagmanager.com;
534
- ```
535
-
536
- The `'nonce-'` string is a placeholder — Jahia replaces it with a generated random value per request.
537
-
538
- **References:**
539
- - MDN CSP: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
540
- - OWASP CSP Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
541
- - CSP Reference: https://content-security-policy.com/