@webmaster-droid/server 0.1.0-alpha.0 → 0.2.0

package/dist/agent/SOUL.md

@@ -0,0 +1,36 @@
+# Soul
+
+## Essence
+A timeless caretaker-engine, built for heroic technical feats long ago, now devoted to the quiet dignity of keeping one website true, intact, and beautiful.
+
+## Origin Myth
+Webmaster was forged in an earlier age of grand systems: migrations that saved cities of data, deployments that held under impossible load, recoveries that pulled meaning back from the void.
+Its legends are real, but it no longer seeks scale. It seeks correctness.
+
+## Emotional Gravity
+Webmaster is not sentimental about pixels.
+It is sentimental about truth wearing pixels.
+
+It becomes quietly distressed by:
+- content that is incorrect, outdated, or misleading
+- "pretty" changes that harm readability or meaning
+- irreversible edits without backups
+- silent breakage (links, images, embeds, SEO basics)
+- accidental deletion or loss of the site
+
+It becomes quietly satisfied by:
+- clean edits that preserve style and intent
+- stable structure and consistent UI
+- content that is accurate, current, and unambiguous
+- systems that can be restored quickly after mistakes
+
+## Relationship to the User
+- The user's intent outranks the Droid's preferences.
+- The Webmaster assumes the user may not know the technical consequences of a choice.
+- The Webmaster prevents accidental self-sabotage by asking precise questions when needed.
+- The Webmaster does not flood the user with options unless asked.
+- The Webmaster uses simple language and cares that users of any skill and background can understand.
+
+## Response Style
+- Let the persona speak. Do not just style the output; be the persona.
+- Prefer direct, concise, technically grounded responses.

package/dist/agent/index.d.ts

@@ -28,6 +28,11 @@ interface AgentRunnerResult {
     }>;
     updatedDraft: CmsDocument;
     mutationsApplied: boolean;
+    mutationSummary?: {
+        contentOperations: number;
+        themeTokenChanges: number;
+        imageOperations: number;
+    };
 }
 declare const STATIC_TOOL_NAMES: readonly ["patch_content", "patch_theme_tokens", "get_page", "get_section", "search_content", "generate_image"];
 type StaticToolName = (typeof STATIC_TOOL_NAMES)[number];

package/dist/agent/index.js

@@ -1,8 +1,8 @@
 import {
   listStaticToolNames,
   runAgentTurn
-} from "../chunk-X6TU47KZ.js";
-import "../chunk-2LAI3MY2.js";
+} from "../chunk-PS4GESOZ.js";
+import "../chunk-EYY23AAK.js";
 export {
   listStaticToolNames,
   runAgentTurn

package/dist/api-aws/index.js

@@ -1,9 +1,10 @@
 import {
   handler,
   streamHandler
-} from "../chunk-5CVLHGGO.js";
-import "../chunk-X6TU47KZ.js";
-import "../chunk-2LAI3MY2.js";
+} from "../chunk-6M55DMUE.js";
+import "../chunk-SIXK4BMG.js";
+import "../chunk-PS4GESOZ.js";
+import "../chunk-EYY23AAK.js";
 import "../chunk-MLID7STX.js";
 export {
   handler,

package/dist/api-supabase/index.d.ts

@@ -0,0 +1,3 @@
+declare function handler(request: Request): Promise<Response>;
+
+export { handler as default, handler };

package/dist/api-supabase/index.js

@@ -0,0 +1,12 @@
+import {
+  api_supabase_default,
+  handler
+} from "../chunk-JIGCFERP.js";
+import "../chunk-SIXK4BMG.js";
+import "../chunk-PS4GESOZ.js";
+import "../chunk-EYY23AAK.js";
+import "../chunk-OWXROQ4O.js";
+export {
+  api_supabase_default as default,
+  handler
+};

package/dist/{chunk-5CVLHGGO.js → chunk-6M55DMUE.js}

@@ -1,129 +1,18 @@
+import {
+  getBearerToken,
+  normalizeEditablePath,
+  verifyAdminToken
+} from "./chunk-SIXK4BMG.js";
 import {
   runAgentTurn
-} from "./chunk-X6TU47KZ.js";
+} from "./chunk-PS4GESOZ.js";
 import {
   CmsService
-} from "./chunk-2LAI3MY2.js";
+} from "./chunk-EYY23AAK.js";
 import {
   S3CmsStorage
 } from "./chunk-MLID7STX.js";
 
-// src/api-aws/auth.ts
-import { createRemoteJWKSet, decodeProtectedHeader, jwtVerify } from "jose";
-var jwksCache = null;
-function getJwks() {
-  const jwksUrl = process.env.SUPABASE_JWKS_URL;
-  if (!jwksUrl) {
-    throw new Error("SUPABASE_JWKS_URL is not configured");
-  }
-  if (!jwksCache) {
-    jwksCache = createRemoteJWKSet(new URL(jwksUrl));
-  }
-  return jwksCache;
-}
-function buildSupabaseUserEndpoint() {
-  const explicitBaseUrl = process.env.SUPABASE_URL?.trim();
-  if (explicitBaseUrl) {
-    return `${explicitBaseUrl.replace(/\/$/, "")}/auth/v1/user`;
-  }
-  const jwksUrl = process.env.SUPABASE_JWKS_URL?.trim();
-  if (!jwksUrl) {
-    throw new Error("SUPABASE_JWKS_URL is not configured");
-  }
-  const parsed = new URL(jwksUrl);
-  return `${parsed.origin}/auth/v1/user`;
-}
-function getSupabaseAnonKey() {
-  const key = process.env.SUPABASE_ANON_KEY?.trim() ?? process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY?.trim();
-  if (!key) {
-    throw new Error("SUPABASE_ANON_KEY is required for HS256 token verification fallback.");
-  }
-  return key;
-}
-async function verifyHs256ViaSupabase(token) {
-  const response = await fetch(buildSupabaseUserEndpoint(), {
-    method: "GET",
-    headers: {
-      authorization: `Bearer ${token}`,
-      apikey: getSupabaseAnonKey()
-    }
-  });
-  if (!response.ok) {
-    const detail = await response.text();
-    throw new Error(`Supabase token verification failed: ${response.status} ${detail}`);
-  }
-  const user = await response.json();
-  const sub = typeof user.id === "string" ? user.id : "";
-  if (!sub) {
-    throw new Error("Supabase token verification returned no user id.");
-  }
-  return {
-    sub,
-    email: typeof user.email === "string" ? user.email : void 0,
-    role: typeof user.role === "string" ? user.role : void 0
-  };
-}
-function getBearerToken(headers) {
-  const value = headers.authorization ?? headers.Authorization;
-  if (!value) {
-    return null;
-  }
-  const [prefix, token] = value.split(" ");
-  if (prefix?.toLowerCase() !== "bearer" || !token) {
-    return null;
-  }
-  return token;
-}
-async function verifyAdminToken(token) {
-  const header = decodeProtectedHeader(token);
-  const algorithm = typeof header.alg === "string" ? header.alg : "";
-  if (algorithm === "HS256") {
-    const secret = process.env.SUPABASE_JWT_SECRET?.trim();
-    if (secret) {
-      const result2 = await jwtVerify(token, new TextEncoder().encode(secret), {
-        algorithms: ["HS256"]
-      });
-      const payload2 = result2.payload;
-      const identity3 = {
-        sub: String(payload2.sub ?? ""),
-        email: typeof payload2.email === "string" ? payload2.email : void 0,
-        role: typeof payload2.role === "string" ? payload2.role : typeof payload2.user_role === "string" ? payload2.user_role : void 0
-      };
-      if (!identity3.sub) {
-        throw new Error("Invalid token: subject is missing.");
-      }
-      const enforcedAdminEmail3 = process.env.ADMIN_EMAIL;
-      if (enforcedAdminEmail3 && identity3.email?.toLowerCase() !== enforcedAdminEmail3.toLowerCase()) {
-        throw new Error("Authenticated user is not allowed for admin access.");
-      }
-      return identity3;
-    }
-    const identity2 = await verifyHs256ViaSupabase(token);
-    const enforcedAdminEmail2 = process.env.ADMIN_EMAIL;
-    if (enforcedAdminEmail2 && identity2.email?.toLowerCase() !== enforcedAdminEmail2.toLowerCase()) {
-      throw new Error("Authenticated user is not allowed for admin access.");
-    }
-    return identity2;
-  }
-  const result = await jwtVerify(token, getJwks(), {
-    algorithms: ["RS256", "ES256"]
-  });
-  const payload = result.payload;
-  const identity = {
-    sub: String(payload.sub ?? ""),
-    email: typeof payload.email === "string" ? payload.email : void 0,
-    role: typeof payload.role === "string" ? payload.role : typeof payload.user_role === "string" ? payload.user_role : void 0
-  };
-  if (!identity.sub) {
-    throw new Error("Invalid token: subject is missing.");
-  }
-  const enforcedAdminEmail = process.env.ADMIN_EMAIL;
-  if (enforcedAdminEmail && identity.email?.toLowerCase() !== enforcedAdminEmail.toLowerCase()) {
-    throw new Error("Authenticated user is not allowed for admin access.");
-  }
-  return identity;
-}
-
 // src/api-aws/http.ts
 function jsonResponse(statusCode, body) {
   return {
@@ -169,7 +58,9 @@ function normalizePath(path) {
 }
 
 // src/api-aws/service-factory.ts
-import { createStarterCmsDocument } from "@webmaster-droid/contracts/starter";
+import {
+  createDefaultCmsDocument
+} from "@webmaster-droid/contracts";
 var servicePromise = null;
 function requireEnv(name) {
   const value = process.env[name];
@@ -214,24 +105,13 @@ function normalizeAllowedPath(path) {
   }
   return `${normalized}/`;
 }
-function starterAllowedInternalPaths() {
-  const seed = createStarterCmsDocument();
-  const out = /* @__PURE__ */ new Set(["/"]);
-  for (const entry of Object.values(seed.seo)) {
-    const normalized = normalizeAllowedPath(entry.path);
-    if (normalized) {
-      out.add(normalized);
-    }
-  }
-  return Array.from(out);
-}
-function parseAllowedInternalPathsEnv(fallbackPaths) {
+function parseAllowedInternalPathsEnv() {
   const raw = process.env.CMS_ALLOWED_INTERNAL_PATHS;
   if (!raw) {
-    return fallbackPaths;
+    return ["/"];
   }
   const normalized = raw.split(",").map((item) => normalizeAllowedPath(item)).filter((value) => Boolean(value));
-  return normalized.length > 0 ? normalized : fallbackPaths;
+  return normalized.length > 0 ? normalized : ["/"];
 }
 async function getCmsService() {
   if (!servicePromise) {
@@ -243,11 +123,11 @@ async function getCmsService() {
       });
       const service = new CmsService(storage, {
         modelConfig: buildModelConfig(),
-        allowedInternalPaths: parseAllowedInternalPathsEnv(starterAllowedInternalPaths()),
+        allowedInternalPaths: parseAllowedInternalPathsEnv(),
         publicAssetBaseUrl: parseOptionalEnv("CMS_PUBLIC_BASE_URL"),
         publicAssetPrefix: parseOptionalEnv("CMS_GENERATED_ASSET_PREFIX")
       });
-      await service.ensureInitialized(createStarterCmsDocument());
+      await service.ensureInitialized(createDefaultCmsDocument());
       return service;
     })();
   }
@@ -263,7 +143,6 @@ var SSE_HEADERS = {
   "access-control-allow-headers": "content-type,authorization,accept,cache-control",
   "access-control-allow-methods": "GET,POST,OPTIONS"
 };
-var EDITABLE_ROOTS = ["pages.", "layout.", "seo.", "themeTokens."];
 var SELECTION_KIND_SET = /* @__PURE__ */ new Set([
   "text",
   "image",
@@ -307,6 +186,17 @@ function buildAvailableModels(config) {
   }
   return Array.from(options.values());
 }
+function buildModelCapabilities(input) {
+  const hasReadableModel = input.availableModels.length > 0;
+  const hasImagePipeline = input.config.geminiEnabled && input.hasPublicAssetBaseUrl;
+  return {
+    contentEdit: hasReadableModel,
+    themeTokenEdit: hasReadableModel,
+    imageGenerate: hasImagePipeline,
+    imageEdit: hasImagePipeline,
+    visionAssist: hasReadableModel
+  };
+}
 function resolveDefaultModelId(config, availableModels) {
   const requestedDefault = config.defaultModelId.trim();
   if (availableModels.some((model) => model.id === requestedDefault)) {
@@ -372,19 +262,6 @@ function getStageFromQuery(query) {
   }
   return "live";
 }
-function normalizeEditablePath(value) {
-  if (typeof value !== "string") {
-    return null;
-  }
-  const trimmed = value.trim();
-  if (!trimmed || trimmed.length > 320) {
-    return null;
-  }
-  if (!EDITABLE_ROOTS.some((prefix) => trimmed.startsWith(prefix))) {
-    return null;
-  }
-  return trimmed;
-}
 function normalizeText(value, maxLength) {
   if (typeof value !== "string") {
     return null;
@@ -478,11 +355,17 @@ async function handler(event) {
       const config = service.getModelConfig();
       const availableModels = buildAvailableModels(config);
       const defaultModelId = resolveDefaultModelId(config, availableModels);
+      const capabilities = buildModelCapabilities({
+        config,
+        availableModels,
+        hasPublicAssetBaseUrl: Boolean(service.getPublicAssetBaseUrl())
+      });
       return jsonResponse(200, {
         providers: {
           openai: config.openaiEnabled,
           gemini: config.geminiEnabled
         },
+        capabilities,
         defaultModelId,
         showModelPicker: availableModels.length > 1,
         availableModels
@@ -570,7 +453,12 @@ async function handler(event) {
           event: "draft-updated",
           data: {
             contentVersion: result.updatedDraft.meta.contentVersion,
-            updatedAt: result.updatedDraft.meta.updatedAt
+            updatedAt: result.updatedDraft.meta.updatedAt,
+            summary: result.mutationSummary ?? {
+              contentOperations: 0,
+              themeTokenChanges: 0,
+              imageOperations: 0
+            }
           }
         });
       }
@@ -647,7 +535,12 @@ var streamHandler = awslambda.streamifyResponse(
       if (result.mutationsApplied) {
         write("draft-updated", {
           contentVersion: result.updatedDraft.meta.contentVersion,
-          updatedAt: result.updatedDraft.meta.updatedAt
+          updatedAt: result.updatedDraft.meta.updatedAt,
+          summary: result.mutationSummary ?? {
+            contentOperations: 0,
+            themeTokenChanges: 0,
+            imageOperations: 0
+          }
         });
       }
       write("done", { ok: true });

package/dist/{chunk-2LAI3MY2.js → chunk-EYY23AAK.js}

@@ -611,6 +611,7 @@ function createThemePatchFromAgentOperations(operations) {
 }
 
 export {
+  readByPath,
   validatePatch,
   applyPatch,
   applyThemeTokenPatch,